Seth Woolley's Man Viewer

Manual for postconf - man 5 postconf

([section] manual, -k keyword, -K [section] search, -f whatis)
man plain no title

POSTCONF(5)                                                        POSTCONF(5)



NAME
       postconf(1,5) - Postfix configuration parameters

SYNOPSIS
       postconf(1,5) parameter ...

       postconf(1,5) -e "parameter=value" ...

DESCRIPTION
       The  Postfix main.cf configuration file(1,n) specifies a small subset of all
       the parameters that control the operation of the Postfix  mail(1,8)  system.
       Parameters not specified in(1,8) main.cf are left at their default values.

       The general format of the main.cf file(1,n) is as follows:

             Each  logical line has the form "parameter = value".  Whitespace
              around the "=" is ignored, as is whitespace at the end of a log-
              ical line.

             Empty  lines and whitespace-only lines are ignored, as are lines
              whose first non-whitespace character is a `#'.

             A logical line starts with  non-whitespace  text.  A  line  that
              starts with whitespace continues a logical line.

             A parameter value may refer to other parameters.

                    The  expressions  "$name",  "${name}"  or  "$(name)"  are
                     recursively replaced by the value of the named(5,8) parameter.

                    The  expression  "${name?value}"  expands to "value" when
                     "$name" is non-empty. This form is supported with Postfix
                     version(1,3,5) 2.2 and later.

                    The  expression  "${name:value}"  expands to "value" when
                     "$name" is empty. This form  is  supported  with  Postfix
                     version(1,3,5) 2.2 and later.

             When the same parameter is defined multiple times, only the last
              instance is remembered.

             Otherwise, the order of main.cf parameter definitions  does  not
              matter.

       The remainder of this document is a description of all Postfix configu-
       ration parameters. Default values are shown after the parameter name in(1,8)
       parentheses, and can be looked up with the "postconf(1,5) -d" command.

       Note:  this  is not an invitation to make changes to Postfix configura-
       tion parameters. Unnecessary changes can impair the  operation  of  the
       mail(1,8) system.

2bounce_notice_recipient (default: postmaster)
       The  recipient  of  undeliverable  mail(1,8)  that cannot be returned to the
       sender.  This feature is enabled with the notify_classes parameter.

access_map_reject_code (default: 554)
       The numerical Postfix SMTP  server  response  code  when  a  client  is
       rejected by an access(2,5)(5) map restriction.

       Do not change this unless you have a complete understanding of RFC 821.

address_verify_default_transport (default: $default_transport)
       Overrides the default_transport parameter setting for address verifica-
       tion probes.

       This feature is available in(1,8) Postfix 2.1 and later.

address_verify_local_transport (default: $local_transport)
       Overrides  the  local_transport parameter setting for address verifica-
       tion probes.

       This feature is available in(1,8) Postfix 2.1 and later.

address_verify_map (default: empty)
       Optional lookup table for persistent address verification status  stor-
       age.   The  table is maintained by the verify(1,8)(8) service, and is opened
       before the process releases privileges.

       By default, the information is kept in(1,8) volatile  memory,  and  is  lost
       after "postfix reload" or "postfix stop".

       Specify a location in(1,8) a file(1,n) system that will not fill up. If the data-
       base becomes corrupted, the world comes to an end.  To  recover  delete
       the file(1,n) and do "postfix reload".

       Examples:

       address_verify_map = hash:/etc/postfix/verify(1,8)
       address_verify_map = btree:/etc/postfix/verify(1,8)

       This feature is available in(1,8) Postfix 2.1 and later.

address_verify_negative_cache (default: yes)
       Enable caching of failed address verification probe results.  When this
       feature is enabled, the cache may pollute quickly with  garbage.   When
       this  feature  is  disabled, Postfix will generate an address probe for
       every lookup.

       This feature is available in(1,8) Postfix 2.1 and later.

address_verify_negative_expire_time (default: 3d)
       The time(1,2,n) after which a failed probe expires from the address  verifica-
       tion cache.

       Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).

       This feature is available in(1,8) Postfix 2.1 and later.

address_verify_negative_refresh_time (default: 3h)
       The  time(1,2,n)  after  which a failed address verification probe needs to be
       refreshed.

       Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).

       This feature is available in(1,8) Postfix 2.1 and later.

address_verify_poll_count (default: 3)
       How many times to query the verify(1,8)(8) service for the completion of  an
       address verification request in(1,8) progress.

       The default poll count is 3.

       Specify  1  to  implement  a crude form of greylisting, that is, always
       defer the first delivery request for a never seen before address.

       Example:

       address_verify_poll_count = 1

       This feature is available in(1,8) Postfix 2.1 and later.

address_verify_poll_delay (default: 3s)
       The delay between queries for the completion of an address verification
       request in(1,8) progress.

       The default polling delay is 3 seconds.

       Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).

       This feature is available in(1,8) Postfix 2.1 and later.

address_verify_positive_expire_time (default: 31d)
       The  time(1,2,n) after which a successful probe expires from the address veri-
       fication cache.

       Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).

       This feature is available in(1,8) Postfix 2.1 and later.

address_verify_positive_refresh_time (default: 7d)
       The time(1,2,n) after which a successful address verification probe  needs  to
       be  refreshed.  The address verification status is not updated when the
       probe fails (optimistic caching).

       Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).

       This feature is available in(1,8) Postfix 2.1 and later.

address_verify_relay_transport (default: $relay_transport)
       Overrides the relay_transport parameter setting for  address  verifica-
       tion probes.

       This feature is available in(1,8) Postfix 2.1 and later.

address_verify_relayhost (default: $relayhost)
       Overrides  the  relayhost  parameter  setting  for address verification
       probes.

       This feature is available in(1,8) Postfix 2.1 and later.

address_verify_sender (default: postmaster)
       The sender address to use in(1,8)  address  verification  probes.  To  avoid
       problems  with  address  probes  that  are  sent in(1,8) response to address
       probes, the Postfix SMTP server excludes the probe sender address  from
       all SMTPD access(2,5) blocks.

       Specify  an  empty value (address_verify_sender =) or <> if(3,n) you want to
       use the null sender address. Beware, some sites reject  mail(1,8)  from  <>,
       even though RFCs require that such addresses be accepted.

       Examples:

       address_verify_sender = <>
       address_verify_sender = postmaster@my.domain

       This feature is available in(1,8) Postfix 2.1 and later.

address_verify_service_name (default: verify(1,8))
       The  name  of  the verify(1,8)(8) address verification service. This service
       maintains the status of sender and/or  recipient  address  verification
       probes, and generates probes on request by other Postfix processes.

address_verify_transport_maps (default: $transport_maps)
       Overrides the transport_maps parameter setting for address verification
       probes.

       This feature is available in(1,8) Postfix 2.1 and later.

address_verify_virtual_transport (default: $virtual_transport)
       Overrides the virtual_transport parameter setting for address verifica-
       tion probes.

       This feature is available in(1,8) Postfix 2.1 and later.

alias_database (default: see postconf(1,5) -d output)
       The  alias  databases  for  local(8)  delivery  that  are  updated with
       "newaliases" or with "sendmail(1,8) -bi".

       This is a separate configuration parameter because not all  the  tables
       specified with $alias_maps have to be local files.

       Examples:

       alias_database = hash:/etc/aliases
       alias_database = hash:/etc/mail(1,8)/aliases

alias_maps (default: see postconf(1,5) -d output)
       The alias databases that are used for local(8) delivery. See aliases(5)
       for syntax details.

       The default list is system dependent.  On systems with NIS, the default
       is to search the local alias database, then the NIS alias database.

       If  you  change  the  alias  database, run "postalias /etc/aliases" (or
       wherever your system  stores  the  mail(1,8)  alias  file(1,n)),  or  simply  run
       "newaliases" to build the necessary DBM or DB file.

       The  local(8)  delivery agent disallows regular expression substitution
       of $1 etc. in(1,8) alias_maps, because that would open(2,3,n) a security hole.

