1
0

main.cf.default 34 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856
  1. # DO NOT EDIT THIS FILE. EDIT THE MAIN.CF FILE INSTEAD. THE
  2. # TEXT HERE JUST SHOWS DEFAULT SETTINGS BUILT INTO POSTFIX.
  3. #
  4. 2bounce_notice_recipient = postmaster
  5. access_map_defer_code = 450
  6. access_map_reject_code = 554
  7. address_verify_cache_cleanup_interval = 12h
  8. address_verify_default_transport = $default_transport
  9. address_verify_local_transport = $local_transport
  10. address_verify_map = btree:$data_directory/verify_cache
  11. address_verify_negative_cache = yes
  12. address_verify_negative_expire_time = 3d
  13. address_verify_negative_refresh_time = 3h
  14. address_verify_pending_request_limit = 5000
  15. address_verify_poll_count = ${stress?{1}:{3}}
  16. address_verify_poll_delay = 3s
  17. address_verify_positive_expire_time = 31d
  18. address_verify_positive_refresh_time = 7d
  19. address_verify_relay_transport = $relay_transport
  20. address_verify_relayhost = $relayhost
  21. address_verify_sender = $double_bounce_sender
  22. address_verify_sender_dependent_default_transport_maps = $sender_dependent_default_transport_maps
  23. address_verify_sender_dependent_relayhost_maps = $sender_dependent_relayhost_maps
  24. address_verify_sender_ttl = 0s
  25. address_verify_service_name = verify
  26. address_verify_transport_maps = $transport_maps
  27. address_verify_virtual_transport = $virtual_transport
  28. allow_mail_to_commands = alias, forward
  29. allow_mail_to_files = alias, forward
  30. allow_min_user = no
  31. allow_percent_hack = yes
  32. allow_untrusted_routing = no
  33. alternate_config_directories =
  34. always_add_missing_headers = no
  35. always_bcc =
  36. anvil_rate_time_unit = 60s
  37. anvil_status_update_time = 600s
  38. append_at_myorigin = yes
  39. append_dot_mydomain = ${{$compatibility_level} < {1} ? {yes} : {no}}
  40. application_event_drain_time = 100s
  41. authorized_flush_users = static:anyone
  42. authorized_mailq_users = static:anyone
  43. authorized_submit_users = static:anyone
  44. backwards_bounce_logfile_compatibility = yes
  45. berkeley_db_create_buffer_size = 16777216
  46. berkeley_db_read_buffer_size = 131072
  47. best_mx_transport =
  48. biff = yes
  49. body_checks =
  50. body_checks_size_limit = 51200
  51. bounce_notice_recipient = postmaster
  52. bounce_queue_lifetime = 5d
  53. bounce_service_name = bounce
  54. bounce_size_limit = 50000
  55. bounce_template_file =
  56. broken_sasl_auth_clients = no
  57. canonical_classes = envelope_sender, envelope_recipient, header_sender, header_recipient
  58. canonical_maps =
  59. cleanup_service_name = cleanup
  60. command_execution_directory =
  61. command_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
  62. command_time_limit = 1000s
  63. compatibility_level = 0
  64. confirm_delay_cleared = no
  65. connection_cache_protocol_timeout = 5s
  66. connection_cache_service_name = scache
  67. connection_cache_status_update_time = 600s
  68. connection_cache_ttl_limit = 2s
  69. content_filter =
  70. cyrus_sasl_config_path =
  71. daemon_table_open_error_is_fatal = no
  72. daemon_timeout = 18000s
  73. debug_peer_level = 2
  74. debug_peer_list =
  75. debugger_command =
  76. default_delivery_slot_cost = 5
  77. default_delivery_slot_discount = 50
  78. default_delivery_slot_loan = 3
  79. default_delivery_status_filter =
  80. default_destination_concurrency_failed_cohort_limit = 1
  81. default_destination_concurrency_limit = 20
  82. default_destination_concurrency_negative_feedback = 1
  83. default_destination_concurrency_positive_feedback = 1
  84. default_destination_rate_delay = 0s
  85. default_destination_recipient_limit = 50
  86. default_extra_recipient_limit = 1000
  87. default_filter_nexthop =
  88. default_minimum_delivery_slots = 3
  89. default_privs = nobody
  90. default_process_limit = 100
  91. default_rbl_reply = $rbl_code Service unavailable; $rbl_class [$rbl_what] blocked using $rbl_domain${rbl_reason?; $rbl_reason}
  92. default_recipient_limit = 20000
  93. default_recipient_refill_delay = 5s
  94. default_recipient_refill_limit = 100
  95. default_transport = smtp
  96. default_transport_rate_delay = 0s
  97. default_verp_delimiters = +=
  98. defer_code = 450
  99. defer_service_name = defer
  100. defer_transports =
  101. delay_logging_resolution_limit = 2
  102. delay_notice_recipient = postmaster
  103. delay_warning_time = 0h
  104. deliver_lock_attempts = 20
  105. deliver_lock_delay = 1s
  106. destination_concurrency_feedback_debug = no
  107. detect_8bit_encoding_header = yes
  108. disable_dns_lookups = no
  109. disable_mime_input_processing = no
  110. disable_mime_output_conversion = no
  111. disable_verp_bounces = no
  112. disable_vrfy_command = no
  113. dns_ncache_ttl_fix_enable = no
