Training courses

Kernel and Embedded Linux

Bootlin training courses

Embedded Linux, kernel,
Yocto Project, Buildroot, real-time,
graphics, boot time, debugging...

Bootlin logo

Elixir Cross Referencer

    1
    2
    3
    4
    5
    6
    7
    8
    9
   10
   11
   12
   13
   14
   15
   16
   17
   18
   19
   20
   21
   22
   23
   24
   25
   26
   27
   28
   29
   30
   31
   32
   33
   34
   35
   36
   37
   38
   39
   40
   41
   42
   43
   44
   45
   46
   47
   48
   49
   50
   51
   52
   53
   54
   55
   56
   57
   58
   59
   60
   61
   62
   63
   64
   65
   66
   67
   68
   69
   70
   71
   72
   73
   74
   75
   76
   77
   78
   79
   80
   81
   82
   83
   84
   85
   86
   87
   88
   89
   90
   91
   92
   93
   94
   95
   96
   97
   98
   99
  100
  101
  102
  103
  104
  105
  106
  107
  108
  109
  110
  111
  112
  113
  114
  115
  116
  117
  118
  119
  120
  121
  122
  123
  124
  125
  126
  127
  128
  129
  130
  131
  132
  133
  134
  135
  136
  137
  138
  139
  140
  141
  142
  143
  144
  145
  146
  147
  148
  149
  150
  151
  152
  153
  154
  155
  156
  157
  158
  159
  160
  161
  162
  163
  164
  165
  166
  167
  168
  169
  170
  171
  172
  173
  174
  175
  176
  177
  178
  179
  180
  181
  182
  183
  184
  185
  186
  187
  188
  189
  190
  191
  192
  193
  194
  195
  196
  197
  198
  199
  200
  201
  202
  203
  204
  205
  206
  207
  208
  209
  210
  211
  212
  213
  214
  215
  216
  217
  218
  219
  220
  221
  222
  223
  224
  225
  226
  227
  228
  229
  230
  231
  232
  233
  234
  235
  236
  237
  238
  239
  240
  241
  242
  243
  244
  245
  246
  247
  248
  249
  250
  251
  252
  253
  254
  255
  256
  257
  258
  259
  260
  261
  262
  263
  264
  265
  266
  267
  268
  269
  270
  271
  272
  273
  274
  275
  276
  277
  278
  279
  280
  281
  282
  283
  284
  285
  286
  287
  288
  289
  290
  291
  292
  293
  294
  295
  296
  297
  298
  299
  300
  301
  302
  303
  304
  305
  306
  307
  308
  309
  310
  311
  312
  313
  314
  315
  316
  317
  318
  319
  320
  321
  322
  323
  324
  325
  326
  327
  328
  329
  330
  331
  332
  333
  334
  335
  336
  337
  338
  339
  340
  341
  342
  343
  344
  345
  346
  347
  348
  349
  350
  351
  352
  353
  354
  355
  356
  357
  358
  359
  360
  361
  362
  363
  364
  365
  366
  367
  368
  369
  370
  371
  372
  373
  374
  375
  376
  377
  378
  379
  380
  381
  382
  383
  384
  385
  386
  387
  388
  389
  390
  391
  392
  393
  394
  395
  396
  397
  398
  399
  400
  401
  402
  403
  404
  405
  406
  407
  408
  409
  410
  411
  412
  413
  414
  415
  416
  417
  418
  419
  420
  421
  422
  423
  424
  425
  426
  427
  428
  429
  430
  431
  432
  433
  434
  435
  436
  437
  438
  439
  440
  441
  442
  443
  444
  445
  446
  447
  448
  449
  450
  451
  452
  453
  454
  455
  456
  457
  458
  459
  460
  461
  462
  463
  464
  465
  466
  467
  468
  469
  470
  471
  472
  473
  474
  475
  476
  477
  478
  479
  480
  481
  482
  483
  484
  485
  486
  487
  488
  489
  490
  491
  492
  493
  494
  495
  496
  497
  498
  499
  500
  501
  502
  503
  504
  505
  506
  507
  508
  509
  510
  511
  512
  513
  514
  515
  516
  517
  518
  519
  520
  521
  522
  523
  524
  525
  526
  527
  528
  529
  530
  531
  532
  533
  534
  535
  536
  537
  538
  539
  540
  541
  542
  543
  544
  545
  546
  547
  548
  549
  550
  551
  552
  553
  554
  555
  556
  557
  558
  559
  560
  561
  562
  563
  564
  565
  566
  567
  568
  569
  570
  571
  572
  573
  574
  575
  576
  577
  578
  579
  580
  581
  582
  583
  584
  585
  586
  587
  588
  589
  590
  591
  592
  593
  594
  595
  596
  597
  598
  599
  600
  601
  602
  603
  604
  605
  606
  607
  608
  609
  610
  611
  612
  613
  614
  615
  616
  617
  618
  619
  620
  621
  622
  623
  624
  625
  626
  627
  628
  629
  630
  631
  632
  633
  634
  635
  636
  637
  638
  639
  640
  641
  642
  643
  644
  645
  646
  647
  648
  649
  650
  651
  652
  653
  654
  655
  656
  657
  658
  659
  660
  661
  662
  663
  664
  665
  666
  667
  668
  669
  670
  671
  672
  673
  674
  675
  676
  677
  678
  679
  680
  681
  682
  683
  684
  685
  686
  687
  688
  689
  690
  691
  692
  693
  694
  695
  696
  697
  698
  699
  700
  701
  702
  703
  704
  705
  706
  707
  708
  709
  710
  711
  712
  713
  714
  715
  716
  717
  718
  719
  720
  721
  722
  723
  724
  725
  726
  727
  728
  729
  730
  731
  732
  733
  734
  735
  736
  737
  738
  739
  740
  741
  742
  743
  744
  745
  746
  747
  748
  749
  750
  751
  752
  753
  754
  755
  756
  757
  758
  759
  760
  761
  762
  763
  764
  765
  766
  767
  768
  769
  770
  771
  772
  773
  774
  775
  776
  777
  778
  779
  780
  781
  782
  783
  784
  785
  786
  787
  788
  789
  790
  791
  792
  793
  794
  795
  796
  797
  798
  799
  800
  801
  802
  803
  804
  805
  806
  807
  808
  809
  810
  811
  812
  813
  814
  815
  816
  817
  818
  819
  820
  821
  822
  823
  824
  825
  826
  827
  828
  829
  830
  831
  832
  833
  834
  835
  836
  837
  838
  839
  840
  841
  842
  843
  844
  845
  846
  847
  848
  849
  850
  851
  852
  853
  854
  855
  856
  857
  858
  859
  860
  861
  862
  863
  864
  865
  866
  867
  868
  869
  870
  871
  872
  873
  874
  875
  876
  877
  878
  879
  880
  881
  882
  883
  884
  885
  886
  887
  888
  889
  890
  891
  892
  893
  894
  895
  896
  897
  898
  899
  900
  901
  902
  903
  904
  905
  906
  907
  908
  909
  910
  911
  912
  913
  914
  915
  916
  917
  918
  919
  920
  921
  922
  923
  924
  925
  926
  927
  928
  929
  930
  931
  932
  933
  934
  935
  936
  937
  938
  939
  940
  941
  942
  943
  944
  945
  946
  947
  948
  949
  950
  951
  952
  953
  954
  955
  956
  957
  958
  959
  960
  961
  962
  963
  964
  965
  966
  967
  968
  969
  970
  971
  972
  973
  974
  975
  976
  977
  978
  979
  980
  981
  982
  983
  984
  985
  986
  987
  988
  989
  990
  991
  992
  993
  994
  995
  996
  997
  998
  999
 1000
 1001
 1002
 1003
 1004
 1005
 1006
 1007
 1008
 1009
 1010
 1011
 1012
 1013
 1014
 1015
 1016
 1017
 1018
 1019
 1020
 1021
 1022
 1023
 1024
 1025
 1026
 1027
 1028
 1029
 1030
 1031
 1032
 1033
 1034
 1035
 1036
 1037
 1038
 1039
 1040
 1041
 1042
 1043
 1044
 1045
 1046
 1047
 1048
 1049
 1050
 1051
 1052
 1053
 1054
 1055
 1056
 1057
 1058
 1059
 1060
 1061
 1062
 1063
 1064
 1065
 1066
 1067
 1068
 1069
 1070
 1071
 1072
 1073
 1074
 1075
 1076
 1077
 1078
 1079
 1080
 1081
 1082
 1083
 1084
 1085
 1086
 1087
 1088
 1089
 1090
 1091
 1092
 1093
 1094
 1095
 1096
 1097
 1098
 1099
 1100
 1101
 1102
 1103
 1104
 1105
 1106
 1107
 1108
 1109
 1110
 1111
 1112
 1113
 1114
 1115
 1116
 1117
 1118
 1119
 1120
 1121
 1122
 1123
 1124
 1125
 1126
 1127
 1128
 1129
 1130
 1131
 1132
 1133
 1134
 1135
 1136
 1137
 1138
 1139
 1140
 1141
 1142
 1143
 1144
 1145
 1146
 1147
 1148
 1149
 1150
 1151
 1152
 1153
 1154
 1155
 1156
 1157
 1158
 1159
 1160
 1161
 1162
 1163
 1164
 1165
 1166
 1167
 1168
 1169
 1170
 1171
 1172
 1173
 1174
 1175
 1176
 1177
 1178
 1179
 1180
 1181
 1182
 1183
 1184
 1185
 1186
 1187
 1188
 1189
 1190
 1191
 1192
 1193
 1194
 1195
 1196
 1197
 1198
 1199
 1200
 1201
 1202
 1203
 1204
 1205
 1206
 1207
 1208
 1209
 1210
 1211
 1212
 1213
 1214
 1215
 1216
 1217
 1218
 1219
 1220
 1221
 1222
 1223
 1224
 1225
 1226
 1227
 1228
 1229
 1230
 1231
 1232
 1233
 1234
 1235
 1236
 1237
 1238
 1239
 1240
 1241
 1242
 1243
 1244
 1245
 1246
 1247
 1248
 1249
 1250
 1251
 1252
 1253
 1254
 1255
 1256
 1257
 1258
 1259
 1260
 1261
 1262
 1263
 1264
 1265
 1266
 1267
 1268
 1269
 1270
 1271
 1272
 1273
 1274
 1275
 1276
 1277
 1278
 1279
 1280
 1281
 1282
 1283
 1284
 1285
 1286
 1287
 1288
 1289
 1290
 1291
 1292
 1293
 1294
 1295
 1296
 1297
 1298
 1299
 1300
 1301
 1302
 1303
 1304
 1305
 1306
 1307
 1308
 1309
 1310
 1311
 1312
 1313
 1314
 1315
 1316
 1317
 1318
 1319
 1320
 1321
 1322
 1323
 1324
 1325
 1326
 1327
 1328
 1329
 1330
 1331
 1332
 1333
 1334
 1335
 1336
 1337
 1338
 1339
 1340
 1341
 1342
 1343
 1344
 1345
 1346
 1347
 1348
 1349
 1350
 1351
 1352
 1353
 1354
 1355
 1356
 1357
 1358
 1359
 1360
 1361
 1362
 1363
 1364
 1365
 1366
 1367
 1368
 1369
 1370
 1371
 1372
 1373
 1374
 1375
 1376
 1377
 1378
 1379
 1380
 1381
 1382
 1383
 1384
 1385
 1386
 1387
 1388
 1389
 1390
 1391
 1392
 1393
 1394
 1395
 1396
 1397
 1398
 1399
 1400
 1401
 1402
 1403
 1404
 1405
 1406
 1407
 1408
 1409
 1410
 1411
 1412
 1413
 1414
 1415
 1416
 1417
 1418
 1419
 1420
 1421
 1422
 1423
 1424
 1425
 1426
 1427
 1428
 1429
 1430
 1431
 1432
 1433
 1434
 1435
 1436
 1437
 1438
 1439
 1440
 1441
 1442
 1443
 1444
 1445
 1446
 1447
 1448
 1449
 1450
 1451
 1452
 1453
 1454
 1455
 1456
 1457
 1458
 1459
 1460
 1461
 1462
 1463
 1464
 1465
 1466
 1467
 1468
 1469
 1470
 1471
 1472
 1473
 1474
 1475
 1476
 1477
 1478
 1479
 1480
 1481
 1482
 1483
 1484
 1485
 1486
 1487
 1488
 1489
 1490
 1491
 1492
 1493
 1494
 1495
 1496
 1497
 1498
 1499
 1500
 1501
 1502
 1503
 1504
 1505
 1506
 1507
 1508
 1509
 1510
 1511
 1512
 1513
 1514
 1515
 1516
 1517
 1518
 1519
 1520
 1521
 1522
 1523
 1524
 1525
 1526
 1527
 1528
 1529
 1530
 1531
 1532
 1533
 1534
 1535
 1536
 1537
 1538
 1539
 1540
 1541
 1542
 1543
 1544
 1545
 1546
 1547
 1548
 1549
 1550
 1551
 1552
 1553
 1554
 1555
 1556
 1557
 1558
 1559
 1560
 1561
 1562
 1563
 1564
 1565
 1566
 1567
 1568
 1569
 1570
 1571
 1572
 1573
 1574
 1575
 1576
 1577
 1578
 1579
 1580
 1581
 1582
 1583
 1584
 1585
 1586
 1587
 1588
 1589
 1590
 1591
 1592
 1593
 1594
 1595
 1596
 1597
 1598
 1599
 1600
 1601
 1602
 1603
 1604
 1605
 1606
 1607
 1608
 1609
 1610
 1611
 1612
 1613
 1614
 1615
 1616
 1617
 1618
 1619
 1620
 1621
 1622
 1623
 1624
 1625
 1626
 1627
 1628
 1629
 1630
 1631
 1632
 1633
 1634
 1635
 1636
 1637
 1638
 1639
 1640
 1641
 1642
 1643
 1644
 1645
 1646
 1647
 1648
 1649
 1650
 1651
 1652
 1653
 1654
 1655
 1656
 1657
 1658
 1659
 1660
 1661
 1662
 1663
 1664
 1665
 1666
 1667
 1668
 1669
 1670
 1671
 1672
 1673
 1674
 1675
 1676
 1677
 1678
 1679
 1680
 1681
 1682
 1683
 1684
 1685
 1686
 1687
 1688
 1689
 1690
 1691
 1692
 1693
 1694
 1695
 1696
 1697
 1698
 1699
 1700
 1701
 1702
 1703
 1704
 1705
 1706
 1707
 1708
 1709
 1710
 1711
 1712
 1713
 1714
 1715
 1716
 1717
 1718
 1719
 1720
 1721
 1722
 1723
 1724
 1725
 1726
 1727
 1728
 1729
 1730
 1731
 1732
 1733
 1734
 1735
 1736
 1737
 1738
 1739
 1740
 1741
 1742
 1743
 1744
 1745
 1746
 1747
 1748
 1749
 1750
 1751
 1752
 1753
 1754
 1755
 1756
 1757
 1758
 1759
 1760
 1761
 1762
 1763
 1764
 1765
 1766
 1767
 1768
 1769
 1770
 1771
 1772
 1773
 1774
 1775
 1776
 1777
 1778
 1779
 1780
 1781
 1782
 1783
 1784
 1785
 1786
 1787
 1788
 1789
 1790
 1791
 1792
 1793
 1794
 1795
 1796
 1797
 1798
 1799
 1800
 1801
 1802
 1803
 1804
 1805
 1806
 1807
 1808
 1809
 1810
 1811
 1812
 1813
 1814
 1815
 1816
 1817
 1818
 1819
 1820
 1821
 1822
 1823
 1824
 1825
 1826
 1827
 1828
 1829
 1830
 1831
 1832
 1833
 1834
 1835
 1836
 1837
 1838
 1839
 1840
 1841
 1842
 1843
 1844
 1845
 1846
 1847
 1848
 1849
 1850
 1851
 1852
 1853
 1854
 1855
 1856
 1857
 1858
 1859
 1860
 1861
 1862
 1863
 1864
 1865
 1866
 1867
 1868
 1869
 1870
 1871
 1872
 1873
 1874
 1875
 1876
 1877
 1878
 1879
 1880
 1881
 1882
 1883
 1884
 1885
 1886
 1887
 1888
 1889
 1890
 1891
 1892
 1893
 1894
 1895
 1896
 1897
 1898
 1899
 1900
 1901
 1902
 1903
 1904
 1905
 1906
 1907
 1908
 1909
 1910
 1911
 1912
 1913
 1914
 1915
 1916
 1917
 1918
 1919
 1920
 1921
 1922
 1923
 1924
 1925
 1926
 1927
 1928
 1929
 1930
 1931
 1932
 1933
 1934
 1935
 1936
 1937
 1938
 1939
 1940
 1941
 1942
 1943
 1944
 1945
 1946
 1947
 1948
 1949
 1950
 1951
 1952
 1953
 1954
 1955
 1956
 1957
 1958
 1959
 1960
 1961
 1962
 1963
 1964
 1965
 1966
 1967
 1968
 1969
 1970
 1971
 1972
 1973
 1974
 1975
 1976
 1977
 1978
 1979
 1980
 1981
 1982
 1983
 1984
 1985
 1986
 1987
 1988
 1989
 1990
 1991
 1992
 1993
 1994
 1995
 1996
 1997
 1998
 1999
 2000
 2001
 2002
 2003
 2004
 2005
 2006
 2007
 2008
 2009
 2010
 2011
 2012
 2013
 2014
 2015
 2016
 2017
 2018
 2019
 2020
 2021
 2022
 2023
 2024
 2025
 2026
 2027
 2028
 2029
 2030
 2031
 2032
 2033
 2034
 2035
 2036
 2037
 2038
 2039
 2040
 2041
 2042
 2043
 2044
 2045
 2046
 2047
 2048
 2049
 2050
 2051
 2052
 2053
 2054
 2055
 2056
 2057
 2058
 2059
 2060
 2061
 2062
 2063
 2064
 2065
 2066
 2067
 2068
 2069
 2070
 2071
 2072
 2073
 2074
 2075
 2076
 2077
 2078
 2079
 2080
 2081
 2082
 2083
 2084
 2085
 2086
 2087
 2088
 2089
 2090
 2091
 2092
 2093
 2094
 2095
 2096
 2097
 2098
 2099
 2100
 2101
 2102
 2103
 2104
 2105
 2106
 2107
 2108
 2109
 2110
 2111
 2112
 2113
 2114
 2115
 2116
 2117
 2118
 2119
 2120
 2121
 2122
 2123
 2124
 2125
 2126
 2127
 2128
 2129
 2130
 2131
 2132
 2133
 2134
 2135
 2136
 2137
 2138
 2139
 2140
 2141
 2142
 2143
 2144
 2145
 2146
 2147
 2148
 2149
 2150
 2151
 2152
 2153
 2154
 2155
 2156
 2157
 2158
 2159
 2160
 2161
 2162
 2163
 2164
 2165
 2166
 2167
 2168
 2169
 2170
 2171
 2172
 2173
 2174
 2175
 2176
 2177
 2178
 2179
 2180
 2181
 2182
 2183
 2184
 2185
 2186
 2187
 2188
 2189
 2190
 2191
 2192
 2193
 2194
 2195
 2196
 2197
 2198
 2199
 2200
 2201
 2202
 2203
 2204
 2205
 2206
 2207
 2208
 2209
 2210
 2211
 2212
 2213
 2214
 2215
 2216
 2217
 2218
 2219
 2220
 2221
 2222
 2223
 2224
 2225
 2226
 2227
 2228
 2229
 2230
 2231
 2232
 2233
 2234
 2235
 2236
 2237
 2238
 2239
 2240
 2241
 2242
 2243
 2244
 2245
 2246
 2247
 2248
 2249
 2250
 2251
 2252
 2253
 2254
 2255
 2256
 2257
 2258
 2259
 2260
 2261
 2262
 2263
 2264
 2265
 2266
 2267
 2268
 2269
 2270
 2271
 2272
 2273
 2274
 2275
 2276
 2277
 2278
 2279
 2280
 2281
 2282
 2283
 2284
 2285
 2286
 2287
 2288
 2289
 2290
 2291
 2292
 2293
 2294
 2295
 2296
 2297
 2298
 2299
 2300
 2301
 2302
 2303
 2304
 2305
 2306
 2307
 2308
 2309
 2310
 2311
 2312
 2313
 2314
 2315
 2316
 2317
 2318
 2319
 2320
 2321
 2322
 2323
 2324
 2325
 2326
 2327
 2328
 2329
 2330
 2331
 2332
 2333
 2334
 2335
 2336
 2337
 2338
 2339
 2340
 2341
 2342
 2343
 2344
 2345
 2346
 2347
 2348
 2349
 2350
 2351
 2352
 2353
 2354
 2355
 2356
 2357
 2358
 2359
 2360
 2361
 2362
 2363
 2364
 2365
 2366
 2367
 2368
 2369
 2370
 2371
 2372
 2373
 2374
 2375
 2376
 2377
 2378
 2379
 2380
 2381
 2382
 2383
 2384
 2385
 2386
 2387
 2388
 2389
 2390
 2391
 2392
 2393
 2394
 2395
 2396
 2397
 2398
 2399
 2400
 2401
 2402
 2403
 2404
 2405
 2406
 2407
 2408
 2409
 2410
 2411
 2412
 2413
 2414
 2415
 2416
 2417
 2418
 2419
 2420
 2421
 2422
 2423
 2424
 2425
 2426
 2427
 2428
 2429
 2430
 2431
 2432
 2433
 2434
 2435
 2436
 2437
 2438
 2439
 2440
 2441
 2442
 2443
 2444
 2445
 2446
 2447
 2448
 2449
 2450
 2451
 2452
 2453
 2454
 2455
 2456
 2457
 2458
 2459
 2460
 2461
 2462
 2463
 2464
 2465
 2466
 2467
 2468
 2469
 2470
 2471
 2472
 2473
 2474
 2475
 2476
 2477
 2478
 2479
 2480
 2481
 2482
 2483
 2484
 2485
 2486
 2487
 2488
 2489
 2490
 2491
 2492
 2493
 2494
 2495
 2496
 2497
 2498
 2499
 2500
 2501
 2502
 2503
 2504
 2505
 2506
 2507
 2508
 2509
 2510
 2511
 2512
 2513
 2514
 2515
 2516
 2517
 2518
 2519
 2520
 2521
 2522
 2523
 2524
 2525
 2526
 2527
 2528
 2529
 2530
 2531
 2532
 2533
 2534
 2535
 2536
 2537
 2538
 2539
 2540
 2541
 2542
 2543
 2544
 2545
 2546
 2547
 2548
 2549
 2550
 2551
 2552
 2553
 2554
 2555
 2556
 2557
 2558
 2559
 2560
 2561
 2562
 2563
 2564
 2565
 2566
 2567
 2568
 2569
 2570
 2571
 2572
 2573
 2574
 2575
 2576
 2577
 2578
 2579
 2580
 2581
 2582
 2583
 2584
 2585
 2586
 2587
 2588
 2589
 2590
 2591
 2592
 2593
 2594
 2595
 2596
 2597
 2598
 2599
 2600
 2601
 2602
 2603
 2604
 2605
 2606
 2607
 2608
 2609
 2610
 2611
 2612
 2613
 2614
 2615
 2616
 2617
 2618
 2619
 2620
 2621
 2622
 2623
 2624
 2625
 2626
 2627
 2628
 2629
 2630
 2631
 2632
 2633
 2634
 2635
 2636
 2637
 2638
 2639
 2640
 2641
 2642
 2643
 2644
 2645
 2646
 2647
 2648
 2649
 2650
 2651
 2652
 2653
 2654
 2655
 2656
 2657
 2658
 2659
 2660
 2661
 2662
 2663
 2664
 2665
 2666
 2667
 2668
 2669
 2670
 2671
 2672
 2673
 2674
 2675
 2676
 2677
 2678
 2679
 2680
 2681
 2682
 2683
 2684
 2685
 2686
 2687
 2688
 2689
 2690
 2691
 2692
 2693
 2694
 2695
 2696
 2697
 2698
 2699
 2700
 2701
 2702
 2703
 2704
 2705
 2706
 2707
 2708
 2709
 2710
 2711
 2712
 2713
 2714
 2715
 2716
 2717
 2718
 2719
 2720
 2721
 2722
 2723
 2724
 2725
 2726
 2727
 2728
 2729
 2730
 2731
 2732
 2733
 2734
 2735
 2736
 2737
 2738
 2739
 2740
 2741
 2742
 2743
 2744
 2745
 2746
 2747
 2748
 2749
 2750
 2751
 2752
 2753
 2754
 2755
 2756
 2757
 2758
 2759
 2760
 2761
 2762
 2763
 2764
 2765
 2766
 2767
 2768
 2769
 2770
 2771
 2772
 2773
 2774
 2775
 2776
 2777
 2778
 2779
 2780
 2781
 2782
 2783
 2784
 2785
 2786
 2787
 2788
 2789
 2790
 2791
 2792
 2793
 2794
 2795
 2796
 2797
 2798
 2799
 2800
 2801
 2802
 2803
 2804
 2805
 2806
 2807
 2808
 2809
 2810
 2811
 2812
 2813
 2814
 2815
 2816
 2817
 2818
 2819
 2820
 2821
 2822
 2823
 2824
 2825
 2826
 2827
 2828
 2829
 2830
 2831
 2832
 2833
 2834
 2835
 2836
 2837
 2838
 2839
 2840
 2841
 2842
 2843
 2844
 2845
 2846
 2847
 2848
 2849
 2850
 2851
 2852
 2853
 2854
 2855
 2856
 2857
 2858
 2859
 2860
 2861
 2862
 2863
 2864
 2865
 2866
 2867
 2868
 2869
 2870
 2871
 2872
 2873
 2874
 2875
 2876
 2877
 2878
 2879
 2880
 2881
 2882
 2883
 2884
 2885
 2886
 2887
 2888
 2889
 2890
 2891
 2892
 2893
 2894
 2895
 2896
 2897
 2898
 2899
 2900
 2901
 2902
 2903
 2904
 2905
 2906
 2907
 2908
 2909
 2910
 2911
 2912
 2913
 2914
 2915
 2916
 2917
 2918
 2919
 2920
 2921
 2922
 2923
 2924
 2925
 2926
 2927
 2928
 2929
 2930
 2931
 2932
 2933
 2934
 2935
 2936
 2937
 2938
 2939
 2940
 2941
 2942
 2943
 2944
 2945
 2946
 2947
 2948
 2949
 2950
 2951
 2952
 2953
 2954
 2955
 2956
 2957
 2958
 2959
 2960
 2961
 2962
 2963
 2964
 2965
 2966
 2967
 2968
 2969
 2970
 2971
 2972
 2973
 2974
 2975
 2976
 2977
 2978
 2979
 2980
 2981
 2982
 2983
 2984
 2985
 2986
 2987
 2988
 2989
 2990
 2991
 2992
 2993
 2994
 2995
 2996
 2997
 2998
 2999
 3000
 3001
 3002
 3003
 3004
 3005
 3006
 3007
 3008
 3009
 3010
 3011
 3012
 3013
 3014
 3015
 3016
 3017
 3018
 3019
 3020
 3021
 3022
 3023
 3024
 3025
 3026
 3027
 3028
 3029
 3030
 3031
 3032
 3033
 3034
 3035
 3036
 3037
 3038
 3039
 3040
 3041
 3042
 3043
 3044
 3045
 3046
 3047
 3048
 3049
 3050
 3051
 3052
 3053
 3054
 3055
 3056
 3057
 3058
 3059
 3060
 3061
 3062
 3063
 3064
 3065
 3066
 3067
 3068
 3069
 3070
 3071
 3072
 3073
 3074
 3075
 3076
 3077
 3078
 3079
 3080
 3081
 3082
 3083
 3084
 3085
 3086
 3087
 3088
 3089
 3090
 3091
 3092
 3093
 3094
 3095
 3096
 3097
 3098
 3099
 3100
 3101
 3102
 3103
 3104
 3105
 3106
 3107
 3108
 3109
 3110
 3111
 3112
 3113
 3114
 3115
 3116
 3117
 3118
 3119
 3120
 3121
 3122
 3123
 3124
 3125
 3126
 3127
 3128
 3129
 3130
 3131
 3132
 3133
 3134
 3135
 3136
 3137
 3138
 3139
 3140
 3141
 3142
 3143
 3144
 3145
 3146
 3147
 3148
 3149
 3150
 3151
 3152
 3153
 3154
 3155
 3156
 3157
 3158
 3159
 3160
 3161
 3162
 3163
 3164
 3165
 3166
 3167
 3168
 3169
 3170
 3171
 3172
 3173
 3174
 3175
 3176
 3177
 3178
 3179
 3180
 3181
 3182
 3183
 3184
 3185
 3186
 3187
 3188
 3189
 3190
 3191
 3192
 3193
 3194
 3195
 3196
 3197
 3198
 3199
 3200
 3201
 3202
 3203
 3204
 3205
 3206
 3207
 3208
 3209
 3210
 3211
 3212
 3213
 3214
 3215
 3216
 3217
 3218
 3219
 3220
 3221
 3222
 3223
 3224
 3225
 3226
 3227
 3228
 3229
 3230
 3231
 3232
 3233
 3234
 3235
 3236
 3237
 3238
 3239
 3240
 3241
 3242
 3243
 3244
 3245
 3246
 3247
 3248
 3249
 3250
 3251
 3252
 3253
 3254
 3255
 3256
 3257
 3258
 3259
 3260
 3261
 3262
 3263
 3264
 3265
 3266
 3267
 3268
 3269
 3270
 3271
 3272
 3273
 3274
 3275
 3276
 3277
 3278
 3279
 3280
 3281
 3282
 3283
 3284
 3285
 3286
 3287
 3288
 3289
 3290
 3291
 3292
 3293
 3294
 3295
 3296
 3297
 3298
 3299
 3300
 3301
 3302
 3303
 3304
 3305
 3306
 3307
 3308
 3309
 3310
 3311
 3312
 3313
 3314
 3315
 3316
 3317
 3318
 3319
 3320
 3321
 3322
 3323
 3324
 3325
 3326
 3327
 3328
 3329
 3330
 3331
 3332
 3333
 3334
 3335
 3336
 3337
 3338
 3339
 3340
 3341
 3342
 3343
 3344
 3345
 3346
 3347
 3348
 3349
 3350
 3351
 3352
 3353
 3354
 3355
 3356
 3357
 3358
 3359
 3360
 3361
 3362
 3363
 3364
 3365
 3366
 3367
 3368
 3369
 3370
 3371
 3372
 3373
 3374
 3375
 3376
 3377
 3378
 3379
 3380
 3381
 3382
 3383
 3384
 3385
 3386
 3387
 3388
 3389
 3390
 3391
 3392
 3393
 3394
 3395
 3396
 3397
 3398
 3399
 3400
 3401
 3402
 3403
 3404
 3405
 3406
 3407
 3408
 3409
 3410
 3411
 3412
 3413
 3414
 3415
 3416
 3417
 3418
 3419
 3420
 3421
 3422
 3423
 3424
 3425
 3426
 3427
 3428
 3429
 3430
 3431
 3432
 3433
 3434
 3435
 3436
 3437
 3438
 3439
 3440
 3441
 3442
 3443
 3444
 3445
 3446
 3447
 3448
 3449
 3450
 3451
 3452
 3453
 3454
 3455
 3456
 3457
 3458
 3459
 3460
 3461
 3462
 3463
 3464
 3465
 3466
 3467
 3468
 3469
 3470
 3471
 3472
 3473
 3474
 3475
 3476
 3477
 3478
 3479
 3480
 3481
 3482
 3483
 3484
 3485
 3486
 3487
 3488
 3489
 3490
 3491
 3492
 3493
 3494
 3495
 3496
 3497
 3498
 3499
 3500
 3501
 3502
 3503
 3504
 3505
 3506
 3507
 3508
 3509
 3510
 3511
 3512
 3513
 3514
 3515
 3516
 3517
 3518
 3519
 3520
 3521
 3522
 3523
 3524
 3525
 3526
 3527
 3528
 3529
 3530
 3531
 3532
 3533
 3534
 3535
 3536
 3537
 3538
 3539
 3540
 3541
 3542
 3543
 3544
 3545
 3546
 3547
 3548
 3549
 3550
 3551
 3552
 3553
 3554
 3555
 3556
 3557
 3558
 3559
 3560
 3561
 3562
 3563
 3564
 3565
 3566
 3567
 3568
 3569
 3570
 3571
 3572
 3573
 3574
 3575
 3576
 3577
 3578
 3579
 3580
 3581
 3582
 3583
 3584
 3585
 3586
 3587
 3588
 3589
 3590
 3591
 3592
 3593
 3594
 3595
 3596
 3597
 3598
 3599
 3600
 3601
 3602
 3603
 3604
 3605
 3606
 3607
 3608
 3609
 3610
 3611
 3612
 3613
 3614
 3615
 3616
 3617
 3618
 3619
 3620
 3621
 3622
 3623
 3624
 3625
 3626
 3627
 3628
 3629
 3630
 3631
 3632
 3633
 3634
 3635
 3636
 3637
 3638
 3639
 3640
 3641
 3642
 3643
 3644
 3645
 3646
 3647
 3648
 3649
 3650
 3651
 3652
 3653
 3654
 3655
 3656
 3657
 3658
 3659
 3660
 3661
 3662
 3663
 3664
 3665
 3666
 3667
 3668
 3669
 3670
 3671
 3672
 3673
 3674
 3675
 3676
 3677
 3678
 3679
 3680
 3681
 3682
 3683
 3684
 3685
 3686
 3687
 3688
 3689
 3690
 3691
 3692
 3693
 3694
 3695
 3696
 3697
 3698
 3699
 3700
 3701
 3702
 3703
 3704
 3705
 3706
 3707
 3708
 3709
 3710
 3711
 3712
 3713
 3714
 3715
 3716
 3717
 3718
 3719
 3720
 3721
 3722
 3723
 3724
 3725
 3726
 3727
 3728
 3729
 3730
 3731
 3732
 3733
 3734
 3735
 3736
 3737
 3738
 3739
 3740
 3741
 3742
 3743
 3744
 3745
 3746
 3747
 3748
 3749
 3750
 3751
 3752
 3753
 3754
 3755
 3756
 3757
 3758
 3759
 3760
 3761
 3762
 3763
 3764
 3765
 3766
 3767
 3768
 3769
 3770
 3771
 3772
 3773
 3774
 3775
 3776
 3777
 3778
 3779
 3780
 3781
 3782
 3783
 3784
 3785
 3786
 3787
 3788
 3789
 3790
 3791
 3792
 3793
 3794
 3795
 3796
 3797
 3798
 3799
 3800
 3801
 3802
 3803
 3804
 3805
 3806
 3807
 3808
 3809
 3810
 3811
 3812
 3813
 3814
 3815
 3816
 3817
 3818
 3819
 3820
 3821
 3822
 3823
 3824
 3825
 3826
 3827
 3828
 3829
 3830
 3831
 3832
 3833
 3834
 3835
 3836
 3837
 3838
 3839
 3840
 3841
 3842
 3843
 3844
 3845
 3846
 3847
 3848
 3849
 3850
 3851
 3852
 3853
 3854
 3855
 3856
 3857
 3858
 3859
 3860
 3861
 3862
 3863
 3864
 3865
 3866
 3867
 3868
 3869
 3870
 3871
 3872
 3873
 3874
 3875
 3876
 3877
 3878
 3879
 3880
 3881
 3882
 3883
 3884
 3885
 3886
 3887
 3888
 3889
 3890
 3891
 3892
 3893
 3894
 3895
 3896
 3897
 3898
 3899
 3900
 3901
 3902
 3903
 3904
 3905
 3906
 3907
 3908
 3909
 3910
 3911
 3912
 3913
 3914
 3915
 3916
 3917
 3918
 3919
 3920
 3921
 3922
 3923
 3924
 3925
 3926
 3927
 3928
 3929
 3930
 3931
 3932
 3933
 3934
 3935
 3936
 3937
 3938
 3939
 3940
 3941
 3942
 3943
 3944
 3945
 3946
 3947
 3948
 3949
 3950
 3951
 3952
 3953
 3954
 3955
 3956
 3957
 3958
 3959
 3960
 3961
 3962
 3963
 3964
 3965
 3966
 3967
 3968
 3969
 3970
 3971
 3972
 3973
 3974
 3975
 3976
 3977
 3978
 3979
 3980
 3981
 3982
 3983
 3984
 3985
 3986
 3987
 3988
 3989
 3990
 3991
 3992
 3993
 3994
 3995
 3996
 3997
 3998
 3999
 4000
 4001
 4002
 4003
 4004
 4005
 4006
 4007
 4008
 4009
 4010
 4011
 4012
 4013
 4014
 4015
 4016
 4017
 4018
 4019
 4020
 4021
 4022
 4023
 4024
 4025
 4026
 4027
 4028
 4029
 4030
 4031
 4032
 4033
 4034
 4035
 4036
 4037
 4038
 4039
 4040
 4041
 4042
 4043
 4044
 4045
 4046
 4047
 4048
 4049
 4050
 4051
 4052
 4053
 4054
 4055
 4056
 4057
 4058
 4059
 4060
 4061
 4062
 4063
 4064
 4065
 4066
 4067
 4068
 4069
 4070
 4071
 4072
 4073
 4074
 4075
 4076
 4077
 4078
 4079
 4080
 4081
 4082
 4083
 4084
 4085
 4086
 4087
 4088
 4089
 4090
 4091
 4092
 4093
 4094
 4095
 4096
 4097
 4098
 4099
 4100
 4101
 4102
 4103
 4104
 4105
 4106
 4107
 4108
 4109
 4110
 4111
 4112
 4113
 4114
 4115
 4116
 4117
 4118
 4119
 4120
 4121
 4122
 4123
 4124
 4125
 4126
 4127
 4128
 4129
 4130
 4131
 4132
 4133
 4134
 4135
 4136
 4137
 4138
 4139
 4140
 4141
 4142
 4143
 4144
 4145
 4146
 4147
 4148
 4149
 4150
 4151
 4152
 4153
 4154
 4155
 4156
 4157
 4158
 4159
 4160
 4161
 4162
 4163
 4164
 4165
 4166
 4167
 4168
 4169
 4170
 4171
 4172
 4173
 4174
 4175
 4176
 4177
 4178
 4179
 4180
 4181
 4182
 4183
 4184
 4185
 4186
 4187
 4188
 4189
 4190
 4191
 4192
 4193
 4194
 4195
 4196
 4197
 4198
 4199
 4200
 4201
 4202
 4203
 4204
 4205
 4206
 4207
 4208
 4209
 4210
 4211
 4212
 4213
 4214
 4215
 4216
 4217
 4218
 4219
 4220
 4221
 4222
 4223
 4224
 4225
 4226
 4227
 4228
 4229
 4230
 4231
 4232
 4233
 4234
 4235
 4236
 4237
 4238
 4239
 4240
 4241
 4242
 4243
 4244
 4245
 4246
 4247
 4248
 4249
 4250
 4251
 4252
 4253
 4254
 4255
 4256
 4257
 4258
 4259
 4260
 4261
 4262
 4263
 4264
 4265
 4266
 4267
 4268
 4269
 4270
 4271
 4272
 4273
 4274
 4275
 4276
 4277
 4278
 4279
 4280
 4281
 4282
 4283
 4284
 4285
 4286
 4287
 4288
 4289
 4290
 4291
 4292
 4293
 4294
 4295
 4296
 4297
 4298
 4299
 4300
 4301
 4302
 4303
 4304
 4305
 4306
 4307
 4308
 4309
 4310
 4311
 4312
 4313
 4314
 4315
 4316
 4317
 4318
 4319
 4320
 4321
 4322
 4323
 4324
 4325
 4326
 4327
 4328
 4329
 4330
 4331
 4332
 4333
 4334
 4335
 4336
 4337
 4338
 4339
 4340
 4341
 4342
 4343
 4344
 4345
 4346
 4347
 4348
 4349
 4350
 4351
 4352
 4353
 4354
 4355
 4356
 4357
 4358
 4359
 4360
 4361
 4362
 4363
 4364
 4365
 4366
 4367
 4368
 4369
 4370
 4371
 4372
 4373
 4374
 4375
 4376
 4377
 4378
 4379
 4380
 4381
 4382
 4383
 4384
 4385
 4386
 4387
 4388
 4389
 4390
 4391
 4392
 4393
 4394
 4395
 4396
 4397
 4398
 4399
 4400
 4401
 4402
 4403
 4404
 4405
 4406
 4407
 4408
 4409
 4410
 4411
 4412
 4413
 4414
 4415
 4416
 4417
 4418
 4419
 4420
 4421
 4422
 4423
 4424
 4425
 4426
 4427
 4428
 4429
 4430
 4431
 4432
 4433
 4434
 4435
 4436
 4437
 4438
 4439
 4440
 4441
 4442
 4443
 4444
 4445
 4446
 4447
 4448
 4449
 4450
 4451
 4452
 4453
 4454
 4455
 4456
 4457
 4458
 4459
 4460
 4461
 4462
 4463
 4464
 4465
 4466
 4467
 4468
 4469
 4470
 4471
 4472
 4473
 4474
 4475
 4476
 4477
 4478
 4479
 4480
 4481
 4482
 4483
 4484
 4485
 4486
 4487
 4488
 4489
 4490
 4491
 4492
 4493
 4494
 4495
 4496
 4497
 4498
 4499
 4500
 4501
 4502
 4503
 4504
 4505
 4506
 4507
 4508
 4509
 4510
 4511
 4512
 4513
 4514
 4515
 4516
 4517
 4518
 4519
 4520
 4521
 4522
 4523
 4524
 4525
 4526
 4527
 4528
 4529
 4530
 4531
 4532
 4533
 4534
 4535
 4536
 4537
 4538
 4539
 4540
 4541
 4542
 4543
 4544
 4545
 4546
 4547
 4548
 4549
 4550
 4551
 4552
 4553
 4554
 4555
 4556
 4557
 4558
 4559
 4560
 4561
 4562
 4563
 4564
 4565
 4566
 4567
 4568
 4569
 4570
 4571
 4572
 4573
 4574
 4575
 4576
 4577
 4578
 4579
 4580
 4581
 4582
 4583
 4584
 4585
 4586
 4587
 4588
 4589
 4590
 4591
 4592
 4593
 4594
 4595
 4596
 4597
 4598
 4599
 4600
 4601
 4602
 4603
 4604
 4605
 4606
 4607
 4608
 4609
 4610
 4611
 4612
 4613
 4614
 4615
 4616
 4617
 4618
 4619
 4620
 4621
 4622
 4623
 4624
 4625
 4626
 4627
 4628
 4629
 4630
 4631
 4632
 4633
 4634
 4635
 4636
 4637
 4638
 4639
 4640
 4641
 4642
 4643
 4644
 4645
 4646
 4647
 4648
 4649
 4650
 4651
 4652
 4653
 4654
 4655
 4656
 4657
 4658
 4659
 4660
 4661
 4662
 4663
 4664
 4665
 4666
 4667
 4668
 4669
 4670
 4671
 4672
 4673
 4674
 4675
 4676
 4677
 4678
 4679
 4680
 4681
 4682
 4683
 4684
 4685
 4686
 4687
 4688
 4689
 4690
 4691
 4692
 4693
 4694
 4695
 4696
 4697
 4698
 4699
 4700
 4701
 4702
 4703
 4704
 4705
 4706
 4707
 4708
 4709
 4710
 4711
 4712
 4713
 4714
 4715
 4716
 4717
 4718
 4719
 4720
 4721
 4722
 4723
 4724
 4725
 4726
 4727
 4728
 4729
 4730
 4731
 4732
 4733
 4734
 4735
 4736
 4737
 4738
 4739
 4740
 4741
 4742
 4743
 4744
 4745
 4746
 4747
 4748
 4749
 4750
 4751
 4752
 4753
 4754
 4755
 4756
 4757
 4758
 4759
 4760
 4761
 4762
 4763
 4764
 4765
 4766
 4767
 4768
 4769
 4770
 4771
 4772
 4773
 4774
 4775
 4776
 4777
 4778
 4779
 4780
 4781
 4782
 4783
 4784
 4785
 4786
 4787
 4788
 4789
 4790
 4791
 4792
 4793
 4794
 4795
 4796
 4797
 4798
 4799
 4800
 4801
 4802
 4803
 4804
 4805
 4806
 4807
 4808
 4809
 4810
 4811
 4812
 4813
 4814
 4815
 4816
 4817
 4818
 4819
 4820
 4821
 4822
 4823
 4824
 4825
 4826
 4827
 4828
 4829
 4830
 4831
 4832
 4833
 4834
 4835
 4836
 4837
 4838
 4839
 4840
 4841
 4842
 4843
 4844
 4845
 4846
 4847
 4848
 4849
 4850
 4851
 4852
 4853
 4854
 4855
 4856
 4857
 4858
 4859
 4860
 4861
 4862
 4863
 4864
 4865
 4866
 4867
 4868
 4869
 4870
 4871
 4872
 4873
 4874
 4875
 4876
 4877
 4878
 4879
 4880
 4881
 4882
 4883
 4884
 4885
 4886
 4887
 4888
 4889
 4890
 4891
 4892
 4893
 4894
 4895
 4896
 4897
 4898
 4899
 4900
 4901
 4902
 4903
 4904
 4905
 4906
 4907
 4908
 4909
 4910
 4911
 4912
 4913
 4914
 4915
 4916
 4917
 4918
 4919
 4920
 4921
 4922
 4923
 4924
 4925
 4926
 4927
 4928
 4929
 4930
 4931
 4932
 4933
 4934
 4935
 4936
 4937
 4938
 4939
 4940
 4941
 4942
 4943
 4944
 4945
 4946
 4947
 4948
 4949
 4950
 4951
 4952
 4953
 4954
 4955
 4956
 4957
 4958
 4959
 4960
 4961
 4962
 4963
 4964
 4965
 4966
 4967
 4968
 4969
 4970
 4971
 4972
 4973
 4974
 4975
 4976
 4977
 4978
 4979
 4980
 4981
 4982
 4983
 4984
 4985
 4986
 4987
 4988
 4989
 4990
 4991
 4992
 4993
 4994
 4995
 4996
 4997
 4998
 4999
 5000
 5001
 5002
 5003
 5004
 5005
 5006
 5007
 5008
 5009
 5010
 5011
 5012
 5013
 5014
 5015
 5016
 5017
 5018
 5019
 5020
 5021
 5022
 5023
 5024
 5025
 5026
 5027
 5028
 5029
 5030
 5031
 5032
 5033
 5034
 5035
 5036
 5037
 5038
 5039
 5040
 5041
 5042
 5043
 5044
 5045
 5046
 5047
 5048
 5049
 5050
 5051
 5052
 5053
 5054
 5055
 5056
 5057
 5058
 5059
 5060
 5061
 5062
 5063
 5064
 5065
 5066
 5067
 5068
 5069
 5070
 5071
 5072
 5073
 5074
 5075
 5076
 5077
 5078
 5079
 5080
 5081
 5082
 5083
 5084
 5085
 5086
 5087
 5088
 5089
 5090
 5091
 5092
 5093
 5094
 5095
 5096
 5097
 5098
 5099
 5100
 5101
 5102
 5103
 5104
 5105
 5106
 5107
 5108
 5109
 5110
 5111
 5112
 5113
 5114
 5115
 5116
 5117
 5118
 5119
 5120
 5121
 5122
 5123
 5124
 5125
 5126
 5127
 5128
 5129
 5130
 5131
 5132
 5133
 5134
 5135
 5136
 5137
 5138
 5139
 5140
 5141
 5142
 5143
 5144
 5145
 5146
 5147
 5148
 5149
 5150
 5151
 5152
 5153
 5154
 5155
 5156
 5157
 5158
 5159
 5160
 5161
 5162
 5163
 5164
 5165
 5166
 5167
 5168
 5169
 5170
 5171
 5172
 5173
 5174
 5175
 5176
 5177
 5178
 5179
 5180
 5181
 5182
 5183
 5184
 5185
 5186
 5187
 5188
 5189
 5190
 5191
 5192
 5193
 5194
 5195
 5196
 5197
 5198
 5199
 5200
 5201
 5202
 5203
 5204
 5205
 5206
 5207
 5208
 5209
 5210
 5211
 5212
 5213
 5214
 5215
 5216
 5217
 5218
 5219
 5220
 5221
 5222
 5223
 5224
 5225
 5226
 5227
 5228
 5229
 5230
 5231
 5232
 5233
 5234
 5235
 5236
 5237
 5238
 5239
 5240
 5241
 5242
 5243
 5244
 5245
 5246
 5247
 5248
 5249
 5250
 5251
 5252
 5253
 5254
 5255
 5256
 5257
 5258
 5259
 5260
 5261
 5262
 5263
 5264
 5265
 5266
 5267
 5268
 5269
 5270
 5271
 5272
 5273
 5274
 5275
 5276
 5277
 5278
 5279
 5280
 5281
 5282
 5283
 5284
 5285
 5286
 5287
 5288
 5289
 5290
 5291
 5292
 5293
 5294
 5295
 5296
 5297
 5298
 5299
 5300
 5301
 5302
 5303
 5304
 5305
 5306
 5307
 5308
 5309
 5310
 5311
 5312
 5313
 5314
 5315
 5316
 5317
 5318
 5319
 5320
 5321
 5322
 5323
 5324
 5325
 5326
 5327
 5328
 5329
 5330
 5331
 5332
 5333
 5334
 5335
 5336
 5337
 5338
 5339
 5340
 5341
 5342
 5343
 5344
 5345
 5346
 5347
 5348
 5349
 5350
 5351
 5352
 5353
 5354
 5355
 5356
 5357
 5358
 5359
 5360
 5361
 5362
 5363
 5364
 5365
 5366
 5367
 5368
 5369
 5370
 5371
 5372
 5373
 5374
 5375
 5376
 5377
 5378
 5379
 5380
 5381
 5382
 5383
 5384
 5385
 5386
 5387
 5388
 5389
 5390
 5391
 5392
 5393
 5394
 5395
 5396
 5397
 5398
 5399
 5400
 5401
 5402
 5403
 5404
 5405
 5406
 5407
 5408
 5409
 5410
 5411
 5412
 5413
 5414
 5415
 5416
 5417
 5418
 5419
 5420
 5421
 5422
 5423
 5424
 5425
 5426
 5427
 5428
 5429
 5430
 5431
 5432
 5433
 5434
 5435
 5436
 5437
 5438
 5439
 5440
 5441
 5442
 5443
 5444
 5445
 5446
 5447
 5448
 5449
 5450
 5451
 5452
 5453
 5454
 5455
 5456
 5457
 5458
 5459
 5460
 5461
 5462
 5463
 5464
 5465
 5466
 5467
 5468
 5469
 5470
 5471
 5472
 5473
 5474
 5475
 5476
 5477
 5478
 5479
 5480
 5481
 5482
 5483
 5484
 5485
 5486
 5487
 5488
 5489
 5490
 5491
 5492
 5493
 5494
 5495
 5496
 5497
 5498
 5499
 5500
 5501
 5502
 5503
 5504
 5505
 5506
 5507
 5508
 5509
 5510
 5511
 5512
 5513
 5514
 5515
 5516
 5517
 5518
 5519
 5520
 5521
 5522
 5523
 5524
 5525
 5526
 5527
 5528
 5529
 5530
 5531
 5532
 5533
 5534
 5535
 5536
 5537
 5538
 5539
 5540
 5541
 5542
 5543
 5544
 5545
 5546
 5547
 5548
 5549
 5550
 5551
 5552
 5553
 5554
 5555
 5556
 5557
 5558
 5559
 5560
 5561
 5562
 5563
 5564
 5565
 5566
 5567
 5568
 5569
 5570
 5571
 5572
 5573
 5574
 5575
 5576
 5577
 5578
 5579
 5580
 5581
 5582
 5583
 5584
 5585
 5586
 5587
 5588
 5589
 5590
 5591
 5592
 5593
 5594
 5595
 5596
 5597
 5598
 5599
 5600
 5601
 5602
 5603
 5604
 5605
 5606
 5607
 5608
 5609
 5610
 5611
 5612
 5613
 5614
 5615
 5616
 5617
 5618
 5619
 5620
 5621
 5622
 5623
 5624
 5625
 5626
 5627
 5628
 5629
 5630
 5631
 5632
 5633
 5634
 5635
 5636
 5637
 5638
 5639
 5640
 5641
 5642
 5643
 5644
 5645
 5646
 5647
 5648
 5649
 5650
 5651
 5652
 5653
 5654
 5655
 5656
 5657
 5658
 5659
 5660
 5661
 5662
 5663
 5664
 5665
 5666
 5667
 5668
 5669
 5670
 5671
 5672
 5673
 5674
 5675
 5676
 5677
 5678
 5679
 5680
 5681
 5682
 5683
 5684
 5685
 5686
 5687
 5688
 5689
 5690
 5691
 5692
 5693
 5694
 5695
 5696
 5697
 5698
 5699
 5700
 5701
 5702
 5703
 5704
 5705
 5706
 5707
 5708
 5709
 5710
 5711
 5712
 5713
 5714
 5715
 5716
 5717
 5718
 5719
 5720
 5721
 5722
 5723
 5724
 5725
 5726
 5727
 5728
 5729
 5730
 5731
 5732
 5733
 5734
 5735
 5736
 5737
 5738
 5739
 5740
 5741
 5742
 5743
 5744
 5745
 5746
 5747
 5748
 5749
 5750
 5751
 5752
 5753
 5754
 5755
 5756
 5757
 5758
 5759
 5760
 5761
 5762
 5763
 5764
 5765
 5766
 5767
 5768
 5769
 5770
 5771
 5772
 5773
 5774
 5775
 5776
 5777
 5778
 5779
 5780
 5781
 5782
 5783
 5784
 5785
 5786
 5787
 5788
 5789
 5790
 5791
 5792
 5793
 5794
 5795
 5796
 5797
 5798
 5799
 5800
 5801
 5802
 5803
 5804
 5805
 5806
 5807
 5808
 5809
 5810
 5811
 5812
 5813
 5814
 5815
 5816
 5817
 5818
 5819
 5820
 5821
 5822
 5823
 5824
 5825
 5826
 5827
 5828
 5829
 5830
 5831
 5832
 5833
 5834
 5835
 5836
 5837
 5838
 5839
 5840
 5841
 5842
 5843
 5844
 5845
 5846
 5847
 5848
 5849
 5850
 5851
 5852
 5853
 5854
 5855
 5856
 5857
 5858
 5859
 5860
 5861
 5862
 5863
 5864
 5865
 5866
 5867
 5868
 5869
 5870
 5871
 5872
 5873
 5874
 5875
 5876
 5877
 5878
 5879
 5880
 5881
 5882
 5883
 5884
 5885
 5886
 5887
 5888
 5889
 5890
 5891
 5892
 5893
 5894
 5895
 5896
 5897
 5898
 5899
 5900
 5901
 5902
 5903
 5904
 5905
 5906
 5907
 5908
 5909
 5910
 5911
 5912
 5913
 5914
 5915
 5916
 5917
 5918
 5919
 5920
 5921
 5922
 5923
 5924
 5925
 5926
 5927
 5928
 5929
 5930
 5931
 5932
 5933
 5934
 5935
 5936
 5937
 5938
 5939
 5940
 5941
 5942
 5943
 5944
 5945
 5946
 5947
 5948
 5949
 5950
 5951
 5952
 5953
 5954
 5955
 5956
 5957
 5958
 5959
 5960
 5961
 5962
 5963
 5964
 5965
 5966
 5967
 5968
 5969
 5970
 5971
 5972
 5973
 5974
 5975
 5976
 5977
 5978
 5979
 5980
 5981
 5982
 5983
 5984
 5985
 5986
 5987
 5988
 5989
 5990
 5991
 5992
 5993
 5994
 5995
 5996
 5997
 5998
 5999
 6000
 6001
 6002
 6003
 6004
 6005
 6006
 6007
 6008
 6009
 6010
 6011
 6012
 6013
 6014
 6015
 6016
 6017
 6018
 6019
 6020
 6021
 6022
 6023
 6024
 6025
 6026
 6027
 6028
 6029
 6030
 6031
 6032
 6033
 6034
 6035
 6036
 6037
 6038
 6039
 6040
 6041
 6042
 6043
 6044
 6045
 6046
 6047
 6048
 6049
 6050
 6051
 6052
 6053
 6054
 6055
 6056
 6057
 6058
 6059
 6060
 6061
 6062
 6063
 6064
 6065
 6066
 6067
 6068
 6069
 6070
 6071
 6072
 6073
 6074
 6075
 6076
 6077
 6078
 6079
 6080
 6081
 6082
 6083
 6084
 6085
 6086
 6087
 6088
 6089
 6090
 6091
 6092
 6093
 6094
 6095
 6096
 6097
 6098
 6099
 6100
 6101
 6102
 6103
 6104
 6105
 6106
 6107
 6108
 6109
 6110
 6111
 6112
 6113
 6114
 6115
 6116
 6117
 6118
 6119
 6120
 6121
 6122
 6123
 6124
 6125
 6126
 6127
 6128
 6129
 6130
 6131
 6132
 6133
 6134
 6135
 6136
 6137
 6138
 6139
 6140
 6141
 6142
 6143
 6144
 6145
 6146
 6147
 6148
 6149
 6150
 6151
 6152
 6153
 6154
 6155
 6156
 6157
 6158
 6159
 6160
 6161
 6162
 6163
 6164
 6165
 6166
 6167
 6168
 6169
 6170
 6171
 6172
 6173
 6174
 6175
 6176
 6177
 6178
 6179
 6180
 6181
 6182
 6183
 6184
 6185
 6186
 6187
 6188
 6189
 6190
 6191
 6192
 6193
 6194
 6195
 6196
 6197
 6198
 6199
 6200
 6201
 6202
 6203
 6204
 6205
 6206
 6207
 6208
 6209
 6210
 6211
 6212
 6213
 6214
 6215
 6216
 6217
 6218
 6219
 6220
 6221
 6222
 6223
 6224
 6225
 6226
 6227
 6228
 6229
 6230
 6231
 6232
 6233
 6234
 6235
 6236
 6237
 6238
 6239
 6240
 6241
 6242
 6243
 6244
 6245
 6246
 6247
 6248
 6249
 6250
 6251
 6252
 6253
 6254
 6255
 6256
 6257
 6258
 6259
 6260
 6261
 6262
 6263
 6264
 6265
 6266
 6267
 6268
 6269
 6270
 6271
 6272
 6273
 6274
 6275
 6276
 6277
 6278
 6279
 6280
 6281
 6282
 6283
 6284
 6285
 6286
 6287
 6288
 6289
 6290
 6291
 6292
 6293
 6294
 6295
 6296
 6297
 6298
 6299
 6300
 6301
 6302
 6303
 6304
 6305
 6306
 6307
 6308
 6309
 6310
 6311
 6312
 6313
 6314
 6315
 6316
 6317
 6318
 6319
 6320
 6321
 6322
 6323
 6324
 6325
 6326
 6327
 6328
 6329
 6330
 6331
 6332
 6333
 6334
 6335
 6336
 6337
 6338
 6339
 6340
 6341
 6342
 6343
 6344
 6345
 6346
 6347
 6348
 6349
 6350
 6351
 6352
 6353
 6354
 6355
 6356
 6357
 6358
 6359
 6360
 6361
 6362
 6363
 6364
 6365
 6366
 6367
 6368
 6369
 6370
 6371
 6372
 6373
 6374
 6375
 6376
 6377
 6378
 6379
 6380
 6381
 6382
 6383
 6384
 6385
 6386
 6387
 6388
 6389
 6390
 6391
 6392
 6393
 6394
 6395
 6396
 6397
 6398
 6399
 6400
 6401
 6402
 6403
 6404
 6405
 6406
 6407
 6408
 6409
 6410
 6411
 6412
 6413
 6414
 6415
 6416
 6417
 6418
 6419
 6420
 6421
 6422
 6423
 6424
 6425
 6426
 6427
 6428
 6429
 6430
 6431
 6432
 6433
 6434
 6435
 6436
 6437
 6438
 6439
 6440
 6441
 6442
 6443
 6444
 6445
 6446
 6447
 6448
 6449
 6450
 6451
 6452
 6453
 6454
 6455
 6456
 6457
 6458
 6459
 6460
 6461
 6462
 6463
 6464
 6465
 6466
 6467
 6468
 6469
 6470
 6471
 6472
 6473
 6474
 6475
 6476
 6477
 6478
 6479
 6480
 6481
 6482
 6483
 6484
 6485
 6486
 6487
 6488
 6489
 6490
 6491
 6492
 6493
 6494
 6495
 6496
 6497
 6498
 6499
 6500
 6501
 6502
 6503
 6504
 6505
 6506
 6507
 6508
 6509
 6510
 6511
 6512
 6513
 6514
 6515
 6516
 6517
 6518
 6519
 6520
 6521
 6522
 6523
 6524
 6525
 6526
 6527
 6528
 6529
 6530
 6531
 6532
 6533
 6534
 6535
 6536
 6537
 6538
 6539
 6540
 6541
 6542
 6543
 6544
 6545
 6546
 6547
 6548
 6549
 6550
 6551
 6552
 6553
 6554
 6555
 6556
 6557
 6558
 6559
 6560
 6561
 6562
 6563
 6564
 6565
 6566
 6567
 6568
 6569
 6570
 6571
 6572
 6573
 6574
 6575
 6576
 6577
 6578
 6579
 6580
 6581
 6582
 6583
 6584
 6585
 6586
 6587
 6588
 6589
 6590
 6591
 6592
 6593
 6594
 6595
 6596
 6597
 6598
 6599
 6600
 6601
 6602
 6603
 6604
 6605
 6606
 6607
 6608
 6609
 6610
 6611
 6612
 6613
 6614
 6615
 6616
 6617
 6618
 6619
 6620
 6621
 6622
 6623
 6624
 6625
 6626
 6627
 6628
 6629
 6630
 6631
 6632
 6633
 6634
 6635
 6636
 6637
 6638
 6639
 6640
 6641
 6642
 6643
 6644
 6645
 6646
 6647
 6648
 6649
 6650
 6651
 6652
 6653
 6654
 6655
 6656
 6657
 6658
 6659
 6660
 6661
 6662
 6663
 6664
 6665
 6666
 6667
 6668
 6669
 6670
 6671
 6672
 6673
 6674
 6675
 6676
 6677
 6678
 6679
 6680
 6681
 6682
 6683
 6684
 6685
 6686
 6687
 6688
 6689
 6690
 6691
 6692
 6693
 6694
 6695
 6696
 6697
 6698
 6699
 6700
 6701
 6702
 6703
 6704
 6705
 6706
 6707
 6708
 6709
 6710
 6711
 6712
 6713
 6714
 6715
 6716
 6717
 6718
 6719
 6720
 6721
 6722
 6723
 6724
 6725
 6726
 6727
 6728
 6729
 6730
 6731
 6732
 6733
 6734
 6735
 6736
 6737
 6738
 6739
 6740
 6741
 6742
 6743
 6744
 6745
 6746
 6747
 6748
 6749
 6750
 6751
 6752
 6753
 6754
 6755
 6756
 6757
 6758
 6759
 6760
 6761
 6762
 6763
 6764
 6765
 6766
 6767
 6768
 6769
 6770
 6771
 6772
 6773
 6774
 6775
 6776
 6777
 6778
 6779
 6780
 6781
 6782
 6783
 6784
 6785
 6786
 6787
 6788
 6789
 6790
 6791
 6792
 6793
 6794
 6795
 6796
 6797
 6798
 6799
 6800
 6801
 6802
 6803
 6804
 6805
 6806
 6807
 6808
 6809
 6810
 6811
 6812
 6813
 6814
 6815
 6816
 6817
 6818
 6819
 6820
 6821
 6822
 6823
 6824
 6825
 6826
 6827
 6828
 6829
 6830
 6831
 6832
 6833
 6834
 6835
 6836
 6837
 6838
 6839
 6840
 6841
 6842
 6843
 6844
 6845
 6846
 6847
 6848
 6849
 6850
 6851
 6852
 6853
 6854
 6855
 6856
 6857
 6858
 6859
 6860
 6861
 6862
 6863
 6864
 6865
 6866
 6867
 6868
 6869
 6870
 6871
 6872
 6873
 6874
 6875
 6876
 6877
 6878
 6879
 6880
 6881
 6882
 6883
 6884
 6885
 6886
 6887
 6888
 6889
 6890
 6891
 6892
 6893
 6894
 6895
 6896
 6897
 6898
 6899
 6900
 6901
 6902
 6903
 6904
 6905
 6906
 6907
 6908
 6909
 6910
 6911
 6912
 6913
 6914
 6915
 6916
 6917
 6918
 6919
 6920
 6921
 6922
 6923
 6924
 6925
 6926
 6927
 6928
 6929
 6930
 6931
 6932
 6933
 6934
 6935
 6936
 6937
 6938
 6939
 6940
 6941
 6942
 6943
 6944
 6945
 6946
 6947
 6948
 6949
 6950
 6951
 6952
 6953
 6954
 6955
 6956
 6957
 6958
 6959
 6960
 6961
 6962
 6963
 6964
 6965
 6966
 6967
 6968
 6969
 6970
 6971
 6972
 6973
 6974
 6975
 6976
 6977
 6978
 6979
 6980
 6981
 6982
 6983
 6984
 6985
 6986
 6987
 6988
 6989
 6990
 6991
 6992
 6993
 6994
 6995
 6996
 6997
 6998
 6999
 7000
 7001
 7002
 7003
 7004
 7005
 7006
 7007
 7008
 7009
 7010
 7011
 7012
 7013
 7014
 7015
 7016
 7017
 7018
 7019
 7020
 7021
 7022
 7023
 7024
 7025
 7026
 7027
 7028
 7029
 7030
 7031
 7032
 7033
 7034
 7035
 7036
 7037
 7038
 7039
 7040
 7041
 7042
 7043
 7044
 7045
 7046
 7047
 7048
 7049
 7050
 7051
 7052
 7053
 7054
 7055
 7056
 7057
 7058
 7059
 7060
 7061
 7062
 7063
 7064
 7065
 7066
 7067
 7068
 7069
 7070
 7071
 7072
 7073
 7074
 7075
 7076
 7077
 7078
 7079
 7080
 7081
 7082
 7083
 7084
 7085
 7086
 7087
 7088
 7089
 7090
 7091
 7092
 7093
 7094
 7095
 7096
 7097
 7098
 7099
 7100
 7101
 7102
 7103
 7104
 7105
 7106
 7107
 7108
 7109
 7110
 7111
 7112
 7113
 7114
 7115
 7116
 7117
 7118
 7119
 7120
 7121
 7122
 7123
 7124
 7125
 7126
 7127
 7128
 7129
 7130
 7131
 7132
 7133
 7134
 7135
 7136
 7137
 7138
 7139
 7140
 7141
 7142
 7143
 7144
 7145
 7146
 7147
 7148
 7149
 7150
 7151
 7152
 7153
 7154
 7155
 7156
 7157
 7158
 7159
 7160
 7161
 7162
 7163
 7164
 7165
 7166
 7167
 7168
 7169
 7170
 7171
 7172
 7173
 7174
 7175
 7176
 7177
 7178
 7179
 7180
 7181
 7182
 7183
 7184
 7185
 7186
 7187
 7188
 7189
 7190
 7191
 7192
 7193
 7194
 7195
 7196
 7197
 7198
 7199
 7200
 7201
 7202
 7203
 7204
 7205
 7206
 7207
 7208
 7209
 7210
 7211
 7212
 7213
 7214
 7215
 7216
 7217
 7218
 7219
 7220
 7221
 7222
 7223
 7224
 7225
 7226
 7227
 7228
 7229
 7230
 7231
 7232
 7233
 7234
 7235
 7236
 7237
 7238
 7239
 7240
 7241
 7242
 7243
 7244
 7245
 7246
 7247
 7248
 7249
 7250
 7251
 7252
 7253
 7254
 7255
 7256
 7257
 7258
 7259
 7260
 7261
 7262
 7263
 7264
 7265
 7266
 7267
 7268
 7269
 7270
 7271
 7272
 7273
 7274
 7275
 7276
 7277
 7278
 7279
 7280
 7281
 7282
 7283
 7284
 7285
 7286
 7287
 7288
 7289
 7290
 7291
 7292
 7293
 7294
 7295
 7296
 7297
 7298
 7299
 7300
 7301
 7302
 7303
 7304
 7305
 7306
 7307
 7308
 7309
 7310
 7311
 7312
 7313
 7314
 7315
 7316
 7317
 7318
 7319
 7320
 7321
 7322
 7323
 7324
 7325
 7326
 7327
 7328
 7329
 7330
 7331
 7332
 7333
 7334
 7335
 7336
 7337
 7338
 7339
 7340
 7341
 7342
 7343
 7344
 7345
 7346
 7347
 7348
 7349
 7350
 7351
 7352
 7353
 7354
 7355
 7356
 7357
 7358
 7359
 7360
 7361
 7362
 7363
 7364
 7365
 7366
 7367
 7368
 7369
 7370
 7371
 7372
 7373
 7374
 7375
 7376
 7377
 7378
 7379
 7380
 7381
 7382
 7383
 7384
 7385
 7386
 7387
 7388
 7389
 7390
 7391
 7392
 7393
 7394
 7395
 7396
 7397
 7398
 7399
 7400
 7401
 7402
 7403
 7404
 7405
 7406
 7407
 7408
 7409
 7410
 7411
 7412
 7413
 7414
 7415
 7416
 7417
 7418
 7419
 7420
 7421
 7422
 7423
 7424
 7425
 7426
 7427
 7428
 7429
 7430
 7431
 7432
 7433
 7434
 7435
 7436
 7437
 7438
 7439
 7440
 7441
 7442
 7443
 7444
 7445
 7446
 7447
 7448
 7449
 7450
 7451
 7452
 7453
 7454
 7455
 7456
 7457
 7458
 7459
 7460
 7461
 7462
 7463
 7464
 7465
 7466
 7467
 7468
 7469
 7470
 7471
 7472
 7473
 7474
 7475
 7476
 7477
 7478
 7479
 7480
 7481
 7482
 7483
 7484
 7485
 7486
 7487
 7488
 7489
 7490
 7491
 7492
 7493
 7494
 7495
 7496
 7497
 7498
 7499
 7500
 7501
 7502
 7503
 7504
 7505
 7506
 7507
 7508
 7509
 7510
 7511
 7512
 7513
 7514
 7515
 7516
 7517
 7518
 7519
 7520
 7521
 7522
 7523
 7524
 7525
 7526
 7527
 7528
 7529
 7530
 7531
 7532
 7533
 7534
 7535
 7536
 7537
 7538
 7539
 7540
 7541
 7542
 7543
 7544
 7545
 7546
 7547
 7548
 7549
 7550
 7551
 7552
 7553
 7554
 7555
 7556
 7557
 7558
 7559
 7560
 7561
 7562
 7563
 7564
 7565
 7566
 7567
 7568
 7569
 7570
 7571
 7572
 7573
 7574
 7575
 7576
 7577
 7578
 7579
 7580
 7581
 7582
 7583
 7584
 7585
 7586
 7587
 7588
 7589
 7590
 7591
 7592
 7593
 7594
 7595
 7596
 7597
 7598
 7599
 7600
 7601
 7602
 7603
 7604
 7605
 7606
 7607
 7608
 7609
 7610
 7611
 7612
 7613
 7614
 7615
 7616
 7617
 7618
 7619
 7620
 7621
 7622
 7623
 7624
 7625
 7626
 7627
 7628
 7629
 7630
 7631
 7632
 7633
 7634
 7635
 7636
 7637
 7638
 7639
 7640
 7641
 7642
 7643
 7644
 7645
 7646
 7647
 7648
 7649
 7650
 7651
 7652
 7653
 7654
 7655
 7656
 7657
 7658
 7659
 7660
 7661
 7662
 7663
 7664
 7665
 7666
 7667
 7668
 7669
 7670
 7671
 7672
 7673
 7674
 7675
 7676
 7677
 7678
 7679
 7680
 7681
 7682
 7683
 7684
 7685
 7686
 7687
 7688
 7689
 7690
 7691
 7692
 7693
 7694
 7695
 7696
 7697
 7698
 7699
 7700
 7701
 7702
 7703
 7704
 7705
 7706
 7707
 7708
 7709
 7710
 7711
 7712
 7713
 7714
 7715
 7716
 7717
 7718
 7719
 7720
 7721
 7722
 7723
 7724
 7725
 7726
 7727
 7728
 7729
 7730
 7731
 7732
 7733
 7734
 7735
 7736
 7737
 7738
 7739
 7740
 7741
 7742
 7743
 7744
 7745
 7746
 7747
 7748
 7749
 7750
 7751
 7752
 7753
 7754
 7755
 7756
 7757
 7758
 7759
 7760
 7761
 7762
 7763
 7764
 7765
 7766
 7767
 7768
 7769
 7770
 7771
 7772
 7773
 7774
 7775
 7776
 7777
 7778
 7779
 7780
 7781
 7782
 7783
 7784
 7785
 7786
 7787
 7788
 7789
 7790
 7791
 7792
 7793
 7794
 7795
 7796
 7797
 7798
 7799
 7800
 7801
 7802
 7803
 7804
 7805
 7806
 7807
 7808
 7809
 7810
 7811
 7812
 7813
 7814
 7815
 7816
 7817
 7818
 7819
 7820
 7821
 7822
 7823
 7824
 7825
 7826
 7827
 7828
 7829
 7830
 7831
 7832
 7833
 7834
 7835
 7836
 7837
 7838
 7839
 7840
 7841
 7842
 7843
 7844
 7845
 7846
 7847
 7848
 7849
 7850
 7851
 7852
 7853
 7854
 7855
 7856
 7857
 7858
 7859
 7860
 7861
 7862
 7863
 7864
 7865
 7866
 7867
 7868
 7869
 7870
 7871
 7872
 7873
 7874
 7875
 7876
 7877
 7878
 7879
 7880
 7881
 7882
 7883
 7884
 7885
 7886
 7887
 7888
 7889
 7890
 7891
 7892
 7893
 7894
 7895
 7896
 7897
 7898
 7899
 7900
 7901
 7902
 7903
 7904
 7905
 7906
 7907
 7908
 7909
 7910
 7911
 7912
 7913
 7914
 7915
 7916
 7917
 7918
 7919
 7920
 7921
 7922
 7923
 7924
 7925
 7926
 7927
 7928
 7929
 7930
 7931
 7932
 7933
 7934
 7935
 7936
 7937
 7938
 7939
 7940
 7941
 7942
 7943
 7944
 7945
 7946
 7947
 7948
 7949
 7950
 7951
 7952
 7953
 7954
 7955
 7956
 7957
 7958
 7959
 7960
 7961
 7962
 7963
 7964
 7965
 7966
 7967
 7968
 7969
 7970
 7971
 7972
 7973
 7974
 7975
 7976
 7977
 7978
 7979
 7980
 7981
 7982
 7983
 7984
 7985
 7986
 7987
 7988
 7989
 7990
 7991
 7992
 7993
 7994
 7995
 7996
 7997
 7998
 7999
 8000
 8001
 8002
 8003
 8004
 8005
 8006
 8007
 8008
 8009
 8010
 8011
 8012
 8013
 8014
 8015
 8016
 8017
 8018
 8019
 8020
 8021
 8022
 8023
 8024
 8025
 8026
 8027
 8028
 8029
 8030
 8031
 8032
 8033
 8034
 8035
 8036
 8037
 8038
 8039
 8040
 8041
 8042
 8043
 8044
 8045
 8046
 8047
 8048
 8049
 8050
 8051
 8052
 8053
 8054
 8055
 8056
 8057
 8058
 8059
 8060
 8061
 8062
 8063
 8064
 8065
 8066
 8067
 8068
 8069
 8070
 8071
 8072
 8073
 8074
 8075
 8076
 8077
 8078
 8079
 8080
 8081
 8082
 8083
 8084
 8085
 8086
 8087
 8088
 8089
 8090
 8091
 8092
 8093
 8094
 8095
 8096
 8097
 8098
 8099
 8100
 8101
 8102
 8103
 8104
 8105
 8106
 8107
 8108
 8109
 8110
 8111
 8112
 8113
 8114
 8115
 8116
 8117
 8118
 8119
 8120
 8121
 8122
 8123
 8124
 8125
 8126
 8127
 8128
 8129
 8130
 8131
 8132
 8133
 8134
 8135
 8136
 8137
 8138
 8139
 8140
 8141
 8142
 8143
 8144
 8145
 8146
 8147
 8148
 8149
 8150
 8151
 8152
 8153
 8154
 8155
 8156
 8157
 8158
 8159
 8160
 8161
 8162
 8163
 8164
 8165
 8166
 8167
 8168
 8169
 8170
 8171
 8172
 8173
 8174
 8175
 8176
 8177
 8178
 8179
 8180
 8181
 8182
 8183
 8184
 8185
 8186
 8187
 8188
 8189
 8190
 8191
 8192
 8193
 8194
 8195
 8196
 8197
 8198
 8199
 8200
 8201
 8202
 8203
 8204
 8205
 8206
 8207
 8208
 8209
 8210
 8211
 8212
 8213
 8214
 8215
 8216
 8217
 8218
 8219
 8220
 8221
 8222
 8223
 8224
 8225
 8226
 8227
 8228
 8229
 8230
 8231
 8232
 8233
 8234
 8235
 8236
 8237
 8238
 8239
 8240
 8241
 8242
 8243
 8244
 8245
 8246
 8247
 8248
 8249
 8250
 8251
 8252
 8253
 8254
 8255
 8256
 8257
 8258
 8259
 8260
 8261
 8262
 8263
 8264
 8265
 8266
 8267
 8268
 8269
 8270
 8271
 8272
 8273
 8274
 8275
 8276
 8277
 8278
 8279
 8280
 8281
 8282
 8283
 8284
 8285
 8286
 8287
 8288
 8289
 8290
 8291
 8292
 8293
 8294
 8295
 8296
 8297
 8298
 8299
 8300
 8301
 8302
 8303
 8304
 8305
 8306
 8307
 8308
 8309
 8310
 8311
 8312
 8313
 8314
 8315
 8316
 8317
 8318
 8319
 8320
 8321
 8322
 8323
 8324
 8325
 8326
 8327
 8328
 8329
 8330
 8331
 8332
 8333
 8334
 8335
 8336
 8337
 8338
 8339
 8340
 8341
 8342
 8343
 8344
 8345
 8346
 8347
 8348
 8349
 8350
 8351
 8352
 8353
 8354
 8355
 8356
 8357
 8358
 8359
 8360
 8361
 8362
 8363
 8364
 8365
 8366
 8367
 8368
 8369
 8370
 8371
 8372
 8373
 8374
 8375
 8376
 8377
 8378
 8379
 8380
 8381
 8382
 8383
 8384
 8385
 8386
 8387
 8388
 8389
 8390
 8391
 8392
 8393
 8394
 8395
 8396
 8397
 8398
 8399
 8400
 8401
 8402
 8403
 8404
 8405
 8406
 8407
 8408
 8409
 8410
 8411
 8412
 8413
 8414
 8415
 8416
 8417
 8418
 8419
 8420
 8421
 8422
 8423
 8424
 8425
 8426
 8427
 8428
 8429
 8430
 8431
 8432
 8433
 8434
 8435
 8436
 8437
 8438
 8439
 8440
 8441
 8442
 8443
 8444
 8445
 8446
 8447
 8448
 8449
 8450
 8451
 8452
 8453
 8454
 8455
 8456
 8457
 8458
 8459
 8460
 8461
 8462
 8463
 8464
 8465
 8466
 8467
 8468
 8469
 8470
 8471
 8472
 8473
 8474
 8475
 8476
 8477
 8478
 8479
 8480
 8481
 8482
 8483
 8484
 8485
 8486
 8487
 8488
 8489
 8490
 8491
 8492
 8493
 8494
 8495
 8496
 8497
 8498
 8499
 8500
 8501
 8502
 8503
 8504
 8505
 8506
 8507
 8508
 8509
 8510
 8511
 8512
 8513
 8514
 8515
 8516
 8517
 8518
 8519
 8520
 8521
 8522
 8523
 8524
 8525
 8526
 8527
 8528
 8529
 8530
 8531
 8532
 8533
 8534
 8535
 8536
 8537
 8538
 8539
 8540
 8541
 8542
 8543
 8544
 8545
 8546
 8547
 8548
 8549
 8550
 8551
 8552
 8553
 8554
 8555
 8556
 8557
 8558
 8559
 8560
 8561
 8562
 8563
 8564
 8565
 8566
 8567
 8568
 8569
 8570
 8571
 8572
 8573
 8574
 8575
 8576
 8577
 8578
 8579
 8580
 8581
 8582
 8583
 8584
 8585
 8586
 8587
 8588
 8589
 8590
 8591
 8592
 8593
 8594
 8595
 8596
 8597
 8598
 8599
 8600
 8601
 8602
 8603
 8604
 8605
 8606
 8607
 8608
 8609
 8610
 8611
 8612
 8613
 8614
 8615
 8616
 8617
 8618
 8619
 8620
 8621
 8622
 8623
 8624
 8625
 8626
 8627
 8628
 8629
 8630
 8631
 8632
 8633
 8634
 8635
 8636
 8637
 8638
 8639
 8640
 8641
 8642
 8643
 8644
 8645
 8646
 8647
 8648
 8649
 8650
 8651
 8652
 8653
 8654
 8655
 8656
 8657
 8658
 8659
 8660
 8661
 8662
 8663
 8664
 8665
 8666
 8667
 8668
 8669
 8670
 8671
 8672
 8673
 8674
 8675
 8676
 8677
 8678
 8679
 8680
 8681
 8682
 8683
 8684
 8685
 8686
 8687
 8688
 8689
 8690
 8691
 8692
 8693
 8694
 8695
 8696
 8697
 8698
 8699
 8700
 8701
 8702
 8703
 8704
 8705
 8706
 8707
 8708
 8709
 8710
 8711
 8712
 8713
 8714
 8715
 8716
 8717
 8718
 8719
 8720
 8721
 8722
 8723
 8724
 8725
 8726
 8727
 8728
 8729
 8730
 8731
 8732
 8733
 8734
 8735
 8736
 8737
 8738
 8739
 8740
 8741
 8742
 8743
 8744
 8745
 8746
 8747
 8748
 8749
 8750
 8751
 8752
 8753
 8754
 8755
 8756
 8757
 8758
 8759
 8760
 8761
 8762
 8763
 8764
 8765
 8766
 8767
 8768
 8769
 8770
 8771
 8772
 8773
 8774
 8775
 8776
 8777
 8778
 8779
 8780
 8781
 8782
 8783
 8784
 8785
 8786
 8787
 8788
 8789
 8790
 8791
 8792
 8793
 8794
 8795
 8796
 8797
 8798
 8799
 8800
 8801
 8802
 8803
 8804
 8805
 8806
 8807
 8808
 8809
 8810
 8811
 8812
 8813
 8814
 8815
 8816
 8817
 8818
 8819
 8820
 8821
 8822
 8823
 8824
 8825
 8826
 8827
 8828
 8829
 8830
 8831
 8832
 8833
 8834
 8835
 8836
 8837
 8838
 8839
 8840
 8841
 8842
 8843
 8844
 8845
 8846
 8847
 8848
 8849
 8850
 8851
 8852
 8853
 8854
 8855
 8856
 8857
 8858
 8859
 8860
 8861
 8862
 8863
 8864
 8865
 8866
 8867
 8868
 8869
 8870
 8871
 8872
 8873
 8874
 8875
 8876
 8877
 8878
 8879
 8880
 8881
 8882
 8883
 8884
 8885
 8886
 8887
 8888
 8889
 8890
 8891
 8892
 8893
 8894
 8895
 8896
 8897
 8898
 8899
 8900
 8901
 8902
 8903
 8904
 8905
 8906
 8907
 8908
 8909
 8910
 8911
 8912
 8913
 8914
 8915
 8916
 8917
 8918
 8919
 8920
 8921
 8922
 8923
 8924
 8925
 8926
 8927
 8928
 8929
 8930
 8931
 8932
 8933
 8934
 8935
 8936
 8937
 8938
 8939
 8940
 8941
 8942
 8943
 8944
 8945
 8946
 8947
 8948
 8949
 8950
 8951
 8952
 8953
 8954
 8955
 8956
 8957
 8958
 8959
 8960
 8961
 8962
 8963
 8964
 8965
 8966
 8967
 8968
 8969
 8970
 8971
 8972
 8973
 8974
 8975
 8976
 8977
 8978
 8979
 8980
 8981
 8982
 8983
 8984
 8985
 8986
 8987
 8988
 8989
 8990
 8991
 8992
 8993
 8994
 8995
 8996
 8997
 8998
 8999
 9000
 9001
 9002
 9003
 9004
 9005
 9006
 9007
 9008
 9009
 9010
 9011
 9012
 9013
 9014
 9015
 9016
 9017
 9018
 9019
 9020
 9021
 9022
 9023
 9024
 9025
 9026
 9027
 9028
 9029
 9030
 9031
 9032
 9033
 9034
 9035
 9036
 9037
 9038
 9039
 9040
 9041
 9042
 9043
 9044
 9045
 9046
 9047
 9048
 9049
 9050
 9051
 9052
 9053
 9054
 9055
 9056
 9057
 9058
 9059
 9060
 9061
 9062
 9063
 9064
 9065
 9066
 9067
 9068
 9069
 9070
 9071
 9072
 9073
 9074
 9075
 9076
 9077
 9078
 9079
 9080
 9081
 9082
 9083
 9084
 9085
 9086
 9087
 9088
 9089
 9090
 9091
 9092
 9093
 9094
 9095
 9096
 9097
 9098
 9099
 9100
 9101
 9102
 9103
 9104
 9105
 9106
 9107
 9108
 9109
 9110
 9111
 9112
 9113
 9114
 9115
 9116
 9117
 9118
 9119
 9120
 9121
 9122
 9123
 9124
 9125
 9126
 9127
 9128
 9129
 9130
 9131
 9132
 9133
 9134
 9135
 9136
 9137
 9138
 9139
 9140
 9141
 9142
 9143
 9144
 9145
 9146
 9147
 9148
 9149
 9150
 9151
 9152
 9153
 9154
 9155
 9156
 9157
 9158
 9159
 9160
 9161
 9162
 9163
 9164
 9165
 9166
 9167
 9168
 9169
 9170
 9171
 9172
 9173
 9174
 9175
 9176
 9177
 9178
 9179
 9180
 9181
 9182
 9183
 9184
 9185
 9186
 9187
 9188
 9189
 9190
 9191
 9192
 9193
 9194
 9195
 9196
 9197
 9198
 9199
 9200
 9201
 9202
 9203
 9204
 9205
 9206
 9207
 9208
 9209
 9210
 9211
 9212
 9213
 9214
 9215
 9216
 9217
 9218
 9219
 9220
 9221
 9222
 9223
 9224
 9225
 9226
 9227
 9228
 9229
 9230
 9231
 9232
 9233
 9234
 9235
 9236
 9237
 9238
 9239
 9240
 9241
 9242
 9243
 9244
 9245
 9246
 9247
 9248
 9249
 9250
 9251
 9252
 9253
 9254
 9255
 9256
 9257
 9258
 9259
 9260
 9261
 9262
 9263
 9264
 9265
 9266
 9267
 9268
 9269
 9270
 9271
 9272
 9273
 9274
 9275
 9276
 9277
 9278
 9279
 9280
 9281
 9282
 9283
 9284
 9285
 9286
 9287
 9288
 9289
 9290
 9291
 9292
 9293
 9294
 9295
 9296
 9297
 9298
 9299
 9300
 9301
 9302
 9303
 9304
 9305
 9306
 9307
 9308
 9309
 9310
 9311
 9312
 9313
 9314
 9315
 9316
 9317
 9318
 9319
 9320
 9321
 9322
 9323
 9324
 9325
 9326
 9327
 9328
 9329
 9330
 9331
 9332
 9333
 9334
 9335
 9336
 9337
 9338
 9339
 9340
 9341
 9342
 9343
 9344
 9345
 9346
 9347
 9348
 9349
 9350
 9351
 9352
 9353
 9354
 9355
 9356
 9357
 9358
 9359
 9360
 9361
 9362
 9363
 9364
 9365
 9366
 9367
 9368
 9369
 9370
 9371
 9372
 9373
 9374
 9375
 9376
 9377
 9378
 9379
 9380
 9381
 9382
 9383
 9384
 9385
 9386
 9387
 9388
 9389
 9390
 9391
 9392
 9393
 9394
 9395
 9396
 9397
 9398
 9399
 9400
 9401
 9402
 9403
 9404
 9405
 9406
 9407
 9408
 9409
 9410
 9411
 9412
 9413
 9414
 9415
 9416
 9417
 9418
 9419
 9420
 9421
 9422
 9423
 9424
 9425
 9426
 9427
 9428
 9429
 9430
 9431
 9432
 9433
 9434
 9435
 9436
 9437
 9438
 9439
 9440
 9441
 9442
 9443
 9444
 9445
 9446
 9447
 9448
 9449
 9450
 9451
 9452
 9453
 9454
 9455
 9456
 9457
 9458
 9459
 9460
 9461
 9462
 9463
 9464
 9465
 9466
 9467
 9468
 9469
 9470
 9471
 9472
 9473
 9474
 9475
 9476
 9477
 9478
 9479
 9480
 9481
 9482
 9483
 9484
 9485
 9486
 9487
 9488
 9489
 9490
 9491
 9492
 9493
 9494
 9495
 9496
 9497
 9498
 9499
 9500
 9501
 9502
 9503
 9504
 9505
 9506
 9507
 9508
 9509
 9510
 9511
 9512
 9513
 9514
 9515
 9516
 9517
 9518
 9519
 9520
 9521
 9522
 9523
 9524
 9525
 9526
 9527
 9528
 9529
 9530
 9531
 9532
 9533
 9534
 9535
 9536
 9537
 9538
 9539
 9540
 9541
 9542
 9543
 9544
 9545
 9546
 9547
 9548
 9549
 9550
 9551
 9552
 9553
 9554
 9555
 9556
 9557
 9558
 9559
 9560
 9561
 9562
 9563
 9564
 9565
 9566
 9567
 9568
 9569
 9570
 9571
 9572
 9573
 9574
 9575
 9576
 9577
 9578
 9579
 9580
 9581
 9582
 9583
 9584
 9585
 9586
 9587
 9588
 9589
 9590
 9591
 9592
 9593
 9594
 9595
 9596
 9597
 9598
 9599
 9600
 9601
 9602
 9603
 9604
 9605
 9606
 9607
 9608
 9609
 9610
 9611
 9612
 9613
 9614
 9615
 9616
 9617
 9618
 9619
 9620
 9621
 9622
 9623
 9624
 9625
 9626
 9627
 9628
 9629
 9630
 9631
 9632
 9633
 9634
 9635
 9636
 9637
 9638
 9639
 9640
 9641
 9642
 9643
 9644
 9645
 9646
 9647
 9648
 9649
 9650
 9651
 9652
 9653
 9654
 9655
 9656
 9657
 9658
 9659
 9660
 9661
 9662
 9663
 9664
 9665
 9666
 9667
 9668
 9669
 9670
 9671
 9672
 9673
 9674
 9675
 9676
 9677
 9678
 9679
 9680
 9681
 9682
 9683
 9684
 9685
 9686
 9687
 9688
 9689
 9690
 9691
 9692
 9693
 9694
 9695
 9696
 9697
 9698
 9699
 9700
 9701
 9702
 9703
 9704
 9705
 9706
 9707
 9708
 9709
 9710
 9711
 9712
 9713
 9714
 9715
 9716
 9717
 9718
 9719
 9720
 9721
 9722
 9723
 9724
 9725
 9726
 9727
 9728
 9729
 9730
 9731
 9732
 9733
 9734
 9735
 9736
 9737
 9738
 9739
 9740
 9741
 9742
 9743
 9744
 9745
 9746
 9747
 9748
 9749
 9750
 9751
 9752
 9753
 9754
 9755
 9756
 9757
 9758
 9759
 9760
 9761
 9762
 9763
 9764
 9765
 9766
 9767
 9768
 9769
 9770
 9771
 9772
 9773
 9774
 9775
 9776
 9777
 9778
 9779
 9780
 9781
 9782
 9783
 9784
 9785
 9786
 9787
 9788
 9789
 9790
 9791
 9792
 9793
 9794
 9795
 9796
 9797
 9798
 9799
 9800
 9801
 9802
 9803
 9804
 9805
 9806
 9807
 9808
 9809
 9810
 9811
 9812
 9813
 9814
 9815
 9816
 9817
 9818
 9819
 9820
 9821
 9822
 9823
 9824
 9825
 9826
 9827
 9828
 9829
 9830
 9831
 9832
 9833
 9834
 9835
 9836
 9837
 9838
 9839
 9840
 9841
 9842
 9843
 9844
 9845
 9846
 9847
 9848
 9849
 9850
 9851
 9852
 9853
 9854
 9855
 9856
 9857
 9858
 9859
 9860
 9861
 9862
 9863
 9864
 9865
 9866
 9867
 9868
 9869
 9870
 9871
 9872
 9873
 9874
 9875
 9876
 9877
 9878
 9879
 9880
 9881
 9882
 9883
 9884
 9885
 9886
 9887
 9888
 9889
 9890
 9891
 9892
 9893
 9894
 9895
 9896
 9897
 9898
 9899
 9900
 9901
 9902
 9903
 9904
 9905
 9906
 9907
 9908
 9909
 9910
 9911
 9912
 9913
 9914
 9915
 9916
 9917
 9918
 9919
 9920
 9921
 9922
 9923
 9924
 9925
 9926
 9927
 9928
 9929
 9930
 9931
 9932
 9933
 9934
 9935
 9936
 9937
 9938
 9939
 9940
 9941
 9942
 9943
 9944
 9945
 9946
 9947
 9948
 9949
 9950
 9951
 9952
 9953
 9954
 9955
 9956
 9957
 9958
 9959
 9960
 9961
 9962
 9963
 9964
 9965
 9966
 9967
 9968
 9969
 9970
 9971
 9972
 9973
 9974
 9975
 9976
 9977
 9978
 9979
 9980
 9981
 9982
 9983
 9984
 9985
 9986
 9987
 9988
 9989
 9990
 9991
 9992
 9993
 9994
 9995
 9996
 9997
 9998
 9999
10000
10001
10002
10003
10004
10005
10006
10007
10008
10009
10010
10011
10012
10013
10014
10015
10016
10017
10018
10019
10020
10021
10022
10023
10024
10025
10026
10027
10028
10029
10030
10031
10032
10033
10034
10035
10036
10037
10038
10039
10040
10041
10042
10043
10044
10045
10046
10047
10048
10049
10050
10051
10052
10053
10054
10055
10056
10057
10058
10059
10060
10061
10062
10063
10064
10065
10066
10067
10068
10069
10070
10071
10072
10073
10074
10075
10076
10077
10078
10079
10080
10081
10082
10083
10084
10085
10086
10087
10088
10089
10090
10091
10092
10093
10094
10095
10096
10097
10098
10099
10100
10101
10102
10103
10104
10105
10106
10107
10108
10109
10110
10111
10112
10113
10114
10115
10116
10117
10118
10119
10120
10121
10122
10123
10124
10125
10126
10127
10128
10129
10130
10131
10132
10133
10134
10135
10136
10137
10138
10139
10140
10141
10142
10143
10144
10145
10146
10147
10148
10149
10150
10151
10152
10153
10154
10155
10156
10157
10158
10159
10160
10161
10162
10163
10164
10165
10166
10167
10168
10169
10170
10171
10172
10173
10174
10175
10176
10177
10178
10179
10180
10181
10182
10183
10184
10185
10186
10187
10188
10189
10190
10191
10192
10193
10194
10195
10196
10197
10198
10199
10200
10201
10202
10203
10204
10205
10206
10207
10208
10209
10210
10211
10212
10213
10214
10215
10216
10217
10218
10219
10220
10221
10222
10223
10224
10225
10226
10227
10228
10229
10230
10231
10232
10233
10234
10235
10236
10237
10238
10239
10240
10241
10242
10243
10244
10245
10246
10247
10248
10249
10250
10251
10252
10253
10254
10255
10256
10257
10258
10259
10260
10261
10262
10263
10264
10265
10266
10267
10268
10269
10270
10271
10272
10273
10274
10275
10276
10277
10278
10279
10280
10281
10282
10283
10284
10285
10286
10287
10288
10289
10290
10291
10292
10293
10294
10295
10296
10297
10298
10299
10300
10301
10302
10303
10304
10305
10306
10307
10308
10309
10310
10311
10312
10313
10314
10315
10316
10317
10318
10319
10320
10321
10322
10323
10324
10325
10326
10327
10328
10329
10330
10331
10332
10333
10334
10335
10336
10337
10338
10339
10340
10341
10342
10343
10344
10345
10346
10347
10348
10349
10350
10351
10352
10353
10354
10355
10356
10357
10358
10359
10360
10361
10362
10363
10364
10365
10366
10367
10368
10369
10370
10371
10372
10373
10374
10375
10376
10377
10378
10379
10380
10381
10382
10383
10384
10385
10386
10387
10388
10389
10390
10391
10392
10393
10394
10395
10396
10397
10398
10399
10400
10401
10402
10403
10404
10405
10406
10407
10408
10409
10410
10411
10412
10413
10414
10415
10416
10417
10418
10419
10420
10421
10422
10423
10424
10425
10426
10427
10428
10429
10430
10431
10432
10433
10434
10435
10436
10437
10438
10439
10440
10441
10442
10443
10444
10445
10446
10447
10448
10449
10450
10451
10452
10453
10454
10455
10456
10457
10458
10459
10460
10461
10462
10463
10464
10465
10466
10467
10468
10469
10470
10471
10472
10473
10474
10475
10476
10477
10478
10479
10480
10481
10482
10483
10484
10485
10486
10487
10488
10489
10490
10491
10492
10493
10494
10495
10496
10497
10498
10499
10500
10501
10502
10503
10504
10505
10506
10507
10508
10509
10510
10511
10512
10513
10514
10515
10516
10517
10518
10519
10520
10521
10522
10523
10524
10525
10526
10527
10528
10529
10530
10531
10532
10533
10534
10535
10536
10537
10538
10539
10540
10541
10542
10543
10544
10545
10546
10547
10548
10549
10550
10551
10552
10553
10554
10555
10556
10557
10558
10559
10560
10561
10562
10563
10564
10565
10566
10567
10568
10569
10570
10571
10572
10573
10574
10575
10576
10577
10578
10579
10580
10581
10582
10583
10584
10585
10586
10587
10588
10589
10590
10591
10592
10593
10594
10595
10596
10597
10598
10599
10600
10601
10602
10603
10604
10605
10606
10607
10608
10609
10610
10611
10612
10613
10614
10615
10616
10617
10618
10619
10620
10621
10622
10623
10624
10625
10626
10627
10628
10629
10630
10631
10632
10633
10634
10635
10636
10637
10638
10639
10640
10641
10642
10643
10644
10645
10646
10647
10648
10649
10650
10651
10652
10653
10654
10655
10656
10657
10658
10659
10660
10661
10662
10663
10664
10665
10666
10667
10668
10669
10670
10671
10672
10673
10674
10675
10676
10677
10678
10679
10680
10681
10682
10683
10684
10685
10686
10687
10688
10689
10690
10691
10692
10693
10694
10695
10696
10697
10698
10699
10700
10701
10702
10703
10704
10705
10706
10707
10708
10709
10710
10711
10712
10713
10714
10715
10716
10717
10718
10719
10720
10721
10722
10723
10724
10725
10726
10727
10728
10729
10730
10731
10732
10733
10734
10735
10736
10737
10738
10739
10740
10741
10742
10743
10744
10745
10746
10747
10748
10749
10750
10751
10752
10753
10754
10755
10756
10757
10758
10759
10760
10761
10762
10763
10764
10765
10766
10767
10768
10769
10770
10771
10772
10773
10774
10775
10776
10777
10778
10779
10780
10781
10782
10783
10784
10785
10786
10787
10788
10789
10790
10791
10792
10793
10794
10795
10796
10797
10798
10799
10800
10801
10802
10803
10804
10805
10806
10807
10808
10809
10810
10811
10812
10813
10814
10815
10816
10817
10818
10819
10820
10821
10822
10823
10824
10825
10826
10827
10828
10829
10830
10831
10832
10833
10834
10835
10836
10837
10838
10839
10840
10841
10842
10843
10844
10845
10846
10847
10848
10849
10850
10851
10852
10853
10854
10855
10856
10857
10858
10859
10860
10861
10862
10863
10864
10865
10866
10867
10868
10869
10870
10871
10872
10873
10874
10875
10876
10877
10878
10879
10880
10881
10882
10883
10884
10885
10886
10887
10888
10889
10890
10891
10892
10893
10894
10895
10896
10897
10898
10899
10900
10901
10902
10903
10904
10905
10906
10907
10908
10909
10910
10911
10912
10913
10914
10915
10916
10917
10918
10919
10920
10921
10922
10923
10924
10925
10926
10927
10928
10929
10930
10931
10932
10933
10934
10935
10936
10937
10938
10939
10940
10941
10942
10943
10944
10945
10946
10947
10948
10949
10950
10951
10952
10953
10954
10955
10956
10957
10958
10959
10960
10961
10962
10963
10964
10965
10966
10967
10968
10969
10970
10971
10972
10973
10974
10975
10976
10977
10978
10979
10980
10981
10982
10983
10984
10985
10986
10987
10988
10989
10990
10991
10992
10993
10994
10995
10996
10997
10998
10999
11000
11001
11002
11003
11004
11005
11006
11007
11008
11009
11010
11011
11012
11013
11014
11015
11016
11017
11018
11019
11020
11021
11022
11023
11024
11025
11026
11027
11028
11029
11030
11031
11032
11033
11034
11035
11036
11037
11038
11039
11040
11041
11042
11043
11044
11045
11046
11047
11048
11049
11050
11051
11052
11053
11054
11055
11056
11057
11058
11059
11060
11061
11062
11063
11064
11065
11066
11067
11068
11069
11070
11071
11072
11073
11074
11075
11076
11077
11078
11079
11080
11081
11082
11083
11084
11085
11086
11087
11088
11089
11090
11091
11092
11093
11094
11095
11096
11097
11098
11099
11100
11101
11102
11103
11104
11105
11106
11107
11108
11109
11110
11111
11112
11113
11114
11115
11116
11117
11118
11119
11120
11121
11122
11123
11124
11125
11126
11127
11128
11129
11130
11131
11132
11133
11134
11135
11136
11137
11138
11139
11140
11141
11142
11143
11144
11145
11146
11147
11148
11149
11150
11151
11152
11153
11154
11155
11156
11157
11158
11159
11160
11161
11162
11163
11164
11165
11166
11167
11168
11169
11170
11171
11172
11173
11174
11175
11176
11177
11178
11179
11180
11181
11182
11183
11184
11185
11186
11187
11188
11189
11190
11191
11192
11193
11194
11195
11196
11197
11198
11199
11200
11201
11202
11203
11204
11205
11206
11207
11208
11209
11210
11211
11212
11213
11214
11215
11216
11217
11218
11219
11220
11221
11222
11223
11224
11225
11226
11227
11228
11229
11230
11231
11232
11233
11234
11235
11236
11237
11238
11239
11240
11241
11242
11243
11244
11245
11246
11247
11248
11249
11250
11251
11252
11253
11254
11255
11256
11257
11258
11259
11260
11261
11262
11263
11264
11265
11266
11267
11268
11269
11270
11271
11272
11273
11274
11275
11276
11277
11278
11279
11280
11281
11282
11283
11284
11285
11286
11287
11288
11289
11290
11291
11292
11293
11294
11295
11296
11297
11298
11299
11300
11301
11302
11303
11304
11305
11306
11307
11308
11309
11310
11311
11312
11313
11314
11315
11316
11317
11318
11319
11320
11321
11322
11323
11324
11325
11326
11327
11328
11329
11330
11331
11332
11333
11334
11335
11336
11337
11338
11339
11340
11341
11342
11343
11344
11345
11346
11347
11348
11349
11350
11351
11352
11353
11354
11355
11356
11357
11358
11359
11360
11361
11362
11363
11364
11365
11366
11367
11368
11369
11370
11371
11372
11373
11374
11375
11376
11377
11378
11379
11380
11381
11382
11383
11384
11385
11386
11387
11388
11389
11390
11391
11392
11393
11394
11395
11396
11397
11398
11399
11400
11401
11402
11403
11404
11405
11406
11407
11408
11409
11410
11411
11412
11413
11414
11415
11416
11417
11418
11419
11420
11421
11422
11423
11424
11425
11426
11427
11428
11429
11430
11431
11432
11433
11434
11435
11436
11437
11438
11439
11440
11441
11442
11443
11444
11445
11446
11447
11448
11449
11450
11451
11452
11453
11454
11455
11456
11457
11458
11459
11460
11461
11462
11463
11464
11465
11466
11467
11468
11469
11470
11471
11472
11473
11474
11475
11476
11477
11478
11479
11480
11481
11482
11483
11484
11485
11486
11487
11488
11489
11490
11491
11492
11493
11494
11495
11496
11497
11498
11499
11500
11501
11502
11503
11504
11505
11506
11507
11508
11509
11510
11511
11512
11513
11514
11515
11516
11517
11518
11519
11520
11521
11522
11523
11524
11525
11526
11527
11528
11529
11530
11531
11532
11533
11534
11535
11536
11537
11538
11539
11540
11541
11542
11543
11544
11545
11546
11547
11548
11549
11550
11551
11552
11553
11554
11555
11556
11557
11558
11559
11560
11561
11562
11563
11564
11565
11566
11567
11568
11569
11570
11571
11572
11573
11574
11575
11576
11577
11578
11579
11580
11581
11582
11583
11584
11585
11586
11587
11588
11589
11590
11591
11592
11593
11594
11595
11596
11597
11598
11599
11600
11601
11602
11603
11604
11605
11606
11607
11608
11609
11610
11611
11612
11613
11614
11615
11616
11617
11618
11619
11620
11621
11622
11623
11624
11625
11626
11627
11628
11629
11630
11631
11632
11633
11634
11635
11636
11637
11638
11639
11640
11641
11642
11643
11644
11645
11646
11647
11648
11649
11650
11651
11652
11653
11654
11655
11656
11657
11658
11659
11660
11661
11662
11663
11664
11665
11666
11667
11668
11669
11670
11671
11672
11673
11674
11675
11676
11677
11678
11679
11680
11681
11682
11683
11684
11685
11686
11687
11688
11689
11690
11691
11692
11693
11694
11695
11696
11697
11698
11699
11700
11701
11702
11703
11704
11705
11706
11707
11708
11709
11710
11711
11712
11713
11714
11715
11716
11717
11718
11719
11720
11721
11722
11723
11724
11725
11726
11727
11728
11729
11730
11731
11732
11733
11734
11735
11736
11737
11738
11739
11740
11741
11742
11743
11744
11745
11746
11747
11748
11749
11750
11751
11752
11753
11754
11755
11756
11757
11758
11759
11760
11761
11762
11763
11764
11765
11766
11767
11768
11769
11770
11771
11772
11773
11774
11775
11776
11777
11778
11779
11780
11781
11782
11783
11784
11785
11786
11787
11788
11789
11790
11791
11792
11793
11794
11795
11796
11797
11798
11799
11800
11801
11802
11803
11804
11805
11806
11807
11808
11809
11810
11811
11812
11813
11814
11815
11816
11817
11818
11819
11820
11821
11822
11823
11824
11825
11826
11827
11828
11829
11830
11831
11832
11833
11834
11835
11836
11837
11838
11839
11840
11841
11842
11843
11844
11845
11846
11847
11848
11849
11850
11851
11852
11853
11854
11855
11856
11857
11858
11859
11860
11861
11862
11863
11864
11865
11866
11867
11868
11869
11870
11871
11872
11873
11874
11875
11876
11877
11878
11879
11880
11881
11882
11883
11884
11885
11886
11887
11888
11889
11890
11891
11892
11893
11894
11895
11896
11897
11898
11899
11900
11901
11902
11903
11904
11905
11906
11907
11908
11909
11910
11911
11912
11913
11914
11915
11916
11917
11918
11919
11920
11921
11922
11923
11924
11925
11926
11927
11928
11929
11930
11931
11932
11933
11934
11935
11936
11937
11938
11939
11940
11941
11942
11943
11944
11945
11946
11947
11948
11949
11950
11951
11952
11953
11954
11955
11956
11957
11958
11959
11960
11961
11962
11963
11964
11965
11966
11967
11968
11969
11970
11971
11972
11973
11974
11975
11976
11977
11978
11979
11980
11981
11982
11983
11984
11985
11986
11987
11988
11989
11990
11991
11992
11993
11994
11995
11996
11997
11998
11999
12000
12001
12002
12003
12004
12005
12006
12007
12008
12009
12010
12011
12012
12013
12014
12015
12016
12017
12018
12019
12020
12021
12022
12023
12024
12025
12026
12027
12028
12029
12030
12031
12032
12033
12034
12035
12036
12037
12038
12039
12040
12041
12042
12043
12044
12045
12046
12047
12048
12049
12050
12051
12052
12053
12054
12055
12056
12057
12058
12059
12060
12061
12062
12063
12064
12065
12066
12067
12068
12069
12070
12071
12072
12073
12074
12075
12076
12077
12078
12079
12080
12081
12082
12083
12084
12085
12086
12087
12088
12089
12090
12091
12092
12093
12094
12095
12096
12097
12098
12099
12100
12101
12102
12103
12104
12105
12106
12107
12108
12109
12110
12111
12112
12113
12114
12115
12116
12117
12118
12119
12120
12121
12122
12123
12124
12125
12126
12127
12128
12129
12130
12131
12132
12133
12134
12135
12136
12137
12138
12139
12140
12141
12142
12143
12144
12145
12146
12147
12148
12149
12150
12151
12152
12153
12154
12155
12156
12157
12158
12159
12160
12161
12162
12163
12164
12165
12166
12167
12168
12169
12170
12171
12172
12173
12174
12175
12176
12177
12178
12179
12180
12181
12182
12183
12184
12185
12186
12187
12188
12189
12190
12191
12192
12193
12194
12195
12196
12197
12198
12199
12200
12201
12202
12203
12204
12205
12206
12207
12208
12209
12210
12211
12212
12213
12214
12215
12216
12217
12218
12219
12220
12221
12222
12223
12224
12225
12226
12227
12228
12229
12230
12231
12232
12233
12234
12235
12236
12237
12238
12239
12240
12241
12242
12243
12244
12245
12246
12247
12248
12249
12250
12251
12252
12253
12254
12255
12256
12257
12258
12259
12260
12261
12262
12263
12264
12265
12266
12267
12268
12269
12270
12271
12272
12273
12274
12275
12276
12277
12278
12279
12280
12281
12282
12283
12284
12285
12286
12287
12288
12289
12290
12291
12292
12293
12294
12295
12296
12297
12298
12299
12300
12301
12302
12303
12304
12305
12306
12307
12308
12309
12310
12311
12312
12313
12314
12315
12316
12317
12318
12319
12320
12321
12322
12323
12324
12325
12326
12327
12328
12329
12330
12331
12332
12333
12334
12335
12336
12337
12338
12339
12340
12341
12342
12343
12344
12345
12346
12347
12348
12349
12350
12351
12352
12353
12354
12355
12356
12357
12358
12359
12360
12361
12362
12363
12364
12365
12366
12367
12368
12369
12370
12371
12372
12373
12374
12375
12376
12377
12378
12379
12380
12381
12382
12383
12384
12385
12386
12387
12388
12389
12390
12391
12392
12393
12394
12395
12396
12397
12398
12399
12400
12401
12402
12403
12404
12405
12406
12407
12408
12409
12410
12411
12412
12413
12414
12415
12416
12417
12418
12419
12420
12421
12422
12423
12424
12425
12426
12427
12428
12429
12430
12431
12432
12433
12434
12435
12436
12437
12438
12439
12440
12441
12442
12443
12444
12445
12446
12447
12448
12449
12450
12451
12452
12453
12454
12455
12456
12457
12458
12459
12460
12461
12462
12463
12464
12465
12466
12467
12468
12469
12470
12471
12472
12473
12474
12475
12476
12477
12478
12479
12480
12481
12482
12483
12484
12485
12486
12487
12488
12489
12490
12491
12492
12493
12494
12495
12496
12497
12498
12499
12500
12501
12502
12503
12504
12505
12506
12507
12508
12509
12510
12511
12512
12513
12514
12515
12516
12517
12518
12519
12520
12521
12522
12523
12524
12525
12526
12527
12528
12529
12530
12531
12532
12533
12534
12535
12536
12537
12538
12539
12540
12541
12542
12543
12544
12545
12546
12547
12548
12549
12550
12551
12552
12553
12554
12555
12556
12557
12558
12559
12560
12561
12562
12563
12564
12565
12566
12567
12568
12569
12570
12571
12572
12573
12574
12575
12576
12577
12578
12579
12580
12581
12582
12583
12584
12585
12586
12587
12588
12589
12590
12591
12592
12593
12594
12595
12596
12597
12598
12599
12600
12601
12602
12603
12604
12605
12606
12607
12608
12609
12610
12611
12612
12613
12614
12615
12616
12617
12618
12619
12620
12621
12622
12623
12624
12625
12626
12627
12628
12629
12630
12631
12632
12633
12634
12635
12636
12637
12638
12639
12640
12641
12642
12643
12644
12645
12646
12647
12648
12649
12650
12651
12652
12653
12654
12655
12656
12657
12658
12659
12660
12661
12662
12663
12664
12665
12666
12667
12668
12669
12670
12671
12672
12673
12674
12675
12676
12677
12678
12679
12680
12681
12682
12683
12684
12685
12686
12687
12688
12689
12690
12691
12692
12693
12694
12695
12696
12697
12698
12699
12700
12701
12702
12703
12704
12705
12706
12707
12708
12709
12710
12711
12712
12713
12714
12715
12716
12717
12718
12719
12720
12721
12722
12723
12724
12725
12726
12727
12728
12729
12730
12731
12732
12733
12734
12735
12736
12737
12738
12739
12740
12741
12742
12743
12744
12745
12746
12747
12748
12749
12750
12751
12752
12753
12754
12755
12756
12757
12758
12759
12760
12761
12762
12763
12764
12765
12766
12767
12768
12769
12770
12771
12772
12773
12774
12775
12776
12777
12778
12779
12780
12781
12782
12783
12784
12785
12786
12787
12788
12789
12790
12791
12792
12793
12794
12795
12796
12797
12798
12799
12800
12801
12802
12803
12804
12805
12806
12807
12808
12809
12810
12811
12812
12813
12814
12815
12816
12817
12818
12819
12820
12821
12822
12823
12824
12825
12826
12827
12828
12829
12830
12831
12832
12833
12834
12835
12836
12837
12838
12839
12840
12841
12842
12843
12844
12845
12846
12847
12848
12849
12850
12851
12852
12853
12854
12855
12856
12857
12858
12859
12860
12861
12862
12863
12864
12865
12866
12867
12868
12869
12870
12871
12872
12873
12874
12875
12876
12877
12878
12879
12880
12881
12882
12883
12884
12885
12886
12887
12888
12889
12890
12891
12892
12893
12894
12895
12896
12897
12898
12899
12900
12901
12902
12903
12904
12905
12906
12907
12908
12909
12910
12911
12912
12913
12914
12915
12916
12917
12918
12919
12920
12921
12922
12923
12924
12925
12926
12927
12928
12929
12930
12931
12932
12933
12934
12935
12936
12937
12938
12939
12940
12941
12942
12943
12944
12945
12946
12947
12948
12949
12950
12951
12952
12953
12954
12955
12956
12957
12958
12959
12960
12961
12962
12963
12964
12965
12966
12967
12968
12969
12970
12971
12972
12973
12974
12975
12976
12977
12978
12979
12980
12981
12982
12983
12984
12985
12986
12987
12988
12989
12990
12991
12992
12993
12994
12995
12996
12997
12998
12999
13000
13001
13002
13003
13004
13005
13006
13007
13008
13009
13010
13011
13012
13013
13014
13015
13016
13017
13018
13019
13020
13021
13022
13023
13024
13025
13026
13027
13028
13029
13030
13031
13032
13033
13034
13035
13036
13037
13038
13039
13040
13041
13042
13043
13044
13045
13046
13047
13048
13049
13050
13051
13052
13053
13054
13055
13056
13057
13058
13059
13060
13061
13062
13063
13064
13065
13066
13067
13068
13069
13070
13071
13072
13073
13074
13075
13076
13077
13078
13079
13080
13081
13082
13083
13084
13085
13086
13087
13088
13089
13090
13091
13092
13093
13094
13095
13096
13097
13098
13099
13100
13101
13102
13103
13104
13105
13106
13107
13108
13109
13110
13111
13112
13113
13114
13115
13116
13117
13118
13119
13120
13121
13122
13123
13124
13125
13126
13127
13128
13129
13130
13131
13132
13133
13134
13135
13136
13137
13138
13139
13140
13141
13142
13143
13144
13145
13146
13147
13148
13149
13150
13151
13152
13153
13154
13155
13156
13157
13158
13159
13160
13161
13162
13163
13164
13165
13166
13167
13168
13169
13170
13171
13172
13173
13174
13175
13176
13177
13178
13179
13180
13181
13182
13183
13184
13185
13186
13187
13188
13189
13190
13191
13192
13193
13194
13195
13196
13197
13198
13199
13200
13201
13202
13203
13204
13205
13206
13207
13208
13209
13210
13211
13212
13213
13214
13215
13216
13217
13218
13219
13220
13221
13222
13223
13224
13225
13226
13227
13228
13229
13230
13231
13232
13233
13234
13235
13236
13237
13238
13239
13240
13241
13242
13243
13244
13245
13246
13247
13248
13249
13250
13251
13252
13253
13254
13255
13256
13257
13258
13259
13260
13261
13262
13263
13264
13265
13266
13267
13268
13269
13270
13271
13272
13273
13274
13275
13276
13277
13278
13279
13280
13281
13282
13283
13284
13285
13286
13287
13288
13289
13290
13291
13292
13293
13294
13295
13296
13297
13298
13299
13300
13301
13302
13303
13304
13305
13306
13307
13308
13309
13310
13311
13312
13313
13314
13315
13316
13317
13318
13319
13320
13321
13322
13323
13324
13325
13326
13327
13328
13329
13330
13331
13332
13333
13334
13335
13336
13337
13338
13339
13340
13341
13342
13343
13344
13345
13346
13347
13348
13349
13350
13351
13352
13353
13354
13355
13356
13357
13358
13359
13360
13361
13362
13363
13364
13365
13366
13367
13368
13369
13370
13371
13372
13373
13374
13375
13376
13377
13378
13379
13380
13381
13382
13383
13384
13385
13386
13387
13388
13389
13390
13391
13392
13393
13394
13395
13396
13397
13398
13399
13400
13401
13402
13403
13404
13405
13406
13407
13408
13409
13410
13411
13412
13413
13414
13415
13416
13417
13418
13419
13420
13421
13422
13423
13424
13425
13426
13427
13428
13429
13430
13431
13432
13433
13434
13435
13436
13437
13438
13439
13440
13441
13442
13443
13444
13445
13446
13447
13448
13449
13450
13451
13452
13453
13454
13455
13456
13457
13458
13459
13460
13461
13462
13463
13464
13465
13466
13467
13468
13469
13470
13471
13472
13473
13474
13475
13476
13477
13478
13479
13480
13481
13482
13483
13484
13485
13486
13487
13488
13489
13490
13491
13492
13493
13494
13495
13496
13497
13498
13499
13500
13501
13502
13503
13504
13505
13506
13507
13508
13509
13510
13511
13512
13513
13514
13515
13516
13517
13518
13519
13520
13521
13522
13523
13524
13525
13526
13527
13528
13529
13530
13531
13532
13533
13534
13535
13536
13537
13538
13539
13540
13541
13542
13543
13544
13545
13546
13547
13548
13549
13550
13551
13552
13553
13554
13555
13556
13557
13558
13559
13560
13561
13562
13563
13564
13565
13566
13567
13568
13569
13570
13571
13572
13573
13574
13575
13576
13577
13578
13579
13580
13581
13582
13583
13584
13585
13586
13587
13588
13589
13590
13591
13592
13593
13594
13595
13596
13597
13598
13599
13600
13601
13602
13603
13604
13605
13606
13607
13608
13609
13610
13611
13612
13613
13614
13615
13616
13617
13618
13619
13620
13621
13622
13623
13624
13625
13626
13627
13628
13629
13630
13631
13632
13633
13634
13635
13636
13637
13638
13639
13640
13641
13642
13643
13644
13645
13646
13647
13648
13649
13650
13651
13652
13653
13654
13655
13656
13657
13658
13659
13660
13661
13662
13663
13664
13665
13666
13667
13668
13669
13670
13671
13672
13673
13674
13675
13676
13677
13678
13679
13680
13681
13682
13683
13684
13685
13686
13687
13688
13689
13690
13691
13692
13693
13694
13695
13696
13697
13698
13699
13700
13701
13702
13703
13704
13705
13706
13707
13708
13709
13710
13711
13712
13713
13714
13715
13716
13717
13718
13719
13720
13721
13722
13723
13724
13725
13726
13727
13728
13729
13730
13731
13732
13733
13734
13735
13736
13737
13738
13739
13740
13741
13742
13743
13744
13745
13746
13747
13748
13749
13750
13751
13752
13753
13754
13755
13756
13757
13758
13759
13760
13761
13762
13763
13764
13765
13766
13767
13768
13769
13770
13771
13772
13773
13774
13775
13776
13777
13778
13779
13780
13781
13782
13783
13784
13785
13786
13787
13788
13789
13790
13791
13792
13793
13794
13795
13796
13797
13798
13799
13800
13801
13802
13803
13804
13805
13806
13807
13808
13809
13810
13811
13812
13813
13814
13815
13816
13817
13818
13819
13820
13821
13822
13823
13824
13825
13826
13827
13828
13829
13830
13831
13832
13833
13834
13835
13836
13837
13838
13839
13840
13841
13842
13843
13844
13845
13846
13847
13848
13849
13850
13851
13852
13853
13854
13855
13856
13857
13858
13859
13860
13861
13862
13863
13864
13865
13866
13867
13868
13869
13870
13871
13872
13873
13874
13875
13876
13877
13878
13879
13880
13881
13882
13883
13884
13885
13886
13887
13888
13889
13890
13891
13892
13893
13894
13895
13896
13897
13898
13899
13900
13901
13902
13903
13904
13905
13906
13907
13908
13909
13910
13911
13912
13913
13914
13915
13916
13917
13918
13919
13920
13921
13922
13923
13924
13925
13926
13927
13928
13929
13930
13931
13932
13933
13934
13935
13936
13937
13938
13939
13940
13941
13942
13943
13944
13945
13946
13947
13948
13949
13950
13951
13952
13953
13954
13955
13956
13957
13958
13959
13960
13961
13962
13963
13964
13965
13966
13967
13968
13969
13970
13971
13972
13973
13974
13975
13976
13977
13978
13979
13980
13981
13982
13983
13984
13985
13986
13987
13988
13989
13990
13991
13992
13993
13994
13995
13996
13997
13998
13999
14000
14001
14002
14003
14004
14005
14006
14007
14008
14009
14010
14011
14012
14013
14014
14015
14016
14017
14018
14019
14020
14021
14022
14023
14024
14025
14026
14027
14028
14029
14030
14031
14032
14033
14034
14035
14036
14037
14038
14039
14040
14041
14042
14043
14044
14045
14046
14047
14048
14049
14050
14051
14052
14053
14054
14055
14056
14057
14058
14059
14060
14061
14062
14063
14064
14065
14066
14067
14068
14069
14070
14071
14072
14073
14074
14075
14076
14077
14078
14079
14080
14081
14082
14083
14084
14085
14086
14087
14088
14089
14090
14091
14092
14093
14094
14095
14096
14097
14098
14099
14100
14101
14102
14103
14104
14105
14106
14107
14108
14109
14110
14111
14112
14113
14114
14115
14116
14117
14118
14119
14120
14121
14122
14123
14124
14125
14126
14127
14128
14129
14130
14131
14132
14133
14134
14135
14136
14137
14138
14139
14140
14141
14142
14143
14144
14145
14146
14147
14148
14149
14150
14151
14152
14153
14154
14155
14156
14157
14158
14159
14160
14161
14162
14163
14164
14165
14166
14167
14168
14169
14170
14171
14172
14173
14174
14175
14176
14177
14178
14179
14180
14181
14182
14183
14184
14185
14186
14187
14188
14189
14190
14191
14192
14193
14194
14195
14196
14197
14198
14199
14200
14201
14202
14203
14204
14205
14206
14207
14208
14209
14210
14211
14212
14213
14214
14215
14216
14217
14218
14219
14220
14221
14222
14223
14224
14225
14226
14227
14228
14229
14230
14231
14232
14233
14234
14235
14236
14237
14238
14239
14240
14241
14242
14243
14244
14245
14246
14247
14248
14249
14250
14251
14252
14253
14254
14255
14256
14257
14258
14259
14260
14261
14262
14263
14264
14265
14266
14267
14268
14269
14270
14271
14272
14273
14274
14275
14276
14277
14278
14279
14280
14281
14282
14283
14284
14285
14286
14287
14288
14289
14290
14291
14292
14293
14294
14295
14296
14297
14298
14299
14300
14301
14302
14303
14304
14305
14306
14307
14308
14309
14310
14311
14312
14313
14314
14315
14316
14317
14318
14319
14320
14321
14322
14323
14324
14325
14326
14327
14328
14329
14330
14331
14332
14333
14334
14335
14336
14337
14338
14339
14340
14341
14342
14343
14344
14345
14346
14347
14348
14349
14350
14351
14352
14353
14354
14355
14356
14357
14358
14359
14360
14361
14362
14363
14364
14365
14366
14367
14368
14369
14370
14371
14372
14373
14374
14375
14376
14377
14378
14379
14380
14381
14382
14383
14384
14385
14386
14387
14388
14389
14390
14391
14392
14393
14394
14395
14396
14397
14398
14399
14400
14401
14402
14403
14404
14405
14406
14407
14408
14409
14410
14411
14412
14413
14414
14415
14416
14417
14418
14419
14420
14421
14422
14423
14424
14425
14426
14427
14428
14429
14430
14431
14432
14433
14434
14435
14436
14437
14438
14439
14440
14441
14442
14443
14444
14445
14446
14447
14448
14449
14450
14451
14452
14453
14454
14455
14456
14457
14458
14459
14460
14461
14462
14463
14464
14465
14466
14467
14468
14469
14470
14471
14472
14473
14474
14475
14476
14477
14478
14479
14480
14481
14482
14483
14484
14485
14486
14487
14488
14489
14490
14491
14492
14493
14494
14495
14496
14497
14498
14499
14500
14501
14502
14503
14504
14505
14506
14507
14508
14509
14510
14511
14512
14513
14514
14515
14516
14517
14518
14519
14520
14521
14522
14523
14524
14525
14526
14527
14528
14529
14530
14531
14532
14533
14534
14535
14536
14537
14538
14539
14540
14541
14542
14543
14544
14545
14546
14547
14548
14549
14550
14551
14552
14553
14554
14555
14556
14557
14558
14559
14560
14561
14562
14563
14564
14565
14566
14567
14568
14569
14570
14571
14572
14573
14574
14575
14576
14577
14578
14579
14580
14581
14582
14583
14584
14585
14586
14587
14588
14589
14590
14591
14592
14593
14594
14595
14596
14597
14598
14599
14600
14601
14602
14603
14604
14605
14606
14607
14608
14609
14610
14611
14612
14613
14614
14615
14616
14617
14618
14619
14620
14621
14622
14623
14624
14625
14626
14627
14628
14629
14630
14631
14632
14633
14634
14635
14636
14637
14638
14639
14640
14641
14642
14643
14644
14645
14646
14647
14648
14649
14650
14651
14652
14653
14654
14655
14656
14657
14658
14659
14660
14661
14662
14663
14664
14665
14666
14667
14668
14669
14670
14671
14672
14673
14674
14675
14676
14677
14678
14679
14680
14681
14682
14683
14684
14685
14686
14687
14688
14689
14690
14691
14692
14693
14694
14695
14696
14697
14698
14699
14700
14701
14702
14703
14704
14705
14706
14707
14708
14709
14710
14711
14712
14713
14714
14715
14716
14717
14718
14719
14720
14721
14722
14723
14724
14725
14726
14727
14728
14729
14730
14731
14732
14733
14734
14735
14736
14737
14738
14739
14740
14741
14742
14743
14744
14745
14746
14747
14748
14749
14750
14751
14752
14753
14754
14755
14756
14757
14758
14759
14760
14761
14762
14763
14764
14765
14766
14767
14768
14769
14770
14771
14772
14773
14774
14775
14776
14777
14778
14779
14780
14781
14782
14783
14784
14785
14786
14787
14788
14789
14790
14791
14792
14793
14794
14795
14796
14797
14798
14799
14800
14801
14802
14803
14804
14805
14806
14807
14808
14809
14810
14811
14812
14813
14814
14815
14816
14817
14818
14819
14820
14821
14822
14823
14824
14825
14826
14827
14828
14829
14830
14831
14832
14833
14834
14835
14836
14837
14838
14839
14840
14841
14842
14843
14844
14845
14846
14847
14848
14849
14850
14851
14852
14853
14854
14855
14856
14857
14858
14859
14860
14861
14862
14863
14864
14865
14866
14867
14868
14869
14870
14871
14872
14873
14874
14875
14876
14877
14878
14879
14880
14881
14882
14883
14884
14885
14886
14887
14888
14889
14890
14891
14892
14893
14894
14895
14896
14897
14898
14899
14900
14901
14902
14903
14904
14905
14906
14907
14908
14909
14910
14911
14912
14913
14914
14915
14916
14917
14918
14919
14920
14921
14922
14923
14924
14925
14926
14927
14928
14929
14930
14931
14932
14933
14934
14935
14936
14937
14938
14939
14940
14941
14942
14943
14944
14945
14946
14947
14948
14949
14950
14951
14952
14953
14954
14955
14956
14957
14958
14959
14960
14961
14962
14963
14964
14965
14966
14967
14968
14969
14970
14971
14972
14973
14974
14975
14976
14977
14978
14979
14980
14981
14982
14983
14984
14985
14986
14987
14988
14989
14990
14991
14992
14993
14994
14995
14996
14997
14998
14999
15000
15001
15002
15003
15004
15005
15006
15007
15008
15009
15010
15011
15012
15013
15014
15015
15016
15017
15018
15019
15020
15021
15022
15023
15024
15025
15026
15027
15028
15029
15030
15031
15032
15033
15034
15035
15036
15037
15038
15039
15040
15041
15042
15043
15044
15045
15046
15047
15048
15049
15050
15051
15052
15053
15054
15055
15056
15057
15058
15059
15060
15061
15062
15063
15064
15065
15066
15067
15068
15069
15070
15071
15072
15073
15074
15075
15076
15077
15078
15079
15080
15081
15082
15083
15084
15085
15086
15087
15088
15089
15090
15091
15092
15093
15094
15095
15096
15097
15098
15099
15100
15101
15102
15103
15104
15105
15106
15107
15108
15109
15110
15111
15112
15113
15114
15115
15116
15117
15118
15119
15120
15121
15122
15123
15124
15125
15126
15127
15128
15129
15130
15131
15132
15133
15134
15135
15136
15137
15138
15139
15140
15141
15142
15143
15144
15145
15146
15147
15148
15149
15150
15151
15152
15153
15154
15155
15156
15157
15158
15159
15160
15161
15162
15163
15164
15165
15166
15167
15168
15169
15170
15171
15172
15173
15174
15175
15176
15177
15178
15179
15180
15181
15182
15183
15184
15185
15186
15187
15188
15189
15190
15191
15192
15193
15194
15195
15196
15197
15198
15199
15200
15201
15202
15203
15204
15205
15206
15207
15208
15209
15210
15211
15212
15213
15214
15215
15216
15217
15218
15219
15220
15221
15222
15223
15224
15225
15226
15227
15228
15229
15230
15231
15232
15233
15234
15235
15236
15237
15238
15239
15240
15241
15242
15243
15244
15245
15246
15247
15248
15249
15250
15251
15252
15253
15254
15255
15256
15257
15258
15259
15260
15261
15262
15263
15264
15265
15266
15267
15268
15269
15270
15271
15272
15273
15274
15275
15276
15277
15278
15279
15280
15281
15282
15283
15284
15285
15286
15287
15288
15289
15290
15291
15292
15293
15294
15295
15296
15297
15298
15299
15300
15301
15302
15303
15304
15305
15306
15307
15308
15309
15310
15311
15312
15313
15314
15315
15316
15317
15318
15319
15320
15321
15322
15323
15324
15325
15326
15327
15328
15329
15330
15331
15332
15333
15334
15335
15336
15337
15338
15339
15340
15341
15342
15343
15344
15345
15346
15347
15348
15349
15350
15351
15352
15353
15354
15355
15356
15357
15358
15359
15360
15361
15362
15363
15364
15365
15366
15367
15368
15369
15370
15371
15372
15373
15374
15375
15376
15377
15378
15379
15380
15381
15382
15383
15384
15385
15386
15387
15388
15389
15390
15391
15392
15393
15394
15395
15396
15397
15398
15399
15400
15401
15402
15403
15404
15405
15406
15407
15408
15409
15410
15411
15412
15413
15414
15415
15416
15417
15418
15419
15420
15421
15422
15423
15424
15425
15426
15427
15428
15429
15430
15431
15432
15433
15434
15435
15436
15437
15438
15439
15440
15441
15442
15443
15444
15445
15446
15447
15448
15449
15450
15451
15452
15453
15454
15455
15456
15457
15458
15459
15460
15461
15462
15463
15464
15465
15466
15467
15468
15469
15470
15471
15472
15473
15474
15475
15476
15477
15478
15479
15480
15481
15482
15483
15484
15485
15486
15487
15488
15489
15490
15491
15492
15493
15494
15495
15496
15497
15498
15499
15500
15501
15502
15503
15504
15505
15506
15507
15508
15509
15510
15511
15512
15513
15514
15515
15516
15517
15518
15519
15520
15521
15522
15523
15524
15525
15526
15527
15528
15529
15530
15531
15532
15533
15534
15535
15536
15537
15538
15539
15540
15541
15542
15543
15544
15545
15546
15547
15548
15549
15550
15551
15552
15553
15554
15555
15556
15557
15558
15559
15560
15561
15562
15563
15564
15565
15566
15567
15568
15569
15570
15571
15572
15573
15574
15575
15576
15577
15578
15579
15580
15581
15582
15583
15584
15585
15586
15587
15588
15589
15590
15591
15592
15593
15594
15595
15596
15597
15598
15599
15600
15601
15602
15603
15604
15605
15606
15607
15608
15609
15610
15611
15612
15613
15614
15615
15616
15617
15618
15619
15620
15621
15622
15623
15624
15625
15626
15627
15628
15629
15630
15631
15632
15633
15634
15635
15636
15637
15638
15639
15640
15641
15642
15643
15644
15645
15646
15647
15648
15649
15650
15651
15652
15653
15654
15655
15656
15657
15658
15659
15660
15661
15662
15663
15664
15665
15666
15667
15668
15669
15670
15671
15672
15673
15674
15675
15676
15677
15678
15679
15680
15681
15682
15683
15684
15685
15686
15687
15688
15689
15690
15691
15692
15693
15694
15695
15696
15697
15698
15699
15700
15701
15702
15703
15704
15705
15706
15707
15708
15709
15710
15711
15712
15713
15714
15715
15716
15717
15718
15719
15720
15721
15722
15723
15724
15725
15726
15727
15728
15729
15730
15731
15732
15733
15734
15735
15736
15737
15738
15739
15740
15741
15742
15743
15744
15745
15746
15747
15748
15749
15750
15751
15752
15753
15754
15755
15756
15757
15758
15759
15760
15761
15762
15763
15764
15765
15766
15767
15768
15769
15770
15771
15772
15773
15774
15775
15776
15777
15778
15779
15780
15781
15782
15783
15784
15785
15786
15787
15788
15789
15790
15791
15792
15793
15794
15795
15796
15797
15798
15799
15800
15801
15802
15803
15804
15805
15806
15807
15808
15809
15810
15811
15812
15813
15814
15815
15816
15817
15818
15819
15820
15821
15822
15823
15824
15825
15826
15827
15828
15829
15830
15831
15832
15833
15834
15835
15836
15837
15838
15839
15840
15841
15842
15843
15844
15845
15846
15847
15848
15849
15850
15851
15852
15853
15854
15855
15856
15857
15858
15859
15860
15861
15862
15863
15864
15865
15866
15867
15868
15869
15870
15871
15872
15873
15874
15875
15876
15877
15878
15879
15880
15881
15882
15883
15884
15885
15886
15887
15888
15889
15890
15891
15892
15893
15894
15895
15896
15897
15898
15899
15900
15901
15902
15903
15904
15905
15906
15907
15908
15909
15910
15911
15912
15913
15914
15915
15916
15917
15918
15919
15920
15921
15922
15923
15924
15925
15926
15927
15928
15929
15930
15931
15932
15933
15934
15935
15936
15937
15938
15939
15940
15941
15942
15943
15944
15945
15946
15947
15948
15949
15950
15951
15952
15953
15954
15955
15956
15957
15958
15959
15960
15961
15962
15963
15964
15965
15966
15967
15968
15969
15970
15971
15972
15973
15974
15975
15976
15977
15978
15979
15980
15981
15982
15983
15984
15985
15986
15987
15988
15989
15990
15991
15992
15993
15994
15995
15996
15997
15998
15999
16000
16001
16002
16003
16004
16005
16006
16007
16008
16009
16010
16011
16012
16013
16014
16015
16016
16017
16018
16019
16020
16021
16022
16023
16024
16025
16026
16027
16028
16029
16030
16031
16032
16033
16034
16035
16036
16037
16038
16039
16040
16041
16042
16043
16044
16045
16046
16047
16048
16049
16050
16051
16052
16053
16054
16055
16056
16057
16058
16059
16060
16061
16062
16063
16064
16065
16066
16067
16068
16069
16070
16071
16072
16073
16074
16075
16076
16077
16078
16079
16080
16081
16082
16083
16084
16085
16086
16087
16088
16089
16090
16091
16092
16093
16094
16095
16096
16097
16098
16099
16100
16101
16102
16103
16104
16105
16106
16107
16108
16109
16110
16111
16112
16113
16114
16115
16116
16117
16118
16119
16120
16121
16122
16123
16124
16125
16126
16127
16128
16129
16130
16131
16132
16133
16134
16135
16136
16137
16138
16139
16140
16141
16142
16143
16144
16145
16146
16147
16148
16149
16150
16151
16152
16153
16154
16155
16156
16157
16158
16159
16160
16161
16162
16163
16164
16165
16166
16167
16168
16169
16170
16171
16172
16173
16174
16175
16176
16177
16178
16179
16180
16181
16182
16183
16184
16185
16186
16187
16188
16189
16190
16191
16192
16193
16194
16195
16196
16197
16198
16199
16200
16201
16202
16203
16204
16205
16206
16207
16208
16209
16210
16211
16212
16213
16214
16215
16216
16217
16218
16219
16220
16221
16222
16223
16224
16225
16226
16227
16228
16229
16230
16231
16232
16233
16234
16235
16236
16237
16238
16239
16240
16241
16242
16243
16244
16245
16246
16247
16248
16249
16250
16251
16252
16253
16254
16255
16256
16257
16258
16259
16260
16261
16262
16263
16264
16265
16266
16267
16268
16269
16270
16271
16272
16273
16274
16275
16276
16277
16278
16279
16280
16281
16282
16283
16284
16285
16286
16287
16288
16289
16290
16291
16292
16293
16294
16295
16296
16297
16298
16299
16300
16301
16302
16303
16304
16305
16306
16307
16308
16309
16310
16311
16312
16313
16314
16315
16316
16317
16318
16319
16320
16321
16322
16323
16324
16325
16326
16327
16328
16329
16330
16331
16332
16333
16334
16335
16336
16337
16338
16339
16340
16341
16342
16343
16344
16345
16346
16347
16348
16349
16350
16351
16352
16353
16354
16355
16356
16357
16358
16359
16360
16361
16362
16363
16364
16365
16366
16367
16368
16369
16370
16371
16372
16373
16374
16375
16376
16377
16378
16379
16380
16381
16382
16383
16384
16385
16386
16387
16388
16389
16390
16391
16392
16393
16394
16395
16396
16397
16398
16399
16400
16401
16402
16403
16404
16405
16406
16407
16408
16409
16410
16411
16412
16413
16414
16415
16416
16417
16418
16419
16420
16421
16422
16423
16424
16425
16426
16427
16428
16429
16430
16431
16432
16433
16434
16435
16436
16437
16438
16439
16440
16441
16442
16443
16444
16445
16446
16447
16448
16449
16450
16451
16452
16453
16454
16455
16456
16457
16458
16459
16460
16461
16462
16463
16464
16465
16466
16467
16468
16469
16470
16471
16472
16473
16474
16475
16476
16477
16478
16479
16480
16481
16482
16483
16484
16485
16486
16487
16488
16489
16490
16491
16492
16493
16494
16495
16496
16497
16498
16499
16500
16501
16502
16503
16504
16505
16506
16507
16508
16509
16510
16511
16512
16513
16514
16515
16516
16517
16518
16519
16520
16521
16522
16523
16524
16525
16526
16527
16528
16529
16530
16531
16532
16533
16534
16535
16536
16537
16538
16539
16540
16541
16542
16543
16544
16545
16546
16547
16548
16549
16550
16551
16552
16553
16554
16555
16556
16557
16558
16559
16560
16561
16562
16563
16564
16565
16566
16567
16568
16569
16570
16571
16572
16573
16574
16575
16576
16577
16578
16579
16580
16581
16582
16583
16584
16585
16586
16587
16588
16589
16590
16591
16592
16593
16594
16595
16596
16597
16598
16599
16600
16601
16602
16603
16604
16605
16606
16607
16608
16609
16610
16611
16612
16613
16614
16615
16616
16617
16618
16619
16620
16621
16622
16623
16624
16625
16626
16627
16628
16629
16630
16631
16632
16633
16634
16635
16636
16637
16638
16639
16640
16641
16642
16643
16644
16645
16646
16647
16648
16649
16650
16651
16652
16653
16654
16655
16656
16657
16658
16659
16660
16661
16662
16663
16664
16665
16666
16667
16668
16669
# This is the input file for automatically generating the postconf(5)
# manual page, the summaries of parameters in on-line manual pages,
# and for the postconf.5.html hyperlinked document.
#
# The following tools operate on information from this file:
#
# xpostconf
#     Extracts specific parameter definitions from this file, or
#     produces a sorted version of all the information in this
#     document.
#
# postconf2html
#     Adds parameter name +default headers. The result can be embedded
#     into the postconf.5.html hyperlinked document.
#
# postconf2man
#     Converts this file into something that can be embedded into
#     the postconf(5) UNIX-style manual page.  This tool knows only
#     a limited subset of HTML as described below.
#
# postconf2src
#    Converts this file result into something that can be embedded
#    into Postfix source code files.
#
# The subset of HTML that you can use is limited by the postconf2man
# tool:
#
#   * Supported HTML elements are: blockquote, ul, li, dl, dt, dd,
#     p, pre, b, i, h, and the escapes for < <= >= >. Sorry, no
#     tables.
#
#   * HTML elements must be specified in lower case.
#
#   * Lists cannot be nested.
#
#   * The postconf2man tool leaves unrecognized HTML in place as a
#     reminder that it is not supported.
#
#   * Text between <!-- and --> is stripped out. The <!-- and -->
#     must appear on separate lines.
#
#   * Use <nroffescape .sp> to request an empty line in the middle
#     of a block of text. This is needed with indented lists.
#
#   * Blank lines are special for postconf2man: it replaces them by
#     a "new paragraph" command. Don't put any blank lines inside
#     <blockquote> text. Instead, put those blank lines between
#     </blockquote> and <blockquote>.
#
#   * Text after a blank line must start with an HTML element.
#
#   Also:
#
#   * All <dt> and <dd>text must be closed with </dt> and </dd>.
#
#   * Use <blockquote><pre>..</pre></blockquote> for examples
#     between narrative text, instead of indenting examples by hand.
#
#   * Use <pre>..</pre> for the "Examples:" section at the end
#     of a parameter description.
#
# The postlink tool automatically inserts hyperlinks for the following,
# so you must not hyperlink that information yourself:
#
#   * Postfix manual pages
#   * URLs
#   * RFCs
#   * Postfix configuration parameters
#   * Postfix README files
#   * Address classes and other terminology.
#
# The xpostconf and postconf2html tools expect the file format described
# in the comments below.  The description includes the transformation
# that is done by the postconf2html tool.
#
#   * The format of this file is blocks of text separated by one or
#     more empty (or all whitespace) lines.
#
#   * A text block that begins with %PARAM specifies a parameter name
#     and its default value, separated by whitespace. The text in
#     the blocks that follow is the parameter description.
#
#   * The first line (text up to the first ". ") is used in Postfix
#     on-line manual pages, in the one-line configuration parameter
#     summaries.
#
#   * A text block that begins with the "<" character is treated as
#     literal HTML. For example, to specify a "dl" list element one
#     would write:
#
#         |<dt><b>name</b></dt> <dd>
#         |
#         |text that describes "name".
#         |
#         |</dd> ...
#
#     As described below, the text that describes "name" will be
#     enclosed with <p> and </p>.
#
#     An "ul" list element would be written like this:
#
#         |<li> text for this list element.
#
#   * Any text block that does not begin with < is an error.