       The local(8) delivery agent will silently ignore requests  to  use  the
       proxymap(8)  server  within  alias_maps. Instead it will open(2,3,n) the table
       directly. Before Postfix version(1,3,5) 2.2, the local(8) delivery agent  will
       terminate with a fatal error.

       Examples:

       alias_maps = hash:/etc/aliases, nis:mail.aliases
       alias_maps = hash:/etc/aliases

allow_mail_to_commands (default: alias, forward)
       Restrict  local(8)  mail(1,8) delivery to external commands.  The default is
       to disallow delivery to "|command" in(1,8) :include:  files (see  aliases(5)
       for the text that defines this terminology).

       Specify  zero  or more of: alias, forward or include, in(1,8) order to allow
       commands in(1,8) aliases(5), .forward files or in(1,8) :include:  files,  respec-
       tively.

       Example:

       allow_mail_to_commands = alias,forward,include

allow_mail_to_files (default: alias, forward)
       Restrict  local(8)  mail(1,8)  delivery to external files. The default is to
       disallow "/file(1,n)/name" destinations in(1,8) :include:  files (see  aliases(5)
       for the text that defines this terminology).

       Specify  zero  or more of: alias, forward or include, in(1,8) order to allow
       "/file(1,n)/name"  destinations  in(1,8)  aliases(5),  .forward  files   and   in(1,8)
       :include:  files, respectively.

       Example:

       allow_mail_to_files = alias,forward,include

allow_min_user (default: no)
       Allow  a  recipient  address  to  have  `-' as the first character.  By
       default, this is not allowed, to avoid  accidents  with  software  that
       passes email addresses via the command line. Such software would not be
       able to distinguish a malicious address from a bona  fide  command-line
       option.  Although this can be prevented by inserting a "--" option ter-
       minator into the command line, this is  difficult  to  enforce  consis-
       tently and globally.

allow_percent_hack (default: yes)
       Enable  the rewriting of the form "user%domain" to "user@domain".  This
       is enabled by default.

       Note: with Postfix version(1,3,5) 2.2, message header address  rewriting  hap-
       pens only when one of the following conditions is true:

             The message is received with the Postfix sendmail(1,8)(1) command,

             The  message  is  received  from  a  network client that matches
              $local_header_rewrite_clients,

             The  message   is   received   from   the   network,   and   the
              remote_header_rewrite_domain  parameter  specifies  a  non-empty
              value.

       To get the  behavior  before  Postfix  2.2,  specify  "local_header_re-
       write_clients = static:all".

       Example:

       allow_percent_hack = no

allow_untrusted_routing (default: no)
       Forward  mail(1,8)  with sender-specified routing (user[@%!]remote[@%!]site)
       from untrusted clients to destinations matching $relay_domains.

       By default, this feature is turned off.  This closes a nasty open(2,3,n) relay
       loophole  where  a  backup  MX host(1,5) can be tricked into forwarding junk
       mail(1,8) to a primary MX host(1,5) which then spams it out to the world.

       This parameter also controls if(3,n) non-local addresses with  sender-speci-
       fied  routing  can  match  Postfix  access(2,5)  tables.  By  default,  such
       addresses cannot match Postfix access(2,5) tables, because  the  address  is
       ambiguous.

alternate_config_directories (default: empty)
       A  list  of  non-default  Postfix configuration directories that may be
       specified with "-c config_directory" on the command line,  or  via  the
       MAIL_CONFIG environment parameter.

       This list must be specified in(1,8) the default Postfix configuration direc-
       tory, and is used by set-gid Postfix commands such as postqueue(1)  and
       postdrop(1).

always_bcc (default: empty)
       Optional  address  that  receives a "blind carbon copy" of each message
       that is received by the Postfix mail(1,8) system.

       Note: if(3,n) mail(1,8) to the BCC address bounces it will  be  returned  to  the
       sender.

       Note:  automatic  BCC  recipients  are  produced only for new mail.  To
       avoid mailer loops, automatic BCC recipients are not generated for mail(1,8)
       that  Postfix  forwards internally, nor for mail(1,8) that Postfix generates
       itself.

anvil_rate_time_unit (default: 60s)
       The time(1,2,n) unit over which client connection rates and  other  rates  are
       calculated.

       This  feature  is implemented by the anvil(8) service which is not part
       of the stable Postfix 2.1 release.

       The default interval is relatively short. Because of the high frequency
       of updates, the anvil(8) server uses volatile memory only. Thus, infor-
       mation is lost whenever the process terminates.

       Time units: s (seconds), m (minutes), h (hours), d (days),  w  (weeks).
       The default time(1,2,n) unit is s (seconds).

anvil_status_update_time (default: 600s)
       How  frequently  the  anvil(8) connection and rate limiting server logs
       peak usage information.

       This feature is available in(1,8) Postfix 2.2 and later.

       Time units: s (seconds), m (minutes), h (hours), d (days),  w  (weeks).
       The default time(1,2,n) unit is s (seconds).

append_at_myorigin (default: yes)
       With  locally  submitted  mail(1,8),  append the string(3,n) "@$myorigin" to mail(1,8)
       addresses without domain information.  With  remotely  submitted  mail(1,8),
       append the string(3,n) "@$remote_header_rewrite_domain" instead.

       Note  1: this feature is enabled by default and must not be turned off.
       Postfix does not support domain-less addresses.

       Note 2: with Postfix version(1,3,5) 2.2, message header address rewriting hap-
       pens only when one of the following conditions is true:

             The message is received with the Postfix sendmail(1,8)(1) command,

             The  message  is  received  from  a  network client that matches
              $local_header_rewrite_clients,

             The  message   is   received   from   the   network,   and   the
              remote_header_rewrite_domain  parameter  specifies  a  non-empty
              value.

       To get the  behavior  before  Postfix  2.2,  specify  "local_header_re-
       write_clients = static:all".

append_dot_mydomain (default: yes)
       With   locally  submitted  mail(1,8),  append  the  string(3,n)  ".$mydomain"  to
       addresses that have no ".domain" information. With  remotely  submitted
       mail(1,8), append the string(3,n) ".$remote_header_rewrite_domain" instead.

       Note 1: this feature is enabled by default. If disabled, users(1,5) will not
       be able to send(2,n) mail(1,8) to "user@partialdomainname" but will have to spec-
       ify full domain names instead.

       Note 2: with Postfix version(1,3,5) 2.2, message header address rewriting hap-
       pens only when one of the following conditions is true:

             The message is received with the Postfix sendmail(1,8)(1) command,

             The message is received  from  a  network  client  that  matches
              $local_header_rewrite_clients,

             The   message   is   received   from   the   network,   and  the
              remote_header_rewrite_domain  parameter  specifies  a  non-empty
              value.

       To  get  the  behavior  before  Postfix  2.2, specify "local_header_re-
       write_clients = static:all".

application_event_drain_time (default: 100s)
       How long the postkick(1) command waits  for  a  request  to  enter  the
       server's input buffer before giving up.

       Time  units:  s (seconds), m (minutes), h (hours), d (days), w (weeks).
       The default time(1,2,n) unit is s (seconds).

       This feature is available in(1,8) Postfix 2.1 and later.

authorized_flush_users (default: static:anyone)
       List of users(1,5) who are authorized to flush(8,n) the queue.

       By default, all users(1,5) are allowed to flush(8,n) the queue.  Access is always
       granted if(3,n) the invoking user is the super-user or the $mail_owner user.
       Otherwise, the real UID of the process is looked up in(1,8) the system pass-
       word  file(1,n),  and access(2,5) is granted only if(3,n) the corresponding login(1,3,5) name
       is on the access(2,5) list.  The username "unknown" is  used  for  processes
       whose real UID is not found in(1,8) the password file.

       Specify  a  list  of user names, "/file(1,n)/name" or "type:table" patterns,
       separated by commas and/or whitespace. The  list  is  matched  left  to
       right,  and  the  search  stops  on the first match. Specify "!name" to
       exclude a name from the list. A "/file(1,n)/name" pattern is replaced by its
       contents;  a "type:table" lookup table is matched when a name matches a
       lookup key (the lookup result is  ignored).   Continue  long  lines  by
       starting the next line with whitespace.