  114. dnsblog_reply_delay = 0s
  115. dnsblog_service_name = dnsblog
  116. dont_remove = 0
  117. double_bounce_sender = double-bounce
  118. duplicate_filter_limit = 1000
  119. empty_address_default_transport_maps_lookup_key = <>
  120. empty_address_recipient = MAILER-DAEMON
  121. empty_address_relayhost_maps_lookup_key = <>
  122. enable_long_queue_ids = no
  123. enable_original_recipient = yes
  124. error_delivery_slot_cost = $default_delivery_slot_cost
  125. error_delivery_slot_discount = $default_delivery_slot_discount
  126. error_delivery_slot_loan = $default_delivery_slot_loan
  127. error_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
  128. error_destination_concurrency_limit = $default_destination_concurrency_limit
  129. error_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
  130. error_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
  131. error_destination_rate_delay = $default_destination_rate_delay
  132. error_destination_recipient_limit = $default_destination_recipient_limit
  133. error_extra_recipient_limit = $default_extra_recipient_limit
  134. error_initial_destination_concurrency = $initial_destination_concurrency
  135. error_minimum_delivery_slots = $default_minimum_delivery_slots
  136. error_notice_recipient = postmaster
  137. error_recipient_limit = $default_recipient_limit
  138. error_recipient_refill_delay = $default_recipient_refill_delay
  139. error_recipient_refill_limit = $default_recipient_refill_limit
  140. error_service_name = error
  141. error_transport_rate_delay = $default_transport_rate_delay
  142. execution_directory_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
  143. expand_owner_alias = no
  144. export_environment = TZ MAIL_CONFIG LANG
  145. fallback_transport =
  146. fallback_transport_maps =
  147. fast_flush_domains = $relay_domains
  148. fast_flush_purge_time = 7d
  149. fast_flush_refresh_time = 12h
  150. fault_injection_code = 0
  151. flush_service_name = flush
  152. fork_attempts = 5
  153. fork_delay = 1s
  154. forward_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
  155. forward_path = $home/.forward${recipient_delimiter}${extension}, $home/.forward
  156. frozen_delivered_to = yes
  157. hash_queue_depth = 1
  158. hash_queue_names = deferred, defer
  159. header_address_token_limit = 10240
  160. header_checks =
  161. header_size_limit = 102400
  162. helpful_warnings = yes
  163. home_mailbox =
  164. hopcount_limit = 50
  165. ignore_mx_lookup_error = no
  166. import_environment = MAIL_CONFIG MAIL_DEBUG MAIL_LOGTAG TZ XAUTHORITY DISPLAY LANG=C
  167. in_flow_delay = 1s
  168. inet_interfaces = all
  169. inet_protocols = all
  170. initial_destination_concurrency = 5
  171. internal_mail_filter_classes =
  172. invalid_hostname_reject_code = 501
  173. ipc_idle = 5s
  174. ipc_timeout = 3600s
  175. ipc_ttl = 1000s
  176. line_length_limit = 2048
  177. lmdb_map_size = 16777216
  178. lmtp_address_preference = any
  179. lmtp_address_verify_target = rcpt
  180. lmtp_assume_final = no
  181. lmtp_bind_address =
  182. lmtp_bind_address6 =
  183. lmtp_body_checks =
  184. lmtp_cname_overrides_servername = no
  185. lmtp_connect_timeout = 0s
  186. lmtp_connection_cache_destinations =
  187. lmtp_connection_cache_on_demand = yes
  188. lmtp_connection_cache_time_limit = 2s
  189. lmtp_connection_reuse_count_limit = 0
  190. lmtp_connection_reuse_time_limit = 300s
  191. lmtp_data_done_timeout = 600s
  192. lmtp_data_init_timeout = 120s
  193. lmtp_data_xfer_timeout = 180s
  194. lmtp_defer_if_no_mx_address_found = no
  195. lmtp_delivery_slot_cost = $default_delivery_slot_cost
  196. lmtp_delivery_slot_discount = $default_delivery_slot_discount
  197. lmtp_delivery_slot_loan = $default_delivery_slot_loan
  198. lmtp_delivery_status_filter = $default_delivery_status_filter
  199. lmtp_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
  200. lmtp_destination_concurrency_limit = $default_destination_concurrency_limit
  201. lmtp_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
  202. lmtp_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
  203. lmtp_destination_rate_delay = $default_destination_rate_delay
  204. lmtp_destination_recipient_limit = $default_destination_recipient_limit
  205. lmtp_discard_lhlo_keyword_address_maps =
  206. lmtp_discard_lhlo_keywords =
  207. lmtp_dns_reply_filter =
  208. lmtp_dns_resolver_options =
  209. lmtp_dns_support_level =
  210. lmtp_enforce_tls = no
  211. lmtp_extra_recipient_limit = $default_extra_recipient_limit
  212. lmtp_fallback_relay =
  213. lmtp_generic_maps =
  214. lmtp_header_checks =
  215. lmtp_host_lookup = dns
  216. lmtp_initial_destination_concurrency = $initial_destination_concurrency
  217. lmtp_lhlo_name = $myhostname
  218. lmtp_lhlo_timeout = 300s
  219. lmtp_line_length_limit = 998
  220. lmtp_mail_timeout = 300s