%CLASS address-verification Address verification (Postfix 2.1 and later)

<p>
Sender/recipient address verification is implemented by sending
probe email messages that are not actually delivered. This feature
is requested via the reject_unverified_sender and
reject_unverified_recipient access restrictions.  The status of
verification probes is maintained by the address verification
service.  See the file ADDRESS_VERIFICATION_README for information
about how to configure and operate the Postfix sender/recipient
address verification service.
</p>

%CLASS smtpd-compatibility Compatibility controls

%CLASS resource-control Resource controls

%CLASS after-queue-filter After-queue content filter

<p>
As of version 1.0, Postfix can be configured to send new mail to
an external content filter AFTER the mail is queued. This content
filter is expected to inject mail back into a (Postfix or other)
MTA for further delivery.  See the FILTER_README document for
details.
</p>

%CLASS before-queue-filter Before-queue content filter

<p>
The Postfix SMTP server can be configured to send incoming mail to
a real-time SMTP-based content filter BEFORE mail is queued.  This
content filter is expected to inject mail back into Postfix.  See
the SMTPD_PROXY_README document for details on how to configure
and operate this feature.
</p>

%CLASS basic-config Basic configuration parameters

%CLASS smtpd-access-relay SMTP server access and relay control

%CLASS smtpd-sasl SMTP server SASL authentication

%CLASS unknown-recipients Rejecting mail for unknown recipients

%CLASS smtpd-reply-code SMTP server response codes

%CLASS other Other configuration parameters

%PARAM access_map_reject_code 554

<p>
The numerical Postfix SMTP server response code for
an access(5) map "reject" action.
</p>

<p>
Do not change this unless you have a complete understanding of RFC 5321.
</p>

%PARAM access_map_defer_code 450

<p>
The numerical Postfix SMTP server response code for
an access(5) map "defer" action, including "defer_if_permit"
or "defer_if_reject". Prior to Postfix 2.6, the response 
is hard-coded as "450".
</p>

<p>
Do not change this unless you have a complete understanding of RFC 5321.
</p>

<p>
This feature is available in Postfix 2.6 and later.
</p>

%PARAM address_verify_default_transport $default_transport

<p>
Overrides the default_transport parameter setting for address
verification probes.
</p>

<p>
This feature is available in Postfix 2.1 and later.
</p>

%PARAM address_verify_local_transport $local_transport

<p>
Overrides the local_transport parameter setting for address
verification probes.
</p>

<p>
This feature is available in Postfix 2.1 and later.
</p>

%PARAM address_verify_map see "postconf -d" output

<p>
Lookup table for persistent address verification status
storage.  The table is maintained by the verify(8) service, and
is opened before the process releases privileges.
</p>

<p>
The lookup table is persistent by default (Postfix 2.7 and later).
Specify an empty table name to keep the information in volatile
memory which is lost after "<b>postfix reload</b>" or "<b>postfix
stop</b>". This is the default with Postfix version 2.6 and earlier.
</p>

<p>
Specify a location in a file system that will not fill up. If the
database becomes corrupted, the world comes to an end. To recover
delete (NOT: truncate) the file and do "<b>postfix reload</b>".
</p>

<p> Postfix daemon processes do not use root privileges when opening
this file (Postfix 2.5 and later).  The file must therefore be
stored under a Postfix-owned directory such as the data_directory.
As a migration aid, an attempt to open the file under a non-Postfix
directory is redirected to the Postfix-owned data_directory, and a
warning is logged. </p>

<p>
Examples:
</p>

<pre>
address_verify_map = hash:/var/db/postfix/verify
address_verify_map = btree:/var/db/postfix/verify
</pre>

<p>
This feature is available in Postfix 2.1 and later.
</p>

%PARAM address_verify_negative_cache yes

<p>
Enable caching of failed address verification probe results.  When
this feature is enabled, the cache may pollute quickly with garbage.
When this feature is disabled, Postfix will generate an address
probe for every lookup.
</p>

<p>
This feature is available in Postfix 2.1 and later.
</p>

%PARAM address_verify_negative_expire_time 3d

<p>
The time after which a failed probe expires from the address
verification cache.
</p>

<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
</p>

<p>
This feature is available in Postfix 2.1 and later.
</p>

%PARAM address_verify_negative_refresh_time 3h

<p>
The time after which a failed address verification probe needs to
be refreshed.
</p>

<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
</p>

<p>
This feature is available in Postfix 2.1 and later.
</p>

%PARAM address_verify_cache_cleanup_interval 12h

<p> The amount of time between verify(8) address verification
database cleanup runs. This feature requires that the database
supports the "delete" and "sequence" operators.  Specify a zero
interval to disable database cleanup. </p>

<p> After each database cleanup run, the verify(8) daemon logs the
number of entries that were retained and dropped. A cleanup run is
logged as "partial" when the daemon terminates early after "<b>postfix
reload</b>", "<b>postfix stop</b>", or no requests for $max_idle
seconds. </p>

<p> Time units: s (seconds), m (minutes), h (hours), d (days), w
(weeks). </p>

<p> This feature is available in Postfix 2.7. </p>

%PARAM address_verify_poll_count normal: 3, overload: 1

<p>
How many times to query the verify(8) service for the completion
of an address verification request in progress.
</p>

<p> By default, the Postfix SMTP server polls the verify(8) service
up to three times under non-overload conditions, and only once when
under overload.  With Postfix version 2.5 and earlier, the SMTP
server always polls the verify(8) service up to three times by
default.  </p>

<p>
Specify 1 to implement a crude form of greylisting, that is, always
defer the first delivery request for a new address.
</p>

<p>
Examples:
</p>

<pre>
# Postfix &le; 2.6 default
address_verify_poll_count = 3
# Poor man's greylisting
address_verify_poll_count = 1
</pre>

<p>
This feature is available in Postfix 2.1 and later.
</p>

%PARAM address_verify_poll_delay 3s

<p>
The delay between queries for the completion of an address
verification request in progress.
</p>

<p>
The default polling delay is 3 seconds.
</p>

<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
</p>

<p>
This feature is available in Postfix 2.1 and later.
</p>

%PARAM address_verify_positive_expire_time 31d

<p>
The time after which a successful probe expires from the address
verification cache.
</p>

<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
</p>

<p>
This feature is available in Postfix 2.1 and later.
</p>

%PARAM address_verify_positive_refresh_time 7d

<p>
The time after which a successful address verification probe needs
to be refreshed.  The address verification status is not updated
when the probe fails (optimistic caching).
</p>

<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
</p>

<p>
This feature is available in Postfix 2.1 and later.
</p>

%PARAM address_verify_relay_transport $relay_transport

<p>
Overrides the relay_transport parameter setting for address
verification probes.
</p>

<p>
This feature is available in Postfix 2.1 and later.
</p>

%PARAM address_verify_relayhost $relayhost

<p>
Overrides the relayhost parameter setting for address verification
probes. This information can be overruled with the transport(5) table.
</p>

<p>
This feature is available in Postfix 2.1 and later.
</p>

%PARAM address_verify_sender $double_bounce_sender

<p> The sender address to use in address verification probes; prior
to Postfix 2.5 the default was "postmaster". To
avoid problems with address probes that are sent in response to
address probes, the Postfix SMTP server excludes the probe sender
address from all SMTPD access blocks. </p>

<p>
Specify an empty value (address_verify_sender =) or &lt;&gt; if you want
to use the null sender address. Beware, some sites reject mail from
&lt;&gt;, even though RFCs require that such addresses be accepted.
</p>

<p>
Examples:
</p>

<pre>
address_verify_sender = &lt;&gt;
address_verify_sender = postmaster@my.domain
</pre>

<p>
This feature is available in Postfix 2.1 and later.
</p>

%PARAM address_verify_transport_maps $transport_maps

<p>
Overrides the transport_maps parameter setting for address verification
probes.
</p>

<p>
This feature is available in Postfix 2.1 and later.
</p>

%PARAM address_verify_virtual_transport $virtual_transport

<p>
Overrides the virtual_transport parameter setting for address
verification probes.
</p>

<p>
This feature is available in Postfix 2.1 and later.
</p>

%PARAM alias_database see "postconf -d" output

<p>
The alias databases for local(8) delivery that are updated with
"<b>newaliases</b>" or with "<b>sendmail -bi</b>".
</p>

<p>
This is a separate configuration parameter because not all the
tables specified with $alias_maps have to be local files.
</p>

<p>
Examples:
</p>

<pre>
alias_database = hash:/etc/aliases
alias_database = hash:/etc/mail/aliases
</pre>

%PARAM alias_maps see "postconf -d" output

<p>
The alias databases that are used for local(8) delivery. See
aliases(5) for syntax details.
Specify zero or more "type:name" lookup tables, separated by
whitespace or comma. Tables will be searched in the specified order
until a match is found.
Note: these lookups are recursive.
</p>

<p>
The default list is system dependent.  On systems with NIS, the
default is to search the local alias database, then the NIS alias
database.
</p>

<p>
If you change the alias database, run "<b>postalias /etc/aliases</b>"
(or wherever your system stores the mail alias file), or simply
run "<b>newaliases</b>" to build the necessary DBM or DB file.
</p>
  
<p>
The local(8) delivery agent disallows regular expression substitution
of $1 etc. in alias_maps, because that would open a security hole.
</p>

<p>
The local(8) delivery agent will silently ignore requests to use
the proxymap(8) server within alias_maps. Instead it will open the
table directly. Before Postfix version 2.2, the local(8) delivery
agent will terminate with a fatal error.
</p>

<p>
Examples:
</p>

<pre>
alias_maps = hash:/etc/aliases, nis:mail.aliases
alias_maps = hash:/etc/aliases
</pre>

%PARAM allow_mail_to_commands alias, forward

<p>
Restrict local(8) mail delivery to external commands.  The default
is to disallow delivery to "|command" in :include:  files (see
aliases(5) for the text that defines this terminology).
</p>

<p>
Specify zero or more of: <b>alias</b>, <b>forward</b> or <b>include</b>,
in order to allow commands in aliases(5), .forward files or in
:include:  files, respectively.
</p>

<p>
Example:
</p>

<pre>
allow_mail_to_commands = alias,forward,include
</pre>

%PARAM allow_mail_to_files alias, forward

<p>
Restrict local(8) mail delivery to external files. The default is
to disallow "/file/name" destinations in :include:  files (see
aliases(5) for the text that defines this terminology).
</p>

<p>
Specify zero or more of: <b>alias</b>, <b>forward</b> or <b>include</b>,
in order to allow "/file/name" destinations in aliases(5), .forward
files and in :include:  files, respectively.
</p>

<p>
Example:
</p>

<pre>
allow_mail_to_files = alias,forward,include
</pre>

%PARAM allow_min_user no

<p>
Allow a sender or recipient address to have `-' as the first
character.  By
default, this is not allowed, to avoid accidents with software that
passes email addresses via the command line. Such software
would not be able to distinguish a malicious address from a
bona fide command-line option. Although this can be prevented by
inserting a "--" option terminator into the command line, this is
difficult to enforce consistently and globally.  </p>

<p> As of Postfix version 2.5, this feature is implemented by
trivial-rewrite(8).  With earlier versions this feature was implemented
by qmgr(8) and was limited to recipient addresses only. </p>

%PARAM allow_percent_hack yes

<p>
Enable the rewriting of the form "user%domain" to "user@domain".
This is enabled by default.
</p>

<p> Note: as of Postfix version 2.2, message header address rewriting
happens only when one of the following conditions is true: </p>
 
<ul>
 
<li> The message is received with the Postfix sendmail(1) command,
 
<li> The message is received from a network client that matches
$local_header_rewrite_clients,
 
<li> The message is received from the network, and the
remote_header_rewrite_domain parameter specifies a non-empty value.
 
</ul>

<p> To get the behavior before Postfix version 2.2, specify
"local_header_rewrite_clients = static:all". </p>

<p>
Example:
</p>

<pre>
allow_percent_hack = no
</pre>

%PARAM allow_untrusted_routing no

<p>
Forward mail with sender-specified routing (user[@%!]remote[@%!]site)
from untrusted clients to destinations matching $relay_domains.
</p>

<p>
By default, this feature is turned off.  This closes a nasty open
relay loophole where a backup MX host can be tricked into forwarding
junk mail to a primary MX host which then spams it out to the world.
</p>

<p>
This parameter also controls if non-local addresses with sender-specified
routing can match Postfix access tables. By default, such addresses
cannot match Postfix access tables, because the address is ambiguous.
</p>

%PARAM always_bcc 

<p>
Optional address that receives a "blind carbon copy" of each message
that is received by the Postfix mail system.
</p>

<p>
Note: with Postfix 2.3 and later the BCC address is added as if it
was specified with NOTIFY=NONE. The sender will not be notified
when the BCC address is undeliverable, as long as all down-stream
software implements RFC 3461.
</p>

<p>
Note: with Postfix 2.2 and earlier the sender will be notified 
when the BCC address is undeliverable.
</p>

<p> Note: automatic BCC recipients are produced only for new mail.
To avoid mailer loops, automatic BCC recipients are not generated
after Postfix forwards mail internally, or after Postfix generates
mail itself. </p>

%PARAM berkeley_db_create_buffer_size 16777216

<p>
The per-table I/O buffer size for programs that create Berkeley DB
hash or btree tables.  Specify a byte count.
</p>

<p>
This feature is available in Postfix 2.0 and later.
</p>

%PARAM berkeley_db_read_buffer_size 131072

<p>
The per-table I/O buffer size for programs that read Berkeley DB
hash or btree tables.  Specify a byte count.
</p>

<p>
This feature is available in Postfix 2.0 and later.
</p>

%PARAM best_mx_transport 

<p>
Where the Postfix SMTP client should deliver mail when it detects
a "mail loops back to myself" error condition. This happens when
the local MTA is the best SMTP mail exchanger for a destination
not listed in $mydestination, $inet_interfaces, $proxy_interfaces,
$virtual_alias_domains, or $virtual_mailbox_domains.  By default,
the Postfix SMTP client returns such mail as undeliverable.
</p>

<p>
Specify, for example, "best_mx_transport = local" to pass the mail
from the Postfix SMTP client to the local(8) delivery agent. You
can specify
any message delivery "transport" or "transport:nexthop" that is
defined in the master.cf file. See the transport(5) manual page
for the syntax and meaning of "transport" or "transport:nexthop".
</p>

<p>
However, this feature is expensive because it ties up a Postfix
SMTP client process while the local(8) delivery agent is doing its
work. It is more efficient (for Postfix) to list all hosted domains
in a table or database.
</p>

%PARAM biff yes

<p>
Whether or not to use the local biff service.  This service sends
"new mail" notifications to users who have requested new mail
notification with the UNIX command "biff y".
</p>

<p>
For compatibility reasons this feature is on by default.  On systems
with lots of interactive users, the biff service can be a performance
drain.  Specify "biff = no" in main.cf to disable.
</p>

%PARAM body_checks 

<p> Optional lookup tables for content inspection as specified in
the body_checks(5) manual page.  </p>

<p> Note: with Postfix versions before 2.0, these rules inspect
all content after the primary message headers. </p>

%PARAM body_checks_size_limit 51200

<p>
How much text in a message body segment (or attachment, if you
prefer to use that term) is subjected to body_checks inspection.
The amount of text is limited to avoid scanning huge attachments.
</p>

<p>
This feature is available in Postfix 2.0 and later.
</p>

%PARAM bounce_queue_lifetime 5d

<p>
Consider a bounce message as undeliverable, when delivery fails
with a temporary error, and the time in the queue has reached the
bounce_queue_lifetime limit.  By default, this limit is the same
as for regular mail.
</p>

<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is d (days).
</p>

<p>
Specify 0 when mail delivery should be tried only once.
</p>

<p>
This feature is available in Postfix 2.1 and later.
</p>

%PARAM bounce_size_limit 50000

<p> The maximal amount of original message text that is sent in a
non-delivery notification. Specify a byte count.  A message is
returned as either message/rfc822 (the complete original) or as
text/rfc822-headers (the headers only).  With Postfix version 2.4
and earlier, a message is always returned as message/rfc822 and is
truncated when it exceeds the size limit.
</p>

<p> Notes: </p>

<ul>

<li> <p> If you increase this limit, then you should increase the
mime_nesting_limit value proportionally.  </p>

<li> <p> Be careful when making changes.  Excessively large values
will result in the loss of non-delivery notifications, when a bounce
message size exceeds a local or remote MTA's message size limit.
</p>

</ul>

%PARAM canonical_maps 

<p>
Optional address mapping lookup tables for message headers and
envelopes. The mapping is applied to both sender and recipient
addresses, in both envelopes and in headers, as controlled
with the canonical_classes parameter. This is typically used
to clean up dirty addresses from legacy mail systems, or to replace
login names by Firstname.Lastname.  The table format and lookups
are documented in canonical(5). For an overview of Postfix address
manipulations see the ADDRESS_REWRITING_README document.
</p>

<p>
Specify zero or more "type:name" lookup tables, separated by
whitespace or comma. Tables will be searched in the specified order
until a match is found.
Note: these lookups are recursive.
</p>

<p>
If you use this feature, run "<b>postmap /etc/postfix/canonical</b>" to
build the necessary DBM or DB file after every change. The changes
will become visible after a minute or so.  Use "<b>postfix reload</b>"
to eliminate the delay.
</p>

<p> Note: with Postfix version 2.2, message header address mapping
happens only when message header address rewriting is enabled: </p>

<ul>

<li> The message is received with the Postfix sendmail(1) command,

<li> The message is received from a network client that matches
$local_header_rewrite_clients,

<li> The message is received from the network, and the
remote_header_rewrite_domain parameter specifies a non-empty value.