       This feature is available in(1,8) Postfix 2.2 and later.

authorized_mailq_users (default: static:anyone)
       List of users(1,5) who are authorized to view the queue.

       By  default, all users(1,5) are allowed to view the queue.  Access is always
       granted if(3,n) the invoking user is the super-user or the $mail_owner user.
       Otherwise, the real UID of the process is looked up in(1,8) the system pass-
       word file(1,n), and access(2,5) is granted only if(3,n) the corresponding  login(1,3,5)  name
       is  on  the  access(2,5) list.  The username "unknown" is used for processes
       whose real UID is not found in(1,8) the password file.

       Specify a list of user names, "/file(1,n)/name"  or  "type:table"  patterns,
       separated  by  commas  and/or  whitespace.  The list is matched left to
       right, and the search stops on the  first  match.  Specify  "!name"  to
       exclude a name from the list. A "/file(1,n)/name" pattern is replaced by its
       contents; a "type:table" lookup table is matched when a name matches  a
       lookup  key  (the  lookup  result  is ignored).  Continue long lines by
       starting the next line with whitespace.

       This feature is available in(1,8) Postfix 2.2 and later.

authorized_submit_users (default: static:anyone)
       List of users(1,5) who are authorized to submit mail(1,8)  with  the  sendmail(1,8)(1)
       command (and with the privileged postdrop(1) helper command).

       By  default, all users(1,5) are allowed to submit mail.  Otherwise, the real
       UID of the process is looked up in(1,8) the system password file(1,n), and access(2,5)
       is  granted only if(3,n) the corresponding login(1,3,5) name is on the access(2,5) list.
       The username "unknown" is used for processes  whose  real  UID  is  not
       found in(1,8) the password file. To deny mail(1,8) submission access(2,5) to all users(1,5)
       specify an empty list.

       Specify a list of user names, "/file(1,n)/name"  or  "type:table"  patterns,
       separated  by  commas  and/or  whitespace.  The list is matched left to
       right, and the search stops on the  first  match.  Specify  "!name"  to
       exclude a name from the list. A "/file(1,n)/name" pattern is replaced by its
       contents; a "type:table" lookup table is matched when a name matches  a
       lookup  key  (the  lookup  result  is ignored).  Continue long lines by
       starting the next line with whitespace.

       This feature is available in(1,8) Postfix 2.2 and later.

authorized_verp_clients (default: $mynetworks)
       What SMTP clients are allowed to specify the XVERP command.  This  com-
       mand requests that mail(1,8) be delivered one recipient at a time(1,2,n) with a per
       recipient return address.

       By default, only trusted clients are allowed to specify XVERP.

       This parameter was introduced with Postfix version(1,3,5) 1.1.   Postfix  ver-
       sion(1,3,5)  2.1  renamed  this parameter to smtpd_authorized_verp_clients and
       changed the default to none.

       Specify a list of network/netmask patterns, separated by commas  and/or
       whitespace.  The  mask specifies the number of bits in(1,8) the network part
       of a host(1,5) address. You can also specify hostnames or .domain names (the
       initial   dot   causes   the  domain  to  match  any  name  below  it),
       "/file(1,n)/name" or  "type:table"  patterns.   A  "/file(1,n)/name"  pattern  is
       replaced by its contents; a "type:table" lookup table is matched when a
       table entry matches a lookup string(3,n) (the  lookup  result  is  ignored).
       Continue long lines by starting the next line with whitespace.

       Note:  IP  version(1,3,5)  6  address  information  must  be  specified inside
       <tt>[]</tt> in(1,8) the authorized_verp_clients value, and in(1,8)  files  speci-
       fied with "/file(1,n)/name".  IP version(1,3,5) 6 addresses contain the ":" charac-
       ter, and would otherwise be confused with a "type:table" pattern.

backwards_bounce_logfile_compatibility (default: yes)
       Produce additional bounce(8) logfile records that can be read(2,n,1 builtins) by  Post-
       fix versions before 2.0. The current and more extensible "name = value"
       format is needed in(1,8) order to implement more  sophisticated  functional-
       ity.

       This feature is available in(1,8) Postfix 2.1 and later.

berkeley_db_create_buffer_size (default: 16777216)
       The per-table I/O buffer size for programs that create Berkeley DB hash
       or btree tables.  Specify a byte count.

       This feature is available in(1,8) Postfix 2.0 and later.

berkeley_db_read_buffer_size (default: 131072)
       The per-table I/O buffer size for programs that read(2,n,1 builtins) Berkeley  DB  hash
       or btree tables.  Specify a byte count.

       This feature is available in(1,8) Postfix 2.0 and later.

best_mx_transport (default: empty)
       Where  the  Postfix  SMTP  client should deliver mail(1,8) when it detects a
       "mail(1,8) loops back to myself" error(8,n)  condition.  This  happens  when  the
       local  MTA is the best SMTP mail(1,8) exchanger for a destination not listed
       in(1,8)   $mydestination,   $inet_interfaces,    $proxy_interfaces,    $vir-
       tual_alias_domains, or $virtual_mailbox_domains.  By default, the Post-
       fix SMTP client returns such mail(1,8) as undeliverable.

       Specify, for example, "best_mx_transport = local" to pass the mail(1,8) from
       the  SMTP  client  to  the local(8) delivery agent. You can specify any
       message delivery "transport" or "transport:nexthop" that is defined  in(1,8)
       the master.cf file. See the transport(5) manual page for the syntax and
       meaning of "transport" or "transport:nexthop".

       However, this feature is expensive because it ties up  a  Postfix  SMTP
       client  process while the local(8) delivery agent is doing its work. It
       is more efficient (for Postfix) to list all hosted domains in(1,8)  a  table
       or database.

biff (default: yes)
       Whether  or not to use the local biff service.  This service sends "new
       mail(1,8)" notifications to users(1,5) who have requested new  mail(1,8)  notification
       with the UNIX command "biff y".

       For  compatibility  reasons  this feature is on by default.  On systems
       with lots of interactive users(1,5), the biff service can be  a  performance
       drain.  Specify "biff = no" in(1,8) main.cf to disable.

body_checks (default: empty)
       Optional  lookup  tables  for  content  inspection  as specified in(1,8) the
       body_checks(5) manual page.

       Note: with Postfix versions before 2.0, these rules inspect all content
       after the primary message headers.

body_checks_size_limit (default: 51200)
       How  much  text in(1,8) a message body segment (or attachment, if(3,n) you prefer
       to use that term(5,7)) is subjected to body_checks inspection.   The  amount
       of text is limited to avoid scanning huge attachments.

       This feature is available in(1,8) Postfix 2.0 and later.

bounce_notice_recipient (default: postmaster)
       The  recipient  of postmaster notifications with the message headers of
       mail(1,8) that Postfix did not deliver and of SMTP conversation  transcripts
       of mail(1,8) that Postfix did not receive.  This feature is enabled with the
       notify_classes parameter.

bounce_queue_lifetime (default: 5d)
       The maximal time(1,2,n) a bounce message is queued  before  it  is  considered
       undeliverable.  By default, this is the same as the queue(1,3) life time(1,2,n) for
       regular mail.

       Time units: s (seconds), m (minutes), h (hours), d (days),  w  (weeks).
       The default time(1,2,n) unit is d (days).

       Specify 0 when mail(1,8) delivery should be tried only once.

       This feature is available in(1,8) Postfix 2.1 and later.

bounce_service_name (default: bounce)
       The  name  of the bounce(8) service. This service maintains a record of
       failed delivery attempts and generates non-delivery notifications.

