SMTPD(8)                                                 SMTPD(8)
NAME
       smtpd - Postfix SMTP server
SYNOPSIS
       smtpd [generic Postfix daemon options]
DESCRIPTION
       The  SMTP  server  accepts network connection requests and
       performs zero or more SMTP  transactions  per  connection.
       Each received message is piped through the cleanup(8) dae-
       mon, and is placed into the incoming queue as  one  single
       queue  file.   For  this  mode  of  operation, the program
       expects to be run from the master(8) process manager.
       Alternatively, the SMTP server takes an  established  con-
       nection  on  standard input and deposits messages directly
       into the maildrop queue.  In  this  so-called  stand-alone
       mode,  the SMTP server can accept mail even while the mail
       system is not running.
       The SMTP server implements a variety of policies for  con-
       nection  requests, and for parameters given to HELO, ETRN,
       MAIL FROM, VRFY and RCPT TO commands.  They  are  detailed
       below and in the main.cf configuration file.
SECURITY
       The SMTP server is moderately security-sensitive. It talks
       to SMTP clients and to DNS servers  on  the  network.  The
       SMTP server can be run chrooted at fixed low privilege.
STANDARDS
       RFC 821 (SMTP protocol)
       RFC 1123 (Host requirements)
       RFC 1652 (8bit-MIME transport)
       RFC 1869 (SMTP service extensions)
       RFC 1870 (Message Size Declaration)
       RFC 1985 (ETRN command)
       RFC 2554 (AUTH command)
       RFC 2821 (SMTP protocol)
       RFC 2920 (SMTP Pipelining)
DIAGNOSTICS
       Problems and transactions are logged to syslogd(8).
       Depending  on the setting of the notify_classes parameter,
       the postmaster is notified of bounces, protocol  problems,
       policy violations, and of other trouble.
CONFIGURATION PARAMETERS
       The  following  main.cf parameters are especially relevant
       to this program. See the Postfix main.cf file  for  syntax
       details  and  for  default  values. Use the postfix reload
       command after a configuration change.
Compatibility controls
       strict_rfc821_envelopes
              Disallow non-RFC 821 style addresses in  SMTP  com-
              mands.  For example, the RFC822-style address forms
              with comments that Sendmail allows.
       broken_sasl_auth_clients
              Support Microsoft clients that implement  an  older
              version  of  the  AUTH protocol, and that expect an
              EHLO response of "250 AUTH=list"  instead  of  "250
              AUTH list".
       smtpd_noop_commands
              List of commands that are treated as NOOP (no oper-
              ation)  commands,  without  any  parameter   syntax
              checking  and  without any state change.  This list
              overrides built-in command definitions.
Content inspection controls
       content_filter
              The name of a mail delivery transport that  filters
              mail and that either bounces mail or re-injects the
              result back into Postfix.  This parameter uses  the
              same  syntax  as  the  right-hand side of a Postfix
              transport table.
Authentication controls
       smtpd_sasl_auth_enable
              Enable per-session authentication as per  RFC  2554
              (SASL).   This functionality is available only when
              explicitly  selected  at  program  build  time  and
              explicitly enabled at runtime.
       smtpd_sasl_local_domain
              The name of the local authentication realm.
       smtpd_sasl_security_options
              Zero or more of the following.
              noplaintext
                     Disallow  authentication  methods  that  use
                     plaintext passwords.
              noactive
                     Disallow  authentication  methods  that  are
                     vulnerable to non-dictionary active attacks.
              nodictionary
                     Disallow  authentication  methods  that  are
                     vulnerable to passive dictionary attack.
              noanonymous
                     Disallow anonymous logins.
       smtpd_sender_login_maps
              Maps  that  specify the SASL login name that owns a
              MAIL   FROM   sender   address.   Used    by    the
              reject_sender_login_mismatch  sender  anti-spoofing
              restriction.