</ul>

<p> To get the behavior before Postfix version 2.2, specify
"local_header_rewrite_clients = static:all". </p>

<p>
Examples:
</p>

<pre>
canonical_maps = dbm:/etc/postfix/canonical
canonical_maps = hash:/etc/postfix/canonical
</pre>

%PARAM canonical_classes envelope_sender, envelope_recipient, header_sender, header_recipient

<p> What addresses are subject to canonical_maps address mapping.
By default, canonical_maps address mapping is applied to envelope
sender and recipient addresses, and to header sender and header
recipient addresses.  </p>

<p> Specify one or more of: envelope_sender, envelope_recipient,
header_sender, header_recipient </p>

<p> This feature is available in Postfix 2.2 and later. </p>

%PARAM sender_canonical_classes envelope_sender, header_sender

<p> What addresses are subject to sender_canonical_maps address
mapping.  By default, sender_canonical_maps address mapping is
applied to envelope sender addresses, and to header sender addresses.
</p>

<p> Specify one or more of: envelope_sender, header_sender </p>

<p> This feature is available in Postfix 2.2 and later. </p>

%PARAM recipient_canonical_classes envelope_recipient, header_recipient

<p> What addresses are subject to recipient_canonical_maps address
mapping.  By default, recipient_canonical_maps address mapping is
applied to envelope recipient addresses, and to header recipient
addresses.  </p>

<p> Specify one or more of: envelope_recipient, header_recipient
</p>

<p> This feature is available in Postfix 2.2 and later. </p>

%PARAM command_directory see "postconf -d" output

<p>
The location of all postfix administrative commands.
</p>

%PARAM command_time_limit 1000s

<p>
Time limit for delivery to external commands. This limit is used
by the local(8) delivery agent, and is the default time limit for
delivery by the pipe(8) delivery agent.
</p>

<p>
Note: if you set this time limit to a large value you must update the
global ipc_timeout parameter as well.
</p>

%PARAM daemon_directory see "postconf -d" output

<p>
The directory with Postfix support programs and daemon programs.
These should not be invoked directly by humans. The directory must
be owned by root.
</p>

%PARAM daemon_timeout 18000s

<p> How much time a Postfix daemon process may take to handle a
request before it is terminated by a built-in watchdog timer.  </p>

<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>

%PARAM debug_peer_level 2

<p> The increment in verbose logging level when a remote client or
server matches a pattern in the debug_peer_list parameter.  </p>

%PARAM debug_peer_list 

<p> Optional list of remote client or server hostname or network
address patterns that cause the verbose logging level to increase
by the amount specified in $debug_peer_level.  </p>

<p> Specify domain names, network/netmask patterns, "/file/name"
patterns or "type:table" lookup tables. The right-hand side result
from "type:table" lookups is ignored.  </p>

<p> Pattern matching of domain names is controlled by the presence
or absence of "debug_peer_list" in the parent_domain_matches_subdomains
parameter value.  </p>

<p>
Examples:
</p>

<pre>
debug_peer_list = 127.0.0.1
debug_peer_list = example.com
</pre>

%PARAM default_database_type see "postconf -d" output

<p>
The default database type for use in newaliases(1), postalias(1)
and postmap(1) commands. On many UNIX systems the default type is
either <b>dbm</b> or <b>hash</b>. The default setting is frozen
when the Postfix system is built.
</p>

<p>
Examples:
</p>

<pre>
default_database_type = hash
default_database_type = dbm
</pre>

%PARAM default_delivery_slot_cost 5

<p>
How often the Postfix queue manager's scheduler is allowed to
preempt delivery of one message with another.
</p>

<p>
Each transport maintains a so-called "available delivery slot counter"
for each message. One message can be preempted by another one when
the other message can be delivered using no more delivery slots
(i.e., invocations of delivery agents) than the current message
counter has accumulated (or will eventually accumulate - see about
slot loans below). This parameter controls how often is the counter
incremented - it happens after each default_delivery_slot_cost
recipients have been delivered.
</p>

<p>
The cost of 0 is used to disable the preempting scheduling completely.
The minimum value the scheduling algorithm can use is 2 - use it
if you want to maximize the message throughput rate. Although there
is no maximum, it doesn't make much sense to use values above say
50.
</p>

<p>
The only reason why the value of 2 is not the default is the way
this parameter affects the delivery of mailing-list mail. In the
worst case, their delivery can take somewhere between (cost+1/cost)
and (cost/cost-1) times more than if the preemptive scheduler was
disabled. The default value of 5 turns out to provide reasonable
message response times while making sure the mailing-list deliveries
are not extended by more than 20-25 percent even in the worst case.
</p>

<p> Use <i>transport</i>_delivery_slot_cost to specify a
transport-specific override, where <i>transport</i> is the master.cf
name of the message delivery transport.
</p>

<p>
Examples:
</p>

<pre>
default_delivery_slot_cost = 0
default_delivery_slot_cost = 2
</pre>

%PARAM default_destination_concurrency_limit 20

<p>
The default maximal number of parallel deliveries to the same
destination.  This is the default limit for delivery via the lmtp(8),
pipe(8), smtp(8) and virtual(8) delivery agents.
With per-destination recipient limit &gt; 1, a destination is a domain,
otherwise it is a recipient.
</p>

<p> Use <i>transport</i>_destination_concurrency_limit to specify a
transport-specific override, where <i>transport</i> is the master.cf
name of the message delivery transport.
</p>

%PARAM default_destination_recipient_limit 50

<p>
The default maximal number of recipients per message delivery.
This is the default limit for delivery via the lmtp(8), pipe(8),
smtp(8) and virtual(8) delivery agents.
</p>

<p> Setting this parameter to a value of 1 affects email deliveries
as follows:</p>

<ul>

<li> <p> It changes the meaning of the corresponding per-destination
concurrency limit, from concurrency of deliveries to the <i>same
domain</i> into concurrency of deliveries to the <i>same recipient</i>.
Different recipients are delivered in parallel, subject to the
process limits specified in master.cf. </p>

<li> <p> It changes the meaning of the corresponding per-destination
rate delay, from the delay between deliveries to the <i>same
domain</i> into the delay between deliveries to the <i>same
recipient</i>.  Again, different recipients are delivered in parallel,
subject to the process limits specified in master.cf.  </p>

<li> <p> It changes the meaning of other corresponding per-destination
settings in a similar manner, from settings for delivery to the
<i>same domain</i> into settings for delivery to the <i>same
recipient</i>.

</ul>

<p> Use <i>transport</i>_destination_recipient_limit to specify a
transport-specific override, where <i>transport</i> is the master.cf
name of the message delivery transport.
</p>

%PARAM default_extra_recipient_limit 1000

<p>
The default value for the extra per-transport limit imposed on the
number of in-memory recipients.  This extra recipient space is
reserved for the cases when the Postfix queue manager's scheduler
preempts one message with another and suddenly needs some extra
recipients slots for the chosen message in order to avoid performance
degradation.
</p>

<p> Use <i>transport</i>_extra_recipient_limit to specify a
transport-specific override, where <i>transport</i> is the master.cf
name of the message delivery transport.
</p>

%PARAM default_minimum_delivery_slots 3

<p>
How many recipients a message must have in order to invoke the
Postfix queue manager's scheduling algorithm at all.  Messages
which would never accumulate at least this many delivery slots
(subject to slot cost parameter as well) are never preempted.
</p>

<p> Use <i>transport</i>_minimum_delivery_slots to specify a
transport-specific override, where <i>transport</i> is the master.cf
name of the message delivery transport.
</p>

%PARAM default_privs nobody

<p>
The default rights used by the local(8) delivery agent for delivery
to external file or command.  These rights are used when delivery
is requested from an aliases(5) file that is owned by <b>root</b>, or
when delivery is done on behalf of <b>root</b>. <b>DO NOT SPECIFY A
PRIVILEGED USER OR THE POSTFIX OWNER</b>.
</p>

%PARAM default_process_limit 100

<p>
The default maximal number of Postfix child processes that provide
a given service. This limit can be overruled for specific services
in the master.cf file.
</p>

%PARAM default_rbl_reply see "postconf -d" output

<p>
The default Postfix SMTP server response template for a request that is
rejected by an RBL-based restriction. This template can be overruled
by specific entries in the optional rbl_reply_maps lookup table.
</p>

<p>
This feature is available in Postfix 2.0 and later.
</p>

<p>
The template is subject to exactly one level of $name substitution:
</p>

<dl>

<dt><b>$client</b></dt>

<dd>The client hostname and IP address, formatted as name[address]. </dd>

<dt><b>$client_address</b></dt>

<dd>The client IP address. </dd>

<dt><b>$client_name</b></dt>

<dd>The client hostname or "unknown". See reject_unknown_client_hostname
for more details. </dd>

<dt><b>$reverse_client_name</b></dt>

<dd>The client hostname from address-&gt;name lookup, or "unknown".
See reject_unknown_reverse_client_hostname for more details. </dd>

#<dt><b>$forward_client_name</b></dt>
#
#<dd>The client hostname from address-&gt;name lookup followed by
#name-&gt;address lookup, or "unknown".  See
#reject_unknown_forward_client_hostname for more details. </dd>

<dt><b>$helo_name</b></dt>

<dd>The hostname given in HELO or EHLO command or empty string. </dd>

<dt><b>$rbl_class</b></dt>

<dd>The blacklisted entity type: Client host, Helo command, Sender
address, or Recipient address. </dd>

<dt><b>$rbl_code</b></dt>

<dd>The numerical SMTP response code, as specified with the
maps_rbl_reject_code configuration parameter. Note: The numerical
SMTP response code is required, and must appear at the start of the
reply. With Postfix version 2.3 and later this information may be followed
by an RFC 3463 enhanced status code. </dd>

<dt><b>$rbl_domain</b></dt>

<dd>The RBL domain where $rbl_what is blacklisted. </dd>

<dt><b>$rbl_reason</b></dt>

<dd>The reason why $rbl_what is blacklisted, or an empty string. </dd>

<dt><b>$rbl_what</b></dt>

<dd>The entity that is blacklisted (an IP address, a hostname, a domain
name, or an email address whose domain was blacklisted). </dd>

<dt><b>$recipient</b></dt>

<dd>The recipient address or &lt;&gt; in case of the null address. </dd>

<dt><b>$recipient_domain</b></dt>

<dd>The recipient domain or empty string. </dd>

<dt><b>$recipient_name</b></dt>

<dd>The recipient address localpart or &lt;&gt; in case of null address. </dd>

<dt><b>$sender</b></dt>

<dd>The sender address or &lt;&gt; in case of the null address. </dd>

<dt><b>$sender_domain</b></dt>

<dd>The sender domain or empty string. </dd>

<dt><b>$sender_name</b></dt>

<dd>The sender address localpart or &lt;&gt; in case of the null address. </dd>

<dt><b>${name?text}</b></dt>

<dd>Expands to `text' if $name is not empty. </dd>

<dt><b>${name:text}</b></dt>

<dd>Expands to `text' if $name is empty. </dd>

</dl>

<p>
Instead of $name you can also specify ${name} or $(name).
</p>

<p> Note: when an enhanced status code is specified in an RBL reply
template, it is subject to modification.  The following transformations
are needed when the same RBL reply template is used for client,
helo, sender, or recipient access restrictions.  </p>

<ul>

<li> <p> When rejecting a sender address, the Postfix SMTP server
will transform a recipient DSN status (e.g., 4.1.1-4.1.6) into the
corresponding sender DSN status, and vice versa. </p>

<li> <p> When rejecting non-address information (such as the HELO
command argument or the client hostname/address), the Postfix SMTP
server will transform a sender or recipient DSN status into a generic
non-address DSN status (e.g., 4.0.0).  </p>

</ul>

%PARAM smtpd_expansion_filter see "postconf -d" output

<p>
The smtpd_expansion_filter configuration parameter controls what
characters may appear in $name expansions.
</p>

%PARAM default_recipient_limit 20000

<p>
The default per-transport upper limit on the number of in-memory
recipients.  These limits take priority over the global
qmgr_message_recipient_limit after the message has been assigned
to the respective transports.  See also default_extra_recipient_limit
and qmgr_message_recipient_minimum.
</p>

<p> Use <i>transport</i>_recipient_limit to specify a
transport-specific override, where <i>transport</i> is the master.cf
name of the message delivery transport.
</p>

%PARAM default_recipient_refill_limit 100

<p>
The default per-transport limit on the number of recipients refilled at
once.  When not all message recipients fit into the memory at once, keep
loading more of them in batches of at least this many at a time.  See also
$default_recipient_refill_delay, which may result in recipient batches
lower than this when this limit is too high for too slow deliveries.
</p>

<p> Use <i>transport</i>_recipient_refill_limit to specify a
transport-specific override, where <i>transport</i> is the master.cf
name of the message delivery transport.
</p>

<p> This feature is available in Postfix 2.4 and later. </p>

%PARAM default_recipient_refill_delay 5s

<p>
The default per-transport maximum delay between recipients refills.
When not all message recipients fit into the memory at once, keep loading
more of them at least once every this many seconds.  This is used to
make sure the recipients are refilled in timely manner even when
$default_recipient_refill_limit is too high for too slow deliveries.
</p>

<p> Use <i>transport</i>_recipient_refill_delay to specify a
transport-specific override, where <i>transport</i> is the master.cf
name of the message delivery transport.
</p>

<p> This feature is available in Postfix 2.4 and later. </p>

%PARAM default_transport smtp

<p>
The default mail delivery transport and next-hop destination for
destinations that do not match $mydestination, $inet_interfaces,
$proxy_interfaces, $virtual_alias_domains, $virtual_mailbox_domains,
or $relay_domains.  This information can be overruled with the
sender_dependent_default_transport_maps parameter and with the
transport(5) table. </p>

<p>
In order of decreasing precedence, the nexthop destination is taken
from $sender_dependent_default_transport_maps, $default_transport,
$sender_dependent_relayhost_maps, $relayhost, or from the recipient
domain. 
</p>

<p>
Specify a string of the form <i>transport:nexthop</i>, where <i>transport</i>
is the name of a mail delivery transport defined in master.cf.
The <i>:nexthop</i> destination is optional; its syntax is documented
in the manual page of the corresponding delivery agent.
</p>

<p>
Example:
</p>

<pre>
default_transport = uucp:relayhostname
</pre>

%PARAM defer_code 450

<p>
The numerical Postfix SMTP server response code when a remote SMTP
client request is rejected by the "defer" restriction.
</p>

<p>
Do not change this unless you have a complete understanding of RFC 5321.
</p>

%PARAM defer_transports 

<p>
The names of message delivery transports that should not deliver mail
unless someone issues "<b>sendmail -q</b>" or equivalent. Specify zero
or more names of mail delivery transports names that appear in the
first field of master.cf.
</p>

<p>
Example:
</p>

<pre>
defer_transports = smtp
</pre>

%PARAM deliver_lock_attempts 20

<p>
The maximal number of attempts to acquire an exclusive lock on a
mailbox file or bounce(8) logfile.
</p>

%PARAM deliver_lock_delay 1s

<p>
The time between attempts to acquire an exclusive lock on a mailbox
file or bounce(8) logfile.
</p>

<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>

%PARAM disable_vrfy_command no

<p>
Disable the SMTP VRFY command. This stops some techniques used to
harvest email addresses.
</p>

<p>
Example:
</p>

<pre>
disable_vrfy_command = no
</pre>

%PARAM double_bounce_sender double-bounce

<p> The sender address of postmaster notifications that are generated
by the mail system. All mail to this address is silently discarded,
in order to terminate mail bounce loops.  </p>

%PARAM duplicate_filter_limit 1000

<p> The maximal number of addresses remembered by the address
duplicate filter for aliases(5) or virtual(5) alias expansion, or
for showq(8) queue displays.  </p>

%PARAM enable_original_recipient yes

<p> Enable support for the X-Original-To message header. This header
is needed for multi-recipient mailboxes.  </p>

<p> When this parameter is set to yes, the cleanup(8) daemon performs
duplicate elimination on distinct pairs of (original recipient,
rewritten recipient), and generates non-empty original recipient
queue file records.  </p>

<p> When this parameter is set to no, the cleanup(8) daemon performs
duplicate elimination on the rewritten recipient address only, and
generates empty original recipient queue file records.  </p>

<p> This feature is available in Postfix 2.1 and later. With Postfix
version 2.0, support for the X-Original-To message header is always turned
on. Postfix versions before 2.0 have no support for the X-Original-To
message header.  </p>

%PARAM export_environment see "postconf -d" output

<p>
The list of environment variables that a Postfix process will export
to non-Postfix processes. The TZ variable is needed for sane
time keeping on System-V-ish systems.
</p>

<p>
Specify a list of names and/or name=value pairs, separated by
whitespace or comma. Specify "{ name=value }" to protect whitespace
or comma in parameter values (whitespace after "{" and before "}"
is ignored). The form name=value is supported with Postfix version
2.1 and later; the use of {} is supported with Postfix 3.0 and
later.  </p>

<p>
Example:
</p>

<pre>
export_environment = TZ PATH=/bin:/usr/bin
</pre>

%PARAM smtp_fallback_relay $fallback_relay

<p>
Optional list of relay hosts for SMTP destinations that can't be
found or that are unreachable. With Postfix 2.2 and earlier this
parameter is called fallback_relay.  </p>

<p>
By default, mail is returned to the sender when a destination is
not found, and delivery is deferred when a destination is unreachable.
</p>

<p> With bulk email deliveries, it can be beneficial to run the
fallback relay MTA on the same host, so that it can reuse the sender
IP address.  This speeds up deliveries that are delayed by IP-based
reputation systems (greylist, etc.). </p>

<p> The fallback relays must be SMTP destinations. Specify a domain,
host, host:port, [host]:port, [address] or [address]:port; the form
[host] turns off MX lookups.  If you specify multiple SMTP
destinations, Postfix will try them in the specified order.  </p>

<p> To prevent mailer loops between MX hosts and fall-back hosts,
Postfix version 2.2 and later will not use the fallback relays for
destinations that it is MX host for (assuming DNS lookup is turned on).
</p>

%PARAM fallback_relay 

<p>
Optional list of relay hosts for SMTP destinations that can't be
found or that are unreachable. With Postfix 2.3 this parameter
is renamed to smtp_fallback_relay. </p>

<p>
By default, mail is returned to the sender when a destination is
not found, and delivery is deferred when a destination is unreachable.
</p>

<p> The fallback relays must be SMTP destinations. Specify a domain,
host, host:port, [host]:port, [address] or [address]:port; the form
[host] turns off MX lookups.  If you specify multiple SMTP
destinations, Postfix will try them in the specified order.  </p>

<p> Note: before Postfix 2.2, do not use the fallback_relay feature
when relaying mail
for a backup or primary MX domain. Mail would loop between the
Postfix MX host and the fallback_relay host when the final destination
is unavailable. </p>

<ul>

<li> In main.cf specify "relay_transport = relay",

<li> In master.cf specify "-o fallback_relay =" (i.e., empty) at
the end of the <tt>relay</tt> entry.

<li> In transport maps, specify "relay:<i>nexthop...</i>"
as the right-hand side for backup or primary MX domain entries.

</ul>

<p> Postfix version 2.2 and later will not use the fallback_relay feature
for destinations that it is MX host for.
</p>

%PARAM lmtp_fallback_relay

<p> Optional list of relay hosts for LMTP destinations that can't be
found or that are unreachable.  In main.cf elements are separated by
whitespace or commas.  </p>

<p> By default, mail is returned to the sender when a destination is not
found, and delivery is deferred when a destination is unreachable.  </p>

<p> The fallback relays must be TCP destinations, specified without
a leading "inet:" prefix.  Specify a host or host:port.  Since MX
lookups do not apply with LMTP, there is no need to use the "[host]" or
"[host]:port" forms.  If you specify multiple LMTP destinations, Postfix
will try them in the specified order.  </p>

<p>
This feature is available in Postfix 3.1 and later.
</p>

%PARAM fast_flush_domains $relay_domains

<p>
Optional list of destinations that are eligible for per-destination
logfiles with mail that is queued to those destinations.
</p>

<p>
By default, Postfix maintains "fast flush" logfiles only for
destinations that the Postfix SMTP server is willing to relay to
(i.e. the default is: "fast_flush_domains = $relay_domains"; see
the relay_domains parameter in the postconf(5) manual).
</p>

<p> Specify a list of hosts or domains, "/file/name" patterns or
"type:table" lookup tables, separated by commas and/or whitespace.
Continue long lines by starting the next line with whitespace. A
"/file/name" pattern is replaced by its contents; a "type:table"
lookup table is matched when the domain or its parent domain appears
as lookup key.  </p>

<p> Pattern matching of domain names is controlled by the presence
or absence of "fast_flush_domains" in the parent_domain_matches_subdomains
parameter value.  </p>

<p>
Specify "fast_flush_domains =" (i.e., empty) to disable the feature
altogether.
</p>

%PARAM fast_flush_purge_time 7d

<p>
The time after which an empty per-destination "fast flush" logfile
is deleted.
</p>

<p>
You can specify the time as a number, or as a number followed by
a letter that indicates the time unit: s=seconds, m=minutes, h=hours,
d=days, w=weeks.  The default time unit is days.
</p>

%PARAM fast_flush_refresh_time 12h

<p>
The time after which a non-empty but unread per-destination "fast
flush" logfile needs to be refreshed.  The contents of a logfile
are refreshed by requesting delivery of all messages listed in the
logfile.
</p>

<p>
You can specify the time as a number, or as a number followed by
a letter that indicates the time unit: s=seconds, m=minutes, h=hours,
d=days, w=weeks.  The default time unit is hours.
</p>

%PARAM fork_attempts 5

<p> The maximal number of attempts to fork() a child process.  </p>

%PARAM fork_delay 1s

<p> The delay between attempts to fork() a child process.  </p>

<p> Time units: s (seconds), m (minutes), h (hours), d (days), w
(weeks).  The default time unit is s (seconds).  </p>

%PARAM execution_directory_expansion_filter see "postconf -d" output

<p> Restrict the characters that the local(8) delivery agent allows
in $name expansions of $command_execution_directory.  Characters
outside the allowed set are replaced by underscores.  </p>

<p> This feature is available in Postfix 2.2 and later. </p>

%PARAM command_execution_directory

<p> The local(8) delivery agent working directory for delivery to
external command.  Failure to change directory causes the delivery
to be deferred. </p>

<p> The following $name expansions are done on command_execution_directory
before the directory is changed. Expansion happens in the context
of the delivery request.  The result of $name expansion is filtered
with the character set that is specified with the
execution_directory_expansion_filter parameter.  </p>

<dl>

<dt><b>$user</b></dt>

<dd>The recipient's username. </dd>

<dt><b>$shell</b></dt>

<dd>The recipient's login shell pathname. </dd>

<dt><b>$home</b></dt>

<dd>The recipient's home directory. </dd>

<dt><b>$recipient</b></dt>

<dd>The full recipient address. </dd>

<dt><b>$extension</b></dt>

<dd>The optional recipient address extension. </dd>

<dt><b>$domain</b></dt>

<dd>The recipient domain. </dd>

<dt><b>$local</b></dt>

<dd>The entire recipient localpart. </dd>

<dt><b>$recipient_delimiter</b></dt>

<dd>The address extension delimiter that was found in the recipient
address (Postfix 2.11 and later), or the system-wide recipient
address extension delimiter (Postfix 2.10 and earlier). </dd>

<dt><b>${name?value}</b></dt>

<dd>Expands to <i>value</i> when <i>$name</i> is non-empty. </dd>

<dt><b>${name:value}</b></dt>

<dd>Expands to <i>value</i> when <i>$name</i> is empty. </dd>

</dl>

<p>
Instead of $name you can also specify ${name} or $(name).
</p>

<p> This feature is available in Postfix 2.2 and later. </p>

%PARAM forward_path see "postconf -d" output

<p> The local(8) delivery agent search list for finding a .forward
file with user-specified delivery methods. The first file that is
found is used.  </p>

<p> The following $name expansions are done on forward_path before
the search actually happens. The result of $name expansion is
filtered with the character set that is specified with the
forward_expansion_filter parameter.  </p>

<dl>

<dt><b>$user</b></dt>

<dd>The recipient's username. </dd>

<dt><b>$shell</b></dt>

<dd>The recipient's login shell pathname. </dd>

<dt><b>$home</b></dt>

<dd>The recipient's home directory. </dd>

<dt><b>$recipient</b></dt>

<dd>The full recipient address. </dd>

<dt><b>$extension</b></dt>

<dd>The optional recipient address extension. </dd>

<dt><b>$domain</b></dt>

<dd>The recipient domain. </dd>

<dt><b>$local</b></dt>

<dd>The entire recipient localpart. </dd>

<dt><b>$recipient_delimiter</b></dt>

<dd>The address extension delimiter that was found in the recipient
address (Postfix 2.11 and later), or the system-wide recipient
address extension delimiter (Postfix 2.10 and earlier). </dd>

<dt><b>${name?value}</b></dt>

<dd>Expands to <i>value</i> when <i>$name</i> is non-empty. </dd>

<dt><b>${name:value}</b></dt>

<dd>Expands to <i>value</i> when <i>$name</i> is empty. </dd>

</dl>

<p>
Instead of $name you can also specify ${name} or $(name).
</p>

<p>
Examples:
</p>

<pre>
forward_path = /var/forward/$user
forward_path =
    /var/forward/$user/.forward$recipient_delimiter$extension,
    /var/forward/$user/.forward
</pre>

%CLASS queue-hashing Queue directory hashing

<p>
Queue directory hashing is a performance feature. Splitting one
queue directory across multiple subdirectory levels can speed up
file access by reducing the number of files per directory.
</p>

<p>
Unfortunately, deeply hashing the incoming or deferred queue can
actually slow down the mail system (with a depth of 2, mailq with
an empty queue can take several seconds).
</p>

<p>
Hashing must NOT be used with a world-writable maildrop directory.
Hashing MUST be used for the defer logfile directory, to avoid poor
performance when handling lots of deferred mail.
</p>

%PARAM hash_queue_depth 1

<p>
The number of subdirectory levels for queue directories listed with
the hash_queue_names parameter. Queue hashing is implemented by
creating one or more levels of directories with one-character names.
Originally, these directory names were equal to the first characters
of the queue file name, with the hexadecimal representation of the
file creation time in microseconds. </p>

<p> With long queue file names, queue hashing produces the same
results as with short names. The file creation time in microseconds
is converted into hexadecimal form before the result is used for
queue hashing.  The base 16 encoding gives finer control over the
number of subdirectories than is possible with the base 52 encoding
of long queue file names.  </p>

<p>
After changing the hash_queue_names or hash_queue_depth parameter,
execute the command "<b>postfix reload</b>".
</p>

%PARAM hash_queue_names deferred, defer

<p>
The names of queue directories that are split across multiple
subdirectory levels.
</p>

<p> Before Postfix version 2.2, the default list of hashed queues
was significantly larger. Claims about improvements in file system
technology suggest that hashing of the incoming and active queues
is no longer needed. Fewer hashed directories speed up the time
needed to restart Postfix. </p>

<p>
After changing the hash_queue_names or hash_queue_depth parameter,
execute the command "<b>postfix reload</b>".
</p>

%CLASS headerbody-checks Content inspection built-in features

<p>
The Postfix cleanup(8) server has a limited ability to inspect
message headers and body content for signs of trouble. This is not
meant to be a substitute for content filters that do complex
processing such attachment decoding and unzipping.
</p>

%PARAM header_checks 

<p>
Optional lookup tables for content inspection of primary non-MIME
message headers, as specified in the header_checks(5) manual page.
</p>

%PARAM header_size_limit 102400

<p>
The maximal amount of memory in bytes for storing a message header.
If a header is larger, the excess is discarded.  The limit is
enforced by the cleanup(8) server.
</p>

%PARAM home_mailbox 

<p>
Optional pathname of a mailbox file relative to a local(8) user's
home directory.
</p>

<p>
Specify a pathname ending in "/" for qmail-style delivery.
</p>

<p> The precedence of local(8) delivery features from high to low
is: aliases, .forward files, mailbox_transport_maps, mailbox_transport,
mailbox_command_maps, mailbox_command, home_mailbox, mail_spool_directory,
fallback_transport_maps, fallback_transport and luser_relay.  </p>

<p>
Examples:
</p>

<pre>
home_mailbox = Mailbox
home_mailbox = Maildir/
</pre>

%PARAM hopcount_limit 50

<p>
The maximal number of Received:  message headers that is allowed
in the primary message headers. A message that exceeds the limit
is bounced, in order to stop a mailer loop.
</p>

%PARAM ignore_mx_lookup_error no

<p> Ignore DNS MX lookups that produce no response.  By default,
the Postfix SMTP client defers delivery and tries again after some
delay.  This behavior is required by the SMTP standard.  </p>

<p>
Specify "ignore_mx_lookup_error = yes" to force a DNS A record
lookup instead. This violates the SMTP standard and can result in
mis-delivery of mail.
</p>

%PARAM import_environment see "postconf -d" output

<p>
The list of environment parameters that a Postfix process will
import from a non-Postfix parent process. Examples of relevant
parameters:
</p>

<dl>

<dt><b>TZ</b></dt>

<dd>Needed for sane time keeping on most System-V-ish systems. </dd>

<dt><b>DISPLAY</b></dt>

<dd>Needed for debugging Postfix daemons with an X-windows debugger. </dd>

<dt><b>XAUTHORITY</b></dt>

<dd>Needed for debugging Postfix daemons with an X-windows debugger. </dd>

<dt><b>MAIL_CONFIG</b></dt>

<dd>Needed to make "<b>postfix -c</b>" work. </dd>

</dl>

<p> Specify a list of names and/or name=value pairs, separated by
whitespace or comma. Specify "{ name=value }" to protect whitespace
or comma in parameter values (whitespace after "{" and before "}"
is ignored). The form name=value is supported with Postfix version
2.1 and later; the use of {} is supported with Postfix 3.0 and
later.  </p>

%PARAM in_flow_delay 1s

<p> Time to pause before accepting a new message, when the message
arrival rate exceeds the message delivery rate. This feature is
turned on by default (it's disabled on SCO UNIX due to an SCO bug).
</p>

<p>
With the default 100 Postfix SMTP server process limit, "in_flow_delay
= 1s" limits the mail inflow to 100 messages per second above the
number of messages delivered per second.
</p>

<p>
Specify 0 to disable the feature. Valid delays are 0..10.
</p>

%PARAM inet_interfaces all

<p> The network interface addresses that this mail system receives
mail on. Specify "all" to receive mail on all network
interfaces (default), and "loopback-only" to receive mail
on loopback network interfaces only (Postfix version 2.2 and later).  The
parameter also controls delivery of mail to <tt>user@[ip.address]</tt>.
</p>

<p>
Note 1: you need to stop and start Postfix when this parameter changes.
</p>

<p> Note 2: address information may be enclosed inside <tt>[]</tt>,
but this form is not required here. </p>

<p> When inet_interfaces specifies just one IPv4 and/or IPv6 address
that is not a loopback address, the Postfix SMTP client will use
this address as the IP source address for outbound mail. Support
for IPv6 is available in Postfix version 2.2 and later. </p>

<p>
On a multi-homed firewall with separate Postfix instances listening on the
"inside" and "outside" interfaces, this can prevent each instance from
being able to reach remote SMTP servers on the "other side" of the
firewall. Setting
smtp_bind_address to 0.0.0.0 avoids the potential problem for
IPv4, and setting smtp_bind_address6 to :: solves the problem
for IPv6. </p>

<p>
A better solution for multi-homed firewalls is to leave inet_interfaces
at the default value and instead use explicit IP addresses in
the master.cf SMTP server definitions.  This preserves the Postfix
SMTP client's
loop detection, by ensuring that each side of the firewall knows that the
other IP address is still the same host. Setting $inet_interfaces to a
single IPv4 and/or IPV6 address is primarily useful with virtual
hosting of domains on
secondary IP addresses, when each IP address serves a different domain
(and has a different $myhostname setting). </p>

<p>
See also the proxy_interfaces parameter, for network addresses that
are forwarded to Postfix by way of a proxy or address translator.
</p>

<p>
Examples:
</p>

<pre>
inet_interfaces = all (DEFAULT)
inet_interfaces = loopback-only (Postfix version 2.2 and later)
inet_interfaces = 127.0.0.1
inet_interfaces = 127.0.0.1, [::1] (Postfix version 2.2 and later)
inet_interfaces = 192.168.1.2, 127.0.0.1
</pre>

%PARAM inet_protocols all

<p> The Internet protocols Postfix will attempt to use when making
or accepting connections. Specify one or more of "ipv4"
or "ipv6", separated by whitespace or commas. The form
"all" is equivalent to "ipv4, ipv6" or "ipv4", depending
on whether the operating system implements IPv6. </p>

<p> With Postfix 2.8 and earlier the default is "ipv4". For backwards
compatibility with these releases, the Postfix 2.9 and later upgrade
procedure appends an explicit "inet_protocols = ipv4" setting to
main.cf when no explicit setting is present. This compatibility
workaround will be phased out as IPv6 deployment becomes more common.
</p>

<p> This feature is available in Postfix 2.2 and later. </p>

<p> Note: you MUST stop and start Postfix after changing this
parameter. </p>

<p> On systems that pre-date IPV6_V6ONLY support (RFC 3493), an
IPv6 server will also accept IPv4 connections, even when IPv4 is
turned off with the inet_protocols parameter.  On systems with
IPV6_V6ONLY support, Postfix will use separate server sockets for
IPv6 and IPv4, and each will accept only connections for the
corresponding protocol.  </p>

<p> When IPv4 support is enabled via the inet_protocols parameter,
Postfix will look up DNS type A records, and will convert
IPv4-in-IPv6 client IP addresses (::ffff:1.2.3.4) to their original
IPv4 form (1.2.3.4).  The latter is needed on hosts that pre-date
IPV6_V6ONLY support (RFC 3493). </p>

<p> When IPv6 support is enabled via the inet_protocols parameter,
Postfix will do DNS type AAAA record lookups. </p>

<p> When both IPv4 and IPv6 support are enabled, the Postfix SMTP
client will choose the protocol as specified with the
smtp_address_preference parameter. Postfix versions before 2.8
attempt to connect via IPv6 before attempting to use IPv4.  </p>

<p>
Examples:
</p>

<pre>
inet_protocols = ipv4
inet_protocols = all (DEFAULT)
inet_protocols = ipv6
inet_protocols = ipv4, ipv6
</pre>

%PARAM initial_destination_concurrency 5

<p>
The initial per-destination concurrency level for parallel delivery
to the same destination.
With per-destination recipient limit &gt; 1, a destination is a domain,
otherwise it is a recipient.
</p>

<p> Use <i>transport</i>_initial_destination_concurrency to specify
a transport-specific override, where <i>transport</i> is the master.cf
name of the message delivery transport (Postfix 2.5 and later). </p>

<p>
Warning: with concurrency of 1, one bad message can be enough to
block all mail to a site.
</p>

%PARAM invalid_hostname_reject_code 501

<p>
The numerical Postfix SMTP server response code when the client
HELO or EHLO command parameter is rejected by the reject_invalid_helo_hostname
restriction.
</p>

<p>
Do not change this unless you have a complete understanding of RFC 5321.
</p>

%PARAM ipc_idle version dependent

<p>
The time after which a client closes an idle internal communication
channel.  The purpose is to allow Postfix daemon processes to
terminate voluntarily after they become idle. This is used, for
example, by the Postfix address resolving and rewriting clients.
</p>

<p> With Postfix 2.4 the default value was reduced from 100s to 5s. </p>

<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>

%PARAM ipc_timeout 3600s

<p>
The time limit for sending or receiving information over an internal
communication channel.  The purpose is to break out of deadlock
situations. If the time limit is exceeded the software aborts with a
fatal error.
</p>

<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>

%PARAM ipc_ttl 1000s

<p>
The time after which a client closes an active internal communication
channel.  The purpose is to allow Postfix daemon processes to
terminate voluntarily
after reaching their client limit.  This is used, for example, by
the Postfix address resolving and rewriting clients.
</p>

<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>

<p>
This feature is available in Postfix 2.1 and later.
</p>

%PARAM line_length_limit 2048

<p> Upon input, long lines are chopped up into pieces of at most
this length; upon delivery, long lines are reconstructed.  </p>

%PARAM lmtp_connect_timeout 0s

<p> The Postfix LMTP client time limit for completing a TCP connection, or
zero (use the operating system built-in time limit).  When no
connection can be made within the deadline, the LMTP client tries
the next address on the mail exchanger list.  </p>

<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>

<p>
Example:
</p>

<pre>
lmtp_connect_timeout = 30s
</pre>

%PARAM lmtp_data_done_timeout 600s

<p> The Postfix LMTP client time limit for sending the LMTP ".",
and for receiving the remote LMTP server response.  When no response
is received within the deadline, a warning is logged that the mail
may be delivered multiple times.  </p>

<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>

%PARAM lmtp_data_init_timeout 120s

<p>
The Postfix LMTP client time limit for sending the LMTP DATA command,
and
for receiving the remote LMTP server response.
</p>

<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>

%PARAM lmtp_data_xfer_timeout 180s

<p>
The Postfix LMTP client time limit for sending the LMTP message
content.
When the connection stalls for more than $lmtp_data_xfer_timeout
the LMTP client terminates the transfer.
</p>

<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>

%PARAM lmtp_lhlo_timeout 300s

<p> The Postfix LMTP client time limit for receiving the LMTP
greeting banner.  When the remote LMTP server drops the connection
without sending a
greeting banner, or when it sends no greeting banner within the
deadline, the LMTP client tries the next address on the mail
exchanger list.  </p>

<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>

%PARAM lmtp_mail_timeout 300s

<p>
The Postfix LMTP client time limit for sending the MAIL FROM command,
and for receiving the remote LMTP server response.
</p>

<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>

%PARAM lmtp_quit_timeout 300s

<p>
The Postfix LMTP client time limit for sending the QUIT command,
and for receiving the remote LMTP server response.
</p>

<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>

%PARAM lmtp_rcpt_timeout 300s

<p>
The Postfix LMTP client time limit for sending the RCPT TO command,
and for receiving the remote LMTP server response.
</p>

<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>

%PARAM lmtp_rset_timeout 20s

<p> The Postfix LMTP client time limit for sending the RSET command,
and for receiving the remote LMTP server response. The LMTP client
sends RSET in
order to finish a recipient address probe, or to verify that a
cached connection is still alive.  </p>

<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>

%PARAM lmtp_send_xforward_command no

<p>
Send an XFORWARD command to the remote LMTP server when the LMTP LHLO
server response announces XFORWARD support.  This allows an lmtp(8)
delivery agent, used for content filter message injection, to
forward the name, address, protocol and HELO name of the original
client to the content filter and downstream queuing LMTP server.
Before you change the value to yes, it is best to make sure that
your content filter supports this command.
</p>

<p>
This feature is available in Postfix 2.1 and later.
</p>

%PARAM lmtp_skip_quit_response no

<p>
Wait for the response to the LMTP QUIT command.
</p>

%PARAM lmtp_xforward_timeout 300s

<p>
The Postfix LMTP client time limit for sending the XFORWARD command,
and for receiving the remote LMTP server response.
</p>

<p>
In case of problems the client does NOT try the next address on
the mail exchanger list.
</p>

<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>

<p>
This feature is available in Postfix 2.1 and later.
</p>

%PARAM local_command_shell 

<p>
Optional shell program for local(8) delivery to non-Postfix command.
By default, non-Postfix commands are executed directly; commands
are given to given to the default shell (typically, /bin/sh) only
when they contain shell meta characters or shell built-in commands.
</p>

<p> "sendmail's restricted shell" (smrsh) is what most people will
use in order to restrict what programs can be run from e.g. .forward
files (smrsh is part of the Sendmail distribution).  </p>

<p> Note: when a shell program is specified, it is invoked even
when the command contains no shell built-in commands or meta
characters.  </p>

<p>
Example:
</p>

<pre>
local_command_shell = /some/where/smrsh -c
local_command_shell = /bin/bash -c
</pre>

%PARAM local_destination_concurrency_limit 2

<p> The maximal number of parallel deliveries via the local mail
delivery transport to the same recipient (when
"local_destination_recipient_limit = 1") or the maximal number of
parallel deliveries to the same local domain (when
"local_destination_recipient_limit &gt; 1"). This limit is enforced by
the queue manager. The message delivery transport name is the first
field in the entry in the master.cf file. </p>

<p> A low limit of 2 is recommended, just in case someone has an
expensive shell command in a .forward file or in an alias (e.g.,
a mailing list manager).  You don't want to run lots of those at
the same time.  </p>

%PARAM local_destination_recipient_limit 1

<p> The maximal number of recipients per message delivery via the
local mail delivery transport. This limit is enforced by the queue
manager. The message delivery transport name is the first field in
the entry in the master.cf file. </p>

<p> Setting this parameter to a value &gt; 1 changes the meaning of
local_destination_concurrency_limit from concurrency per recipient
into concurrency per domain.  </p>

%PARAM local_recipient_maps proxy:unix:passwd.byname $alias_maps

<p> Lookup tables with all names or addresses of local recipients:
a recipient address is local when its domain matches $mydestination,
$inet_interfaces or $proxy_interfaces.  Specify @domain as a
wild-card for domains that do not have a valid recipient list.
Technically, tables listed with $local_recipient_maps are used as
lists: Postfix needs to know only if a lookup string is found or
not, but it does not use the result from table lookup.  </p>

<p>
Specify zero or more "type:name" lookup tables, separated by
whitespace or comma. Tables will be searched in the specified order
until a match is found.
</p>

<p>
If this parameter is non-empty (the default), then the Postfix SMTP
server will reject mail for unknown local users.
</p>

<p>
To turn off local recipient checking in the Postfix SMTP server,
specify "local_recipient_maps =" (i.e. empty).
</p>

<p>
The default setting assumes that you use the default Postfix local
delivery agent for local delivery. You need to update the
local_recipient_maps setting if:
</p>

<ul>

<li>You redefine the local delivery agent in master.cf.

<li>You redefine the "local_transport" setting in main.cf.

<li>You use the "luser_relay", "mailbox_transport", or "fallback_transport"
feature of the Postfix local(8) delivery agent.

</ul>

<p>
Details are described in the LOCAL_RECIPIENT_README file.
</p>

<p>
Beware: if the Postfix SMTP server runs chrooted, you need to access
the passwd file via the proxymap(8) service, in order to overcome
chroot access restrictions. The alternative, maintaining a copy of
the system password file in the chroot jail is not practical.
</p>

<p>
Examples:
</p>

<pre>
local_recipient_maps =
</pre>

%PARAM local_transport local:$myhostname

<p> The default mail delivery transport and next-hop destination
for final delivery to domains listed with mydestination, and for
[ipaddress] destinations that match $inet_interfaces or $proxy_interfaces.
This information can be overruled with the transport(5) table. </p>

<p>
By default, local mail is delivered to the transport called "local",
which is just the name of a service that is defined the master.cf file.
</p>

<p>
Specify a string of the form <i>transport:nexthop</i>, where <i>transport</i>
is the name of a mail delivery transport defined in master.cf.
The <i>:nexthop</i> destination is optional; its syntax is documented 
in the manual page of the corresponding delivery agent.
</p>

<p>
Beware: if you override the default local delivery agent then you
need to review the LOCAL_RECIPIENT_README document, otherwise the
SMTP server may reject mail for local recipients.
</p>

%PARAM luser_relay 

<p>
Optional catch-all destination for unknown local(8) recipients.
By default, mail for unknown recipients in domains that match
$mydestination, $inet_interfaces or $proxy_interfaces is returned
as undeliverable.
</p>

<p>
The following $name expansions are done on luser_relay:
</p>

<dl>

<dt><b>$domain</b></dt>

<dd>The recipient domain. </dd>

<dt><b>$extension</b></dt>

<dd>The recipient address extension. </dd>

<dt><b>$home</b></dt>

<dd>The recipient's home directory. </dd>

<dt><b>$local</b></dt>

<dd>The entire recipient address localpart. </dd>

<dt><b>$recipient</b></dt>

<dd>The full recipient address. </dd>

<dt><b>$recipient_delimiter</b></dt>

<dd>The address extension delimiter that was found in the recipient
address (Postfix 2.11 and later), or the system-wide recipient
address extension delimiter (Postfix 2.10 and earlier). </dd>

<dt><b>$shell</b></dt>

<dd>The recipient's login shell. </dd>

<dt><b>$user</b></dt>

<dd>The recipient username. </dd>

<dt><b>${name?value}</b></dt>

<dd>Expands to <i>value</i> when <i>$name</i> has a non-empty value. </dd>

<dt><b>${name:value}</b></dt>

<dd>Expands to <i>value</i> when <i>$name</i> has an empty value. </dd>

</dl>

<p>
Instead of $name you can also specify ${name} or $(name).
</p>

<p>
Note: luser_relay works only for the Postfix local(8) delivery agent.
</p>

<p>
Note: if you use this feature for accounts not in the UNIX password
file, then you must specify "local_recipient_maps =" (i.e. empty)
in the main.cf file, otherwise the Postfix SMTP server will reject mail
for non-UNIX accounts with "User unknown in local recipient table".
</p>

<p>
Examples:
</p>

<pre>
luser_relay = $user@other.host
luser_relay = $local@other.host
luser_relay = admin+$local
</pre>

%PARAM mail_name Postfix

<p>
The mail system name that is displayed in Received: headers, in
the SMTP greeting banner, and in bounced mail.
</p>

%PARAM mail_owner postfix

<p>
The UNIX system account that owns the Postfix queue and most Postfix
daemon processes.  Specify the name of an unprivileged user account
that does not share a user or group ID with other accounts, and that
owns no other files
or processes on the system.  In particular, don't specify nobody
or daemon.  PLEASE USE A DEDICATED USER ID AND GROUP ID.
</p>

<p>
When this parameter value is changed you need to re-run "<b>postfix
set-permissions</b>" (with Postfix version 2.0 and earlier:
"<b>/etc/postfix/post-install set-permissions</b>".
</p>

%PARAM mail_spool_directory see "postconf -d" output

<p>
The directory where local(8) UNIX-style mailboxes are kept. The
default setting depends on the system type. Specify a name ending
in / for maildir-style delivery.
</p>

<p>
Note: maildir delivery is done with the privileges of the recipient.
If you use the mail_spool_directory setting for maildir style
delivery, then you must create the top-level maildir directory in
advance. Postfix will not create it.
</p>

<p>
Examples:
</p>

<pre>
mail_spool_directory = /var/mail
mail_spool_directory = /var/spool/mail
</pre>

%PARAM mail_version see "postconf -d" output

<p>
The version of the mail system. Stable releases are named
<i>major</i>.<i>minor</i>.<i>patchlevel</i>. Experimental releases
also include the release date. The version string can be used in,
for example, the SMTP greeting banner.
</p>

%PARAM mailbox_command 

<p>
Optional external command that the local(8) delivery agent should
use for mailbox delivery.  The command is run with the user ID and
the primary group ID privileges of the recipient.  Exception:
command delivery for root executes with $default_privs privileges.
This is not a problem, because 1) mail for root should always be
aliased to a real user and 2) don't log in as root, use "su" instead.
</p>

<p>
The following environment variables are exported to the command:
</p>

<dl>

<dt><b>CLIENT_ADDRESS</b></dt>

<dd>Remote client network address. Available in Postfix version 2.2 and
later. </dd>

<dt><b>CLIENT_HELO</b></dt>

<dd>Remote client EHLO command parameter. Available in Postfix version 2.2
and later.</dd>

<dt><b>CLIENT_HOSTNAME</b></dt>

<dd>Remote client hostname. Available in Postfix version 2.2 and later.
</dd>

<dt><b>CLIENT_PROTOCOL</b></dt>

<dd>Remote client protocol. Available in Postfix version 2.2 and later.
</dd>

<dt><b>DOMAIN</b></dt>

<dd>The domain part of the recipient address. </dd>

<dt><b>EXTENSION</b></dt>

<dd>The optional address extension. </dd>

<dt><b>HOME</b></dt>

<dd>The recipient home directory. </dd>

<dt><b>LOCAL</b></dt>

<dd>The recipient address localpart. </dd>

<dt><b>LOGNAME</b></dt>

<dd>The recipient's username. </dd>

<dt><b>ORIGINAL_RECIPIENT</b></dt>

<dd>The entire recipient address, before any address rewriting or
aliasing.  </dd>

<dt><b>RECIPIENT</b></dt>

<dd>The full recipient address. </dd>

<dt><b>SASL_METHOD</b></dt>

<dd>SASL authentication method specified in the remote client AUTH
command. Available in Postfix version 2.2 and later. </dd>

<dt><b>SASL_SENDER</b></dt>

<dd>SASL sender address specified in the remote client MAIL FROM
command. Available in Postfix version 2.2 and later. </dd>

<dt><b>SASL_USER</b></dt>

<dd>SASL username specified in the remote client AUTH command.
Available in Postfix version 2.2 and later.  </dd>

<dt><b>SENDER</b></dt>

<dd>The full sender address. </dd>

<dt><b>SHELL</b></dt>

<dd>The recipient's login shell. </dd>

<dt><b>USER</b></dt>

<dd>The recipient username. </dd>

</dl>

<p>
Unlike other Postfix configuration parameters, the mailbox_command
parameter is not subjected to $name substitutions. This is to make
it easier to specify shell syntax (see example below).
</p>

<p>
If you can, avoid shell meta characters because they will force
Postfix to run an expensive shell process. If you're delivering
via Procmail then running a shell won't make a noticeable difference
in the total cost.
</p>

<p>
Note: if you use the mailbox_command feature to deliver mail
system-wide, you must set up an alias that forwards mail for root
to a real user.
</p>

<p> The precedence of local(8) delivery features from high to low
is: aliases, .forward files, mailbox_transport_maps, mailbox_transport,
mailbox_command_maps, mailbox_command, home_mailbox, mail_spool_directory,
fallback_transport_maps, fallback_transport and luser_relay.  </p>

<p>
Examples:
</p>

<pre>
mailbox_command = /some/where/procmail
mailbox_command = /some/where/procmail -a "$EXTENSION"
mailbox_command = /some/where/maildrop -d "$USER"
        -f "$SENDER" "$EXTENSION"
</pre>

%PARAM mailbox_size_limit 51200000

<p> The maximal size of any local(8) individual mailbox or maildir
file, or zero (no limit).  In fact, this limits the size of any
file that is written to upon local delivery, including files written
by external commands that are executed by the local(8) delivery
agent.  </p>

<p>
This limit must not be smaller than the message size limit.
</p>

%PARAM maps_rbl_reject_code 554

<p>
The numerical Postfix SMTP server response code when a remote SMTP
client request is blocked by the reject_rbl_client, reject_rhsbl_client,
reject_rhsbl_reverse_client, reject_rhsbl_sender or
reject_rhsbl_recipient restriction.
</p>

<p>
Do not change this unless you have a complete understanding of RFC 5321.
</p>

%PARAM masquerade_classes envelope_sender, header_sender, header_recipient

<p>
What addresses are subject to address masquerading.
</p>

<p>
By default, address masquerading is limited to envelope sender
addresses, and to header sender and header recipient addresses.
This allows you to use address masquerading on a mail gateway while
still being able to forward mail to users on individual machines.
</p>

<p>
Specify zero or more of: envelope_sender, envelope_recipient,
header_sender, header_recipient
</p>

%PARAM masquerade_domains 

<p>
Optional list of domains whose subdomain structure will be stripped
off in email addresses.
</p>

<p>
The list is processed left to right, and processing stops at the
first match.  Thus,
</p>

<blockquote>
<pre>
masquerade_domains = foo.example.com example.com
</pre>
</blockquote>

<p>
strips "user@any.thing.foo.example.com" to "user@foo.example.com",
but strips "user@any.thing.else.example.com" to "user@example.com".
</p>

<p>
A domain name prefixed with ! means do not masquerade this domain
or its subdomains. Thus,
</p>

<blockquote>
<pre>
masquerade_domains = !foo.example.com example.com
</pre>
</blockquote>

<p>
does not change "user@any.thing.foo.example.com" or "user@foo.example.com",
but strips "user@any.thing.else.example.com" to "user@example.com".
</p>

<p> Note: with Postfix version 2.2, message header address masquerading
happens only when message header address rewriting is enabled: </p>

<ul>

<li> The message is received with the Postfix sendmail(1) command,

<li> The message is received from a network client that matches
$local_header_rewrite_clients,

<li> The message is received from the network, and the
remote_header_rewrite_domain parameter specifies a non-empty value.

</ul>

<p> To get the behavior before Postfix version 2.2, specify
"local_header_rewrite_clients = static:all". </p>


<p>
Example:
</p>

<pre>
masquerade_domains = $mydomain
</pre>

%PARAM masquerade_exceptions 

<p>
Optional list of user names that are not subjected to address
masquerading, even when their address matches $masquerade_domains.
</p>

<p>
By default, address masquerading makes no exceptions.
</p>

<p>
Specify a list of user names, "/file/name" or "type:table" patterns,
separated by commas and/or whitespace. The list is matched left to
right, and the search stops on the first match. A "/file/name"
pattern is replaced
by its contents; a "type:table" lookup table is matched when a name
matches a lookup key (the lookup result is ignored).  Continue long
lines by starting the next line with whitespace. Specify "!pattern"
to exclude a name from the list. The form "!/file/name" is supported
only in Postfix version 2.4 and later.  </p>

<p>
Examples:
</p>

<pre>
masquerade_exceptions = root, mailer-daemon
masquerade_exceptions = root
</pre>

%PARAM max_idle 100s

<p>
The maximum amount of time that an idle Postfix daemon process waits
for an incoming connection before terminating voluntarily.  This
parameter
is ignored by the Postfix queue manager and by other long-lived
Postfix daemon processes.
</p>

<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>

%PARAM max_use 100

<p>
The maximal number of incoming connections that a Postfix daemon
process will service before terminating voluntarily.  This parameter
is ignored by the Postfix queue
manager and by other long-lived Postfix daemon processes.
</p>

%PARAM maximal_backoff_time 4000s

<p>
The maximal time between attempts to deliver a deferred message.
</p>

<p> This parameter should be set to a value greater than or equal
to $minimal_backoff_time. See also $queue_run_delay.  </p>

<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>

%PARAM maximal_queue_lifetime 5d

<p>
Consider a message as undeliverable, when delivery fails with a
temporary error, and the time in the queue has reached the
maximal_queue_lifetime limit. 
</p>

<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is d (days).
</p>

<p>
Specify 0 when mail delivery should be tried only once.
</p>

%PARAM lmdb_map_size 16777216

<p>
The initial OpenLDAP LMDB database size limit in bytes.  Each time
a database becomes full, its size limit is doubled.
</p>

<p>
This feature is available in Postfix 2.11 and later.
</p>

%PARAM message_size_limit 10240000

<p>
The maximal size in bytes of a message, including envelope information.
</p>

<p> Note: be careful when making changes.  Excessively small values
will result in the loss of non-delivery notifications, when a bounce
message size exceeds the local or remote MTA's message size limit.
</p>

%PARAM minimal_backoff_time 300s

<p>
The minimal time between attempts to deliver a deferred message;
prior to Postfix 2.4 the default value was 1000s.
</p>

<p>
This parameter also limits the time an unreachable destination is
kept in the short-term, in-memory, destination status cache.
</p>

<p> This parameter should be set greater than or equal to
$queue_run_delay. See also $maximal_backoff_time.  </p>

<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>

%PARAM multi_recipient_bounce_reject_code 550

<p>
The numerical Postfix SMTP server response code when a remote SMTP
client request is blocked by the reject_multi_recipient_bounce
restriction.
</p>

<p>
Do not change this unless you have a complete understanding of RFC 5321.
</p>

<p>
This feature is available in Postfix 2.1 and later.
</p>

%PARAM mydestination $myhostname, localhost.$mydomain, localhost

<p> The list of domains that are delivered via the $local_transport
mail delivery transport. By default this is the Postfix local(8)
delivery agent which looks up all recipients in /etc/passwd and
/etc/aliases. The SMTP server validates recipient addresses with
$local_recipient_maps and rejects non-existent recipients. See also
the local domain class in the ADDRESS_CLASS_README file.
</p>

<p>
The default mydestination value specifies names for the local
machine only.  On a mail domain gateway, you should also include
$mydomain.
</p>

<p>
The $local_transport delivery method is also selected for mail
addressed to user@[the.net.work.address] of the mail system (the
IP addresses specified with the inet_interfaces and proxy_interfaces
parameters).
</p>

<p>
Warnings:
</p>

<ul>

<li><p>Do not specify the names of virtual domains - those domains
are specified elsewhere. See VIRTUAL_README for more information. </p>

<li><p>Do not specify the names of domains that this machine is
backup MX host for. See STANDARD_CONFIGURATION_README for how to
set up backup MX hosts. </p>

<li><p>By default, the Postfix SMTP server rejects mail for recipients
not listed with the local_recipient_maps parameter.  See the
postconf(5) manual for a description of the local_recipient_maps
and unknown_local_recipient_reject_code parameters. </p>

</ul>

<p>
Specify a list of host or domain names, "/file/name" or "type:table"
patterns, separated by commas and/or whitespace. A "/file/name"
pattern is replaced by its contents; a "type:table" lookup table
is matched when a name matches a lookup key (the lookup result is
ignored).  Continue long lines by starting the next line with
whitespace.  </p>

<p>
Examples:
</p>

<pre>
mydestination = $myhostname, localhost.$mydomain $mydomain
mydestination = $myhostname, localhost.$mydomain www.$mydomain, ftp.$mydomain
</pre>

%PARAM mydomain see "postconf -d" output

<p>
The internet domain name of this mail system.  The default is to
use $myhostname minus the first component, or "localdomain" (Postfix
2.3 and later).  $mydomain is used as
a default value for many other configuration parameters.
</p>

<p>
Example:
</p>

<pre>
mydomain = domain.tld
</pre>

%PARAM myhostname see "postconf -d" output

<p>
The internet hostname of this mail system. The default is to use
the fully-qualified domain name (FQDN) from gethostname(), or to
use the non-FQDN result from gethostname() and append ".$mydomain".
$myhostname is used as a default value for many other configuration
parameters.  </p>

<p>
Example:
</p>

<pre>
myhostname = host.example.com
</pre>

%PARAM mynetworks see "postconf -d" output

<p>
The list of "trusted" remote SMTP clients that have more privileges than
"strangers".
</p>

<p>
In particular, "trusted" SMTP clients are allowed to relay mail
through Postfix.  See the smtpd_relay_restrictions parameter
description in the postconf(5) manual.
</p>

<p>
You can specify the list of "trusted" network addresses by hand
or you can let Postfix do it for you (which is the default).
See the description of the mynetworks_style parameter for more
information.
</p>

<p>
If you specify the mynetworks list by hand, 
Postfix ignores the mynetworks_style setting.
</p>

<p> Specify a list of network addresses or network/netmask patterns,
separated by commas and/or whitespace. Continue long lines by
starting the next line with whitespace. </p>

<p> The netmask specifies the number of bits in the network part
of a host address.  You can also specify "/file/name" or "type:table"
patterns.  A "/file/name" pattern is replaced by its contents; a
"type:table" lookup table is matched when a table entry matches a
lookup string (the lookup result is ignored). </p>

<p> The list is matched left to right, and the search stops on the
first match.  Specify "!pattern" to exclude an address or network
block from the list. The form "!/file/name" is supported only
in Postfix version 2.4 and later. </p>

<p> Note 1: Pattern matching of domain names is controlled by the
or absence of "mynetworks" in the parent_domain_matches_subdomains
parameter value.  </p>

<p> Note 2: IP version 6 address information must be specified inside
<tt>[]</tt> in the mynetworks value, and in files specified with
"/file/name".  IP version 6 addresses contain the ":" character,
and would otherwise be confused with a "type:table" pattern.  </p>

<p> Examples:  </p>

<pre> 
mynetworks = 127.0.0.0/8 168.100.189.0/28
mynetworks = !192.168.0.1, 192.168.0.0/28
mynetworks = 127.0.0.0/8 168.100.189.0/28 [::1]/128 [2001:240:587::]/64 
mynetworks = $config_directory/mynetworks
mynetworks = hash:/etc/postfix/network_table
</pre>

%PARAM myorigin $myhostname

<p>
The domain name that locally-posted mail appears to come
from, and that locally posted mail is delivered to. The default,
$myhostname, is adequate for small sites.  If you run a domain with
multiple machines, you should (1) change this to $mydomain and (2)
set up a domain-wide alias database that aliases each user to
user@that.users.mailhost.
</p>

<p>
Example:
</p>

<pre>
myorigin = $mydomain
</pre>

%PARAM notify_classes resource, software

<p>
The list of error classes that are reported to the postmaster. The
default is to report only the most serious problems. The paranoid
may wish to turn on the policy (UCE and mail relaying) and protocol
error (broken mail software) reports.
</p>

<p> NOTE: postmaster notifications may contain confidential information
such as SASL passwords or message content.  It is the system
administrator's responsibility to treat such information with care.
</p>

<p>
The error classes are:
</p>

<dl>

<dt><b>bounce</b> (also implies <b>2bounce</b>)</dt>

<dd>Send the postmaster copies of the headers of bounced mail, and
send transcripts of SMTP sessions when Postfix rejects mail. The
notification is sent to the address specified with the
bounce_notice_recipient configuration parameter (default: postmaster).
</dd>

<dt><b>2bounce</b></dt>

<dd>Send undeliverable bounced mail to the postmaster. The notification
is sent to the address specified with the 2bounce_notice_recipient
configuration parameter (default: postmaster). </dd>

<dt><b>data</b></dt>

<dd>Send the postmaster a transcript of the SMTP session with an
error because a critical data file was unavailable. The notification
is sent to the address specified with the error_notice_recipient
configuration parameter (default: postmaster). <br> This feature
is available in Postfix 2.9 and later.  </dd>

<dt><b>delay</b></dt>

<dd>Send the postmaster copies of the headers of delayed mail (see
delay_warning_time). The
notification is sent to the address specified with the
delay_notice_recipient configuration parameter (default: postmaster).
</dd>

<dt><b>policy</b></dt>

<dd>Send the postmaster a transcript of the SMTP session when a
client request was rejected because of (UCE) policy. The notification
is sent to the address specified with the error_notice_recipient
configuration parameter (default: postmaster).  </dd>

<dt><b>protocol</b></dt>

<dd>Send the postmaster a transcript of the SMTP session in case
of client or server protocol errors. The notification is sent to
the address specified with the error_notice_recipient configuration
parameter (default: postmaster). </dd>

<dt><b>resource</b></dt>

<dd>Inform the postmaster of mail not delivered due to resource
problems.  The notification is sent to the address specified with
the error_notice_recipient configuration parameter (default:
postmaster). </dd>

<dt><b>software</b></dt>

<dd>Inform the postmaster of mail not delivered due to software
problems.  The notification is sent to the address specified with
the error_notice_recipient configuration parameter (default:
postmaster). </dd>

</dl>

<p>
Examples:
</p>

<pre>
notify_classes = bounce, delay, policy, protocol, resource, software
notify_classes = 2bounce, resource, software
</pre>

%PARAM parent_domain_matches_subdomains see "postconf -d" output

<p>
A list of Postfix features where the pattern "example.com" also
matches subdomains of example.com,
instead of requiring an explicit ".example.com" pattern.  This is
planned backwards compatibility:  eventually, all Postfix features
are expected to require explicit ".example.com" style patterns when
you really want to match subdomains.
</p>

<p> The following Postfix feature names are supported. </p>

<dl>

<dt> Postfix version 1.0 and later</dt> 

<dd>
debug_peer_list,
fast_flush_domains,
mynetworks,
permit_mx_backup_networks,
relay_domains,
transport_maps
</dd>

<dt> Postfix version 1.1 and later</dt> 

<dd>
qmqpd_authorized_clients,
smtpd_access_maps,
</dd>

<dt> Postfix version 2.8 and later </dt> 

<dd>
postscreen_access_list
</dd>

<dt> Postfix version 3.0 and later </dt> 

<dd>
smtpd_client_event_limit_exceptions
</dd>

</dl>

%PARAM propagate_unmatched_extensions canonical, virtual

<p>
What address lookup tables copy an address extension from the lookup
key to the lookup result.
</p>

<p>
For example, with a virtual(5) mapping of "<i>joe@example.com =&gt;
joe.user@example.net</i>", the address "<i>joe+foo@example.com</i>"
would rewrite to "<i>joe.user+foo@example.net</i>".
</p>

<p>
Specify zero or more of <b>canonical</b>, <b>virtual</b>, <b>alias</b>,
<b>forward</b>, <b>include</b> or <b>generic</b>. These cause
address extension
propagation with canonical(5), virtual(5), and aliases(5) maps,
with local(8) .forward and :include: file lookups, and with smtp(8)
generic maps, respectively.  </p>

<p>
Note: enabling this feature for types other than <b>canonical</b>
and <b>virtual</b> is likely to cause problems when mail is forwarded
to other sites, especially with mail that is sent to a mailing list
exploder address.
</p>

<p>
Examples:
</p>

<pre>
propagate_unmatched_extensions = canonical, virtual, alias,
        forward, include
propagate_unmatched_extensions = canonical, virtual
</pre>

%PARAM proxy_interfaces 

<p>
The network interface addresses that this mail system receives mail
on by way of a proxy or network address translation unit.
</p>

<p>
This feature is available in Postfix 2.0 and later.
</p>

<p> You must specify your "outside" proxy/NAT addresses when your
system is a backup MX host for other domains, otherwise mail delivery
loops will happen when the primary MX host is down.  </p>

<p>
Example:
</p>

<pre>
proxy_interfaces = 1.2.3.4
</pre>

%PARAM qmgr_message_active_limit 20000

<p>
The maximal number of messages in the active queue.
</p>

%PARAM qmgr_message_recipient_limit 20000

<p> The maximal number of recipients held in memory by the Postfix
queue manager, and the maximal size of the short-term,
in-memory "dead" destination status cache.  </p>

%PARAM qmgr_message_recipient_minimum 10

<p>
The minimal number of in-memory recipients for any message. This
takes priority over any other in-memory recipient limits (i.e.,
the global qmgr_message_recipient_limit and the per transport
_recipient_limit) if necessary. The minimum value allowed for this
parameter is 1.
</p>

%PARAM qmqpd_authorized_clients 

<p>
What remote QMQP clients are allowed to connect to the Postfix QMQP
server port.
</p>

<p>
By default, no client is allowed to use the service. This is
because the QMQP server will relay mail to any destination.
</p>

<p>
Specify a list of client patterns. A list pattern specifies a host
name, a domain name, an internet address, or a network/mask pattern,
where the mask specifies the number of bits in the network part.
When a pattern specifies a file name, its contents are substituted
for the file name; when a pattern is a "type:table" table specification,
table lookup is used instead.  </p>

<p>
Patterns are separated by whitespace and/or commas. In order to
reverse the result, precede a pattern with an
exclamation point (!). The form "!/file/name" is supported only
in Postfix version 2.4 and later.
</p>

<p> Pattern matching of domain names is controlled by the presence
or absence of "qmqpd_authorized_clients" in the
parent_domain_matches_subdomains parameter value.  </p>

<p>
Example:
</p>

<pre>
qmqpd_authorized_clients = !192.168.0.1, 192.168.0.0/24
</pre>

%PARAM qmqpd_error_delay 1s

<p>
How long the Postfix QMQP server will pause before sending a negative
reply to the remote QMQP client. The purpose is to slow down confused
or malicious clients.
</p>

<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>

%PARAM qmqpd_timeout 300s

<p>
The time limit for sending or receiving information over the network.
If a read or write operation blocks for more than $qmqpd_timeout
seconds the Postfix QMQP server gives up and disconnects.
</p>

<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>

%PARAM queue_minfree 0

<p>
The minimal amount of free space in bytes in the queue file system
that is needed to receive mail.  This is currently used by the
Postfix SMTP server to decide if it will accept any mail at all.
</p>

<p>
By default, the Postfix SMTP server rejects MAIL FROM commands when
the amount of free space is less than 1.5*$message_size_limit
(Postfix version 2.1 and later).
To specify a higher minimum free space limit, specify a queue_minfree
value that is at least 1.5*$message_size_limit.
</p>

<p>
With Postfix versions 2.0 and earlier, a queue_minfree value of
zero means there is no minimum required amount of free space.
</p>

%PARAM queue_run_delay 300s

<p>
The time between deferred queue scans by the queue manager;
prior to Postfix 2.4 the default value was 1000s.
</p>

<p> This parameter should be set less than or equal to
$minimal_backoff_time. See also $maximal_backoff_time.  </p>

<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>

%PARAM rbl_reply_maps 

<p>
Optional lookup tables with RBL response templates. The tables are
indexed by the RBL domain name. By default, Postfix uses the default
template as specified with the default_rbl_reply configuration
parameter. See there for a discussion of the syntax of RBL reply
templates.
</p>

<p>
This feature is available in Postfix 2.0 and later.
</p>

%PARAM receive_override_options 

<p> Enable or disable recipient validation, built-in content
filtering, or address mapping. Typically, these are specified in
master.cf as command-line arguments for the smtpd(8), qmqpd(8) or
pickup(8) daemons. </p>

<p> Specify zero or more of the following options.  The options
override main.cf settings and are either implemented by smtpd(8),
qmqpd(8), or pickup(8) themselves, or they are forwarded to the
cleanup server.  </p>

<dl>

<dt><b><a name="no_unknown_recipient_checks">no_unknown_recipient_checks</a></b></dt>

<dd>Do not try to reject unknown recipients (SMTP server only).
This is typically specified AFTER an external content filter.
</dd>

<dt><b><a name="no_address_mappings">no_address_mappings</a></b></dt>

<dd>Disable canonical address mapping, virtual alias map expansion,
address masquerading, and automatic BCC (blind carbon-copy)
recipients. This is typically specified BEFORE an external content
filter. </dd>

<dt><b><a name="no_header_body_checks">no_header_body_checks</a></b></dt>

<dd>Disable header/body_checks. This is typically specified AFTER
an external content filter. </dd>

<dt><b><a name="no_milters">no_milters</a></b></dt>

<dd>Disable Milter (mail filter) applications. This is typically
specified AFTER an external content filter. </dd>

</dl>

<p>
Note: when the "BEFORE content filter" receive_override_options
setting is specified in the main.cf file, specify the "AFTER content
filter" receive_override_options setting in master.cf (and vice
versa).
</p>

<p>
Examples:
</p>

<pre>
receive_override_options =
    no_unknown_recipient_checks, no_header_body_checks
receive_override_options = no_address_mappings
</pre>

<p>
This feature is available in Postfix 2.1 and later.
</p>

%PARAM recipient_bcc_maps 

<p>
Optional BCC (blind carbon-copy) address lookup tables, indexed by
recipient address.  The BCC address (multiple results are not
supported) is added when mail enters from outside of Postfix.
</p>

<p>
Specify zero or more "type:name" lookup tables, separated by
whitespace or comma. Tables will be searched in the specified order
until a match is found.
</p>

<p>
The table search order is as follows:
</p>

<ul>

<li> Look up the "user+extension@domain.tld" address including the
optional address extension.

<li> Look up the "user@domain.tld" address without the optional
address extension.

<li> Look up the "user+extension" address local part when the
recipient domain equals $myorigin, $mydestination, $inet_interfaces
or $proxy_interfaces.

<li> Look up the "user" address local part when the recipient domain
equals $myorigin, $mydestination, $inet_interfaces or $proxy_interfaces.

<li> Look up the "@domain.tld" part.

</ul>

<p>
Note: with Postfix 2.3 and later the BCC address is added as if it
was specified with NOTIFY=NONE. The sender will not be notified
when the BCC address is undeliverable, as long as all down-stream
software implements RFC 3461.
</p>
 
<p>
Note: with Postfix 2.2 and earlier the sender will unconditionally
be notified when the BCC address is undeliverable.
</p>

<p> Note: automatic BCC recipients are produced only for new mail.
To avoid mailer loops, automatic BCC recipients are not generated
after Postfix forwards mail internally, or after Postfix generates
mail itself. </p>

<p>
Example:
</p>

<pre>
recipient_bcc_maps = hash:/etc/postfix/recipient_bcc
</pre>

<p>
After a change, run "<b>postmap /etc/postfix/recipient_bcc</b>".
</p>

<p>
This feature is available in Postfix 2.1 and later.
</p>

%PARAM recipient_canonical_maps 

<p>
Optional address mapping lookup tables for envelope and header
recipient addresses.
The table format and lookups are documented in canonical(5).
</p>

<p>
Note: $recipient_canonical_maps is processed before $canonical_maps.
</p>

<p>
Example:
</p>

<pre>
recipient_canonical_maps = hash:/etc/postfix/recipient_canonical
</pre>

%PARAM recipient_delimiter

<p> The set of characters that can separate a user name from its
extension (example: user+foo), or a .forward file name from its
extension (example: .forward+foo).  Basically, the software tries
user+foo and .forward+foo before trying user and .forward.  This
implementation recognizes one delimiter character and one extension
per email address or .forward file name. </p>

<p> When the recipient_delimiter set contains multiple characters
(Postfix 2.11 and later), a user name or .forward file name is
separated from its extension by the first character that matches
the recipient_delimiter set. </p>

<p> See canonical(5), local(8), relocated(5) and virtual(5) for the
effects of recipient_delimiter on lookups in aliases, canonical,
virtual, and relocated maps, and see the propagate_unmatched_extensions
parameter for propagating an extension from one email address to
another.  </p>

<p> When used in command_execution_directory, forward_path, or
luser_relay, ${recipient_delimiter} is replaced with the actual
recipient delimiter that was found in the recipient email address
(Postfix 2.11 and later), or it is replaced with the main.cf
recipient_delimiter parameter value (Postfix 2.10 and earlier).
</p>

<p> The recipient_delimiter is not applied to the mailer-daemon
address, the postmaster address, or the double-bounce address. With
the default "owner_request_special = yes" setting, the recipient_delimiter
is also not applied to addresses with the special "owner-" prefix
or the special "-request" suffix. </p>

<p>
Examples:
</p>
  
<pre>
# Handle Postfix-style extensions.
recipient_delimiter = +
</pre>

<pre>
# Handle both Postfix and qmail extensions (Postfix 2.11 and later).
recipient_delimiter = +-
</pre>

<pre>
# Use .forward for mail without address extension, and for mail with
# an unrecognized address extension.
forward_path = $home/.forward${recipient_delimiter}${extension},
    $home/.forward
</pre>

%PARAM reject_code 554

<p>
The numerical Postfix SMTP server response code when a remote SMTP
client request is rejected by the "reject" restriction.
</p>

<p>
Do not change this unless you have a complete understanding of RFC 5321.
</p>

%PARAM relay_domains Postfix &ge; 3.0: empty, Postfix &lt; 3.0: $mydestination

<p> What destination domains (and subdomains thereof) this system
will relay mail to. For details about how
the relay_domains value is used, see the description of the
permit_auth_destination and reject_unauth_destination SMTP recipient
restrictions.  </p>

<p> Domains that match $relay_domains are delivered with the
$relay_transport mail delivery transport. The SMTP server validates
recipient addresses with $relay_recipient_maps and rejects non-existent
recipients. See also the relay domains address class in the
ADDRESS_CLASS_README file.  </p>

<p> Note: Postfix will not automatically forward mail for domains
that list this system as their primary or backup MX host. See the
permit_mx_backup restriction in the postconf(5) manual page.  </p>

<p> Specify a list of host or domain names, "/file/name" patterns
or "type:table" lookup tables, separated by commas and/or whitespace.
Continue long lines by starting the next line with whitespace. A
"/file/name" pattern is replaced by its contents; a "type:table"
lookup table is matched when a (parent) domain appears as lookup
key. Specify "!pattern" to exclude a domain from the list. The form
"!/file/name" is supported only in Postfix version 2.4 and later.
</p>

<p> Pattern matching of domain names is controlled by the presence
or absence of "relay_domains" in the parent_domain_matches_subdomains
parameter value. </p>

%PARAM relay_domains_reject_code 554

<p>
The numerical Postfix SMTP server response code when a client
request is rejected by the reject_unauth_destination recipient
restriction.
</p>

<p>
Do not change this unless you have a complete understanding of RFC 5321.
</p>

%PARAM relay_recipient_maps 

<p> Optional lookup tables with all valid addresses in the domains
that match $relay_domains. Specify @domain as a wild-card for
domains that have no valid recipient list, and become a source of
backscatter mail: Postfix accepts spam for non-existent recipients
and then floods innocent people with undeliverable mail.  Technically,
tables
listed with $relay_recipient_maps are used as lists: Postfix needs
to know only if a lookup string is found or not, but it does not
use the result from table lookup.  </p>

<p>
Specify zero or more "type:name" lookup tables, separated by
whitespace or comma. Tables will be searched in the specified order
until a match is found.
</p>

<p>
If this parameter is non-empty, then the Postfix SMTP server will reject
mail to unknown relay users. This feature is off by default.
</p>

<p>
See also the relay domains address class in the ADDRESS_CLASS_README
file.
</p>

<p>
Example:
</p>

<pre>
relay_recipient_maps = hash:/etc/postfix/relay_recipients
</pre>

<p>
This feature is available in Postfix 2.0 and later.
</p>

%PARAM relayhost 

<p>
The next-hop destination of non-local mail; overrides non-local
domains in recipient addresses. This information is overruled with
relay_transport, sender_dependent_default_transport_maps,
default_transport, sender_dependent_relayhost_maps
and with the transport(5) table.
</p>

<p>
On an intranet, specify the organizational domain name. If your
internal DNS uses no MX records, specify the name of the intranet
gateway host instead.
</p>

<p>
In the case of SMTP, specify a domain name, hostname, hostname:port,
[hostname]:port, [hostaddress] or [hostaddress]:port. The form
[hostname] turns off MX lookups.
</p>

<p>
If you're connected via UUCP, see the UUCP_README file for useful
information.
</p>

<p>
Examples:
</p>

<pre>
relayhost = $mydomain
relayhost = [gateway.example.com]
relayhost = uucphost
relayhost = [an.ip.add.ress]
</pre>

%PARAM relocated_maps 

<p>
Optional lookup tables with new contact information for users or
domains that no longer exist.  The table format and lookups are
documented in relocated(5).
</p>

<p>
Specify zero or more "type:name" lookup tables, separated by
whitespace or comma. Tables will be searched in the specified order
until a match is found.
</p>

<p>
If you use this feature, run "<b>postmap /etc/postfix/relocated</b>" to
build the necessary DBM or DB file after change, then "<b>postfix
reload</b>" to make the changes visible.
</p>

<p>
Examples:
</p>

<pre>
relocated_maps = dbm:/etc/postfix/relocated
relocated_maps = hash:/etc/postfix/relocated
</pre>

%PARAM require_home_directory no

<p>
Require that a local(8) recipient's home directory exists
before mail delivery is attempted. By default this test is disabled.
It can be useful for environments that import home directories to
the mail server (IMPORTING HOME DIRECTORIES IS NOT RECOMMENDED).
</p>

%PARAM resolve_dequoted_address yes

<p> Resolve a recipient address safely instead of correctly, by
looking inside quotes.  </p>

<p> By default, the Postfix address resolver does not quote the
address localpart as per RFC 822, so that additional @ or % or !
operators remain visible. This behavior is safe but it is also
technically incorrect.  </p>

<p> If you specify "resolve_dequoted_address = no", then
the Postfix
resolver will not know about additional @ etc. operators in the
address localpart. This opens opportunities for obscure mail relay
attacks with user@domain@domain addresses when Postfix provides
backup MX service for Sendmail systems.  </p>

%PARAM resolve_null_domain no

<p> Resolve an address that ends in the "@" null domain as if the
local hostname were specified, instead of rejecting the address as
invalid.  </p>

<p> This feature is available in Postfix 2.1 and later.
Earlier versions always resolve the null domain as the local
hostname.  </p>

<p> The Postfix SMTP server uses this feature to reject mail from
or to addresses that end in the "@" null domain, and from addresses
that rewrite into a form that ends in the "@" null domain.  </p>

%PARAM sender_bcc_maps

<p> Optional BCC (blind carbon-copy) address lookup tables, indexed
by sender address.  The BCC address (multiple results are not
supported) is added when mail enters from outside of Postfix.  </p>

<p>
Specify zero or more "type:name" lookup tables, separated by
whitespace or comma. Tables will be searched in the specified order
until a match is found.
</p>

<p>
The table search order is as follows:
</p>

<ul>

<li> Look up the "user+extension@domain.tld" address including the
optional address extension.

<li> Look up the "user@domain.tld" address without the optional
address extension.

<li> Look up the "user+extension" address local part when the
sender domain equals $myorigin, $mydestination, $inet_interfaces
or $proxy_interfaces.

<li> Look up the "user" address local part when the sender domain
equals $myorigin, $mydestination, $inet_interfaces or $proxy_interfaces.

<li> Look up the "@domain.tld" part.

</ul>

<p>
Note: with Postfix 2.3 and later the BCC address is added as if it
was specified with NOTIFY=NONE. The sender will not be notified
when the BCC address is undeliverable, as long as all down-stream
software implements RFC 3461.
</p>
 
<p>
Note: with Postfix 2.2 and earlier the sender will be notified
when the BCC address is undeliverable.
</p>

<p> Note: automatic BCC recipients are produced only for new mail.
To avoid mailer loops, automatic BCC recipients are not generated
after Postfix forwards mail internally, or after Postfix generates
mail itself. </p>

<p>
Example:
</p>

<pre>
sender_bcc_maps = hash:/etc/postfix/sender_bcc
</pre>

<p>
After a change, run "<b>postmap /etc/postfix/sender_bcc</b>".
</p>

<p>
This feature is available in Postfix 2.1 and later.
</p>

%PARAM sender_canonical_maps 

<p>
Optional address mapping lookup tables for envelope and header
sender addresses.
The table format and lookups are documented in canonical(5).
</p>

<p>
Example: you want to rewrite the SENDER address "user@ugly.domain"
to "user@pretty.domain", while still being able to send mail to
the RECIPIENT address "user@ugly.domain".
</p>

<p>
Note: $sender_canonical_maps is processed before $canonical_maps.
</p>

<p>
Example:
</p>

<pre>
sender_canonical_maps = hash:/etc/postfix/sender_canonical
</pre>

%PARAM smtp_always_send_ehlo yes

<p>
Always send EHLO at the start of an SMTP session.
</p>

<p>
With "smtp_always_send_ehlo = no", the Postfix SMTP client sends
EHLO only when
the word "ESMTP" appears in the server greeting banner (example:
220 spike.porcupine.org ESMTP Postfix).
</p>

%PARAM smtp_bind_address 

<p>
An optional numerical network address that the Postfix SMTP client
should bind to when making an IPv4 connection.
</p>

<p>
This can be specified in the main.cf file for all SMTP clients, or
it can be specified in the master.cf file for a specific client,
for example:
</p>

<blockquote>
<pre>
/etc/postfix/master.cf:
    smtp ... smtp -o smtp_bind_address=11.22.33.44
</pre>
</blockquote>

<p> Note 1: when inet_interfaces specifies no more than one IPv4
address, and that address is a non-loopback address, it is
automatically used as the smtp_bind_address.  This supports virtual
IP hosting, but can be a problem on multi-homed firewalls. See the
inet_interfaces documentation for more detail. </p>

<p> Note 2: address information may be enclosed inside <tt>[]</tt>,
but this form is not required here. </p>

%PARAM smtp_bind_address6 

<p>
An optional numerical network address that the Postfix SMTP client
should bind to when making an IPv6 connection.
</p>

<p> This feature is available in Postfix 2.2 and later. </p>

<p>
This can be specified in the main.cf file for all SMTP clients, or
it can be specified in the master.cf file for a specific client,
for example:
</p>

<blockquote>
<pre>
/etc/postfix/master.cf:
    smtp ... smtp -o smtp_bind_address6=1:2:3:4:5:6:7:8
</pre>
</blockquote>

<p> Note 1: when inet_interfaces specifies no more than one IPv6
address, and that address is a non-loopback address, it is
automatically used as the smtp_bind_address6.  This supports virtual
IP hosting, but can be a problem on multi-homed firewalls. See the
inet_interfaces documentation for more detail. </p>

<p> Note 2: address information may be enclosed inside <tt>[]</tt>,
but this form is not recommended here. </p>

%PARAM smtp_connection_cache_time_limit 2s

<p> When SMTP connection caching is enabled, the amount of time that
an unused SMTP client socket is kept open before it is closed.  Do
not specify larger values without permission from the remote sites.
</p>

<p> This feature is available in Postfix 2.2 and later. </p>

%PARAM smtp_connection_reuse_time_limit 300s

<p> The amount of time during which Postfix will use an SMTP
connection repeatedly.  The timer starts when the connection is
initiated (i.e. it includes the connect, greeting and helo latency,
in addition to the latencies of subsequent mail delivery transactions).
</p>

<p> This feature addresses a performance stability problem with
remote SMTP servers. This problem is not specific to Postfix: it
can happen when any MTA sends large amounts of SMTP email to a site
that has multiple MX hosts. </p>

<p> The problem starts when one of a set of MX hosts becomes slower
than the rest.  Even though SMTP clients connect to fast and slow
MX hosts with equal probability, the slow MX host ends up with more
simultaneous inbound connections than the faster MX hosts, because
the slow MX host needs more time to serve each client request. </p>

<p> The slow MX host becomes a connection attractor.  If one MX
host becomes N times slower than the rest, it dominates mail delivery
latency unless there are more than N fast MX hosts to counter the
effect. And if the number of MX hosts is smaller than N, the mail
delivery latency becomes effectively that of the slowest MX host
divided by the total number of MX hosts. </p>

<p> The solution uses connection caching in a way that differs from
Postfix version 2.2.  By limiting the amount of time during which a connection
can be used repeatedly (instead of limiting the number of deliveries
over that connection), Postfix not only restores fairness in the
distribution of simultaneous connections across a set of MX hosts,
it also favors deliveries over connections that perform well, which
is exactly what we want.  </p>

<p> The default reuse time limit, 300s, is comparable to the various
smtp transaction timeouts which are fair estimates of maximum excess
latency for a slow delivery.  Note that hosts may accept thousands
of messages over a single connection within the default connection
reuse time limit. This number is much larger than the default Postfix
version 2.2 limit of 10 messages per cached connection. It may prove necessary
to lower the limit to avoid interoperability issues with MTAs that
exhibit bugs when many messages are delivered via a single connection.
A lower reuse time limit risks losing the benefit of connection
reuse when the average connection and mail delivery latency exceeds
the reuse time limit.  </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM smtp_connection_cache_destinations

<p> Permanently enable SMTP connection caching for the specified
destinations.  With SMTP connection caching, a connection is not
closed immediately after completion of a mail transaction.  Instead,
the connection is kept open for up to $smtp_connection_cache_time_limit
seconds.  This allows connections to be reused for other deliveries,
and can improve mail delivery performance. </p>

<p> Specify a comma or white space separated list of destinations
or pseudo-destinations: </p>

<ul>

<li> if mail is sent without a relay host: a domain name (the
right-hand side of an email address, without the [] around a numeric
IP address),

<li> if mail is sent via a relay host: a relay host name (without
[] or non-default TCP port), as specified in main.cf or in the
transport map,

<li> if mail is sent via a UNIX-domain socket: a pathname (without
the unix: prefix),

<li> a /file/name with domain names and/or relay host names as
defined above,

<li> a "type:table" with domain names and/or relay host names on
the left-hand side.  The right-hand side result from "type:table"
lookups is ignored.