       This feature is available in(1,8) Postfix 2.0 and later.

bounce_size_limit (default: 50000)
       The maximal amount of original message text that  is  sent  in(1,8)  a  non-
       delivery  notification.  Specify  a  byte  count.  If you increase this
       limit, then you should increase the  mime_nesting_limit  value  propor-
       tionally.

broken_sasl_auth_clients (default: no)
       Enable  inter-operability  with SMTP clients that implement an obsolete
       version(1,3,5) of the AUTH command (RFC 2554). Examples of  such  clients  are
       MicroSoft Outlook Express version(1,3,5) 4 and MicroSoft Exchange version(1,3,5) 5.0.

       Specify "broken_sasl_auth_clients = yes" to have Postfix advertise AUTH
       support in(1,8) a non-standard way.

canonical_classes      (default:      envelope_sender,     envelope_recipient,
       header_sender, header_recipient)
       What addresses are  subject  to  canonical_maps  address  mapping.   By
       default,  canonical_maps  address mapping is applied to envelope sender
       and recipient addresses, and to  header  sender  and  header  recipient
       addresses.

       Specify   one   or   more   of:   envelope_sender,  envelope_recipient,
       header_sender, header_recipient

       This feature is available in(1,8) Postfix 2.2 and later.

canonical_maps (default: empty)
       Optional  address  mapping  lookup  tables  for  message  headers   and
       envelopes.  The  mapping  is  applied  to  both  sender  and  recipient
       addresses, in(1,8) both envelopes and in(1,8) headers,  as  controlled  with  the
       canonical_classes  parameter.  This is typically used to clean up dirty
       addresses from legacy mail(1,8) systems, or to replace login(1,3,5) names by First-
       name.Lastname.   The table format and lookups are documented in(1,8) canoni-
       cal(5). For an  overview  of  Postfix  address  manipulations  see  the
       ADDRESS_REWRITING_README document.

       If  you use this feature, run "postmap /etc/postfix/canonical" to build
       the necessary DBM or DB file(1,n)  after  every  change.  The  changes  will
       become visible after a minute or so.  Use "postfix reload" to eliminate
       the delay.

       Note: with Postfix version(1,3,5) 2.2, message header address mapping  happens
       only when message header address rewriting is enabled:

             The message is received with the Postfix sendmail(1,8)(1) command,

             The  message  is  received  from  a  network client that matches
              $local_header_rewrite_clients,

             The  message   is   received   from   the   network,   and   the
              remote_header_rewrite_domain  parameter  specifies  a  non-empty
              value.

       To get the  behavior  before  Postfix  2.2,  specify  "local_header_re-
       write_clients = static:all".

       Examples:

       canonical_maps = dbm:/etc/postfix/canonical
       canonical_maps = hash:/etc/postfix/canonical

cleanup_service_name (default: cleanup)
       The  name  of  the  cleanup(8) service. This service rewrites addresses
       into the standard form, and performs canonical(5) address  mapping  and
       virtual(5,8)(5) aliasing.

       This feature is available in(1,8) Postfix 2.0 and later.

command_directory (default: see postconf(1,5) -d output)
       The location of all postfix administrative commands.

command_execution_directory (default: empty)
       The  local(8) delivery agent working directory for delivery to external
       command.  Failure  to  change  directory  causes  the  delivery  to  be
       deferred.

       The  following $name expansions are done on command_execution_directory
       before the directory is changed. Expansion happens in(1,8)  the  context  of
       the  delivery  request.  The result of $name expansion is filtered with
       the character set(7,n,1 builtins) that is specified with the execution_directory_expan-
       sion_filter parameter.

       $user  The recipient's username.

       $shell The recipient's login(1,3,5) shell pathname.

       $home  The recipient's home directory.

       $recipient
              The full recipient address.

       $extension
              The optional recipient address extension.

       $domain
              The recipient domain.

       $local The entire recipient localpart.

       $recipient_delimiter
              The system-wide recipient address extension delimiter.

       ${name?value}
              Expands to value when $name is non-empty.

       ${name:value}
              Expands to value when $name is empty.

       Instead of $name you can also specify ${name} or $(name).

       This feature is available in(1,8) Postfix 2.2 and later.

command_expansion_filter (default: see postconf(1,5) -d output)
       Restrict  the  characters  that  the  local(8) delivery agent allows in(1,8)
       $name expansions of $mailbox_command.  Characters outside  the  allowed
       set(7,n,1 builtins) are replaced by underscores.

command_time_limit (default: 1000s)
       Time limit for delivery to external commands. This limit is used by the
       local(8) delivery agent, and is the default time(1,2,n) limit for delivery  by
       the pipe(2,8)(8) delivery agent.

       Note:  if(3,n)  you set(7,n,1 builtins) this time(1,2,n) limit to a large value you must update(7,n) the
       global ipc_timeout parameter as well.

config_directory (default: see postconf(1,5) -d output)
       The default location of the Postfix main.cf and master.cf configuration
       files. This can be overruled via the following mechanisms:

             The  MAIL_CONFIG environment variable (daemon processes and com-
              mands).

             The "-c" command-line option (commands only).

       With Postfix command that run with set-gid privileges, a  config_direc-
       tory  override requires either root privileges, or it requires that the
       directory is listed with the alternate_config_directories parameter  in(1,8)
       the default main.cf file.

connection_cache_service (default: scache)
       The name of the scache(8) connection cache service.  This service main-
       tains a limited pool of cached sessions.

connection_cache_status_update_time (default: 600s)
       How frequently the scache(8) server logs usage statistics with  connec-
       tion cache hit and miss rates for logical destinations and for physical
       endpoints.

connection_cache_ttl_limit (default: 2s)
       The maximal time-to-live value  that  the  scache(8)  connection  cache
       server  allows.  Requests that specify a larger TTL will be stored with
       the maximum allowed TTL. The purpose of this additional control  is  to
       protect  the  infrastructure  against careless people. The cache TTL is
       already bounded by $max_idle.

content_filter (default: empty)
       The name of a mail(1,8) delivery transport that filters  mail(1,8)  after  it  is
       queued.

       This parameter uses the same syntax as the right-hand side of a Postfix
       transport(5) table. This setting has a lower precedence than a  content
       filter(1,3x,3x curs_util)   that   is   specified   with   an  access(2,5)(5)  table  or  in(1,8)  a
       header_checks(5) or body_checks(5) table.

daemon_directory (default: see postconf(1,5) -d output)
       The directory with Postfix support programs and daemon programs.  These
       should  not  be invoked directly by humans. The directory must be owned
       by root.

daemon_timeout (default: 18000s)
       How much time(1,2,n) a Postfix daemon process may take  to  handle  a  request
       before it is terminated by a built-in watchdog(5,8) timer.

       Time  units:  s (seconds), m (minutes), h (hours), d (days), w (weeks).
       The default time(1,2,n) unit is s (seconds).

debug_peer_level (default: 2)
       The increment in(1,8) verbose logging level when a remote client  or  server
       matches a pattern in(1,8) the debug_peer_list parameter.

debug_peer_list (default: empty)
       Optional  list  of  remote client or server hostname or network address
       patterns that cause the verbose logging level to increase by the amount
       specified in(1,8) $debug_peer_level.

       Specify  domain  names, network/netmask patterns, "/file(1,n)/name" patterns
       or  "type:table"  lookup  tables.  The  right-hand  side  result   from
       "type:table" lookups is ignored.

       Pattern   matching   of   domain   names  is  controlled  by  the  par-
       ent_domain_matches_subdomains parameter.

       Examples:

       debug_peer_list = 127.0.0.1
       debug_peer_list = some.domain

debugger_command (default: empty)
       The external command to  execute  when  a  Postfix  daemon  program  is
       invoked with the -D option.

       Use  "command  .. & sleep(1,3) 5" so that the debugger can attach before the
       process marches on. If you use an X-based debugger, be sure to  set(7,n,1 builtins)  up
       your XAUTHORITY environment variable before starting Postfix.

       Example:

       debugger_command =
           PATH=/usr/bin:/usr/X11R6/bin
           xxgdb $daemon_directory/$process_name $process_id & sleep(1,3) 5

default_database_type (default: see postconf(1,5) -d output)
       The  default  database  type for use in(1,8) newaliases(1), postalias(1) and
       postmap(1) commands. On many UNIX systems the default  type  is  either
       dbm  or  hash. The default setting is frozen when the Postfix system is
       built.

