SMTPD(8) SMTPD(8)
NAME
smtpd - Postfix SMTP server
SYNOPSIS
smtpd [generic Postfix daemon options]
DESCRIPTION
The SMTP server accepts network connection requests and
performs zero or more SMTP transactions per connection.
Each received message is piped through the cleanup(8) dae-
mon, and is placed into the incoming queue as one single
queue file. For this mode of operation, the program
expects to be run from the master(8) process manager.
Alternatively, the SMTP server takes an established con-
nection on standard input and deposits messages directly
into the maildrop queue. In this so-called stand-alone
mode, the SMTP server can accept mail even while the mail
system is not running.
The SMTP server implements a variety of policies for con-
nection requests, and for parameters given to HELO, MAIL
FROM, VRFY and RCPT TO commands. They are detailed below
and in the main.cf configuration file.
SECURITY
The SMTP server is moderately security-sensitive. It talks
to SMTP clients and to DNS servers on the network. The
SMTP server can be run chrooted at fixed low privilege.
STANDARDS
RFC 821 (SMTP protocol)
RFC 1123 (Host requirements)
RFC 1651 (SMTP service extensions)
RFC 1652 (8bit-MIME transport)
RFC 1854 (SMTP Pipelining)
RFC 1870 (Message Size Declaration)
RFC 1985 (ETRN command) (partial)
DIAGNOSTICS
Problems and transactions are logged to syslogd(8).
Depending on the setting of the notify_classes parameter,
the postmaster is notified of bounces, protocol problems,
policy violations, and of other trouble.
BUGS
RFC 1985 is implemented by forcing delivery of all
deferred mail.
CONFIGURATION PARAMETERS
The following main.cf parameters are especially relevant
to this program. See the Postfix main.cf file for syntax
details and for default values. Use the postfix reload
1
SMTPD(8) SMTPD(8)
command after a configuration change.
Compatibility controls
strict_rfc821_envelopes
Disallow non-RFC 821 style addresses in envelopes.
For example, allow RFC822-style address forms with
comments, like Sendmail does.
Miscellaneous
always_bcc
Address to send a copy of each message that enters
the system.
command_directory
Location of Postfix support commands (default:
$program_directory).
debug_peer_level
Increment in verbose logging level when a remote
host matches a pattern in the debug_peer_list
parameter.
debug_peer_list
List of domain or network patterns. When a remote
host matches a pattern, increase the verbose log-
ging level by the amount specified in the
debug_peer_level parameter.
error_notice_recipient
Recipient of protocol/policy/resource/software
error notices.
hopcount_limit
Limit the number of Received: message headers.
notify_classes
List of error classes. Of special interest are:
local_recipient_maps
List of maps with user names that are local to
$myorigin or $inet_interfaces. If this parameter is
defined, then the SMTP server rejects mail for
unknown local users.
policy When a client violates any policy, mail a
transcript of the entire SMTP session to the
postmaster.
protocol
When a client violates the SMTP protocol or
issues an unimplemented command, mail a
transcript of the entire SMTP session to the
postmaster.
2
SMTPD(8) SMTPD(8)
smtpd_banner
Text that follows the 220 status code in the SMTP
greeting banner.
smtpd_recipient_limit
Restrict the number of recipients that the SMTP
server accepts per message delivery.
smtpd_timeout
Limit the time to send a server response and to
receive a client request.
Resource controls
line_length_limit
Limit the amount of memory in bytes used for the
handling of partial input lines.
message_size_limit
Limit the total size in bytes of a message, includ-
ing on-disk storage for envelope information.
queue_minfree
Minimal amount of free space in bytes in the queue
file system for the SMTP server to accept any mail
at all.
Tarpitting
smtpd_error_sleep_time
Time to wait in seconds before sending a 4xx or 5xx
server error response.
smtpd_soft_error_limit
When an SMTP client has made this number of errors,
wait error_count seconds before responding to any
client request.
smtpd_hard_error_limit
Disconnect after a client has made this number of
errors.
UCE control restrictions
smtpd_client_restrictions
Restrict what clients may connect to this mail sys-
tem.
smtpd_helo_required
Require that clients introduce themselves at the
beginning of an SMTP session.
smtpd_helo_restrictions
Restrict what client hostnames are allowed in HELO
and EHLO commands.
3
SMTPD(8) SMTPD(8)
smtpd_sender_restrictions
Restrict what sender addresses are allowed in MAIL
FROM commands.
smtpd_recipient_restrictions
Restrict what recipient addresses are allowed in
RCPT TO commands.
smtpd_etrn_restrictions
Restrict what domain names can be used in ETRN com-
mands, and what clients may issue ETRN commands.
allow_untrusted_routing
Allow untrusted clients to specify addresses with
sender-specified routing. Enabling this opens up
nasty relay loopholes involving trusted backup MX
hosts.
restriction_classes
Declares the name of zero or more parameters that
contain a list of UCE restrictions. The names of
these parameters can then be used instead of the
restriction lists that they represent.
maps_rbl_domains
List of DNS domains that publish the addresses of
blacklisted hosts.
relay_domains
Restrict what domains or networks this mail system
will relay mail from or to.
UCE control responses
access_map_reject_code
Server response when a client violates an access
database restriction.
invalid_hostname_reject_code
Server response when a client violates the
reject_invalid_hostname restriction.
maps_rbl_reject_code
Server response when a client violates the
maps_rbl_domains restriction.
reject_code
Response code when the client matches a reject
restriction.
relay_domains_reject_code
Server response when a client attempts to violate
the mail relay policy.
4
SMTPD(8) SMTPD(8)
unknown_address_reject_code
Server response when a client violates the
reject_unknown_address restriction.
unknown_client_reject_code
Server response when a client without address to
name mapping violates the reject_unknown_clients
restriction.
unknown_hostname_reject_code
Server response when a client violates the
reject_unknown_hostname restriction.
SEE ALSO
cleanup(8) message canonicalization
master(8) process manager
syslogd(8) system logging
LICENSE
The Secure Mailer license must be distributed with this
software.
AUTHOR(S)
Wietse Venema
IBM T.J. Watson Research
P.O. Box 704
Yorktown Heights, NY 10598, USA
5