</ul>

<p> This feature is available in Postfix 2.2 and later. </p>

%PARAM smtp_connection_cache_on_demand yes

<p> Temporarily enable SMTP connection caching while a destination
has a high volume of mail in the active queue.  With SMTP connection
caching, a connection is not closed immediately after completion
of a mail transaction.  Instead, the connection is kept open for
up to $smtp_connection_cache_time_limit seconds.  This allows
connections to be reused for other deliveries, and can improve mail
delivery performance. </p>

<p> This feature is available in Postfix 2.2 and later. </p>

%PARAM smtp_connect_timeout 30s

<p>
The Postfix SMTP client time limit for completing a TCP connection, or
zero (use the operating system built-in time limit).
</p>

<p>
When no connection can be made within the deadline, the Postfix
SMTP client
tries the next address on the mail exchanger list. Specify 0 to
disable the time limit (i.e. use whatever timeout is implemented by
the operating system).
</p>

<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>

%PARAM smtp_data_done_timeout 600s

<p>
The Postfix SMTP client time limit for sending the SMTP ".", and
for receiving the remote SMTP server response.
</p>

<p>
When no response is received within the deadline, a warning is
logged that the mail may be delivered multiple times.
</p>

<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>

%PARAM smtp_data_init_timeout 120s

<p>
The Postfix SMTP client time limit for sending the SMTP DATA command,
and for receiving the remote SMTP server response.
</p>

<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>

%PARAM smtp_data_xfer_timeout 180s

<p>
The Postfix SMTP client time limit for sending the SMTP message content.
When the connection makes no progress for more than $smtp_data_xfer_timeout
seconds the Postfix SMTP client terminates the transfer.
</p>

<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>

%PARAM smtp_defer_if_no_mx_address_found no

<p>
Defer mail delivery when no MX record resolves to an IP address.
</p>

<p>
The default (no) is to return the mail as undeliverable. With older
Postfix versions the default was to keep trying to deliver the mail
until someone fixed the MX record or until the mail was too old.
</p>

<p>
Note: the Postfix SMTP client always ignores MX records with equal
or worse preference
than the local MTA itself.
</p>

<p>
This feature is available in Postfix 2.1 and later.
</p>

%PARAM lmtp_destination_concurrency_limit $default_destination_concurrency_limit

<p> The maximal number of parallel deliveries to the same destination
via the lmtp message delivery transport. This limit is enforced by
the queue manager. The message delivery transport name is the first
field in the entry in the master.cf file.  </p>

%PARAM lmtp_destination_recipient_limit $default_destination_recipient_limit

<p> The maximal number of recipients per message for the lmtp
message delivery transport. This limit is enforced by the queue
manager. The message delivery transport name is the first field in
the entry in the master.cf file.  </p>

<p> Setting this parameter to a value of 1 changes the meaning of
lmtp_destination_concurrency_limit from concurrency per domain into
concurrency per recipient.  </p>

%PARAM relay_destination_concurrency_limit $default_destination_concurrency_limit

<p> The maximal number of parallel deliveries to the same destination
via the relay message delivery transport. This limit is enforced
by the queue manager. The message delivery transport name is the
first field in the entry in the master.cf file.  </p>

<p> This feature is available in Postfix 2.0 and later. </p>

%PARAM relay_destination_recipient_limit $default_destination_recipient_limit

<p> The maximal number of recipients per message for the relay
message delivery transport. This limit is enforced by the queue
manager. The message delivery transport name is the first field in
the entry in the master.cf file.  </p>

<p> Setting this parameter to a value of 1 changes the meaning of
relay_destination_concurrency_limit from concurrency per domain
into concurrency per recipient.  </p>

<p> This feature is available in Postfix 2.0 and later. </p>

%PARAM smtp_destination_concurrency_limit $default_destination_concurrency_limit

<p> The maximal number of parallel deliveries to the same destination
via the smtp message delivery transport. This limit is enforced by
the queue manager. The message delivery transport name is the first
field in the entry in the master.cf file.  </p>

%PARAM smtp_destination_recipient_limit $default_destination_recipient_limit

<p> The maximal number of recipients per message for the smtp
message delivery transport. This limit is enforced by the queue
manager. The message delivery transport name is the first field in
the entry in the master.cf file.  </p>

<p> Setting this parameter to a value of 1 changes the meaning of
smtp_destination_concurrency_limit from concurrency per domain
into concurrency per recipient.  </p>

%PARAM virtual_destination_concurrency_limit $default_destination_concurrency_limit

<p> The maximal number of parallel deliveries to the same destination
via the virtual message delivery transport. This limit is enforced
by the queue manager. The message delivery transport name is the
first field in the entry in the master.cf file.  </p>

%PARAM virtual_destination_recipient_limit $default_destination_recipient_limit

<p> The maximal number of recipients per message for the virtual
message delivery transport. This limit is enforced by the queue
manager. The message delivery transport name is the first field in
the entry in the master.cf file.  </p>

<p> Setting this parameter to a value of 1 changes the meaning of
virtual_destination_concurrency_limit from concurrency per domain
into concurrency per recipient.  </p>

%PARAM smtp_helo_name $myhostname

<p>
The hostname to send in the SMTP HELO or EHLO command.
</p>

<p>
The default value is the machine hostname.  Specify a hostname or
[ip.add.re.ss].
</p>

<p>
This information can be specified in the main.cf file for all SMTP
clients, or it can be specified in the master.cf file for a specific
client, for example:
</p>

<blockquote>
<pre>
/etc/postfix/master.cf:
    mysmtp ... smtp -o smtp_helo_name=foo.bar.com
</pre>
</blockquote>

<p>
This feature is available in Postfix 2.0 and later.
</p>

%PARAM smtp_helo_timeout 300s

<p>
The Postfix SMTP client time limit for sending the HELO or EHLO command,
and for receiving the initial remote SMTP server response.
</p>

<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>

%PARAM smtp_host_lookup dns

<p>
What mechanisms the Postfix SMTP client uses to look up a host's
IP address.  This parameter is ignored when DNS lookups are disabled
(see: disable_dns_lookups and smtp_dns_support_level).  The "dns"
mechanism is always tried before "native" if both are listed.
</p>

<p>
Specify one of the following:
</p>

<dl>

<dt><b>dns</b></dt>

<dd>Hosts can be found in the DNS (preferred).  </dd>

<dt><b>native</b></dt>

<dd>Use the native naming service only (nsswitch.conf, or equivalent
mechanism).  </dd>

<dt><b>dns, native</b></dt>

<dd>Use the native service for hosts not found in the DNS.  </dd>

</dl>

<p>
This feature is available in Postfix 2.1 and later.
</p>

%PARAM smtp_line_length_limit 998

<p>
The maximal length of message header and body lines that Postfix
will send via SMTP. This limit does not include the &lt;CR&gt;&lt;LF&gt;
at the end of each line.  Longer lines are broken by inserting
"&lt;CR&gt;&lt;LF&gt;&lt;SPACE&gt;", to minimize the damage to MIME
formatted mail.
</p>

<p>
The Postfix limit of 998 characters not including &lt;CR&gt;&lt;LF&gt;
is consistent with the SMTP limit of 1000 characters including
&lt;CR&gt;&lt;LF&gt;.  The Postfix limit was 990 with Postfix 2.8
and earlier.
</p>

%PARAM smtp_mail_timeout 300s

<p>
The Postfix SMTP client time limit for sending the MAIL FROM command,
and for receiving the remote SMTP server response.
</p>

<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>

%PARAM smtp_mx_address_limit 5

<p>
The maximal number of MX (mail exchanger) IP addresses that can
result from Postfix SMTP client mail exchanger lookups, or zero (no
limit). Prior to
Postfix version 2.3, this limit was disabled by default.
</p>

<p>
This feature is available in Postfix 2.1 and later.
</p>

%PARAM smtp_mx_session_limit 2

<p> The maximal number of SMTP sessions per delivery request before
the Postfix SMTP client
gives up or delivers to a fall-back relay host, or zero (no
limit). This restriction ignores sessions that fail to complete the
SMTP initial handshake (Postfix version 2.2 and earlier) or that fail to
complete the EHLO and TLS handshake (Postfix version 2.3 and later).  </p>

<p> This feature is available in Postfix 2.1 and later.  </p>

%PARAM smtp_never_send_ehlo no

<p> Never send EHLO at the start of an SMTP session. See also the
smtp_always_send_ehlo parameter.  </p>

%PARAM smtp_pix_workaround_threshold_time 500s

<p> How long a message must be queued before the Postfix SMTP client
turns on the PIX firewall "&lt;CR&gt;&lt;LF&gt;.&lt;CR&gt;&lt;LF&gt;"
bug workaround for delivery through firewalls with "smtp fixup"
mode turned on.  </p>

<p>
By default, the workaround is turned off for mail that is queued
for less than 500 seconds. In other words, the workaround is normally
turned off for the first delivery attempt.
</p>

<p>
Specify 0 to enable the PIX firewall
"&lt;CR&gt;&lt;LF&gt;.&lt;CR&gt;&lt;LF&gt;" bug workaround upon the
first delivery attempt.
</p>

%PARAM smtp_quit_timeout 300s

<p>
The Postfix SMTP client time limit for sending the QUIT command,
and for receiving the remote SMTP server response.
</p>

<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>

%PARAM smtp_quote_rfc821_envelope yes

<p>
Quote addresses in Postfix SMTP client MAIL FROM and RCPT TO commands
as required
by RFC 5321. This includes putting quotes around an address localpart
that ends in ".".
</p>

<p>
The default is to comply with RFC 5321. If you have to send mail to
a broken SMTP server, configure a special SMTP client in master.cf:
</p>

<blockquote>
<pre>
/etc/postfix/master.cf:
    broken-smtp . . . smtp -o smtp_quote_rfc821_envelope=no
</pre>
</blockquote>

<p>
and route mail for the destination in question to the "broken-smtp"
message delivery with a transport(5) table.
</p>

<p>
This feature is available in Postfix 2.1 and later.
</p>

%PARAM smtp_rcpt_timeout 300s

<p>
The Postfix SMTP client time limit for sending the SMTP RCPT TO
command, and for receiving the remote SMTP server response.
</p>

<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>

%PARAM smtp_sasl_auth_enable no

<p>
Enable SASL authentication in the Postfix SMTP client.  By default,
the Postfix SMTP client uses no authentication.
</p>

<p>
Example:
</p>

<pre>
smtp_sasl_auth_enable = yes
</pre>

%PARAM smtp_sasl_password_maps 

<p>
Optional Postfix SMTP client lookup tables with one username:password
entry per sender, remote hostname or next-hop domain. Per-sender
lookup is done only when sender-dependent authentication is enabled.
If no username:password entry is found, then the Postfix SMTP client
will not attempt to authenticate to the remote host.
</p>

<p>
The Postfix SMTP client opens the lookup table before going to
chroot jail, so you can leave the password file in /etc/postfix.
</p>

<p>
Specify zero or more "type:name" lookup tables, separated by
whitespace or comma. Tables will be searched in the specified order
until a match is found.
</p>

%PARAM smtp_sasl_security_options noplaintext, noanonymous

<p> Postfix SMTP client SASL security options; as of Postfix 2.3
the list of available
features depends on the SASL client implementation that is selected
with <b>smtp_sasl_type</b>.  </p>

<p> The following security features are defined for the <b>cyrus</b>
client SASL implementation: </p>

<p>
Specify zero or more of the following:
</p>

<dl>

<dt><b>noplaintext</b></dt>

<dd>Disallow methods that use plaintext passwords. </dd>

<dt><b>noactive</b></dt>

<dd>Disallow methods subject to active (non-dictionary) attack.
</dd>

<dt><b>nodictionary</b></dt>

<dd>Disallow methods subject to passive (dictionary) attack. </dd>

<dt><b>noanonymous</b></dt>

<dd>Disallow methods that allow anonymous authentication. </dd>

<dt><b>mutual_auth</b></dt>

<dd>Only allow methods that provide mutual authentication (not
available with SASL version 1). </dd>

</dl>

<p>
Example:
</p>

<pre>
smtp_sasl_security_options = noplaintext
</pre>

%PARAM smtp_sasl_mechanism_filter

<p>
If non-empty, a Postfix SMTP client filter for the remote SMTP
server's list of offered SASL mechanisms.  Different client and
server implementations may support different mechanism lists; by
default, the Postfix SMTP client will use the intersection of the
two. smtp_sasl_mechanism_filter specifies an optional third mechanism
list to intersect with. </p>

<p> Specify mechanism names, "/file/name" patterns or "type:table"
lookup tables. The right-hand side result from "type:table" lookups
is ignored. Specify "!pattern" to exclude a mechanism name from the
list. The form "!/file/name" is supported only in Postfix version
2.4 and later. </p>

<p> This feature is available in Postfix 2.2 and later. </p>

<p>
Examples:
</p>

<pre>
smtp_sasl_mechanism_filter = plain, login
smtp_sasl_mechanism_filter = /etc/postfix/smtp_mechs
smtp_sasl_mechanism_filter = !gssapi, !login, static:rest
</pre>

%PARAM smtp_send_xforward_command no

<p>
Send the non-standard XFORWARD command when the Postfix SMTP server
EHLO response announces XFORWARD support.
</p>

<p>
This allows a Postfix SMTP delivery agent, used for injecting mail
into
a content filter, to forward the name, address, protocol and HELO
name of the original client to the content filter and downstream
queuing SMTP server. This can produce more useful logging than
localhost[127.0.0.1] etc.
</p>

<p>
This feature is available in Postfix 2.1 and later.
</p>

%PARAM smtp_skip_4xx_greeting yes

<p>
Skip SMTP servers that greet with a 4XX status code (go away, try
again later).
</p>

<p>
By default, the Postfix SMTP client moves on the next mail exchanger.
Specify
"smtp_skip_4xx_greeting = no" if Postfix should defer delivery
immediately.
</p>

<p> This feature is available in Postfix 2.0 and earlier.
Later Postfix versions always skip remote SMTP servers that greet
with a
4XX status code. </p>

%PARAM smtp_skip_5xx_greeting yes

<p>
Skip remote SMTP servers that greet with a 5XX status code.
</p>

<p> By default, the Postfix SMTP client moves on the next mail
exchanger. Specify "smtp_skip_5xx_greeting = no" if Postfix should
bounce the mail immediately. Caution: the latter behavior appears
to contradict RFC 2821. </p>

%PARAM smtp_skip_quit_response yes

<p>
Do not wait for the response to the SMTP QUIT command.
</p>

%PARAM smtp_xforward_timeout 300s

<p>
The Postfix SMTP client time limit for sending the XFORWARD command,
and for receiving the remote SMTP server response.
</p>

<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>

<p>
This feature is available in Postfix 2.1 and later.
</p>

%PARAM authorized_verp_clients $mynetworks

<p> What remote SMTP clients are allowed to specify the XVERP command.
This command requests that mail be delivered one recipient at a
time with a per recipient return address.  </p>

<p> By default, only trusted clients are allowed to specify XVERP.
</p>

<p> This parameter was introduced with Postfix version 1.1.  Postfix
version 2.1 renamed this parameter to smtpd_authorized_verp_clients
and changed the default to none. </p>

<p> Specify a list of network/netmask patterns, separated by commas
and/or whitespace. The mask specifies the number of bits in the
network part of a host address. You can also specify hostnames or
.domain names (the initial dot causes the domain to match any name
below it),  "/file/name" or "type:table" patterns.  A "/file/name"
pattern is replaced by its contents; a "type:table" lookup table
is matched when a table entry matches a lookup string (the lookup
result is ignored).  Continue long lines by starting the next line
with whitespace. Specify "!pattern" to exclude an address or network
block from the list. The form "!/file/name" is supported only in
Postfix version 2.4 and later. </p>

<p> Note: IP version 6 address information must be specified inside
<tt>[]</tt> in the authorized_verp_clients value, and in files
specified with "/file/name".  IP version 6 addresses contain the
":" character, and would otherwise be confused with a "type:table"
pattern.  </p>

%PARAM smtpd_authorized_verp_clients $authorized_verp_clients

<p> What remote SMTP clients are allowed to specify the XVERP command.
This command requests that mail be delivered one recipient at a
time with a per recipient return address.  </p>

<p> By default, no clients are allowed to specify XVERP.  </p>

<p> This parameter was renamed with Postfix version 2.1. The default value
is backwards compatible with Postfix version 2.0.  </p>

<p> Specify a list of network/netmask patterns, separated by commas
and/or whitespace. The mask specifies the number of bits in the
network part of a host address. You can also specify hostnames or
.domain names (the initial dot causes the domain to match any name
below it),  "/file/name" or "type:table" patterns.  A "/file/name"
pattern is replaced by its contents; a "type:table" lookup table
is matched when a table entry matches a lookup string (the lookup
result is ignored).  Continue long lines by starting the next line
with whitespace. Specify "!pattern" to exclude an address or network
block from the list. The form "!/file/name" is supported only in
Postfix version 2.4 and later.  </p>

<p> Note: IP version 6 address information must be specified inside
<tt>[]</tt> in the smtpd_authorized_verp_clients value, and in
files specified with "/file/name".  IP version 6 addresses contain
the ":" character, and would otherwise be confused with a "type:table"
pattern.  </p>

%PARAM smtpd_authorized_xclient_hosts 

<p>
What remote SMTP clients are allowed to use the XCLIENT feature.  This
command overrides remote SMTP client information that is used for access
control. Typical use is for SMTP-based content filters, fetchmail-like
programs, or SMTP server access rule testing. See the XCLIENT_README
document for details.
</p>

<p>
This feature is available in Postfix 2.1 and later.
</p>

<p>
By default, no clients are allowed to specify XCLIENT.
</p>

<p>
Specify a list of network/netmask patterns, separated by commas
and/or whitespace. The mask specifies the number of bits in the
network part of a host address. You can also specify hostnames or
.domain names (the initial dot causes the domain to match any name
below it),  "/file/name" or "type:table" patterns.  A "/file/name"
pattern is replaced by its contents; a "type:table" lookup table
is matched when a table entry matches a lookup string (the lookup
result is ignored).  Continue long lines by starting the next line
with whitespace. Specify "!pattern" to exclude an address or network
block from the list. The form "!/file/name" is supported only in
Postfix version 2.4 and later.  </p>

<p> Note: IP version 6 address information must be specified inside
<tt>[]</tt> in the smtpd_authorized_xclient_hosts value, and in
files specified with "/file/name".  IP version 6 addresses contain
the ":" character, and would otherwise be confused with a "type:table"
pattern.  </p>

%PARAM smtpd_authorized_xforward_hosts 

<p>
What remote SMTP clients are allowed to use the XFORWARD feature.  This
command forwards information that is used to improve logging after
SMTP-based content filters. See the XFORWARD_README document for
details.
</p>

<p>
This feature is available in Postfix 2.1 and later.
</p>

<p>
By default, no clients are allowed to specify XFORWARD.
</p>

<p>
Specify a list of network/netmask patterns, separated by commas
and/or whitespace. The mask specifies the number of bits in the
network part of a host address. You can also specify hostnames or
.domain names (the initial dot causes the domain to match any name
below it),  "/file/name" or "type:table" patterns.  A "/file/name"
pattern is replaced by its contents; a "type:table" lookup table
is matched when a table entry matches a lookup string (the lookup
result is ignored).  Continue long lines by starting the next line
with whitespace. Specify "!pattern" to exclude an address or network
block from the list. The form "!/file/name" is supported only in
Postfix version 2.4 and later.  </p>

<p> Note: IP version 6 address information must be specified inside
<tt>[]</tt> in the smtpd_authorized_xforward_hosts value, and in
files specified with "/file/name".  IP version 6 addresses contain
the ":" character, and would otherwise be confused with a "type:table"
pattern.  </p>

%PARAM smtpd_banner $myhostname ESMTP $mail_name

<p>
The text that follows the 220 status code in the SMTP greeting
banner. Some people like to see the mail version advertised. By
default, Postfix shows no version.
</p>

<p>
You MUST specify $myhostname at the start of the text. This is
required by the SMTP protocol.
</p>

<p>
Example:
</p>

<pre>
smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
</pre>

%PARAM smtpd_client_connection_count_limit 50

<p>
How many simultaneous connections any client is allowed to
make to this service.  By default, the limit is set to half
the default process limit value.
</p>

<p>
To disable this feature, specify a limit of 0.
</p>

<p>
WARNING: The purpose of this feature is to limit abuse. It must
not be used to regulate legitimate mail traffic.
</p>

<p>
This feature is available in Postfix 2.2 and later.
</p>

%PARAM smtpd_client_event_limit_exceptions $mynetworks

<p>
Clients that are excluded from smtpd_client_*_count/rate_limit
restrictions. See the mynetworks parameter
description for the parameter value syntax.
</p>

<p>
By default, clients in trusted networks are excluded. Specify a
list of network blocks, hostnames or .domain names (the initial
dot causes the domain to match any name below it).
</p>

<p> Note: IP version 6 address information must be specified inside
<tt>[]</tt> in the smtpd_client_event_limit_exceptions value, and
in files specified with "/file/name".  IP version 6 addresses
contain the ":" character, and would otherwise be confused with a
"type:table" pattern.  </p>

<p> Pattern matching of domain names is controlled by the presence
or absence of "smtpd_client_event_limit_exceptions" in the
parent_domain_matches_subdomains parameter value (postfix 3.0 and
later).  </p>

<p>
This feature is available in Postfix 2.2 and later.
</p>

%PARAM smtpd_client_connection_rate_limit 0

<p>
The maximal number of connection attempts any client is allowed to
make to this service per time unit.  The time unit is specified
with the anvil_rate_time_unit configuration parameter.
</p>

<p>
By default, a client can make as many connections per time unit as
Postfix can accept.
</p>

<p>
To disable this feature, specify a limit of 0.
</p>

<p>
WARNING: The purpose of this feature is to limit abuse. It must
not be used to regulate legitimate mail traffic.
</p>

<p>
This feature is available in Postfix 2.2 and later.
</p>

<p>
Example:
</p>

<pre>
smtpd_client_connection_rate_limit = 1000
</pre>

%PARAM smtpd_client_message_rate_limit 0

<p>
The maximal number of message delivery requests that any client is
allowed to make to this service per time unit, regardless of whether
or not Postfix actually accepts those messages.  The time unit is
specified with the anvil_rate_time_unit configuration parameter.
</p>

<p>
By default, a client can send as many message delivery requests
per time unit as Postfix can accept.
</p>

<p>
To disable this feature, specify a limit of 0.
</p>

<p>
WARNING: The purpose of this feature is to limit abuse. It must
not be used to regulate legitimate mail traffic.
</p>

<p>
This feature is available in Postfix 2.2 and later.
</p>

<p>
Example:
</p>

<pre>
smtpd_client_message_rate_limit = 1000
</pre>

%PARAM smtpd_client_recipient_rate_limit 0

<p>
The maximal number of recipient addresses that any client is allowed
to send to this service per time unit, regardless of whether or not
Postfix actually accepts those recipients.  The time unit is specified
with the anvil_rate_time_unit configuration parameter.
</p>

<p>
By default, a client can send as many recipient addresses per time
unit as Postfix can accept.
</p>

<p>
To disable this feature, specify a limit of 0.
</p>

<p>
WARNING: The purpose of this feature is to limit abuse. It must
not be used to regulate legitimate mail traffic.
</p>

<p>
This feature is available in Postfix 2.2 and later.
</p>

<p>
Example:
</p>

<pre>
smtpd_client_recipient_rate_limit = 1000
</pre>

%PARAM smtpd_client_new_tls_session_rate_limit 0

<p>
The maximal number of new (i.e., uncached) TLS sessions that a
remote SMTP client is allowed to negotiate with this service per
time unit.  The time unit is specified with the anvil_rate_time_unit
configuration parameter.
</p>

<p>
By default, a remote SMTP client can negotiate as many new TLS
sessions per time unit as Postfix can accept.
</p>

<p>
To disable this feature, specify a limit of 0. Otherwise, specify
a limit that is at least the per-client concurrent session limit,
or else legitimate client sessions may be rejected.
</p>

<p>
WARNING: The purpose of this feature is to limit abuse. It must
not be used to regulate legitimate mail traffic.
</p>

<p>
This feature is available in Postfix 2.3 and later.
</p>

<p>
Example:
</p>

<pre>
smtpd_client_new_tls_session_rate_limit = 100
</pre>

%PARAM smtpd_client_auth_rate_limit 0

<p>
The maximal number of AUTH commands that any client is allowed to
send to this service per time unit, regardless of whether or not
Postfix actually accepts those commands.  The time unit is specified
with the anvil_rate_time_unit configuration parameter.
</p>

<p>
By default, there is no limit on the number AUTH commands that a
client may send.
</p>

<p>
To disable this feature, specify a limit of 0.
</p>

<p>
WARNING: The purpose of this feature is to limit abuse. It must
not be used to regulate legitimate mail traffic.
</p>

<p>
This feature is available in Postfix 3.1 and later.
</p>

%PARAM smtpd_client_restrictions 

<p>
Optional restrictions that the Postfix SMTP server applies in the
context of a client connection request.
See SMTPD_ACCESS_README, section "Delayed evaluation of SMTP access
restriction lists" for a discussion of evaluation context and time.
</p>

<p>
The default is to allow all connection requests.
</p>

<p>
Specify a list of restrictions, separated by commas and/or whitespace.
Continue long lines by starting the next line with whitespace.
Restrictions are applied in the order as specified; the first
restriction that matches wins.
</p>

<p>
The following restrictions are specific to client hostname or
client network address information.
</p>

<dl>

<dt><b><a name="check_ccert_access">check_ccert_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>

<dd> Use the remote SMTP client certificate fingerprint or the public key
fingerprint (Postfix 2.9 and later) as lookup key for the specified
access(5) database; with Postfix version 2.2, also require that the
remote SMTP client certificate is verified successfully.
The fingerprint digest algorithm is configurable via the
smtpd_tls_fingerprint_digest parameter (hard-coded as md5 prior to
Postfix version 2.5).  This feature is available with Postfix version
2.2 and later. </dd>

<dt><b><a name="check_client_access">check_client_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>

<dd>Search the specified access database for the client hostname,
parent domains, client IP address, or networks obtained by stripping
least significant octets. See the access(5) manual page for details. </dd>

<dt><b><a name="check_client_a_access">check_client_a_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>

<dd>Search the specified access(5) database for the IP addresses for the
client hostname, and execute the corresponding action.  Note: a result
of "OK" is not allowed for safety reasons. Instead, use DUNNO in order
to exclude specific hosts from blacklists.  This feature is available
in Postfix 3.0 and later.  </dd>

<dt><b><a name="check_client_mx_access">check_client_mx_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>

<dd>Search the specified access(5) database for the MX hosts for the
client hostname, and execute the corresponding action.  Note: a result
of "OK" is not allowed for safety reasons. Instead, use DUNNO in order
to exclude specific hosts from blacklists.  This feature is available
in Postfix 2.7 and later.  </dd>

<dt><b><a name="check_client_ns_access">check_client_ns_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>

<dd>Search the specified access(5) database for the DNS servers for
the client hostname, and execute the corresponding action.  Note: a
result of "OK" is not allowed for safety reasons. Instead, use DUNNO
in order to exclude specific hosts from blacklists.  This feature is
available in Postfix 2.7 and later.  </dd>

<dt><b><a name="check_reverse_client_hostname_access">check_reverse_client_hostname_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>

<dd>Search the specified access database for the unverified reverse
client hostname, parent domains, client IP address, or networks
obtained by stripping least significant octets. See the access(5)
manual page for details.  Note: a result of "OK" is not allowed for
safety reasons.  Instead, use DUNNO in order to exclude specific
hosts from blacklists.  This feature is available in Postfix 2.6
and later.</dd>

<dt><b><a name="check_reverse_client_hostname_a_access">check_reverse_client_hostname_a_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>

<dd>Search the specified access(5) database for the IP addresses for the
unverified reverse client hostname, and execute the corresponding
action.  Note: a result of "OK" is not allowed for safety reasons.
Instead, use DUNNO in order to exclude specific hosts from blacklists.
This feature is available in Postfix 3.0 and later.  </dd>

<dt><b><a name="check_reverse_client_hostname_mx_access">check_reverse_client_hostname_mx_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>

<dd>Search the specified access(5) database for the MX hosts for the
unverified reverse client hostname, and execute the corresponding
action.  Note: a result of "OK" is not allowed for safety reasons.
Instead, use DUNNO in order to exclude specific hosts from blacklists.
This feature is available in Postfix 2.7 and later.  </dd>

<dt><b><a name="check_reverse_client_hostname_ns_access">check_reverse_client_hostname_ns_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>

<dd>Search the specified access(5) database for the DNS servers for
the unverified reverse client hostname, and execute the corresponding
action.  Note: a result of "OK" is not allowed for safety reasons.
Instead, use DUNNO in order to exclude specific hosts from blacklists.
This feature is available in Postfix 2.7 and later.  </dd>

<dt><b><a name="check_sasl_access">check_sasl_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>

<dd> Use the remote SMTP client SASL user name as lookup key for
the specified access(5) database. The lookup key has the form
"username@domainname" when the smtpd_sasl_local_domain parameter
value is non-empty.  Unlike the check_client_access feature,
check_sasl_access does not perform matches of parent domains or IP
subnet ranges.  This feature is available with Postfix version 2.11
and later. </dd>

<dt><b><a name="permit_inet_interfaces">permit_inet_interfaces</a></b></dt>

<dd>Permit the request when the client IP address matches
$inet_interfaces. </dd>

<dt><b><a name="permit_mynetworks">permit_mynetworks</a></b></dt>

<dd>Permit the request when the client IP address matches any
network or network address listed in  $mynetworks. </dd>

<dt><b><a name="permit_sasl_authenticated">permit_sasl_authenticated</a></b></dt>

<dd> Permit the request when the client is successfully
authenticated via the RFC 4954 (AUTH) protocol. </dd>


<dt><b><a name="permit_tls_all_clientcerts">permit_tls_all_clientcerts</a></b></dt>

<dd> Permit the request when the remote SMTP client certificate is
verified successfully.  This option must be used only if a special
CA issues the certificates and only this CA is listed as trusted
CA. Otherwise, clients with a third-party certificate would also
be allowed to relay.  Specify "tls_append_default_CA = no" when the
trusted CA is specified with smtpd_tls_CAfile or smtpd_tls_CApath,
to prevent Postfix from appending the system-supplied default CAs.
This feature is available with Postfix version 2.2.</dd>

<dt><b><a name="permit_tls_clientcerts">permit_tls_clientcerts</a></b></dt>

<dd>Permit the request when the remote SMTP client certificate
fingerprint or public key fingerprint (Postfix 2.9 and later) is
listed in $relay_clientcerts.
The fingerprint digest algorithm is configurable via the
smtpd_tls_fingerprint_digest parameter (hard-coded as md5 prior to
Postfix version 2.5).  This feature is available with Postfix version
2.2. </dd>

<dt><b><a name="reject_rbl_client">reject_rbl_client <i>rbl_domain=d.d.d.d</i></a></b></dt>

<dd>Reject the request when the reversed client network address is
listed with the A record "<i>d.d.d.d</i>" under <i>rbl_domain</i>
(Postfix version 2.1 and later only).  Each "<i>d</i>" is a number,
or a pattern inside "[]" that contains one or more ";"-separated
numbers or number..number ranges (Postfix version 2.8 and later).
If no "<i>=d.d.d.d</i>" is specified, reject the request when the
reversed client network address is listed with any A record under
<i>rbl_domain</i>. <br>
The maps_rbl_reject_code parameter specifies the response code for
rejected requests (default:  554), the default_rbl_reply  parameter
specifies the default server reply, and the rbl_reply_maps  parameter
specifies tables with server replies indexed by <i>rbl_domain</i>.
This feature is available in Postfix 2.0 and later.  </dd>

<dt><b><a name="permit_dnswl_client">permit_dnswl_client <i>dnswl_domain=d.d.d.d</i></a></b></dt>

<dd>Accept the request when the reversed client network address is
listed with the A record "<i>d.d.d.d</i>" under <i>dnswl_domain</i>.
Each "<i>d</i>" is a number, or a pattern inside "[]" that contains
one or more ";"-separated numbers or number..number ranges.
If no "<i>=d.d.d.d</i>" is specified, accept the request when the
reversed client network address is listed with any A record under
<i>dnswl_domain</i>. <br> For safety, permit_dnswl_client is silently
ignored when it would override reject_unauth_destination.  The
result is DEFER_IF_REJECT when whitelist lookup fails.  This feature
is available in Postfix 2.8 and later.  </dd>

<dt><b><a name="reject_rhsbl_client">reject_rhsbl_client <i>rbl_domain=d.d.d.d</i></a></b></dt>

<dd>Reject the request when the client hostname is listed with the
A record "<i>d.d.d.d</i>" under <i>rbl_domain</i> (Postfix version
2.1 and later only).  Each "<i>d</i>" is a number, or a pattern
inside "[]" that contains one or more ";"-separated numbers or
number..number ranges (Postfix version 2.8 and later).  If no
"<i>=d.d.d.d</i>" is specified, reject the request when the client
hostname is listed with
any A record under <i>rbl_domain</i>. See the reject_rbl_client
description above for additional RBL related configuration parameters.
This feature is available in Postfix 2.0 and later; with Postfix
version 2.8 and later, reject_rhsbl_reverse_client will usually
produce better results.  </dd>

<dt><b><a name="permit_rhswl_client">permit_rhswl_client <i>rhswl_domain=d.d.d.d</i></a></b></dt>

<dd>Accept the request when the client hostname is listed with the
A record "<i>d.d.d.d</i>" under <i>rhswl_domain</i>.  Each "<i>d</i>"
is a number, or a pattern inside "[]" that contains one or more
";"-separated numbers or number..number ranges. If no
"<i>=d.d.d.d</i>" is specified, accept the request when the client
hostname is listed with any A record under <i>rhswl_domain</i>.
<br> Caution: client name whitelisting is fragile, since the client
name lookup can fail due to temporary outages.  Client name
whitelisting should be used only to reduce false positives in e.g.
DNS-based blocklists, and not for making access rule exceptions.
<br> For safety, permit_rhswl_client is silently ignored when it
would override reject_unauth_destination.  The result is DEFER_IF_REJECT
when whitelist lookup fails.  This feature is available in Postfix
2.8 and later.  </dd>

<dt><b><a name="reject_rhsbl_reverse_client">reject_rhsbl_reverse_client <i>rbl_domain=d.d.d.d</i></a></b></dt>

<dd>Reject the request when the unverified reverse client hostname
is listed with the A record "<i>d.d.d.d</i>" under <i>rbl_domain</i>.
Each "<i>d</i>" is a number, or a pattern inside "[]" that contains
one or more ";"-separated numbers or number..number ranges.
If no "<i>=d.d.d.d</i>" is specified, reject the request when the
unverified reverse client hostname is listed with any A record under
<i>rbl_domain</i>. See the reject_rbl_client description above for
additional RBL related configuration parameters.  This feature is
available in Postfix 2.8 and later.  </dd>

<dt><b><a name="reject_unknown_client_hostname">reject_unknown_client_hostname</a></b> (with Postfix &lt; 2.3: reject_unknown_client)</dt>

<dd>Reject the request when 1) the client IP address-&gt;name mapping
fails, 2) the name-&gt;address mapping fails, or 3) the name-&gt;address
mapping does not match the client IP address.  <br> This is a
stronger restriction than the reject_unknown_reverse_client_hostname
feature, which triggers only under condition 1) above. <br> The
unknown_client_reject_code parameter specifies the response code
for rejected requests (default: 450). The reply is always 450 in
case the address-&gt;name or name-&gt;address lookup failed due to
a temporary problem. </dd>

<dt><b><a name="reject_unknown_reverse_client_hostname">reject_unknown_reverse_client_hostname</a></b></dt>

<dd>Reject the request when the client IP address has no address-&gt;name
mapping. <br> This is a weaker restriction than the
reject_unknown_client_hostname feature, which requires not only
that the address-&gt;name and name-&gt;address mappings exist, but
also that the two mappings reproduce the client IP address.  <br>
The unknown_client_reject_code parameter specifies the response
code for rejected requests (default: 450).  The reply is always 450
in case the address-&gt;name lookup failed due to a temporary
problem. <br> This feature is available in Postfix 2.3 and
later.  </dd>

#<dt><b><a name="reject_unknown_forward_client_hostname">reject_unknown_forward_client_hostname</a></b></dt>
#
#<dd>Reject the request when the client IP address has no address-&gt;name
#or name -&gt;address mapping. <br> This is a weaker restriction
#than the reject_unknown_client_hostname feature, which requires not
#only that the address-&gt;name and name-&gt;address mappings exist,
#but also that the two mappings reproduce the client IP address.
#<br> The unknown_client_reject_code parameter specifies the response
#code for rejected requests (default: 450).  The reply is always 450
#in case the address-&gt;name or name -&gt;address lookup failed due
#to a temporary problem. <br> This feature is available in Postfix
#version 2.3 and later.  </dd>

</dl>

<p>
In addition, you can use any of the following <a name="generic">
generic</a> restrictions.  These restrictions are applicable in
any SMTP command context.
</p>

<dl>

<dt><b><a name="check_policy_service">check_policy_service <i>servername</i></a></b></dt>

<dd>Query the specified policy server. See the SMTPD_POLICY_README
document for details. This feature is available in Postfix 2.1
and later. </dd>

<dt><b><a name="defer">defer</a></b></dt>

<dd>Defer the request. The client is told to try again later. This
restriction is useful at the end of a restriction list, to make
the default policy explicit. <br> The defer_code parameter specifies
the SMTP server reply code (default: 450).</dd>

<dt><b><a name="defer_if_permit">defer_if_permit</a></b></dt>

<dd>Defer the request if some later restriction would result in an
explicit or implicit PERMIT action.  This is useful when a blacklisting
feature fails due to a temporary problem.  This feature is available
in Postfix version 2.1 and later.  </dd>

<dt><b><a name="defer_if_reject">defer_if_reject</a></b></dt>

<dd>Defer the request if some later restriction would result in a
REJECT action.  This is useful when a whitelisting feature fails
due to a temporary problem.  This feature is available in Postfix
version 2.1 and later.  </dd>

<dt><b><a name="permit">permit</a></b></dt>

<dd>Permit the request. This restriction is useful at the end of
a restriction list, to make the default policy explicit.</dd>

<dt><b><a name="reject_multi_recipient_bounce">reject_multi_recipient_bounce</a></b></dt>

<dd>Reject the request when the envelope sender is the null address,
and the message has multiple envelope recipients. This usage has
rare but legitimate applications: under certain conditions,
multi-recipient mail that was posted with the DSN option NOTIFY=NEVER
may be forwarded with the null sender address.
<br> Note: this restriction can only work reliably
when used in smtpd_data_restrictions or 
smtpd_end_of_data_restrictions, because the total number of
recipients is not known at an earlier stage of the SMTP conversation.
Use at the RCPT stage will only reject the second etc.  recipient.
<br>
The multi_recipient_bounce_reject_code parameter specifies the
response code for rejected requests (default:  550).  This feature
is available in Postfix 2.1 and later. </dd>

<dt><b><a name="reject_plaintext_session">reject_plaintext_session</a></b></dt>

<dd>Reject the request when the connection is not encrypted. This
restriction should not be used before the client has had a chance
to negotiate encryption with the AUTH or STARTTLS commands.
<br>
The plaintext_reject_code parameter specifies the response
code for rejected requests (default:  450).  This feature is available
in Postfix 2.3 and later. </dd>

<dt><b><a name="reject_unauth_pipelining">reject_unauth_pipelining</a></b></dt>

<dd>Reject the request when the client sends SMTP commands ahead
of time where it is not allowed, or when the client sends SMTP
commands ahead of time without knowing that Postfix actually supports
ESMTP command pipelining. This stops mail from bulk mail software
that improperly uses ESMTP command pipelining in order to speed up
deliveries. 
<br> With Postfix 2.6 and later, the SMTP server sets a per-session
flag whenever it detects illegal pipelining, including pipelined
HELO or EHLO commands. The reject_unauth_pipelining feature simply
tests whether the flag was set at any point in time during the
session.
<br> With older Postfix versions, reject_unauth_pipelining checks
the current status of the input read queue, and its usage is not
recommended in contexts other than smtpd_data_restrictions.  </dd>

<dt><b><a name="reject">reject</a></b></dt>

<dd>Reject the request. This restriction is useful at the end of
a restriction list, to make the default policy explicit.  The
reject_code configuration parameter specifies the response code for
rejected requests (default: 554).</dd>

<dt><b><a name="sleep">sleep <i>seconds</i></a></b></dt>

<dd>Pause for the specified number of seconds and proceed with
the next restriction in the list, if any. This may stop zombie
mail when used as:
<pre>
/etc/postfix/main.cf:
    smtpd_client_restrictions = 
        sleep 1, reject_unauth_pipelining
    smtpd_delay_reject = no
</pre>
This feature is available in Postfix 2.3. </dd>

<dt><b><a name="warn_if_reject">warn_if_reject</a></b></dt>

<dd> A safety net for testing. When "warn_if_reject" is placed
before a reject-type restriction, access table query, or
check_policy_service query, this logs a "reject_warning" message
instead of rejecting a request (when a reject-type restriction fails
due to a temporary error, this logs a "reject_warning" message for
any implicit "defer_if_permit" actions that would normally prevent
mail from being accepted by some later access restriction). This
feature has no effect on defer_if_reject restrictions.  </dd>

</dl>

<p>
Other restrictions that are valid in this context:
</p>

<ul>

<li> SMTP command specific restrictions that are described under
the smtpd_helo_restrictions, smtpd_sender_restrictions or
smtpd_recipient_restrictions parameters. When helo, sender or
recipient restrictions are listed under smtpd_client_restrictions,
they have effect only with "smtpd_delay_reject = yes", so that
$smtpd_client_restrictions is evaluated at the time of the RCPT TO
command.

</ul>

<p>
Example:
</p>

<pre>
smtpd_client_restrictions = permit_mynetworks, reject_unknown_client_hostname
</pre>

%CLASS smtpd-tarpit Tarpit features

<p>
When a remote SMTP client makes errors, the Postfix SMTP server
can insert delays before responding. This can help to slow down
run-away software.  The behavior is controlled by an error counter
that counts the number of errors within an SMTP session that a
client makes without delivering mail.
</p>

<ul>

<li><p>When the error counter is less than $smtpd_soft_error_limit the
Postfix SMTP server replies immediately (Postfix version 2.0 and earlier
delay their 4xx or 5xx error response). </p>

<li><p>When the error counter reaches $smtpd_soft_error_limit, the Postfix
SMTP server delays all its responses. </p>

<li><p>When the error counter reaches $smtpd_hard_error_limit the Postfix
SMTP server breaks the connection. </p>

</ul>

%PARAM smtpd_error_sleep_time 1s

<p>With Postfix version 2.1 and later: the SMTP server response delay after
a client has made more than $smtpd_soft_error_limit errors, and
fewer than $smtpd_hard_error_limit errors, without delivering mail.
</p>

<p>With Postfix version 2.0 and earlier: the SMTP server delay before
sending a reject (4xx or 5xx) response, when the client has made
fewer than $smtpd_soft_error_limit errors without delivering
mail. </p>

%PARAM smtpd_soft_error_limit 10

<p>
The number of errors a remote SMTP client is allowed to make without
delivering mail before the Postfix SMTP server slows down all its
responses.
</p>

<ul>

<li><p>With Postfix version 2.1 and later, the Postfix SMTP server
delays all responses by $smtpd_error_sleep_time seconds. </p>

<li><p>With Postfix versions 2.0 and earlier, the Postfix SMTP
server delays all responses by (number of errors) seconds. </p>

</ul>

%PARAM smtpd_hard_error_limit normal: 20, overload: 1

<p>
The maximal number of errors a remote SMTP client is allowed to
make without delivering mail. The Postfix SMTP server disconnects
when the limit is exceeded. Normally the default limit is 20, but
it changes under overload to just 1. With Postfix 2.5 and earlier,
the SMTP server always allows up to 20 errors by default.

</p>

%PARAM smtpd_junk_command_limit normal: 100, overload: 1

<p>
The number of junk commands (NOOP, VRFY, ETRN or RSET) that a remote
SMTP client can send before the Postfix SMTP server starts to
increment the error counter with each junk command.  The junk
command count is reset after mail is delivered.  See also the
smtpd_error_sleep_time and smtpd_soft_error_limit configuration
parameters.  Normally the default limit is 100, but it changes under
overload to just 1. With Postfix 2.5 and earlier, the SMTP server
always allows up to 100 junk commands by default.  </p>

%PARAM smtpd_recipient_overshoot_limit 1000

<p> The number of recipients that a remote SMTP client can send in
excess of the limit specified with $smtpd_recipient_limit, before
the Postfix SMTP server increments the per-session error count
for each excess recipient.  </p>

%PARAM smtpd_etrn_restrictions 

<p>
Optional restrictions that the Postfix SMTP server applies in the
context of a client ETRN command.
See SMTPD_ACCESS_README, section "Delayed evaluation of SMTP access
restriction lists" for a discussion of evaluation context and time.
</p>

<p>
The Postfix ETRN implementation accepts only destinations that are
eligible for the Postfix "fast flush" service. See the ETRN_README
file for details.
</p>

<p>
Specify a list of restrictions, separated by commas and/or whitespace.
Continue long lines by starting the next line with whitespace.
Restrictions are applied in the order as specified; the first
restriction that matches wins.
</p>

<p>
The following restrictions are specific to the domain name information
received with the ETRN command.
</p>

<dl>

<dt><b><a name="check_etrn_access">check_etrn_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>

<dd>Search the specified access database for the ETRN domain name
or its parent domains. See the access(5) manual page for details.
</dd>

</dl>

<p>
Other restrictions that are valid in this context:
</p>

<ul>

<li><a href="#generic">Generic</a> restrictions that can be used
in any SMTP command context, described under smtpd_client_restrictions.

<li>SMTP command specific restrictions described under
smtpd_client_restrictions and smtpd_helo_restrictions.

</ul>

<p>
Example:
</p>

<pre>
smtpd_etrn_restrictions = permit_mynetworks, reject
</pre>

%PARAM smtpd_expansion_filter see "postconf -d" output

<p>
What characters are allowed in $name expansions of RBL reply
templates. Characters not in the allowed set are replaced by "_".
Use C like escapes to specify special characters such as whitespace.
</p>

<p>
This parameter is not subjected to $parameter expansion.
</p>

<p>
This feature is available in Postfix 2.0 and later.
</p>

%PARAM smtpd_forbidden_commands CONNECT, GET, POST

<p>
List of commands that cause the Postfix SMTP server to immediately
terminate the session with a 221 code. This can be used to disconnect
clients that obviously attempt to abuse the system. In addition to the
commands listed in this parameter, commands that follow the "Label:"
format of message headers will also cause a disconnect.
</p>

<p>
This feature is available in Postfix 2.2 and later.
</p>

%PARAM smtpd_helo_required no

<p>
Require that a remote SMTP client introduces itself with the HELO
or EHLO command before sending the MAIL command or other commands
that require EHLO negotiation.
</p>

<p>
Example:
</p>

<pre>
smtpd_helo_required = yes
</pre>

%PARAM smtpd_helo_restrictions 

<p>
Optional restrictions that the Postfix SMTP server applies in the
context of a client HELO command.
See SMTPD_ACCESS_README, section "Delayed evaluation of SMTP access
restriction lists" for a discussion of evaluation context and time.
</p>

<p>
The default is to permit everything.
</p>

<p> Note: specify "smtpd_helo_required = yes" to fully enforce this
restriction (without "smtpd_helo_required = yes", a client can
simply skip smtpd_helo_restrictions by not sending HELO or EHLO).
</p>

<p>
Specify a list of restrictions, separated by commas and/or whitespace.
Continue long lines by starting the next line with whitespace.
Restrictions are applied in the order as specified; the first
restriction that matches wins.
</p>

<p>
The following restrictions are specific to the hostname information
received with the HELO or EHLO command.
</p>

<dl>

<dt><b><a name="check_helo_access">check_helo_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>

<dd>Search the specified access(5) database for the HELO or EHLO
hostname or parent domains, and execute the corresponding action.
Note: specify "smtpd_helo_required = yes" to fully enforce this
restriction (without "smtpd_helo_required = yes", a client can
simply skip check_helo_access by not sending HELO or EHLO).  </dd>

<dt><b><a name="check_helo_a_access">check_helo_a_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>

<dd>Search the specified access(5) database for the IP addresses for
the HELO or EHLO hostname, and execute the corresponding action.
Note 1: a result of "OK" is not allowed for safety reasons. Instead,
use DUNNO in order to exclude specific hosts from blacklists.  Note
2: specify "smtpd_helo_required = yes" to fully enforce this
restriction (without "smtpd_helo_required = yes", a client can
simply skip check_helo_a_access by not sending HELO or EHLO).  This
feature is available in Postfix 3.0 and later.
</dd>

<dt><b><a name="check_helo_mx_access">check_helo_mx_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>

<dd>Search the specified access(5) database for the MX hosts for
the HELO or EHLO hostname, and execute the corresponding action.
Note 1: a result of "OK" is not allowed for safety reasons. Instead,
use DUNNO in order to exclude specific hosts from blacklists.  Note
2: specify "smtpd_helo_required = yes" to fully enforce this
restriction (without "smtpd_helo_required = yes", a client can
simply skip check_helo_mx_access by not sending HELO or EHLO).  This
feature is available in Postfix 2.1 and later.
</dd>

<dt><b><a name="check_helo_ns_access">check_helo_ns_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>

<dd>Search the specified access(5) database for the DNS servers
for the HELO or EHLO hostname, and execute the corresponding action.
Note 1: a result of "OK" is not allowed for safety reasons. Instead,
use DUNNO in order to exclude specific hosts from blacklists.  Note
2: specify "smtpd_helo_required = yes" to fully enforce this
restriction (without "smtpd_helo_required = yes", a client can
simply skip check_helo_ns_access by not sending HELO or EHLO). This
feature is available in Postfix 2.1 and later.
</dd>

<dt><b><a name="reject_invalid_helo_hostname">reject_invalid_helo_hostname</a></b> (with Postfix &lt; 2.3: reject_invalid_hostname)</dt>

<dd>Reject the request when the HELO or EHLO hostname is malformed.
Note: specify "smtpd_helo_required = yes" to fully enforce
this restriction (without "smtpd_helo_required = yes", a client can simply
skip reject_invalid_helo_hostname by not sending HELO or EHLO).
<br> The invalid_hostname_reject_code specifies the response code
for rejected requests (default: 501).</dd>

<dt><b><a name="reject_non_fqdn_helo_hostname">reject_non_fqdn_helo_hostname</a></b> (with Postfix &lt; 2.3: reject_non_fqdn_hostname)</dt>

<dd>Reject the request when the HELO or EHLO hostname is not in
fully-qualified domain or address literal form, as required by the
RFC. Note: specify
"smtpd_helo_required = yes" to fully enforce this restriction
(without "smtpd_helo_required = yes", a client can simply skip
reject_non_fqdn_helo_hostname by not sending HELO or EHLO).  <br>
The non_fqdn_reject_code parameter specifies the response code for
rejected requests (default: 504).</dd>

<dt><b><a name="reject_rhsbl_helo">reject_rhsbl_helo <i>rbl_domain=d.d.d.d</i></a></b></dt>

<dd>Reject the request when the HELO or EHLO hostname is
listed with the A record "<i>d.d.d.d</i>" under <i>rbl_domain</i>
(Postfix version 2.1 and later only).  Each "<i>d</i>" is a number,
or a pattern inside "[]" that contains one or more ";"-separated
numbers or number..number ranges (Postfix version 2.8 and later).
If no "<i>=d.d.d.d</i>" is
specified, reject the request when the HELO or EHLO hostname is
listed with any A record under <i>rbl_domain</i>. See the
reject_rbl_client description for additional RBL related configuration
parameters.  Note: specify "smtpd_helo_required = yes" to fully
enforce this restriction (without "smtpd_helo_required = yes", a
client can simply skip reject_rhsbl_helo by not sending HELO or
EHLO). This feature is available in Postfix 2.0
and later.  </dd>

<dt><b><a name="reject_unknown_helo_hostname">reject_unknown_helo_hostname</a></b> (with Postfix &lt; 2.3: reject_unknown_hostname)</dt>

<dd>Reject the request when the HELO or EHLO hostname has no DNS A
or MX record. <br> The reply is specified with the
unknown_hostname_reject_code parameter (default: 450) or
unknown_helo_hostname_tempfail_action (default: defer_if_permit).
See the respective parameter descriptions for details. <br>
Note: specify "smtpd_helo_required = yes" to fully
enforce this restriction (without "smtpd_helo_required = yes", a
client can simply skip reject_unknown_helo_hostname by not sending
HELO or EHLO). </dd>

</dl>

<p>
Other restrictions that are valid in this context:
</p>

<ul>

<li> <a href="#generic">Generic</a> restrictions that can be used
in any SMTP command context, described under smtpd_client_restrictions.

<li> Client hostname or network address specific restrictions
described under smtpd_client_restrictions.

<li> SMTP command specific restrictions described under
smtpd_sender_restrictions or smtpd_recipient_restrictions.  When
sender or recipient restrictions are listed under smtpd_helo_restrictions,
they have effect only with "smtpd_delay_reject = yes", so that
$smtpd_helo_restrictions is evaluated at the time of the RCPT TO
command.

</ul>

<p>
Examples:
</p>

<pre>
smtpd_helo_restrictions = permit_mynetworks, reject_invalid_helo_hostname
smtpd_helo_restrictions = permit_mynetworks, reject_unknown_helo_hostname
</pre>

%PARAM smtpd_history_flush_threshold 100

<p>
The maximal number of lines in the Postfix SMTP server command history
before it is flushed upon receipt of EHLO, RSET, or end of DATA.
</p>

%PARAM smtpd_noop_commands 

<p>
List of commands that the Postfix SMTP server replies to with "250
Ok", without doing any syntax checks and without changing state.
This list overrides any commands built into the Postfix SMTP server.
</p>

%PARAM smtpd_proxy_ehlo $myhostname

<p>
How the Postfix SMTP server announces itself to the proxy filter.
By default, the Postfix hostname is used.
</p>

<p>
This feature is available in Postfix 2.1 and later.
</p>

%PARAM smtpd_proxy_options 

<p>
List of options that control how the Postfix SMTP server
communicates with a before-queue content filter. Specify zero or
more of the following, separated by comma or whitespace.  </p>

<dl>

<dt><b>speed_adjust</b></dt>

<dd> <p> Do not connect to a before-queue content filter until an entire
message has been received. This reduces the number of simultaneous
before-queue content filter processes. </p>

<p> NOTE 1: A filter must not <i>selectively</i> reject recipients
of a multi-recipient message.  Rejecting all recipients is OK, as
is accepting all recipients. </p>

<p> NOTE 2: This feature increases the minimum amount of free queue
space by $message_size_limit. The extra space is needed to save the
message to a temporary file. </p> </dd>

</dl>

<p>
This feature is available in Postfix 2.7 and later.
</p>

%CLASS smtpd-proxy SMTP Proxy filter

<p>
As of Postfix version 2.1, the SMTP server can forward all incoming
mail to a content filtering proxy server that inspects all mail
BEFORE it is stored in the Postfix mail queue.
</p>

<p>
WARNING: the proxy filter must reply within a fixed deadline or
else the remote SMTP client times out and mail duplication happens.
This becomes a problem as mail load increases so that fewer and
fewer CPU cycles remain available to mead the fixed deadline.
</p>

%PARAM smtpd_proxy_filter 

<p> The hostname and TCP port of the mail filtering proxy server.
The proxy receives all mail from the Postfix SMTP server, and is
supposed to give the result to another Postfix SMTP server process.
</p>

<p> Specify "host:port" or "inet:host:port" for a TCP endpoint, or
"unix:pathname" for a UNIX-domain endpoint. The host can be specified
as an IP address or as a symbolic name; no MX lookups are done.
When no "host" or "host:"  are specified, the local machine is
assumed.  Pathname interpretation is relative to the Postfix queue
directory.  </p>

<p> This feature is available in Postfix 2.1 and later.  </p>

<p> The "inet:" and "unix:" prefixes are available in Postfix 2.3
and later.  </p>

%PARAM smtpd_proxy_timeout 100s

<p>
The time limit for connecting to a proxy filter and for sending or
receiving information.  When a connection fails the client gets a
generic error message while more detailed information is logged to
the maillog file.
</p>

<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>

<p>
This feature is available in Postfix 2.1 and later.
</p>

%PARAM smtpd_recipient_limit 1000

<p>
The maximal number of recipients that the Postfix SMTP server
accepts per message delivery request.
</p>

%PARAM smtpd_recipient_restrictions see "postconf -d" output

<p>
Optional restrictions that the Postfix SMTP server applies in the
context of a client RCPT TO command, after smtpd_relay_restrictions.
See SMTPD_ACCESS_README, section "Delayed evaluation of SMTP access
restriction lists" for a discussion of evaluation context and time.
</p>

<p> With Postfix versions before 2.10, the rules for relay permission
and spam blocking were combined under smtpd_recipient_restrictions,
resulting in error-prone configuration.  As of Postfix 2.10, relay
permission rules are preferably implemented with smtpd_relay_restrictions,
so that a permissive spam blocking policy under
smtpd_recipient_restrictions will no longer result in a permissive
mail relay policy.  </p>

<p> For backwards compatibility, sites that migrate from Postfix
versions before 2.10 can set smtpd_relay_restrictions to the empty
value, and use smtpd_recipient_restrictions exactly as before. </p>

<p>
IMPORTANT: Either the smtpd_relay_restrictions or the
smtpd_recipient_restrictions parameter must specify
at least one of the following restrictions. Otherwise Postfix will
refuse to receive mail:
</p>

<blockquote>
<pre>
reject, reject_unauth_destination
</pre>
</blockquote>

<blockquote>
<pre>
defer, defer_if_permit, defer_unauth_destination
</pre>
</blockquote>

<p>
Specify a list of restrictions, separated by commas and/or whitespace.
Continue long lines by starting the next line with whitespace.
Restrictions are applied in the order as specified; the first
restriction that matches wins.
</p>

<p>
The following restrictions are specific to the recipient address
that is received with the RCPT TO command.
</p>

<dl>

<dt><b><a name="check_recipient_access">check_recipient_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>

<dd>Search the specified access(5) database for the resolved RCPT
TO address, domain, parent domains, or localpart@, and execute the
corresponding action.  </dd>

<dt><b><a name="check_recipient_a_access">check_recipient_a_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>

<dd>Search the specified access(5) database for the IP addresses for
the RCPT TO domain, and execute the corresponding action.  Note:
a result of "OK" is not allowed for safety reasons. Instead, use
DUNNO in order to exclude specific hosts from blacklists.  This
feature is available in Postfix 3.0 and later. </dd>

<dt><b><a name="check_recipient_mx_access">check_recipient_mx_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>

<dd>Search the specified access(5) database for the MX hosts for
the RCPT TO domain, and execute the corresponding action.  Note:
a result of "OK" is not allowed for safety reasons. Instead, use
DUNNO in order to exclude specific hosts from blacklists.  This
feature is available in Postfix 2.1 and later. </dd>

<dt><b><a name="check_recipient_ns_access">check_recipient_ns_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>

<dd>Search the specified access(5) database for the DNS servers
for the RCPT TO domain, and execute the corresponding action.
Note: a result of "OK" is not allowed for safety reasons. Instead,
use DUNNO in order to exclude specific hosts from blacklists.  This
feature is available in Postfix 2.1 and later.  </dd>

<dt><b><a name="permit_auth_destination">permit_auth_destination</a></b></dt>

<dd>Permit the request when one of the following is true:

<ul>

<li> Postfix is mail forwarder: the resolved RCPT TO domain matches
$relay_domains or a subdomain thereof, and the address contains no
sender-specified routing (user@elsewhere@domain),

<li> Postfix is the final destination: the resolved RCPT TO domain
matches $mydestination, $inet_interfaces, $proxy_interfaces,
$virtual_alias_domains, or $virtual_mailbox_domains, and the address
contains no sender-specified routing (user@elsewhere@domain).

</ul></dd>

<dt><b><a name="permit_mx_backup">permit_mx_backup</a></b></dt>

<dd>Permit the request when the local mail system is backup MX for
the RCPT TO domain, or when the domain is an authorized destination
(see permit_auth_destination for definition).

<ul>

<li> Safety: permit_mx_backup does not accept addresses that have
sender-specified routing information (example: user@elsewhere@domain).

<li> Safety: permit_mx_backup can be vulnerable to mis-use when
access is not restricted with permit_mx_backup_networks.

<li> Safety: as of Postfix version 2.3, permit_mx_backup no longer
accepts the address when the local mail system is primary MX for
the recipient domain.  Exception: permit_mx_backup accepts the address
when it specifies an authorized destination (see permit_auth_destination
for definition).

<li> Limitation: mail may be rejected in case of a temporary DNS
lookup problem with Postfix prior to version 2.0.

</ul></dd>

<dt><b><a name="reject_non_fqdn_recipient">reject_non_fqdn_recipient</a></b></dt>

<dd>Reject the request when the RCPT TO address is not in
fully-qualified domain form, as required by the RFC. <br> The
non_fqdn_reject_code parameter specifies the response code for
rejected requests (default: 504). </dd>

<dt><b><a name="reject_rhsbl_recipient">reject_rhsbl_recipient <i>rbl_domain=d.d.d.d</i></a></b></dt>

<dd>Reject the request when the RCPT TO domain is listed with the
A record "<i>d.d.d.d</i>" under <i>rbl_domain</i> (Postfix version
2.1 and later only).  Each "<i>d</i>" is a number, or a pattern
inside "[]" that contains one or more ";"-separated numbers or
number..number ranges (Postfix version 2.8 and later). If no
"<i>=d.d.d.d</i>" is specified, reject
the request when the RCPT TO domain is listed with
any A record under <i>rbl_domain</i>. <br> The maps_rbl_reject_code
parameter specifies the response code for rejected requests (default:
554); the default_rbl_reply parameter specifies the default server
reply; and the rbl_reply_maps parameter specifies tables with server
replies indexed by <i>rbl_domain</i>.  This feature is available
in Postfix version 2.0 and later.</dd>

<dt><b><a name="reject_unauth_destination">reject_unauth_destination</a></b></dt>

<dd>Reject the request unless one of the following is true:

<ul>

<li> Postfix is mail forwarder: the resolved RCPT TO domain matches
$relay_domains or a subdomain thereof, and contains no sender-specified
routing (user@elsewhere@domain),

<li> Postfix is the final destination: the resolved RCPT TO domain
matches $mydestination, $inet_interfaces, $proxy_interfaces,
$virtual_alias_domains, or $virtual_mailbox_domains, and contains
no sender-specified routing (user@elsewhere@domain).

</ul>The relay_domains_reject_code parameter specifies the response
code for rejected requests (default: 554). </dd>

<dt><b><a name="defer_unauth_destination">defer_unauth_destination</a></b></dt>

<dd> Reject the same requests as reject_unauth_destination, with a
non-permanent error code.  This feature is available in Postfix
2.10 and later.</dd>

<dt><b><a name="reject_unknown_recipient_domain">reject_unknown_recipient_domain</a></b></dt>

<dd>Reject the request when Postfix is not final destination for
the recipient domain, and the RCPT TO domain has 1) no DNS MX and
no DNS A
record or 2) a malformed MX record such as a record with
a zero-length MX hostname (Postfix version 2.3 and later). <br> The
reply is specified with the unknown_address_reject_code parameter
(default: 450), unknown_address_tempfail_action (default:
defer_if_permit), or 556 (nullmx, Postfix 3.0 and
later). See the respective parameter descriptions for details.
</dd>

<dt><b><a name="reject_unlisted_recipient">reject_unlisted_recipient</a></b> (with Postfix version 2.0: check_recipient_maps)</dt>

<dd> Reject the request when the RCPT TO address is not listed in
the list of valid recipients for its domain class. See the
smtpd_reject_unlisted_recipient parameter description for details.
This feature is available in Postfix 2.1 and later.</dd>

<dt><b><a name="reject_unverified_recipient">reject_unverified_recipient</a></b></dt>

<dd>Reject the request when mail to the RCPT TO address is known
to bounce, or when the recipient address destination is not reachable.
Address verification information is managed by the verify(8) server;
see the ADDRESS_VERIFICATION_README file for details.  <br> The
unverified_recipient_reject_code parameter specifies the numerical
response code when an address is known to bounce (default: 450,
change into 550 when you are confident that it is safe to do so).
<br>The unverified_recipient_defer_code parameter specifies the
numerical response code when an address probe failed due to a
temporary problem (default: 450). <br> The
unverified_recipient_tempfail_action parameter specifies the action
after address probe failure due to a temporary problem (default:
defer_if_permit).  <br>  This feature is available in Postfix 2.1
and later.  </dd>

</dl>

<p>
Other restrictions that are valid in this context:
</p>

<ul>

<li><a href="#generic">Generic</a> restrictions that can be used
in any SMTP command context, described under smtpd_client_restrictions.

<li>SMTP command specific restrictions described under
smtpd_client_restrictions, smtpd_helo_restrictions and
smtpd_sender_restrictions.

</ul>

<p>
Example:
</p>

<pre>
# The Postfix before 2.10 default mail relay policy. Later Postfix
# versions implement this preferably with smtpd_relay_restrictions.
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
</pre>

%PARAM smtpd_relay_restrictions permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination

<p> Access restrictions for mail relay control that the Postfix
SMTP server applies in the context of the RCPT TO command, before
smtpd_recipient_restrictions.
See SMTPD_ACCESS_README, section "Delayed evaluation of SMTP access
restriction lists" for a discussion of evaluation context and time.
</p>

<p> With Postfix versions before 2.10, the rules for relay permission
and spam blocking were combined under smtpd_recipient_restrictions,
resulting in error-prone configuration.  As of Postfix 2.10, relay
permission rules are preferably implemented with smtpd_relay_restrictions,
so that a permissive spam blocking policy under
smtpd_recipient_restrictions will no longer result in a permissive
mail relay policy.  </p>

<p> For backwards compatibility, sites that migrate from Postfix
versions before 2.10 can set smtpd_relay_restrictions to the empty
value, and use smtpd_recipient_restrictions exactly as before. </p>

<p>
By default, the Postfix SMTP server accepts:
</p>

<ul>

<li> Mail from clients whose IP address matches $mynetworks, or:

<li> Mail to remote destinations that match $relay_domains, except
for addresses that contain sender-specified routing
(user@elsewhere@domain), or:

<li> Mail to local destinations that match $inet_interfaces
or $proxy_interfaces, $mydestination, $virtual_alias_domains, or
$virtual_mailbox_domains.

</ul>

<p>
IMPORTANT: Either the smtpd_relay_restrictions or the
smtpd_recipient_restrictions parameter must specify
at least one of the following restrictions. Otherwise Postfix will
refuse to receive mail:
</p>

<blockquote>
<pre>
reject, reject_unauth_destination
</pre>
</blockquote>
 
<blockquote>
<pre>
defer, defer_if_permit, defer_unauth_destination
</pre>
</blockquote>

<p>
Specify a list of restrictions, separated by commas and/or whitespace.
Continue long lines by starting the next line with whitespace.
The same restrictions are available as documented under
smtpd_recipient_restrictions.
</p>

<p> This feature is available in Postix 2.10 and later. </p>

%CLASS sasl-auth SASL Authentication

<p>
Postfix SASL support (RFC 4954) can be used to authenticate remote
SMTP clients to the Postfix SMTP server, and to authenticate the
Postfix SMTP client to a remote SMTP server.
See the SASL_README document for details.
</p>

%PARAM smtpd_sasl_auth_enable no

<p>
Enable SASL authentication in the Postfix SMTP server. By default,
the Postfix SMTP server does not use authentication.
</p>

<p>
If a remote SMTP client is authenticated, the permit_sasl_authenticated
access restriction can be used to permit relay access, like this:
</p>

<blockquote>
<pre>
# With Postfix 2.10 and later, the mail relay policy is
# preferably specified under smtpd_relay_restrictions.
smtpd_relay_restrictions =
    permit_mynetworks, permit_sasl_authenticated, ...
</pre>

<pre>
# With Postfix before 2.10, the relay policy can be
# specified only under smtpd_recipient_restrictions.
smtpd_recipient_restrictions =
    permit_mynetworks, permit_sasl_authenticated, ...
</pre>
</blockquote>

<p> To reject all SMTP connections from unauthenticated clients,
specify "smtpd_delay_reject = yes" (which is the default) and use:
</p>

<blockquote>
<pre>
smtpd_client_restrictions = permit_sasl_authenticated, reject
</pre>
</blockquote>

<p>
See the SASL_README file for SASL configuration and operation details.
</p>

%PARAM smtpd_sasl_authenticated_header no

<p> Report the SASL authenticated user name in the smtpd(8) Received
message header.  </p>

<p> This feature is available in Postfix 2.3 and later.  </p>

%PARAM smtpd_sasl_exceptions_networks 

<p>
What remote SMTP clients the Postfix SMTP server will not offer
AUTH support to.
</p>

<p>
Some clients (Netscape 4 at least) have a bug that causes them to
require a login and password whenever AUTH is offered, whether it's
necessary or not. To work around this, specify, for example,
$mynetworks to prevent Postfix from offering AUTH to local clients.
</p>

<p>
Specify a list of network/netmask patterns, separated by commas
and/or whitespace. The mask specifies the number of bits in the
network part of a host address. You can also "/file/name" or
"type:table" patterns.  A "/file/name" pattern is replaced by its
contents; a "type:table" lookup table is matched when a table entry
matches a lookup string (the lookup result is ignored).  Continue
long lines by starting the next line with whitespace. Specify
"!pattern" to exclude an address or network block from the list.
The form "!/file/name" is supported only in Postfix version 2.4 and
later.  </p>

<p> Note: IP version 6 address information must be specified inside
<tt>[]</tt> in the smtpd_sasl_exceptions_networks value, and in
files specified with "/file/name".  IP version 6 addresses contain
the ":" character, and would otherwise be confused with a "type:table"
pattern.  </p>

<p>
Example:
</p>

<pre>
smtpd_sasl_exceptions_networks = $mynetworks
</pre>

<p>
This feature is available in Postfix 2.1 and later.
</p>

%PARAM smtpd_sasl_local_domain 

<p>
The name of the Postfix SMTP server's local SASL authentication
realm.
</p>

<p>
By default, the local authentication realm name is the null string.
</p>

<p>
Examples:
</p>

<pre>
smtpd_sasl_local_domain = $mydomain
smtpd_sasl_local_domain = $myhostname
</pre>

%PARAM smtpd_sasl_security_options noanonymous

<p> Postfix SMTP server SASL security options; as of Postfix 2.3
the list of available
features depends on the SASL server implementation that is selected
with <b>smtpd_sasl_type</b>.  </p>

<p> The following security features are defined for the <b>cyrus</b>
server SASL implementation: </p>

<p>
Restrict what authentication mechanisms the Postfix SMTP server
will offer to the client.  The list of available authentication
mechanisms is system dependent.
</p>

<p>
Specify zero or more of the following:
</p>

<dl>

<dt><b>noplaintext</b></dt>

<dd>Disallow methods that use plaintext passwords. </dd>

<dt><b>noactive</b></dt>

<dd>Disallow methods subject to active (non-dictionary) attack. </dd>

<dt><b>nodictionary</b></dt>

<dd>Disallow methods subject to passive (dictionary) attack. </dd>

<dt><b>noanonymous</b></dt>

<dd>Disallow methods that allow anonymous authentication. </dd>

<dt><b>forward_secrecy</b></dt>

<dd>Only allow methods that support forward secrecy (Dovecot only).
</dd>

<dt><b>mutual_auth</b></dt>

<dd>Only allow methods that provide mutual authentication (not available
with Cyrus SASL version 1). </dd>

</dl>

<p>
By default, the Postfix SMTP server accepts plaintext passwords but
not anonymous logins.
</p>

<p>
Warning: it appears that clients try authentication methods in the
order as advertised by the server (e.g., PLAIN ANONYMOUS CRAM-MD5)
which means that if you disable plaintext passwords, clients will
log in anonymously, even when they should be able to use CRAM-MD5.
So, if you disable plaintext logins, disable anonymous logins too.
Postfix treats anonymous login as no authentication.
</p>

<p>
Example:
</p>

<pre>
smtpd_sasl_security_options = noanonymous, noplaintext
</pre>

%PARAM smtpd_sender_login_maps 

<p>
Optional lookup table with the SASL login names that own the sender
(MAIL FROM) addresses.
</p>

<p>
Specify zero or more "type:name" lookup tables, separated by
whitespace or comma. Tables will be searched in the specified order
until a match is found.  With lookups from
indexed files such as DB or DBM, or from networked tables such as
NIS, LDAP or SQL, the following search operations are done with a
sender address of <i>user@domain</i>:  </p>

<dl>

<dt> 1) <i>user@domain</i> </dt>

<dd>This table lookup is always done and has the highest precedence. </dd>

<dt> 2) <i>user</i> </dt>

<dd>This table lookup is done only when the <i>domain</i> part of the
sender address matches $myorigin, $mydestination, $inet_interfaces
or $proxy_interfaces. </dd>

<dt> 3) <i>@domain</i> </dt>

<dd>This table lookup is done last and has the lowest precedence. </dd>

</dl>

<p>
In all cases the result of table lookup must be either "not found"
or a list of SASL login names separated by comma and/or whitespace.
</p>

%PARAM smtpd_sender_restrictions 

<p>
Optional restrictions that the Postfix SMTP server applies in the
context of a client MAIL FROM command.
See SMTPD_ACCESS_README, section "Delayed evaluation of SMTP access
restriction lists" for a discussion of evaluation context and time.
</p>

<p>
The default is to permit everything.
</p>

<p>
Specify a list of restrictions, separated by commas and/or whitespace.
Continue long lines by starting the next line with whitespace.
Restrictions are applied in the order as specified; the first
restriction that matches wins.
</p>

<p>
The following restrictions are specific to the sender address
received with the MAIL FROM command.
</p>

<dl>

<dt><b><a name="check_sender_access">check_sender_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>

<dd>Search the specified access(5) database for the MAIL FROM
address, domain, parent domains, or localpart@, and execute the
corresponding action. </dd>

<dt><b><a name="check_sender_a_access">check_sender_a_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>

<dd>Search the specified access(5) database for the IP addresses for
the MAIL FROM domain, and execute the corresponding action.  Note:
a result of "OK" is not allowed for safety reasons. Instead, use
DUNNO in order to exclude specific hosts from blacklists.  This
feature is available in Postfix 3.0 and later. </dd>

<dt><b><a name="check_sender_mx_access">check_sender_mx_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>

<dd>Search the specified access(5) database for the MX hosts for
the MAIL FROM domain, and execute the corresponding action.  Note:
a result of "OK" is not allowed for safety reasons. Instead, use
DUNNO in order to exclude specific hosts from blacklists.  This
feature is available in Postfix 2.1 and later. </dd>

<dt><b><a name="check_sender_ns_access">check_sender_ns_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>

<dd>Search the specified access(5) database for the DNS servers
for the MAIL FROM domain, and execute the corresponding action.
Note: a result of "OK" is not allowed for safety reasons. Instead,
use DUNNO in order to exclude specific hosts from blacklists.  This
feature is available in Postfix 2.1 and later.  </dd>

<dt><b><a name="reject_authenticated_sender_login_mismatch">reject_authenticated_sender_login_mismatch</a></b></dt>

<dd>Enforces the reject_sender_login_mismatch restriction for
authenticated clients only. This feature is available in
Postfix version 2.1 and later. </dd>

<dt><b><a name="reject_known_sender_login_mismatch">reject_known_sender_login_mismatch</a></b></dt>

<dd>Apply the reject_sender_login_mismatch restriction only to MAIL
FROM addresses that are known in $smtpd_sender_login_maps.  This
feature is available in Postfix version 2.11 and later. </dd>

<dt><b><a name="reject_non_fqdn_sender">reject_non_fqdn_sender</a></b></dt>

<dd>Reject the request when the MAIL FROM address is not in
fully-qualified domain form, as required by the RFC. <br> The
non_fqdn_reject_code parameter specifies the response code for
rejected requests (default: 504). </dd>

<dt><b><a name="reject_rhsbl_sender">reject_rhsbl_sender <i>rbl_domain=d.d.d.d</i></a></b></dt>

<dd>Reject the request when the MAIL FROM domain is listed with
the A record "<i>d.d.d.d</i>" under <i>rbl_domain</i> (Postfix
version 2.1 and later only).  Each "<i>d</i>" is a number, or a
pattern inside "[]" that contains one or more ";"-separated numbers
or number..number ranges (Postfix version 2.8 and later). If no
"<i>=d.d.d.d</i>" is specified,
reject the request when the MAIL FROM domain is
listed with any A record under <i>rbl_domain</i>. <br> The
maps_rbl_reject_code parameter specifies the response code for
rejected requests (default:  554); the default_rbl_reply parameter
specifies the default server reply; and the rbl_reply_maps parameter
specifies tables with server replies indexed by <i>rbl_domain</i>.
This feature is available in Postfix 2.0 and later.</dd>

<dt><b><a name="reject_sender_login_mismatch">reject_sender_login_mismatch</a></b></dt>

<dd>Reject the request when $smtpd_sender_login_maps specifies an
owner for the MAIL FROM address, but the client is not (SASL) logged
in as that MAIL FROM address owner; or when the client is (SASL)
logged in, but the client login name doesn't own the MAIL FROM
address according to $smtpd_sender_login_maps.</dd>

<dt><b><a name="reject_unauthenticated_sender_login_mismatch">reject_unauthenticated_sender_login_mismatch</a></b></dt>

<dd>Enforces the reject_sender_login_mismatch restriction for
unauthenticated clients only. This feature is available in
Postfix version 2.1 and later. </dd>

<dt><b><a name="reject_unknown_sender_domain">reject_unknown_sender_domain</a></b></dt>

<dd>Reject the request when Postfix is not final destination for
the sender address, and the MAIL FROM domain has 1) no DNS MX and
no DNS A
record, or 2) a malformed MX record such as a record with
a zero-length MX hostname (Postfix version 2.3 and later). <br> The
reply is specified with the unknown_address_reject_code parameter
(default: 450), unknown_address_tempfail_action (default:
defer_if_permit), or 550 (nullmx, Postfix 3.0 and
later). See the respective parameter descriptions for details.
</dd>

<dt><b><a name="reject_unlisted_sender">reject_unlisted_sender</a></b></dt>

<dd>Reject the request when the MAIL FROM address is not listed in
the list of valid recipients for its domain class. See the
smtpd_reject_unlisted_sender parameter description for details.
This feature is available in Postfix 2.1 and later.</dd>

<dt><b><a name="reject_unverified_sender">reject_unverified_sender</a></b></dt>

<dd>Reject the request when mail to the MAIL FROM address is known to
bounce, or when the sender address destination is not reachable.
Address verification information is managed by the verify(8) server;
see the ADDRESS_VERIFICATION_README file for details. <br> The
unverified_sender_reject_code parameter specifies the numerical
response code when an address is known to bounce (default: 450,
change into 550 when you are confident that it is safe to do so).
<br>The unverified_sender_defer_code specifies the numerical response
code when an address probe failed due to a temporary problem
(default: 450).  <br> The unverified_sender_tempfail_action parameter
specifies the action after address probe failure due to a temporary
problem (default: defer_if_permit).  <br> This feature is available
in Postfix 2.1 and later.  </dd>

</dl>

<p>
Other restrictions that are valid in this context:
</p>

<ul>

<li> <a href="#generic">Generic</a> restrictions that can be used
in any SMTP command context, described under smtpd_client_restrictions.

<li> SMTP command specific restrictions described under
smtpd_client_restrictions and smtpd_helo_restrictions.

<li> SMTP command specific restrictions described under
smtpd_recipient_restrictions. When recipient restrictions are listed
under smtpd_sender_restrictions, they have effect only with
"smtpd_delay_reject = yes", so that $smtpd_sender_restrictions is
evaluated at the time of the RCPT TO command.

</ul>

<p>
Examples:
</p>

<pre>
smtpd_sender_restrictions = reject_unknown_sender_domain
smtpd_sender_restrictions = reject_unknown_sender_domain,
    check_sender_access hash:/etc/postfix/access
</pre>

%PARAM smtpd_timeout normal: 300s, overload: 10s

<p>
The time limit for sending a Postfix SMTP server response and for
receiving a remote SMTP client request. Normally the default limit
is 300s, but it changes under overload to just 10s. With Postfix
2.5 and earlier, the SMTP server always uses a time limit of 300s
by default.
</p>

<p>
Note: if you set SMTP time limits to very large values you may have
to update the global ipc_timeout parameter.
</p>

<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>

%PARAM soft_bounce no

<p>
Safety net to keep mail queued that would otherwise be returned to
the sender.  This parameter disables locally-generated bounces,
changes the handling of negative responses from remote servers,
content filters or plugins,
and prevents the Postfix SMTP server from rejecting mail permanently
by changing 5xx reply codes into 4xx.  However, soft_bounce is no
cure for address rewriting mistakes or mail routing mistakes.
</p>

<p>
Note: "soft_bounce = yes" is in some cases implemented by modifying
server responses. Therefore, the response that Postfix logs may
differ from the response that Postfix actually sends or receives.
</p>

<p>
Example:
</p>

<pre>
soft_bounce = yes
</pre>

%PARAM stale_lock_time 500s

<p>
The time after which a stale exclusive mailbox lockfile is removed.
This is used for delivery to file or mailbox.
</p>

<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>

%PARAM strict_rfc821_envelopes no

<p>
Require that addresses received in SMTP MAIL FROM and RCPT TO
commands are enclosed with &lt;&gt;, and that those addresses do
not contain RFC 822 style comments or phrases.  This stops mail
from poorly written software.
</p>

<p>
By default, the Postfix SMTP server accepts RFC 822 syntax in MAIL
FROM and RCPT TO addresses.
</p>

%PARAM swap_bangpath yes

<p>
Enable the rewriting of "site!user" into "user@site".  This is
necessary if your machine is connected to UUCP networks.  It is
enabled by default.
</p>

<p> Note: with Postfix version 2.2, message header address rewriting
happens only when one of the following conditions is true: </p>
 
<ul>
 
<li> The message is received with the Postfix sendmail(1) command,
 
<li> The message is received from a network client that matches
$local_header_rewrite_clients,
 
<li> The message is received from the network, and the
remote_header_rewrite_domain parameter specifies a non-empty value.
 