       Examples:

       default_database_type = hash
       default_database_type = dbm

default_delivery_slot_cost (default: 5)
       How often the Postfix queue(1,3) manager's scheduler is allowed  to  preempt
       delivery of one message with another.

       Each  transport maintains a so-called "available delivery slot counter"
       for each message. One message can be preempted by another one when  the
       other  message  can  be  delivered  using no more delivery slots (i.e.,
       invocations of delivery agents) than the current  message  counter  has
       accumulated  (or  will  eventually  accumulate  -  see about slot loans
       below). This parameter controls how often is the counter incremented  -
       it  happens  after each default_delivery_slot_cost recipients have been
       delivered.

       The cost of 0 is used to disable the preempting scheduling  completely.
       The minimum value the scheduling algorithm can use is 2 - use it if(3,n) you
       want to maximize the message throughput rate. Although there is no max-
       imum, it doesn't make much sense to use values above say 50.

       The  only  reason why the value of 2 is not the default is the way this
       parameter affects the delivery of mailing-list mail. In the worst case,
       their   delivery   can   take   somewhere   between  (cost+1/cost)  and
       (cost/cost-1) times more than if(3,n) the preemptive scheduler was disabled.
       The default value of 5 turns out to provide reasonable message response
       times while making sure the mailing-list deliveries are not extended by
       more than 20-25 percent even in(1,8) the worst case.

       Examples:

       default_delivery_slot_cost = 0
       default_delivery_slot_cost = 2

default_delivery_slot_discount (default: 50)
       The  default  value for transport-specific _delivery_slot_discount set-
       tings.

       This parameter speeds up the moment when a message preemption can  hap-
       pen.  Instead  of  waiting  until  the  full  amount  of delivery slots
       required is available, the preemption can happen when  transport_deliv-
       ery_slot_discount  percent of the required amount plus transport_deliv-
       ery_slot_loan still remains to be  accumulated.   Note  that  the  full
       amount  will still have to be accumulated before another preemption can
       take place later.

default_delivery_slot_loan (default: 3)
       The default value for transport-specific _delivery_slot_loan  settings.

       This  parameter speeds up the moment when a message preemption can hap-
       pen. Instead of  waiting  until  the  full  amount  of  delivery  slots
       required  is available, the preemption can happen when transport_deliv-
       ery_slot_discount percent of the required amount plus  transport_deliv-
       ery_slot_loan  still  remains  to  be  accumulated.  Note that the full
       amount will still have to be accumulated before another preemption  can
       take place later.

default_destination_concurrency_limit (default: 20)
       The  default maximal number of parallel deliveries to the same destina-
       tion.  This is the default limit for delivery via the lmtp(8), pipe(2,8)(8),
       smtp(8) and virtual(5,8)(8) delivery agents.

default_destination_recipient_limit (default: 50)
       The default maximal number of recipients per message delivery.  This is
       the default limit for delivery via the lmtp(8),  pipe(2,8)(8),  smtp(8)  and
       virtual(5,8)(8) delivery agents.

       Setting  this parameter to a value of 1 changes the meaning of the cor-
       responding  per-destination  concurrency  limit  from  concurrency  per
       domain into concurrency per recipient.

default_extra_recipient_limit (default: 1000)
       The default value for the extra per-transport limit imposed on the num-
       ber of in-memory recipients.  This extra recipient  space  is  reserved
       for  the  cases when the Postfix queue(1,3) manager's scheduler preempts one
       message with another and suddenly needs some extra recipients slots for
       the chosen message in(1,8) order to avoid performance degradation.

default_minimum_delivery_slots (default: 3)
       How  many recipients a message must have in(1,8) order to invoke the Postfix
       queue(1,3) manager's scheduling algorithm  at  all.   Messages  which  would
       never  accumulate  at  least  this many delivery slots (subject to slot
       cost parameter as well) are never preempted.

default_privs (default: nobody)
       The default rights used by the local(8) delivery agent for delivery  to
       external  file(1,n)  or  command.   These  rights  are used when delivery is
       requested from an aliases(5) file(1,n) that is owned by root, or when deliv-
       ery  is done on behalf of root. DO NOT SPECIFY A PRIVILEGED USER OR THE
       POSTFIX OWNER.

default_process_limit (default: 100)
       The default maximal number of Postfix child processes  that  provide  a
       given service. This limit can be overruled for specific services in(1,8) the
       master.cf file.

default_rbl_reply (default: see postconf(1,5) -d output)
       The default SMTP  server  response  template  for  a  request  that  is
       rejected by an RBL-based restriction. This template can be overruled by
       specific entries in(1,8) the optional rbl_reply_maps lookup table.

       This feature is available in(1,8) Postfix 2.0 and later.

       The template is subject to exactly one level of $name substitution:

       $client
              The client hostname and IP address, formatted as  name[address].

       $client_address
              The client IP address.

       $client_name
              The client hostname or "unknown".

       $helo_name
              The hostname given in(1,8) HELO or EHLO command or empty string.

       $rbl_class
              The  blacklisted  entity type: Client host(1,5), Helo command, Sender
              address, or Recipient address.

       $rbl_code
              The  numerical  SMTP  response  code,  as  specified  with   the
              maps_rbl_reject_code configuration parameter.

       $rbl_domain
              The RBL domain where $rbl_what is blacklisted.

       $rbl_reason
              The reason why $rbl_what is blacklisted, or an empty string.

       $rbl_what
              The  entity  that  is  blacklisted (an IP address, a hostname, a
              domain name, or an email address whose domain was  blacklisted).

       $recipient
              The recipient address or <> in(1,8) case of the null address.

       $recipient_domain
              The recipient domain or empty string.

       $recipient_name
              The recipient address localpart or <> in(1,8) case of null address.

       $sender
              The sender address or <> in(1,8) case of the null address.

       $sender_domain
              The sender domain or empty string.

       $sender_name
              The  sender address localpart or <> in(1,8) case of the null address.

       ${name?text}
              Expands to `text' if(3,n) $name is not empty.

       ${name:text}
              Expands to `text' if(3,n) $name is empty.

       Instead of $name you can also specify ${name} or $(name).

default_recipient_limit (default: 10000)
       The default per-transport upper limit on the number of in-memory recip-
       ients.  These limits take priority over the global qmgr_message_recipi-
       ent_limit after the message has been assigned to the respective  trans-
       ports.  See also default_extra_recipient_limit and qmgr_message_recipi-
       ent_minimum.

default_transport (default: smtp)
       The default mail(1,8) delivery transport  for  domains  that  do  not  match
       $mydestination,      $inet_interfaces,     $proxy_interfaces,     $vir-
       tual_alias_domains, $virtual_mailbox_domains, or $relay_domains.   This
       information can be overruled with the transport(5) table.

       Specify  a string(3,n) of the form transport:nexthop, where transport is the
       name of a mail(1,8) delivery transport defined in(1,8) master.cf.   The  :nexthop
       part is optional.  For more details see the transport(5) manual page.

       Example:

       default_transport = uucp:relayhostname

default_verp_delimiters (default: +=)
       The  two  default  VERP  delimiter  characters.  These are used when no
       explicit delimiters are specified with the SMTP XVERP command  or  with
       the  "sendmail(1,8)  -V"  command-line  option.  Specify characters that are
       allowed by the verp_delimiter_filter setting.

       This feature is available in(1,8) Postfix 1.1 and later.

defer_code (default: 450)
       The numerical Postfix SMTP server response  code  when  a  remote  SMTP
       client request is rejected by the "defer" restriction.

       Do not change this unless you have a complete understanding of RFC 821.

defer_service_name (default: defer)
       The name of the defer(8) service. This service maintains  a  record  of
       failed delivery attempts and generates non-delivery notifications.