  221. lmtp_mime_header_checks =
  222. lmtp_minimum_delivery_slots = $default_minimum_delivery_slots
  223. lmtp_mx_address_limit = 5
  224. lmtp_mx_session_limit = 2
  225. lmtp_nested_header_checks =
  226. lmtp_per_record_deadline = no
  227. lmtp_pix_workaround_delay_time = 10s
  228. lmtp_pix_workaround_maps =
  229. lmtp_pix_workaround_threshold_time = 500s
  230. lmtp_pix_workarounds = disable_esmtp,delay_dotcrlf
  231. lmtp_quit_timeout = 300s
  232. lmtp_quote_rfc821_envelope = yes
  233. lmtp_randomize_addresses = yes
  234. lmtp_rcpt_timeout = 300s
  235. lmtp_recipient_limit = $default_recipient_limit
  236. lmtp_recipient_refill_delay = $default_recipient_refill_delay
  237. lmtp_recipient_refill_limit = $default_recipient_refill_limit
  238. lmtp_reply_filter =
  239. lmtp_rset_timeout = 20s
  240. lmtp_sasl_auth_cache_name =
  241. lmtp_sasl_auth_cache_time = 90d
  242. lmtp_sasl_auth_enable = no
  243. lmtp_sasl_auth_soft_bounce = yes
  244. lmtp_sasl_mechanism_filter =
  245. lmtp_sasl_password_maps =
  246. lmtp_sasl_path =
  247. lmtp_sasl_security_options = noplaintext, noanonymous
  248. lmtp_sasl_tls_security_options = $lmtp_sasl_security_options
  249. lmtp_sasl_tls_verified_security_options = $lmtp_sasl_tls_security_options
  250. lmtp_sasl_type = cyrus
  251. lmtp_send_dummy_mail_auth = no
  252. lmtp_send_xforward_command = no
  253. lmtp_sender_dependent_authentication = no
  254. lmtp_skip_5xx_greeting = yes
  255. lmtp_skip_quit_response = no
  256. lmtp_starttls_timeout = 300s
  257. lmtp_tcp_port = 24
  258. lmtp_tls_CAfile =
  259. lmtp_tls_CApath =
  260. lmtp_tls_block_early_mail_reply = no
  261. lmtp_tls_cert_file =
  262. lmtp_tls_ciphers = medium
  263. lmtp_tls_dcert_file =
  264. lmtp_tls_dkey_file = $lmtp_tls_dcert_file
  265. lmtp_tls_eccert_file =
  266. lmtp_tls_eckey_file = $lmtp_tls_eccert_file
  267. lmtp_tls_enforce_peername = yes
  268. lmtp_tls_exclude_ciphers =
  269. lmtp_tls_fingerprint_cert_match =
  270. lmtp_tls_fingerprint_digest = md5
  271. lmtp_tls_force_insecure_host_tlsa_lookup = no
  272. lmtp_tls_key_file = $lmtp_tls_cert_file
  273. lmtp_tls_loglevel = 0
  274. lmtp_tls_mandatory_ciphers = medium
  275. lmtp_tls_mandatory_exclude_ciphers =
  276. lmtp_tls_mandatory_protocols = !SSLv2, !SSLv3
  277. lmtp_tls_note_starttls_offer = no
  278. lmtp_tls_per_site =
  279. lmtp_tls_policy_maps =
  280. lmtp_tls_protocols = !SSLv2, !SSLv3
  281. lmtp_tls_scert_verifydepth = 9
  282. lmtp_tls_secure_cert_match = nexthop
  283. lmtp_tls_security_level =
  284. lmtp_tls_session_cache_database =
  285. lmtp_tls_session_cache_timeout = 3600s
  286. lmtp_tls_trust_anchor_file =
  287. lmtp_tls_verify_cert_match = hostname
  288. lmtp_tls_wrappermode = no
  289. lmtp_transport_rate_delay = $default_transport_rate_delay
  290. lmtp_use_tls = no
  291. lmtp_xforward_timeout = 300s
  292. local_command_shell =
  293. local_delivery_slot_cost = $default_delivery_slot_cost
  294. local_delivery_slot_discount = $default_delivery_slot_discount
  295. local_delivery_slot_loan = $default_delivery_slot_loan
  296. local_delivery_status_filter = $default_delivery_status_filter
  297. local_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
  298. local_destination_concurrency_limit = 2
  299. local_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
  300. local_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
  301. local_destination_rate_delay = $default_destination_rate_delay
  302. local_destination_recipient_limit = 1
  303. local_extra_recipient_limit = $default_extra_recipient_limit
  304. local_header_rewrite_clients = permit_inet_interfaces
  305. local_initial_destination_concurrency = $initial_destination_concurrency
  306. local_minimum_delivery_slots = $default_minimum_delivery_slots
  307. local_recipient_limit = $default_recipient_limit
  308. local_recipient_maps = proxy:unix:passwd.byname $alias_maps
  309. local_recipient_refill_delay = $default_recipient_refill_delay
  310. local_recipient_refill_limit = $default_recipient_refill_limit
  311. local_transport = local:$myhostname
  312. local_transport_rate_delay = $default_transport_rate_delay
  313. luser_relay =
  314. mail_name = Postfix
  315. mail_owner = postfix
  316. mail_release_date = 20161001
  317. mail_version = 3.1.3
  318. mailbox_command =
  319. mailbox_command_maps =
  320. mailbox_delivery_lock = fcntl, dotlock
  321. mailbox_size_limit = 51200000
  322. mailbox_transport =
  323. mailbox_transport_maps =
  324. maps_rbl_domains =
  325. maps_rbl_reject_code = 554
  326. masquerade_classes = envelope_sender, header_sender, header_recipient
  327. masquerade_domains =
  328. masquerade_exceptions =
  329. master_service_disable =
  330. max_idle = 100s
  331. max_use = 100
  332. maximal_backoff_time = 4000s
  333. maximal_queue_lifetime = 5d