</ul>

<p> To get the behavior before Postfix version 2.2, specify
"local_header_rewrite_clients = static:all". </p>

<p>
Example:
</p>

<pre>
swap_bangpath = no
</pre>

%PARAM syslog_facility mail

<p>
The syslog facility of Postfix logging. Specify a facility as
defined in syslog.conf(5). The default facility is "mail".
</p>

<p>
Warning: a non-default syslog_facility setting takes effect only
after a Postfix process has completed initialization.  Errors during
process initialization will be logged with the default facility.
Examples are errors while parsing the command line arguments, and
errors while accessing the Postfix main.cf configuration file.
</p>

%PARAM syslog_name see "postconf -d" output

<p>
The mail system name that is prepended to the process name in syslog
records, so that "smtpd" becomes, for example, "postfix/smtpd".
</p>

<p>
Warning: a non-default syslog_name setting takes effect only after
a Postfix process has completed initialization. Errors during
process initialization will be logged with the default name. Examples
are errors while parsing the command line arguments, and errors
while accessing the Postfix main.cf configuration file.
</p>

%PARAM transport_maps 

<p>
Optional lookup tables with mappings from recipient address to
(message delivery transport, next-hop destination).  See transport(5)
for details.
</p>

<p>
Specify zero or more "type:table" lookup tables, separated by
whitespace or comma. Tables will be searched in the specified order
until a match is found.  If you use this
feature with local files, run "<b>postmap /etc/postfix/transport</b>"
after making a change.  </p>

<p> Pattern matching of domain names is controlled by the presence
or absence of "transport_maps" in the parent_domain_matches_subdomains
parameter value.  </p>

<p> For safety reasons, as of Postfix 2.3 this feature does not
allow $number substitutions in regular expression maps. </p>

<p>
Examples:
</p>

<pre>
transport_maps = dbm:/etc/postfix/transport
transport_maps = hash:/etc/postfix/transport
</pre>

%PARAM transport_retry_time 60s

<p>
The time between attempts by the Postfix queue manager to contact
a malfunctioning message delivery transport.
</p>

<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>

%PARAM trigger_timeout 10s

<p>
The time limit for sending a trigger to a Postfix daemon (for
example, the pickup(8) or qmgr(8) daemon). This time limit prevents
programs from getting stuck when the mail system is under heavy
load.
</p>

<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>

%PARAM unknown_address_reject_code 450

<p>
The numerical response code when the Postfix SMTP server rejects a
sender or recipient address because its domain is unknown.  This
is one of the possible replies from the restrictions
reject_unknown_sender_domain and reject_unknown_recipient_domain.
</p>

<p>
Do not change this unless you have a complete understanding of RFC 5321.
</p>

%PARAM unknown_client_reject_code 450

<p>
The numerical Postfix SMTP server response code when a client
without valid address &lt;=&gt; name mapping is rejected by the
reject_unknown_client_hostname restriction. The SMTP server always replies
with 450 when the mapping failed due to a temporary error condition.
</p>

<p>
Do not change this unless you have a complete understanding of RFC 5321.
</p>

%PARAM unknown_hostname_reject_code 450

<p>
The numerical Postfix SMTP server response code when the hostname
specified with the HELO or EHLO command is rejected by the
reject_unknown_helo_hostname restriction.
</p>

<p>
Do not change this unless you have a complete understanding of RFC 5321.
</p>

%PARAM unknown_local_recipient_reject_code 550

<p>
The numerical Postfix SMTP server response code when a recipient
address is local, and $local_recipient_maps specifies a list of
lookup tables that does not match the recipient.  A recipient
address is local when its domain matches $mydestination,
$proxy_interfaces or $inet_interfaces.
</p>

<p>
The default setting is 550 (reject mail) but it is safer to initially
use 450 (try again later) so you have time to find out if your
local_recipient_maps settings are OK.
</p>

<p>
Example:
</p>

<pre>
unknown_local_recipient_reject_code = 450
</pre>

<p>
This feature is available in Postfix 2.0 and later.
</p>

%PARAM unverified_recipient_reject_code 450

<p>
The numerical Postfix SMTP server response when a recipient address
is rejected by the reject_unverified_recipient restriction.
</p>

<p>
Unlike elsewhere in Postfix, you can specify 250 in order to
accept the address anyway.
</p>

<p>
Do not change this unless you have a complete understanding of RFC 5321.
</p>

<p>
This feature is available in Postfix 2.1 and later.
</p>

%PARAM unverified_recipient_defer_code 450

<p>
The numerical Postfix SMTP server response when a recipient address
probe fails due to a temporary error condition.
</p>

<p>
Unlike elsewhere in Postfix, you can specify 250 in order to
accept the address anyway.
</p>

<p>
Do not change this unless you have a complete understanding of RFC 5321.
</p>

<p>
This feature is available in Postfix 2.6 and later.
</p>

%PARAM unverified_sender_reject_code 450

<p>
The numerical Postfix SMTP server response code when a recipient
address is rejected by the reject_unverified_sender restriction.
</p>

<p>
Unlike elsewhere in Postfix, you can specify 250 in order to
accept the address anyway.
</p>

<p>
Do not change this unless you have a complete understanding of RFC 5321.
</p>

<p>
This feature is available in Postfix 2.1 and later.
</p>

%PARAM unverified_sender_defer_code 450

<p>
The numerical Postfix SMTP server response code when a sender address
probe fails due to a temporary error condition.
</p>

<p>
Unlike elsewhere in Postfix, you can specify 250 in order to
accept the address anyway.
</p>

<p>
Do not change this unless you have a complete understanding of RFC 5321.
</p>

<p>
This feature is available in Postfix 2.6 and later.
</p>

%PARAM virtual_alias_domains $virtual_alias_maps

<p> Postfix is final destination for the specified list of virtual
alias domains, that is, domains for which all addresses are aliased
to addresses in other local or remote domains. The SMTP server
validates recipient addresses with $virtual_alias_maps and rejects
non-existent recipients. See also the virtual alias domain class
in the ADDRESS_CLASS_README file </p>

<p>
This feature is available in Postfix 2.0 and later. The default
value is backwards compatible with Postfix version 1.1.
</p>

<p>
The default value is $virtual_alias_maps so that you can keep all
information about virtual alias domains in one place.  If you have
many users, it is better to separate information that changes more
frequently (virtual address -&gt; local or remote address mapping)
from information that changes less frequently (the list of virtual
domain names).
</p>

<p> Specify a list of host or domain names, "/file/name" or
"type:table" patterns, separated by commas and/or whitespace. A
"/file/name" pattern is replaced by its contents; a "type:table"
lookup table is matched when a table entry matches a lookup string
(the lookup result is ignored).  Continue long lines by starting
the next line with whitespace. Specify "!pattern" to exclude a host
or domain name from the list. The form "!/file/name" is supported
only in Postfix version 2.4 and later.  </p>

<p>
See also the VIRTUAL_README and ADDRESS_CLASS_README documents
for further information.
</p>

<p>
Example:
</p>

<pre>
virtual_alias_domains = virtual1.tld virtual2.tld
</pre>

%PARAM virtual_alias_expansion_limit 1000

<p>
The maximal number of addresses that virtual alias expansion produces
from each original recipient.
</p>

<p>
This feature is available in Postfix 2.1 and later.
</p>

%PARAM virtual_alias_maps $virtual_maps

<p>
Optional lookup tables that alias specific mail addresses or domains
to other local or remote address.  The table format and lookups
are documented in virtual(5). For an overview of Postfix address
manipulations see the ADDRESS_REWRITING_README document.
</p>

<p>
This feature is available in Postfix 2.0 and later. The default
value is backwards compatible with Postfix version 1.1.
</p>

<p>
Specify zero or more "type:name" lookup tables, separated by
whitespace or comma. Tables will be searched in the specified order
until a match is found.
Note: these lookups are recursive.
</p>

<p>
If you use this feature with indexed files, run "<b>postmap
/etc/postfix/virtual</b>" after changing the file.
</p>

<p>
Examples:
</p>

<pre>
virtual_alias_maps = dbm:/etc/postfix/virtual
virtual_alias_maps = hash:/etc/postfix/virtual
</pre>

%PARAM virtual_alias_recursion_limit 1000

<p>
The maximal nesting depth of virtual alias expansion.  Currently
the recursion limit is applied only to the left branch of the
expansion graph, so the depth of the tree can in the worst case
reach the sum of the expansion and recursion limits.  This may
change in the future.
</p>

<p>
This feature is available in Postfix 2.1 and later.
</p>

%CLASS trouble-shooting Trouble shooting

<p>
The DEBUG_README document describes how to debug parts of the
Postfix mail system. The methods vary from making the software log
a lot of detail, to running some daemon processes under control of
a call tracer or debugger.
</p>

%PARAM debugger_command 

<p>
The external command to execute when a Postfix daemon program is
invoked with the -D option.
</p>

<p>
Use "command .. &amp; sleep 5" so that the debugger can attach before
the process marches on. If you use an X-based debugger, be sure to
set up your XAUTHORITY environment variable before starting Postfix.
</p>

<p>
Note: the command is subject to $name expansion, before it is
passed to the default command interpreter. Specify "$$" to
produce a single "$" character.
</p>

<p>
Example:
</p>

<pre>
debugger_command =
    PATH=/usr/bin:/usr/X11R6/bin
    ddd $daemon_directory/$process_name $process_id &amp; sleep 5
</pre>

%PARAM 2bounce_notice_recipient postmaster

<p> The recipient of undeliverable mail that cannot be returned to
the sender.  This feature is enabled with the notify_classes
parameter.  </p>

%PARAM address_verify_service_name verify

<p>
The name of the verify(8) address verification service. This service
maintains the status of sender and/or recipient address verification
probes, and generates probes on request by other Postfix processes.
</p>

%PARAM alternate_config_directories 

<p>
A list of non-default Postfix configuration directories that may
be specified with "-c config_directory" on the command line, or
via the MAIL_CONFIG environment parameter.
</p>

<p>
This list must be specified in the default Postfix configuration
directory, and is used by set-gid Postfix commands such as postqueue(1)
and postdrop(1).
</p>

%PARAM append_at_myorigin yes

<p>
With locally submitted mail, append the string "@$myorigin" to mail
addresses without domain information. With remotely submitted mail,
append the string "@$remote_header_rewrite_domain" instead.
</p>

<p>
Note 1: this feature is enabled by default and must not be turned off.
Postfix does not support domain-less addresses.
</p>

<p> Note 2: with Postfix version 2.2, message header address rewriting
happens only when one of the following conditions is true: </p>
 
<ul>
 
<li> The message is received with the Postfix sendmail(1) command,
 
<li> The message is received from a network client that matches
$local_header_rewrite_clients,
 
<li> The message is received from the network, and the
remote_header_rewrite_domain parameter specifies a non-empty value.
 
</ul>

<p> To get the behavior before Postfix version 2.2, specify
"local_header_rewrite_clients = static:all". </p>

%PARAM append_dot_mydomain Postfix &ge; 3.0: no, Postfix &lt; 3.0: yes

<p>
With locally submitted mail, append the string ".$mydomain" to
addresses that have no ".domain" information. With remotely submitted
mail, append the string ".$remote_header_rewrite_domain"
instead.
</p>

<p>
Note 1: this feature is enabled by default. If disabled, users will not be
able to send mail to "user@partialdomainname" but will have to
specify full domain names instead.
</p>

<p> Note 2: with Postfix version 2.2, message header address rewriting
happens only when one of the following conditions is true: </p>
 
<ul>
 
<li> The message is received with the Postfix sendmail(1) command,
 
<li> The message is received from a network client that matches
$local_header_rewrite_clients,
 
<li> The message is received from the network, and the
remote_header_rewrite_domain parameter specifies a non-empty value.
 
</ul>

<p> To get the behavior before Postfix version 2.2, specify
"local_header_rewrite_clients = static:all". </p>

%PARAM application_event_drain_time 100s

<p>
How long the postkick(1) command waits for a request to enter the
Postfix daemon process input buffer before giving up.
</p>

<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>

<p>
This feature is available in Postfix 2.1 and later.
</p>

%PARAM authorized_flush_users static:anyone

<p>
List of users who are authorized to flush the queue.
</p>

<p> 
By default, all users are allowed to flush the queue.  Access is
always granted if the invoking user is the super-user or the
$mail_owner user.  Otherwise, the real UID of the process is looked
up in the system password file, and access is granted only if the
corresponding login name is on the access list.  The username
"unknown" is used for processes whose real UID is not found in the
password file.  </p>

<p>
Specify a list of user names, "/file/name" or "type:table" patterns,
separated by commas and/or whitespace. The list is matched left to
right, and the search stops on the first match. A "/file/name"
pattern is replaced
by its contents; a "type:table" lookup table is matched when a name
matches a lookup key (the lookup result is ignored).  Continue long
lines by starting the next line with whitespace. Specify "!pattern"
to exclude a name from the list. The form "!/file/name" is supported
only in Postfix version 2.4 and later.  </p>

<p>
This feature is available in Postfix 2.2 and later.
</p>

%PARAM authorized_mailq_users static:anyone

<p>
List of users who are authorized to view the queue.
</p>

<p>
By default, all users are allowed to view the queue.  Access is
always granted if the invoking user is the super-user or the
$mail_owner user.  Otherwise, the real UID of the process is looked
up in the system password file, and access is granted only if the
corresponding login name is on the access list.  The username
"unknown" is used for processes whose real UID is not found in the
password file.  </p>

<p>
Specify a list of user names, "/file/name" or "type:table" patterns,
separated by commas and/or whitespace. The list is matched left to
right, and the search stops on the first match. A "/file/name"
pattern is replaced
by its contents; a "type:table" lookup table is matched when a name
matches a lookup key (the lookup result is ignored).  Continue long
lines by starting the next line with whitespace. Specify "!pattern"
to exclude a user name from the list. The form "!/file/name" is
supported only in Postfix version 2.4 and later.  </p>

<p>
This feature is available in Postfix 2.2 and later.
</p>

%PARAM authorized_submit_users static:anyone

<p>
List of users who are authorized to submit mail with the sendmail(1)
command (and with the privileged postdrop(1) helper command).
</p>

<p> 
By default, all users are allowed to submit mail.  Otherwise, the
real UID of the process is looked up in the system password file,
and access is granted only if the corresponding login name is on
the access list.  The username "unknown" is used for processes
whose real UID is not found in the password file. To deny mail
submission access to all users specify an empty list.  </p>

<p>
Specify a list of user names, "/file/name" or "type:table" patterns,
separated by commas and/or whitespace. The list is matched left to right,
and the search stops on the first match. A "/file/name" pattern is
replaced by its contents;
a "type:table" lookup table is matched when a name matches a lookup key
(the lookup result is ignored).  Continue long lines by starting the
next line with whitespace. Specify "!pattern" to exclude a user
name from the list. The form "!/file/name" is supported only in
Postfix version 2.4 and later.  </p>

<p>
Example:
</p>

<pre>
authorized_submit_users = !www, static:all
</pre>

<p>
This feature is available in Postfix 2.2 and later.
</p>

%PARAM backwards_bounce_logfile_compatibility yes

<p>
Produce additional bounce(8) logfile records that can be read by
Postfix versions before 2.0. The current and more extensible "name =
value" format is needed in order to implement more sophisticated
functionality.
</p>

<p>
This feature is available in Postfix 2.1 and later.
</p>

%PARAM bounce_notice_recipient postmaster

<p>
The recipient of postmaster notifications with the message headers
of mail that Postfix did not deliver and of SMTP conversation
transcripts of mail that Postfix did not receive.  This feature is
enabled with the notify_classes parameter.  </p>

%PARAM bounce_service_name bounce

<p>
The name of the bounce(8) service. This service maintains a record
of failed delivery attempts and generates non-delivery notifications.
</p>

<p>
This feature is available in Postfix 2.0 and later.
</p>

%PARAM broken_sasl_auth_clients no

<p>
Enable interoperability with remote SMTP clients that implement an obsolete
version of the AUTH command (RFC 4954). Examples of such clients
are MicroSoft Outlook Express version 4 and MicroSoft Exchange
version 5.0.
</p>

<p>
Specify "broken_sasl_auth_clients = yes" to have Postfix advertise
AUTH support in a non-standard way.
</p>

%PARAM cleanup_service_name cleanup

<p>
The name of the cleanup(8) service. This service rewrites addresses
into the standard form, and performs canonical(5) address mapping
and virtual(5) aliasing.
</p>

<p>
This feature is available in Postfix 2.0 and later.
</p>

%PARAM anvil_status_update_time 600s

<p>
How frequently the anvil(8) connection and rate limiting server
logs peak usage information.
</p>

<p>
This feature is available in Postfix 2.2 and later.
</p>

<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>

%PARAM enable_errors_to no

<p> Report mail delivery errors to the address specified with the
non-standard Errors-To: message header, instead of the envelope
sender address (this feature is removed with Postfix version 2.2, is
turned off by default with Postfix version 2.1, and is always turned on
with older Postfix versions).  </p>

%PARAM extract_recipient_limit 10240

<p>
The maximal number of recipient addresses that Postfix will extract
from message headers when mail is submitted with "<b>sendmail -t</b>".
</p>

<p>
This feature was removed in Postfix version 2.1.
</p>

%PARAM anvil_rate_time_unit 60s

<p>
The time unit over which client connection rates and other rates
are calculated.
</p>

<p>
This feature is implemented by the anvil(8) service which is available
in Postfix version 2.2 and later.
</p>

<p>
The default interval is relatively short. Because of the high
frequency of updates, the anvil(8) server uses volatile memory
only. Thus, information is lost whenever the process terminates.
</p>

<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>

%PARAM command_expansion_filter see "postconf -d" output

<p>
Restrict the characters that the local(8) delivery agent allows in
$name expansions of $mailbox_command and $command_execution_directory.
Characters outside the
allowed set are replaced by underscores.
</p>

%PARAM content_filter 

<p> After the message is queued, send the entire message to the
specified <i>transport:destination</i>. The <i>transport</i> name
specifies the first field of a mail delivery agent definition in
master.cf; the syntax of the next-hop <i>destination</i> is described
in the manual page of the corresponding delivery agent.  More
information about external content filters is in the Postfix
FILTER_README file.  </p>

<p> Notes: </p>

<ul>

<li> <p> This setting has lower precedence than a FILTER action
that is specified in an access(5), header_checks(5) or body_checks(5)
table. </p>

<li> <p> The meaning of an empty next-hop filter <i>destination</i>
is version dependent.  Postfix 2.7 and later will use the recipient
domain; earlier versions will use $myhostname.  Specify
"default_filter_nexthop = $myhostname" for compatibility with Postfix
2.6 or earlier, or specify a content_filter value with an explicit
next-hop <i>destination</i>.  </p>

</ul>

%PARAM default_delivery_slot_discount 50

<p>
The default value for transport-specific _delivery_slot_discount
settings.
</p>

<p>
This parameter speeds up the moment when a message preemption can
happen. Instead of waiting until the full amount of delivery slots
required is available, the preemption can happen when
transport_delivery_slot_discount percent of the required amount
plus transport_delivery_slot_loan still remains to be accumulated.
Note that the full amount will still have to be accumulated before
another preemption can take place later.
</p>

<p> Use <i>transport</i>_delivery_slot_discount to specify a
transport-specific override, where <i>transport</i> is the master.cf
name of the message delivery transport.
</p>

%PARAM default_delivery_slot_loan 3

<p>
The default value for transport-specific _delivery_slot_loan
settings.
</p>

<p>
This parameter speeds up the moment when a message preemption can
happen. Instead of waiting until the full amount of delivery slots
required is available, the preemption can happen when
transport_delivery_slot_discount percent of the required amount
plus transport_delivery_slot_loan still remains to be accumulated.
Note that the full amount will still have to be accumulated before
another preemption can take place later.
</p>

<p> Use <i>transport</i>_delivery_slot_loan to specify a
transport-specific override, where <i>transport</i> is the master.cf
name of the message delivery transport.
</p>

%CLASS verp VERP Support

<p>
With VERP style delivery, each recipient of a message receives a
customized copy of the message with his/her own recipient address
encoded in the envelope sender address.  The VERP_README file
describes configuration and operation details of Postfix support
for variable envelope return path addresses.  VERP style delivery
is requested with the SMTP XVERP command or with the "<b>sendmail
-V</b>" command-line option and is available in Postfix 
1.1 and later.
</p>

%PARAM default_verp_delimiters +=

<p> The two default VERP delimiter characters. These are used when
no explicit delimiters are specified with the SMTP XVERP command
or with the "<b>sendmail -V</b>" command-line option. Specify
characters that are allowed by the verp_delimiter_filter setting.
</p>

<p>
This feature is available in Postfix 1.1 and later.
</p>

%PARAM defer_service_name defer

<p>
The name of the defer service. This service is implemented by the
bounce(8) daemon and maintains a record
of failed delivery attempts and generates non-delivery notifications.
</p>

<p>
This feature is available in Postfix 2.0 and later.
</p>

%PARAM delay_notice_recipient postmaster

<p>
The recipient of postmaster notifications with the message headers
of mail that cannot be delivered within $delay_warning_time time
units.  </p>

<p>
See also: delay_warning_time, notify_classes.
</p>

%PARAM delay_warning_time 0h

<p>
The time after which the sender receives a copy of the message
headers of mail that is still queued. The confirm_delay_cleared
parameter controls sender notification when the delay clears up.
</p>

<p>
To enable this feature, specify a non-zero time value (an integral
value plus an optional one-letter suffix that specifies the time
unit).
</p>

<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is h (hours).
</p>

<p>
See also: delay_notice_recipient, notify_classes, confirm_delay_cleared.
</p>

%PARAM confirm_delay_cleared no

<p> After sending a "your message is delayed" notification, inform
the sender when the delay clears up. This can result in a sudden
burst of notifications at the end of a prolonged network outage,
and is therefore disabled by default. </p>

<p> See also: delay_warning_time. </p>

<p> This feature is available in Postfix 3.0 and later. </p>

%PARAM disable_dns_lookups no

<p>
Disable DNS lookups in the Postfix SMTP and LMTP clients. When
disabled, hosts are looked up with the getaddrinfo() system
library routine which normally also looks in /etc/hosts.  As of
Postfix 2.11, this parameter is deprecated; use smtp_dns_support_level
instead.
</p>

<p>
DNS lookups are enabled by default.
</p>

%CLASS mime MIME Processing

<p>
MIME processing is available in Postfix as of version 2.0.  Older
Postfix versions do not recognize MIME headers inside the message
body.
</p>

%PARAM disable_mime_input_processing no

<p>
Turn off MIME processing while receiving mail. This means that no
special treatment is given to Content-Type: message headers, and
that all text after the initial message headers is considered to
be part of the message body.
</p>

<p>
This feature is available in Postfix 2.0 and later.
</p>

<p>
Mime input processing is enabled by default, and is needed in order
to recognize MIME headers in message content.
</p>

%PARAM disable_mime_output_conversion no

<p>
Disable the conversion of 8BITMIME format to 7BIT format.  Mime
output conversion is needed when the destination does not advertise
8BITMIME support.
</p>

<p>
This feature is available in Postfix 2.0 and later.
</p>

%PARAM disable_verp_bounces no

<p>
Disable sending one bounce report per recipient.
</p>

<p>
The default, one per recipient, is what ezmlm needs.
</p>

<p>
This feature is available in Postfix 1.1 and later.
</p>

%PARAM dont_remove 0

<p>
Don't remove queue files and save them to the "saved" mail queue.
This is a debugging aid.  To inspect the envelope information and
content of a Postfix queue file, use the postcat(1) command.
</p>

%PARAM empty_address_recipient MAILER-DAEMON

<p>
The recipient of mail addressed to the null address.  Postfix does
not accept such addresses in SMTP commands, but they may still be
created locally as the result of configuration or software error.
</p>

%PARAM error_notice_recipient postmaster

<p> The recipient of postmaster notifications about mail delivery
problems that are caused by policy, resource, software or protocol
errors.  These notifications are enabled with the notify_classes
parameter.  </p>

%PARAM error_service_name error

<p>
The name of the error(8) pseudo delivery agent. This service always
returns mail as undeliverable.
</p>

<p>
This feature is available in Postfix 2.0 and later.
</p>

%PARAM expand_owner_alias no

<p>
When delivering to an alias "aliasname" that has an "owner-aliasname"
companion alias, set the envelope sender address to the expansion
of the "owner-aliasname" alias. Normally, Postfix sets the envelope
sender address to the name of the "owner-aliasname" alias.
</p>

%PARAM fallback_transport 

<p>
Optional message delivery transport that the local(8) delivery
agent should use for names that are not found in the aliases(5)
or UNIX password database.
</p>
 
<p> The precedence of local(8) delivery features from high to low
is: aliases, .forward files, mailbox_transport_maps, mailbox_transport,
mailbox_command_maps, mailbox_command, home_mailbox, mail_spool_directory,
fallback_transport_maps, fallback_transport and luser_relay.  </p>

%PARAM fault_injection_code 0

<p>
Force specific internal tests to fail, to test the handling of
errors that are difficult to reproduce otherwise.
</p>

%PARAM flush_service_name flush

<p>
The name of the flush(8) service. This service maintains per-destination
logfiles with the queue file names of mail that is queued for those
destinations.
</p>

<p>
This feature is available in Postfix 2.0 and later.
</p>

%PARAM forward_expansion_filter see "postconf -d" output

<p>
Restrict the characters that the local(8) delivery agent allows in
$name expansions of $forward_path.  Characters outside the
allowed set are replaced by underscores.
</p>

%PARAM header_address_token_limit 10240

<p>
The maximal number of address tokens are allowed in an address
message header. Information that exceeds the limit is discarded.
The limit is enforced by the cleanup(8) server.
</p>

%PARAM helpful_warnings yes

<p>
Log warnings about problematic configuration settings, and provide
helpful suggestions.
</p>

<p>
This feature is available in Postfix 2.0 and later.
</p>

%PARAM lmtp_cache_connection yes

<p>
Keep Postfix LMTP client connections open for up to $max_idle
seconds. When the LMTP client receives a request for the same
connection the connection is reused.
</p>

<p> This parameter is available in Postfix version 2.2 and earlier.
With Postfix version 2.3 and later, see lmtp_connection_cache_on_demand,
lmtp_connection_cache_destinations, or lmtp_connection_reuse_time_limit.
</p>

<p>
The effectiveness of cached connections will be determined by the
number of remote LMTP servers in use, and the concurrency limit specified
for the Postfix LMTP client. Cached connections are closed under any of
the following conditions:
</p>

<ul>

<li> The Postfix LMTP client idle time limit is reached.  This limit is
specified with the Postfix max_idle configuration parameter.

<li> A delivery request specifies a different destination than the
one currently cached.

<li> The per-process limit on the number of delivery requests is
reached.  This limit is specified with the Postfix max_use
configuration parameter.

<li> Upon the onset of another delivery request, the remote LMTP server
associated with the current session does not respond to the RSET
command.

</ul>

<p>
Most of these limitations have been with the Postfix
a connection cache that is shared among multiple LMTP client
programs.
</p>

%PARAM lmtp_sasl_auth_enable no

<p>
Enable SASL authentication in the Postfix LMTP client.
</p>

%PARAM lmtp_sasl_password_maps 

<p>
Optional Postfix LMTP client lookup tables with one username:password entry
per host or domain.  If a remote host or domain has no username:password
entry, then the Postfix LMTP client will not attempt to authenticate
to the remote host.
</p>

%PARAM lmtp_sasl_security_options noplaintext, noanonymous

<p> SASL security options; as of Postfix 2.3 the list of available
features depends on the SASL client implementation that is selected
with <b>lmtp_sasl_type</b>.  </p>

<p> The following security features are defined for the <b>cyrus</b>
client SASL implementation: </p>

<dl>

<dt><b>noplaintext</b></dt>

<dd>Disallow authentication methods that use plaintext passwords. </dd>

<dt><b>noactive</b></dt>

<dd>Disallow authentication methods that are vulnerable to non-dictionary
active attacks. </dd>

<dt><b>nodictionary</b></dt>

<dd>Disallow authentication methods that are vulnerable to passive
dictionary attack. </dd>

<dt><b>noanonymous</b></dt>

<dd>Disallow anonymous logins. </dd>

</dl>

<p>
Example:
</p>

<pre>
lmtp_sasl_security_options = noplaintext
</pre>

%PARAM lmtp_tcp_port 24

<p>
The default TCP port that the Postfix LMTP client connects to.
</p>

%PARAM mail_release_date see "postconf -d" output

<p>
The Postfix release date, in "YYYYMMDD" format.
</p>

%PARAM mailbox_command_maps 

<p>
Optional lookup tables with per-recipient external commands to use
for local(8) mailbox delivery.  Behavior is as with mailbox_command.
</p>

<p> The precedence of local(8) delivery features from high to low
is: aliases, .forward files, mailbox_transport_maps, mailbox_transport,
mailbox_command_maps, mailbox_command, home_mailbox, mail_spool_directory,
fallback_transport_maps, fallback_transport and luser_relay.  </p>

<p>
Specify zero or more "type:name" lookup tables, separated by
whitespace or comma. Tables will be searched in the specified order
until a match is found.
</p>

%PARAM mailbox_delivery_lock see "postconf -d" output

<p>
How to lock a UNIX-style local(8) mailbox before attempting delivery.
For a list of available file locking methods, use the "<b>postconf
-l</b>" command.
</p>

<p>
This setting is ignored with <b>maildir</b> style delivery,
because such deliveries are safe without explicit locks.
</p>

<p>
Note: The <b>dotlock</b> method requires that the recipient UID or
GID has write access to the parent directory of the mailbox file.
</p>

<p>
Note: the default setting of this parameter is system dependent.
</p>

%PARAM mailbox_transport 

<p>
Optional message delivery transport that the local(8) delivery
agent should use for mailbox delivery to all local recipients,
whether or not they are found in the UNIX passwd database.
</p>

<p> The precedence of local(8) delivery features from high to low
is: aliases, .forward files, mailbox_transport_maps, mailbox_transport,
mailbox_command_maps, mailbox_command, home_mailbox, mail_spool_directory,
fallback_transport_maps, fallback_transport and luser_relay.  </p>

%PARAM mailq_path see "postconf -d" output

<p>
Sendmail compatibility feature that specifies where the Postfix
mailq(1) command is installed. This command can be used to
list the Postfix mail queue.
</p>

%PARAM manpage_directory see "postconf -d" output

<p>
Where the Postfix manual pages are installed.
</p>

%PARAM maps_rbl_domains 

<p>
Obsolete feature: use the reject_rbl_client feature instead.
</p>

%PARAM mime_boundary_length_limit 2048

<p>
The maximal length of MIME multipart boundary strings. The MIME
processor is unable to distinguish between boundary strings that
do not differ in the first $mime_boundary_length_limit characters.
</p>

<p>
This feature is available in Postfix 2.0 and later.
</p>

%PARAM mime_header_checks $header_checks

<p>
Optional lookup tables for content inspection of MIME related
message headers, as described in the header_checks(5) manual page.
</p>

<p>
This feature is available in Postfix 2.0 and later.
</p>

%PARAM mime_nesting_limit 100

<p>
The maximal recursion level that the MIME processor will handle.
Postfix refuses mail that is nested deeper than the specified limit.
</p>

<p>
This feature is available in Postfix 2.0 and later.
</p>

%PARAM mynetworks_style Postfix &ge; 3.0: host, Postfix &lt; 3.0: subnet

<p>
The method to generate the default value for the mynetworks parameter.
This is the list of trusted networks for relay access control etc.
</p>

<ul>

<li><p>Specify "mynetworks_style = host" when Postfix should
"trust" only the local machine. </p>

<li><p>Specify "mynetworks_style = subnet" when Postfix
should "trust" remote SMTP clients in the same IP subnetworks as the local
machine.  On Linux, this works correctly only with interfaces
specified with the "ifconfig" command. </p>

<li><p>Specify "mynetworks_style = class" when Postfix should
"trust" remote SMTP clients in the same IP class A/B/C networks as the
local machine.  Caution: this may cause
Postfix to "trust" your entire provider's network.  Instead, specify
an explicit mynetworks list by hand, as described with the mynetworks
configuration parameter. </p>

</ul>

%PARAM nested_header_checks $header_checks

<p>
Optional lookup tables for content inspection of non-MIME message
headers in attached messages, as described in the header_checks(5)
manual page.
</p>

<p>
This feature is available in Postfix 2.0 and later.
</p>

%PARAM newaliases_path see "postconf -d" output

<p>
Sendmail compatibility feature that specifies the location of the
newaliases(1) command. This command can be used to rebuild the
local(8) aliases(5) database.
</p>

%PARAM non_fqdn_reject_code 504

<p>
The numerical Postfix SMTP server reply code when a client request
is rejected by the reject_non_fqdn_helo_hostname, reject_non_fqdn_sender
or reject_non_fqdn_recipient restriction.
</p>

%PARAM owner_request_special yes

<p>
Give special treatment to owner-listname and listname-request
address localparts: don't split such addresses when the
recipient_delimiter is set to "-".  This feature is useful for
mailing lists.
</p>

%PARAM permit_mx_backup_networks 

<p>
Restrict the use of the permit_mx_backup SMTP access feature to
only domains whose primary MX hosts match the listed networks.
The parameter value syntax is the same as with the mynetworks
parameter; note, however, that the default value is empty.  </p>

<p> Pattern matching of domain names is controlled by the presence
or absence of "permit_mx_backup_networks" in the
parent_domain_matches_subdomains parameter value.  </p>

%PARAM pickup_service_name pickup

<p>
The name of the pickup(8) service. This service picks up local mail
submissions from the Postfix maildrop queue.
</p>

<p>
This feature is available in Postfix 2.0 and later.
</p>

%PARAM prepend_delivered_header command, file, forward

<p> The message delivery contexts where the Postfix local(8) delivery
agent prepends a Delivered-To:  message header with the address
that the mail was delivered to. This information is used for mail
delivery loop detection.  </p>

<p>
By default, the Postfix local delivery agent prepends a Delivered-To:
header when forwarding mail and when delivering to file (mailbox)
and command. Turning off the Delivered-To: header when forwarding
mail is not recommended.
</p>

<p>
Specify zero or more of <b>forward</b>, <b>file</b>, or <b>command</b>.
</p>

<p>
Example:
</p>

<pre>
prepend_delivered_header = forward
</pre>

%PARAM process_name read-only

<p>
The process name of a Postfix command or daemon process.
</p>

%PARAM process_id read-only

<p>
The process ID of a Postfix command or daemon process.
</p>

%PARAM process_id_directory pid

<p>
The location of Postfix PID files relative to $queue_directory.
This is a read-only parameter.
</p>

%PARAM proxy_read_maps see "postconf -d" output

<p>
The lookup tables that the proxymap(8) server is allowed to 
access for the read-only service.
</p>

<p>
Specify zero or more "type:name" lookup tables, separated by
whitespace or comma.
Table references that don't begin with proxy: are ignored.
</p>

<p>
This feature is available in Postfix 2.0 and later.
</p>

%PARAM proxy_write_maps see "postconf -d" output

<p> The lookup tables that the proxymap(8) server is allowed to
access for the read-write service. Postfix-owned local database
files should be stored under the Postfix-owned data_directory.
Table references that don't begin with proxy: are ignored.  </p>

<p>
This feature is available in Postfix 2.5 and later.
</p>

%PARAM qmgr_clog_warn_time 300s

<p>
The minimal delay between warnings that a specific destination is
clogging up the Postfix active queue. Specify 0 to disable.
</p>

<p>
This feature is enabled with the helpful_warnings parameter.
</p>

<p>
This feature is available in Postfix 2.0 and later.
</p>

%PARAM qmgr_fudge_factor 100

<p>
Obsolete feature: the percentage of delivery resources that a busy
mail system will use up for delivery of a large mailing  list
message.
</p>

<p>
This feature exists only in the oqmgr(8) old queue manager. The
current queue manager solves the problem in a better way.
</p>

%PARAM queue_directory see "postconf -d" output

<p>
The location of the Postfix top-level queue directory. This is the
root directory of Postfix daemon processes that run chrooted.
</p>

%PARAM queue_file_attribute_count_limit 100

<p>
The maximal number of (name=value) attributes that may be stored
in a Postfix queue file. The limit is enforced by the cleanup(8)
server.
</p>

<p>
This feature is available in Postfix 2.0 and later.
</p>

%PARAM queue_service_name qmgr

<p>
The name of the qmgr(8) service. This service manages the Postfix
queue and schedules delivery requests.
</p>

<p>
This feature is available in Postfix 2.0 and later.
</p>

%PARAM html_directory see "postconf -d" output

<p>
The location of Postfix HTML files that describe how to build,
configure or operate a specific Postfix subsystem or feature.
</p>

%PARAM readme_directory see "postconf -d" output

<p>
The location of Postfix README files that describe how to build,
configure or operate a specific Postfix subsystem or feature.
</p>

%PARAM relay_transport relay

<p>
The default mail delivery transport and next-hop destination for
remote delivery to domains listed with $relay_domains. In order of
decreasing precedence, the nexthop destination is taken from
$relay_transport, $sender_dependent_relayhost_maps, $relayhost, or
from the recipient domain. This information can be overruled with
the transport(5) table.
</p>

<p>
Specify a string of the form <i>transport:nexthop</i>, where <i>transport</i>
is the name of a mail delivery transport defined in master.cf.
The <i>:nexthop</i> destination is optional; its syntax is documented 
in the manual page of the corresponding delivery agent.
</p>

<p>
See also the relay domains address class in the ADDRESS_CLASS_README
file.
</p>

<p>
This feature is available in Postfix 2.0 and later.
</p>

%PARAM rewrite_service_name rewrite

<p>
The name of the address rewriting service. This service rewrites
addresses to standard form and resolves them to a (delivery method,
next-hop host, recipient) triple.
</p>

<p>
This feature is available in Postfix 2.0 and later.
</p>

%PARAM sample_directory /etc/postfix

<p>
The name of the directory with example Postfix configuration files.
Starting with Postfix 2.1, these files have been replaced with the
postconf(5) manual page.
</p>

%PARAM sender_based_routing no

<p>
This parameter should not be used. It was replaced by sender_dependent_relayhost_maps
in Postfix version 2.3.
</p>

%PARAM sendmail_path see "postconf -d" output

<p>
A Sendmail compatibility feature that specifies the location of
the Postfix sendmail(1) command. This command can be used to
submit mail into the Postfix queue.
</p>

%PARAM service_throttle_time 60s

<p>
How long the Postfix master(8) waits before forking a server that
appears to be malfunctioning.
</p>

<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>

%PARAM setgid_group postdrop

<p>
The group ownership of set-gid Postfix commands and of group-writable
Postfix directories. When this parameter value is changed you need
to re-run "<b>postfix set-permissions</b>" (with Postfix version 2.0 and
earlier: "<b>/etc/postfix/post-install set-permissions</b>".
</p>

%PARAM show_user_unknown_table_name yes

<p>
Display the name of the recipient table in the "User unknown"
responses.  The extra detail makes trouble shooting easier but also
reveals information that is nobody elses business.
</p>

<p>
This feature is available in Postfix 2.0 and later.
</p>

%PARAM showq_service_name showq

<p>
The name of the showq(8) service. This service produces mail queue
status reports.
</p>

<p>
This feature is available in Postfix 2.0 and later.
</p>

%PARAM smtp_pix_workaround_delay_time 10s

<p>
How long the Postfix SMTP client pauses before sending
".&lt;CR&gt;&lt;LF&gt;" in order to work around the PIX firewall
"&lt;CR&gt;&lt;LF&gt;.&lt;CR&gt;&lt;LF&gt;" bug.
</p>

<p>
Choosing a too short time makes this workaround ineffective when
sending large messages over slow network connections.
</p>

%PARAM smtp_randomize_addresses yes

<p>
Randomize the order of equal-preference MX host addresses.  This
is a performance feature of the Postfix SMTP client.
</p>

%PARAM smtp_rset_timeout 20s

<p> The Postfix SMTP client time limit for sending the RSET command,
and for receiving the remote SMTP server response. The SMTP client
sends RSET in
order to finish a recipient address probe, or to verify that a
cached session is still usable.  </p>

<p> This feature is available in Postfix 2.1 and later.  </p>

%PARAM smtpd_data_restrictions 

<p>
Optional access restrictions that the Postfix SMTP server applies
in the context of the SMTP DATA command.
See SMTPD_ACCESS_README, section "Delayed evaluation of SMTP access
restriction lists" for a discussion of evaluation context and time.
</p>

<p>
This feature is available in Postfix 2.0 and later.
</p>

<p>
Specify a list of restrictions, separated by commas and/or whitespace.
Continue long lines by starting the next line with whitespace.
Restrictions are applied in the order as specified; the first
restriction that matches wins.
</p>

<p>
The following restrictions are valid in this context:
</p>

<ul>

<li><a href="#generic">Generic</a> restrictions that can be used
in any SMTP command context, described under smtpd_client_restrictions.

<li>SMTP command specific restrictions described under
smtpd_client_restrictions, smtpd_helo_restrictions,
smtpd_sender_restrictions or smtpd_recipient_restrictions.

<li>However, no recipient information is available in the case of
multi-recipient mail. Acting on only one recipient would be misleading,
because any decision will affect all recipients equally. Acting on
all recipients would require a possibly very large amount of memory,
and would also be misleading for the reasons mentioned before.

</ul>

<p>
Examples:
</p>

<pre>
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_data_restrictions = reject_multi_recipient_bounce
</pre>

%PARAM smtpd_end_of_data_restrictions 

<p> Optional access restrictions that the Postfix SMTP server
applies in the context of the SMTP END-OF-DATA command.
See SMTPD_ACCESS_README, section "Delayed evaluation of SMTP access
restriction lists" for a discussion of evaluation context and time.
</p>

<p> This feature is available in Postfix 2.2 and later. </p>

<p> See smtpd_data_restrictions for details and limitations. </p>

%PARAM smtpd_delay_reject yes

<p>
Wait until the RCPT TO command before evaluating
$smtpd_client_restrictions, $smtpd_helo_restrictions and
$smtpd_sender_restrictions, or wait until the ETRN command before
evaluating $smtpd_client_restrictions and $smtpd_helo_restrictions.
</p>

<p>
This feature is turned on by default because some clients apparently
mis-behave when the Postfix SMTP server rejects commands before
RCPT TO.
</p>

<p>
The default setting has one major benefit: it allows Postfix to log
recipient address information when rejecting a client name/address
or sender address, so that it is possible to find out whose mail
is being rejected.
</p>

%PARAM smtpd_null_access_lookup_key &lt;&gt;

<p>
The lookup key to be used in SMTP access(5) tables instead of the
null sender address.
</p>

%CLASS smtpd-policy SMTP server policy delegation

<p>
The Postfix SMTP server has a number of built-in mechanisms to
block or accept mail at specific SMTP protocol stages. As of version
2.1 Postfix can be configured to delegate policy decisions to an
external server that runs outside Postfix. See the file
SMTPD_POLICY_README for more information.
</p>

%PARAM smtpd_policy_service_max_idle 300s

<p>
The time after which an idle SMTPD policy service connection is
closed.
</p>

<p>
This feature is available in Postfix 2.1 and later.
</p>

%PARAM smtpd_policy_service_max_ttl 1000s

<p>
The time after which an active SMTPD policy service connection is
closed.
</p>

<p>
This feature is available in Postfix 2.1 and later.
</p>

%PARAM smtpd_policy_service_timeout 100s

<p>
The time limit for connecting to, writing to, or receiving from a
delegated SMTPD policy server.
</p>

<p>
This feature is available in Postfix 2.1 and later.
</p>

%PARAM smtpd_policy_service_request_limit 0

<p>
The maximal number of requests per SMTPD policy service connection,
or zero (no limit). Once a connection reaches this limit, the
connection is closed and the next request will be sent over a new
connection. This is a workaround to avoid error-recovery delays
with policy servers that cannot maintain a persistent connection.
</p>

<p>
This feature is available in Postfix 3.0 and later.
</p>

%PARAM smtpd_reject_unlisted_recipient yes

<p>
Request that the Postfix SMTP server rejects mail for unknown
recipient addresses, even when no explicit reject_unlisted_recipient
access restriction is specified. This prevents the Postfix queue
from filling up with undeliverable MAILER-DAEMON messages.
</p>

<p> An address is always considered "known" when it matches a
virtual(5) alias or a canonical(5) mapping.

<ul>

<li> The recipient domain matches $mydestination, $inet_interfaces
or $proxy_interfaces, but the recipient is not listed in
$local_recipient_maps, and $local_recipient_maps is not null.

<li> The recipient domain matches $virtual_alias_domains but the
recipient is not listed in $virtual_alias_maps.

<li> The recipient domain matches $virtual_mailbox_domains but the
recipient is not listed in $virtual_mailbox_maps, and $virtual_mailbox_maps
is not null.

<li> The recipient domain matches $relay_domains but the recipient
is not listed in $relay_recipient_maps, and $relay_recipient_maps
is not null.

</ul>

<p>
This feature is available in Postfix 2.1 and later.
</p>

%PARAM smtpd_reject_unlisted_sender no

<p> Request that the Postfix SMTP server rejects mail from unknown
sender addresses, even when no explicit reject_unlisted_sender
access restriction is specified. This can slow down an explosion
of forged mail from worms or viruses.  </p>

<p> An address is always considered "known" when it matches a
virtual(5) alias or a canonical(5) mapping.

<ul>

<li> The sender domain matches $mydestination, $inet_interfaces or
$proxy_interfaces, but the sender is not listed in
$local_recipient_maps, and $local_recipient_maps is not null.

<li> The sender domain matches $virtual_alias_domains but the sender
is not listed in $virtual_alias_maps.

<li> The sender domain matches $virtual_mailbox_domains but the
sender is not listed in $virtual_mailbox_maps, and $virtual_mailbox_maps
is not null.

<li> The sender domain matches $relay_domains but the sender is
not listed in $relay_recipient_maps, and $relay_recipient_maps is
not null.

</ul>

<p>
This feature is available in Postfix 2.1 and later.
</p>

%PARAM smtpd_restriction_classes 

<p>
User-defined aliases for groups of access restrictions. The aliases
can be specified in smtpd_recipient_restrictions etc., and on the
right-hand side of a Postfix access(5) table.
</p>

<p>
One major application is for implementing per-recipient UCE control.
See the RESTRICTION_CLASS_README document for other examples.
</p>

%PARAM smtpd_sasl_application_name smtpd

<p>
The application name that the Postfix SMTP server uses for SASL
server initialization. This
controls the name of the SASL configuration file. The default value
is <b>smtpd</b>, corresponding to a SASL configuration file named
<b>smtpd.conf</b>.
</p>

<p>
This feature is available in Postfix 2.1 and 2.2. With Postfix 2.3
it was renamed to smtpd_sasl_path.
</p>

%PARAM strict_7bit_headers no

<p>
Reject mail with 8-bit text in message headers. This blocks mail
from poorly written applications.
</p>

<p>
This feature should not be enabled on a general purpose mail server,
because it is likely to reject legitimate email.
</p>

<p>
This feature is available in Postfix 2.0 and later.
</p>

%PARAM strict_8bitmime no

<p>
Enable both strict_7bit_headers and strict_8bitmime_body.
</p>

<p>
This feature should not be enabled on a general purpose mail server,
because it is likely to reject legitimate email.
</p>

<p>
This feature is available in Postfix 2.0 and later.
</p>

%PARAM strict_8bitmime_body no

<p>
Reject 8-bit message body text without 8-bit MIME content encoding
information.  This blocks mail from poorly written applications.
</p>

<p>
Unfortunately, this also rejects majordomo approval requests when
the included request contains valid 8-bit MIME mail, and it rejects
bounces from mailers that do not MIME encapsulate 8-bit content
(for example, bounces from qmail or from old versions of Postfix).
</p>

<p>
This feature should not be enabled on a general purpose mail server,
because it is likely to reject legitimate email.
</p>

<p>
This feature is available in Postfix 2.0 and later.
</p>

%PARAM strict_mime_encoding_domain no

<p>
Reject mail with invalid Content-Transfer-Encoding: information
for the message/* or multipart/* MIME content types.  This blocks
mail from poorly written software.
</p>

<p>
This feature should not be enabled on a general purpose mail server,
because it will reject mail after a single violation.
</p>

<p>
This feature is available in Postfix 2.0 and later.
</p>

%PARAM sun_mailtool_compatibility no

<p>
Obsolete SUN mailtool compatibility feature. Instead, use
"mailbox_delivery_lock = dotlock".
</p>

%PARAM trace_service_name trace

<p>
The name of the trace service. This service is implemented by the
bounce(8) daemon and maintains a record
of mail deliveries and produces a mail delivery report when verbose
delivery is requested with "<b>sendmail -v</b>".
</p>

<p>
This feature is available in Postfix 2.1 and later.
</p>

%PARAM undisclosed_recipients_header see "postconf -d" output

<p>
Message header that the Postfix cleanup(8) server inserts when a
message contains no To: or Cc: message header. With Postfix 2.8
and later, the default value is empty. With Postfix 2.4-2.7,
specify an empty value to disable this feature.  </p>

<p> Example: </p>

<pre>
# Default value before Postfix 2.8.
# Note: the ":" and ";" are both required.
undisclosed_recipients_header = To: undisclosed-recipients:;
</pre>

%PARAM unknown_relay_recipient_reject_code 550

<p>
The numerical Postfix SMTP server reply code when a recipient
address matches $relay_domains, and relay_recipient_maps specifies
a list of lookup tables that does not match the recipient address.
</p>

<p>
This feature is available in Postfix 2.0 and later.
</p>

%PARAM unknown_virtual_alias_reject_code 550

<p>
The Postfix SMTP server reply code when a recipient address matches
$virtual_alias_domains, and $virtual_alias_maps specifies a list
of lookup tables that does not match the recipient address.
</p>

<p>
This feature is available in Postfix 2.0 and later.
</p>

%PARAM unknown_virtual_mailbox_reject_code 550

<p>
The Postfix SMTP server reply code when a recipient address matches
$virtual_mailbox_domains, and $virtual_mailbox_maps specifies a list
of lookup tables that does not match the recipient address.
</p>

<p>
This feature is available in Postfix 2.0 and later.
</p>

%PARAM verp_delimiter_filter -=+

<p>
The characters Postfix accepts as VERP delimiter characters on the
Postfix sendmail(1) command line and in SMTP commands.
</p>

<p>
This feature is available in Postfix 1.1 and later.
</p>

%PARAM virtual_gid_maps 

<p>
Lookup tables with the per-recipient group ID for virtual(8) mailbox
delivery.
</p>

<p> This parameter is specific to the virtual(8) delivery agent.
It does not apply when mail is delivered with a different mail
delivery program.  </p>

<p>
Specify zero or more "type:name" lookup tables, separated by
whitespace or comma. Tables will be searched in the specified order
until a match is found.
</p>

<p>
In a lookup table, specify a left-hand side of "@domain.tld" to
match any user in the specified domain that does not have a specific
"user@domain.tld" entry.
</p>

<p>
When a recipient address has an optional address extension
(user+foo@domain.tld), the virtual(8) delivery agent looks up
the full address first, and when the lookup fails, it looks up the
unextended address (user@domain.tld).
</p>

<p>
Note 1: for security reasons, the virtual(8) delivery agent disallows
regular expression substitution of $1 etc. in regular expression
lookup tables, because that would open a security hole.
</p>

<p>
Note 2: for security reasons, the virtual(8) delivery agent will
silently ignore requests to use the proxymap(8) server. Instead
it will open the table directly. Before Postfix version 2.2, the
virtual(8) delivery agent will terminate with a fatal error.
</p>

%PARAM virtual_mailbox_base 

<p>
A prefix that the virtual(8) delivery agent prepends to all pathname
results from $virtual_mailbox_maps table lookups.  This is a safety
measure to ensure that an out of control map doesn't litter the
file system with mailboxes.  While virtual_mailbox_base could be
set to "/", this setting isn't recommended.
</p>

<p> This parameter is specific to the virtual(8) delivery agent.
It does not apply when mail is delivered with a different mail
delivery program.  </p>

<p>
Example:
</p>

<pre>
virtual_mailbox_base = /var/mail
</pre>

%PARAM virtual_mailbox_domains $virtual_mailbox_maps

<p> Postfix is final destination for the specified list of domains;
mail is delivered via the $virtual_transport mail delivery transport.
By default this is the Postfix virtual(8) delivery agent.  The SMTP
server validates recipient addresses with $virtual_mailbox_maps
and rejects mail for non-existent recipients.  See also the virtual
mailbox domain class in the ADDRESS_CLASS_README file.  </p>

<p> This parameter expects the same syntax as the mydestination
configuration parameter.  </p>

<p>
This feature is available in Postfix 2.0 and later. The default
value is backwards compatible with Postfix version 1.1.
</p>

%PARAM virtual_mailbox_limit 51200000

<p>
The maximal size in bytes of an individual virtual(8) mailbox or
maildir file, or zero (no limit).  </p>

<p> This parameter is specific to the virtual(8) delivery agent.
It does not apply when mail is delivered with a different mail
delivery program.  </p>

%PARAM virtual_mailbox_lock see "postconf -d" output

<p>
How to lock a UNIX-style virtual(8) mailbox before attempting
delivery.  For a list of available file locking methods, use the
"<b>postconf -l</b>" command.
</p>

<p> This parameter is specific to the virtual(8) delivery agent.
It does not apply when mail is delivered with a different mail
delivery program.  </p>

<p>
This setting is ignored with <b>maildir</b> style delivery, because
such deliveries are safe without application-level locks.
</p>

<p>
Note 1: the <b>dotlock</b> method requires that the recipient UID
or GID has write access to the parent directory of the recipient's
mailbox file.
</p>

<p>
Note 2: the default setting of this parameter is system dependent.
</p>

%PARAM virtual_mailbox_maps 

<p>
Optional lookup tables with all valid addresses in the domains that
match $virtual_mailbox_domains.
</p>

<p>
Specify zero or more "type:name" lookup tables, separated by
whitespace or comma. Tables will be searched in the specified order
until a match is found.
</p>

<p>
In a lookup table, specify a left-hand side of "@domain.tld" to
match any user in the specified domain that does not have a specific
"user@domain.tld" entry.
</p>

<p> The remainder of this text is specific to the virtual(8) delivery
agent.  It does not apply when mail is delivered with a different
mail delivery program.  </p>

<p>
The virtual(8) delivery agent uses this table to look up the
per-recipient mailbox or maildir pathname.  If the lookup result
ends in a slash ("/"), maildir-style delivery is carried out,
otherwise the path is assumed to specify a UNIX-style mailbox file.
Note that $virtual_mailbox_base is unconditionally prepended to
this path.
</p>

<p>
When a recipient address has an optional address extension
(user+foo@domain.tld), the virtual(8) delivery agent looks up
the full address first, and when the lookup fails, it looks up the
unextended address (user@domain.tld).
</p>

<p>
Note 1: for security reasons, the virtual(8) delivery agent disallows
regular expression substitution of $1 etc. in regular expression
lookup tables, because that would open a security hole.
</p>

<p>
Note 2: for security reasons, the virtual(8) delivery agent will
silently ignore requests to use the proxymap(8) server. Instead
it will open the table directly. Before Postfix version 2.2, the
virtual(8) delivery agent will terminate with a fatal error.
</p>

%PARAM virtual_minimum_uid 100

<p>
The minimum user ID value that the virtual(8) delivery agent accepts
as a result from $virtual_uid_maps table lookup.  Returned
values less than this will be rejected, and the message will be
deferred.
</p>

<p> This parameter is specific to the virtual(8) delivery agent.
It does not apply when mail is delivered with a different mail
delivery program.  </p>

%PARAM virtual_transport virtual

<p>
The default mail delivery transport and next-hop destination for
final delivery to domains listed with $virtual_mailbox_domains.
This information can be overruled with the transport(5) table.
</p>

<p>
Specify a string of the form <i>transport:nexthop</i>, where <i>transport</i>
is the name of a mail delivery transport defined in master.cf.
The <i>:nexthop</i> destination is optional; its syntax is documented 
in the manual page of the corresponding delivery agent.
</p>

<p>
This feature is available in Postfix 2.0 and later.
</p>

%PARAM virtual_uid_maps 

<p>
Lookup tables with the per-recipient user ID that the virtual(8)
delivery agent uses while writing to the recipient's mailbox.
</p>

<p> This parameter is specific to the virtual(8) delivery agent.
It does not apply when mail is delivered with a different mail
delivery program.  </p>

<p>
Specify zero or more "type:name" lookup tables, separated by
whitespace or comma. Tables will be searched in the specified order
until a match is found.
</p>

<p>
In a lookup table, specify a left-hand side of "@domain.tld"
to match any user in the specified domain that does not have a
specific "user@domain.tld" entry.
</p>

<p>
When a recipient address has an optional address extension
(user+foo@domain.tld), the virtual(8) delivery agent looks up
the full address first, and when the lookup fails, it looks up the
unextended address (user@domain.tld).
</p>

<p>
Note 1: for security reasons, the virtual(8) delivery agent disallows
regular expression substitution of $1 etc. in regular expression
lookup tables, because that would open a security hole.
</p>

<p>
Note 2: for security reasons, the virtual(8) delivery agent will
silently ignore requests to use the proxymap(8) server. Instead
it will open the table directly. Before Postfix version 2.2, the
virtual(8) delivery agent will terminate with a fatal error.
</p>

%PARAM config_directory see "postconf -d" output

<p> The default location of the Postfix main.cf and master.cf
configuration files. This can be overruled via the following
mechanisms: </p>

<ul>

<li> <p> The MAIL_CONFIG environment variable (daemon processes
and commands). </p>

<li> <p> The "-c" command-line option (commands only). </p>

</ul>

<p> With Postfix command that run with set-gid privileges, a
config_directory override requires either root privileges, or it
requires that the directory is listed with the alternate_config_directories
parameter in the default main.cf file.  </p>

%PARAM virtual_maps

<p> Optional lookup tables with a) names of domains for which all
addresses are aliased to addresses in other local or remote domains,
and b) addresses that are aliased to addresses in other local or
remote domains.  Available before Postfix version 2.0. With Postfix
version 2.0 and later, this is replaced by separate controls: virtual_alias_domains
and virtual_alias_maps. </p>

%PARAM smtp_discard_ehlo_keywords

<p> A case insensitive list of EHLO keywords (pipelining, starttls,
auth, etc.) that the Postfix SMTP client will ignore in the EHLO
response from a remote SMTP server. </p>

<p> This feature is available in Postfix 2.2 and later. </p>

<p> Notes: </p>

<ul>

<li> <p> Specify the <b>silent-discard</b> pseudo keyword to prevent
this action from being logged. </p>

<li> <p> Use the smtp_discard_ehlo_keyword_address_maps feature to
discard EHLO keywords selectively. </p>

</ul>

%PARAM smtpd_discard_ehlo_keywords

<p> A case insensitive list of EHLO keywords (pipelining, starttls,
auth, etc.) that the Postfix SMTP server will not send in the EHLO
response
to a remote SMTP client. </p>

<p> This feature is available in Postfix 2.2 and later. </p>

<p> Notes: </p>

<ul>

<li> <p> Specify the <b>silent-discard</b> pseudo keyword to prevent
this action from being logged. </p>

<li> <p> Use the smtpd_discard_ehlo_keyword_address_maps feature
to discard EHLO keywords selectively.  </p>

</ul>

%PARAM smtp_discard_ehlo_keyword_address_maps

<p> Lookup tables, indexed by the remote SMTP server address, with
case insensitive lists of EHLO keywords (pipelining, starttls, auth,
etc.) that the Postfix SMTP client will ignore in the EHLO response from a
remote SMTP server. See smtp_discard_ehlo_keywords for details. The
table is not indexed by hostname for consistency with
smtpd_discard_ehlo_keyword_address_maps. </p>

<p>
Specify zero or more "type:name" lookup tables, separated by
whitespace or comma. Tables will be searched in the specified order
until a match is found.
</p>

<p> This feature is available in Postfix 2.2 and later. </p>

%PARAM smtpd_discard_ehlo_keyword_address_maps

<p> Lookup tables, indexed by the remote SMTP client address, with
case insensitive lists of EHLO keywords (pipelining, starttls, auth,
etc.) that the Postfix SMTP server will not send in the EHLO response
to a
remote SMTP client. See smtpd_discard_ehlo_keywords for details.
The tables are not searched by hostname for robustness reasons.  </p>

<p>
Specify zero or more "type:name" lookup tables, separated by
whitespace or comma. Tables will be searched in the specified order
until a match is found.
</p>

<p> This feature is available in Postfix 2.2 and later. </p>

%PARAM connection_cache_service_name scache

<p> The name of the scache(8) connection cache service.  This service
maintains a limited pool of cached sessions.  </p>

<p> This feature is available in Postfix 2.2 and later. </p>

%PARAM connection_cache_ttl_limit 2s

<p> The maximal time-to-live value that the scache(8) connection
cache server
allows. Requests that specify a larger TTL will be stored with the
maximum allowed TTL. The purpose of this additional control is to
protect the infrastructure against careless people. The cache TTL
is already bounded by $max_idle.  </p>

%PARAM connection_cache_status_update_time 600s

<p> How frequently the scache(8) server logs usage statistics with
connection cache hit and miss rates for logical destinations and for
physical endpoints. </p>

%PARAM remote_header_rewrite_domain 

<p> Don't rewrite message headers from remote clients at all when
this parameter is empty; otherwise, rewrite message headers and
append the specified domain name to incomplete addresses.  The
local_header_rewrite_clients parameter controls what clients Postfix
considers local. </p>

<p> Examples:  </p>

<p> The safe setting: append "domain.invalid" to incomplete header
addresses from remote SMTP clients, so that those addresses cannot
be confused with local addresses. </p>

<blockquote>
<pre> 
remote_header_rewrite_domain = domain.invalid
</pre>
</blockquote>

<p> The default, purist, setting: don't rewrite headers from remote
clients at all. </p>

<blockquote>
<pre>
remote_header_rewrite_domain =
</pre>
</blockquote>

%PARAM local_header_rewrite_clients permit_inet_interfaces

<p> Rewrite message header addresses in mail from these clients and
update incomplete addresses with the domain name in $myorigin or
$mydomain; either don't rewrite message headers from other clients
at all, or rewrite message headers and update incomplete addresses
with the domain specified in the remote_header_rewrite_domain
parameter.  </p>

<p> See the append_at_myorigin and append_dot_mydomain parameters
for details of how domain names are appended to incomplete addresses.
</p>

<p> Specify a list of zero or more of the following:  </p>

<dl>

<dt><b>permit_inet_interfaces</b></dt>

<dd> Append the domain name in $myorigin or $mydomain when the
client IP address matches $inet_interfaces. This is enabled by
default. </dd>

<dt><b>permit_mynetworks</b></dt>

<dd> Append the domain name in $myorigin or $mydomain when the
client IP address matches any network or network address listed in
$mynetworks. This setting will not prevent remote mail header
address rewriting when mail from a remote client is forwarded by
a neighboring system.  </dd>

<dt><b>permit_sasl_authenticated </b></dt>

<dd> Append the domain name in $myorigin or $mydomain when the
client is successfully authenticated via the RFC 4954 (AUTH)
protocol. </dd>

<dt><b>permit_tls_clientcerts </b></dt>

<dd> Append the domain name in $myorigin or $mydomain when the
remote SMTP client TLS certificate fingerprint or public key fingerprint
(Postfix 2.9 and later) is listed in $relay_clientcerts.
The fingerprint digest algorithm is configurable via the
smtpd_tls_fingerprint_digest parameter (hard-coded as md5 prior to
Postfix version 2.5).  </dd>

<dt><b>permit_tls_all_clientcerts </b></dt>

<dd> Append the domain name in $myorigin or $mydomain when the
remote SMTP client TLS certificate is successfully verified, regardless of
whether it is listed on the server, and regardless of the certifying
authority. </dd>

<dt><b><a name="check_address_map">check_address_map</a> <i><a href="DATABASE_README.html">type:table</a></i> </b></dt>

<dt><b><i><a href="DATABASE_README.html">type:table</a></i> </b></dt>

<dd> Append the domain name in $myorigin or $mydomain when the
client IP address matches the specified lookup table.
The lookup result is ignored, and no subnet lookup is done. This
is suitable for, e.g., pop-before-smtp lookup tables. </dd>

</dl>

<p> Examples:  </p>

<p> The Postfix &lt; 2.2 backwards compatible setting: always rewrite
message headers, and always append my own domain to incomplete
header addresses.  </p>

<blockquote>
<pre> 
local_header_rewrite_clients = static:all
</pre>
</blockquote>

<p> The purist (and default) setting: rewrite headers only in mail
from Postfix sendmail and in SMTP mail from this machine. </p>

<blockquote>
<pre>
local_header_rewrite_clients = permit_inet_interfaces
</pre>
</blockquote>

<p> The intermediate setting: rewrite header addresses and append
$myorigin or $mydomain information only with mail from Postfix
sendmail, from local clients, or from authorized SMTP clients. </p>

<p> Note: this setting will not prevent remote mail header address
rewriting when mail from a remote client is forwarded by a neighboring
system.  </p>

<blockquote>
<pre>
local_header_rewrite_clients = permit_mynetworks, 
    permit_sasl_authenticated permit_tls_clientcerts
    check_address_map hash:/etc/postfix/pop-before-smtp 
</pre>
</blockquote>

%PARAM smtpd_tls_cert_file

<p> File with the Postfix SMTP server RSA certificate in PEM format.
This file may also contain the Postfix SMTP server private RSA key. </p>

<p> Public Internet MX hosts without certificates signed by a "reputable"
CA must generate, and be prepared to present to most clients, a
self-signed or private-CA signed certificate. The client will not be
able to authenticate the server, but unless it is running Postfix 2.3 or
similar software, it will still insist on a server certificate. </p>

<p> For servers that are <b>not</b> public Internet MX hosts, Postfix
2.3 supports configurations with no certificates. This entails the
use of just the anonymous TLS ciphers, which are not supported by
typical SMTP clients. Since such clients will not, as a rule, fall
back to plain text after a TLS handshake failure, the server will
be unable to receive email from TLS enabled clients. To avoid
accidental configurations with no certificates, Postfix 2.3 enables
certificate-less operation only when the administrator explicitly
sets "smtpd_tls_cert_file = none". This ensures that new Postfix
configurations will not accidentally run with no certificates. </p>

<p> Both RSA and DSA certificates are supported.  When both types
are present, the cipher used determines which certificate will be
presented to the client.  For Netscape and OpenSSL clients without
special cipher choices the RSA certificate is preferred. </p>

<p> To enable a remote SMTP client to verify the Postfix SMTP server
certificate, the issuing CA certificates must be made available to the
client. You should include the required certificates in the server
certificate file, the server certificate first, then the issuing
CA(s) (bottom-up order). </p>

<p> Example: the certificate for "server.example.com" was issued by
"intermediate CA" which itself has a certificate of "root CA".
Create the server.pem file with "cat server_cert.pem intermediate_CA.pem
root_CA.pem &gt; server.pem". </p>

<p> If you also want to verify client certificates issued by these
CAs, you can add the CA certificates to the smtpd_tls_CAfile, in which
case it is not necessary to have them in the smtpd_tls_cert_file or
smtpd_tls_dcert_file. </p>

<p> A certificate supplied here must be usable as an SSL server certificate
and hence pass the "openssl verify -purpose sslserver ..." test. </p>

<p> Example: </p>

<pre>
smtpd_tls_cert_file = /etc/postfix/server.pem
</pre>

<p> This feature is available in Postfix 2.2 and later.  </p>

%PARAM smtpd_tls_key_file $smtpd_tls_cert_file

<p> File with the Postfix SMTP server RSA private key in PEM format.
This file may be combined with the Postfix SMTP server RSA certificate
file specified with $smtpd_tls_cert_file. </p>

<p> The private key must be accessible without a pass-phrase, i.e. it
must not be encrypted. File permissions should grant read-only
access to the system superuser account ("root"), and no access
to anyone else. </p>

%PARAM smtpd_tls_dcert_file

<p> File with the Postfix SMTP server DSA certificate in PEM format.
This file may also contain the Postfix SMTP server private DSA key. </p>

<p> See the discussion under smtpd_tls_cert_file for more details.
</p>

<p> Example: </p>

<pre>
smtpd_tls_dcert_file = /etc/postfix/server-dsa.pem
</pre>

<p> This feature is available in Postfix 2.2 and later.  </p>

%PARAM smtpd_tls_dkey_file $smtpd_tls_dcert_file

<p> File with the Postfix SMTP server DSA private key in PEM format.
This file may be combined with the Postfix SMTP server DSA certificate
file specified with $smtpd_tls_dcert_file. </p>

<p> The private key must be accessible without a pass-phrase, i.e. it
must not be encrypted. File permissions should grant read-only
access to the system superuser account ("root"), and no access
to anyone else. </p>

<p> This feature is available in Postfix 2.2 and later.  </p>

%PARAM smtpd_tls_CAfile

<p> A file containing (PEM format) CA certificates of root CAs trusted
to sign either remote SMTP client certificates or intermediate CA
certificates.  These are loaded into memory before the smtpd(8) server
enters the chroot jail. If the number of trusted roots is large, consider
using smtpd_tls_CApath instead, but note that the latter directory must
be present in the chroot jail if the smtpd(8) server is chrooted. This
file may also be used to augment the server certificate trust chain,
but it is best to include all the required certificates directly in the
server certificate file. </p>

<p> Specify "smtpd_tls_CAfile = /path/to/system_CA_file" to use ONLY
the system-supplied default Certification Authority certificates.
</p>

<p> Specify "tls_append_default_CA = no" to prevent Postfix from
appending the system-supplied default CAs and trusting third-party
certificates. </p>

<p> By default (see smtpd_tls_ask_ccert), client certificates are not
requested, and smtpd_tls_CAfile should remain empty. If you do make use
of client certificates, the distinguished names (DNs) of the Certification
Authorities listed in smtpd_tls_CAfile are sent to the remote SMTP client
in the client certificate request message. MUAs with multiple client
certificates may use the list of preferred Certification Authorities
to select the correct client certificate.  You may want to put your
"preferred" CA or CAs in this file, and install other trusted CAs in
$smtpd_tls_CApath. </p>

<p> Example: </p>

<pre>
smtpd_tls_CAfile = /etc/postfix/CAcert.pem
</pre>

<p> This feature is available in Postfix 2.2 and later.  </p>

%PARAM smtpd_tls_CApath

<p> A directory containing (PEM format) CA certificates of root CAs
trusted to sign either remote SMTP client certificates or intermediate CA
certificates. Do not forget to create the necessary "hash" links with,
for example, "$OPENSSL_HOME/bin/c_rehash /etc/postfix/certs". To use
smtpd_tls_CApath in chroot mode, this directory (or a copy) must be
inside the chroot jail. </p>

<p> Specify "smtpd_tls_CApath = /path/to/system_CA_directory" to
use ONLY the system-supplied default Certification Authority certificates.
</p>

<p> Specify "tls_append_default_CA = no" to prevent Postfix from
appending the system-supplied default CAs and trusting third-party
certificates. </p>

<p> By default (see smtpd_tls_ask_ccert), client certificates are
not requested, and smtpd_tls_CApath should remain empty. In contrast
to smtpd_tls_CAfile, DNs of Certification Authorities installed
in $smtpd_tls_CApath are not included in the client certificate
request message. MUAs with multiple client certificates may use the
list of preferred Certification Authorities to select the correct
client certificate.  You may want to put your "preferred" CA or
CAs in $smtpd_tls_CAfile, and install the remaining trusted CAs in
$smtpd_tls_CApath. </p>

<p> Example: </p>

<pre>
smtpd_tls_CApath = /etc/postfix/certs
</pre>

<p> This feature is available in Postfix 2.2 and later.  </p>

%PARAM smtpd_tls_loglevel 0

<p> Enable additional Postfix SMTP server logging of TLS activity.
Each logging level also includes the information that is logged at
a lower logging level.  </p>

<dl compact>

<dt> </dt> <dd> 0 Disable logging of TLS activity. </dd>

<dt> </dt> <dd> 1 Log only a summary message on TLS handshake completion
&mdash; no logging of client certificate trust-chain verification errors
if client certificate verification is not required.  With Postfix 2.8 and
earlier, log the summary message, peer certificate summary information
and unconditionally log trust-chain verification errors.  </dd>

<dt> </dt> <dd> 2 Also log levels during TLS negotiation. </dd>

<dt> </dt> <dd> 3 Also log hexadecimal and ASCII dump of TLS negotiation
process. </dd>

<dt> </dt> <dd> 4 Also log hexadecimal and ASCII dump of complete
transmission after STARTTLS. </dd>

</dl>

<p> Do not use "smtpd_tls_loglevel = 2" or higher except in case
of problems. Use of loglevel 4 is strongly discouraged. </p>

<p> This feature is available in Postfix 2.2 and later.  </p>

%PARAM smtpd_tls_received_header no

<p> Request that the Postfix SMTP server produces Received:  message
headers that include information about the protocol and cipher used,
as well as the remote SMTP client CommonName and client certificate issuer
CommonName.  This is disabled by default, as the information may
be modified in transit through other mail servers.  Only information
that was recorded by the final destination can be trusted. </p>

<p> This feature is available in Postfix 2.2 and later.  </p>

%PARAM smtpd_use_tls no

<p> Opportunistic TLS: announce STARTTLS support to remote SMTP clients,
but do not require that clients use TLS encryption. </p>

<p> Note: when invoked via "<b>sendmail -bs</b>", Postfix will never offer
STARTTLS due to insufficient privileges to access the server private
key. This is intended behavior. </p>

<p> This feature is available in Postfix 2.2 and later. With
Postfix 2.3 and later use smtpd_tls_security_level instead. </p>

%PARAM smtpd_enforce_tls no

<p> Mandatory TLS: announce STARTTLS support to remote SMTP clients,
and require that clients use TLS encryption.  According to RFC 2487
this MUST NOT be applied in case of a publicly-referenced SMTP
server.  This option is therefore off by default. </p>

<p> Note 1: "smtpd_enforce_tls = yes" implies "smtpd_tls_auth_only = yes". </p>

<p> Note 2: when invoked via "<b>sendmail -bs</b>", Postfix will never offer
STARTTLS due to insufficient privileges to access the server private  
key. This is intended behavior. </p>

<p> This feature is available in Postfix 2.2 and later. With
Postfix 2.3 and later use smtpd_tls_security_level instead. </p>

%PARAM smtpd_tls_wrappermode no

<p> Run the Postfix SMTP server in the non-standard "wrapper" mode,
instead of using the STARTTLS command. </p>

<p> If you want to support this service, enable a special port in
master.cf, and specify "-o smtpd_tls_wrappermode=yes" on the SMTP
server's command line. Port 465 (smtps) was once chosen for this
purpose. </p>

<p> This feature is available in Postfix 2.2 and later.  </p>

%PARAM smtpd_tls_ask_ccert no

<p> Ask a remote SMTP client for a client certificate. This
information is needed for certificate based mail relaying with,
for example, the permit_tls_clientcerts feature. </p>

<p> Some clients such as Netscape will either complain if no
certificate is available (for the list of CAs in $smtpd_tls_CAfile)
or will offer multiple client certificates to choose from. This
may be annoying, so this option is "off" by default. </p>

<p> This feature is available in Postfix 2.2 and later.  </p>

%PARAM smtpd_tls_req_ccert no

<p> With mandatory TLS encryption, require a trusted remote SMTP client
certificate in order to allow TLS connections to proceed.  This
option implies "smtpd_tls_ask_ccert = yes". </p>

<p> When TLS encryption is optional, this setting is ignored with
a warning written to the mail log. </p>

<p> This feature is available in Postfix 2.2 and later.  </p>

%PARAM smtpd_tls_ccert_verifydepth 9

<p> The verification depth for remote SMTP client certificates. A
depth of 1 is sufficient if the issuing CA is listed in a local CA
file. </p>

<p> The default verification depth is 9 (the OpenSSL default) for
compatibility with earlier Postfix behavior. Prior to Postfix 2.5,
the default value was 5, but the limit was not actually enforced. If
you have set this to a lower non-default value, certificates with longer
trust chains may now fail to verify. Certificate chains with 1 or 2
CAs are common, deeper chains are more rare and any number between 5
and 9 should suffice in practice. You can choose a lower number if,
for example, you trust certificates directly signed by an issuing CA
but not any CAs it delegates to. </p>

<p> This feature is available in Postfix 2.2 and later.  </p>

%PARAM smtpd_tls_auth_only no

<p> When TLS encryption is optional in the Postfix SMTP server, do
not announce or accept SASL authentication over unencrypted
connections. </p>

<p> This feature is available in Postfix 2.2 and later.  </p>

%PARAM smtpd_tls_session_cache_database

<p> Name of the file containing the optional Postfix SMTP server
TLS session cache. Specify a database type that supports enumeration,
such as <b>btree</b> or <b>sdbm</b>; there is no need to support
concurrent access.  The file is created if it does not exist. The smtpd(8)
daemon does not use this parameter directly, rather the cache is
implemented indirectly in the tlsmgr(8) daemon. This means that
per-smtpd-instance master.cf overrides of this parameter are not
effective. Note, that each of the cache databases supported by tlsmgr(8)
daemon: $smtpd_tls_session_cache_database, $smtp_tls_session_cache_database
(and with Postfix 2.3 and later $lmtp_tls_session_cache_database), needs to be
stored separately. It is not at this time possible to store multiple
caches in a single database. </p>

<p> Note: <b>dbm</b> databases are not suitable. TLS
session objects are too large. </p>
 
<p> As of version 2.5, Postfix no longer uses root privileges when
opening this file. The file should now be stored under the Postfix-owned
data_directory. As a migration aid, an attempt to open the file
under a non-Postfix directory is redirected to the Postfix-owned
data_directory, and a warning is logged. </p>


<p> As of Postfix 2.11 the preferred mechanism for session resumption
is RFC 5077 TLS session tickets, which don't require server-side
storage.  Consequently, for Postfix &ge; 2.11 this parameter should
generally be left empty.  TLS session tickets require an OpenSSL
library (at least version 0.9.8h) that provides full support for
this TLS extension.  See also smtpd_tls_session_cache_timeout. </p>

<p> Example: </p>

<pre>
smtpd_tls_session_cache_database = btree:/var/db/postfix/smtpd_scache
</pre>

<p> This feature is available in Postfix 2.2 and later.  </p>

%PARAM smtpd_tls_session_cache_timeout 3600s

<p> The expiration time of Postfix SMTP server TLS session cache
information. A cache cleanup is performed periodically
every $smtpd_tls_session_cache_timeout seconds. As with
$smtpd_tls_session_cache_database, this parameter is implemented in the
tlsmgr(8) daemon and therefore per-smtpd-instance master.cf overrides
are not possible. </p>

<p> As of Postfix 2.11 this setting cannot exceed 100 days.  If set
&le; 0, session caching is disabled, not just via the database, but
also via RFC 5077 TLS session tickets, which don't require server-side
storage.  If set to a positive value less than 2 minutes, the minimum
value of 2 minutes is used instead.  TLS session tickets require
an OpenSSL library (at least version 0.9.8h) that provides full
support for this TLS extension. </p>

<p> This feature is available in Postfix 2.2 and later, and updated
for TLS session ticket support in Postfix 2.11. </p>

%PARAM relay_clientcerts

<p> List of tables with remote SMTP client-certificate fingerprints or
public key fingerprints (Postfix 2.9 and later) for which the Postfix
SMTP server will allow access with the permit_tls_clientcerts
feature.  The fingerprint digest algorithm is configurable via the
smtpd_tls_fingerprint_digest parameter (hard-coded as md5 prior to
Postfix version 2.5).  </p>

<p> Postfix lookup tables are in the form of (key, value) pairs.
Since we only need the key, the value can be chosen freely, e.g.
the name of the user or host:
D7:04:2F:A7:0B:8C:A5:21:FA:31:77:E1:41:8A:EE:80 lutzpc.at.home </p>

<p> Example: </p>

<pre>
relay_clientcerts = hash:/etc/postfix/relay_clientcerts
</pre>

<p>For more fine-grained control, use check_ccert_access to select
an appropriate access(5) policy for each client.
See RESTRICTION_CLASS_README.</p>

<p> <b>Note:</b> Postfix 2.9.0&ndash;2.9.5 computed the public key
fingerprint incorrectly. To use public-key fingerprints, upgrade
to Postfix 2.9.6 or later. </p>

<p>This feature is available with Postfix version 2.2.</p>

%PARAM smtpd_tls_cipherlist

<p> Obsolete Postfix &lt; 2.3 control for the Postfix SMTP server TLS
cipher list. It is easy to create interoperability problems by choosing
a non-default cipher list. Do not use a non-default TLS cipherlist for
MX hosts on the public Internet. Clients that begin the TLS handshake,
but are unable to agree on a common cipher, may not be able to send any
email to the SMTP server. Using a restricted cipher list may be more
appropriate for a dedicated MSA or an internal mailhub, where one can
exert some control over the TLS software and settings of the connecting
clients. </p>

<p> <b>Note:</b> do not use "" quotes around the parameter value. </p>

<p>This feature is available with Postfix version 2.2. It is not used with
Postfix 2.3 and later; use smtpd_tls_mandatory_ciphers instead. </p>

%PARAM smtpd_tls_dh1024_param_file

<p> File with DH parameters that the Postfix SMTP server should
use with non-export EDH ciphers. </p>

<p> Instead of using the exact same parameter sets as distributed
with other TLS packages, it is more secure to generate your own
set of parameters with something like the following commands:  </p>

<blockquote>
<pre>
openssl dhparam -out /etc/postfix/dh512.pem 512
openssl dhparam -out /etc/postfix/dh1024.pem 1024
openssl dhparam -out /etc/postfix/dh2048.pem 2048
</pre>
</blockquote>

<p> It is safe to share the same DH parameters between multiple
Postfix instances.  If you prefer, you can generate separate
parameters for each instance.  </p>

<p> If you want to take maximal advantage of ciphers that offer <a
href="FORWARD_SECRECY_README.html#dfn_fs">forward secrecy</a> see
the <a href="FORWARD_SECRECY_README.html#quick-start">Getting
started</a> section of <a
href="FORWARD_SECRECY_README.html">FORWARD_SECRECY_README</a>.  The
full document conveniently presents all information about Postfix
"perfect" forward secrecy support in one place: what forward secrecy
is, how to tweak settings, and what you can expect to see when
Postfix uses ciphers with forward secrecy.  </p>