       This feature is available in(1,8) Postfix 2.0 and later.

defer_transports (default: empty)
       The  names  of message delivery transports that should not be delivered
       to unless someone issues "sendmail(1,8) -q" or equivalent. Specify  zero  or
       more  names  of mail(1,8) delivery transports names that appear in(1,8) the first
       field of master.cf.

       Example:

       defer_transports = smtp

delay_notice_recipient (default: postmaster)
       The recipient of postmaster notifications with the message  headers  of
       mail(1,8) that cannot be delivered within $delay_warning_time time(1,2,n) units.

       This feature is enabled with the delay_warning_time parameter.

delay_warning_time (default: 0h)
       The  time(1,2,n)  after  which the sender receives the message headers of mail(1,8)
       that is still queued.

       To enable this feature, specify a non-zero integral value.

       Time units: s (seconds), m (minutes), h (hours), d (days),  w  (weeks).
       The default time(1,2,n) unit is h (hours).

deliver_lock_attempts (default: 20)
       The  maximal number of attempts to acquire an exclusive lock on a mail-
       box file(1,n) or bounce(8) logfile.

deliver_lock_delay (default: 1s)
       The time(1,2,n) between attempts to acquire an exclusive  lock  on  a  mailbox
       file(1,n) or bounce(8) logfile.

       Time  units:  s (seconds), m (minutes), h (hours), d (days), w (weeks).
       The default time(1,2,n) unit is s (seconds).

disable_dns_lookups (default: no)
       Disable DNS lookups in(1,8) the Postfix SMTP and  LMTP  clients.  When  dis-
       abled, hosts are looked up with the gethostbyname() system library rou-
       tine which normally also looks in(1,8) /etc/hosts.

       DNS lookups are enabled by default.

disable_mime_input_processing (default: no)
       Turn off MIME processing while receiving mail. This means that no  spe-
       cial  treatment is given to Content-Type: message headers, and that all
       text after the initial message headers is considered to be part of  the
       message body.

       This feature is available in(1,8) Postfix 2.0 and later.

       Mime  input processing is enabled by default, and is needed in(1,8) order to
       recognize MIME headers in(1,8) message content.

disable_mime_output_conversion (default: no)
       Disable the conversion of 8BITMIME format to 7BIT format.  Mime  output
       conversion  is  needed when the destination does not advertise 8BITMIME
       support.

       This feature is available in(1,8) Postfix 2.0 and later.

disable_verp_bounces (default: no)
       Disable sending one bounce report per recipient.

       The default, one per recipient, is what ezmlm needs.

       This feature is available in(1,8) Postfix 1.1 and later.

disable_vrfy_command (default: no)
       Disable the SMTP VRFY command. This stops some techniques used to  har-
       vest email addresses.

       Example:

       disable_vrfy_command = no

dont_remove (default: 0)
       Don't remove queue(1,3) files and save them to the "saved" mail(1,8) queue.  This
       is a debugging aid.  To inspect the envelope information and content of
       a Postfix queue(1,3) file(1,n), use the postcat(1) command.

double_bounce_sender (default: double-bounce)
       The  sender  address  of postmaster notifications that are generated by
       the mail(1,8) system. All mail(1,8) to this address  is  silently  discarded,  in(1,8)
       order to terminate mail(1,8) bounce loops.

duplicate_filter_limit (default: 1000)
       The  maximal  number  of  addresses remembered by the address duplicate
       filter(1,3x,3x curs_util) for aliases(5) or virtual(5,8)(5) alias expansion,  or  for  showq(8)
       queue(1,3) displays.

empty_address_recipient (default: MAILER-DAEMON)
       The  recipient of mail(1,8) addressed to the null address.  Postfix does not
       accept(2,8) such addresses in(1,8) SMTP commands, but they may still  be  created
       locally as the result of configuration or software error.

enable_errors_to (default: no)
       Report mail(1,8) delivery errors to the address specified with the non-stan-
       dard Errors-To: message header, instead of the envelope sender  address
       (this  feature  is  removed  with Postfix 2.2, is turned off by default
       with Postfix 2.1, and is always turned on with older Postfix versions).

enable_original_recipient (default: yes)
       Enable  support  for  the  X-Original-To message header. This header is
       needed for multi-recipient mailboxes.

       When this parameter is set(7,n,1 builtins)  to  yes,  the  cleanup(8)  daemon  performs
       duplicate elimination on distinct pairs of (original recipient, rewrit-
       ten recipient), and generates non-empty original recipient  queue(1,3)  file(1,n)
       records.

       When this parameter is set(7,n,1 builtins) to no, the cleanup(8) daemon performs dupli-
       cate elimination on the rewritten recipient address only, and generates
       empty original recipient queue(1,3) file(1,n) records.

       This  feature  is available in(1,8) Postfix 2.1 and later. With Postfix 2.0,
       support for the X-Original-To message header is always turned on. Post-
       fix  versions  before 2.0 have no support for the X-Original-To message
       header.

error_notice_recipient (default: postmaster)
       The recipient of postmaster notifications about mail(1,8) delivery  problems
       that  are  caused  by  policy,  resource,  software or protocol errors.
       These notifications are enabled with the notify_classes parameter.

error_service_name (default: error(8,n))
       The name of the error(8,n)(8) pseudo delivery  agent.  This  service  always
       returns mail(1,8) as undeliverable.

       This feature is available in(1,8) Postfix 2.0 and later.

execution_directory_expansion_filter (default: see postconf(1,5) -d output)
       Restrict  the  characters  that  the  local(8) delivery agent allows in(1,8)
       $name expansions of $command_execution_directory.   Characters  outside
       the allowed set(7,n,1 builtins) are replaced by underscores.

       This feature is available in(1,8) Postfix 2.2 and later.

expand_owner_alias (default: no)
       When  delivering  to an alias "aliasname" that has an "owner-aliasname"
       companion alias, set(7,n,1 builtins) the envelope sender address to  the  expansion  of
       the "owner-aliasname" alias. Normally, Postfix sets the envelope sender
       address to the name of the "owner-aliasname" alias.

export_environment (default: see postconf(1,5) -d output)
       The list of environment variables that a Postfix process will export to
       non-Postfix  processes. The TZ variable is needed for sane time(1,2,n) keeping
       on System-V-ish systems.

       Specify a list of names and/or name=value pairs,  separated  by  white-
       space  or  comma. The name=value form is supported with Postfix 2.1 and
       later.

       Example:

       export_environment = TZ PATH=/bin:/usr/bin

extract_recipient_limit (default: 10240)
       The maximal number of recipient addresses  that  Postfix  will  extract
       from message headers when mail(1,8) is submitted with "sendmail(1,8) -t".

       This feature was removed in(1,8) Postfix 2.1.

fallback_relay (default: empty)
       Optional  list of relay hosts for SMTP destinations that can't be found
       or that are unreachable.

       By default, mail(1,8) is returned to the sender when a  destination  is  not
       found, and delivery is deferred if(3,n) a destination is unreachable.

       The  fallback relays must be SMTP destinations. Specify a domain, host(1,5),
       host:port, [host(1,5)]:port, [address] or [address]:port;  the  form  [host(1,5)]
       turns off MX lookups.  If you specify multiple SMTP destinations, Post-
       fix will try them in(1,8) the specified order.

       Note: do not use the fallback_relay feature when relaying  mail(1,8)  for  a
       backup  or  primary  MX  domain. Mail would loop between the Postfix MX
       host(1,5) and the fallback_relay host(1,5) when the final destination is unavail-
       able.

             In main.cf specify "relay_transport = relay",

             In  master.cf specify "-o fallback_relay =" (i.e., empty) at the
              end of the <tt>relay</tt> entry.

             In transport maps, specify "relay:nexthop..."  as the right-hand
              side for backup or primary MX domain entries.

       These are default settings in(1,8) Postfix version(1,3,5) 2.2 and later.

fallback_transport (default: empty)
       Optional  message  delivery  transport that the local(8) delivery agent
       should use for names that are not found in(1,8) the aliases(5)  database  or
       in(1,8) the UNIX passwd(1,5) database.

fast_flush_domains (default: $relay_domains)
       Optional  list  of  destinations  that are eligible for per-destination
       logfiles with mail(1,8) that is queued to those destinations.