  334. message_drop_headers = bcc, content-length, resent-bcc, return-path
  335. message_reject_characters =
  336. message_size_limit = 10240000
  337. message_strip_characters =
  338. milter_command_timeout = 30s
  339. milter_connect_macros = j {daemon_name} v
  340. milter_connect_timeout = 30s
  341. milter_content_timeout = 300s
  342. milter_data_macros = i
  343. milter_default_action = tempfail
  344. milter_end_of_data_macros = i
  345. milter_end_of_header_macros = i
  346. milter_header_checks =
  347. milter_helo_macros = {tls_version} {cipher} {cipher_bits} {cert_subject} {cert_issuer}
  348. milter_macro_daemon_name = $myhostname
  349. milter_macro_defaults =
  350. milter_macro_v = $mail_name $mail_version
  351. milter_mail_macros = i {auth_type} {auth_authen} {auth_author} {mail_addr} {mail_host} {mail_mailer}
  352. milter_protocol = 6
  353. milter_rcpt_macros = i {rcpt_addr} {rcpt_host} {rcpt_mailer}
  354. milter_unknown_command_macros =
  355. mime_boundary_length_limit = 2048
  356. mime_header_checks = $header_checks
  357. mime_nesting_limit = 100
  358. minimal_backoff_time = 300s
  359. multi_instance_directories =
  360. multi_instance_enable = no
  361. multi_instance_group =
  362. multi_instance_name =
  363. multi_instance_wrapper =
  364. multi_recipient_bounce_reject_code = 550
  365. mydestination = $myhostname, localhost.$mydomain, localhost
  366. myorigin = $myhostname
  367. nested_header_checks = $header_checks
  368. non_fqdn_reject_code = 504
  369. non_smtpd_milters =
  370. notify_classes = resource, software
  371. openssl_path = openssl
  372. owner_request_special = yes
  373. parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,relay_domains,smtpd_access_maps
  374. permit_mx_backup_networks =
  375. pickup_service_name = pickup
  376. pipe_delivery_status_filter = $default_delivery_status_filter
  377. plaintext_reject_code = 450
  378. postmulti_control_commands = reload flush
  379. postmulti_start_commands = start
  380. postmulti_stop_commands = stop abort drain quick-stop
  381. postscreen_access_list = permit_mynetworks
  382. postscreen_bare_newline_action = ignore
  383. postscreen_bare_newline_enable = no
  384. postscreen_bare_newline_ttl = 30d
  385. postscreen_blacklist_action = ignore
  386. postscreen_cache_cleanup_interval = 12h
  387. postscreen_cache_map = btree:$data_directory/postscreen_cache
  388. postscreen_cache_retention_time = 7d
  389. postscreen_client_connection_count_limit = $smtpd_client_connection_count_limit
  390. postscreen_command_count_limit = 20
  391. postscreen_command_filter =
  392. postscreen_command_time_limit = ${stress?{10}:{300}}s
  393. postscreen_disable_vrfy_command = $disable_vrfy_command
  394. postscreen_discard_ehlo_keyword_address_maps = $smtpd_discard_ehlo_keyword_address_maps
  395. postscreen_discard_ehlo_keywords = $smtpd_discard_ehlo_keywords
  396. postscreen_dnsbl_action = ignore
  397. postscreen_dnsbl_max_ttl = ${postscreen_dnsbl_ttl?{$postscreen_dnsbl_ttl}:{1}}h
  398. postscreen_dnsbl_min_ttl = 60s
  399. postscreen_dnsbl_reply_map =
  400. postscreen_dnsbl_sites =
  401. postscreen_dnsbl_threshold = 1
  402. postscreen_dnsbl_timeout = 10s
  403. postscreen_dnsbl_whitelist_threshold = 0
  404. postscreen_enforce_tls = $smtpd_enforce_tls
  405. postscreen_expansion_filter = $smtpd_expansion_filter
  406. postscreen_forbidden_commands = $smtpd_forbidden_commands
  407. postscreen_greet_action = ignore
  408. postscreen_greet_banner = $smtpd_banner
  409. postscreen_greet_ttl = 1d
  410. postscreen_greet_wait = ${stress?{2}:{6}}s
  411. postscreen_helo_required = $smtpd_helo_required
  412. postscreen_non_smtp_command_action = drop
  413. postscreen_non_smtp_command_enable = no
  414. postscreen_non_smtp_command_ttl = 30d
  415. postscreen_pipelining_action = enforce
  416. postscreen_pipelining_enable = no
  417. postscreen_pipelining_ttl = 30d
  418. postscreen_post_queue_limit = $default_process_limit
  419. postscreen_pre_queue_limit = $default_process_limit
  420. postscreen_reject_footer = $smtpd_reject_footer
  421. postscreen_tls_security_level = $smtpd_tls_security_level
  422. postscreen_upstream_proxy_protocol =
  423. postscreen_upstream_proxy_timeout = 5s
  424. postscreen_use_tls = $smtpd_use_tls
  425. postscreen_watchdog_timeout = 10s
  426. postscreen_whitelist_interfaces = static:all
  427. prepend_delivered_header = command, file, forward
  428. process_id_directory = pid
  429. process_name = postconf
  430. propagate_unmatched_extensions = canonical, virtual
  431. proxy_interfaces =
  432. proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $sender_bcc_maps $recipient_bcc_maps $smtp_generic_maps $lmtp_generic_maps $alias_maps $smtpd_client_restrictions $smtpd_helo_restrictions $smtpd_sender_restrictions $smtpd_relay_restrictions $smtpd_recipient_restrictions