<p> Example: </p>

<pre>
smtpd_tls_dh1024_param_file = /etc/postfix/dh2048.pem
</pre>

<p>This feature is available with Postfix version 2.2.</p>

%PARAM smtpd_tls_dh512_param_file

<p> File with DH parameters that the Postfix SMTP server should
use with export-grade EDH ciphers.  The default SMTP server cipher
grade is "medium" with Postfix releases after the middle of 2015,
and as a result export-grade cipher suites are by default not used.
</p>

<p> See also the discussion under the smtpd_tls_dh1024_param_file
configuration parameter.  </p>

<p> Example: </p>

<pre>
smtpd_tls_dh512_param_file = /etc/postfix/dh_512.pem
</pre>

<p>This feature is available with Postfix version 2.2.</p>

%PARAM smtpd_starttls_timeout see "postconf -d" output

<p> The time limit for Postfix SMTP server write and read operations
during TLS startup and shutdown handshake procedures. The current
default value is stress-dependent. Before Postfix version 2.8, it
was fixed at 300s. </p>

<p> This feature is available in Postfix 2.2 and later.  </p>

%PARAM smtp_tls_cert_file

<p> File with the Postfix SMTP client RSA certificate in PEM format.
This file may also contain the Postfix SMTP client private RSA key,
and these may be the same as the Postfix SMTP server RSA certificate and key
file. </p>

<p> Do not configure client certificates unless you <b>must</b> present
client TLS certificates to one or more servers. Client certificates are
not usually needed, and can cause problems in configurations that work
well without them. The recommended setting is to let the defaults stand: </p>

<blockquote>
<pre>
smtp_tls_cert_file =
smtp_tls_key_file =
smtp_tls_dcert_file =
smtp_tls_dkey_file =
smtp_tls_eccert_file =
smtp_tls_eckey_file =
</pre>
</blockquote>

<p> The best way to use the default settings is to comment out the above
parameters in main.cf if present. </p>

<p> To enable remote SMTP servers to verify the Postfix SMTP client
certificate, the issuing CA certificates must be made available to the
server. You should include the required certificates in the client
certificate file, the client certificate first, then the issuing
CA(s) (bottom-up order). </p>

<p> Example: the certificate for "client.example.com" was issued by
"intermediate CA" which itself has a certificate issued by "root CA".
Create the client.pem file with "cat client_cert.pem intermediate_CA.pem
root_CA.pem &gt; client.pem". </p>

<p> If you also want to verify remote SMTP server certificates issued by
these CAs, you can add the CA certificates to the smtp_tls_CAfile, in
which case it is not necessary to have them in the smtp_tls_cert_file,
smtp_tls_dcert_file or smtp_tls_eccert_file. </p>

<p> A certificate supplied here must be usable as an SSL client certificate
and hence pass the "openssl verify -purpose sslclient ..." test. </p>

<p> Example: </p>

<pre>
smtp_tls_cert_file = /etc/postfix/client.pem
</pre>

<p> This feature is available in Postfix 2.2 and later.  </p>

%PARAM smtp_tls_key_file $smtp_tls_cert_file

<p> File with the Postfix SMTP client RSA private key in PEM format.
This file may be combined with the Postfix SMTP client RSA certificate
file specified with $smtp_tls_cert_file. </p>

<p> The private key must be accessible without a pass-phrase, i.e. it
must not be encrypted. File permissions should grant read-only
access to the system superuser account ("root"), and no access
to anyone else. </p>

<p> Example: </p>

<pre>
smtp_tls_key_file = $smtp_tls_cert_file
</pre>

<p> This feature is available in Postfix 2.2 and later.  </p>

%PARAM smtp_tls_CAfile

<p> A file containing CA certificates of root CAs trusted to sign
either remote SMTP server certificates or intermediate CA certificates.
These are loaded into memory before the smtp(8) client enters the
chroot jail. If the number of trusted roots is large, consider using
smtp_tls_CApath instead, but note that the latter directory must be
present in the chroot jail if the smtp(8) client is chrooted. This
file may also be used to augment the client certificate trust chain,
but it is best to include all the required certificates directly in
$smtp_tls_cert_file. </p>

<p> Specify "smtp_tls_CAfile = /path/to/system_CA_file" to use 
ONLY the system-supplied default Certification Authority certificates.
</p>

<p> Specify "tls_append_default_CA = no" to prevent Postfix from
appending the system-supplied default CAs and trusting third-party
certificates. </p>

<p> Example: </p>

<pre>
smtp_tls_CAfile = /etc/postfix/CAcert.pem
</pre>

<p> This feature is available in Postfix 2.2 and later.  </p>

%PARAM smtp_tls_CApath

<p> Directory with PEM format Certification Authority certificates
that the Postfix SMTP client uses to verify a remote SMTP server
certificate.  Don't forget to create the necessary "hash" links
with, for example, "$OPENSSL_HOME/bin/c_rehash /etc/postfix/certs".
</p>

<p> To use this option in chroot mode, this directory (or a copy) 
must be inside the chroot jail. </p>

<p> Specify "smtp_tls_CApath = /path/to/system_CA_directory" to
use ONLY the system-supplied default Certification Authority certificates.
</p>

<p> Specify "tls_append_default_CA = no" to prevent Postfix from
appending the system-supplied default CAs and trusting third-party
certificates. </p>

<p> Example: </p>

<pre>
smtp_tls_CApath = /etc/postfix/certs
</pre>

<p> This feature is available in Postfix 2.2 and later.  </p>

%PARAM smtp_tls_loglevel 0

<p> Enable additional Postfix SMTP client logging of TLS activity.
Each logging level also includes the information that is logged at
a lower logging level.  </p>

<dl compact>

<dt> </dt> <dd> 0 Disable logging of TLS activity. </dd>

<dt> </dt> <dd> 1 Log only a summary message on TLS handshake completion
&mdash; no logging of remote SMTP server certificate trust-chain
verification errors if server certificate verification is not required.
With Postfix 2.8 and earlier, log the summary message and unconditionally
log trust-chain verification errors.  </dd>

<dt> </dt> <dd> 2 Also log levels during TLS negotiation.  </dd>

<dt> </dt> <dd> 3 Also log hexadecimal and ASCII dump of TLS negotiation
process.  </dd>

<dt> </dt> <dd> 4 Also log hexadecimal and ASCII dump of complete
transmission after STARTTLS. </dd>

</dl>

<p> Do not use "smtp_tls_loglevel = 2" or higher except in case of
problems. Use of loglevel 4 is strongly discouraged. </p>

<p> This feature is available in Postfix 2.2 and later.  </p>

%PARAM smtp_tls_session_cache_database

<p> Name of the file containing the optional Postfix SMTP client
TLS session cache. Specify a database type that supports enumeration,
such as <b>btree</b> or <b>sdbm</b>; there is no need to support
concurrent access.  The file is created if it does not exist. The smtp(8)
daemon does not use this parameter directly, rather the cache is
implemented indirectly in the tlsmgr(8) daemon. This means that
per-smtp-instance master.cf overrides of this parameter are not effective.
Note, that each of the cache databases supported by tlsmgr(8) daemon:
$smtpd_tls_session_cache_database, $smtp_tls_session_cache_database
(and with Postfix 2.3 and later $lmtp_tls_session_cache_database), needs to
be stored separately. It is not at this time possible to store multiple
caches in a single database. </p>

<p> Note: <b>dbm</b> databases are not suitable. TLS
session objects are too large. </p>
 
<p> As of version 2.5, Postfix no longer uses root privileges when
opening this file. The file should now be stored under the Postfix-owned
data_directory. As a migration aid, an attempt to open the file
under a non-Postfix directory is redirected to the Postfix-owned
data_directory, and a warning is logged. </p>

<p> Example: </p>

<pre>
smtp_tls_session_cache_database = btree:/var/db/postfix/smtp_scache
</pre>

<p> This feature is available in Postfix 2.2 and later.  </p>

%PARAM smtp_tls_session_cache_timeout 3600s

<p> The expiration time of Postfix SMTP client TLS session cache
information.  A cache cleanup is performed periodically
every $smtp_tls_session_cache_timeout seconds. As with
$smtp_tls_session_cache_database, this parameter is implemented in the
tlsmgr(8) daemon and therefore per-smtp-instance master.cf overrides
are not possible. </p>

<p> As of Postfix 2.11 this setting cannot exceed 100 days.  If set
&le; 0, session caching is disabled.  If set to a positive value
less than 2 minutes, the minimum value of 2 minutes is used instead.  </p>

<p> This feature is available in Postfix 2.2 and later.  </p>

%PARAM smtp_use_tls no

<p> Opportunistic mode: use TLS when a remote SMTP server announces
STARTTLS support, otherwise send the mail in the clear. Beware:
some SMTP servers offer STARTTLS even if it is not configured.  With
Postfix &lt; 2.3, if the TLS handshake fails, and no other server is
available, delivery is deferred and mail stays in the queue. If this
is a concern for you, use the smtp_tls_per_site feature instead.  </p>

<p> This feature is available in Postfix 2.2 and later. With
Postfix 2.3 and later use smtp_tls_security_level instead. </p>

%PARAM smtp_enforce_tls no

<p> Enforcement mode: require that remote SMTP servers use TLS
encryption, and never send mail in the clear.  This also requires
that the remote SMTP server hostname matches the information in
the remote server certificate, and that the remote SMTP server
certificate was issued by a CA that is trusted by the Postfix SMTP
client. If the certificate doesn't verify or the hostname doesn't
match, delivery is deferred and mail stays in the queue.  </p>

<p> The server hostname is matched against all names provided as
dNSNames in the SubjectAlternativeName.  If no dNSNames are specified,
the CommonName is checked.  The behavior may be changed with the
smtp_tls_enforce_peername option.  </p>

<p> This option is useful only if you are definitely sure that you
will only connect to servers that support RFC 2487 _and_ that
provide valid server certificates.  Typical use is for clients that
send all their email to a dedicated mailhub.  </p>

<p> This feature is available in Postfix 2.2 and later. With
Postfix 2.3 and later use smtp_tls_security_level instead. </p>

%PARAM smtp_tls_enforce_peername yes

<p> With mandatory TLS encryption, require that the remote SMTP
server hostname matches the information in the remote SMTP server
certificate.  As of RFC 2487 the requirements for hostname checking
for MTA clients are not specified. </p>

<p> This option can be set to "no" to disable strict peer name
checking. This setting has no effect on sessions that are controlled
via the smtp_tls_per_site table.  </p>

<p> Disabling the hostname verification can make sense in closed
environment where special CAs are created.  If not used carefully,
this option opens the danger of a "man-in-the-middle" attack (the
CommonName of this attacker will be logged). </p>

<p> This feature is available in Postfix 2.2 and later. With
Postfix 2.3 and later use smtp_tls_security_level instead. </p>

%PARAM smtp_tls_per_site

<p> Optional lookup tables with the Postfix SMTP client TLS usage
policy by next-hop destination and by remote SMTP server hostname.
When both lookups succeed, the more specific per-site policy (NONE,
MUST, etc) overrides the less specific one (MAY), and the more secure
per-site policy (MUST, etc) overrides the less secure one (NONE).
With Postfix 2.3 and later smtp_tls_per_site is strongly discouraged:
use smtp_tls_policy_maps instead. </p>

<p> Use of the bare hostname as the per-site table lookup key is
discouraged. Always use the full destination nexthop (enclosed in
[] with a possible ":port" suffix). A recipient domain or MX-enabled
transport next-hop with no port suffix may look like a bare hostname,
but is still a suitable <i>destination</i>. </p>

<p> Specify a next-hop destination or server hostname on the left-hand
side; no wildcards are allowed. The next-hop destination is either
the recipient domain, or the destination specified with a transport(5)
table, the relayhost parameter, or the relay_transport parameter.
On the right hand side specify one of the following keywords:  </p>

<dl>

<dt> NONE </dt> <dd> Don't use TLS at all. This overrides a less
specific <b>MAY</b> lookup result from the alternate host or next-hop
lookup key, and overrides the global smtp_use_tls, smtp_enforce_tls,
and smtp_tls_enforce_peername settings. </dd>

<dt> MAY </dt> <dd> Try to use TLS if the server announces support,
otherwise use the unencrypted connection. This has less precedence
than a more specific result (including <b>NONE</b>) from the alternate
host or next-hop lookup key, and has less precedence than the more
specific global "smtp_enforce_tls = yes" or "smtp_tls_enforce_peername
= yes".  </dd>

<dt> MUST_NOPEERMATCH </dt> <dd> Require TLS encryption, but do not
require that the remote SMTP server hostname matches the information
in the remote SMTP server certificate, or that the server certificate
was issued by a trusted CA. This overrides a less secure <b>NONE</b>
or a less specific <b>MAY</b> lookup result from the alternate host
or next-hop lookup key, and overrides the global smtp_use_tls,
smtp_enforce_tls and smtp_tls_enforce_peername settings.  </dd>

<dt> MUST </dt> <dd> Require TLS encryption, require that the remote
SMTP server hostname matches the information in the remote SMTP
server certificate, and require that the remote SMTP server certificate
was issued by a trusted CA. This overrides a less secure <b>NONE</b>
and <b>MUST_NOPEERMATCH</b> or a less specific <b>MAY</b> lookup
result from the alternate host or next-hop lookup key, and overrides
the global smtp_use_tls, smtp_enforce_tls and smtp_tls_enforce_peername
settings.  </dd>

</dl>

<p> The above keywords correspond to the "none", "may", "encrypt" and
"verify" security levels for the new smtp_tls_security_level parameter
introduced in Postfix 2.3. Starting with Postfix 2.3, and independently
of how the policy is specified, the smtp_tls_mandatory_ciphers and
smtp_tls_mandatory_protocols parameters apply when TLS encryption
is mandatory. Connections for which encryption is optional typically
enable all "export" grade and better ciphers (see smtp_tls_ciphers
and smtp_tls_protocols). </p>

<p> As long as no secure DNS lookup mechanism is available, false
hostnames in MX or CNAME responses can change the server hostname
that Postfix uses for TLS policy lookup and server certificate
verification. Even with a perfect match between the server hostname and
the server certificate, there is no guarantee that Postfix is connected
to the right server.  See TLS_README (Closing a DNS loophole with obsolete
per-site TLS policies) for a possible work-around. </p>

<p> This feature is available in Postfix 2.2 and later. With
Postfix 2.3 and later use smtp_tls_policy_maps instead. </p>

%PARAM smtp_tls_scert_verifydepth 9

<p> The verification depth for remote SMTP server certificates. A depth
of 1 is sufficient if the issuing CA is listed in a local CA file. </p>

<p> The default verification depth is 9 (the OpenSSL default) for
compatibility with earlier Postfix behavior. Prior to Postfix 2.5,
the default value was 5, but the limit was not actually enforced. If
you have set this to a lower non-default value, certificates with longer
trust chains may now fail to verify. Certificate chains with 1 or 2
CAs are common, deeper chains are more rare and any number between 5
and 9 should suffice in practice. You can choose a lower number if,
for example, you trust certificates directly signed by an issuing CA
but not any CAs it delegates to. </p>

<p> This feature is available in Postfix 2.2 and later.  </p>

%PARAM smtp_tls_note_starttls_offer no

<p> Log the hostname of a remote SMTP server that offers STARTTLS,
when TLS is not already enabled for that server. </p>

<p> The logfile record looks like:  </p>

<pre>
postfix/smtp[pid]:  Host offered STARTTLS: [name.of.host]
</pre>

<p> This feature is available in Postfix 2.2 and later.  </p>

%PARAM smtp_tls_cipherlist

<p> Obsolete Postfix &lt; 2.3 control for the Postfix SMTP client TLS
cipher list. As this feature applies to all TLS security levels, it is easy
to create interoperability problems by choosing a non-default cipher
list. Do not use a non-default TLS cipher list on hosts that deliver email
to the public Internet: you will be unable to send email to servers that
only support the ciphers you exclude. Using a restricted cipher list
may be more appropriate for an internal MTA, where one can exert some
control over the TLS software and settings of the peer servers. </p>

<p> <b>Note:</b> do not use "" quotes around the parameter value. </p>

<p> This feature is available in Postfix version 2.2. It is not used with
Postfix 2.3 and later; use smtp_tls_mandatory_ciphers instead. </p>

%PARAM smtp_starttls_timeout 300s

<p> Time limit for Postfix SMTP client write and read operations
during TLS startup and shutdown handshake procedures. </p>

<p> This feature is available in Postfix 2.2 and later.  </p>

%PARAM smtp_tls_dkey_file $smtp_tls_dcert_file

<p> File with the Postfix SMTP client DSA private key in PEM format.
This file may be combined with the Postfix SMTP client DSA certificate
file specified with $smtp_tls_dcert_file. </p>

<p> The private key must be accessible without a pass-phrase, i.e. it
must not be encrypted. File permissions should grant read-only
access to the system superuser account ("root"), and no access
to anyone else. </p>

<p> This feature is available in Postfix 2.2 and later.  </p>

%PARAM smtp_tls_dcert_file

<p> File with the Postfix SMTP client DSA certificate in PEM format.
This file may also contain the Postfix SMTP client private DSA key. </p>

<p> See the discussion under smtp_tls_cert_file for more details.
</p>

<p> Example: </p>

<pre>
smtp_tls_dcert_file = /etc/postfix/client-dsa.pem
</pre>

<p> This feature is available in Postfix 2.2 and later.  </p>

%PARAM tls_append_default_CA no

<p> Append the system-supplied default Certification Authority
certificates to the ones specified with *_tls_CApath or *_tls_CAfile.
The default is "no"; this prevents Postfix from trusting third-party
certificates and giving them relay permission with
permit_tls_all_clientcerts.  </p>

<p> This feature is available in Postfix 2.4.15, 2.5.11, 2.6.8,
2.7.2 and later versions. Specify "tls_append_default_CA = yes" for
backwards compatibility, to avoid breaking certificate verification
with sites that don't use permit_tls_all_clientcerts. </p>

%PARAM tls_random_exchange_name see "postconf -d" output

<p> Name of the pseudo random number generator (PRNG) state file
that is maintained by tlsmgr(8). The file is created when it does
not exist, and its length is fixed at 1024 bytes.  </p>

<p> As of version 2.5, Postfix no longer uses root privileges when
opening this file, and the default file location was changed from
${config_directory}/prng_exch to ${data_directory}/prng_exch.  As
a migration aid, an attempt to open the file under a non-Postfix
directory is redirected to the Postfix-owned data_directory, and a
warning is logged. </p>

<p> This feature is available in Postfix 2.2 and later.  </p>

%PARAM tls_random_source see "postconf -d" output

<p> The external entropy source for the in-memory tlsmgr(8) pseudo
random number generator (PRNG) pool. Be sure to specify a non-blocking
source.  If this source is not a regular file, the entropy source
type must be prepended:  egd:/path/to/egd_socket for a source with
EGD compatible socket interface, or dev:/path/to/device for a
device file.  </p>

<p> Note: on OpenBSD systems specify /dev/arandom when /dev/urandom
gives timeout errors.  </p>

<p> This feature is available in Postfix 2.2 and later.  </p>

%PARAM tls_random_bytes 32

<p> The number of bytes that tlsmgr(8) reads from $tls_random_source
when (re)seeding the in-memory pseudo random number generator (PRNG)
pool. The default of 32 bytes (256 bits) is good enough for 128bit
symmetric keys.  If using EGD or a device file, a maximum of 255
bytes is read. </p>

<p> This feature is available in Postfix 2.2 and later.  </p>

%PARAM tls_random_reseed_period 3600s

<p> The maximal time between attempts by tlsmgr(8) to re-seed the
in-memory pseudo random number generator (PRNG) pool from external
sources.  The actual time between re-seeding attempts is calculated
using the PRNG, and is between 0 and the time specified.  </p>

<p> This feature is available in Postfix 2.2 and later.  </p>

%PARAM tls_random_prng_update_period 3600s

<p> The time between attempts by tlsmgr(8) to save the state of
the pseudo random number generator (PRNG) to the file specified
with $tls_random_exchange_name.  </p>

<p> This feature is available in Postfix 2.2 and later.  </p>

%PARAM tls_daemon_random_bytes 32

<p> The number of pseudo-random bytes that an smtp(8) or smtpd(8)
process requests from the tlsmgr(8) server in order to seed its
internal pseudo random number generator (PRNG).  The default of 32
bytes (equivalent to 256 bits) is sufficient to generate a 128bit
(or 168bit) session key. </p>

<p> This feature is available in Postfix 2.2 and later.  </p>

%PARAM smtp_sasl_tls_security_options $smtp_sasl_security_options

<p> The SASL authentication security options that the Postfix SMTP
client uses for TLS encrypted SMTP sessions. </p>

<p> This feature is available in Postfix 2.2 and later.  </p>

%PARAM smtpd_sasl_tls_security_options $smtpd_sasl_security_options

<p> The SASL authentication security options that the Postfix SMTP
server uses for TLS encrypted SMTP sessions. </p>

<p> This feature is available in Postfix 2.2 and later.  </p>

%PARAM smtp_generic_maps

<p> Optional lookup tables that perform address rewriting in the
Postfix SMTP client, typically to transform a locally valid address into
a globally valid address when sending mail across the Internet.
This is needed when the local machine does not have its own Internet
domain name, but uses something like <i>localdomain.local</i>
instead.  </p>

<p>
Specify zero or more "type:name" lookup tables, separated by
whitespace or comma. Tables will be searched in the specified order
until a match is found.
</p>

<p> The table format and lookups are documented in generic(5);
examples are shown in the ADDRESS_REWRITING_README and
STANDARD_CONFIGURATION_README documents. </p>

<p> This feature is available in Postfix 2.2 and later.  </p>

%PARAM message_reject_characters

<p> The set of characters that Postfix will reject in message
content.  The usual C-like escape sequences are recognized: <tt>\a
\b \f \n \r \t \v \<i>ddd</i></tt> (up to three octal digits) and
<tt>\\</tt>. </p>

<p> Note 1: this feature does not recognize text that requires MIME
decoding. It inspects raw message content, just like header_checks
and body_checks.  </p>

<p> Note 2: this feature is disabled with "receive_override_options
= no_header_body_checks".  </p>

<p> Example: </p>

<pre>
message_reject_characters = \0
</pre>

<p> This feature is available in Postfix 2.3 and later.  </p>

%PARAM message_strip_characters

<p> The set of characters that Postfix will remove from message
content.  The usual C-like escape sequences are recognized: <tt>\a
\b \f \n \r \t \v \<i>ddd</i></tt> (up to three octal digits) and
<tt>\\</tt>. </p>

<p> Note 1: this feature does not recognize text that requires MIME
decoding. It inspects raw message content, just like header_checks
and body_checks.  </p>

<p> Note 2: this feature is disabled with "receive_override_options
= no_header_body_checks".  </p>

<p> Example: </p>

<pre>
message_strip_characters = \0
</pre>

<p> This feature is available in Postfix 2.3 and later.  </p>

%PARAM frozen_delivered_to yes

<p> Update the local(8) delivery agent's idea of the Delivered-To:
address (see prepend_delivered_header) only once, at the start of
a delivery attempt; do not update the Delivered-To: address while
expanding aliases or .forward files. </p>

<p> This feature is available in Postfix 2.3 and later. With older
Postfix releases, the behavior is as if this parameter is set to
"no". The old setting can be expensive with deeply nested aliases
or .forward files. When an alias or .forward file changes the
Delivered-To: address, it ties up one queue file and one cleanup
process instance while mail is being forwarded.  </p>

%PARAM smtpd_peername_lookup yes

<p> Attempt to look up the remote SMTP client hostname, and verify that
the name matches the client IP address. A client name is set to
"unknown" when it cannot be looked up or verified, or when name
lookup is disabled.  Turning off name lookup reduces delays due to
DNS lookup and increases the maximal inbound delivery rate. </p>

<p> This feature is available in Postfix 2.3 and later.  </p>

%PARAM delay_logging_resolution_limit 2

<p> The maximal number of digits after the decimal point when logging
sub-second delay values.  Specify a number in the range 0..6.  </p>

<p> Large delay values are rounded off to an integral number seconds;
delay values below the delay_logging_resolution_limit are logged
as "0", and delay values under 100s are logged with at most two-digit
precision.  </p>

<p> The format of the "delays=a/b/c/d" logging is as follows: </p>

<ul>

<li> a = time from message arrival to last active queue entry

<li> b = time from last active queue entry to connection setup

<li> c = time in connection setup, including DNS, EHLO and STARTTLS

<li> d = time in message transmission

</ul>

<p> This feature is available in Postfix 2.3 and later.  </p>

%PARAM bounce_template_file

<p> Pathname of a configuration file with bounce message templates.
These override the built-in templates of delivery status notification
(DSN) messages for undeliverable mail, for delayed mail, successful
delivery, or delivery verification. The bounce(5) manual page
describes how to edit and test template files.  </p>

<p> Template message body text may contain $name references to
Postfix configuration parameters. The result of $name expansion can
be previewed with "<b>postconf -b <i>file_name</i></b>" before the file
is placed into the Postfix configuration directory.  </p>

<p> This feature is available in Postfix 2.3 and later.  </p>

%PARAM sender_dependent_relayhost_maps

<p> A sender-dependent override for the global relayhost parameter
setting. The tables are searched by the envelope sender address and
@domain. A lookup result of DUNNO terminates the search without
overriding the global relayhost parameter setting (Postfix 2.6 and
later). This information is overruled with relay_transport,
sender_dependent_default_transport_maps, default_transport and with
the transport(5) table. </p>

<p>
Specify zero or more "type:name" lookup tables, separated by
whitespace or comma. Tables will be searched in the specified order
until a match is found.
</p>

<p> For safety reasons, this feature does not allow $number
substitutions in regular expression maps. </p>

<p>
This feature is available in Postfix 2.3 and later.
</p>

%PARAM empty_address_relayhost_maps_lookup_key &lt;&gt;

<p> The sender_dependent_relayhost_maps search string that will be
used instead of the null sender address. </p>

<p> This feature is available in Postfix 2.5 and later. With
earlier versions, sender_dependent_relayhost_maps lookups were
skipped for the null sender address.  </p>

%PARAM address_verify_sender_dependent_relayhost_maps $sender_dependent_relayhost_maps

<p>
Overrides the sender_dependent_relayhost_maps parameter setting for address
verification probes.
</p>

<p>
This feature is available in Postfix 2.3 and later.
</p>

%PARAM smtp_sender_dependent_authentication no

<p>
Enable sender-dependent authentication in the Postfix SMTP client; this is
available only with SASL authentication, and disables SMTP connection
caching to ensure that mail from different senders will use the
appropriate credentials.  </p>

<p>
This feature is available in Postfix 2.3 and later.
</p>

%PARAM lmtp_lhlo_name $myhostname

<p>
The hostname to send in the LMTP LHLO command.
</p>

<p>
The default value is the machine hostname.  Specify a hostname or
[ip.add.re.ss].
</p>

<p>
This information can be specified in the main.cf file for all LMTP
clients, or it can be specified in the master.cf file for a specific
client, for example:
</p>

<blockquote>
<pre>
/etc/postfix/master.cf:
    mylmtp ... lmtp -o lmtp_lhlo_name=foo.bar.com
</pre>
</blockquote>

<p>
This feature is available in Postfix 2.3 and later.
</p>

%PARAM lmtp_discard_lhlo_keyword_address_maps

<p> Lookup tables, indexed by the remote LMTP server address, with
case insensitive lists of LHLO keywords (pipelining, starttls,
auth, etc.) that the Postfix LMTP client will ignore in the LHLO
response
from a remote LMTP server. See lmtp_discard_lhlo_keywords for
details. The table is not indexed by hostname for consistency with
smtpd_discard_ehlo_keyword_address_maps. </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM lmtp_discard_lhlo_keywords 

<p> A case insensitive list of LHLO keywords (pipelining, starttls,
auth, etc.) that the Postfix LMTP client will ignore in the LHLO
response
from a remote LMTP server. </p>

<p> This feature is available in Postfix 2.3 and later. </p>

<p> Notes: </p>

<ul>

<li> <p> Specify the <b>silent-discard</b> pseudo keyword to prevent
this action from being logged. </p>

<li> <p> Use the lmtp_discard_lhlo_keyword_address_maps feature to
discard LHLO keywords selectively. </p>

</ul>

%PARAM lmtp_lhlo_timeout 300s

<p> The Postfix LMTP client time limit for sending the LHLO command,
and for receiving the initial remote LMTP server response. </p>

<p> Time units: s (seconds), m (minutes), h (hours), d (days), w
(weeks).  The default time unit is s (seconds).  </p>

%PARAM lmtp_sasl_tls_security_options $lmtp_sasl_security_options

<p> The LMTP-specific version of the smtp_sasl_tls_security_options
configuration parameter.  See there for details. </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM lmtp_sasl_mechanism_filter

<p> The LMTP-specific version of the smtp_sasl_mechanism_filter
configuration parameter.  See there for details. </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM lmtp_bind_address

<p> The LMTP-specific version of the smtp_bind_address configuration
parameter.  See there for details. </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM lmtp_bind_address6

<p> The LMTP-specific version of the smtp_bind_address6 configuration
parameter.  See there for details. </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM lmtp_host_lookup dns

<p> The LMTP-specific version of the smtp_host_lookup configuration
parameter.  See there for details. </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM lmtp_connection_cache_destinations

<p> The LMTP-specific version of the smtp_connection_cache_destinations
configuration parameter.  See there for details. </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM lmtp_tls_per_site

<p> The LMTP-specific version of the smtp_tls_per_site configuration
parameter.  See there for details. </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM lmtp_generic_maps

<p> The LMTP-specific version of the smtp_generic_maps configuration
parameter.  See there for details. </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM lmtp_pix_workaround_threshold_time 500s

<p> The LMTP-specific version of the smtp_pix_workaround_threshold_time
configuration parameter.  See there for details. </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM lmtp_pix_workaround_delay_time 10s

<p> The LMTP-specific version of the smtp_pix_workaround_delay_time
configuration parameter.  See there for details. </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM lmtp_connection_reuse_time_limit 300s

<p> The LMTP-specific version of the smtp_connection_reuse_time_limit
configuration parameter.  See there for details. </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM lmtp_starttls_timeout 300s

<p> The LMTP-specific version of the smtp_starttls_timeout configuration
parameter.  See there for details. </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM lmtp_line_length_limit 990

<p> The LMTP-specific version of the smtp_line_length_limit
configuration parameter.  See there for details. </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM lmtp_mx_address_limit 5

<p> The LMTP-specific version of the smtp_mx_address_limit configuration
parameter.  See there for details. </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM lmtp_mx_session_limit 2

<p> The LMTP-specific version of the smtp_mx_session_limit configuration
parameter.  See there for details. </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM lmtp_tls_scert_verifydepth 9

<p> The LMTP-specific version of the smtp_tls_scert_verifydepth
configuration parameter.  See there for details. </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM lmtp_skip_5xx_greeting yes

<p> The LMTP-specific version of the smtp_skip_5xx_greeting
configuration parameter.  See there for details. </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM lmtp_randomize_addresses yes

<p> The LMTP-specific version of the smtp_randomize_addresses
configuration parameter.  See there for details. </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM lmtp_quote_rfc821_envelope yes

<p> The LMTP-specific version of the smtp_quote_rfc821_envelope
configuration parameter.  See there for details. </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM lmtp_defer_if_no_mx_address_found no

<p> The LMTP-specific version of the smtp_defer_if_no_mx_address_found
configuration parameter.  See there for details. </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM lmtp_connection_cache_on_demand yes

<p> The LMTP-specific version of the smtp_connection_cache_on_demand
configuration parameter.  See there for details. </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM lmtp_use_tls no

<p> The LMTP-specific version of the smtp_use_tls configuration
parameter.  See there for details. </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM lmtp_enforce_tls no

<p> The LMTP-specific version of the smtp_enforce_tls configuration
parameter.  See there for details. </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM lmtp_tls_security_level

<p> The LMTP-specific version of the smtp_tls_security_level configuration
parameter.  See there for details. </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM lmtp_tls_enforce_peername yes

<p> The LMTP-specific version of the smtp_tls_enforce_peername
configuration parameter.  See there for details. </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM lmtp_tls_note_starttls_offer no

<p> The LMTP-specific version of the smtp_tls_note_starttls_offer
configuration parameter.  See there for details. </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM lmtp_sender_dependent_authentication no

<p> The LMTP-specific version of the smtp_sender_dependent_authentication
configuration parameter.  See there for details. </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM connection_cache_protocol_timeout 5s

<p> Time limit for connection cache connect, send or receive
operations.  The time limit is enforced in the client. </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM smtpd_sasl_type cyrus

<p> The SASL plug-in type that the Postfix SMTP server should use
for authentication. The available types are listed with the
"<b>postconf -a</b>" command. </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM smtp_sasl_type cyrus

<p> The SASL plug-in type that the Postfix SMTP client should use
for authentication.  The available types are listed with the    
"<b>postconf -A</b>" command. </p>

<p> This feature is available in Postfix 2.3 and later. </p>


%PARAM lmtp_sasl_type cyrus

<p> The SASL plug-in type that the Postfix LMTP client should use
for authentication.  The available types are listed with the    
"<b>postconf -A</b>" command. </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM smtpd_sasl_path smtpd

<p> Implementation-specific information that the Postfix SMTP server
passes through to
the SASL plug-in implementation that is selected with
<b>smtpd_sasl_type</b>.  Typically this specifies the name of a
configuration file or rendezvous point. </p>

<p> This feature is available in Postfix 2.3 and later. In earlier
releases it was called <b>smtpd_sasl_application_name</b>. </p>

%PARAM smtpd_sasl_service smtp

<p> The service name that is passed to the SASL plug-in that is
selected with <b>smtpd_sasl_type</b> and <b>smtpd_sasl_path</b>.
</p>

<p> This feature is available in Postfix 2.11 and later. Prior
versions behave as if "<b>smtp</b>" is specified. </p>

%PARAM cyrus_sasl_config_path

<p> Search path for Cyrus SASL application configuration files,
currently used only to locate the $smtpd_sasl_path.conf file.
Specify zero or more directories separated by a colon character,
or an empty value to use Cyrus SASL's built-in search path.  </p>

<p> This feature is available in Postfix 2.5 and later when compiled
with Cyrus SASL 2.1.22 or later. </p>

%PARAM smtp_sasl_path

<p> Implementation-specific information that the Postfix SMTP client
passes through to
the SASL plug-in implementation that is selected with
<b>smtp_sasl_type</b>.  Typically this specifies the name of a
configuration file or rendezvous point. </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM lmtp_sasl_path

<p> Implementation-specific information that is passed through to
the SASL plug-in implementation that is selected with
<b>lmtp_sasl_type</b>.  Typically this specifies the name of a
configuration file or rendezvous point. </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM plaintext_reject_code 450

<p>
The numerical Postfix SMTP server response code when a request
is rejected by the <b>reject_plaintext_session</b> restriction.
</p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM resolve_numeric_domain no

<p> Resolve "user@ipaddress" as "user@[ipaddress]", instead of
rejecting the address as invalid.  </p>

<p> This feature is available in Postfix 2.3 and later.

%PARAM mailbox_transport_maps

<p> Optional lookup tables with per-recipient message delivery
transports to use for local(8) mailbox delivery, whether or not the
recipients are found in the UNIX passwd database. </p>
 
<p> The precedence of local(8) delivery features from high to low
is: aliases, .forward files, mailbox_transport_maps, mailbox_transport,
mailbox_command_maps, mailbox_command, home_mailbox, mail_spool_directory,
fallback_transport_maps, fallback_transport and luser_relay.  </p>

<p>
Specify zero or more "type:name" lookup tables, separated by
whitespace or comma. Tables will be searched in the specified order
until a match is found.
</p>

<p> For safety reasons, this feature does not allow $number
substitutions in regular expression maps. </p>
 
<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM fallback_transport_maps

<p> Optional lookup tables with per-recipient message delivery
transports for recipients that the local(8) delivery agent could
not find in the aliases(5) or UNIX password database. </p>
 
<p> The precedence of local(8) delivery features from high to low
is: aliases, .forward files, mailbox_transport_maps, mailbox_transport,
mailbox_command_maps, mailbox_command, home_mailbox, mail_spool_directory,
fallback_transport_maps, fallback_transport and luser_relay.  </p>

<p> For safety reasons, this feature does not allow $number
substitutions in regular expression maps. </p>
 
<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM smtp_cname_overrides_servername version dependent

<p> When the remote SMTP servername is a DNS CNAME, replace the
servername with the result from CNAME expansion for the purpose of
logging, SASL password lookup, TLS
policy decisions, or TLS certificate verification. The value "no"
hardens Postfix smtp_tls_per_site hostname-based policies against
false hostname information in DNS CNAME records, and makes SASL
password file lookups more predictable. This is the default setting
as of Postfix 2.3. </p>

<p> When DNS CNAME records are validated with secure DNS lookups
(smtp_dns_support_level = dnssec), they are always allowed to
override the above servername (Postfix 2.11 and later). </p>

<p> This feature is available in Postfix 2.2.9 and later. </p>

%PARAM lmtp_cname_overrides_servername yes

<p> The LMTP-specific version of the smtp_cname_overrides_servername
configuration parameter.  See there for details. </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM smtp_sasl_tls_verified_security_options $smtp_sasl_tls_security_options

<p> The SASL authentication security options that the Postfix SMTP
client uses for TLS encrypted SMTP sessions with a verified server
certificate. </p>

<p> When mail is sent to the public MX host for the recipient's
domain, server certificates are by default optional, and delivery
proceeds even if certificate verification fails. For delivery via
a submission service that requires SASL authentication, it may be
appropriate to send plaintext passwords only when the connection
to the server is strongly encrypted <b>and</b> the server identity
is verified. </p>

<p> The smtp_sasl_tls_verified_security_options parameter makes it
possible to only enable plaintext mechanisms when a secure connection
to the server is available. Submission servers subject to this
policy must either have verifiable certificates or offer suitable
non-plaintext SASL mechanisms. </p>

<p> This feature is available in Postfix 2.6 and later. </p>

%PARAM lmtp_sasl_tls_verified_security_options $lmtp_sasl_tls_security_options

<p> The LMTP-specific version of the
smtp_sasl_tls_verified_security_options configuration parameter.
See there for details. </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM lmtp_connection_cache_time_limit 2s

<p> The LMTP-specific version of the
smtp_connection_cache_time_limit configuration parameter.
See there for details. </p>
 
<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM smtpd_delay_open_until_valid_rcpt yes

<p> Postpone the start of an SMTP mail transaction until a valid
RCPT TO command is received. Specify "no" to create a mail transaction
as soon as the Postfix SMTP server receives a valid MAIL FROM
command. </p>

<p> With sites that reject lots of mail, the default setting reduces
the use of
disk, CPU and memory resources. The downside is that rejected
recipients are logged with NOQUEUE instead of a mail transaction
ID. This complicates the logfile analysis of multi-recipient mail.
</p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM lmtp_tls_cert_file

<p> The LMTP-specific version of the smtp_tls_cert_file
configuration parameter.  See there for details. </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM lmtp_tls_key_file $lmtp_tls_cert_file

<p> The LMTP-specific version of the smtp_tls_key_file
configuration parameter.  See there for details. </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM lmtp_tls_dcert_file

<p> The LMTP-specific version of the smtp_tls_dcert_file
configuration parameter.  See there for details. </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM lmtp_tls_dkey_file $lmtp_tls_dcert_file

<p> The LMTP-specific version of the smtp_tls_dkey_file
configuration parameter.  See there for details. </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM lmtp_tls_CAfile

<p> The LMTP-specific version of the smtp_tls_CAfile
configuration parameter.  See there for details. </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM lmtp_tls_CApath

<p> The LMTP-specific version of the smtp_tls_CApath
configuration parameter.  See there for details. </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM lmtp_tls_loglevel 0

<p> The LMTP-specific version of the smtp_tls_loglevel
configuration parameter.  See there for details. </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM lmtp_tls_session_cache_database

<p> The LMTP-specific version of the smtp_tls_session_cache_database
configuration parameter. See there for details. </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM lmtp_tls_session_cache_timeout  3600s

<p> The LMTP-specific version of the smtp_tls_session_cache_timeout
configuration parameter.  See there for details. </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM smtp_tls_policy_maps

<p> Optional lookup tables with the Postfix SMTP client TLS security
policy by next-hop destination; when a non-empty value is specified,
this overrides the obsolete smtp_tls_per_site parameter.  See
TLS_README for a more detailed discussion of TLS security levels.
</p>

<p>
Specify zero or more "type:name" lookup tables, separated by
whitespace or comma. Tables will be searched in the specified order
until a match is found.
</p>

<p> The TLS policy table is indexed by the full next-hop destination,
which is either the recipient domain, or the verbatim next-hop
specified in the transport table, $local_transport, $virtual_transport,
$relay_transport or $default_transport. This includes any enclosing
square brackets and any non-default destination server port suffix. The
LMTP socket type prefix (inet: or unix:) is not included in the lookup
key. </p>

<p> Only the next-hop domain, or $myhostname with LMTP over UNIX-domain
sockets, is used as the nexthop name for certificate verification. The
port and any enclosing square brackets are used in the table lookup key,
but are not used for server name verification. </p>

<p> When the lookup key is a domain name without enclosing square brackets
or any <i>:port</i> suffix (typically the recipient domain), and the full
domain is not found in the table, just as with the transport(5) table,
the parent domain starting with a leading "." is matched recursively. This
allows one to specify a security policy for a recipient domain and all
its sub-domains. </p>

<p> The lookup result is a security level, followed by an optional list
of whitespace and/or comma separated name=value attributes that override
related main.cf settings. The TLS security levels in order of increasing
security are: </p>

<dl>

<dt><b><a href="TLS_README.html#client_tls_none">none</a></b></dt>
<dd>No TLS. No additional attributes are supported at this level. </dd>

<dt><b><a href="TLS_README.html#client_tls_may">may</a></b></dt>
<dd>Opportunistic TLS. Since sending in the clear is acceptable,
demanding stronger than default TLS security merely reduces
interoperability. The optional "ciphers", "exclude" and "protocols"
attributes (available for opportunistic TLS with Postfix &ge; 2.6)
override the "smtp_tls_ciphers", "smtp_tls_exclude_ciphers" and
"smtp_tls_protocols" configuration parameters. When opportunistic TLS
handshakes fail, Postfix retries the connection with TLS disabled.
This allows mail delivery to sites with non-interoperable TLS
implementations.</dd>

<dt><b><a href="TLS_README.html#client_tls_encrypt">encrypt</a></b></dt>
<dd>Mandatory TLS encryption. At this level
and higher, the optional "protocols" attribute overrides the main.cf
smtp_tls_mandatory_protocols parameter, the optional "ciphers" attribute
overrides the main.cf smtp_tls_mandatory_ciphers parameter, and the
optional "exclude" attribute (Postfix &ge; 2.6) overrides the main.cf
smtp_tls_mandatory_exclude_ciphers parameter. In the policy table,
multiple protocols or excluded ciphers must be separated by colons,
as attribute values may not contain whitespace or commas. </dd>

<dt><b><a href="TLS_README.html#client_tls_dane">dane</a></b></dt>
<dd>Opportunistic DANE TLS.  The TLS policy for the destination is
obtained via TLSA records in DNSSEC.  If no TLSA records are found,
the effective security level used is <a
href="TLS_README.html#client_tls_may">may</a>.  If TLSA records are
found, but none are usable, the effective security level is <a
href="TLS_README.html#client_tls_encrypt">encrypt</a>.  When usable
TLSA records are obtained for the remote SMTP server, the
server certificate must match the TLSA records.  RFC 6698 (DANE)
TLS authentication and DNSSEC support is available with Postfix
2.11 and later.  </dd>

<dt><b><a href="TLS_README.html#client_tls_dane">dane-only</a></b></dt>
<dd>Mandatory DANE TLS.  The TLS policy for the destination is
obtained via TLSA records in DNSSEC.  If no TLSA records are found,
or none are usable, no connection is made to the server.  When
usable TLSA records are obtained for the remote SMTP server, the
server certificate must match the TLSA records.  RFC 6698 (DANE) TLS
authentication and DNSSEC support is available with Postfix 2.11
and later.  </dd>

<dt><b><a href="TLS_README.html#client_tls_fingerprint">fingerprint</a></b></dt>
<dd>Certificate fingerprint
verification. Available with Postfix 2.5 and later. At this security
level, there are no trusted Certification Authorities. The certificate
trust chain, expiration date, ... are not checked. Instead,
the optional <b>match</b> attribute, or else the main.cf
<b>smtp_tls_fingerprint_cert_match</b> parameter, lists the certificate
fingerprints or the public key fingerprint (Postfix 2.9 and later)
of the valid server certificate. The digest
algorithm used to calculate the fingerprint is selected by the
<b>smtp_tls_fingerprint_digest</b> parameter. Multiple fingerprints can
be combined with a "|" delimiter in a single match attribute, or multiple
match attributes can be employed. The ":" character is not used as a
delimiter as it occurs between each pair of fingerprint (hexadecimal)
digits. </dd>

<dt><b><a href="TLS_README.html#client_tls_verify">verify</a></b></dt>
<dd>Mandatory TLS verification.  At this security
level, DNS MX lookups are trusted to be secure enough, and the name
verified in the server certificate is usually obtained indirectly via
unauthenticated DNS MX lookups.  The optional "match" attribute overrides
the main.cf smtp_tls_verify_cert_match parameter. In the policy table,
multiple match patterns and strategies must be separated by colons.
In practice explicit control over matching is more common with the
"secure" policy, described below. </dd>

<dt><b><a href="TLS_README.html#client_tls_secure">secure</a></b></dt>
<dd>Secure-channel TLS. At this security level, DNS
MX lookups, though potentially used to determine the candidate next-hop
gateway IP addresses, are <b>not</b> trusted to be secure enough for TLS
peername verification. Instead, the default name verified in the server
certificate is obtained directly from the next-hop, or is explicitly
specified via the optional <b>match</b> attribute which overrides the
main.cf smtp_tls_secure_cert_match parameter. In the policy table,
multiple match patterns and strategies must be separated by colons.
The match attribute is most useful when multiple domains are supported by
common server, the policy entries for additional domains specify matching
rules for the primary domain certificate. While transport table overrides
routing the secondary domains to the primary nexthop also allow secure
verification, they risk delivery to the wrong destination when domains
change hands or are re-assigned to new gateways. With the "match"
attribute approach, routing is not perturbed, and mail is deferred if
verification of a new MX host fails. </dd>

</dl>

<p>
Example:
</p>

<pre>
/etc/postfix/main.cf:
    smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
    # Postfix 2.5 and later
    smtp_tls_fingerprint_digest = md5
</pre>

<pre>
/etc/postfix/tls_policy:
    example.edu                 none
    example.mil                 may
    example.gov                 encrypt protocols=TLSv1
    example.com                 verify ciphers=high
    example.net                 secure
    .example.net                secure match=.example.net:example.net
    [mail.example.org]:587      secure match=nexthop
    # Postfix 2.5 and later
    [thumb.example.org]          fingerprint
        match=EC:3B:2D:B0:5B:B1:FB:6D:20:A3:9D:72:F6:8D:12:35
        match=3D:95:34:51:24:66:33:B9:D2:40:99:C0:C1:17:0B:D1
</pre>

<p> <b>Note:</b> The <b>hostname</b> strategy if listed in a non-default
setting of smtp_tls_secure_cert_match or in the <b>match</b> attribute
in the policy table can render the <b>secure</b> level vulnerable to
DNS forgery. Do not use the <b>hostname</b> strategy for secure-channel
configurations in environments where DNS security is not assured. </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM smtp_tls_mandatory_protocols !SSLv2, !SSLv3

<p> List of SSL/TLS protocols that the Postfix SMTP client will use with
mandatory TLS encryption.  In main.cf the values are separated by
whitespace, commas or colons. In the policy table "protocols" attribute
(see smtp_tls_policy_maps) the only valid separator is colon. An
empty value means allow all protocols. The valid protocol names, (see
<b>SSL_get_version(3)</b>), are "SSLv2", "SSLv3" and "TLSv1". The
default value is "!SSLv2, !SSLv3" for Postfix releases after the
middle of 2015, "!SSLv2" for older releases. </p>

<p> With Postfix &ge; 2.5 the parameter syntax was expanded to support
protocol exclusions. One can explicitly exclude "SSLv2" by setting
"smtp_tls_mandatory_protocols = !SSLv2". To exclude both "SSLv2" and
"SSLv3" set "smtp_tls_mandatory_protocols = !SSLv2, !SSLv3". Listing
the protocols to include, rather than protocols to exclude, is
supported, but not recommended. The exclusion form more closely
matches the underlying OpenSSL interface semantics.
</p>

<p> The range of protocols advertised by an SSL/TLS client must be
contiguous.  When a protocol version is enabled, disabling any
higher version implicitly disables all versions above that higher
version.  Thus, for example: </p>
<blockquote>
<pre>
smtp_tls_mandatory_protocols = !SSLv2, !TLSv1
</pre>
</blockquote>
<p> also disables any protocols version higher than TLSv1 leaving
only "SSLv3" enabled.  </p>

<p> Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1"
and "TLSv1.2". When Postfix &le; 2.5 is linked against OpenSSL 1.0.1
or later, these, or any other new protocol versions, cannot be
disabled except by also disabling "TLSv1" (typically leaving just
"SSLv3").  The latest patch levels of Postfix &ge; 2.6, and all
versions of Postfix &ge; 2.10 can explicitly disable support for
"TLSv1.1" or "TLSv1.2". </p>

<p> At the <a href="TLS_README.html#client_tls_dane">dane</a> and
<a href="TLS_README.html#client_tls_dane">dane-only</a> security
levels, when usable TLSA records are obtained for the remote SMTP
server, the Postfix SMTP client is obligated to include the SNI TLS
extension in its SSL client hello message.  This may help the remote
SMTP server live up to its promise to provide a certificate that
matches its TLSA records.  Since TLS extensions require TLS 1.0 or
later, the Postfix SMTP client must disable "SSLv2" and "SSLv3" when
SNI is required.  If you use "dane" or "dane-only" do not disable
TLSv1, except perhaps via the policy table for destinations which
you are sure will support "TLSv1.1" or "TLSv1.2".  </p>

<p> See the documentation of the smtp_tls_policy_maps parameter and
TLS_README for more information about security levels. </p>

<p> Example: </p>

<pre>
# Preferred syntax with Postfix &ge; 2.5:
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
# Legacy syntax:
smtp_tls_mandatory_protocols = TLSv1
</pre>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM smtp_tls_verify_cert_match hostname

<p> How the Postfix SMTP client verifies the server certificate
peername for the
"verify" TLS security level. In a "verify" TLS policy table
($smtp_tls_policy_maps) entry the optional "match" attribute 
overrides this main.cf setting. </p>

<p> This parameter specifies one or more patterns or strategies separated
by commas, whitespace or colons.  In the policy table the only valid
separator is the colon character. </p>

<p> Patterns specify domain names, or domain name suffixes: </p>

<dl>

<dt><i>example.com</i></dt> <dd> Match the <i>example.com</i> domain,
i.e. one of the names the server certificate must be <i>example.com</i>,
upper and lower case distinctions are ignored. </dd>

<dt><i>.example.com</i></dt>
<dd> Match subdomains of the <i>example.com</i> domain, i.e. match
a name in the server certificate that consists of a non-zero number of
labels followed by a <i>.example.com</i> suffix. Case distinctions are
ignored.</dd>

</dl>

<p> Strategies specify a transformation from the next-hop domain
to the expected name in the server certificate: </p>

<dl>

<dt>nexthop</dt>
<dd> Match against the next-hop domain, which is either the recipient
domain, or the transport next-hop configured for the domain stripped of
any optional socket type prefix, enclosing square brackets and trailing
port. When MX lookups are not suppressed, this is the original nexthop
domain prior to the MX lookup, not the result of the MX lookup. For
LMTP delivery via UNIX-domain sockets, the verified next-hop name is
$myhostname.  This strategy is suitable for use with the "secure"
policy. Case is ignored.</dd>

<dt>dot-nexthop</dt>
<dd> As above, but match server certificate names that are subdomains
of the next-hop domain. Case is ignored.</dd>

<dt>hostname</dt> <dd> Match against the hostname of the server, often
obtained via an unauthenticated DNS MX lookup. For LMTP delivery via
UNIX-domain sockets, the verified name is $myhostname. This matches
the verification strategy of the "MUST" keyword in the obsolete
smtp_tls_per_site table, and is suitable for use with the "verify"
security level. When the next-hop name is enclosed in square brackets
to suppress MX lookups, the "hostname" strategy is the same as the
"nexthop" strategy. Case is ignored.</dd>

</dl>

<p>
Sample main.cf setting:
</p>

<pre>
smtp_tls_verify_cert_match = hostname, nexthop, dot-nexthop
</pre>

<p>
Sample policy table override:
</p>

<pre>
example.com     verify  match=hostname:nexthop
.example.com    verify  match=example.com:.example.com:hostname
</pre>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM smtp_tls_secure_cert_match nexthop, dot-nexthop

<p> How the Postfix SMTP client verifies the server certificate
peername for the "secure" TLS security level. In a "secure" TLS policy table
($smtp_tls_policy_maps) entry the optional "match" attribute
overrides this main.cf setting. </p>

<p> This parameter specifies one or more patterns or strategies separated
by commas, whitespace or colons.  In the policy table the only valid
separator is the colon character. </p>

<p> For a description of the pattern and strategy syntax see the
smtp_tls_verify_cert_match parameter. The "hostname" strategy should
be avoided in this context, as in the absence of a secure global DNS, using
the results of MX lookups in certificate verification is not immune to active
(man-in-the-middle) attacks on DNS. </p>

<p>
Sample main.cf setting:
</p>

<blockquote>
<pre>
smtp_tls_secure_cert_match = nexthop
</pre>
</blockquote>

<p>
Sample policy table override:
</p>

<blockquote>
<pre>
example.net     secure match=example.com:.example.com
.example.net    secure match=example.com:.example.com
</pre>
</blockquote>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM lmtp_tls_policy_maps

<p> The LMTP-specific version of the smtp_tls_policy_maps
configuration parameter. See there for details. </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM lmtp_tls_mandatory_protocols !SSLv2, !SSLv3

<p> The LMTP-specific version of the smtp_tls_mandatory_protocols
configuration parameter. See there for details. </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM lmtp_tls_verify_cert_match hostname

<p> The LMTP-specific version of the smtp_tls_verify_cert_match
configuration parameter. See there for details. </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM lmtp_tls_secure_cert_match nexthop

<p> The LMTP-specific version of the smtp_tls_secure_cert_match
configuration parameter. See there for details. </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM smtpd_tls_mandatory_protocols !SSLv2, !SSLv3

<p> The SSL/TLS protocols accepted by the Postfix SMTP server with
mandatory TLS encryption. If the list is empty, the server supports
all available SSL/TLS protocol versions.  A non-empty value is a
list of protocol names separated by whitespace, commas or colons.
The supported protocol names are "SSLv2", "SSLv3" and "TLSv1", and
are not case sensitive. The default value is "!SSLv2, !SSLv3" for
Postfix releases after the middle of 2015, "!SSLv2" for older
releases. </p>

<p> With Postfix &ge; 2.5 the parameter syntax was expanded to support
protocol exclusions. One can explicitly exclude "SSLv2" by setting
"smtpd_tls_mandatory_protocols = !SSLv2". To exclude both "SSLv2" and
"SSLv3" set "smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3". Listing
the protocols to include, rather than protocols to exclude, is
supported, but not recommended. The exclusion form more closely
matches the underlying OpenSSL interface semantics.  </p>

<p> Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1"
and "TLSv1.2". When Postfix &le; 2.5 is linked against OpenSSL 1.0.1
or later, these, or any other new protocol versions, cannot be
disabled.  The latest patch levels of Postfix &ge; 2.6, and all
versions of Postfix &ge; 2.10 can disable support for "TLSv1.1" or
"TLSv1.2". </p>

<p> Example: </p>

<pre>
# Preferred syntax with Postfix &ge; 2.5:
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
# Legacy syntax:
smtpd_tls_mandatory_protocols = TLSv1
</pre>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM smtp_tls_security_level

<p> The default SMTP TLS security level for the Postfix SMTP client;
when a non-empty value is specified, this overrides the obsolete
parameters smtp_use_tls, smtp_enforce_tls, and smtp_tls_enforce_peername.
</p>

<p> Specify one of the following security levels: </p>

<dl>

<dt><b><a href="TLS_README.html#client_tls_none">none</a></b></dt>
<dd> No TLS. TLS will not be used unless enabled for specific
destinations via smtp_tls_policy_maps. </dd>

<dt><b><a href="TLS_README.html#client_tls_may">may</a></b></dt>
<dd> Opportunistic TLS. Use TLS if this is supported by the remote
SMTP server, otherwise use plaintext. Since
sending in the clear is acceptable, demanding stronger than default TLS
security merely reduces interoperability.
The "smtp_tls_ciphers" and "smtp_tls_protocols" (Postfix &ge; 2.6)
configuration parameters provide control over the protocols and
cipher grade used with opportunistic TLS.  With earlier releases the
opportunistic TLS cipher grade is always "export" and no protocols
are disabled.
When TLS handshakes fail, the connection is retried with TLS disabled.
This allows mail delivery to sites with non-interoperable TLS
implementations. </dd>

<dt><b><a href="TLS_README.html#client_tls_encrypt">encrypt</a></b></dt>
<dd>Mandatory TLS encryption. Since a minimum
level of security is intended, it is reasonable to be specific about
sufficiently secure protocol versions and ciphers. At this security level
and higher, the main.cf parameters smtp_tls_mandatory_protocols and
smtp_tls_mandatory_ciphers specify the TLS protocols and minimum
cipher grade which the administrator considers secure enough for
mandatory encrypted sessions. This security level is not an appropriate
default for systems delivering mail to the Internet. </dd>

<dt><b><a href="TLS_README.html#client_tls_dane">dane</a></b></dt>
<dd>Opportunistic DANE TLS.  At this security level, the TLS policy
for the destination is obtained via DNSSEC.  For TLSA policy to be
in effect, the destination domain's containing DNS zone must be
signed and the Postfix SMTP client's operating system must be
configured to send its DNS queries to a recursive DNS nameserver
that is able to validate the signed records.  Each MX host's DNS
zone should also be signed, and should publish DANE TLSA (RFC 6698)
records that specify how that MX host's TLS certificate is to be
verified.  TLSA records do not preempt the normal SMTP MX host
selection algorithm, if some MX hosts support TLSA and others do
not, TLS security will vary from delivery to delivery.  It is up
to the domain owner to configure their MX hosts and their DNS
sensibly.  To configure the Postfix SMTP client for DNSSEC lookups
see the documentation for the smtp_dns_support_level main.cf
parameter.  When DNSSEC-validated TLSA records are not found the
effective tls security level is "may".  When TLSA records are found,
but are all unusable the effective security level is "encrypt".  For
purposes of protocol and cipher selection, the "dane" security level
is treated like a "mandatory" TLS security level, and weak ciphers
and protocols are disabled.  Since DANE authenticates server
certificates the "aNULL" cipher-suites are transparently excluded
at this level, no need to configure this manually.  RFC 6698 (DANE)
TLS authentication is available with Postfix 2.11 and later.  </dd>

<dt><b><a href="TLS_README.html#client_tls_dane">dane-only</a></b></dt>
<dd>Mandatory DANE TLS.  This is just like "dane" above, but DANE
TLSA authentication is required.  There is no fallback to "may" or
"encrypt" when TLSA records are missing or unusable.  RFC 6698
(DANE) TLS authentication is available with Postfix 2.11 and later.
</dd>

<dt><b><a href="TLS_README.html#client_tls_fingerprint">fingerprint</a></b></dt>
<dd>Certificate fingerprint verification.
At this security level, there are no trusted Certification Authorities.
The certificate trust chain, expiration date, etc., are
not checked. Instead, the <b>smtp_tls_fingerprint_cert_match</b>
parameter lists the certificate fingerprint or public key fingerprint
(Postfix 2.9 and later) of the valid server certificate. The digest
algorithm used to calculate the fingerprint is selected by the
<b>smtp_tls_fingerprint_digest</b> parameter. Available with Postfix
2.5 and later.  </dd>

<dt><b><a href="TLS_README.html#client_tls_verify">verify</a></b></dt>
<dd>Mandatory TLS verification. At this security
level, DNS MX lookups are trusted to be secure enough, and the name
verified in the server certificate is usually obtained indirectly
via unauthenticated DNS MX lookups. The smtp_tls_verify_cert_match
parameter controls how the server name is verified. In practice explicit
control over matching is more common at the "secure" level, described
below. This security level is not an appropriate default for systems
delivering mail to the Internet. </dd>

<dt><b><a href="TLS_README.html#client_tls_secure">secure</a></b></dt>
<dd>Secure-channel TLS.  At this security level,
DNS MX lookups, though potentially used to determine the candidate
next-hop gateway IP addresses, are <b>not</b> trusted to be secure enough
for TLS peername verification. Instead, the default name verified in
the server certificate is obtained from the next-hop domain as specified
in the smtp_tls_secure_cert_match configuration parameter. The default
matching rule is that a server certificate matches when its name is equal
to or is a sub-domain of the nexthop domain. This security level is not
an appropriate default for systems delivering mail to the Internet. </dd>

</dl>

<p>
Examples:
</p>

<pre>
# No TLS. Formerly: smtp_use_tls=no and smtp_enforce_tls=no.
smtp_tls_security_level = none
</pre>

<pre>
# Opportunistic TLS.
smtp_tls_security_level = may
# Postfix &ge; 2.6:
# Do not tweak opportunistic ciphers or protocol unless it is essential
# to do so (if a security vulnerability is found in the SSL library that
# can be mitigated by disabling a particular protocol or raising the
# cipher grade from "export" to "low" or "medium").
smtp_tls_ciphers = export
smtp_tls_protocols = !SSLv2, !SSLv3
</pre>

<pre>
# Mandatory (high-grade) TLS encryption.
smtp_tls_security_level = encrypt
smtp_tls_mandatory_ciphers = high
</pre>

<pre>
# Mandatory TLS verification of hostname or nexthop domain.
smtp_tls_security_level = verify
smtp_tls_mandatory_ciphers = high
smtp_tls_verify_cert_match = hostname, nexthop, dot-nexthop
</pre>

<pre>
# Secure channel TLS with exact nexthop name match.
smtp_tls_security_level = secure
smtp_tls_mandatory_protocols = TLSv1
smtp_tls_mandatory_ciphers = high
smtp_tls_secure_cert_match = nexthop
</pre>

<pre>
# Certificate fingerprint verification (Postfix &ge; 2.5).
# The CA-less "fingerprint" security level only scales to a limited
# number of destinations. As a global default rather than a per-site
# setting, this is practical when mail for all recipients is sent
# to a central mail hub.
relayhost = [mailhub.example.com]
smtp_tls_security_level = fingerprint
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
smtp_tls_mandatory_ciphers = high
smtp_tls_fingerprint_cert_match = 
    3D:95:34:51:24:66:33:B9:D2:40:99:C0:C1:17:0B:D1
    EC:3B:2D:B0:5B:B1:FB:6D:20:A3:9D:72:F6:8D:12:35
</pre>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM smtpd_milters

<p> A list of Milter (mail filter) applications for new mail that
arrives via the Postfix smtpd(8) server. Specify space or comma as
separator. See the MILTER_README document for details.  </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM non_smtpd_milters

<p> A list of Milter (mail filter) applications for new mail that
does not arrive via the Postfix smtpd(8) server. This includes local
submission via the sendmail(1) command line, new mail that arrives
via the Postfix qmqpd(8) server, and old mail that is re-injected
into the queue with "postsuper -r".  Specify space or comma as
separator. See the MILTER_README document for details.  </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM milter_protocol 6

<p> The mail filter protocol version and optional protocol extensions
for communication with a Milter application; prior to Postfix 2.6
the default protocol is 2. Postfix
sends this version number during the initial protocol handshake.
It should match the version number that is expected by the mail
filter application (or by its Milter library).  </p>

<p>Protocol versions: </p>

<dl compact>

<dt>2</dt> <dd>Use Sendmail 8 mail filter protocol version 2 (default
with Sendmail version 8.11 .. 8.13 and Postfix version 2.3 ..
2.5).</dd>

<dt>3</dt> <dd>Use Sendmail 8 mail filter protocol version 3.</dd>

<dt>4</dt> <dd>Use Sendmail 8 mail filter protocol version 4.</dd>

<dt>6</dt> <dd>Use Sendmail 8 mail filter protocol version 6 (default
with Sendmail version 8.14 and Postfix version 2.6).</dd>

</dl>

<p>Protocol extensions: </p>

<dl compact>

<dt>no_header_reply</dt> <dd> Specify this when the Milter application
will not reply for each individual message header.</dd>

</dl>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM milter_default_action tempfail

<p> The default action when a Milter (mail filter) application is
unavailable or mis-configured. Specify one of the following: </p>

<dl compact>

<dt>accept</dt> <dd>Proceed as if the mail filter was not present.
</dd>

<dt>reject</dt> <dd>Reject all further commands in this session
with a permanent status code.</dd>

<dt>tempfail</dt> <dd>Reject all further commands in this session
with a temporary status code. </dd>

<dt>quarantine</dt> <dd>Like "accept", but freeze the message in
the "hold" queue. Available with Postfix 2.6 and later. </dd>

</dl>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM milter_connect_timeout 30s

<p> The time limit for connecting to a Milter (mail filter)
application, and for negotiating protocol options. </p>

<p> Specify a non-zero time value (an integral value plus an optional
one-letter suffix that specifies the time unit). </p>

<p> Time units: s (seconds), m (minutes), h (hours), d (days), w
(weeks). The default time unit is s (seconds). </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM milter_command_timeout 30s

<p> The time limit for sending an SMTP command to a Milter (mail
filter) application, and for receiving the response.  </p>

<p> Specify a non-zero time value (an integral value plus an optional
one-letter suffix that specifies the time unit). </p>

<p> Time units: s (seconds), m (minutes), h (hours), d (days), w
(weeks). The default time unit is s (seconds). </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM milter_content_timeout 300s

<p> The time limit for sending message content to a Milter (mail
filter) application, and for receiving the response.  </p>

<p> Specify a non-zero time value (an integral value plus an optional
one-letter suffix that specifies the time unit). </p>

<p> Time units: s (seconds), m (minutes), h (hours), d (days), w
(weeks). The default time unit is s (seconds). </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM milter_connect_macros see "postconf -d" output

<p> The macros that are sent to Milter (mail filter) applications
after completion of an SMTP connection. See MILTER_README
for a list of available macro names and their meanings. </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM milter_helo_macros see "postconf -d" output

<p> The macros that are sent to Milter (mail filter) applications
after the SMTP HELO or EHLO command. See
MILTER_README for a list of available macro names and their meanings.
</p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM milter_mail_macros see "postconf -d" output

<p> The macros that are sent to Milter (mail filter) applications
after the SMTP MAIL FROM command. See MILTER_README
for a list of available macro names and their meanings. </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM milter_rcpt_macros see "postconf -d" output

<p> The macros that are sent to Milter (mail filter) applications
after the SMTP RCPT TO command. See MILTER_README
for a list of available macro names and their meanings. </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM milter_data_macros see "postconf -d" output

<p> The macros that are sent to version 4 or higher Milter (mail
filter) applications after the SMTP DATA command. See MILTER_README
for a list of available macro names and their meanings.  </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM milter_end_of_header_macros see "postconf -d" output

<p> The macros that are sent to Milter (mail filter) applications
after the end of the message header. See MILTER_README for a list
of available macro names and their meanings.  </p>

<p> This feature is available in Postfix 2.5 and later. </p>

%PARAM milter_end_of_data_macros see "postconf -d" output

<p> The macros that are sent to Milter (mail filter) applications
after the message end-of-data. See MILTER_README for a list of
available macro names and their meanings.  </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM milter_unknown_command_macros see "postconf -d" output

<p> The macros that are sent to version 3 or higher Milter (mail
filter) applications after an unknown SMTP command.  See MILTER_README
for a list of available macro names and their meanings.  </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM milter_macro_daemon_name $myhostname

<p> The {daemon_name} macro value for Milter (mail filter) applications.
See MILTER_README for a list of available macro names and their
meanings.  </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM milter_macro_defaults

<p> Optional list of <i>name=value</i> pairs that specify default
values for arbitrary macros that Postfix may send to Milter
applications.  These defaults are used when there is no corresponding
information from the message delivery context. </p>

<p> Specify <i>name=value</i> or <i>{name}=value</i> pairs separated
by comma or whitespace.  Enclose a pair in "{}" when a value contains
comma or whitespace (this form ignores whitespace after the enclosing
"{", around the "=", and before the enclosing "}"). </p>

<p> This feature is available in Postfix 3.1 and later.  </p>

%PARAM milter_macro_v $mail_name $mail_version

<p> The {v} macro value for Milter (mail filter) applications.
See MILTER_README for a list of available macro names and their
meanings.  </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM smtpd_tls_mandatory_ciphers medium

<p> The minimum TLS cipher grade that the Postfix SMTP server will
use with mandatory TLS encryption. The default grade ("medium") is
sufficiently strong that any benefit from globally restricting TLS
sessions to a more stringent grade is likely negligible, especially
given the fact that many implementations still do not offer any stronger
("high" grade) ciphers, while those that do, will always use "high"
grade ciphers. So insisting on "high" grade ciphers is generally
counter-productive. Allowing "export" or "low" ciphers is typically
not a good idea, as systems limited to just these are limited to
obsolete browsers. No known SMTP clients fail to support at least 
one "medium" or "high" grade cipher. </p> 

<p> The following cipher grades are supported: </p>

<dl>
<dt><b>export</b></dt>
<dd> Enable "EXPORT" grade or stronger OpenSSL ciphers.  The
underlying cipherlist is specified via the tls_export_cipherlist
configuration parameter, which you are strongly encouraged to not
change.  This choice is insecure and SHOULD NOT be used.  </dd>

<dt><b>low</b></dt>
<dd> Enable "LOW" grade or stronger OpenSSL ciphers. The underlying
cipherlist is specified via the tls_low_cipherlist configuration
parameter, which you are strongly encouraged to not change.  This
choice is insecure and SHOULD NOT be used.  </dd>

<dt><b>medium</b></dt>
<dd> Enable "MEDIUM" grade or stronger OpenSSL ciphers. These use 128-bit
or longer symmetric bulk-encryption keys. This is the default minimum
strength for mandatory TLS encryption. The underlying cipherlist is
specified via the tls_medium_cipherlist configuration parameter, which
you are strongly encouraged to not change. </dd>

<dt><b>high</b></dt>
<dd> Enable only "HIGH" grade OpenSSL ciphers. The
underlying cipherlist is specified via the tls_high_cipherlist
configuration parameter, which you are strongly encouraged to
not change. </dd>

<dt><b>null</b></dt>
<dd> Enable only the "NULL" OpenSSL ciphers, these provide authentication
without encryption.  This setting is only appropriate in the rare
case that all clients are prepared to use NULL ciphers (not normally
enabled in TLS clients). The underlying cipherlist is specified via the
tls_null_cipherlist configuration parameter, which you are strongly
encouraged to not change. </dd>

</dl>

<p> Cipher types listed in
smtpd_tls_mandatory_exclude_ciphers or smtpd_tls_exclude_ciphers are
excluded from the base definition of the selected cipher grade. See
smtpd_tls_ciphers for cipher controls that apply to opportunistic
TLS. </p>

<p> The underlying cipherlists for grades other than "null" include
anonymous ciphers, but these are automatically filtered out if the
server is configured to ask for remote SMTP client certificates.  You are very
unlikely to need to take any steps to exclude anonymous ciphers, they
are excluded automatically as required.  If you must exclude anonymous
ciphers even when Postfix does not need or use peer certificates, set
"smtpd_tls_exclude_ciphers = aNULL". To exclude anonymous ciphers only
when TLS is enforced, set "smtpd_tls_mandatory_exclude_ciphers = aNULL". </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM smtpd_tls_exclude_ciphers

<p> List of ciphers or cipher types to exclude from the SMTP server
cipher list at all TLS security levels. Excluding valid ciphers
can create interoperability problems. DO NOT exclude ciphers unless it
is essential to do so. This is not an OpenSSL cipherlist; it is a simple
list separated by whitespace and/or commas. The elements are a single
cipher, or one or more "+" separated cipher properties, in which case
only ciphers matching <b>all</b> the properties are excluded. </p>

<p> Examples (some of these will cause problems): </p>

<blockquote>
<pre>
smtpd_tls_exclude_ciphers = aNULL
smtpd_tls_exclude_ciphers = MD5, DES
smtpd_tls_exclude_ciphers = DES+MD5
smtpd_tls_exclude_ciphers = AES256-SHA, DES-CBC3-MD5
smtpd_tls_exclude_ciphers = kEDH+aRSA
</pre>
</blockquote>

<p> The first setting disables anonymous ciphers. The next setting
disables ciphers that use the MD5 digest algorithm or the (single) DES
encryption algorithm. The next setting disables ciphers that use MD5 and
DES together.  The next setting disables the two ciphers "AES256-SHA"
and "DES-CBC3-MD5". The last setting disables ciphers that use "EDH"
key exchange with RSA authentication. </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM smtpd_tls_mandatory_exclude_ciphers

<p> Additional list of ciphers or cipher types to exclude from the
Postfix SMTP server cipher list at mandatory TLS security levels.
This list
works in addition to the exclusions listed with smtpd_tls_exclude_ciphers
(see there for syntax details).  </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM smtp_tls_mandatory_ciphers medium

<p> The minimum TLS cipher grade that the Postfix SMTP client will
use with
mandatory TLS encryption.  The default value "medium" is suitable
for most destinations with which you may want to enforce TLS, and
is beyond the reach of today's cryptanalytic methods. See
smtp_tls_policy_maps for information on how to configure ciphers
on a per-destination basis. </p>

<p> The following cipher grades are supported: </p>

<dl>
<dt><b>export</b></dt>
<dd> Enable "EXPORT" grade or better OpenSSL ciphers.  The underlying
cipherlist is specified via the tls_export_cipherlist configuration
parameter, which you are strongly encouraged to not change.  This
choice is insecure and SHOULD NOT be used.  </dd>

<dt><b>low</b></dt>
<dd> Enable "LOW" grade or better OpenSSL ciphers.  The underlying
cipherlist is specified via the tls_low_cipherlist configuration
parameter, which you are strongly encouraged to not change.  This
choice is insecure and SHOULD NOT be used.  </dd>

<dt><b>medium</b></dt>
<dd> Enable "MEDIUM" grade or better OpenSSL ciphers.
The underlying cipherlist is specified via the tls_medium_cipherlist
configuration parameter, which you are strongly encouraged to not change.
</dd>

<dt><b>high</b></dt>
<dd> Enable only "HIGH" grade OpenSSL ciphers.  This setting may
be appropriate when all mandatory TLS destinations (e.g. when all
mail is routed to a suitably capable relayhost) support at least one
"HIGH" grade cipher. The underlying cipherlist is specified via the
tls_high_cipherlist configuration parameter, which you are strongly
encouraged to not change. </dd>

<dt><b>null</b></dt>
<dd> Enable only the "NULL" OpenSSL ciphers, these provide authentication
without encryption.  This setting is only appropriate in the rare case
that all servers are prepared to use NULL ciphers (not normally enabled
in TLS servers). A plausible use-case is an LMTP server listening on a
UNIX-domain socket that is configured to support "NULL" ciphers. The
underlying cipherlist is specified via the tls_null_cipherlist
configuration parameter, which you are strongly encouraged to not
change. </dd>

</dl>

<p> The underlying cipherlists for grades other than "null" include
anonymous ciphers, but these are automatically filtered out if the
Postfix SMTP client is configured to verify server certificates.
You are very unlikely to need to take any steps to exclude anonymous
ciphers, they are excluded automatically as necessary.  If you must
exclude anonymous ciphers at the "may" or "encrypt" security levels,
when the Postfix SMTP client does not need or use peer certificates, set
"smtp_tls_exclude_ciphers = aNULL". To exclude anonymous ciphers only when
TLS is enforced, set "smtp_tls_mandatory_exclude_ciphers = aNULL". </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM smtp_tls_exclude_ciphers

<p> List of ciphers or cipher types to exclude from the Postfix
SMTP client cipher
list at all TLS security levels. This is not an OpenSSL cipherlist, it is
a simple list separated by whitespace and/or commas. The elements are a
single cipher, or one or more "+" separated cipher properties, in which
case only ciphers matching <b>all</b> the properties are excluded. </p>

<p> Examples (some of these will cause problems): </p>

<blockquote>
<pre>
smtp_tls_exclude_ciphers = aNULL
smtp_tls_exclude_ciphers = MD5, DES
smtp_tls_exclude_ciphers = DES+MD5
smtp_tls_exclude_ciphers = AES256-SHA, DES-CBC3-MD5
smtp_tls_exclude_ciphers = kEDH+aRSA
</pre>
</blockquote>

<p> The first setting, disables anonymous ciphers. The next setting
disables ciphers that use the MD5 digest algorithm or the (single) DES
encryption algorithm. The next setting disables ciphers that use MD5 and
DES together.  The next setting disables the two ciphers "AES256-SHA"
and "DES-CBC3-MD5". The last setting disables ciphers that use "EDH"
key exchange with RSA authentication. </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM smtp_tls_mandatory_exclude_ciphers

<p> Additional list of ciphers or cipher types to exclude from the
Postfix SMTP client cipher list at mandatory TLS security levels. This list
works in addition to the exclusions listed with smtp_tls_exclude_ciphers
(see there for syntax details).  </p>

<p> Starting with Postfix 2.6, the mandatory cipher exclusions can be
specified on a per-destination basis via the TLS policy "exclude"
attribute. See smtp_tls_policy_maps for notes and examples. </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM tls_high_cipherlist see "postconf -d" output

<p> The OpenSSL cipherlist for "high" grade ciphers. This defines
the meaning of the "high" setting in smtpd_tls_ciphers,
smtpd_tls_mandatory_ciphers, smtp_tls_ciphers, smtp_tls_mandatory_ciphers,
lmtp_tls_ciphers, and lmtp_tls_mandatory_ciphers. You are strongly
encouraged to not change this setting.  </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM tls_medium_cipherlist see "postconf -d" output

<p> The OpenSSL cipherlist for "medium" or higher grade ciphers. This
defines the meaning of the "medium" setting in smtpd_tls_ciphers,
smtpd_tls_mandatory_ciphers, smtp_tls_ciphers, smtp_tls_mandatory_ciphers,
lmtp_tls_ciphers, and lmtp_tls_mandatory_ciphers.  This is the
default cipherlist for mandatory TLS encryption in the TLS client
(with anonymous ciphers disabled when verifying server certificates).
This is the default cipherlist for opportunistic TLS with Postfix
releases after the middle of 2015.  You are strongly encouraged to
not change this setting.  </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM tls_low_cipherlist see "postconf -d" output

<p> The OpenSSL cipherlist for "low" or higher grade ciphers. This defines
the meaning of the "low" setting in smtpd_tls_ciphers,
smtpd_tls_mandatory_ciphers, smtp_tls_ciphers, smtp_tls_mandatory_ciphers,
lmtp_tls_ciphers, and lmtp_tls_mandatory_ciphers. You are strongly
encouraged to not change this setting.  </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM tls_export_cipherlist see "postconf -d" output

<p> The OpenSSL cipherlist for "export" or higher grade ciphers. This
defines the meaning of the "export" setting in smtpd_tls_ciphers,
smtpd_tls_mandatory_ciphers, smtp_tls_ciphers, smtp_tls_mandatory_ciphers,
lmtp_tls_ciphers, and lmtp_tls_mandatory_ciphers.  With Postfix
releases before the middle of 2015 this is the default cipherlist
for the opportunistic ("may") TLS client security level and also
the default cipherlist for the SMTP server. You are strongly
encouraged to not change this setting.  </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM tls_null_cipherlist eNULL:!aNULL

<p> The OpenSSL cipherlist for "NULL" grade ciphers that provide
authentication without encryption. This defines the meaning of the "null"
setting in smtpd_mandatory_tls_ciphers, smtp_tls_mandatory_ciphers and
lmtp_tls_mandatory_ciphers.  You are strongly encouraged to not
change this setting. </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM lmtp_tls_mandatory_ciphers medium

<p> The LMTP-specific version of the smtp_tls_mandatory_ciphers
configuration parameter.  See there for details. </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM lmtp_tls_exclude_ciphers

<p> The LMTP-specific version of the smtp_tls_exclude_ciphers
configuration parameter.  See there for details. </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM lmtp_tls_mandatory_exclude_ciphers

<p> The LMTP-specific version of the smtp_tls_mandatory_exclude_ciphers
configuration parameter.  See there for details. </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM smtpd_tls_security_level

<p> The SMTP TLS security level for the Postfix SMTP server; when
a non-empty value is specified, this overrides the obsolete parameters
smtpd_use_tls and smtpd_enforce_tls. This parameter is ignored with
"smtpd_tls_wrappermode = yes".  </p>

<p> Specify one of the following security levels: </p>

<dl>

<dt><b>none</b></dt> <dd> TLS will not be used. </dd>

<dt><b>may</b></dt> <dd> Opportunistic TLS: announce STARTTLS support
to remote SMTP clients, but do not require that clients use TLS encryption.
</dd>

<dt><b>encrypt</b></dt> <dd>Mandatory TLS encryption: announce
STARTTLS support to remote SMTP clients, and require that clients use TLS
encryption. According to RFC 2487 this MUST NOT be applied in case
of a publicly-referenced SMTP server. Instead, this option should
be used only on dedicated servers. </dd>

</dl>

<p> Note 1: the "fingerprint", "verify" and "secure" levels are not
supported here.
The Postfix SMTP server logs a warning and uses "encrypt" instead.
To verify remote SMTP client certificates, see TLS_README for a discussion
of the smtpd_tls_ask_ccert, smtpd_tls_req_ccert, and permit_tls_clientcerts
features.  </p>

<p> Note 2: The parameter setting "smtpd_tls_security_level =
encrypt" implies "smtpd_tls_auth_only = yes".</p>

<p> Note 3: when invoked via "sendmail -bs", Postfix will never
offer STARTTLS due to insufficient privileges to access the server
private key. This is intended behavior.</p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM internal_mail_filter_classes 

<p> What categories of Postfix-generated mail are subject to
before-queue content inspection by non_smtpd_milters, header_checks
and body_checks.  Specify zero or more of the following, separated
by whitespace or comma.  </p>

<dl>

<dt><b>bounce</b></dt> <dd> Inspect the content of delivery
status notifications. </dd>

<dt><b>notify</b></dt> <dd> Inspect the content of postmaster
notifications by the smtp(8) and smtpd(8) processes. </dd>

</dl>

<p> NOTE: It's generally not safe to enable content inspection of
Postfix-generated email messages. The user is warned. </p>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM smtpd_tls_always_issue_session_ids yes

<p> Force the Postfix SMTP server to issue a TLS session id, even
when TLS session caching is turned off (smtpd_tls_session_cache_database
is empty). This behavior is compatible with Postfix &lt; 2.3. </p>

<p> With Postfix 2.3 and later the Postfix SMTP server can disable
session id generation when TLS session caching is turned off. This
keeps remote SMTP clients from caching sessions that almost certainly cannot
be re-used.  </p>