       By default, Postfix maintains "fast flush(8,n)" logfiles only  for  destina-
       tions  that  the  Postfix  SMTP server is willing to relay to (i.e. the
       default   is:   "fast_flush_domains   =   $relay_domains";   see    the
       relay_domains parameter in(1,8) the postconf(1,5)(5) manual).

       Specify  a list of hosts or domains, "/file(1,n)/name" patterns or "type:ta-
       ble" lookup tables, separated by commas  and/or  whitespace.   Continue
       long  lines  by  starting the next line with whitespace. A "/file(1,n)/name"
       pattern is replaced by its contents; a  "type:table"  lookup  table  is
       matched when the domain or its parent domain appears as lookup key.

       Specify  "fast_flush_domains  ="  (i.e.,  empty) to disable the feature
       altogether.

fast_flush_purge_time (default: 7d)
       The time(1,2,n) after which an empty per-destination "fast flush(8,n)"  logfile  is
       deleted.

       You can specify the time(1,2,n) as a number, or as a number followed by a let-
       ter that  indicates  the  time(1,2,n)  unit:  s=seconds,  m=minutes,  h=hours,
       d=days, w=weeks.  The default time(1,2,n) unit is days.

fast_flush_refresh_time (default: 12h)
       The  time(1,2,n)  after  which  a  non-empty  but unread per-destination "fast
       flush(8,n)" logfile needs to be refreshed.  The contents of  a  logfile  are
       refreshed by requesting delivery of all messages listed in(1,8) the logfile.

       You can specify the time(1,2,n) as a number, or as a number followed by a let-
       ter  that  indicates  the  time(1,2,n)  unit:  s=seconds,  m=minutes, h=hours,
       d=days, w=weeks.  The default time(1,2,n) unit is hours.

fault_injection_code (default: 0)
       Force specific internal tests to fail, to test the handling  of  errors
       that are difficult to reproduce otherwise.

flush_service_name (default: flush(8,n))
       The  name  of the flush(8,n)(8) service. This service maintains per-destina-
       tion logfiles with the queue(1,3) file(1,n) names of  mail(1,8)  that  is  queued  for
       those destinations.

       This feature is available in(1,8) Postfix 2.0 and later.

fork_attempts (default: 5)
       The maximal number of attempts to fork() a child process.

fork_delay (default: 1s)
       The delay between attempts to fork() a child process.

       Time  units:  s (seconds), m (minutes), h (hours), d (days), w (weeks).
       The default time(1,2,n) unit is s (seconds).

forward_expansion_filter (default: see postconf(1,5) -d output)
       Restrict the characters that the  local(8)  delivery  agent  allows  in(1,8)
       $name  expansions of $forward_path.  Characters outside the allowed set(7,n,1 builtins)
       are replaced by underscores.

forward_path (default: see postconf(1,5) -d output)
       The local(8) delivery agent search list for  finding  a  .forward  file(1,n)
       with  user-specified  delivery methods. The first file(1,n) that is found is
       used.

       The following $name expansions are  done  on  forward_path  before  the
       search actually happens. The result of $name expansion is filtered with
       the character set(7,n,1 builtins) that is specified with  the  forward_expansion_filter
       parameter.

       $user  The recipient's username.

       $shell The recipient's login(1,3,5) shell pathname.

       $home  The recipient's home directory.

       $recipient
              The full recipient address.

       $extension
              The optional recipient address extension.

       $domain
              The recipient domain.

       $local The entire recipient localpart.

       $recipient_delimiter
              The system-wide recipient address extension delimiter.

       ${name?value}
              Expands to value when $name is non-empty.

       ${name:value}
              Expands to value when $name is empty.

       Instead of $name you can also specify ${name} or $(name).

       Examples:

       forward_path = /var/forward/$user
       forward_path =
           /var/forward/$user/.forward$recipient_delimiter$extension,
           /var/forward/$user/.forward

hash_queue_depth (default: 1)
       The number of subdirectory levels for queue(1,3) directories listed with the
       hash_queue_names parameter.

       After changing the hash_queue_names or hash_queue_depth parameter, exe-
       cute the command "postfix reload".

hash_queue_names (default: deferred, defer)
       The names of queue(1,3) directories that are split(1,n) across multiple subdirec-
       tory levels.

       Before Postfix version(1,3,5) 2.2, the default list of hashed queues was  sig-
       nificantly  larger. Claims about improvements in(1,8) file(1,n) system technology
       suggest that hashing of the incoming and active  queues  is  no  longer
       needed.  Fewer  hashed  directories speed up the time(1,2,n) needed to restart
       Postfix.

       After changing the hash_queue_names or hash_queue_depth parameter, exe-
       cute the command "postfix reload".

header_address_token_limit (default: 10240)
       The  maximal number of address tokens are allowed in(1,8) an address message
       header. Information that exceeds the limit is discarded.  The limit  is
       enforced by the cleanup(8) server.

header_checks (default: empty)
       Optional  lookup tables for content inspection of primary non-MIME mes-
       sage headers, as specified in(1,8) the header_checks(5) manual page.

header_size_limit (default: 102400)
       The maximal amount of memory in(1,8) bytes for storing a message header.  If
       a  header is larger, the excess is discarded.  The limit is enforced by
       the cleanup(8) server.

helpful_warnings (default: yes)
       Log warnings about  problematic  configuration  settings,  and  provide
       helpful suggestions.

       This feature is available in(1,8) Postfix 2.0 and later.

home_mailbox (default: empty)
       Optional  pathname of a mailbox file(1,n) relative to a local(8) user's home
       directory.

       Specify a pathname ending "/" for qmail-style delivery.

       The precedence of local(8) delivery  features  from  high  to  low  is:
       aliases, .forward files, mailbox_transport, mailbox_command_maps, mail-
       box_command, home_mailbox, mail_spool_directory, fallback_transport and
       luser_relay.

       Examples:

       home_mailbox = Mailbox
       home_mailbox = Maildir/

hopcount_limit (default: 50)
       The maximal number of Received:  message headers that is allowed in(1,8) the
       primary message headers. A message that exceeds the limit  is  bounced,
       in(1,8) order to stop a mailer loop.

html_directory (default: see postconf(1,5) -d output)
       The  location of Postfix HTML files that describe how to build, config-
       ure or operate a specific Postfix subsystem or feature.

ignore_mx_lookup_error (default: no)
       Ignore DNS MX lookups that produce no response.  By default, the  Post-
       fix SMTP client defers delivery and tries again after some delay.  This
       behavior is required by the SMTP standard.

       Specify "ignore_mx_lookup_error = yes" to force a DNS A  record  lookup
       instead. This violates the SMTP standard and can result in(1,8) mis-delivery
       of mail.

import_environment (default: see postconf(1,5) -d output)
       The list of environment parameters that a Postfix process  will  import
       from a non-Postfix parent process. Examples of relevant parameters:

       TZ     Needed for sane time(1,2,n) keeping on most System-V-ish systems.

       DISPLAY
              Needed for debugging Postfix daemons with an X-windows debugger.

       XAUTHORITY
              Needed for debugging Postfix daemons with an X-windows debugger.

       MAIL_CONFIG
              Needed to make "postfix -c" work.

       Specify  a  list  of names and/or name=value pairs, separated by white-
       space or comma. The name=value form is supported with Postfix  2.1  and
       later.

in_flow_delay (default: 1s)
       Time  to pause before accepting a new message, when the message arrival
       rate exceeds the message delivery rate. This feature is  turned  on  by
       default (it's disabled on SCO UNIX due to an SCO bug).

       With  the  default  100 SMTP server process limit, "in_flow_delay = 1s"
       limits the mail(1,8) inflow to 100 messages per second above the  number  of
       messages delivered per second.