  433. proxy_write_maps = $smtp_sasl_auth_cache_name $lmtp_sasl_auth_cache_name $address_verify_map $postscreen_cache_map
  434. proxymap_service_name = proxymap
  435. proxywrite_service_name = proxywrite
  436. qmgr_clog_warn_time = 300s
  437. qmgr_daemon_timeout = 1000s
  438. qmgr_fudge_factor = 100
  439. qmgr_ipc_timeout = 60s
  440. qmgr_message_active_limit = 20000
  441. qmgr_message_recipient_limit = 20000
  442. qmgr_message_recipient_minimum = 10
  443. qmqpd_authorized_clients =
  444. qmqpd_client_port_logging = no
  445. qmqpd_error_delay = 1s
  446. qmqpd_timeout = 300s
  447. queue_file_attribute_count_limit = 100
  448. queue_minfree = 0
  449. queue_run_delay = 300s
  450. queue_service_name = qmgr
  451. rbl_reply_maps =
  452. receive_override_options =
  453. recipient_bcc_maps =
  454. recipient_canonical_classes = envelope_recipient, header_recipient
  455. recipient_canonical_maps =
  456. recipient_delimiter =
  457. reject_code = 554
  458. reject_tempfail_action = defer_if_permit
  459. relay_clientcerts =
  460. relay_delivery_slot_cost = $default_delivery_slot_cost
  461. relay_delivery_slot_discount = $default_delivery_slot_discount
  462. relay_delivery_slot_loan = $default_delivery_slot_loan
  463. relay_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
  464. relay_destination_concurrency_limit = $default_destination_concurrency_limit
  465. relay_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
  466. relay_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
  467. relay_destination_rate_delay = $default_destination_rate_delay
  468. relay_destination_recipient_limit = $default_destination_recipient_limit
  469. relay_domains = ${{$compatibility_level} < {2} ? {$mydestination} : {}}
  470. relay_domains_reject_code = 554
  471. relay_extra_recipient_limit = $default_extra_recipient_limit
  472. relay_initial_destination_concurrency = $initial_destination_concurrency
  473. relay_minimum_delivery_slots = $default_minimum_delivery_slots
  474. relay_recipient_limit = $default_recipient_limit
  475. relay_recipient_maps =
  476. relay_recipient_refill_delay = $default_recipient_refill_delay
  477. relay_recipient_refill_limit = $default_recipient_refill_limit
  478. relay_transport = relay
  479. relay_transport_rate_delay = $default_transport_rate_delay
  480. relayhost =
  481. relocated_maps =
  482. remote_header_rewrite_domain =
  483. require_home_directory = no
  484. reset_owner_alias = no
  485. resolve_dequoted_address = yes
  486. resolve_null_domain = no
  487. resolve_numeric_domain = no
  488. retry_delivery_slot_cost = $default_delivery_slot_cost
  489. retry_delivery_slot_discount = $default_delivery_slot_discount
  490. retry_delivery_slot_loan = $default_delivery_slot_loan
  491. retry_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
  492. retry_destination_concurrency_limit = $default_destination_concurrency_limit
  493. retry_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
  494. retry_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
  495. retry_destination_rate_delay = $default_destination_rate_delay
  496. retry_destination_recipient_limit = $default_destination_recipient_limit
  497. retry_extra_recipient_limit = $default_extra_recipient_limit
  498. retry_initial_destination_concurrency = $initial_destination_concurrency
  499. retry_minimum_delivery_slots = $default_minimum_delivery_slots
  500. retry_recipient_limit = $default_recipient_limit
  501. retry_recipient_refill_delay = $default_recipient_refill_delay
  502. retry_recipient_refill_limit = $default_recipient_refill_limit
  503. retry_transport_rate_delay = $default_transport_rate_delay
  504. rewrite_service_name = rewrite
  505. send_cyrus_sasl_authzid = no
  506. sender_bcc_maps =
  507. sender_canonical_classes = envelope_sender, header_sender
  508. sender_canonical_maps =
  509. sender_dependent_default_transport_maps =
  510. sender_dependent_relayhost_maps =
  511. sendmail_fix_line_endings = always
  512. service_throttle_time = 60s
  513. setgid_group = postdrop
  514. show_user_unknown_table_name = yes
  515. showq_service_name = showq
  516. smtp_address_preference = any
  517. smtp_address_verify_target = rcpt
  518. smtp_always_send_ehlo = yes
  519. smtp_bind_address =
  520. smtp_bind_address6 =
  521. smtp_body_checks =
  522. smtp_cname_overrides_servername = no
  523. smtp_connect_timeout = 30s
  524. smtp_connection_cache_destinations =
  525. smtp_connection_cache_on_demand = no
  526. smtp_connection_cache_time_limit = 2s
  527. smtp_connection_reuse_count_limit = 0
  528. smtp_connection_reuse_time_limit = 300s
  529. smtp_data_done_timeout = 600s
  530. smtp_data_init_timeout = 120s
  531. smtp_data_xfer_timeout = 180s
  532. smtp_defer_if_no_mx_address_found = no
  533. smtp_delivery_slot_cost = $default_delivery_slot_cost