<p> By default, the Postfix SMTP server always generates TLS session
ids. This works around a known defect in mail client applications
such as MS Outlook, and may also prevent interoperability issues
with other MTAs. </p>

<p> Example: </p>

<pre>
smtpd_tls_always_issue_session_ids = no
</pre>

<p> This feature is available in Postfix 2.3 and later. </p>

%PARAM smtp_pix_workarounds disable_esmtp, delay_dotcrlf

<p> A list that specifies zero or more workarounds for CISCO PIX
firewall bugs. These workarounds are implemented by the Postfix
SMTP client. Workaround names are separated by comma or space, and
are case insensitive.  This parameter setting can be overruled with
per-destination smtp_pix_workaround_maps settings. </p>

<dl>

<dt><b>delay_dotcrlf</b><dd> Insert a delay before sending
".&lt;CR&gt;&lt;LF&gt;" after the end of the message content.  The
delay is subject to the smtp_pix_workaround_delay_time and
smtp_pix_workaround_threshold_time parameter settings. </dd>

<dt><b>disable_esmtp</b><dd> Disable all extended SMTP commands:
send HELO instead of EHLO. </dd>

</dl>

<p> This feature is available in Postfix 2.4 and later. The default
settings are backwards compatible with earlier Postfix versions.
</p>

%PARAM smtp_pix_workaround_maps

<p> Lookup tables, indexed by the remote SMTP server address, with
per-destination workarounds for CISCO PIX firewall bugs.  The table
is not indexed by hostname for consistency with
smtp_discard_ehlo_keyword_address_maps. </p>

<p>
Specify zero or more "type:name" lookup tables, separated by
whitespace or comma. Tables will be searched in the specified order
until a match is found.
</p>

<p> This feature is available in Postfix 2.4 and later. </p>

%PARAM lmtp_pix_workarounds

<p> The LMTP-specific version of the smtp_pix_workaround
configuration parameter.  See there for details. </p>

<p> This feature is available in Postfix 2.4 and later. </p>

%PARAM smtp_tls_fingerprint_digest md5

<p> The message digest algorithm used to construct remote SMTP server
certificate fingerprints. At the "fingerprint" TLS security level
(<b>smtp_tls_security_level</b> = fingerprint), the server certificate is
verified by directly matching its certificate fingerprint or its public
key fingerprint (Postfix 2.9 and later). The fingerprint is the
message digest of the server certificate (or its public key)
using the selected
algorithm. With a digest algorithm resistant to "second pre-image"
attacks, it is not feasible to create a new public key and a matching
certificate (or public/private key-pair) that has the same fingerprint. </p>

<p> The default algorithm is <b>md5</b>; this is consistent with
the backwards compatible setting of the digest used to verify client
certificates in the SMTP server. </p>

<p> The best practice algorithm is now <b>sha1</b>. Recent advances in hash
function cryptanalysis have led to md5 being deprecated in favor of sha1.
However, as long as there are no known "second pre-image" attacks
against md5, its use in this context can still be considered safe.
</p>

<p> While additional digest algorithms are often available with OpenSSL's
libcrypto, only those used by libssl in SSL cipher suites are available to
Postfix. For now this means just md5 or sha1. </p>

<p> To find the fingerprint of a specific certificate file, with a
specific digest algorithm, run:
</p>

<blockquote>
<pre>
$ openssl x509 -noout -fingerprint -<i>digest</i> -in <i>certfile</i>.pem
</pre>
</blockquote>

<p> The text to the right of "=" sign is the desired fingerprint.
For example: </p>

<blockquote>
<pre>
$ openssl x509 -noout -fingerprint -sha1 -in cert.pem
SHA1 Fingerprint=D4:6A:AB:19:24:79:F8:32:BB:A6:CB:66:82:C0:8E:9B:EE:29:A8:1A
</pre>
</blockquote>

<p> To extract the public key fingerprint from an X.509 certificate,
you need to extract the public key from the certificate and compute
the appropriate digest of its DER (ASN.1) encoding. With OpenSSL
the "-pubkey" option of the "x509" command extracts the public
key always in "PEM" format. We pipe the result to another OpenSSL
command that converts the key to DER and then to the "dgst" command
to compute the fingerprint. </p>

<p> The actual command to transform the key to DER format depends
on the version of OpenSSL used. With OpenSSL 1.0.0 and later, the
"pkey" command supports all key types. With OpenSSL 0.9.8 and
earlier, the key type is always RSA (nobody uses DSA, and EC
keys are not fully supported by 0.9.8), so the "rsa" command is
used. </p>
<blockquote>
<pre>
# OpenSSL 1.0 with all certificates and SHA-1 fingerprints.
$ openssl x509 -in cert.pem -noout -pubkey |
    openssl pkey -pubin -outform DER |
    openssl dgst -sha1 -c
(stdin)= 64:3f:1f:f6:e5:1e:d4:2a:56:8b:fc:09:1a:61:98:b5:bc:7c:60:58
</pre>
</blockquote>

<blockquote>
<pre>
# OpenSSL 0.9.8 with RSA certificates and MD5 fingerprints.
$ openssl x509 -in cert.pem -noout -pubkey |
    openssl rsa -pubin -outform DER |
    openssl dgst -md5 -c
(stdin)= f4:62:60:f6:12:8f:d5:8d:28:4d:13:a7:db:b2:ff:50
</pre>
</blockquote>

<p> The Postfix SMTP server and client log the peer (leaf) certificate
fingerprint and public key fingerprint when the TLS loglevel is 2 or
higher. </p>

<p> <b>Note:</b> Postfix 2.9.0&ndash;2.9.5 computed the public key
fingerprint incorrectly. To use public-key fingerprints, upgrade
to Postfix 2.9.6 or later. </p>

<p> This feature is available in Postfix 2.5 and later. </p>

%PARAM smtp_tls_fingerprint_cert_match

<p> List of acceptable remote SMTP server certificate fingerprints for
the "fingerprint" TLS security level (<b>smtp_tls_security_level</b> =
fingerprint). At this security level, Certification Authorities are not
used, and certificate expiration times are ignored. Instead, server
certificates are verified directly via their certificate fingerprint
or public key fingerprint (Postfix 2.9 and later). The fingerprint
is a message digest of the server certificate (or public key). The
digest algorithm is selected via the <b>smtp_tls_fingerprint_digest</b>
parameter. </p>

<p> When an <b>smtp_tls_policy_maps</b> table entry specifies the
"fingerprint" security level, any "match" attributes in that entry specify
the list of valid fingerprints for the corresponding destination. Multiple
fingerprints can be combined with a "|" delimiter in a single match
attribute, or multiple match attributes can be employed. </p>

<p> Example: Certificate fingerprint verification with internal mailhub.
Two matching fingerprints are listed. The relayhost may be multiple
physical hosts behind a load-balancer, each with its own private/public
key and self-signed certificate. Alternatively, a single relayhost may
be in the process of switching from one set of private/public keys to
another, and both keys are trusted just prior to the transition. </p>

<blockquote>
<pre>
relayhost = [mailhub.example.com]
smtp_tls_security_level = fingerprint
smtp_tls_fingerprint_digest = md5
smtp_tls_fingerprint_cert_match =
    3D:95:34:51:24:66:33:B9:D2:40:99:C0:C1:17:0B:D1
    EC:3B:2D:B0:5B:B1:FB:6D:20:A3:9D:72:F6:8D:12:35
</pre>
</blockquote>

<p> Example: Certificate fingerprint verification with selected destinations.
As in the example above, we show two matching fingerprints: </p>

<blockquote>
<pre>
/etc/postfix/main.cf:
    smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
    smtp_tls_fingerprint_digest = md5
</pre>
</blockquote>

<blockquote>
<pre>
/etc/postfix/tls_policy:
    example.com	fingerprint
        match=3D:95:34:51:24:66:33:B9:D2:40:99:C0:C1:17:0B:D1
        match=EC:3B:2D:B0:5B:B1:FB:6D:20:A3:9D:72:F6:8D:12:35
</pre>
</blockquote>

<p> This feature is available in Postfix 2.5 and later. </p>

%PARAM lmtp_tls_fingerprint_cert_match

<p> The LMTP-specific version of the smtp_tls_fingerprint_cert_match
configuration parameter.  See there for details. </p>

<p> This feature is available in Postfix 2.5 and later. </p>

%PARAM lmtp_tls_fingerprint_digest md5

<p> The LMTP-specific version of the smtp_tls_fingerprint_digest
configuration parameter.  See there for details. </p>

<p> This feature is available in Postfix 2.5 and later. </p>

%PARAM smtpd_tls_fingerprint_digest md5

<p> The message digest algorithm to construct remote SMTP
client-certificate
fingerprints or public key fingerprints (Postfix 2.9 and later)
for <b>check_ccert_access</b> and <b>permit_tls_clientcerts</b>. The
default algorithm is <b>md5</b>, for backwards compatibility with Postfix
releases prior to 2.5.  </p>

<p> Advances in hash
function cryptanalysis have led to md5 being deprecated in favor of sha1.
However, as long as there are no known "second pre-image" attacks
against md5, its use in this context can still be considered safe.
</p>

<p> While additional digest algorithms are often available with OpenSSL's
libcrypto, only those used by libssl in SSL cipher suites are available to
Postfix. </p>

<p> To find the fingerprint of a specific certificate file, with a
specific digest algorithm, run: </p>

<blockquote>
<pre>
$ openssl x509 -noout -fingerprint -<i>digest</i> -in <i>certfile</i>.pem
</pre>
</blockquote>

<p> The text to the right of "=" sign is the desired fingerprint.
For example: </p>

<blockquote>
<pre>
$ openssl x509 -noout -fingerprint -sha1 -in cert.pem
SHA1 Fingerprint=D4:6A:AB:19:24:79:F8:32:BB:A6:CB:66:82:C0:8E:9B:EE:29:A8:1A
</pre>
</blockquote>

<p> To extract the public key fingerprint from an X.509 certificate,
you need to extract the public key from the certificate and compute
the appropriate digest of its DER (ASN.1) encoding. With OpenSSL
the "-pubkey" option of the "x509" command extracts the public
key always in "PEM" format. We pipe the result to another OpenSSL
command that converts the key to DER and then to the "dgst" command
to compute the fingerprint. </p>

<p> The actual command to transform the key to DER format depends
on the version of OpenSSL used. With OpenSSL 1.0.0 and later, the
"pkey" command supports all key types. With OpenSSL 0.9.8 and
earlier, the key type is always RSA (nobody uses DSA, and EC
keys are not fully supported by 0.9.8), so the "rsa" command is
used. </p>
<blockquote>
<pre>
# OpenSSL 1.0 with all certificates and SHA-1 fingerprints.
$ openssl x509 -in cert.pem -noout -pubkey |
    openssl pkey -pubin -outform DER |
    openssl dgst -sha1 -c
(stdin)= 64:3f:1f:f6:e5:1e:d4:2a:56:8b:fc:09:1a:61:98:b5:bc:7c:60:58
</pre>
</blockquote>

<blockquote>
<pre>
# OpenSSL 0.9.8 with RSA certificates and MD5 fingerprints.
$ openssl x509 -in cert.pem -noout -pubkey |
    openssl rsa -pubin -outform DER |
    openssl dgst -md5 -c
(stdin)= f4:62:60:f6:12:8f:d5:8d:28:4d:13:a7:db:b2:ff:50
</pre>
</blockquote>

<p> The Postfix SMTP server and client log the peer (leaf) certificate
fingerprint and public key fingerprint when the TLS loglevel is 2 or
higher. </p>

<p> <b>Note:</b> Postfix 2.9.0&ndash;2.9.5 computed the public key
fingerprint incorrectly. To use public-key fingerprints, upgrade
to Postfix 2.9.6 or later. </p>

<p> Example: client-certificate access table, with sha1 fingerprints: </p>

<blockquote>
<pre>
/etc/postfix/main.cf:
    smtpd_tls_fingerprint_digest = sha1
    smtpd_client_restrictions =
        check_ccert_access hash:/etc/postfix/access,
        reject
</pre>
<pre>
/etc/postfix/access:
    # Action folded to next line...
    AF:88:7C:AD:51:95:6F:36:96:F6:01:FB:2E:48:CD:AB:49:25:A2:3B
        OK
    85:16:78:FD:73:6E:CE:70:E0:31:5F:0D:3C:C8:6D:C4:2C:24:59:E1
        permit_auth_destination
</pre>
</blockquote>

<p> This feature is available in Postfix 2.5 and later. </p>

%PARAM lmtp_pix_workaround_maps

<p> The LMTP-specific version of the smtp_pix_workaround_maps
configuration parameter.  See there for details. </p>

<p> This feature is available in Postfix 2.4 and later. </p>

%PARAM detect_8bit_encoding_header yes

<p> Automatically detect 8BITMIME body content by looking at
Content-Transfer-Encoding: message headers; historically, this
behavior was hard-coded to be "always on".  </p>

<p> This feature is available in Postfix 2.5 and later. </p>

%PARAM send_cyrus_sasl_authzid no

<p> When authenticating to a remote SMTP or LMTP server with the
default setting "no", send no SASL authoriZation ID (authzid); send
only the SASL authentiCation ID (authcid) plus the authcid's password.
</p>

<p> The non-default setting "yes" enables the behavior of older
Postfix versions.  These always send a SASL authzid that is equal
to the SASL authcid, but this causes interoperability problems
with some SMTP servers. </p>

<p> This feature is available in Postfix 2.4.4 and later. </p>

%PARAM smtpd_client_port_logging no

<p> Enable logging of the remote SMTP client port in addition to
the hostname and IP address. The logging format is "host[address]:port".
</p>

<p> This feature is available in Postfix 2.5 and later. </p>

%PARAM qmqpd_client_port_logging no

<p> Enable logging of the remote QMQP client port in addition to
the hostname and IP address. The logging format is "host[address]:port".
</p>

<p> This feature is available in Postfix 2.5 and later. </p>

%PARAM smtp_tls_protocols !SSLv2, !SSLv3

<p> List of TLS protocols that the Postfix SMTP client will exclude or
include with opportunistic TLS encryption. The default value is
"!SSLv2, !SSLv3" for Postfix releases after the middle of 2015,
"!SSLv2" for older releases. Before Postfix 2.6, the Postfix SMTP
client would use all protocols with opportunistic TLS. </p>

<p> In main.cf the values are separated by whitespace, commas or
colons. In the policy table (see smtp_tls_policy_maps) the only valid
separator is colon. An empty value means allow all protocols. The valid
protocol names, (see <b>SSL_get_version(3)</b>), are "SSLv2", "SSLv3"
and "TLSv1". </p>

<p> The range of protocols advertised by an SSL/TLS client must be
contiguous.  When a protocol version is enabled, disabling any
higher version implicitly disables all versions above that higher
version.  Thus, for example: </p>
<blockquote>
<pre>
smtp_tls_mandatory_protocols = !SSLv2, !TLSv1
</pre>
</blockquote>
<p> also disables any protocols version higher than TLSv1 leaving
only "SSLv3" enabled.  </p>

<p> Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1"
and "TLSv1.2". The latest patch levels of Postfix &ge; 2.6, and all
versions of Postfix &ge; 2.10 can explicitly disable support for
"TLSv1.1" or "TLSv1.2"</p>

<p> To include a protocol list its name, to exclude it, prefix the name
with a "!" character. To exclude SSLv2 for opportunistic TLS set
"smtp_tls_protocols = !SSLv2". To exclude both "SSLv2" and "SSLv3" set
"smtp_tls_protocols = !SSLv2, !SSLv3". Explicitly listing the protocols to
include, rather than protocols to exclude, is supported, but not
recommended.  The exclusion form more closely matches the underlying
OpenSSL interface semantics. </p>

<p> Example: </p>
<pre>
# TLSv1 or better:
smtp_tls_protocols = !SSLv2, !SSLv3
</pre>

<p> This feature is available in Postfix 2.6 and later. </p>

%PARAM smtpd_tls_protocols !SSLv2, !SSLv3

<p> List of TLS protocols that the Postfix SMTP server will exclude
or include with opportunistic TLS encryption. The default value is
"!SSLv2, !SSLv3" for Postfix releases after the middle of 2015,
empty for older releases allowing all protocols to be
used with opportunistic TLS.  A non-empty value is a list of protocol
names separated by whitespace, commas or colons.  The supported
protocol names are "SSLv2", "SSLv3" and "TLSv1", and are not case
sensitive. </p>

<p> Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1"
and "TLSv1.2". The latest patch levels of Postfix &ge; 2.6, and all
versions of Postfix &ge; 2.10 can disable support for "TLSv1.1" or
"TLSv1.2". </p>

<p> To include a protocol list its name, to exclude it, prefix the name
with a "!" character. To exclude SSLv2 for opportunistic TLS set
"smtpd_tls_protocols = !SSLv2". To exclude both "SSLv2" and "SSLv3" set
"smtpd_tls_protocols = !SSLv2, !SSLv3". Explicitly listing the protocols to
include, rather than protocols to exclude, is supported, but not
recommended.  The exclusion form more closely matches the underlying
OpenSSL interface semantics. </p>

<p> Example: </p>
<pre>
smtpd_tls_protocols = !SSLv2, !SSLv3
</pre>

<p> This feature is available in Postfix 2.6 and later. </p>

%PARAM lmtp_tls_protocols !SSLv2, !SSLv3

<p> The LMTP-specific version of the smtp_tls_protocols configuration
parameter. See there for details. </p>

<p> This feature is available in Postfix 2.6 and later. </p>

%PARAM smtp_tls_ciphers medium

<p> The minimum TLS cipher grade that the Postfix SMTP client
will use with opportunistic TLS encryption. Cipher types listed in
smtp_tls_exclude_ciphers are excluded from the base definition of
the selected cipher grade.   The default value is "medium" for
Postfix releases after the middle of 2015, "export" for older
releases.  </p>

<p> When TLS is mandatory the cipher grade is chosen via the
smtp_tls_mandatory_ciphers configuration parameter, see there for syntax
details. See smtp_tls_policy_maps for information on how to configure
ciphers on a per-destination basis. </p>

<p> This feature is available in Postfix 2.6 and later. With earlier Postfix
releases only the smtp_tls_mandatory_ciphers parameter is implemented,
and opportunistic TLS always uses "export" or better (i.e. all) ciphers. </p>

%PARAM smtpd_tls_ciphers medium

<p> The minimum TLS cipher grade that the Postfix SMTP server
will use with opportunistic TLS encryption. Cipher types listed in
smtpd_tls_exclude_ciphers are excluded from the base definition of
the selected cipher grade.  The default value is "medium" for Postfix
releases after the middle of 2015, "export" for older releases.
</p>

<p> When TLS is mandatory the cipher grade is chosen via the
smtpd_tls_mandatory_ciphers configuration parameter, see there for syntax
details. </p>

<p> This feature is available in Postfix 2.6 and later. With earlier Postfix
releases only the smtpd_tls_mandatory_ciphers parameter is implemented,
and opportunistic TLS always uses "export" or better (i.e. all) ciphers. </p>

%PARAM lmtp_tls_ciphers medium

<p> The LMTP-specific version of the smtp_tls_ciphers configuration
parameter. See there for details. </p>

<p> This feature is available in Postfix 2.6 and later. </p>

%PARAM tls_eecdh_strong_curve prime256v1

<p> The elliptic curve used by the Postfix SMTP server for sensibly
strong
ephemeral ECDH key exchange. This curve is used by the Postfix SMTP
server when "smtpd_tls_eecdh_grade = strong". The phrase "sensibly
strong" means approximately 128-bit security based on best known
attacks. The selected curve must be implemented by OpenSSL (as
reported by ecparam(1) with the "-list_curves" option) and be one
of the curves listed in Section 5.1.1 of RFC 4492. You should not
generally change this setting.  Remote SMTP client implementations
must support this curve for EECDH key exchange to take place.  It
is unwise to choose an "exotic" curve supported by only a small subset
of clients.  </p>

<p> The default "strong" curve is rated in NSA <a
href="http://www.nsa.gov/ia/programs/suiteb_cryptography/">Suite
B</a> for information classified up to SECRET.  </p>

<p> Note: elliptic curve names are poorly standardized; different
standards groups are assigning different names to the same underlying
curves.  The curve with the X9.62 name "prime256v1" is also known
under the SECG name "secp256r1", but OpenSSL does not recognize the
latter name. </p>

<p> If you want to take maximal advantage of ciphers that offer <a
href="FORWARD_SECRECY_README.html#dfn_fs">forward secrecy</a> see
the <a href="FORWARD_SECRECY_README.html#quick-start">Getting
started</a> section of <a
href="FORWARD_SECRECY_README.html">FORWARD_SECRECY_README</a>.  The
full document conveniently presents all information about Postfix
"perfect" forward secrecy support in one place: what forward secrecy
is, how to tweak settings, and what you can expect to see when
Postfix uses ciphers with forward secrecy.  </p>

<p> This feature is available in Postfix 2.6 and later, when it is
compiled and linked with OpenSSL 1.0.0 or later on platforms where
EC algorithms have not been disabled by the vendor. </p>

%PARAM tls_eecdh_ultra_curve secp384r1

<p> The elliptic curve used by the Postfix SMTP server for maximally
strong
ephemeral ECDH key exchange. This curve is used by the Postfix SMTP
server when "smtpd_tls_eecdh_grade = ultra". The phrase "maximally
strong" means approximately 192-bit security based on best known attacks.
This additional strength comes at a significant computational cost, most
users should instead set "smtpd_tls_eecdh_grade = strong".  The selected
curve must be implemented by OpenSSL (as reported by ecparam(1) with the
"-list_curves" option) and be one of the curves listed in Section 5.1.1
of RFC 4492. You should not generally change this setting. </p>

<p> This default "ultra" curve is rated in NSA <a
href="http://www.nsa.gov/ia/programs/suiteb_cryptography/">Suite
B</a> for information classified up to TOP SECRET. </p>

<p> If you want to take maximal advantage of ciphers that offer <a
href="FORWARD_SECRECY_README.html#dfn_fs">forward secrecy</a> see
the <a href="FORWARD_SECRECY_README.html#quick-start">Getting
started</a> section of <a
href="FORWARD_SECRECY_README.html">FORWARD_SECRECY_README</a>.  The
full document conveniently presents all information about Postfix
"perfect" forward secrecy support in one place: what forward secrecy
is, how to tweak settings, and what you can expect to see when
Postfix uses ciphers with forward secrecy.  </p>

<p> This feature is available in Postfix 2.6 and later, when it is
compiled and linked with OpenSSL 1.0.0 or later on platforms where
EC algorithms have not been disabled by the vendor. </p>

%PARAM smtpd_tls_eecdh_grade see "postconf -d" output

<p> The Postfix SMTP server security grade for ephemeral elliptic-curve
Diffie-Hellman (EECDH) key exchange. </p>

<p> The available choices are: </p>

<dl>

<dt><b>none</b></dt> <dd> Don't use EECDH. Ciphers based on EECDH key
exchange will be disabled. This is the default in Postfix versions
2.6 and 2.7. </dd>

<dt><b>strong</b></dt> <dd> Use EECDH with approximately 128
bits of security at a reasonable computational cost. This is the
current best-practice trade-off between security and computational
efficiency. This is the default in Postfix version 2.8 and later.
</dd>

<dt><b>ultra</b></dt> <dd> Use EECDH with approximately 192 bits of
security at computational cost that is approximately twice as high
as 128 bit strength ECC. Barring significant progress in attacks on
elliptic curve crypto-systems, the "strong" curve is sufficient for most
users. </dd>

</dl>

<p> If you want to take maximal advantage of ciphers that offer <a
href="FORWARD_SECRECY_README.html#dfn_fs">forward secrecy</a> see
the <a href="FORWARD_SECRECY_README.html#quick-start">Getting
started</a> section of <a
href="FORWARD_SECRECY_README.html">FORWARD_SECRECY_README</a>.  The
full document conveniently presents all information about Postfix
"perfect" forward secrecy support in one place: what forward secrecy
is, how to tweak settings, and what you can expect to see when
Postfix uses ciphers with forward secrecy.  </p>

<p> This feature is available in Postfix 2.6 and later, when it is
compiled and linked with OpenSSL 1.0.0 or later on platforms
where EC algorithms have not been disabled by the vendor. </p>

%PARAM smtpd_tls_eccert_file

<p> File with the Postfix SMTP server ECDSA certificate in PEM format.
This file may also contain the Postfix SMTP server private ECDSA key. </p>

<p> See the discussion under smtpd_tls_cert_file for more details. </p>

<p> Example: </p>

<pre>
smtpd_tls_eccert_file = /etc/postfix/ecdsa-scert.pem
</pre>

<p> This feature is available in Postfix 2.6 and later, when Postfix is
compiled and linked with OpenSSL 1.0.0 or later. </p>

%PARAM smtpd_tls_eckey_file $smtpd_tls_eccert_file

<p> File with the Postfix SMTP server ECDSA private key in PEM format.
This file may be combined with the Postfix SMTP server ECDSA certificate
file specified with $smtpd_tls_eccert_file. </p>

<p> The private key must be accessible without a pass-phrase, i.e. it
must not be encrypted. File permissions should grant read-only
access to the system superuser account ("root"), and no access
to anyone else. </p>

<p> This feature is available in Postfix 2.6 and later, when Postfix is
compiled and linked with OpenSSL 1.0.0 or later. </p>

%PARAM smtp_tls_eccert_file

<p> File with the Postfix SMTP client ECDSA certificate in PEM format.
This file may also contain the Postfix SMTP client ECDSA private key. </p>

<p> See the discussion under smtp_tls_cert_file for more details.
</p>

<p> Example: </p>

<pre>
smtp_tls_eccert_file = /etc/postfix/ecdsa-ccert.pem
</pre>

<p> This feature is available in Postfix 2.6 and later, when Postfix is
compiled and linked with OpenSSL 1.0.0 or later. </p>

%PARAM smtp_tls_eckey_file $smtp_tls_eccert_file

<p> File with the Postfix SMTP client ECDSA private key in PEM format.
This file may be combined with the Postfix SMTP client ECDSA
certificate file specified with $smtp_tls_eccert_file. </p>

<p> The private key must be accessible without a pass-phrase, i.e. it
must not be encrypted. File permissions should grant read-only
access to the system superuser account ("root"), and no access
to anyone else. </p>

<p> This feature is available in Postfix 2.6 and later, when Postfix is
compiled and linked with OpenSSL 1.0.0 or later. </p>

%PARAM lmtp_tls_eccert_file

<p> The LMTP-specific version of the smtp_tls_eccert_file configuration
parameter.  See there for details. </p>

<p> This feature is available in Postfix 2.6 and later, when Postfix is
compiled and linked with OpenSSL 1.0.0 or later. </p>

%PARAM lmtp_tls_eckey_file

<p> The LMTP-specific version of the smtp_tls_eckey_file configuration
parameter.  See there for details. </p>

<p> This feature is available in Postfix 2.6 and later, when Postfix is
compiled and linked with OpenSSL 1.0.0 or later. </p>

%PARAM smtp_header_checks

<p> Restricted header_checks(5) tables for the Postfix SMTP client.
These tables are searched while mail is being delivered.  Actions
that change the delivery time or destination are not available.
</p>

<p> This feature is available in Postfix 2.5 and later. </p>

%PARAM smtp_mime_header_checks

<p> Restricted mime_header_checks(5) tables for the Postfix SMTP
client. These tables are searched while mail is being delivered.
Actions that change the delivery time or destination are not
available.  </p>

<p> This feature is available in Postfix 2.5 and later. </p>

%PARAM smtp_nested_header_checks

<p> Restricted nested_header_checks(5) tables for the Postfix SMTP
client. These tables are searched while mail is being delivered.
Actions that change the delivery time or destination are not
available.  </p>

<p> This feature is available in Postfix 2.5 and later. </p>

%PARAM smtp_body_checks

<p> Restricted body_checks(5) tables for the Postfix SMTP client.
These tables are searched while mail is being delivered.  Actions
that change the delivery time or destination are not available.
</p>

<p> This feature is available in Postfix 2.5 and later. </p>

%PARAM destination_concurrency_feedback_debug no

<p> Make the queue manager's feedback algorithm verbose for performance
analysis purposes. </p>

<p> This feature is available in Postfix 2.5 and later. </p>

%PARAM default_destination_concurrency_failed_cohort_limit 1

<p> How many pseudo-cohorts must suffer connection or handshake
failure before a specific destination is considered unavailable
(and further delivery is suspended). Specify zero to disable this
feature. A destination's pseudo-cohort failure count is reset each
time a delivery completes without connection or handshake failure
for that specific destination. </p>

<p> A pseudo-cohort is the number of deliveries equal to a destination's
delivery concurrency. </p>

<p> Use <i>transport</i>_destination_concurrency_failed_cohort_limit to specify
a transport-specific override, where <i>transport</i> is the master.cf
name of the message delivery transport. </p>

<p> This feature is available in Postfix 2.5. The default setting
is compatible with earlier Postfix versions. </p>

%PARAM default_destination_concurrency_negative_feedback 1

<p> The per-destination amount of delivery concurrency negative
feedback, after a delivery completes with a connection or handshake
failure. Feedback values are in the range 0..1 inclusive. With
negative feedback, concurrency is decremented at the beginning of
a sequence of length 1/feedback. This is unlike positive feedback,
where concurrency is incremented at the end of a sequence of length
1/feedback. </p>

<p> As of Postfix version 2.5, negative feedback cannot reduce
delivery concurrency to zero.  Instead, a destination is marked
dead (further delivery suspended) after the failed pseudo-cohort
count reaches $default_destination_concurrency_failed_cohort_limit
(or $<i>transport</i>_destination_concurrency_failed_cohort_limit).
To make the scheduler completely immune to connection or handshake
failures, specify a zero feedback value and a zero failed pseudo-cohort
limit.  </p>

<p> Specify one of the following forms: </p>

<dl>

<dt> <b><i>number</i> </b> </dt>

<dt> <b><i>number</i> / <i>number</i> </b> </dt>

<dd> Constant feedback. The value must be in the range 0..1 inclusive.
The default setting of "1" is compatible with Postfix versions
before 2.5, where a destination's delivery concurrency is throttled
down to zero (and further delivery suspended) after a single failed
pseudo-cohort. </dd>

<dt> <b><i>number</i> / concurrency </b> </dt>

<dd> Variable feedback of "<i>number</i> / (delivery concurrency)".
The <i>number</i> must be in the range 0..1 inclusive. With
<i>number</i> equal to "1", a destination's delivery concurrency
is decremented by 1 after each failed pseudo-cohort.  </dd>

<!--

<dt> <b><i>number</i> / sqrt_concurrency </b> </dt>

<dd> Variable feedback of "<i>number</i> / sqrt(delivery concurrency)".
The <i>number</i> must be in the range 0..1 inclusive. This setting
may be removed in a future version.  </dd>

-->

</dl>

<p> A pseudo-cohort is the number of deliveries equal to a destination's
delivery concurrency. </p>

<p> Use <i>transport</i>_destination_concurrency_negative_feedback
to specify a transport-specific override, where <i>transport</i>
is the master.cf
name of the message delivery transport. </p>

<p> This feature is available in Postfix 2.5. The default setting
is compatible with earlier Postfix versions. </p>

%PARAM default_destination_concurrency_positive_feedback 1

<p> The per-destination amount of delivery concurrency positive
feedback, after a delivery completes without connection or handshake
failure. Feedback values are in the range 0..1 inclusive.  The
concurrency increases until it reaches the per-destination maximal
concurrency limit. With positive feedback, concurrency is incremented
at the end of a sequence with length 1/feedback. This is unlike
negative feedback, where concurrency is decremented at the start
of a sequence of length 1/feedback. </p>

<p> Specify one of the following forms:  </p>

<dl>

<dt> <b><i>number</i> </b> </dt>

<dt> <b><i>number</i> / <i>number</i> </b> </dt>

<dd> Constant feedback.  The value must be in the range 0..1
inclusive. The default setting of "1" is compatible with Postfix
versions before 2.5, where a destination's delivery concurrency
doubles after each successful pseudo-cohort.  </dd>

<dt> <b><i>number</i> / concurrency </b> </dt>

<dd> Variable feedback of "<i>number</i> / (delivery concurrency)".
The <i>number</i> must be in the range 0..1 inclusive. With
<i>number</i> equal to "1", a destination's delivery concurrency
is incremented by 1 after each successful pseudo-cohort.  </dd>

<!--

<dt> <b><i>number</i> / sqrt_concurrency </b> </dt>

<dd> Variable feedback of "<i>number</i> / sqrt(delivery concurrency)".
The <i>number</i> must be in the range 0..1 inclusive. This setting
may be removed in a future version.  </dd>

-->

</dl>

<p> A pseudo-cohort is the number of deliveries equal to a destination's
delivery concurrency. </p>

<p> Use <i>transport</i>_destination_concurrency_positive_feedback
to specify a transport-specific override, where <i>transport</i>
is the master.cf name of the message delivery transport. </p>

<p> This feature is available in Postfix 2.5 and later.  </p>

%PARAM transport_destination_concurrency_failed_cohort_limit $default_destination_concurrency_failed_cohort_limit

<p> A transport-specific override for the
default_destination_concurrency_failed_cohort_limit parameter value,
where <i>transport</i> is the master.cf name of the message delivery
transport. </p>

<p> Note: some <i>transport</i>_destination_concurrency_failed_cohort_limit
parameters will not show up in "postconf" command output before
Postfix version 2.9.  This limitation applies to many parameters
whose name is a combination of a master.cf service name and a
built-in suffix (in this case:
"_destination_concurrency_failed_cohort_limit"). </p>

<p> This feature is available in Postfix 2.5 and later. </p>

%PARAM transport_destination_concurrency_positive_feedback $default_destination_concurrency_positive_feedback

<p> A transport-specific override for the
default_destination_concurrency_positive_feedback parameter value,
where <i>transport</i> is the master.cf name of the message delivery
transport. </p>

<p> Note: some <i>transport</i>_destination_concurrency_positive_feedback
parameters will not show up in "postconf" command output before
Postfix version 2.9.  This limitation applies to many parameters
whose name is a combination of a master.cf service name and a
built-in suffix (in this case:
"_destination_concurrency_positive_feedback"). </p>

<p> This feature is available in Postfix 2.5 and later. </p>

%PARAM transport_destination_concurrency_negative_feedback $default_destination_concurrency_negative_feedback

<p> A transport-specific override for the
default_destination_concurrency_negative_feedback parameter value,
where <i>transport</i> is the master.cf name of the message delivery
transport. </p>

<p> Note: some <i>transport</i>_destination_concurrency_negative_feedback
parameters will not show up in "postconf" command output before
Postfix version 2.9.  This limitation applies to many parameters
whose name is a combination of a master.cf service name and a
built-in suffix (in this case:
"_destination_concurrency_negative_feedback"). </p>

<p> This feature is available in Postfix 2.5 and later. </p>

%PARAM transport_initial_destination_concurrency $initial_destination_concurrency

<p> A transport-specific override for the initial_destination_concurrency
parameter value, where <i>transport</i> is the master.cf name of
the message delivery transport. </p>

<p> Note: some <i>transport</i>_initial_destination_concurrency
parameters will not show up in "postconf" command output before
Postfix version 2.9.  This limitation applies to many parameters
whose name is a combination of a master.cf service name and a
built-in suffix (in this case: "_initial_destination_concurrency").
</p>

<p> This feature is available in Postfix 2.5 and later. </p>

%PARAM transport_destination_concurrency_limit $default_destination_concurrency_limit

<p> A transport-specific override for the
default_destination_concurrency_limit parameter value, where
<i>transport</i> is the master.cf name of the message delivery
transport. </p>

<p> Note: some <i>transport</i>_destination_concurrency_limit
parameters will not show up in "postconf" command output before
Postfix version 2.9.  This limitation applies to many parameters
whose name is a combination of a master.cf service name and a
built-in suffix (in this case: "_destination_concurrency_limit").
</p>

%PARAM transport_destination_recipient_limit $default_destination_recipient_limit

<p> A transport-specific override for the
default_destination_recipient_limit parameter value, where
<i>transport</i> is the master.cf name of the message delivery
transport. </p>

<p> Note: some <i>transport</i>_destination_recipient_limit parameters
will not show up in "postconf" command output before Postfix version
2.9.  This limitation applies to many parameters whose name is a
combination of a master.cf service name and a built-in suffix (in
this case: "_destination_recipient_limit"). </p>

%PARAM transport_time_limit $command_time_limit

<p> A transport-specific override for the command_time_limit parameter
value, where <i>transport</i> is the master.cf name of the message
delivery transport. </p>

<p> Note: <i>transport</i>_time_limit parameters will not show up
in "postconf" command output before Postfix version 2.9.  This
limitation applies to many parameters whose name is a combination
of a master.cf service name and a built-in suffix (in this case:
"_time_limit"). </p>

%PARAM transport_delivery_slot_cost $default_delivery_slot_cost

<p> A transport-specific override for the default_delivery_slot_cost
parameter value, where <i>transport</i> is the master.cf name of
the message delivery transport. </p>

<p> Note: <i>transport</i>_delivery_slot_cost parameters will not
show up in "postconf" command output before Postfix version 2.9.
This limitation applies to many parameters whose name is a combination
of a master.cf service name and a built-in suffix (in this case:
"_delivery_slot_cost"). </p>

%PARAM transport_delivery_slot_loan $default_delivery_slot_loan

<p> A transport-specific override for the default_delivery_slot_loan
parameter value, where <i>transport</i> is the master.cf name of  
the message delivery transport. </p>

<p> Note: <i>transport</i>_delivery_slot_loan parameters will not
show up in "postconf" command output before Postfix version 2.9.
This limitation applies to many parameters whose name is a combination
of a master.cf service name and a built-in suffix (in this case:
"_delivery_slot_loan"). </p>

%PARAM transport_delivery_slot_discount $default_delivery_slot_discount

<p> A transport-specific override for the default_delivery_slot_discount
parameter value, where <i>transport</i> is the master.cf name of
the message delivery transport. </p>

<p> Note: <i>transport</i>_delivery_slot_discount parameters will
not show up in "postconf" command output before Postfix version
2.9.  This limitation applies to many parameters whose name is a
combination of a master.cf service name and a built-in suffix (in
this case: "_delivery_slot_discount"). </p>

%PARAM transport_minimum_delivery_slots $default_minimum_delivery_slots

<p> A transport-specific override for the default_minimum_delivery_slots
parameter value, where <i>transport</i> is the master.cf name of
the message delivery transport. </p>

<p> Note: <i>transport</i>_minimum_delivery_slots parameters will
not show up in "postconf" command output before Postfix version
2.9.  This limitation applies to many parameters whose name is a
combination of a master.cf service name and a built-in suffix (in
this case: "_minimum_delivery_slots"). </p>

%PARAM transport_recipient_limit $default_recipient_limit

<p> A transport-specific override for the default_recipient_limit
parameter value, where <i>transport</i> is the master.cf name of
the message delivery transport. </p>

<p> Note: some <i>transport</i>_recipient_limit parameters will not
show up in "postconf" command output before Postfix version 2.9.
This limitation applies to many parameters whose name is a combination
of a master.cf service name and a built-in suffix (in this case:
"_recipient_limit"). </p>

%PARAM transport_extra_recipient_limit $default_extra_recipient_limit

<p> A transport-specific override for the default_extra_recipient_limit
parameter value, where <i>transport</i> is the master.cf name of
the message delivery transport. </p>

<p> Note: <i>transport</i>_extra_recipient_limit parameters will
not show up in "postconf" command output before Postfix version
2.9.  This limitation applies to many parameters whose name is a
combination of a master.cf service name and a built-in suffix (in
this case: "_extra_recipient_limit").  </p>

%PARAM transport_recipient_refill_limit $default_recipient_refill_limit

<p> A transport-specific override for the default_recipient_refill_limit
parameter value, where <i>transport</i> is the master.cf name of
the message delivery transport. </p>

<p> Note: <i>transport</i>_recipient_refill_limit parameters will
not show up in "postconf" command output before Postfix version
2.9.  This limitation applies to many parameters whose name is a
combination of a master.cf service name and a built-in suffix (in
this case: "_recipient_refill_limit").  </p>

<p> This feature is available in Postfix 2.4 and later. </p>

%PARAM transport_recipient_refill_delay $default_recipient_refill_delay

<p> A transport-specific override for the default_recipient_refill_delay
parameter value, where <i>transport</i> is the master.cf name of
the message delivery transport. </p>

<p> Note: <i>transport</i>_recipient_refill_delay parameters will
not show up in "postconf" command output before Postfix version
2.9.  This limitation applies to many parameters whose name is a
combination of a master.cf service name and a built-in suffix (in
this case: "_recipient_refill_delay").  </p>

<p> This feature is available in Postfix 2.4 and later. </p>

%PARAM default_transport_rate_delay 0s

<p> The default amount of delay that is inserted between individual
deliveries over the same message delivery transport, regardless of
destination. If non-zero, all deliveries over the same message
delivery transport will happen one at a time. </p>

<p>Use <i>transport</i>_transport_rate_delay to specify a
transport-specific override, where the initial <i>transport</i> is
the master.cf name of the message delivery transport. </p>

<p> Example: throttle outbound SMTP mail to at most 3 deliveries
per minute. </p>

<pre>
/etc/postfix/main.cf:
    smtp_transport_rate_delay = 20s
</pre>

<p> To enable the delay, specify a non-zero time value (an integral
value plus an optional one-letter suffix that specifies the time
unit). </p>
 
<p> Time units: s (seconds), m (minutes), h (hours), d (days), w
(weeks). The default time unit is s (seconds). </p>

<p> NOTE: the delay is enforced by the queue manager. </p>

<p> This feature is available in Postfix 3.1 and later. </p>

%PARAM transport_transport_rate_delay $default_transport_rate_delay

<p> A transport-specific override for the default_transport_rate_delay
parameter value, where the initial <i>transport</i> in the parameter
name is the master.cf name of the message delivery transport. </p>

%PARAM default_destination_rate_delay 0s

<p> The default amount of delay that is inserted between individual
deliveries to the same destination; the resulting behavior depends
on the value of the corresponding per-destination recipient limit.
</p>

<ul>

<li> <p> With a corresponding per-destination recipient limit &gt;
1, the rate delay specifies the time between deliveries to the
<i>same domain</i>.  Different domains are delivered in parallel,
subject to the process limits specified in master.cf. </p>

<li> <p> With a corresponding per-destination recipient limit equal
to 1, the rate delay specifies the time between deliveries to the
<i>same recipient</i>. Different recipients are delivered in
parallel, subject to the process limits specified in master.cf.
</p>

</ul>

<p> To enable the delay, specify a non-zero time value (an integral
value plus an optional one-letter suffix that specifies the time
unit). </p>

<p> Time units: s (seconds), m (minutes), h (hours), d (days), w
(weeks). The default time unit is s (seconds). </p>

<p> NOTE: the delay is enforced by the queue manager. The delay
timer state does not survive "<b>postfix reload</b>" or "<b>postfix
stop</b>".
</p>

<p> Use <i>transport</i>_destination_rate_delay to specify a
transport-specific override, where <i>transport</i> is the master.cf
name of the message delivery transport.
</p>

<p> NOTE: with a non-zero _destination_rate_delay, specify a
<i>transport</i>_destination_concurrency_failed_cohort_limit of 10
or more to prevent Postfix from deferring all mail for the same
destination after only one connection or handshake error. </p>

<p> This feature is available in Postfix 2.5 and later. </p>

%PARAM transport_destination_rate_delay $default_destination_rate_delay

<p> A transport-specific override for the default_destination_rate_delay
parameter value, where <i>transport</i> is the master.cf name of
the message delivery transport. </p>

<p> Note: some <i>transport</i>_destination_rate_delay parameters
will not show up in "postconf" command output before Postfix version
2.9.  This limitation applies to many parameters whose name is a
combination of a master.cf service name and a built-in suffix (in
this case: "_destination_rate_delay"). </p>

<p> This feature is available in Postfix 2.5 and later. </p>

%PARAM data_directory see "postconf -d" output

<p> The directory with Postfix-writable data files (for example:
caches, pseudo-random numbers).  This directory must be owned by
the mail_owner account, and must not be shared with non-Postfix
software.  </p>

<p> This feature is available in Postfix 2.5 and later. </p>

%PARAM stress

<p> This feature is documented in the STRESS_README document. </p>

<p> This feature is available in Postfix 2.5 and later. </p>

%PARAM smtp_sasl_auth_soft_bounce yes

<p> When a remote SMTP server rejects a SASL authentication request
with a 535 reply code, defer mail delivery instead of returning
mail as undeliverable. The latter behavior was hard-coded prior to
Postfix version 2.5. </p>

<p> Note: the setting "yes" overrides the global soft_bounce
parameter, but the setting "no" does not. </p>

<p> Example: </p>

<pre>
# Default as of Postfix 2.5
smtp_sasl_auth_soft_bounce = yes
# The old hard-coded default
smtp_sasl_auth_soft_bounce = no
</pre>

<p> This feature is available in Postfix 2.5 and later. </p>

%PARAM smtp_sasl_auth_cache_name

<p> An optional table to prevent repeated SASL authentication
failures with the same remote SMTP server hostname, username and
password. Each table (key, value) pair contains a server name, a
username and password, and the full server response. This information
is stored when a remote SMTP server rejects an authentication attempt
with a 535 reply code.  As long as the smtp_sasl_password_maps
information does no change, and as long as the smtp_sasl_auth_cache_name
information does not expire (see smtp_sasl_auth_cache_time) the
Postfix SMTP client avoids SASL authentication attempts with the
same server, username and password, and instead bounces or defers
mail as controlled with the smtp_sasl_auth_soft_bounce configuration
parameter.  </p>

<p> Use a per-destination delivery concurrency of 1 (for example,
"smtp_destination_concurrency_limit = 1",
"relay_destination_concurrency_limit = 1", etc.), otherwise multiple
delivery agents may experience a login failure at the same time.
</p>

<p> The table must be accessed via the proxywrite service, i.e. the
map name must start with "proxy:". The table should be stored under
the directory specified with the data_directory parameter. </p>

<p> This feature uses cryptographic hashing to protect plain-text
passwords, and requires that Postfix is compiled with TLS support.
</p>

<p> Example: </p>

<pre>
smtp_sasl_auth_cache_name = proxy:btree:/var/db/postfix/sasl_auth_cache
</pre>

<p> This feature is available in Postfix 2.5 and later. </p>

%PARAM smtp_sasl_auth_cache_time 90d

<p> The maximal age of an smtp_sasl_auth_cache_name entry before it
is removed. </p>

<p> This feature is available in Postfix 2.5 and later. </p>

%PARAM lmtp_sasl_auth_soft_bounce yes

<p> The LMTP-specific version of the smtp_sasl_auth_soft_bounce
configuration parameter.  See there for details. </p>

<p> This feature is available in Postfix 2.5 and later. </p>

%PARAM lmtp_sasl_auth_cache_name

<p> The LMTP-specific version of the smtp_sasl_auth_cache_name
configuration parameter.  See there for details. </p>

<p> This feature is available in Postfix 2.5 and later. </p>

%PARAM lmtp_sasl_auth_cache_time 90d

<p> The LMTP-specific version of the smtp_sasl_auth_cache_time
configuration parameter.  See there for details. </p>

<p> This feature is available in Postfix 2.5 and later. </p>

%PARAM unverified_sender_reject_reason

<p> The Postfix SMTP server's reply when rejecting mail with
reject_unverified_sender. Do not include the numeric SMTP reply
code or the enhanced status code. By default, the response includes
actual address verification details.

<p> Example: </p>

<pre>
unverified_sender_reject_reason = Sender address lookup failed
</pre>

<p> This feature is available in Postfix 2.6 and later. </p>

%PARAM unverified_recipient_reject_reason

<p> The Postfix SMTP server's reply when rejecting mail with
reject_unverified_recipient. Do not include the numeric SMTP reply
code or the enhanced status code. By default, the response includes
actual address verification details.

<p> Example: </p>

<pre>
unverified_recipient_reject_reason = Recipient address lookup failed
</pre>

<p> This feature is available in Postfix 2.6 and later. </p>

%PARAM strict_mailbox_ownership yes

<p> Defer delivery when a mailbox file is not owned by its recipient.
The default setting is not backwards compatible.  </p>
    
<p> This feature is available in Postfix 2.5.3 and later. </p>

%PARAM proxymap_service_name proxymap

<p> The name of the proxymap read-only table lookup service.  This
service is normally implemented by the proxymap(8) daemon. </p>

<p> This feature is available in Postfix 2.6 and later. </p>

%PARAM proxywrite_service_name proxywrite

<p> The name of the proxywrite read-write table lookup service.
This service is normally implemented by the proxymap(8) daemon.
</p>

<p> This feature is available in Postfix 2.6 and later. </p>

%PARAM master_service_disable 

<p> Selectively disable master(8) listener ports by service type
or by service name and type.  Specify a list of service types
("inet", "unix", "fifo", or "pass") or "name/type" tuples, where
"name" is the first field of a master.cf entry and "type" is a
service type. As with other Postfix matchlists, a search stops at
the first match.  Specify "!pattern" to exclude a service from the
list. By default, all master(8) listener ports are enabled.  </p>

<p> Note: this feature does not support "/file/name" or "type:table"
patterns, nor does it support wildcards such as "*" or "all". This
is intentional. </p>

<p> Examples: </p>

<pre>
# With Postfix 2.6..2.10 use '.' instead of '/'.
# Turn on all master(8) listener ports (the default).
master_service_disable =
# Turn off only the main SMTP listener port.
master_service_disable = smtp/inet
# Turn off all TCP/IP listener ports.
master_service_disable = inet
# Turn off all TCP/IP listener ports except "foo".
master_service_disable = !foo/inet, inet
</pre>

<p> This feature is available in Postfix 2.6 and later. </p>

%PARAM tcp_windowsize 0

<p> An optional workaround for routers that break TCP window scaling.
Specify a value &gt; 0 and &lt; 65536 to enable this feature.  With
Postfix TCP servers (smtpd(8), qmqpd(8)), this feature is implemented
by the Postfix master(8) daemon.  </p>

<p> To change this parameter without stopping Postfix, you need to
first terminate all Postfix TCP servers: </p>

<blockquote>
<pre>
# postconf -e master_service_disable=inet
# postfix reload
</pre>
</blockquote>

<p> This immediately terminates all processes that accept network
connections.  Next, you enable Postfix TCP servers with the updated
tcp_windowsize setting: </p>

<blockquote>
<pre>
# postconf -e tcp_windowsize=65535 master_service_disable=
# postfix reload
</pre>
</blockquote>

<p> If you skip these steps with a running Postfix system, then the
tcp_windowsize change will work only for Postfix TCP clients (smtp(8),
lmtp(8)).  </p>

<p> This feature is available in Postfix 2.6 and later. </p>

%PARAM multi_instance_directories

<p> An optional list of non-default Postfix configuration directories;
these directories belong to additional Postfix instances that share
the Postfix executable files and documentation with the default
Postfix instance, and that are started, stopped, etc., together
with the default Postfix instance.  Specify a list of pathnames
separated by comma or whitespace.  </p>

<p> When $multi_instance_directories is empty, the postfix(1) command
runs in single-instance mode and operates on a single Postfix
instance only. Otherwise, the postfix(1) command runs in multi-instance
mode and invokes the multi-instance manager specified with the
multi_instance_wrapper parameter. The multi-instance manager in
turn executes postfix(1) commands for the default instance and for
all Postfix instances in $multi_instance_directories.  </p>

<p> Currently, this parameter setting is ignored except for the
default main.cf file. </p>

<p> This feature is available in Postfix 2.6 and later. </p>

%PARAM multi_instance_wrapper

<p> The pathname of a multi-instance manager command that the
postfix(1) command invokes when the multi_instance_directories
parameter value is non-empty. The pathname may be followed by
initial command arguments separated by whitespace; shell
metacharacters such as quotes are not supported in this context.
</p>

<p> The postfix(1) command invokes the manager command with the
postfix(1) non-option command arguments on the manager command line,
and with all installation configuration parameters exported into
the manager command process environment. The manager command in
turn invokes the postfix(1) command for individual Postfix instances
as "postfix -c <i>config_directory</i> <i>command</i>".  </p>

<p> This feature is available in Postfix 2.6 and later. </p>

%PARAM multi_instance_group

<p> The optional instance group name of this Postfix instance. A
group identifies closely-related Postfix instances that the
multi-instance manager can start, stop, etc., as a unit.  This
parameter is reserved for the multi-instance manager. </p>

<p> This feature is available in Postfix 2.6 and later. </p>

%PARAM multi_instance_name

<p> The optional instance name of this Postfix instance. This name
becomes also the default value for the syslog_name parameter. </p>

<p> This feature is available in Postfix 2.6 and later. </p>

%PARAM multi_instance_enable no

<p> Allow this Postfix instance to be started, stopped, etc., by a
multi-instance manager.  By default, new instances are created in
a safe state that prevents them from being started inadvertently.
This parameter is reserved for the multi-instance manager.  </p>

<p> This feature is available in Postfix 2.6 and later. </p>

%PARAM reject_tempfail_action defer_if_permit

<p> The Postfix SMTP server's action when a reject-type restriction
fails due to a temporary error condition. Specify "defer" to defer
the remote SMTP client request immediately. With the default
"defer_if_permit" action, the Postfix SMTP server continues to look
for opportunities to reject mail, and defers the client request
only if it would otherwise be accepted. </p>

<p> For finer control, see: unverified_recipient_tempfail_action,
unverified_sender_tempfail_action, unknown_address_tempfail_action,
and unknown_helo_hostname_tempfail_action.  </p>

<p> This feature is available in Postfix 2.6 and later. </p>

%PARAM unverified_recipient_tempfail_action $reject_tempfail_action

<p> The Postfix SMTP server's action when reject_unverified_recipient
fails due to a temporary error condition. Specify "defer" to defer
the remote SMTP client request immediately. With the default
"defer_if_permit" action, the Postfix SMTP server continues to look
for opportunities to reject mail, and defers the client request
only if it would otherwise be accepted. </p>

<p> This feature is available in Postfix 2.6 and later. </p>

%PARAM unverified_sender_tempfail_action $reject_tempfail_action

<p> The Postfix SMTP server's action when reject_unverified_sender
fails due to a temporary error condition. Specify "defer" to defer
the remote SMTP client request immediately. With the default
"defer_if_permit" action, the Postfix SMTP server continues to look
for opportunities to reject mail, and defers the client request
only if it would otherwise be accepted. </p>

<p> This feature is available in Postfix 2.6 and later. </p>

%PARAM unknown_address_tempfail_action $reject_tempfail_action

<p> The Postfix SMTP server's action when reject_unknown_sender_domain
or reject_unknown_recipient_domain fail due to a temporary error
condition. Specify "defer" to defer the remote SMTP client request
immediately. With the default "defer_if_permit" action, the Postfix
SMTP server continues to look for opportunities to reject mail, and
defers the client request only if it would otherwise be accepted.
</p>

<p> This feature is available in Postfix 2.6 and later. </p>

%PARAM unknown_helo_hostname_tempfail_action $reject_tempfail_action

<p> The Postfix SMTP server's action when reject_unknown_helo_hostname
fails due to an temporary error condition. Specify "defer" to defer
the remote SMTP client request immediately. With the default
"defer_if_permit" action, the Postfix SMTP server continues to look
for opportunities to reject mail, and defers the client request
only if it would otherwise be accepted. </p>

<p> This feature is available in Postfix 2.6 and later. </p>

%PARAM postmulti_start_commands start

<p> The postfix(1) commands that the postmulti(1) instance manager treats
as "start" commands. For these commands, disabled instances are "checked"
rather than "started", and failure to "start" a member instance of an
instance group will abort the start-up of later instances. </p>

<p> This feature is available in Postfix 2.6 and later. </p>

%PARAM postmulti_stop_commands see "postconf -d" output

<p> The postfix(1) commands that the postmulti(1) instance manager treats
as "stop" commands. For these commands, disabled instances are skipped,
and enabled instances are processed in reverse order. </p>

<p> This feature is available in Postfix 2.6 and later. </p>

%PARAM postmulti_control_commands reload flush

<p> The postfix(1) commands that the postmulti(1) instance manager
treats as "control" commands, that operate on running instances. For
these commands, disabled instances are skipped. </p>

<p> This feature is available in Postfix 2.6 and later. </p>

%PARAM lmtp_assume_final no

<p> When a remote LMTP server announces no DSN support, assume that
the
server performs final delivery, and send "delivered" delivery status
notifications instead of "relayed". The default setting is backwards
compatible to avoid the infinitesimal possibility of breaking
existing LMTP-based content filters. </p>

%PARAM always_add_missing_headers no

<p> Always add (Resent-) From:, To:, Date: or Message-ID: headers
when not present.  Postfix 2.6 and later add these headers only
when clients match the local_header_rewrite_clients parameter
setting.  Earlier Postfix versions always add these headers; this
may break DKIM signatures that cover non-existent headers. 
The undisclosed_recipients_header parameter setting determines
whether a To: header will be added. </p>

%PARAM lmtp_header_checks

<p> The LMTP-specific version of the smtp_header_checks configuration
parameter. See there for details. </p>

<p> This feature is available in Postfix 2.5 and later. </p>

%PARAM lmtp_mime_header_checks

<p> The LMTP-specific version of the smtp_mime_header_checks
configuration parameter. See there for details. </p>

<p> This feature is available in Postfix 2.5 and later. </p>

%PARAM lmtp_nested_header_checks

<p> The LMTP-specific version of the smtp_nested_header_checks
configuration parameter. See there for details. </p>

<p> This feature is available in Postfix 2.5 and later. </p>

%PARAM lmtp_body_checks

<p> The LMTP-specific version of the smtp_body_checks configuration
parameter. See there for details. </p>

<p> This feature is available in Postfix 2.5 and later. </p>

%PARAM milter_header_checks

<p> Optional lookup tables for content inspection of message headers
that are produced by Milter applications.  See the header_checks(5)
manual page available actions. Currently, PREPEND is not implemented.
</p>

<p> The following example sends all mail that is marked as SPAM to
a spam handling machine. Note that matches are case-insensitive
by default. </p>

<pre>
/etc/postfix/main.cf:
    milter_header_checks = pcre:/etc/postfix/milter_header_checks
</pre>

<pre>
/etc/postfix/milter_header_checks:
    /^X-SPAM-FLAG:\s+YES/ FILTER mysmtp:sanitizer.example.com:25
</pre>

<p> The milter_header_checks mechanism could also be used for
whitelisting. For example it could be used to skip heavy content
inspection for DKIM-signed mail from known friendly domains. </p>

<p> This feature is available in Postfix 2.7, and as an optional
patch for Postfix 2.6. </p>

%PARAM postscreen_cache_map btree:$data_directory/postscreen_cache

<p> Persistent storage for the postscreen(8) server decisions. </p>

<p> To share a postscreen(8) cache between multiple postscreen(8)
instances, use "postscreen_cache_map = proxy:btree:/path/to/file".
This requires Postfix version 2.9 or later; earlier proxymap(8)
implementations don't support cache cleanup. For an alternative
approach see the memcache_table(5) manpage. </p>

<p> This feature is available in Postfix 2.8. </p>

%PARAM smtpd_service_name smtpd

<p> The internal service that postscreen(8) hands off allowed
connections to. In a future version there may be different
classes of SMTP service. </p>

<p> This feature is available in Postfix 2.8. </p>

%PARAM postscreen_post_queue_limit $default_process_limit

<p> The number of clients that can be waiting for service from a
real Postfix SMTP server process. When this queue is full, all
clients will
receive a 421 response. </p>

<p> This feature is available in Postfix 2.8. </p>

%PARAM postscreen_pre_queue_limit $default_process_limit

<p> The number of non-whitelisted clients that can be waiting for
a decision whether they will receive service from a real Postfix
SMTP server
process. When this queue is full, all non-whitelisted clients will
receive a 421 response. </p>

<p> This feature is available in Postfix 2.8. </p>

%PARAM postscreen_greet_ttl 1d

<p> The amount of time that postscreen(8) will use the result from
a successful PREGREET test. During this time, the client IP address
is excluded from this test. The default is relatively short, because
a good client can immediately talk to a real Postfix SMTP server. </p>

<p> Specify a non-zero time value (an integral value plus an optional
one-letter suffix that specifies the time unit).  Time units: s
(seconds), m (minutes), h (hours), d (days), w (weeks).  </p>

<p> This feature is available in Postfix 2.8. </p>

%PARAM postscreen_cache_retention_time 7d

<p> The amount of time that postscreen(8) will cache an expired
temporary whitelist entry before it is removed. This prevents clients
from being logged as "NEW" just because their cache entry expired
an hour ago. It also prevents the cache from filling up with clients
that passed some deep protocol test once and never came back. </p>

<p> Time units: s (seconds), m (minutes), h (hours), d (days), w
(weeks).  </p>

<p> This feature is available in Postfix 2.8. </p>

%PARAM postscreen_cache_cleanup_interval 12h

<p> The amount of time between postscreen(8) cache cleanup runs.
Cache cleanup increases the load on the cache database and should
therefore not be run frequently. This feature requires that the
cache database supports the "delete" and "sequence" operators.
Specify a zero interval to disable cache cleanup. </p>

<p> After each cache cleanup run, the postscreen(8) daemon logs the
number of entries that were retained and dropped. A cleanup run is
logged as "partial" when the daemon terminates early after "<b>postfix
reload</b>", "<b>postfix stop</b>", or no requests for $max_idle
seconds. </p>

<p> Time units: s (seconds), m (minutes), h (hours), d (days), w
(weeks).  </p>

<p> This feature is available in Postfix 2.8. </p>

%PARAM postscreen_greet_wait normal: 6s, overload: 2s

<p> The amount of time that postscreen(8) will wait for an SMTP
client to send a command before its turn, and for DNS blocklist
lookup results to arrive (default: up to 2 seconds under stress,
up to 6 seconds otherwise).  <p>

<p> Specify a non-zero time value (an integral value plus an optional
one-letter suffix that specifies the time unit).  </p>

<p> Time units: s (seconds), m (minutes), h (hours), d (days), w
(weeks).  </p>

<p> This feature is available in Postfix 2.8. </p>

%PARAM postscreen_dnsbl_sites

<p>Optional list of DNS white/blacklist domains, filters and weight
factors. When the list is non-empty, the dnsblog(8) daemon will
query these domains with the IP addresses of remote SMTP clients,
and postscreen(8) will update an SMTP client's DNSBL score with
each non-error reply. </p>

<p> Caution: when postscreen rejects mail, it replies with the DNSBL
domain name. Use the postscreen_dnsbl_reply_map feature to hide
"password" information in DNSBL domain names. </p>

<p> When a client's score is equal to or greater than the threshold
specified with postscreen_dnsbl_threshold, postscreen(8) can drop
the connection with the remote SMTP client. </p>

<p> Specify a list of domain=filter*weight entries, separated by
comma or whitespace.  </p>

<ul>

<li> <p> When no "=filter" is specified, postscreen(8) will use any
non-error DNSBL reply.  Otherwise, postscreen(8) uses only DNSBL
replies that match the filter. The filter has the form d.d.d.d,
where each d is a number, or a pattern inside [] that contains one
or more ";"-separated numbers or number..number ranges.  </p>

<li> <p> When no "*weight" is specified, postscreen(8) increments
the remote SMTP client's DNSBL score by 1.  Otherwise, the weight must be
an integral number, and postscreen(8) adds the specified weight to
the remote SMTP client's DNSBL score.  Specify a negative number for
whitelisting.  </p>

<li> <p> When one postscreen_dnsbl_sites entry produces multiple
DNSBL responses, postscreen(8) applies the weight at most once.
</p>

</ul>

<p> Examples: </p>

<p> To use example.com as a high-confidence blocklist, and to
block mail with example.net and example.org only when both agree:
</p>

<pre> 
postscreen_dnsbl_threshold = 2 
postscreen_dnsbl_sites = example.com*2, example.net, example.org 
</pre>

<p> To filter only DNSBL replies containing 127.0.0.4: </p>

<pre> 
postscreen_dnsbl_sites = example.com=127.0.0.4 
</pre>

<p> This feature is available in Postfix 2.8. </p>

%PARAM postscreen_dnsbl_action ignore

<p>The action that postscreen(8) takes when a remote SMTP client's combined
DNSBL score is equal to or greater than a threshold (as defined
with the postscreen_dnsbl_sites and postscreen_dnsbl_threshold
parameters).  Specify one of the following: </p>

<dl>

<dt> <b>ignore</b> (default) </dt>

<dd> Ignore the failure of this test. Allow other tests to complete.
Repeat this test the next time the client connects.
This option is useful for testing and collecting statistics
without blocking mail. </dd>

<dt> <b>enforce</b> </dt>

<dd> Allow other tests to complete. Reject attempts to deliver mail
with a 550 SMTP reply, and log the helo/sender/recipient information.
Repeat this test the next time the client connects. </dd>

<dt> <b>drop</b> </dt>

<dd> Drop the connection immediately with a 521 SMTP reply. Repeat
this test the next time the client connects. </dd>

</dl>

<p> This feature is available in Postfix 2.8. </p>

%PARAM postscreen_greet_action ignore

<p>The action that postscreen(8) takes when a remote SMTP client speaks
before its turn within the time specified with the postscreen_greet_wait
parameter.  Specify one of the following: </p>

<dl>

<dt> <b>ignore</b> (default) </dt>

<dd> Ignore the failure of this test. Allow other tests to complete.
Repeat this test the next time the client connects.
This option is useful for testing and collecting statistics
without blocking mail. </dd>

<dt> <b>enforce</b> </dt>

<dd> Allow other tests to complete. Reject attempts to deliver mail
with a 550 SMTP reply, and log the helo/sender/recipient information.
Repeat this test the next time the client connects. </dd>

<dt> <b>drop</b> </dt>

<dd> Drop the connection immediately with a 521 SMTP reply. Repeat
this test the next time the client connects. </dd>

</dl>

<p> In either case, postscreen(8) will not whitelist the remote SMTP client
IP address. </p>

<p> This feature is available in Postfix 2.8. </p>

#%PARAM postscreen_whitelist_networks $mynetworks
#
#<p> Network addresses that are permanently whitelisted, and that
#will not be subjected to postscreen(8) checks. This parameter uses
#the same address syntax as the mynetworks parameter. This feature
#never uses the remote SMTP client hostname.  </p>
#
#<p> This feature is available in Postfix 2.8. </p>
#
#%PARAM postscreen_blacklist_networks 
#
#<p> Network addresses that are permanently blacklisted; see the
#postscreen_blacklist_action parameter for possible actions.  This
#parameter uses the same address syntax as the mynetworks parameter.
#The blacklist has higher precedence than whitelists. This feature
#never uses the remote SMTP client hostname.  </p>
#
#<p> This feature is available in Postfix 2.8. </p>

%PARAM postscreen_access_list permit_mynetworks

<p> Permanent white/blacklist for remote SMTP client IP addresses.
postscreen(8) searches this list immediately after a remote SMTP
client connects.  Specify a comma- or whitespace-separated list of
commands (in upper or lower case) or lookup tables. The search stops
upon the first command that fires for the client IP address. </p>

<dl>

<dt> <b> permit_mynetworks </b> </dt> <dd> Whitelist the client and
terminate the search if the client IP address matches $mynetworks.
Do not subject the client to any before/after 220 greeting tests.
Pass the connection immediately to a Postfix SMTP server process.
<br> Pattern matching of domain names is controlled by the presence
or absence of "postscreen_access_list" in the
parent_domain_matches_subdomains parameter value. </dd>

<dt> <b> type:table </b> </dt> <dd> Query the specified lookup
table. Each table lookup result is an access list, except that
access lists inside a table cannot specify type:table entries.  <br>
To discourage the use of hash, btree, etc. tables, there is no
support for substring matching like smtpd(8). Use CIDR tables
instead.  </dd>

<dt> <b> permit </b> </dt> <dd> Whitelist the client and terminate
the search. Do not subject the client to any before/after 220
greeting tests. Pass the connection immediately to a Postfix SMTP
server process. </dd>

<dt> <b> reject </b> </dt> <dd> Blacklist the client and terminate
the search. Subject the client to the action configured with the
postscreen_blacklist_action configuration parameter. </dd>

<dt> <b> dunno </b> </dt> <dd> All postscreen(8) access lists
implicitly have this command at the end. <br> When <b> dunno </b>
is executed inside a lookup table, return from the lookup table and
evaluate the next command.  <br> When <b> dunno </b> is executed
outside a lookup table, terminate the search, and subject the client
to the configured before/after 220 greeting tests. </dd>

</dl>

<p> Example: </p>

<pre>
/etc/postfix/main.cf:
    postscreen_access_list = permit_mynetworks, 
		cidr:/etc/postfix/postscreen_access.cidr
    postscreen_blacklist_action = enforce
</pre>

<pre>
/etc/postfix/postscreen_access.cidr:
    # Rules are evaluated in the order as specified.
    # Blacklist 192.168.* except 192.168.0.1.
    192.168.0.1         dunno
    192.168.0.0/16      reject
</pre>
    
<p> This feature is available in Postfix 2.8. </p>

%PARAM postscreen_greet_banner $smtpd_banner

<p> The <i>text</i> in the optional "220-<i>text</i>..." server
response that
postscreen(8) sends ahead of the real Postfix SMTP server's "220
text..." response, in an attempt to confuse bad SMTP clients so
that they speak before their turn (pre-greet).  Specify an empty
value to disable this feature.  </p>

<p> This feature is available in Postfix 2.8. </p>

%PARAM postscreen_blacklist_action ignore

<p> The action that postscreen(8) takes when a remote SMTP client is
permanently blacklisted with the postscreen_access_list parameter.
Specify one of the following: </p>

<dl>

<dt> <b>ignore</b> (default) </dt>

<dd> Ignore  this result. Allow other tests to complete.  Repeat
this test the next time the client connects.
This option is useful for testing and collecting statistics
without blocking mail. </dd>

<dt> <b>enforce</b> </dt>

<dd> Allow other tests to complete. Reject attempts to deliver mail
with a 550 SMTP reply, and log the helo/sender/recipient information.
Repeat this test the next time the client connects. </dd>

<dt> <b>drop</b> </dt>

<dd> Drop the connection immediately with a 521 SMTP reply. Repeat
this test the next time the client connects. </dd>

</dl>

<p> This feature is available in Postfix 2.8. </p>

%PARAM smtpd_command_filter 

<p> A mechanism to transform commands from remote SMTP clients.
This is a last-resort tool to work around client commands that break
interoperability with the Postfix SMTP server.  Other uses involve
fault injection to test Postfix's handling of invalid commands.
</p>

<p> Specify the name of a "type:table" lookup table. The search
string is the SMTP command as received from the remote SMTP client,
except that initial whitespace and the trailing &lt;CR&gt;&lt;LF&gt;
are removed.  The result value is executed by the Postfix SMTP
server.  </p>

<p> There is no need to use smtpd_command_filter for the following
cases: </p>

<ul>

<li> <p> Use "resolve_numeric_domain = yes" to accept
"<i>user@ipaddress</i>". </p>

<li> <p> Postfix already accepts the correct form
"<i>user@[ipaddress]</i>". Use virtual_alias_maps or canonical_maps
to translate these into domain names if necessary.  </p>

<li> <p> Use "strict_rfc821_envelopes = no" to accept "RCPT TO:&lt;<i>User
Name &lt;user@example.com&gt;&gt;</i>". Postfix will ignore the "<i>User
Name</i>" part and deliver to the <i>&lt;user@example.com&gt;</i> address.
</p>

</ul>

<p> Examples of problems that can be solved with the smtpd_command_filter
feature: </p>

<pre>
/etc/postfix/main.cf:
    smtpd_command_filter = pcre:/etc/postfix/command_filter
</pre>

<pre>
/etc/postfix/command_filter:
    # Work around clients that send malformed HELO commands.
    /^HELO\s*$/ HELO domain.invalid
</pre>

<pre>
    # Work around clients that send empty lines.
    /^\s*$/     NOOP
</pre>

<pre>
    # Work around clients that send RCPT TO:&lt;'user@domain'&gt;.
    # WARNING: do not lose the parameters that follow the address.
    /^(RCPT\s+TO:\s*&lt;)'([^[:space:]]+)'(&gt;.*)/     $1$2$3
</pre>

<pre>
    # Append XVERP to MAIL FROM commands to request VERP-style delivery.
    # See VERP_README for more information on how to use Postfix VERP.
    /^(MAIL FROM:\s*&lt;listname@example\.com&gt;.*)/   $1 XVERP
</pre>

<pre>
    # Bounce-never mail sink. Use notify_classes=bounce,resource,software 
    # to send bounced mail to the postmaster (with message body removed).
    /^(RCPT\s+TO:\s*&lt;.*&gt;.*)\s+NOTIFY=\S+(.*)/     $1 NOTIFY=NEVER$2
    /^(RCPT\s+TO:.*)/                             $1 NOTIFY=NEVER
</pre>

<p> This feature is available in Postfix 2.7. </p>

%PARAM smtp_reply_filter 

<p> A mechanism to transform replies from remote SMTP servers one
line at a time.  This is a last-resort tool to work around server
replies that break interoperability with the Postfix SMTP client.
Other uses involve fault injection to test Postfix's handling of
invalid responses. </p>

<p> Notes: </p>

<ul>

<li> <p> In the case of a multi-line reply, the Postfix SMTP client
uses the final reply line's numerical SMTP reply code and enhanced
status code.  </p>

<li> <p> The numerical SMTP reply code (XYZ) takes precedence over
the enhanced status code (X.Y.Z).  When the enhanced status code
initial digit differs from the SMTP reply code initial digit, or
when no enhanced status code is present, the Postfix SMTP client
uses a generic enhanced status code (X.0.0) instead. </p>

</ul>

<p> Specify the name of a "type:table" lookup table. The search
string is a single SMTP reply line as received from the remote SMTP
server, except that the trailing &lt;CR&gt;&lt;LF&gt; are removed.
When the lookup succeeds, the result replaces the single SMTP reply
line. </p>

<p> Examples: </p>

<pre>
/etc/postfix/main.cf:
    smtp_reply_filter = pcre:/etc/postfix/reply_filter
</pre>

<pre>
/etc/postfix/reply_filter:
    # Transform garbage into "250-filler..." so that it looks like
    # one line from a multi-line reply. It does not matter what we
    # substitute here as long it has the right syntax.  The Postfix
    # SMTP client will use the final line's numerical SMTP reply
    # code and enhanced status code.
    !/^([2-5][0-9][0-9]($|[- ]))/ 250-filler for garbage
</pre>

<p> This feature is available in Postfix 2.7. </p>

%PARAM lmtp_reply_filter

<p> The LMTP-specific version of the smtp_reply_filter
configuration parameter.  See there for details. </p>

<p> This feature is available in Postfix 2.7 and later. </p>

%PARAM smtp_tls_block_early_mail_reply no

<p> Try to detect a mail hijacking attack based on a TLS protocol
vulnerability (CVE-2009-3555), where an attacker prepends malicious
HELO, MAIL, RCPT, DATA commands to a Postfix SMTP client TLS session.
The attack would succeed with non-Postfix SMTP servers that reply
to the malicious HELO, MAIL, RCPT, DATA commands after negotiating
the Postfix SMTP client TLS session.  </p>

<p> This feature is available in Postfix 2.7. </p>

%PARAM lmtp_tls_block_early_mail_reply

<p> The LMTP-specific version of the smtp_tls_block_early_mail_reply
configuration parameter.  See there for details. </p>

<p> This feature is available in Postfix 2.7 and later. </p>

%PARAM empty_address_default_transport_maps_lookup_key &lt;&gt;

<p> The sender_dependent_default_transport_maps search string that
will be used instead of the null sender address. </p>

<p> This feature is available in Postfix 2.7 and later.  </p>

%PARAM sender_dependent_default_transport_maps

<p> A sender-dependent override for the global default_transport
parameter setting. The tables are searched by the envelope sender
address and @domain. A lookup result of DUNNO terminates the search
without overriding the global default_transport parameter setting.
This information is overruled with the transport(5) table. </p>

<p>
Specify zero or more "type:name" lookup tables, separated by
whitespace or comma. Tables will be searched in the specified order
until a match is found.
</p>

<p> Note: this overrides default_transport, not transport_maps, and
therefore the expected syntax is that of default_transport, not the
syntax of transport_maps.  Specifically, this does not support the
transport_maps syntax for null transport, null nexthop, or null
email addresses. </p>

<p> For safety reasons, this feature does not allow $number
substitutions in regular expression maps. </p>

<p> This feature is available in Postfix 2.7 and later.  </p>

%PARAM address_verify_sender_dependent_default_transport_maps $sender_dependent_default_transport_maps

<p> Overrides the sender_dependent_default_transport_maps parameter
setting for address verification probes.  </p>

<p> This feature is available in Postfix 2.7 and later.  </p>

%PARAM default_filter_nexthop 

<p> When a content_filter or FILTER request specifies no explicit
next-hop destination, use $default_filter_nexthop instead; when
that value is empty, use the domain in the recipient address.
Specify "default_filter_nexthop = $myhostname" for compatibility
with Postfix version 2.6 and earlier, or specify an explicit next-hop
destination with each content_filter value or FILTER action. </p>

<p> This feature is available in Postfix 2.7 and later.  </p>

%PARAM smtp_address_preference any

<p> The address type ("ipv6", "ipv4" or "any") that the Postfix
SMTP client will try first, when a destination has IPv6 and IPv4
addresses with equal MX preference. This feature has no effect
unless the inet_protocols setting enables both IPv4 and IPv6. </p>

<p> Postfix SMTP client address preference has evolved. With Postfix
2.8 the default is "ipv6"; earlier implementations are hard-coded
to prefer IPv6 over IPv4. </p>

<p> Notes for mail delivery between sites that have both IPv4 and
IPv6 connectivity: </p>

<ul>

<li> <p> The setting "smtp_address_preference = ipv6" is unsafe.
It can fail to deliver mail when there is an outage that affects
IPv6, while the destination is still reachable over IPv4. </p>

<li> <p> The setting "smtp_address_preference = any" is safe. With
this, mail will eventually be delivered even if there is an outage
that affects IPv6 or IPv4, as long as it does not affect both. </p>

</ul>

<p> This feature is available in Postfix 2.8 and later.  </p>

%PARAM lmtp_address_preference ipv6

<p> The LMTP-specific version of the smtp_address_preference
configuration parameter.  See there for details. </p>

<p> This feature is available in Postfix 2.8 and later.  </p>

%PARAM smtp_dns_resolver_options 

<p> DNS Resolver options for the Postfix SMTP client.  Specify zero
or more of the following options, separated by comma or whitespace.
Option names are case-sensitive. Some options refer to domain names
that are specified in the file /etc/resolv.conf or equivalent. </p>

<dl>

<dt><b>res_defnames</b></dt>

<dd> Append the current domain name to single-component names (those
that do not contain a "." character). This can produce incorrect
results, and is the hard-coded behavior prior to Postfix 2.8. </dd>

<dt><b>res_dnsrch</b></dt>

<dd> Search for host names in the current domain and in parent
domains. This can produce incorrect results and is therefore not
recommended. </dd>

</dl>

<p> This feature is available in Postfix 2.8 and later.  </p>

%PARAM lmtp_dns_resolver_options

<p> The LMTP-specific version of the smtp_dns_resolver_options
configuration parameter.  See there for details. </p>

<p> This feature is available in Postfix 2.8 and later.  </p>

%PARAM postscreen_dnsbl_threshold 1

<p> The inclusive lower bound for blocking a remote SMTP client, based on
its combined DNSBL score as defined with the postscreen_dnsbl_sites
parameter. </p>

<p> This feature is available in Postfix 2.8.  </p>

%PARAM postscreen_dnsbl_whitelist_threshold 0

<p> Allow a remote SMTP client to skip "before" and "after 220
greeting" protocol tests, based on its combined DNSBL score as
defined with the postscreen_dnsbl_sites parameter.  </p>

<p> Specify a negative value to enable this feature. When a client
passes the postscreen_dnsbl_whitelist_threshold without having
failed other tests, all pending or disabled tests are flagged as
completed with a time-to-live value equal to postscreen_dnsbl_ttl.
When a test was already completed, its time-to-live value is updated
if it was less than postscreen_dnsbl_ttl. </p>

<p> This feature is available in Postfix 2.11.  </p>

%PARAM postscreen_command_count_limit 20

<p> The limit on the total number of commands per SMTP session for
postscreen(8)'s built-in SMTP protocol engine.  This SMTP engine
defers or rejects all attempts to deliver mail, therefore there is
no need to enforce separate limits on the number of junk commands
and error commands.  </p>

<p> This feature is available in Postfix 2.8.  </p>

%PARAM postscreen_command_time_limit normal: 300s, overload: 10s

<p> The time limit to read an entire command line with postscreen(8)'s
built-in SMTP protocol engine. </p>

<p> This feature is available in Postfix 2.8.  </p>

%PARAM postscreen_dnsbl_ttl 1h

<p> The amount of time that postscreen(8) will use the result from
a successful DNS-based reputation test before a client
IP address is required to pass that test again.  </p>

<p> Specify a non-zero time value (an integral value plus an optional
one-letter suffix that specifies the time unit).  Time units: s
(seconds), m (minutes), h (hours), d (days), w (weeks).  </p>

<p> This feature is available in Postfix 2.8-3.0. It was 
replaced by postscreen_dnsbl_max_ttl in Postfix 3.1.  </p>

%PARAM postscreen_dnsbl_min_ttl 60s

<p> The minimum amount of time that postscreen(8) will use the
result from a successful DNS-based reputation test before a
client IP address is required to pass that test again. If the DNS
reply specifies a larger TTL value, that value will be used unless
it would be larger than postscreen_dnsbl_max_ttl.  </p>

<p> Specify a non-zero time value (an integral value plus an optional
one-letter suffix that specifies the time unit).  Time units: s
(seconds), m (minutes), h (hours), d (days), w (weeks).  </p>

<p> This feature is available in Postfix 3.1. </p>

%PARAM postscreen_dnsbl_max_ttl ${postscreen_dnsbl_ttl?{$postscreen_dnsbl_ttl}:{1}}h

<p> The maximum amount of time that postscreen(8) will use the
result from a successful DNS-based reputation test before a
client IP address is required to pass that test again. If the DNS
reply specifies a shorter TTL value, that value will be used unless
it would be smaller than postscreen_dnsbl_min_ttl.  </p>

<p> Specify a non-zero time value (an integral value plus an optional
one-letter suffix that specifies the time unit).  Time units: s
(seconds), m (minutes), h (hours), d (days), w (weeks).  </p>

<p> This feature is available in Postfix 3.1. The default setting
is backwards-compatible with older Postfix versions. </p>

%PARAM postscreen_pipelining_action enforce

<p> The action that postscreen(8) takes when a remote SMTP client
sends
multiple commands instead of sending one command and waiting for
the server to respond.  Specify one of the following: </p>

<dl>

<dt> <b>ignore</b> </dt>

<dd> Ignore the failure of this test. Allow other tests to complete.
Do <i>not</i> repeat this test before some the result from some
other test expires.
This option is useful for testing and collecting statistics
without blocking mail permanently. </dd>