Miscellaneous
       always_bcc
              Address to send a copy of each message that  enters
              the system.
       authorized_verp_clients
              Hostnames, domain names and/or addresses of clients
              that are authorized to use the XVERP extension.
       debug_peer_level
              Increment in verbose logging level  when  a  remote
              host  matches  a  pattern  in  the  debug_peer_list
              parameter.
       debug_peer_list
              List of domain or network patterns. When  a  remote
              host  matches  a pattern, increase the verbose log-
              ging  level  by  the  amount   specified   in   the
              debug_peer_level parameter.
       default_verp_delimiters
              The default VERP delimiter characters that are used
              when  the  XVERP  command  is   specified   without
              explicit delimiters.
       error_notice_recipient
              Recipient    of   protocol/policy/resource/software
              error notices.
       hopcount_limit
              Limit the number of Received: message headers.
       notify_classes
              List of error classes. Of special interest are:
              policy When a client violates any  policy,  mail  a
                     transcript of the entire SMTP session to the
                     postmaster.
              protocol
                     When a client violates the SMTP protocol  or
                     issues  an  unimplemented  command,  mail  a
                     transcript of the entire SMTP session to the
                     postmaster.
       smtpd_banner
              Text  that  follows the 220 status code in the SMTP
              greeting banner.
       smtpd_expansion_filter
              Controls  what  characters  are  allowed  in  $name
              expansion of rbl template responses and other text.
       smtpd_recipient_limit
              Restrict the number of  recipients  that  the  SMTP
              server accepts per message delivery.
       smtpd_timeout
              Limit  the  time  to  send a server response and to
              receive a client request.
       soft_bounce
              Change hard (5xx) reject responses into soft  (4xx)
              reject  responses.   This can be useful for testing
              purposes.
       verp_delimiter_filter
              The characters that Postfix accepts as VERP  delim-
              iter characters.
Known versus unknown recipients
       show_user_unknown_table_name
              Whether  or  not  to  reveal  the table name in the
              "User unknown" responses. The  extra  detail  makes
              trouble  shooting  easier but also reveals informa-
              tion that is nobody elses business.
       unknown_local_recipient_reject_code
              The response code when a client specifies a recipi-
              ent   whose   domain   matches   $mydestination  or
              $inet_interfaces,  while  $local_recipient_maps  is
              non-empty  and  does not list the recipient address
              or address local-part.
       unknown_relay_recipient_reject_code
              The response code when a client specifies a recipi-
              ent  whose  domain  matches  $relay_domains,  while
              $relay_recipient_maps is  non-empty  and  does  not
              list the recipient address.
       unknown_virtual_alias_reject_code
              The response code when a client specifies a recipi-
              ent whose  domain  matches  $virtual_alias_domains,
              while   the   recipient  is  not  listed  in  $vir-
              tual_alias_maps.
       unknown_virtual_mailbox_reject_code
              The response code when a client specifies a recipi-
              ent  whose domain matches $virtual_mailbox_domains,
              while the recipient is not listed in $virtual_mail-
              box_maps.
Resource controls
       line_length_limit
              Limit  the  amount  of memory in bytes used for the
              handling of partial input lines.
       message_size_limit
              Limit the total size in bytes of a message, includ-
              ing on-disk storage for envelope information.
       queue_minfree
              Minimal  amount of free space in bytes in the queue
              file system for the SMTP server to accept any  mail
              at all.
       smtpd_history_flush_threshold
              Flush  the  command  history  to  postmaster  after
              receipt of RSET etc.  only if the number of history
              lines exceeds the given threshold.
Tarpitting
       smtpd_error_sleep_time
              Time to wait in seconds before sending a 4xx or 5xx
              server error response.
       smtpd_soft_error_limit
              When an SMTP client has made this number of errors,
              wait  error_count  seconds before responding to any
              client request.
       smtpd_hard_error_limit
              Disconnect after a client has made this  number  of
              errors.
       smtpd_junk_command_limit
              Limit the number of times a client can issue a junk
              command such as NOOP, VRFY, ETRN  or  RSET  in  one
              SMTP  session  before  it  is penalized with tarpit
              delays.