  534. smtp_delivery_slot_discount = $default_delivery_slot_discount
  535. smtp_delivery_slot_loan = $default_delivery_slot_loan
  536. smtp_delivery_status_filter = $default_delivery_status_filter
  537. smtp_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
  538. smtp_destination_concurrency_limit = $default_destination_concurrency_limit
  539. smtp_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
  540. smtp_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
  541. smtp_destination_rate_delay = $default_destination_rate_delay
  542. smtp_destination_recipient_limit = $default_destination_recipient_limit
  543. smtp_discard_ehlo_keyword_address_maps =
  544. smtp_discard_ehlo_keywords =
  545. smtp_dns_reply_filter =
  546. smtp_dns_resolver_options =
  547. smtp_dns_support_level =
  548. smtp_enforce_tls = no
  549. smtp_extra_recipient_limit = $default_extra_recipient_limit
  550. smtp_fallback_relay = $fallback_relay
  551. smtp_generic_maps =
  552. smtp_header_checks =
  553. smtp_helo_name = $myhostname
  554. smtp_helo_timeout = 300s
  555. smtp_host_lookup = dns
  556. smtp_initial_destination_concurrency = $initial_destination_concurrency
  557. smtp_line_length_limit = 998
  558. smtp_mail_timeout = 300s
  559. smtp_mime_header_checks =
  560. smtp_minimum_delivery_slots = $default_minimum_delivery_slots
  561. smtp_mx_address_limit = 5
  562. smtp_mx_session_limit = 2
  563. smtp_nested_header_checks =
  564. smtp_never_send_ehlo = no
  565. smtp_per_record_deadline = no
  566. smtp_pix_workaround_delay_time = 10s
  567. smtp_pix_workaround_maps =
  568. smtp_pix_workaround_threshold_time = 500s
  569. smtp_pix_workarounds = disable_esmtp,delay_dotcrlf
  570. smtp_quit_timeout = 300s
  571. smtp_quote_rfc821_envelope = yes
  572. smtp_randomize_addresses = yes
  573. smtp_rcpt_timeout = 300s
  574. smtp_recipient_limit = $default_recipient_limit
  575. smtp_recipient_refill_delay = $default_recipient_refill_delay
  576. smtp_recipient_refill_limit = $default_recipient_refill_limit
  577. smtp_reply_filter =
  578. smtp_rset_timeout = 20s
  579. smtp_sasl_auth_cache_name =
  580. smtp_sasl_auth_cache_time = 90d
  581. smtp_sasl_auth_enable = no
  582. smtp_sasl_auth_soft_bounce = yes
  583. smtp_sasl_mechanism_filter =
  584. smtp_sasl_password_maps =
  585. smtp_sasl_path =
  586. smtp_sasl_security_options = noplaintext, noanonymous
  587. smtp_sasl_tls_security_options = $smtp_sasl_security_options
  588. smtp_sasl_tls_verified_security_options = $smtp_sasl_tls_security_options
  589. smtp_sasl_type = cyrus
  590. smtp_send_dummy_mail_auth = no
  591. smtp_send_xforward_command = no
  592. smtp_sender_dependent_authentication = no
  593. smtp_skip_5xx_greeting = yes
  594. smtp_skip_quit_response = yes
  595. smtp_starttls_timeout = 300s
  596. smtp_tls_CAfile =
  597. smtp_tls_CApath =
  598. smtp_tls_block_early_mail_reply = no
  599. smtp_tls_cert_file =
  600. smtp_tls_ciphers = medium
  601. smtp_tls_dane_insecure_mx_policy = dane
  602. smtp_tls_dcert_file =
  603. smtp_tls_dkey_file = $smtp_tls_dcert_file
  604. smtp_tls_eccert_file =
  605. smtp_tls_eckey_file = $smtp_tls_eccert_file
  606. smtp_tls_enforce_peername = yes
  607. smtp_tls_exclude_ciphers =
  608. smtp_tls_fingerprint_cert_match =
  609. smtp_tls_fingerprint_digest = md5
  610. smtp_tls_force_insecure_host_tlsa_lookup = no
  611. smtp_tls_key_file = $smtp_tls_cert_file
  612. smtp_tls_loglevel = 0
  613. smtp_tls_mandatory_ciphers = medium
  614. smtp_tls_mandatory_exclude_ciphers =
  615. smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
  616. smtp_tls_note_starttls_offer = no
  617. smtp_tls_per_site =
  618. smtp_tls_policy_maps =
  619. smtp_tls_protocols = !SSLv2, !SSLv3
  620. smtp_tls_scert_verifydepth = 9
  621. smtp_tls_secure_cert_match = nexthop, dot-nexthop
  622. smtp_tls_security_level =
  623. smtp_tls_session_cache_database =
  624. smtp_tls_session_cache_timeout = 3600s
  625. smtp_tls_trust_anchor_file =
  626. smtp_tls_verify_cert_match = hostname
  627. smtp_tls_wrappermode = no
  628. smtp_transport_rate_delay = $default_transport_rate_delay
  629. smtp_use_tls = no
  630. smtp_xforward_timeout = 300s
  631. smtpd_authorized_verp_clients = $authorized_verp_clients
  632. smtpd_authorized_xclient_hosts =
  633. smtpd_authorized_xforward_hosts =
  634. smtpd_banner = $myhostname ESMTP $mail_name
  635. smtpd_client_auth_rate_limit = 0
  636. smtpd_client_connection_count_limit = 50
  637. smtpd_client_connection_rate_limit = 0
  638. smtpd_client_event_limit_exceptions = ${smtpd_client_connection_limit_exceptions:$mynetworks}
  639. smtpd_client_message_rate_limit = 0
  640. smtpd_client_new_tls_session_rate_limit = 0
  641. smtpd_client_port_logging = no
  642. smtpd_client_recipient_rate_limit = 0
  643. smtpd_client_restrictions =