<dt> <b>enforce</b> </dt>

<dd> Allow other tests to complete. Reject attempts to deliver mail
with a 550 SMTP reply, and log the helo/sender/recipient information.
Repeat this test the next time the client connects. </dd>

<dt> <b>drop</b> </dt>

<dd> Drop the connection immediately with a 521 SMTP reply. Repeat
this test the next time the client connects. </dd>

</dl>

<p> This feature is available in Postfix 2.8. </p>

%PARAM postscreen_pipelining_ttl 30d

<p> The amount of time that postscreen(8) will use the result from
a successful "pipelining" SMTP protocol test. During this time, the
client IP address is excluded from this test. The default is
long because a good client must disconnect after it passes the test,
before it can talk to a real Postfix SMTP server. </p>

<p> Specify a non-zero time value (an integral value plus an optional
one-letter suffix that specifies the time unit).  Time units: s
(seconds), m (minutes), h (hours), d (days), w (weeks).  </p>

<p> This feature is available in Postfix 2.8.  </p>

%PARAM postscreen_pipelining_enable no

<p> Enable "pipelining" SMTP protocol tests in the postscreen(8)
server. These tests are expensive: a good client must disconnect
after it passes the test, before it can talk to a real Postfix SMTP
server. </p>

<p> This feature is available in Postfix 2.8.  </p>

%PARAM postscreen_watchdog_timeout 10s

<p> How much time a postscreen(8) process may take to respond to
a remote SMTP client command or to perform a cache operation before it
is terminated by a built-in watchdog timer.  This is a safety
mechanism that prevents postscreen(8) from becoming non-responsive
due to a bug in Postfix itself or in system software.  To avoid
false alarms and unnecessary cache corruption this limit cannot be
set under 10s.  </p>

<p> Specify a non-zero time value (an integral value plus an optional
one-letter suffix that specifies the time unit).  Time units: s
(seconds), m (minutes), h (hours), d (days), w (weeks).  </p>

<p> This feature is available in Postfix 2.8.  </p>

%PARAM postscreen_helo_required $smtpd_helo_required

<p> Require that a remote SMTP client sends HELO or EHLO before 
commencing a MAIL transaction. </p>

<p> This feature is available in Postfix 2.8.  </p>

%PARAM postscreen_forbidden_commands $smtpd_forbidden_commands

<p> List of commands that the postscreen(8) server considers in
violation of the SMTP protocol. See smtpd_forbidden_commands for
syntax, and postscreen_non_smtp_command_action for possible actions.
</p>

<p> This feature is available in Postfix 2.8.  </p>

%PARAM postscreen_disable_vrfy_command $disable_vrfy_command

<p> Disable the SMTP VRFY command in the postscreen(8) daemon.  See
disable_vrfy_command for details.  </p>

<p> This feature is available in Postfix 2.8.  </p>

%PARAM postscreen_non_smtp_command_action drop

<p> The action that postscreen(8) takes when a remote SMTP client sends
non-SMTP commands as specified with the postscreen_forbidden_commands
parameter.  Specify one of the following: </p>

<dl>

<dt> <b>ignore</b> </dt>

<dd> Ignore the failure of this test. Allow other tests to complete.
Do <i>not</i> repeat this test before some the result from some
other test expires.
This option is useful for testing and collecting statistics
without blocking mail permanently. </dd>

<dt> <b>enforce</b> </dt>

<dd> Allow other tests to complete. Reject attempts to deliver mail
with a 550 SMTP reply, and log the helo/sender/recipient information.
Repeat this test the next time the client connects. </dd>

<dt> <b>drop</b> </dt>

<dd> Drop the connection immediately with a 521 SMTP reply. Repeat
this test the next time the client connects. This action is the
same as with the Postfix SMTP server's smtpd_forbidden_commands
feature.  </dd>

</dl>

<p> This feature is available in Postfix 2.8. </p>

%PARAM postscreen_non_smtp_command_ttl 30d

<p> The amount of time that postscreen(8) will use the result from
a successful "non_smtp_command" SMTP protocol test. During this
time, the client IP address is excluded from this test. The default
is long because a client must disconnect after it passes the test,
before it can talk to a real Postfix SMTP server. </p>

<p> Specify a non-zero time value (an integral value plus an optional
one-letter suffix that specifies the time unit).  Time units: s
(seconds), m (minutes), h (hours), d (days), w (weeks).  </p>

<p> This feature is available in Postfix 2.8.  </p>

%PARAM postscreen_non_smtp_command_enable no

<p> Enable "non-SMTP command" tests in the postscreen(8) server. These
tests are expensive: a client must disconnect after it passes the
test, before it can talk to a real Postfix SMTP server. </p>

<p> This feature is available in Postfix 2.8.  </p>

%PARAM postscreen_dnsbl_reply_map

<p> A mapping from actual DNSBL domain name which includes a secret
password, to the DNSBL domain name that postscreen will reply with
when it rejects mail.  When no mapping is found, the actual DNSBL
domain will be used. </p>

<p> For maximal stability it is best to use a file that is read
into memory such as pcre:, regexp: or texthash: (texthash: is similar
to hash:, except a) there is no need to run postmap(1) before the
file can be used, and b) texthash: does not detect changes after
the file is read). </p>

<p> Example: </p>

<pre>
/etc/postfix/main.cf:
    postscreen_dnsbl_reply_map = texthash:/etc/postfix/dnsbl_reply
</pre>

<pre>
/etc/postfix/dnsbl_reply:
   secret.zen.spamhaus.org	zen.spamhaus.org
</pre>

<p> This feature is available in Postfix 2.8.  </p>

%PARAM postscreen_dnsbl_timeout 10s

<p> The time limit for DNSBL or DNSWL lookups. This is separate from
the timeouts in the dnsblog(8) daemon which are defined by system
resolver(3) routines. </p>

<p> This feature is available in Postfix 3.0.  </p>
%PARAM postscreen_bare_newline_action ignore

<p> The action that postscreen(8) takes when a remote SMTP client sends
a bare newline character, that is, a newline not preceded by carriage
return.  Specify one of the following: </p>

<dl>

<dt> <b>ignore</b> </dt>

<dd> Ignore the failure of this test. Allow other tests to complete.
Do <i>not</i> repeat this test before some the result from some
other test expires.
This option is useful for testing and collecting statistics
without blocking mail permanently. </dd>

<dt> <b>enforce</b> </dt>

<dd> Allow other tests to complete. Reject attempts to deliver mail
with a 550 SMTP reply, and log the helo/sender/recipient information.
Repeat this test the next time the client connects. </dd>

<dt> <b>drop</b> </dt>

<dd> Drop the connection immediately with a 521 SMTP reply. Repeat
this test the next time the client connects.  </dd>

</dl>

<p> This feature is available in Postfix 2.8. </p>

%PARAM postscreen_bare_newline_ttl 30d

<p> The amount of time that postscreen(8) will use the result from
a successful "bare newline" SMTP protocol test. During this
time, the client IP address is excluded from this test. The default
is long because a remote SMTP client must disconnect after it passes
the test,
before it can talk to a real Postfix SMTP server. </p>

<p> Specify a non-zero time value (an integral value plus an optional
one-letter suffix that specifies the time unit).  Time units: s
(seconds), m (minutes), h (hours), d (days), w (weeks).  </p>

<p> This feature is available in Postfix 2.8.  </p>

%PARAM postscreen_bare_newline_enable no

<p> Enable "bare newline" SMTP protocol tests in the postscreen(8)
server. These tests are expensive: a remote SMTP client must
disconnect after
it passes the test, before it can talk to a real Postfix SMTP server.
</p>

<p> This feature is available in Postfix 2.8.  </p>

%PARAM postscreen_client_connection_count_limit $smtpd_client_connection_count_limit

<p> How many simultaneous connections any remote SMTP client is
allowed to have
with the postscreen(8) daemon. By default, this limit is the same
as with the Postfix SMTP server. Note that the triage process can
take several seconds, with the time spent in postscreen_greet_wait
delay, and with the time spent talking to the postscreen(8) built-in
dummy SMTP protocol engine. </p>

<p> This feature is available in Postfix 2.8.  </p>

%PARAM dnsblog_reply_delay 0s

<p> A debugging aid to artificially delay DNS responses. </p>

<p> This feature is available in Postfix 2.8.  </p>

%PARAM reset_owner_alias no

<p> Reset the local(8) delivery agent's idea of the owner-alias
attribute, when delivering mail to a child alias that does not have
its own owner alias. </p>

<p> This feature is available in Postfix 2.8 and later. With older
Postfix releases, the behavior is as if this parameter is set to
"yes". </p>

<p> As documented in aliases(5), when an alias <i>name</i> has a
companion alias named owner-<i>name</i>, delivery errors will be
reported to the owner alias instead of the sender. This configuration
is recommended for mailing lists. <p>

<p> A less known property of the owner alias is that it also forces
the local(8) delivery agent to write local and remote addresses
from alias expansion to a new queue file, instead of attempting to
deliver mail to local addresses as soon as they come out of alias
expansion.  </p>

<p> Writing local addresses from alias expansion to a new queue
file allows for robust handling of temporary delivery errors: errors
with one local member have no effect on deliveries to other members
of the list.  On the other hand, delivery to local addresses as
soon as they come out of alias expansion is fragile: a temporary
error with one local address from alias expansion will cause the
entire alias to be expanded repeatedly until the error goes away,
or until the message expires in the queue.  In that case, a problem
with one list member results in multiple message deliveries to other
list members. </p>

<p> The default behavior of Postfix 2.8 and later is to keep the
owner-alias attribute of the parent alias, when delivering mail to
a child alias that does not have its own owner alias. Then, local
addresses from that child alias will be written to a new queue file,
and a temporary error with one local address will not affect delivery
to other mailing list members. </p>

<p> Unfortunately, older Postfix releases reset the owner-alias
attribute when delivering mail to a child alias that does not have
its own owner alias.  The local(8) delivery agent then attempts to
deliver local addresses as soon as they come out of child alias
expansion.  If delivery to any address from child alias expansion
fails with a temporary error condition, the entire mailing list may
be expanded repeatedly until the mail expires in the queue, resulting
in multiple deliveries of the same message to mailing list members.
</p>

%PARAM qmgr_ipc_timeout 60s

<p> The time limit for the queue manager to send or receive information
over an internal communication channel.  The purpose is to break
out of deadlock situations. If the time limit is exceeded the
software either retries or aborts the operation. </p>

<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>

<p> This feature is available in Postfix 2.8 and later.  </p>

%PARAM qmgr_daemon_timeout 1000s

<p> How much time a Postfix queue manager process may take to handle
a request before it is terminated by a built-in watchdog timer.
</p>

<p>
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
</p>

<p> This feature is available in Postfix 2.8 and later.  </p>

%PARAM tls_preempt_cipherlist no

<p> With SSLv3 and later, use the Postfix SMTP server's cipher
preference order instead of the remote client's cipher preference
order. </p>

<p> By default, the OpenSSL server selects the client's most preferred
cipher that the server supports. With SSLv3 and later, the server may
choose its own most preferred cipher that is supported (offered) by
the client. Setting "tls_preempt_cipherlist = yes" enables server cipher
preferences. </p>

<p> While server cipher selection may in some cases lead to a more secure
or performant cipher choice, there is some risk of interoperability
issues. In the past, some SSL clients have listed lower priority ciphers
that they did not implement correctly. If the server chooses a cipher
that the client prefers less, it may select a cipher whose client
implementation is flawed. Most notably Windows 2003 Microsoft
Exchange servers have flawed implementations of DES-CBC3-SHA, which
OpenSSL considers stronger than RC4-SHA.  Enabling server cipher-suite
selection may create interoperability issues with Windows 2003
Microsoft Exchange clients.  </p>

<p> This feature is available in Postfix 2.8 and later, in combination
with OpenSSL 0.9.7 and later. </p>

%PARAM tls_disable_workarounds see "postconf -d" output

<p> List or bit-mask of OpenSSL bug work-arounds to disable. </p>

<p> The OpenSSL toolkit includes a set of work-arounds for buggy SSL/TLS
implementations. Applications, such as Postfix, that want to maximize
interoperability ask the OpenSSL library to enable the full set of
recommended work-arounds. </p>

<p> From time to time, it is discovered that a work-around creates a
security issue, and should no longer be used. If upgrading OpenSSL
to a fixed version is not an option or an upgrade is not available
in a timely manner, or in closed environments where no buggy clients
or servers exist, it may be appropriate to disable some or all of the
OpenSSL interoperability work-arounds. This parameter specifies which
bug work-arounds to disable. </p>

<p> If the value of the parameter is a hexadecimal long integer starting
with "0x", the bug work-arounds corresponding to the bits specified in
its value are removed from the <b>SSL_OP_ALL</b> work-around bit-mask
(see openssl/ssl.h and SSL_CTX_set_options(3)). You can specify more
bits than are present in SSL_OP_ALL, excess bits are ignored. Specifying
0xFFFFFFFF disables all bug-workarounds on a 32-bit system. This should
also be sufficient on 64-bit systems, until OpenSSL abandons support
for 32-bit systems and starts using the high 32 bits of a 64-bit
bug-workaround mask. </p>

<p> Otherwise, the parameter is a white-space or comma separated list
of specific named bug work-arounds chosen from the list below. It
is possible that your OpenSSL version includes new bug work-arounds
added after your Postfix source code was last updated, in that case
you can only disable one of these via the hexadecimal syntax above. </p>

<dl>

<dt><b>MICROSOFT_SESS_ID_BUG</b></dt> <dd>See SSL_CTX_set_options(3)</dd>

<dt><b>NETSCAPE_CHALLENGE_BUG</b></dt> <dd>See SSL_CTX_set_options(3)</dd>

<dt><b>LEGACY_SERVER_CONNECT</b></dt> <dd>See SSL_CTX_set_options(3)</dd>

<dt><b>NETSCAPE_REUSE_CIPHER_CHANGE_BUG</b></dt> <dd> also aliased
as <b>CVE-2010-4180</b>. Postfix 2.8 disables this work-around by
default with OpenSSL versions that may predate the fix. Fixed in
OpenSSL 0.9.8q and OpenSSL 1.0.0c.</dd>

<dt><b>SSLREF2_REUSE_CERT_TYPE_BUG</b></dt> <dd>See
SSL_CTX_set_options(3)</dd>

<dt><b>MICROSOFT_BIG_SSLV3_BUFFER</b></dt> <dd>See
SSL_CTX_set_options(3)</dd>

<dt><b>MSIE_SSLV2_RSA_PADDING</b></dt> <dd> also aliased as
<b>CVE-2005-2969</b>. Postfix 2.8 disables this work-around by
default with OpenSSL versions that may predate the fix. Fixed in
OpenSSL 0.9.7h and OpenSSL 0.9.8a.</dd>

<dt><b>SSLEAY_080_CLIENT_DH_BUG</b></dt> <dd>See
SSL_CTX_set_options(3)</dd>

<dt><b>TLS_D5_BUG</b></dt> <dd>See SSL_CTX_set_options(3)</dd>

<dt><b>TLS_BLOCK_PADDING_BUG</b></dt> <dd>See SSL_CTX_set_options(3)</dd>

<dt><b>TLS_ROLLBACK_BUG</b></dt> <dd>See SSL_CTX_set_options(3).
This is disabled in OpenSSL 0.9.7 and later. Nobody should still
be using 0.9.6! </dd>

<dt><b>DONT_INSERT_EMPTY_FRAGMENTS</b></dt> <dd>See
SSL_CTX_set_options(3)</dd>

<dt><b>CRYPTOPRO_TLSEXT_BUG</b></dt> <dd>New with GOST support in
OpenSSL 1.0.0.</dd>

</dl>

<p> This feature is available in Postfix 2.8 and later.  </p>

%PARAM tls_legacy_public_key_fingerprints no

<p> A temporary migration aid for sites that use certificate
<i>public-key</i> fingerprints with Postfix 2.9.0..2.9.5, which use
an incorrect algorithm. This parameter has no effect on the certificate
fingerprint support that is available since Postfix 2.2. </p>

<p> Specify "tls_legacy_public_key_fingerprints = yes" temporarily,
pending a migration from configuration files with incorrect Postfix
2.9.0..2.9.5 certificate public-key finger prints, to the correct
fingerprints used by Postfix 2.9.6 and later.  To compute the correct
certificate public-key fingerprints, see TLS_README. </p>

<p> This feature is available in Postfix 2.9.6 and later.  </p>

%PARAM tlsproxy_watchdog_timeout 10s

<p> How much time a tlsproxy(8) process may take to process local
or remote I/O before it is terminated by a built-in watchdog timer.
This is a safety mechanism that prevents tlsproxy(8) from becoming
non-responsive due to a bug in Postfix itself or in system software.
To avoid false alarms and unnecessary cache corruption this limit
cannot be set under 10s.  </p>

<p> Specify a non-zero time value (an integral value plus an optional
one-letter suffix that specifies the time unit).  Time units: s
(seconds), m (minutes), h (hours), d (days), w (weeks).  </p>

<p> This feature is available in Postfix 2.8.  </p>

%PARAM postscreen_discard_ehlo_keywords $smtpd_discard_ehlo_keywords

<p> A case insensitive list of EHLO keywords (pipelining, starttls,
auth, etc.) that the postscreen(8) server will not send in the EHLO
response to a remote SMTP client. See smtpd_discard_ehlo_keywords
for details. </p>

<p> This feature is available in Postfix 2.8 and later. </p>

%PARAM postscreen_discard_ehlo_keyword_address_maps $smtpd_discard_ehlo_keyword_address_maps

<p> Lookup tables, indexed by the remote SMTP client address, with
case insensitive lists of EHLO keywords (pipelining, starttls, auth,
etc.) that the postscreen(8) server will not send in the EHLO response
to a remote SMTP client. See smtpd_discard_ehlo_keywords for details.
The table is not searched by hostname for robustness reasons.  </p>

<p> This feature is available in Postfix 2.8 and later. </p>

%PARAM postscreen_use_tls $smtpd_use_tls

<p> Opportunistic TLS: announce STARTTLS support to remote SMTP clients,
but do not require that clients use TLS encryption. </p>

<p> This feature is available in Postfix 2.8 and later. 
Preferably, use postscreen_tls_security_level instead. </p>

%PARAM postscreen_enforce_tls $smtpd_enforce_tls

<p> Mandatory TLS: announce STARTTLS support to remote SMTP clients, and
require that clients use TLS encryption.  See smtpd_postscreen_enforce_tls
for details.  </p>

<p> This feature is available in Postfix 2.8 and later.
Preferably, use postscreen_tls_security_level instead. </p>

%PARAM postscreen_tls_security_level $smtpd_tls_security_level

<p> The SMTP TLS security level for the postscreen(8) server; when
a non-empty value is specified, this overrides the obsolete parameters
postscreen_use_tls and postscreen_enforce_tls. See smtpd_tls_security_level
for details. </p>

<p> This feature is available in Postfix 2.8 and later. </p>

%PARAM tlsproxy_enforce_tls $smtpd_enforce_tls

<p> Mandatory TLS: announce STARTTLS support to remote SMTP clients, and
require that clients use TLS encryption. See smtpd_enforce_tls for
further details. </p>

<p> This feature is available in Postfix 2.8 and later. </p>

%PARAM tlsproxy_tls_CAfile $smtpd_tls_CAfile

<p> A file containing (PEM format) CA certificates of root CAs
trusted to sign either remote SMTP client certificates or intermediate
CA certificates.  See smtpd_tls_CAfile for further details. </p>

<p> This feature is available in Postfix 2.8 and later. </p>

%PARAM tlsproxy_tls_CApath $smtpd_tls_CApath

<p> A directory containing (PEM format) CA certificates of root CAs
trusted to sign either remote SMTP client certificates or intermediate
CA certificates. See smtpd_tls_CApath for further details. </p>

<p> This feature is available in Postfix 2.8 and later. </p>

%PARAM tlsproxy_tls_always_issue_session_ids $smtpd_tls_always_issue_session_ids

<p> Force the Postfix tlsproxy(8) server to issue a TLS session id,
even when TLS session caching is turned off. See
smtpd_tls_always_issue_session_ids for further details. </p>

<p> This feature is available in Postfix 2.8 and later. </p>

%PARAM tlsproxy_tls_ask_ccert $smtpd_tls_ask_ccert

<p> Ask a remote SMTP client for a client certificate. See
smtpd_tls_ask_ccert for further details. </p>

<p> This feature is available in Postfix 2.8 and later. </p>

%PARAM tlsproxy_tls_ccert_verifydepth $smtpd_tls_ccert_verifydepth

<p> The verification depth for remote SMTP client certificates. A
depth of 1 is sufficient if the issuing CA is listed in a local CA
file. See smtpd_tls_ccert_verifydepth for further details. </p>

<p> This feature is available in Postfix 2.8 and later. </p>

%PARAM tlsproxy_tls_cert_file $smtpd_tls_cert_file

<p> File with the Postfix tlsproxy(8) server RSA certificate in PEM
format.  This file may also contain the Postfix tlsproxy(8) server
private RSA key.  See smtpd_tls_cert_file for further details.  </p>

<p> This feature is available in Postfix 2.8 and later. </p>

%PARAM tlsproxy_tls_ciphers $smtpd_tls_ciphers

<p> The minimum TLS cipher grade that the Postfix tlsproxy(8) server
will use with opportunistic TLS encryption. See smtpd_tls_ciphers
for further details. </p>

<p> This feature is available in Postfix 2.8 and later. </p>

%PARAM tlsproxy_tls_dcert_file $smtpd_tls_dcert_file

<p> File with the Postfix tlsproxy(8) server DSA certificate in PEM
format.  This file may also contain the Postfix tlsproxy(8) server
private DSA key.  See smtpd_tls_dcert_file for further details.
</p>

<p> This feature is available in Postfix 2.8 and later. </p>

%PARAM tlsproxy_tls_dh1024_param_file $smtpd_tls_dh1024_param_file

<p> File with DH parameters that the Postfix tlsproxy(8) server
should use with non-export EDH ciphers. See smtpd_tls_dh1024_param_file
for further details. </p>

<p> This feature is available in Postfix 2.8 and later. </p>

%PARAM tlsproxy_tls_dh512_param_file $smtpd_tls_dh512_param_file

<p> File with DH parameters that the Postfix tlsproxy(8) server
should use with export-grade EDH ciphers. See smtpd_tls_dh512_param_file
for further details.  The default SMTP server cipher grade is
"medium" with Postfix releases after the middle of 2015, and as a
result export-grade cipher suites are by default not used.  </p>

<p> This feature is available in Postfix 2.8 and later. </p>

%PARAM tlsproxy_tls_dkey_file $smtpd_tls_dkey_file

<p> File with the Postfix tlsproxy(8) server DSA private key in PEM
format.  This file may be combined with the Postfix tlsproxy(8)
server DSA certificate file specified with $smtpd_tls_dcert_file.
See smtpd_tls_dkey_file for further details. </p>

<p> This feature is available in Postfix 2.8 and later. </p>

%PARAM tlsproxy_tls_eccert_file $smtpd_tls_eccert_file

<p> File with the Postfix tlsproxy(8) server ECDSA certificate in
PEM format.  This file may also contain the Postfix tlsproxy(8)
server private ECDSA key.  See smtpd_tls_eccert_file for further
details. </p>

<p> This feature is available in Postfix 2.8 and later. </p>

%PARAM tlsproxy_tls_eckey_file $smtpd_tls_eckey_file

<p> File with the Postfix tlsproxy(8) server ECDSA private key in
PEM format.  This file may be combined with the Postfix tlsproxy(8)
server ECDSA certificate file specified with $smtpd_tls_eccert_file.
See smtpd_tls_eckey_file for further details. </p>

<p> This feature is available in Postfix 2.8 and later. </p>

%PARAM tlsproxy_tls_eecdh_grade $smtpd_tls_eecdh_grade

<p> The Postfix tlsproxy(8) server security grade for ephemeral
elliptic-curve Diffie-Hellman (EECDH) key exchange. See
smtpd_tls_eecdh_grade for further details. </p>

<p> This feature is available in Postfix 2.8 and later. </p>

%PARAM tlsproxy_tls_exclude_ciphers $smtpd_tls_exclude_ciphers

<p> List of ciphers or cipher types to exclude from the tlsproxy(8)
server cipher list at all TLS security levels. See
smtpd_tls_exclude_ciphers for further details. </p>

<p> This feature is available in Postfix 2.8 and later. </p>

%PARAM tlsproxy_tls_fingerprint_digest $smtpd_tls_fingerprint_digest

<p> The message digest algorithm to construct remote SMTP
client-certificate
fingerprints. See smtpd_tls_fingerprint_digest for further details.
</p>

<p> This feature is available in Postfix 2.8 and later. </p>

%PARAM tlsproxy_tls_key_file $smtpd_tls_key_file

<p> File with the Postfix tlsproxy(8) server RSA private key in PEM
format.  This file may be combined with the Postfix tlsproxy(8)
server RSA certificate file specified with $smtpd_tls_cert_file.
See smtpd_tls_key_file for further details. </p>

<p> This feature is available in Postfix 2.8 and later. </p>

%PARAM tlsproxy_tls_loglevel $smtpd_tls_loglevel

<p> Enable additional Postfix tlsproxy(8) server logging of TLS
activity.  Each logging level also includes the information that
is logged at a lower logging level. See smtpd_tls_loglevel for
further details.  </p>

<p> This feature is available in Postfix 2.8 and later. </p>

%PARAM tlsproxy_tls_mandatory_ciphers $smtpd_tls_mandatory_ciphers

<p> The minimum TLS cipher grade that the Postfix tlsproxy(8) server
will use with mandatory TLS encryption. See smtpd_tls_mandatory_ciphers
for further details. </p>

<p> This feature is available in Postfix 2.8 and later. </p>

%PARAM tlsproxy_tls_mandatory_exclude_ciphers $smtpd_tls_mandatory_exclude_ciphers

<p> Additional list of ciphers or cipher types to exclude from the
tlsproxy(8) server cipher list at mandatory TLS security levels.
See smtpd_tls_mandatory_exclude_ciphers for further details. </p>

<p> This feature is available in Postfix 2.8 and later. </p>

%PARAM tlsproxy_tls_mandatory_protocols $smtpd_tls_mandatory_protocols

<p> The SSL/TLS protocols accepted by the Postfix tlsproxy(8) server
with mandatory TLS encryption. If the list is empty, the server
supports all available SSL/TLS protocol versions.  See
smtpd_tls_mandatory_protocols for further details. </p>

<p> This feature is available in Postfix 2.8 and later. </p>

%PARAM tlsproxy_tls_protocols $smtpd_tls_protocols

<p> List of TLS protocols that the Postfix tlsproxy(8) server will
exclude or include with opportunistic TLS encryption. See
smtpd_tls_protocols for further details. </p>

<p> This feature is available in Postfix 2.8 and later. </p>

%PARAM tlsproxy_tls_req_ccert $smtpd_tls_req_ccert

<p> With mandatory TLS encryption, require a trusted remote SMTP
client certificate in order to allow TLS connections to proceed.
See smtpd_tls_req_ccert for further details. </p>

<p> This feature is available in Postfix 2.8 and later. </p>

%PARAM tlsproxy_tls_security_level $smtpd_tls_security_level

<p> The SMTP TLS security level for the Postfix tlsproxy(8) server;
when a non-empty value is specified, this overrides the obsolete
parameters smtpd_use_tls and smtpd_enforce_tls. See
smtpd_tls_security_level for further details. </p>

<p> This feature is available in Postfix 2.8 and later. </p>

%PARAM tlsproxy_tls_session_cache_timeout $smtpd_tls_session_cache_timeout

<p> Obsolete expiration time of Postfix tlsproxy(8) server TLS session
cache information. Since the cache is shared with smtpd(8) and managed
by tlsmgr(8), there is only one expiration time for the SMTP server cache
shared by all three services, namely smtpd_tls_session_cache_timeout. </p>

<p> This feature is available in Postfix 2.8 and later. </p>

%PARAM tlsproxy_use_tls $smtpd_use_tls

<p> Opportunistic TLS: announce STARTTLS support to remote SMTP clients,
but do not require that clients use TLS encryption. See smtpd_use_tls
for further details. </p>

<p> This feature is available in Postfix 2.8 and later. </p>

%PARAM smtpd_reject_footer

<p> Optional information that is appended after each Postfix SMTP
server
4XX or 5XX response. </p>

<p> The following example uses "\c" at the start of the template
(supported in Postfix 2.10 and later) to suppress the line break
between the reply text and the footer text. With earlier Postfix
versions, the footer text always begins on a new line, and the "\c"
is output literally. </p>

<pre>
/etc/postfix/main.cf:
    smtpd_reject_footer = \c. For assistance, call 800-555-0101.
     Please provide the following information in your problem report:
     time ($localtime), client ($client_address) and server
     ($server_name).
</pre>

<p> Server response: </p>

<pre>
    550-5.5.1 &lt;user@example&gt; Recipient address rejected: User
    unknown. For assistance, call 800-555-0101. Please provide the
    following information in your problem report: time (Jan 4 15:42:00),
    client (192.168.1.248) and server (mail1.example.com).
</pre>

<p> Note: the above text is meant to make it easier to find the
Postfix logfile records for a failed SMTP session. The text itself
is not logged to the Postfix SMTP server's maillog file. </p>

<p> Be sure to keep the text as short as possible. Long text may
be truncated before it is logged to the remote SMTP client's maillog
file, or before it is returned to the sender in a delivery status
notification.  </p>

<p> This feature supports a limited number of $name attributes in
the footer text. These are replaced by their current value for the
SMTP session: </p>

<dl>

<dt> <b>client_address</b> </dt> <dd> The Client IP address that
is logged in the maillog file. </dd>

<dt> <b>client_port</b> </dt> <dd> The client TCP port that is
logged in the maillog file. </dd>

<dt> <b>localtime</b> </dt> <dd> The server local time (Mmm dd
hh:mm:ss) that is logged in the maillog file. </dd>

<dt> <b>server_name</b> </dt> <dd> The server's myhostname value.
This attribute is made available for sites with multiple MTAs
(perhaps behind a load-balancer), where the server name can help
the server support team to quickly find the right log files.  </dd>

</dl>

<p> Notes: </p>

<ul>

<li> <p> NOT SUPPORTED are other attributes such as sender, recipient,
or main.cf parameters.  </p>

<li> <p> For safety reasons, text that does not match
$smtpd_expansion_filter is censored. </p>

</ul>

<p> This feature supports the two-character sequence \n as a request
for a line break in the footer text. Postfix automatically inserts
after each line break the three-digit SMTP reply code (and optional
enhanced status code) from the original Postfix reject message.
</p>

<p> To work around mail software that mis-handles multi-line replies,
specify the two-character sequence \c at the start of the template.
This suppresses the line break between the reply text and the footer
text (Postfix 2.10 and later).  </p>

<p> This feature is available in Postfix 2.8 and later. </p>

%PARAM postscreen_expansion_filter see "postconf -d" output

<p> List of characters that are permitted in postscreen_reject_footer
attribute expansions.  See smtpd_expansion_filter for further
details. </p>

<p> This feature is available in Postfix 2.8 and later. </p>

%PARAM postscreen_reject_footer $smtpd_reject_footer

<p> Optional information that is appended after a 4XX or 5XX
postscreen(8) server
response. See smtpd_reject_footer for further details.  </p>

<p> This feature is available in Postfix 2.8 and later. </p>

%PARAM postscreen_command_filter $smtpd_command_filter

<p> A mechanism to transform commands from remote SMTP clients.
See smtpd_command_filter for further details. </p>

<p> This feature is available in Postfix 2.8 and later. </p>

%PARAM dnsblog_service_name dnsblog

<p> The name of the dnsblog(8) service entry in master.cf. This
service performs DNS white/blacklist lookups. </p>

<p> This feature is available in Postfix 2.8 and later. </p>

%PARAM tlsproxy_service_name tlsproxy

<p> The name of the tlsproxy(8) service entry in master.cf. This
service performs plaintext &lt;=&gt; TLS ciphertext conversion. <p>

<p> This feature is available in Postfix 2.8 and later. </p>

%PARAM smtpd_per_record_deadline normal: no, overload: yes

<p> Change the behavior of the smtpd_timeout and smtpd_starttls_timeout
time limits, from a
time limit per read or write system call, to a time limit to send
or receive a complete record (an SMTP command line, SMTP response
line, SMTP message content line, or TLS protocol message).  This
limits the impact from hostile peers that trickle data one byte at
a time.  </p>

<p> Note: when per-record deadlines are enabled, a short timeout
may cause problems with TLS over very slow network connections.
The reasons are that a TLS protocol message can be up to 16 kbytes
long (with TLSv1), and that an entire TLS protocol message must be
sent or received within the per-record deadline.  </p>

<p> This feature is available in Postfix 2.9 and later. With older
Postfix releases, the behavior is as if this parameter is set to
"no". </p>

%PARAM smtp_per_record_deadline no

<p> Change the behavior of the smtp_*_timeout time limits, from a
time limit per read or write system call, to a time limit to send
or receive a complete record (an SMTP command line, SMTP response
line, SMTP message content line, or TLS protocol message).  This
limits the impact from hostile peers that trickle data one byte at
a time.  </p>

<p> Note: when per-record deadlines are enabled, a short timeout
may cause problems with TLS over very slow network connections.
The reasons are that a TLS protocol message can be up to 16 kbytes
long (with TLSv1), and that an entire TLS protocol message must be
sent or received within the per-record deadline.  </p>

<p> This feature is available in Postfix 2.9 and later. With older
Postfix releases, the behavior is as if this parameter is set to
"no". </p>

%PARAM lmtp_per_record_deadline no

<p> The LMTP-specific version of the smtp_per_record_deadline
configuration parameter.  See there for details. </p>

<p> This feature is available in Postfix 2.9 and later.  </p>

%PARAM postscreen_whitelist_interfaces static:all

<p> A list of local postscreen(8) server IP addresses where a
non-whitelisted remote SMTP client can obtain postscreen(8)'s temporary
whitelist status. This status is required before the client can
talk to a Postfix SMTP server process.  By default, a client can
obtain postscreen(8)'s whitelist status on any local postscreen(8)
server IP address. </p>

<p> When postscreen(8) listens on both primary and backup MX
addresses, the postscreen_whitelist_interfaces parameter can be
configured to give the temporary whitelist status only when a client
connects to a primary MX address. Once a client is whitelisted it
can talk to a Postfix SMTP server on any address. Thus, clients
that connect only to backup MX addresses will never become whitelisted,
and will never be allowed to talk to a Postfix SMTP server process.
</p>

<p> Specify a list of network addresses or network/netmask patterns,
separated by commas and/or whitespace. The netmask specifies the
number of bits in the network part of a host address. Continue long
lines by starting the next line with whitespace. </p>

<p> You can also specify "/file/name" or "type:table" patterns.  A
"/file/name" pattern is replaced by its contents; a "type:table"
lookup table is matched when a table entry matches a lookup string
(the lookup result is ignored). </p>

<p> The list is matched left to right, and the search stops on the
first match. Specify "!pattern" to exclude an address or network
block from the list.  </p>

<p> Note: IP version 6 address information must be specified inside
[] in the postscreen_whitelist_interfaces value, and in files
specified with "/file/name".  IP version 6 addresses contain the
":" character, and would otherwise be confused with a "type:table"
pattern. </p>

<p> Example: </p>

<pre>
/etc/postfix/main.cf:
    # Don't whitelist connections to the backup IP address.
    postscreen_whitelist_interfaces = !168.100.189.8, static:all
</pre>

<p> This feature is available in Postfix 2.9 and later.  </p>

%PARAM postscreen_upstream_proxy_protocol

<p> The name of the proxy protocol used by an optional before-postscreen
proxy agent. When a proxy agent is used, this protocol conveys local
and remote address and port information. Specify
"postscreen_upstream_proxy_protocol = haproxy" to enable the haproxy
protocol. <p>

<p> This feature is available in Postfix 2.10 and later.  </p>

%PARAM postscreen_upstream_proxy_timeout 5s

<p> The time limit for the proxy protocol specified with the
postscreen_upstream_proxy_protocol parameter. </p>

<p> This feature is available in Postfix 2.10 and later.  </p>
 
%PARAM smtpd_upstream_proxy_protocol

<p> The name of the proxy protocol used by an optional before-smtpd
proxy agent. When a proxy agent is used, this protocol conveys local
and remote address and port information.  Specify
"smtpd_upstream_proxy_protocol = haproxy" to enable the haproxy
protocol.  </p>

<p> NOTE: To use the nginx proxy with smtpd(8), enable the XCLIENT
protocol with smtpd_authorized_xclient_hosts. This supports SASL
authentication in the proxy agent (Postfix 2.9 and later). <p>

<p> This feature is available in Postfix 2.10 and later.  </p>

%PARAM smtpd_upstream_proxy_timeout 5s

<p> The time limit for the proxy protocol specified with the
smtpd_upstream_proxy_protocol parameter. </p>

<p> This feature is available in Postfix 2.10 and later.  </p>
 
%PARAM enable_long_queue_ids no

<p> Enable long, non-repeating, queue IDs (queue file names).  The
benefit of non-repeating names is simpler logfile analysis and
easier queue migration (there is no need to run "postsuper" to
change queue file names that don't match their message file inode
number).  </p>

<p> Note: see below for how to convert long queue file names to
Postfix &le; 2.8. </p>

<p> Changing the parameter value to "yes" has the following effects:
</p>

<ul>

<li> <p> Existing queue file names are not affected. </p>

<li> <p> New queue files are created with names such as 3Pt2mN2VXxznjll.
These are encoded in a 52-character alphabet that contains digits
(0-9), upper-case letters (B-Z) and lower-case letters (b-z). For
safety reasons the vowels (AEIOUaeiou) are excluded from the alphabet.
The name format is: 6 or more characters for the time in seconds,
4 characters for the time in microseconds, the 'z'; the remainder
is the file inode number encoded in the first 51 characters of the
52-character alphabet.  </p>

<li> <p> New messages have a Message-ID header with
<i>queueID</i>@<i>myhostname</i>.  </p>

<li> <p> The mailq (postqueue -p) output has a wider Queue ID column.
The number of whitespace-separated fields is not changed. <p>

<li> <p> The hash_queue_depth algorithm uses the first characters
of the queue file creation time in microseconds, after conversion
into hexadecimal representation. This produces the same queue hashing
behavior as if the queue file name was created with "enable_long_queue_ids
= no". </p>

</ul>

<p> Changing the parameter value to "no" has the following effects:
</p>

<ul>

<li> <p> Existing long queue file names are renamed to the short
form (while running "postfix reload" or "postsuper").  </p>

<li> <p> New queue files are created with names such as C3CD21F3E90
from a hexadecimal alphabet that contains digits (0-9) and upper-case
letters (A-F). The name format is: 5 characters for the time in
microseconds; the remainder is the file inode number. </p>

<li> <p> New messages have a Message-ID header with
<i>YYYYMMDDHHMMSS.queueid</i>@<i>myhostname</i>, where
<i>YYYYMMDDHHMMSS</i> are the year, month, day, hour, minute and
second.

<li> <p> The mailq (postqueue -p) output has the same format as
with Postfix &le; 2.8. <p>

<li> <p> The hash_queue_depth algorithm uses the first characters
of the queue file name, with the hexadecimal representation of the
file creation time in microseconds.  </p>

</ul>

<p> Before migration to Postfix &le; 2.8, the following commands
are required to convert long queue file names into short names: </p>

<pre>
# postfix stop
# postconf enable_long_queue_ids=no
# postsuper
</pre>

<p> Repeat the postsuper command until it reports no more queue file
name changes. </p>

<p> This feature is available in Postfix 2.9 and later.  </p>

%PARAM sendmail_fix_line_endings always

<p> Controls how the Postfix sendmail command converts email message
line endings from &lt;CR&gt;&lt;LF&gt; into UNIX format (&lt;LF&gt;).
</p>

<dl>

<dt> <b>always</b> </dt> <dd> Always convert message lines ending
in &lt;CR&gt;&lt;LF&gt;. This setting is the default with Postfix
2.9 and later. </dd>

<dt> <b>strict</b> </dt> <dd> Convert message lines ending in
&lt;CR&gt;&lt;LF&gt; only if the first input line ends in
&lt;CR&gt;&lt;LF&gt;. This setting is backwards-compatible with
Postfix 2.8 and earlier. </dd>

<dt> <b>never</b> </dt> <dd> Never convert message lines ending in
&lt;CR&gt;&lt;LF&gt;. This setting exists for completeness only.
</dd>

</dl>

<p> This feature is available in Postfix 2.9 and later. </p>

%PARAM smtp_send_dummy_mail_auth no

<p> Whether or not to append the "AUTH=&lt;&gt;" option to the MAIL
FROM command in SASL-authenticated SMTP sessions. The default is
not to send this, to avoid problems with broken remote SMTP servers.
Before Postfix 2.9 the behavior is as if "smtp_send_dummy_mail_auth
= yes".

<p> This feature is available in Postfix 2.9 and later. </p>

%PARAM lmtp_send_dummy_mail_auth no

<p> The LMTP-specific version of the smtp_send_dummy_mail_auth
configuration parameter.  See there for details. </p>

<p> This feature is available in Postfix 2.9 and later.  </p>

%PARAM address_verify_sender_ttl 0s

<p> The time between changes in the time-dependent portion of address
verification probe sender addresses. The time-dependent portion is
appended to the localpart of the address specified with the
address_verify_sender parameter. This feature is ignored when the
probe sender addresses is the null sender, i.e. the address_verify_sender
value is empty or &lt;&gt;. </p>

<p> Historically, the probe sender address was fixed. This has
caused such addresses to end up on spammer mailing lists, and has
resulted in wasted network and processing resources.  </p>

<p> To enable time-dependent probe sender addresses, specify a
non-zero time value (an integral value plus an optional one-letter
suffix that specifies the time unit).  Specify a value of at least
several hours, to avoid problems with senders that use greylisting.
Avoid nice TTL values, to make the result less predictable.  Time
units are: s (seconds), m (minutes), h (hours), d (days), w (weeks).
</p>

<p> This feature is available in Postfix 2.9 and later.  </p>

%PARAM smtp_address_verify_target rcpt

<p> In the context of email address verification, the SMTP protocol
stage that determines whether an email address is deliverable.
Specify one of "rcpt" or "data".  The latter is needed with remote
SMTP servers that reject recipients after the DATA command. Use
transport_maps to apply this feature selectively:  </p>

<blockquote>
<pre>
/etc/postfix/main.cf:
    transport_maps = hash:/etc/postfix/transport
</pre>
</blockquote>

<blockquote>
<pre>
/etc/postfix/transport:
    smtp-domain-that-verifies-after-data    smtp-data-target:
    lmtp-domain-that-verifies-after-data    lmtp-data-target:
</pre>
</blockquote>

<blockquote>
<pre>
/etc/postfix/master.cf:
    smtp-data-target    unix    -    -    n    -    -    smtp
        -o smtp_address_verify_target=data
    lmtp-data-target    unix    -    -    n    -    -    lmtp
        -o lmtp_address_verify_target=data
</pre>
</blockquote>

<p> Unselective use of the "data" target does no harm, but will
result in unnecessary "lost connection after DATA" events at remote
SMTP/LMTP servers. </p>

<p> This feature is available in Postfix 3.0 and later.  </p>

%PARAM lmtp_address_verify_target rcpt

<p> The LMTP-specific version of the smtp_address_verify_target
configuration parameter.  See there for details. </p>

<p> This feature is available in Postfix 3.0 and later.  </p>

%PARAM daemon_table_open_error_is_fatal no

<p> How a Postfix daemon process handles errors while opening lookup
tables: gradual degradation or immediate termination. </p>

<dl>

<dt> <b> no </b> (default) </dt> <dd> <p> Gradual degradation: a
daemon process logs a message of type "error" and continues execution
with reduced functionality. Features that do not depend on the
unavailable table will work normally, while features that depend
on the table will result in a type "warning" message.  <br> When
the notify_classes parameter value contains the "data" class, the
Postfix SMTP server and client will report transcripts of sessions
with an error because a table is unavailable.  </p> </dd>

<dt> <b> yes </b> (historical behavior) </dt> <dd> <p> Immediate
termination: a daemon process logs a type "fatal" message and
terminates immediately.  This option reduces the number of possible
code paths through Postfix, and may therefore be slightly more
secure than the default.  </p> </dd>

</dl>

<p> For the sake of sanity, the number of type "error" messages is
limited to 13 over the lifetime of a daemon process. </p>

<p> This feature is available in Postfix 2.9 and later.  </p>

%PARAM smtpd_log_access_permit_actions

<p> Enable logging of the named "permit" actions in SMTP server
access lists (by default, the SMTP server logs "reject" actions but
not "permit" actions).  This feature does not affect conditional
actions such as "defer_if_permit". </p>

<p> Specify a list of "permit" action names, "/file/name" or
"type:table" patterns, separated by commas and/or whitespace. The
list is matched left to right, and the search stops on the first
match. A "/file/name" pattern is replaced by its contents; a
"type:table" lookup table is matched when a name matches a lookup
key (the lookup result is ignored).  Continue long lines by starting
the next line with whitespace. Specify "!pattern" to exclude a name
from the list. </p>

<p> Examples: </p>

<pre>
/etc/postfix/main.cf:
    # Log all "permit" actions.
    smtpd_log_access_permit_actions = static:all
</pre>

<pre>
/etc/postfix/main.cf:
    # Log "permit_dnswl_client" only.
    smtpd_log_access_permit_actions = permit_dnswl_client
</pre>

<p> This feature is available in Postfix 2.10 and later.  </p>

%PARAM smtp_dns_support_level

<p> Level of DNS support in the Postfix SMTP client.  With
"smtp_dns_support_level" left at its empty default value, the legacy
"disable_dns_lookups" parameter controls whether DNS is enabled in
the Postfix SMTP client, otherwise the legacy parameter is ignored.
</p>

<p> Specify one of the following: </p>

<dl>

<dt><b>disabled</b></dt>

<dd>Disable DNS lookups.  No MX lookups are performed and hostname
to address lookups are unconditionally "native".  This setting is
not appropriate for hosts that deliver mail to the public Internet.
Some obsolete how-to documents recommend disabling DNS lookups in
some configurations with content_filters.  This is no longer required
and strongly discouraged.  </dd>

<dt><b>enabled</b></dt>

<dd>Enable DNS lookups.  Nexthop destination domains not enclosed
in "[]" will be subject to MX lookups.  If "dns" and "native" are
included in the "smtp_host_lookup" parameter value, DNS will be
queried first to resolve MX-host A records, followed by "native"
lookups if no answer is found in DNS.  </dd>

<dt><b>dnssec</b></dt>

<dd>Enable <a href="https://tools.ietf.org/html/rfc4033">DNSSEC</a>
lookups.  The "dnssec" setting differs from the "enabled" setting
above in the following ways: <ul> <li>Any MX lookups will set
RES_USE_DNSSEC and RES_USE_EDNS0 to request DNSSEC-validated
responses. If the MX response is DNSSEC-validated the corresponding
hostnames are considered validated.  <li> The address lookups of
validated hostnames are also validated, (provided of course
"smtp_host_lookup" includes "dns", see below).  <li>Temporary
failures in DNSSEC-enabled hostname-to-address resolution block any
"native" lookups.  Additional "native" lookups only happen when
DNSSEC lookups hard-fail (NODATA or NXDOMAIN).  </ul> </dd>

</dl>

<p> The Postfix SMTP client considers non-MX "[nexthop]" and
"[nexthop]:port" destinations equivalent to statically-validated
MX records of the form "nexthop.  IN MX 0 nexthop."  Therefore,
with "dnssec" support turned on, validated hostname-to-address
lookups apply to the nexthop domain of any "[nexthop]" or
"[nexthop]:port" destination.  This is also true for LMTP "inet:host"
and "inet:host:port" destinations, as LMTP hostnames are never
subject to MX lookups.  </p>

<p>The "dnssec" setting is recommended only if you plan to use the
<a href="TLS_README.html#client_tls_dane">dane</a> or <a
href="TLS_README.html#client_tls_dane">dane-only</a> TLS security
level, otherwise enabling DNSSEC support in Postfix offers no
additional security.  Postfix DNSSEC support relies on an upstream
recursive nameserver that validates DNSSEC signatures.  Such a DNS
server will always filter out forged DNS responses, even when Postfix
itself is not configured to use DNSSEC. </p>

<p> When using Postfix DANE support the "smtp_host_lookup" parameter
should include "dns", as <a
href="https://tools.ietf.org/html/rfc6698">DANE</a> is not applicable
to hosts resolved via "native" lookups.  </p>

<p> As mentioned above, Postfix is not a validating <a
href="https://tools.ietf.org/html/rfc4035#section-4.9">stub
resolver</a>; it relies on the system's configured DNSSEC-validating
<a href="https://tools.ietf.org/html/rfc4035#section-3.2">recursive
nameserver</a> to perform all DNSSEC validation.  Since this
nameserver's DNSSEC-validated responses will be fully trusted, it
is strongly recommended that the MTA host have a local DNSSEC-validating
recursive caching nameserver listening on a loopback address, and
be configured to use only this nameserver for all lookups.  Otherwise,
Postfix may remain subject to man-in-the-middle attacks that forge
responses from the recursive nameserver</p>

<p>DNSSEC support requires a version of Postfix compiled against a
reasonably-modern DNS resolver(3) library that implements the
RES_USE_DNSSEC and RES_USE_EDNS0 resolver options. </p>

<p> This feature is available in Postfix 2.11 and later.  </p>

%PARAM lmtp_dns_support_level

<p> The LMTP-specific version of the smtp_dns_support_level
configuration parameter.  See there for details.  </p>

<p> This feature is available in Postfix 2.11 and later.  </p>

%PARAM smtp_tls_trust_anchor_file

<p> Zero or more PEM-format files with trust-anchor certificates
and/or public keys.  If the parameter is not empty the root CAs in
CAfile and CApath are no longer trusted.  Rather, the Postfix SMTP
client will only trust certificate-chains signed by one of the
trust-anchors contained in the chosen files.  The specified
trust-anchor certificates and public keys are not subject to
expiration, and need not be (self-signed) root CAs.  They may, if
desired, be intermediate certificates. Therefore, these certificates
also may be found "in the middle" of the trust chain presented by
the remote SMTP server, and any untrusted issuing parent certificates
will be ignored.  Specify a list of pathnames separated by comma
or whitespace.  </p>

<p>  Whether specified in main.cf, or on a per-destination basis,
the trust-anchor PEM file must be accessible to the Postfix SMTP
client in the chroot jail if applicable.  The trust-anchor file
should contain only certificates and public keys, no private key
material, and must be readable by the non-privileged $mail_owner
user.  This allows destinations to be bound to a set of specific
CAs or public keys without trusting the same CAs for all destinations.
</p>

<p> The main.cf parameter supports single-purpose Postfix installations
that send mail to a fixed set of SMTP peers.  At most sites, if
trust-anchor files are used at all, they will be specified on a
per-destination basis via the "tafile" attribute of the "verify"
and "secure" levels in smtp_tls_policy_maps.  </p>

<p> The underlying mechanism is in support of RFC 6698 (DANE TLSA),
which defines mechanisms for a client to securely determine server
TLS certificates via DNS.  </p>

<p> If you want your trust anchors to be public keys, with OpenSSL
you can extract a single PEM public key from a PEM X.509 file
containing a single certificate, as follows: </p>

<blockquote>
<pre>
$ openssl x509 -in cert.pem -out ta-key.pem -noout -pubkey
</pre>
</blockquote>

<p> This feature is available in Postfix 2.11 and later.  </p>

%PARAM lmtp_tls_trust_anchor_file

<p> The LMTP-specific version of the smtp_tls_trust_anchor_file
configuration parameter.  See there for details.  </p>

<p> This feature is available in Postfix 2.11 and later.  </p>

%PARAM tls_dane_trust_anchor_digest_enable yes

<p> RFC 6698 trust-anchor digest support in the Postfix TLS library.
Enable support for RFC 6698 (DANE TLSA) DNS records that contain
digests of trust-anchors with certificate usage "2".  In this case
the certificate usage logically requires the server administrator
to configure the server to include the trust-anchor certificate in
the server's SSL certificate chain.  If enough domains mess this
up, you can disable support for these TLSA records, but you'll no
longer have secure connections that get it right and only publish
trust anchor records.  </p>

<p> At the <a href="TLS_README.html#client_tls_dane">dane</a>
security level, when a TLSA RRset includes only unusable associations,
the Postfix SMTP client will automatically switch the connection
to the <a href="TLS_README.html#client_tls_encrypt">encrypt</a>
security level.  At the <a
href="TLS_README.html#client_tls_dane">dane-only</a> security level,
the server in question is skipped and delivery is deferred if no
secure servers are found.  </p>

<p> The tls_dane_digests parameter controls the list of digest
algorithms that are supported in TLSA records.  The tls_dane_digest_agility
parameter controls digest algorithm downgrade attack resistance.
</p>

<p> This feature is available in Postfix 2.11 and later.  </p>

%PARAM tls_wildcard_matches_multiple_labels yes

<p> Match multiple DNS labels with "*" in wildcard certificates.
</p>

<p> Some mail service providers prepend the customer domain name
to a base domain for which they have a wildcard TLS certificate.
For example, the MX records for example.com hosted by example.net
may be: </p>

<blockquote>
<pre>
example.com. IN MX 0 example.com.mx1.example.net.
example.com. IN MX 0 example.com.mx2.example.net.
</pre>
</blockquote>

<p> and the TLS certificate may be for "*.example.net". The "*"
then corresponds with multiple labels in the mail server domain
name.  While multi-label wildcards are not widely supported, and
are not blessed by any standard, there is little to be gained by
disallowing their use in this context.  </p>

<p> Notes: <p>

<ul>

<li> <p> In a certificate name, the "*" is special only when it is
used as the first label. </p>

<li> <p> While Postfix (2.11 or later) can match "*" with multiple
domain name labels, other implementations likely will not.  </p>

<li> <p> Earlier Postfix implementations behave as if
"tls_wildcard_matches_multiple_labels = no". </p>

</ul>

<p> This feature is available in Postfix 2.11 and later.  </p>

%PARAM tls_ssl_options

<p> List or bit-mask of OpenSSL options to enable. </p>

<p> The OpenSSL toolkit provides a set of options that applications
can enable to tune the OpenSSL behavior.  Some of these work around
bugs in other implementations and are on by default.  You can use
the tls_disable_workarounds parameter to selectively disable some
or all of the bug work-arounds, making OpenSSL more strict at the
cost of non-interoperability with SSL clients or servers that exhibit
the bugs.  </p>

<p> Other options are off by default, and typically enable or disable
features rather than bug work-arounds.  These may be turned on (with
care) via the tls_ssl_options parameter.  The value is a white-space
or comma separated list of named options chosen from the list below.
The names are not case-sensitive, you can use lower-case if you
prefer.  The upper case values below match the corresponding macro
name in the ssl.h header file with the SSL_OP_ prefix removed.  It
is possible that your OpenSSL version includes new options added
after your Postfix source code was last updated, in that case you
can only enable one of these via the hexadecimal syntax below.  </p>

<p> You should only enable features via the hexadecimal mask when
the need to control the feature is critical (to deal with a new
vulnerability or a serious interoperability problem).  Postfix DOES
NOT promise backwards compatible behavior with respect to the mask
bits.  A feature enabled via the mask in one release may be enabled
by other means in a later release, and the mask bit will then be
ignored.  Therefore, use of the hexadecimal mask is only a temporary
measure until a new Postfix or OpenSSL release provides a better
solution.  </p>

<p> If the value of the parameter is a hexadecimal long integer
starting with "0x", the options corresponding to the bits specified
in its value are enabled (see openssl/ssl.h and SSL_CTX_set_options(3)).
You can only enable options not already controlled by other Postfix
settings.  For example, you cannot disable protocols or enable
server cipher preference.  Do not attempt to turn all features by
specifying 0xFFFFFFFF, this is unlikely to be a good idea.  </p>

<dl>

<dt><b>LEGACY_SERVER_CONNECT</b></dt> <dd>See SSL_CTX_set_options(3).</dd>

<dt><b>NO_TICKET</b></dt> <dd>See SSL_CTX_set_options(3).</dd>

<dt><b>NO_COMPRESSION</b></dt> <dd>Disable SSL compression even if
supported by the OpenSSL library.  Compression is CPU-intensive,
and compression before encryption does not always improve security.  </dd>

</dl>

<p> This feature is available in Postfix 2.11 and later.  </p>

%PARAM tlsmgr_service_name tlsmgr

<p> The name of the tlsmgr(8) service entry in master.cf. This
service maintains TLS session caches and other information in support
of TLS. </p>

<p> This feature is available in Postfix 2.11 and later. </p>

%PARAM lmtp_connection_reuse_count_limit 0

<p> The LMTP-specific version of the smtp_connection_reuse_count_limit
configuration parameter.  See there for details. </p>

<p> This feature is available in Postfix 2.11 and later. </p>

%PARAM smtp_connection_reuse_count_limit 0

<p> When SMTP connection caching is enabled, the number of times
that an SMTP session may be reused before it is closed, or zero (no
limit).  With a reuse count limit of N, a connection is used up to
N+1 times.  </p>

<p> NOTE: This feature is unsafe. When a high-volume destination
has multiple inbound MTAs, then the slowest inbound MTA will attract
the most connections to that destination.  This limitation does not
exist with the smtp_connection_reuse_time_limit feature. </p>

<p> This feature is available in Postfix 2.11. </p>

%PARAM lmtp_tls_force_insecure_host_tlsa_lookup no

<p> The LMTP-specific version of the smtp_tls_force_insecure_host_tlsa_lookup
configuration parameter.  See there for details. </p>

<p> This feature is available in Postfix 2.11 and later. </p>

%PARAM smtp_tls_force_insecure_host_tlsa_lookup no

<p> Lookup the associated DANE TLSA RRset even when a hostname is
not an alias and its address records lie in an unsigned zone.  This
is unlikely to ever yield DNSSEC validated results, since child
zones of unsigned zones are also unsigned in the absence of DLV or
locally configured non-root trust-anchors.  We anticipate that such
mechanisms will not be used for just the "_tcp" subdomain of a host.
Suppressing the TLSA RRset lookup reduces latency and avoids potential
interoperability problems with nameservers for unsigned zones that
are not prepared to handle the new TLSA RRset.  </p>

<p> This feature is available in Postfix 2.11. </p>

%PARAM tls_dane_digest_agility on

<p> Configure DANE TLSA digest algorithm agility.  When digest
algorithm agility is enabled, and the server and client support a
common strong digest algorithm, TLSA records with weaker digest
algorithms are ignored.  </p>

<p> Specify one of the following: </p>

<dl>

<dt><b>off</b></dt>
<dd> DANE verification examines each well-formed record in the TLSA
RRset whose matching type is either "0" (no hash used) or is one of
the digest algorithms listed in $tls_dane_digests.  This setting
is not recommended.  </dd>

<dt><b>on</b></dt>
<dd> From each group of well-formed TLSA RRs a non-zero digest
matching type with the same certificate usage and selector, DANE
verification examines only those records whose matching type has
the highest precedence (appear earliest in $tls_dane_digests).
</dd>

<dt><b>maybe</b></dt>
<dd> For compatibility with digest algorithm agility, each certificate
or public key whose digest is included in a DANE TLSA RRset, SHOULD
be published with the same set of digest matching type values as
any other with the same usage and selector.  Therefore, compatible
TLSA RRsets will contain an identical count of well-formed RRs with
each non-zero digest matching type for any fixed combination of
usage and selector.  When this constraint is violated, or any of
the digest records are malformed, digest algorithm agility will
disabled.  Otherwise, digest algorithm agility is enabled.   </dd>

</dl>

<p> Digest algorithm agility ensures that the strongest digest
supported by both the Postfix SMTP client and the remote server is
used, and weaker digests are ignored.  This supports non-disruptive
deprecation of outdated digest algorithms. </p>

<p> To ensure compatibility with digest algorithm agility during
key rotation, when a certificate or public key is being replaced
with another, and both are published during the transition, both
the old and the new certificate MUST be specified with the same set
of digests.  One can change the list of digest algorithms later,
once old keys are retired.  At any given time, change either the
list of digests without changing the list of certificates or public
keys or the list of certificates or public keys without changing
the list of digests.  Full value matching type "0" records are not
subject to this constraint, but are discouraged due to the size of
the resulting DNS records.  </p>

<p> It is expected that this algorithm agility mechanism will be
published in a standards track RFC for SMTP with DANE, and also in
an eventual update to RFC 6698. </p>

<p> This feature is available in Postfix 2.11 and later. </p>

%PARAM tls_dane_digests sha512 sha256

<p> RFC 6698 TLSA resource-record "matching type" digest algorithms
in descending preference order.  All the specified algorithms must
be supported by the underlying OpenSSL library, otherwise the Postfix
SMTP client will not support DANE TLSA security.  </p>

<p> Specify a list of digest names separated by commas and/or
whitespace.  Each digest name may be followed by an optional
"=&lt;number&gt;" suffix.  For example, "sha512" may instead be specified
as "sha512=2" and "sha256" may instead be specified as "sha256=1".
The optional number must match the <a
href="https://www.iana.org/assignments/dane-parameters/dane-parameters.xhtml#matching-types"
>IANA</a> assigned TLSA matching type number the algorithm in question.
Postfix will check this constraint for the algorithms it knows about.
Additional matching type algorithms registered with IANA can be added
with explicit numbers provided they are supported by OpenSSL. </p>

<p> Invalid list elements are logged with a warning and disable DANE
support.  TLSA RRs that specify digests not included in the list are
ignored with a warning. </p>

<p> Note: It is unwise to omit sha256 from the digest list.  This
digest algorithm is the only mandatory to implement digest algorithm
in RFC 6698, and many servers are expected publish TLSA records
with just sha256 digests.  Unless one of the standard digests is
seriously compromised and servers have had ample time to update their
TLSA records you should not omit any standard digests, just arrange
them in order from strongest to weakest.  </p>

<p> When for a particular combination of "certificate usage" and
"selector" the TLSA RRset contains records with more than one digest
matching type, the tls_dane_digest_agility parameter determines
whether all the RRs are used, or only those with the most preferred
digest matching type.  </p>

<p> The tls_dane_trust_anchor_digest_enable parameter controls
whether any digest TLSA records are acceptable in usage "2" (trust
anchor assertion) TLSA records. </p>

<p> This feature is available in Postfix 2.11 and later. </p>

%PARAM tls_session_ticket_cipher Postfix &ge; 3.0: aes-256-cbc, Postfix &lt; 3.0: aes-128-cbc

<p> Algorithm used to encrypt RFC5077 TLS session tickets.  This
algorithm must use CBC mode, have a 128-bit block size, and must
have a key length between 128 and 256 bits.  The default is
aes-256-cbc.  Overriding the default to choose a different algorithm
is discouraged.  </p>

<p> Setting this parameter empty disables session ticket support
in the Postfix SMTP server.  Another way to disable session ticket
support is via the tls_ssl_options parameter.  </p>

<p> This feature is available in Postfix 3.0 and later. </p>

%PARAM default_delivery_status_filter

<p> Optional filter to replace the delivery status code or explanatory
text of successful or unsuccessful deliveries.  This does not allow
the replacement of a successful status code (2.X.X) with an
unsuccessful status code (4.X.X or 5.X.X) or vice versa.  </p>

<p> The following parameters can be used to implement a filter for
specific delivery agents: lmtp_delivery_status_filter,
local_delivery_status_filter, pipe_delivery_status_filter,
smtp_delivery_status_filter or virtual_delivery_status_filter. These
parameters support the same filter syntax as described here. </p>

<p> Specify zero or more "type:table" lookup table names, separated
by comma or whitespace. For each successful or unsuccessful delivery
to a recipient, the tables are queried in the specified order with
one line of text that is structured as follows: </p>

<blockquote>
enhanced-status-code SPACE explanatory-text
</blockquote>

<p> The first table match wins. The lookup result must have the
same structure as the query, a successful status code (2.X.X) must
be replaced with a successful status code, an unsuccessful status
code (4.X.X or 5.X.X) must be replaced with an unsuccessful status
code, and the explanatory text field must be non-empty. Other results
will result in a warning.  </p>

<p> Example 1: convert specific soft TLS errors into hard errors,
by overriding the first number in the enhanced status code.  </p>

<blockquote>
<pre>
/etc/postfix/main.cf:
    smtp_delivery_status_filter = pcre:/etc/postfix/smtp_dsn_filter
</pre>
</blockquote>

<blockquote>
<pre>
/etc/postfix/smtp_dsn_filter:
    /^4(\.\d+\.\d+ TLS is required, but host \S+ refused to start TLS: .+)/
        5$1
    /^4(\.\d+\.\d+ TLS is required, but was not offered by host .+)/
        5$1
    # Do not change the following into hard bounces. They may
    # result from a local configuration problem.
    # 4.\d+.\d+ TLS is required, but our TLS engine is unavailable
    # 4.\d+.\d+ TLS is required, but unavailable
    # 4.\d+.\d+ Cannot start TLS: handshake failure
</pre>
</blockquote>

<p> Example 2: censor the per-recipient delivery status text so
that it does not reveal the destination command or filename
when a remote sender requests confirmation of successful delivery.
</p>

<blockquote>
<pre>
/etc/postfix/main.cf:
    local_delivery_status_filter = pcre:/etc/postfix/local_dsn_filter
</pre>
</blockquote>

<blockquote>
<pre>
/etc/postfix/local_dsn_filter:
    /^(2\S+ delivered to file).+/    $1
    /^(2\S+ delivered to command).+/ $1
</pre>
</blockquote>

<p> Notes: </p>

<ul>

<li> <p> This feature will NOT override the soft_bounce safety net. </p>

<li> <p> This feature will change the enhanced status code and text
that is logged to the maillog file, and that is reported to the
sender in delivery confirmation or non-delivery notifications.
</p>

</ul>

<p> This feature is available in Postfix 3.0 and later. </p>

%PARAM smtp_delivery_status_filter $default_delivery_status_filter

<p> Optional filter for the smtp(8) delivery agent to change the
delivery status code or explanatory text of successful or unsuccessful
deliveries.  See default_delivery_status_filter for details.  </p>

<p> NOTE: This feature modifies Postfix SMTP client error or non-error
messages that may or may not be derived from remote SMTP server
responses.  In contrast, the smtp_reply_filter feature modifies
remote SMTP server responses only.  </p>

%PARAM lmtp_delivery_status_filter

<p> The LMTP-specific version of the smtp_delivery_status_filter
configuration parameter.  See there for details. </p>

<p> This feature is available in Postfix 3.0 and later. </p>

%PARAM pipe_delivery_status_filter $default_delivery_status_filter

<p> Optional filter for the pipe(8) delivery agent to change the
delivery status code or explanatory text of successful or unsuccessful
deliveries.  See default_delivery_status_filter for details.  </p>

<p> This feature is available in Postfix 3.0 and later. </p>

%PARAM virtual_delivery_status_filter $default_delivery_status_filter

<p> Optional filter for the virtual(8) delivery agent to change the
delivery status code or explanatory text of successful or unsuccessful
deliveries.  See default_delivery_status_filter for details.  </p>

<p> This feature is available in Postfix 3.0 and later. </p>

%PARAM local_delivery_status_filter $default_delivery_status_filter

<p> Optional filter for the local(8) delivery agent to change the
status code or explanatory text of successful or unsuccessful
deliveries.  See default_delivery_status_filter for details.  </p>

<p> This feature is available in Postfix 3.0 and later. </p>

%PARAM shlib_directory see 'postconf -d' output

<p> The location of Postfix dynamically-linked libraries
(libpostfix-*.so), and the default location of Postfix database
plugins (postfix-*.so) that have a relative pathname in the
dynamicmaps.cf file.  The shlib_directory parameter defaults to
"no" when Postfix dynamically-linked libraries and database plugins
are disabled at compile time, otherwise it typically defaults to
/usr/lib/postfix or /usr/local/lib/postfix.  </p>

<p> Notes: </p>

<ul>

<li> <p> The directory specified with shlib_directory should contain
only Postfix-related files. Postfix dynamically-linked libraries
and database plugins should not be installed in a "public" system
directory such as /usr/lib or /usr/local/lib. Linking Postfix
dynamically-linked library files or database plugins into non-Postfix
programs is not supported.  Postfix dynamically-linked libraries
and database plugins implement a Postfix-internal API that changes
without maintaining compatibility.  </p>

<li> <p> You can change the shlib_directory value after Postfix is
built. However, you may have to run ldconfig or equivalent to prevent
Postfix programs from failing because the libpostfix-*.so files are
not found.  No ldconfig command is needed if you keep the libpostfix-*.so
files in the compiled-in default $shlib_directory location. </p>

</ul>

<p> This feature is available in Postfix 3.0 and later. </p>

%PARAM meta_directory see 'postconf -d' output

<p> The location of non-executable files that are shared among
multiple Postfix instances, such as postfix-files, dynamicmaps.cf,
and the multi-instance template files main.cf.proto and master.cf.proto.
This directory should contain only Postfix-related files.  Typically,
the meta_directory parameter has the same default as the config_directory
parameter (/etc/postfix or /usr/local/etc/postfix).  </p>

<p> For backwards compatibility with Postfix versions 2.6..2.11,
specify "meta_directory = $daemon_directory" in main.cf before
installing or upgrading Postfix, or specify "meta_directory =
/path/name" on the "make makefiles", "make install" or "make upgrade"
command line.  </p>

<p> This feature is available in Postfix 3.0 and later. </p>

%PARAM smtpd_policy_service_default_action 451 4.3.5 Server configuration problem

<p> The default action when an SMTPD policy service request fails.
Specify "DUNNO" to behave as if the failed  SMTPD policy service
request was not sent, and to continue processing other access
restrictions, if any. </p>

<p> Limitations: </p>

<ul>

<li> <p>  This parameter may specify any value that would be a valid
SMTPD policy server response (or access(5) map lookup result).  An
access(5) map or policy server in this parameter value may need to
be declared in advance with a restriction_class setting.  </p>

<li> <p> If the specified action invokes another check_policy_service
request, that request will have the built-in default action. </p>

</ul>

<p> This feature is available in Postfix 3.0 and later. </p>

%PARAM smtpd_policy_service_try_limit 2

<p> The maximal number of attempts to send an SMTPD policy service
request before giving up. Specify a value greater than zero. </p>

<p> This feature is available in Postfix 3.0 and later. </p>

%PARAM smtpd_policy_service_retry_delay 1s

<p> The delay between attempts to resend a failed SMTPD policy
service request. Specify a value greater than zero. </p>

<p> This feature is available in Postfix 3.0 and later. </p>

%PARAM smtputf8_enable yes

<p> Enable preliminary SMTPUTF8 support for the protocols described
in RFC 6531..6533. This requires that Postfix is built to support
these protocols. </p>

<p> This feature is available in Postfix 3.0 and later. </p>

%PARAM strict_smtputf8 no

<p> Enable stricter enforcement of the SMTPUTF8 protocol. The Postfix
SMTP server accepts UTF8 sender or recipient addresses only when
the client requests an SMTPUTF8 mail transaction. </p>

<p> This feature is available in Postfix 3.0 and later. </p>

%PARAM smtputf8_autodetect_classes sendmail, verify

<p> Detect that a message requires SMTPUTF8 support for the specified
mail origin classes.  This is a workaround to avoid chicken-and-egg
problems during the initial SMTPUTF8 roll-out in environments with
pre-existing mail flows that contain UTF8. Those mail flows should
not break because Postfix suddenly refuses to deliver such mail
to down-stream MTAs that don't announce SMTPUTF8 support.  </p>

<p> The problem is that Postfix cannot rely solely on the sender's
declaration that a message requires SMTPUTF8 support, because UTF8
may be introduced during local processing (for example, the client
hostname in Postfix's Received: header, adding @$myorigin or
.$mydomain to an incomplete address, address rewriting, alias
expansion, automatic BCC recipients, local forwarding, and changes
made by header checks or Milter applications). </p>

<p> For now, the default is to enable "SMTPUTF8 required" autodetection
only for Postfix sendmail command-line submissions and address
verification probes.  This may change once SMTPUTF8 support achieves
world domination.  However, sites that add UTF8 content via local
processing (see above) should autodetect the need for SMTPUTF8
support for all email.</p>

<p> Specify one or more of the following: </p>

<dl compact>

<dt> <b> sendmail </b> </dt> <dd> Submission with the Postfix
sendmail(1) command. </dd>

<dt> <b> smtpd </b> </dt> <dd> Mail received with the smtpd(8)
daemon. </dd>

<dt> <b> qmqpd </b> </dt> <dd> Mail received with the qmqpd(8)
daemon. </dd>

<dt> <b> forward </b> </dt> <dd> Local forwarding or aliasing.  When
a message is received with "SMTPUTF8 required", then the forwarded
(aliased) message always has "SMTPUTF8 required".  </dd>

<dt> <b> bounce </b> </dt> <dd> Submission by the bounce(8) daemon.
When a message is received with "SMTPUTF8 required", then the
delivery status notification always has "SMTPUTF8 required".  </dd>

<dt> <b> notify </b> </dt> <dd> Postmaster notification from the
smtp(8) or smtpd(8) daemon. </dd>

<dt> <b> verify </b> </dt> <dd> Address verification probe from the
verify(8) daemon.  </dd>

<dt> <b> all </b> </dt> <dd> Enable SMTPUTF8 autodetection for all
mail. </dd>

</dl>

<p> This feature is available in Postfix 3.0 and later. </p>

%PARAM compatibility_level 0

<p> A safety net that causes Postfix to run with backwards-compatible
default settings after an upgrade to a newer Postfix version. </p>

<p> With backwards compatibility turned on (the main.cf compatibility_level
value is less than the Postfix built-in value), Postfix looks for
settings that are left at their implicit default value, and logs a
message when a backwards-compatible default setting is required.
</p>

<blockquote>
<pre>
using backwards-compatible default setting <i>name=value</i>
    to [accept a specific client request]
<nroffescape .sp>
using backwards-compatible default setting <i>name=value</i>
    to [enable specific Postfix behavior]
</pre>
</blockquote>

<p> See COMPATIBILITY_README for specific message details. If such
a message is logged in the context of a legitimate request, the
system administrator should make the backwards-compatible setting
permanent in main.cf or master.cf, for example: </p>

<blockquote>
<pre>
# <b>postconf</b> <i>name=value</i>
# <b>postfix reload</b>
</pre>
</blockquote>

<p> When no more backwards-compatible settings need to be made
permanent, the administrator should turn off backwards compatibility
by updating the compatibility_level setting in main.cf:</p>

<blockquote>
<pre>
# <b>postconf compatibility_level=<i>N</i></b>
# <b>postfix reload</b>
</pre>
</blockquote>

<p> For <i>N</i> specify the number that is logged in your postfix(1)
warning message: </p>

<blockquote>
<pre>
warning: To disable backwards compatibility use "postconf
    compatibility_level=<i>N</i>" and "postfix reload"
</pre>
</blockquote>

<p> This feature is available in Postfix 3.0 and later. </p>

%PARAM message_drop_headers bcc, content-length, resent-bcc, return-path

<p> Names of message headers that the cleanup(8) daemon will remove
after applying header_checks(5) and before invoking Milter applications.
The default setting is compatible with Postfix &lt; 3.0. </p>

<p> Specify a list of header names, separated by comma or space.
Names are matched in a case-insensitive manner.  The list of supported
header names is limited only by available memory.  </p>

<p> This feature is available in Postfix 3.0 and later. </p>

%PARAM nullmx_reject_code 556

<p> The numerical reply code when the Postfix SMTP server rejects
a sender or recipient address because its domain has a nullmx DNS
record (an MX record with an empty hostname). This is one of the
possible replies from the restrictions reject_unknown_sender_domain
and reject_unknown_recipient_domain. </p>

<p> This feature is available in Postfix 3.0 and later. </p>

%PARAM smtpd_dns_reply_filter

<p> Optional filter for Postfix SMTP server DNS lookup results.
See smtp_dns_reply_filter for details including an example.
</p>

<p> This feature is available in Postfix 3.0 and later. </p>

%PARAM lmtp_dns_reply_filter

<p> Optional filter for Postfix LMTP client DNS lookup results.
See smtp_dns_reply_filter for details including an example.  </p>

<p> This feature is available in Postfix 3.0 and later. </p>

#%PARAM postscreen_dns_reply_filter
#
#<p> Optional filter for postscreen(8) DNS lookup results.
#See smtp_dns_reply_filter for details including an example.
#</p>
#
#<p> This feature is available in Postfix 3.0 and later. </p>

%PARAM smtp_dns_reply_filter

<p> Optional filter for Postfix SMTP client DNS lookup results.
Specify zero or more lookup tables.  The lookup tables are searched
in the given order for a match with the DNS lookup result, converted
to the following form: </p>

<pre>
    <i>name ttl class type preference value</i>
</pre>

<p> The <i>class</i> field is always "IN", the <i>preference</i>
field exists only for MX records, the names of hosts, domains, etc.
end in ".", and those names are in ASCII form (xn--mumble form in
the case of UTF8 names).  </p>

<p> When a match is found, the table lookup result specifies an
action.  By default, the table query and the action name are
case-insensitive.  Currently, only the <b>IGNORE</b> action is
implemented.  </p>

<p> Notes: </p>

<ul>

<li> <p> Postfix DNS reply filters have no effect on implicit DNS
lookups through nsswitch.conf or equivalent mechanisms.  </p>

<li> <p> The Postfix SMTP/LMTP client uses smtp_dns_reply_filter
and lmtp_dns_reply_filter only to discover a remote SMTP or LMTP
service (record types MX, A, AAAAA, and TLSA).  These lookups are
also made to implement the features reject_unverified_sender and
reject_unverified_recipient.  </p>

<li> <p> The Postfix SMTP/LMTP client defers mail delivery when
a filter removes all lookup results from a successful query.  </p>

<li> <p> Postfix SMTP server uses smtpd_dns_reply_filter only to
look up MX, A, AAAAA, and TXT records to implement the features
reject_unknown_helo_hostname, reject_unknown_sender_domain,
reject_unknown_recipient_domain, reject_rbl_*, and reject_rhsbl_*.
</p>

<li> <p> The Postfix SMTP server logs a warning or defers mail
delivery when a filter removes all lookup results from a successful
query.  </p>

</ul>

<p> Example: ignore Google AAAA records in Postfix SMTP client DNS
lookups, because Google sometimes hard-rejects mail from IPv6 clients
with valid PTR etc. records. </p>

<pre>
/etc/postfix/main.cf:
    smtp_dns_reply_filter = pcre:/etc/postfix/smtp_dns_reply_filter
</pre>

<pre>
/etc/postfix/smtp_dns_reply_filter:
    # /domain ttl IN AAAA address/ action, all case-insensitive.
    # Note: the domain name ends in ".".
    /^\S+\.google\.com\.\s+\S+\s+\S+\s+AAAA\s+/ IGNORE
</pre>

<p> This feature is available in Postfix 3.0 and later. </p>

%PARAM smtp_tls_wrappermode no

<p> Request that the Postfix SMTP client connects using the
legacy SMTPS protocol instead of using the STARTTLS command. </p>

<p> This mode requires "smtp_tls_security_level = encrypt" or
stronger. </p>

<p> Example: deliver all remote mail via a provider's server
"mail.example.com".  </p>

<pre>
/etc/postfix/main.cf:
    # Client-side SMTPS requires "encrypt" or stronger.
    smtp_tls_security_level = encrypt
    smtp_tls_wrappermode = yes
    # The [] suppress MX lookups.
    relayhost = [mail.example.com]:465
</pre>

<p> More examples are in TLS_README, including examples for older
Postfix versions. </p>

<p> This feature is available in Postfix 3.0 and later.  </p>

%PARAM virtual_alias_address_length_limit 1000

<p>
The maximal length of an email address after virtual alias expansion.
This stops virtual aliasing loops that increase the address length
exponentially.
</p>

<p>
This feature is available in Postfix 3.0 and later.
</p>

%PARAM dns_ncache_ttl_fix_enable no

<p> Enable a workaround for future libc incompatibility. The Postfix
implementation of RFC 2308 negative reply caching relies on the
promise that res_query() and res_search() invoke res_send(), which
returns the server response in an application buffer even if the
requested record does not exist. If this promise is broken, specify
"yes" to enable a  workaround for DNS reputation lookups. </p>

<p>
This feature is available in Postfix 3.1 and later.
</p>

%PARAM smtpd_policy_service_policy_context

<p> Optional information that the Postfix SMTP server specifies in
the "policy_context" attribute of a policy service request (originally,
to share the same service endpoint among multiple check_policy_service
clients).  </p>

<p>
This feature is available in Postfix 3.1 and later.
</p>

%PARAM smtp_tls_dane_insecure_mx_policy dane

<p> The TLS policy for MX hosts with "secure" TLSA records when the
nexthop destination security level is <b>dane</b>, but the MX
record was found via an "insecure" MX lookup.  The choices are:
</p>

<dl>
<dt><b>may</b></dt>
<dd> The TLSA records will be ignored and TLS will be optional.  If
the MX host does not appear to support STARTTLS, or the STARTTLS
handshake fails, mail may be sent in the clear. </dd>
<dt><b>encrypt</b></dt>
<dd> The TLSA records will signal a requirement to use TLS.  While
TLS encryption will be required, authentication will not be performed.
</dd>
<dt><b>dane</b> (default)</dt>
<dd>The TLSA records will be used just as with "secure" MX records.
TLS encryption will be required, and, if at least one of the TLSA
records is "usable", authentication will be required.  When
authentication succeeds, it will be logged only as "Trusted", not
"Verified", because the MX host name could have been forged.  </dd>
</dl>

<p> Though with "insecure" MX records an active attacker can
compromise SMTP transport security by returning forged MX records,
such attacks are "tamper-evident" since any forged MX hostnames
will be recorded in the mail logs.  Attackers who place a high value
staying hidden may be deterred from forging MX records. </p>

<p>
This feature is available in Postfix 3.1 and later. The <b>may</b>
policy is backwards-compatible with earlier Postfix versions.
</p>

%PARAM openssl_path openssl

<p>
The location of the OpenSSL command line program openssl(1).  This
is used by the "<b>postfix tls</b>" command to create private keys,
certificate signing requests, self-signed certificates, and to
compute public key digests for DANE TLSA records.  In multi-instance
environments, this parameter is always determined from the configuration
of the default Postfix instance.
</p>

<p> Example: </p>

<blockquote>
<pre>
/etc/postfix/main.cf:
    # NetBSD pkgsrc:
    openssl_path = /usr/pkg/bin/openssl
    # Local build:
    openssl_path = /usr/local/bin/openssl
</pre>
</blockquote>

<p>
This feature is available in Postfix 3.1 and later.
</p>

%PARAM address_verify_pending_request_limit see "postconf -d" output

<p> A safety limit that prevents address verification requests from
overwhelming the Postfix queue. By default, the number of pending
requests is limited to 1/4 of the active queue maximum size
(qmgr_message_active_limit). The queue manager enforces the limit
by tempfailing requests that exceed the limit. This affects only
unknown addresses and inactive addresses that have expired, because
the verify(8) daemon automatically refreshes an active address
before it expires. </p>

<p> This feature is available in Postfix 3.1 and later.  </p>