UCE control restrictions
       parent_domain_matches_subdomains
              List of Postfix features that use  domain.tld  pat-
              terns   to  match  sub.domain.tld  (as  opposed  to
              requiring .domain.tld patterns).
       smtpd_client_restrictions
              Restrict what clients may connect to this mail sys-
              tem.
       smtpd_helo_required
              Require  that  clients  introduce themselves at the
              beginning of an SMTP session.
       smtpd_helo_restrictions
              Restrict what client hostnames are allowed in  HELO
              and EHLO commands.
       smtpd_sender_restrictions
              Restrict  what sender addresses are allowed in MAIL
              FROM commands.
       smtpd_recipient_restrictions
              Restrict what recipient addresses  are  allowed  in
              RCPT TO commands.
       smtpd_etrn_restrictions
              Restrict what domain names can be used in ETRN com-
              mands, and what clients may issue ETRN commands.
       smtpd_data_restrictions
              Restrictions on the DATA  command.  Currently,  the
              only   restriction   that   makes   sense  here  is
              reject_unauth_pipelining.
       allow_untrusted_routing
              Allow untrusted clients to specify  addresses  with
              sender-specified  routing.   Enabling this opens up
              nasty relay loopholes involving trusted  backup  MX
              hosts.
       smtpd_restriction_classes
              Declares  the  name of zero or more parameters that
              contain a list of UCE restrictions.  The  names  of
              these  parameters  can  then be used instead of the
              restriction lists that they represent.
       smtpd_null_access_lookup_key
              The lookup key to be used in  SMTPD  access  tables
              instead  of  the null sender address. A null sender
              address cannot be looked up.
       maps_rbl_domains (deprecated)
              List of DNS domains that publish the  addresses  of
              blacklisted hosts. This is used with the deprecated
              reject_maps_rbl restriction.
       permit_mx_backup_networks
              Only domains  whose  primary  MX  hosts  match  the
              listed   networks   are   eligible   for  the  per-
              mit_mx_backup feature.
       relay_domains
              Restrict what domains this mail system  will  relay
              mail  to.  The  domains  are routed to the delivery
              agent specified with the relay_transport setting.
UCE control responses
       access_map_reject_code
              Response code when  a  client  violates  an  access
              database restriction.
       default_rbl_reply
              Default template reply when a request is RBL black-
              listed.  This template is used by the  reject_rbl_*
              and    reject_rhsbl_*   restrictions.   See   also:
              rbl_reply_maps and smtpd_expansion_filter.
       defer_code
              Response code when a client request is rejected  by
              the defer restriction.
       invalid_hostname_reject_code
              Response   code   when   a   client   violates  the
              reject_invalid_hostname restriction.
       maps_rbl_reject_code
              Response code when a request is RBL blacklisted.
       rbl_reply_maps
              Table with template responses for  RBL  blacklisted
              requests,  indexed  by  RBL domain name. These tem-
              plates   are   used   by   the   reject_rbl_*   and
              reject_rhsbl_*      restrictions.     See     also:
              default_rbl_reply and smtpd_expansion_filter.
       reject_code
              Response code when  the  client  matches  a  reject
              restriction.
       relay_domains_reject_code
              Response code when a client attempts to violate the
              mail relay policy.
       unknown_address_reject_code
              Response  code   when   a   client   violates   the
              reject_unknown_address restriction.
       unknown_client_reject_code
              Response code when a client without address to name
              mapping violates the reject_unknown_client restric-
              tion.
       unknown_hostname_reject_code
              Response   code   when   a   client   violates  the
              reject_unknown_hostname restriction.
SEE ALSO
       trivial-rewrite(8) address resolver
       cleanup(8) message canonicalization
       master(8) process manager
       syslogd(8) system logging
LICENSE
       The Secure Mailer license must be  distributed  with  this
       software.
AUTHOR(S)
       Wietse Venema
       IBM T.J. Watson Research
       P.O. Box 704
       Yorktown Heights, NY 10598, USA
                                                         SMTPD(8)