  644. smtpd_command_filter =
  645. smtpd_data_restrictions =
  646. smtpd_delay_open_until_valid_rcpt = yes
  647. smtpd_delay_reject = yes
  648. smtpd_discard_ehlo_keyword_address_maps =
  649. smtpd_discard_ehlo_keywords =
  650. smtpd_dns_reply_filter =
  651. smtpd_end_of_data_restrictions =
  652. smtpd_enforce_tls = no
  653. smtpd_error_sleep_time = 1s
  654. smtpd_etrn_restrictions =
  655. smtpd_expansion_filter = \t\40!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~
  656. smtpd_forbidden_commands = CONNECT GET POST
  657. smtpd_hard_error_limit = ${stress?{1}:{20}}
  658. smtpd_helo_required = no
  659. smtpd_helo_restrictions =
  660. smtpd_history_flush_threshold = 100
  661. smtpd_junk_command_limit = ${stress?{1}:{100}}
  662. smtpd_log_access_permit_actions =
  663. smtpd_milters =
  664. smtpd_noop_commands =
  665. smtpd_null_access_lookup_key = <>
  666. smtpd_peername_lookup = yes
  667. smtpd_per_record_deadline = ${stress?{yes}:{no}}
  668. smtpd_policy_service_default_action = 451 4.3.5 Server configuration problem
  669. smtpd_policy_service_max_idle = 300s
  670. smtpd_policy_service_max_ttl = 1000s
  671. smtpd_policy_service_policy_context =
  672. smtpd_policy_service_request_limit = 0
  673. smtpd_policy_service_retry_delay = 1s
  674. smtpd_policy_service_timeout = 100s
  675. smtpd_policy_service_try_limit = 2
  676. smtpd_proxy_ehlo = $myhostname
  677. smtpd_proxy_filter =
  678. smtpd_proxy_options =
  679. smtpd_proxy_timeout = 100s
  680. smtpd_recipient_limit = 1000
  681. smtpd_recipient_overshoot_limit = 1000
  682. smtpd_recipient_restrictions =
  683. smtpd_reject_footer =
  684. smtpd_reject_unlisted_recipient = yes
  685. smtpd_reject_unlisted_sender = no
  686. smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination
  687. smtpd_restriction_classes =
  688. smtpd_sasl_auth_enable = no
  689. smtpd_sasl_authenticated_header = no
  690. smtpd_sasl_exceptions_networks =
  691. smtpd_sasl_local_domain =
  692. smtpd_sasl_path = smtpd
  693. smtpd_sasl_security_options = noanonymous
  694. smtpd_sasl_service = smtp
  695. smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
  696. smtpd_sasl_type = cyrus
  697. smtpd_sender_login_maps =
  698. smtpd_sender_restrictions =
  699. smtpd_service_name = smtpd
  700. smtpd_soft_error_limit = 10
  701. smtpd_starttls_timeout = ${stress?{10}:{300}}s
  702. smtpd_timeout = ${stress?{10}:{300}}s
  703. smtpd_tls_CAfile =
  704. smtpd_tls_CApath =
  705. smtpd_tls_always_issue_session_ids = yes
  706. smtpd_tls_ask_ccert = no
  707. smtpd_tls_auth_only = no
  708. smtpd_tls_ccert_verifydepth = 9
  709. smtpd_tls_cert_file =
  710. smtpd_tls_ciphers = medium
  711. smtpd_tls_dcert_file =
  712. smtpd_tls_dh1024_param_file =
  713. smtpd_tls_dh512_param_file =
  714. smtpd_tls_dkey_file = $smtpd_tls_dcert_file
  715. smtpd_tls_eccert_file =
  716. smtpd_tls_eckey_file = $smtpd_tls_eccert_file
  717. smtpd_tls_eecdh_grade = strong
  718. smtpd_tls_exclude_ciphers =
  719. smtpd_tls_fingerprint_digest = md5
  720. smtpd_tls_key_file = $smtpd_tls_cert_file
  721. smtpd_tls_loglevel = 0
  722. smtpd_tls_mandatory_ciphers = medium
  723. smtpd_tls_mandatory_exclude_ciphers =
  724. smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
  725. smtpd_tls_protocols = !SSLv2, !SSLv3
  726. smtpd_tls_received_header = no
  727. smtpd_tls_req_ccert = no
  728. smtpd_tls_security_level =
  729. smtpd_tls_session_cache_database =
  730. smtpd_tls_session_cache_timeout = 3600s
  731. smtpd_tls_wrappermode = no
  732. smtpd_upstream_proxy_protocol =
  733. smtpd_upstream_proxy_timeout = 5s
  734. smtpd_use_tls = no
  735. smtputf8_autodetect_classes = sendmail, verify
  736. soft_bounce = no
  737. stale_lock_time = 500s
  738. stress =
  739. strict_7bit_headers = no
  740. strict_8bitmime = no
  741. strict_8bitmime_body = no
  742. strict_mailbox_ownership = yes
  743. strict_mime_encoding_domain = no
  744. strict_rfc821_envelopes = no
  745. strict_smtputf8 = no
  746. sun_mailtool_compatibility = no
  747. swap_bangpath = yes
  748. syslog_facility = mail
  749. syslog_name = ${multi_instance_name?{$multi_instance_name}:{postfix}}
  750. tcp_windowsize = 0
  751. tls_append_default_CA = no
  752. tls_daemon_random_bytes = 32
  753. tls_dane_digest_agility = on
  754. tls_dane_digests = sha512 sha256
  755. tls_dane_trust_anchor_digest_enable = yes
  756. tls_disable_workarounds =
  757. tls_eecdh_strong_curve = prime256v1
  758. tls_eecdh_ultra_curve = secp384r1
  759. tls_export_cipherlist = aNULL:-aNULL:HIGH:MEDIUM:LOW:EXPORT:+RC4:@STRENGTH
  760. tls_high_cipherlist = aNULL:-aNULL:HIGH:@STRENGTH
  761. tls_legacy_public_key_fingerprints = no
  762. tls_low_cipherlist = aNULL:-aNULL:HIGH:MEDIUM:LOW:+RC4:@STRENGTH
  763. tls_medium_cipherlist = aNULL:-aNULL:HIGH:MEDIUM:+RC4:@STRENGTH
  764. tls_null_cipherlist = eNULL:!aNULL
  765. tls_preempt_cipherlist = no
  766. tls_random_bytes = 32
  767. tls_random_exchange_name = ${data_directory}/prng_exch
  768. tls_random_prng_update_period = 3600s
  769. tls_random_reseed_period = 3600s
  770. tls_random_source = dev:/dev/urandom
  771. tls_session_ticket_cipher = aes-256-cbc
  772. tls_ssl_options =
  773. tls_wildcard_matches_multiple_labels = yes
  774. tlsmgr_service_name = tlsmgr
  775. tlsproxy_enforce_tls = $smtpd_enforce_tls
  776. tlsproxy_service_name = tlsproxy
  777. tlsproxy_tls_CAfile = $smtpd_tls_CAfile
  778. tlsproxy_tls_CApath = $smtpd_tls_CApath
  779. tlsproxy_tls_always_issue_session_ids = $smtpd_tls_always_issue_session_ids
  780. tlsproxy_tls_ask_ccert = $smtpd_tls_ask_ccert
  781. tlsproxy_tls_ccert_verifydepth = $smtpd_tls_ccert_verifydepth
  782. tlsproxy_tls_cert_file = $smtpd_tls_cert_file
  783. tlsproxy_tls_ciphers = $smtpd_tls_ciphers
  784. tlsproxy_tls_dcert_file = $smtpd_tls_dcert_file
  785. tlsproxy_tls_dh1024_param_file = $smtpd_tls_dh1024_param_file
  786. tlsproxy_tls_dh512_param_file = $smtpd_tls_dh512_param_file
  787. tlsproxy_tls_dkey_file = $smtpd_tls_dkey_file
  788. tlsproxy_tls_eccert_file = $smtpd_tls_eccert_file
  789. tlsproxy_tls_eckey_file = $smtpd_tls_eckey_file
  790. tlsproxy_tls_eecdh_grade = $smtpd_tls_eecdh_grade
  791. tlsproxy_tls_exclude_ciphers = $smtpd_tls_exclude_ciphers
  792. tlsproxy_tls_fingerprint_digest = $smtpd_tls_fingerprint_digest
  793. tlsproxy_tls_key_file = $smtpd_tls_key_file
  794. tlsproxy_tls_loglevel = $smtpd_tls_loglevel
  795. tlsproxy_tls_mandatory_ciphers = $smtpd_tls_mandatory_ciphers
  796. tlsproxy_tls_mandatory_exclude_ciphers = $smtpd_tls_mandatory_exclude_ciphers
  797. tlsproxy_tls_mandatory_protocols = $smtpd_tls_mandatory_protocols
  798. tlsproxy_tls_protocols = $smtpd_tls_protocols
  799. tlsproxy_tls_req_ccert = $smtpd_tls_req_ccert
  800. tlsproxy_tls_security_level = $smtpd_tls_security_level
  801. tlsproxy_use_tls = $smtpd_use_tls
  802. tlsproxy_watchdog_timeout = 10s
  803. trace_service_name = trace
  804. transport_maps =
  805. transport_retry_time = 60s
  806. trigger_timeout = 10s
  807. undisclosed_recipients_header =
  808. unknown_address_reject_code = 450
  809. unknown_address_tempfail_action = $reject_tempfail_action
  810. unknown_client_reject_code = 450
  811. unknown_helo_hostname_tempfail_action = $reject_tempfail_action
  812. unknown_hostname_reject_code = 450
  813. unknown_local_recipient_reject_code = 550
  814. unknown_relay_recipient_reject_code = 550
  815. unknown_virtual_alias_reject_code = 550
  816. unknown_virtual_mailbox_reject_code = 550
  817. unverified_recipient_defer_code = 450
  818. unverified_recipient_reject_code = 450
  819. unverified_recipient_reject_reason =
  820. unverified_recipient_tempfail_action = $reject_tempfail_action
  821. unverified_sender_defer_code = 450
  822. unverified_sender_reject_code = 450
  823. unverified_sender_reject_reason =
  824. unverified_sender_tempfail_action = $reject_tempfail_action
  825. verp_delimiter_filter = -=+
  826. virtual_alias_address_length_limit = 1000
  827. virtual_alias_domains = $virtual_alias_maps
  828. virtual_alias_expansion_limit = 1000
  829. virtual_alias_maps = $virtual_maps
  830. virtual_alias_recursion_limit = 1000
  831. virtual_delivery_slot_cost = $default_delivery_slot_cost
  832. virtual_delivery_slot_discount = $default_delivery_slot_discount
  833. virtual_delivery_slot_loan = $default_delivery_slot_loan
  834. virtual_delivery_status_filter = $default_delivery_status_filter
  835. virtual_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
  836. virtual_destination_concurrency_limit = $default_destination_concurrency_limit
  837. virtual_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
  838. virtual_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
  839. virtual_destination_rate_delay = $default_destination_rate_delay
  840. virtual_destination_recipient_limit = $default_destination_recipient_limit
  841. virtual_extra_recipient_limit = $default_extra_recipient_limit
  842. virtual_gid_maps =
  843. virtual_initial_destination_concurrency = $initial_destination_concurrency
  844. virtual_mailbox_base =
  845. virtual_mailbox_domains = $virtual_mailbox_maps
  846. virtual_mailbox_limit = 51200000
  847. virtual_mailbox_lock = fcntl, dotlock
  848. virtual_mailbox_maps =
  849. virtual_minimum_delivery_slots = $default_minimum_delivery_slots
  850. virtual_minimum_uid = 100
  851. virtual_recipient_limit = $default_recipient_limit
  852. virtual_recipient_refill_delay = $default_recipient_refill_delay
  853. virtual_recipient_refill_limit = $default_recipient_refill_limit
  854. virtual_transport = virtual
  855. virtual_transport_rate_delay = $default_transport_rate_delay
  856. virtual_uid_maps =