       Specify 0 to disable the feature. Valid delays are 0..10.

inet_interfaces (default: all)
       The network interface addresses that this mail(1,8) system receives mail(1,8) on.
       Specify "all" to receive mail(1,8) on all network interfaces (default),  and
       "loopback-only"  to  receive  mail(1,8)  on loopback network interfaces only
       (Postfix 2.2 and later).  The parameter also controls delivery of  mail(1,8)
       to <tt>user@[ip.address]</tt>.

       Note 1: you need to stop and start Postfix when this parameter changes.

       Note 2: address information may be  enclosed  inside  <tt>[]</tt>,  but
       this form is not recommended here.

       When  inet_interfaces  specifies just one IPv4 and/or IPv6 address that
       is not a loopback address,  the  Postfix  SMTP  client  will  use  this
       address as the IP source address for outbound mail. Support for IPv6 is
       available in(1,8) Postfix version(1,3,5) 2.2 and later.

       On a multi-homed firewall with separate Postfix instances listening  on
       the  "inside"  and "outside" interfaces, this can prevent each instance
       from being able to reach servers on the "other side" of  the  firewall.
       Setting  smtp_bind_address  to 0.0.0.0 avoids the potential problem for
       IPv4, and setting smtp_bind_address6 to :: solves the problem for IPv6.

       A better solution for multi-homed firewalls is to leave inet_interfaces
       at the default value and instead use explicit IP addresses in(1,8) the  mas-
       ter.cf  SMTP server definitions.  This preserves the SMTP client's loop
       detection, by ensuring that each side of the firewall  knows  that  the
       other  IP address is still the same host. Setting $inet_interfaces to a
       single IPv4 and/or IPV6 address is primarily useful with virtual(5,8)  host-
       ing of domains on secondary IP addresses, when each IP address serves a
       different domain (and has a different $myhostname setting).

       See also the proxy_interfaces parameter, for network addresses that are
       forwarded to Postfix by way of a proxy or address translator.

       Examples:

       inet_interfaces = all (DEFAULT)
       inet_interfaces = loopback-only (Postfix 2.2 and later)
       inet_interfaces = 127.0.0.1
       inet_interfaces = 127.0.0.1, [::1] (Postfix 2.2 and later)
       inet_interfaces = 192.168.1.2, 127.0.0.1

inet_protocols (default: ipv4)
       The  Internet  protocols  Postfix  will  attempt  to use when making or
       accepting connections. Specify one or more of "ipv4" or  "ipv6",  sepa-
       rated  by  whitespace or commas. The form "all" is equivalent to "ipv4,
       ipv6" or "ipv4", depending on whether the operating  system  implements
       IPv6.

       This feature is available in(1,8) Postfix version(1,3,5) 2.2 and later.

       Note: you MUST stop and start Postfix after changing this parameter.

       On systems that pre-date IPV6_V6ONLY support (RFC 3493), an IPv6 server
       will also accept(2,8) IPv4 connections, even when IPv4 is  turned  off  with
       the  inet_protocols  parameter.   On  systems with IPV6_V6ONLY support,
       Postfix will use separate server sockets for IPv6 and  IPv4,  and  each
       will accept(2,8) only connections for the corresponding protocol.

       When  IPv4 support is enabled via the inet_protocols parameter, Postfix
       will to DNS type A record lookups, and will convert IPv4-in-IPv6 client
       IP  addresses  (::ffff:1.2.3.4)  to their original IPv4 form (1.2.3.4).
       The latter is needed on hosts that pre-date  IPV6_V6ONLY  support  (RFC
       3493).

       When  IPv6 support is enabled via the inet_protocols parameter, Postfix
       will do DNS type AAAA record lookups.

       When both IPv4 and IPv6 support are enabled, the  Postfix  SMTP  client
       will attempt to connect via IPv6 before attempting to use IPv4.

       Examples:

       inet_protocols = ipv4 (DEFAULT)
       inet_protocols = all
       inet_protocols = ipv6
       inet_protocols = ipv4, ipv6

initial_destination_concurrency (default: 5)
       The  initial per-destination concurrency level for parallel delivery to
       the same destination. This limit applies to delivery via  smtp(8),  and
       via the pipe(2,8)(8) and virtual(5,8)(8) delivery agents.

       Warning:  with concurrency of 1, one bad message can be enough to block
       all mail(1,8) to a site.

invalid_hostname_reject_code (default: 501)
       The numerical Postfix SMTP server response code when the client HELO or
       EHLO  command  parameter  is  rejected  by  the reject_invalid_hostname
       restriction.

       Do not change this unless you have a complete understanding of RFC 821.

ipc_idle (default: 100s)
       The  time(1,2,n)  after  which  a client closes an idle internal communication
       channel.  The purpose is to  allow  servers  to  terminate  voluntarily
       after  they  become  idle.  This  is  used, for example, by the address
       resolving and rewriting clients.

       Time units: s (seconds), m (minutes), h (hours), d (days),  w  (weeks).
       The default time(1,2,n) unit is s (seconds).

ipc_timeout (default: 3600s)
       The  time(1,2,n)  limit  for sending or receiving information over an internal
       communication channel.  The purpose is to break out of deadlock  situa-
       tions.  If  the time(1,2,n) limit is exceeded the software aborts with a fatal
       error.

       Time units: s (seconds), m (minutes), h (hours), d (days),  w  (weeks).
       The default time(1,2,n) unit is s (seconds).

ipc_ttl (default: 1000s)
       The  time(1,2,n)  after which a client closes an active internal communication
       channel.  The purpose is to  allow  servers  to  terminate  voluntarily
       after  reaching  their client limit.  This is used, for example, by the
       address resolving and rewriting clients.

       Time units: s (seconds), m (minutes), h (hours), d (days),  w  (weeks).
       The default time(1,2,n) unit is s (seconds).

       This feature is available in(1,8) Postfix 2.1 and later.

line_length_limit (default: 2048)
       Upon  input,  long  lines  are  chopped  up into pieces of at most this
       length; upon delivery, long lines are reconstructed.

lmtp_cache_connection (default: yes)
       Keep Postfix LMTP client connections open(2,3,n) for up to $max_idle  seconds.
       When  the  LMTP  client  receives a request for the same connection the
       connection is reused.

       The effectiveness of cached connections will be determined by the  num-
       ber of LMTP servers in(1,8) use, and the concurrency limit specified for the
       LMTP client. Cached connections are closed under any of  the  following
       conditions:

             The LMTP client idle time(1,2,n) limit is reached.  This limit is spec-
              ified with the Postfix max_idle configuration parameter.

             A delivery request specifies a different  destination  than  the
              one currently cached.

             The  per-process  limit  on  the  number of delivery requests is
              reached.  This limit is specified with the Postfix max_use  con-
              figuration parameter.

             Upon  the  onset  of  another  delivery request, the LMTP server
              associated with the current session does not respond to the RSET
              command.

       Most  of  these  limitations will be removed after Postfix implements a
       connection cache that is shared among multiple LMTP client programs.

lmtp_connect_timeout (default: 0s)
       The LMTP client time(1,2,n) limit for completing a  TCP  connection,  or  zero
       (use the operating system built-in time(1,2,n) limit).  When no connection can
       be made within the deadline, the LMTP client tries the next address  on
       the mail(1,8) exchanger list.

       Time  units:  s (seconds), m (minutes), h (hours), d (days), w (weeks).
       The default time(1,2,n) unit is s (seconds).

       Example:

       lmtp_connect_timeout = 30s

lmtp_data_done_timeout (default: 600s)
       The LMTP client time(1,2,n) limit for sending the LMTP ".", and for  receiving
       the server response.  When no response is received within the deadline,
       a warning is logged that the mail(1,8) may be delivered multiple times.

       Time units: s (seconds), m (minutes), h (hours), d (days),  w  (weeks).
       The default time(1,2,n) unit is s (seconds).

lmtp_data_init_timeout (default: 120s)
       The  LMTP  client time(1,2,n) limit for sending the LMTP DATA command, and for
       receiving the server response.

       Time units: s (seconds), m (minutes), h (hours), d (days),  w  (weeks).
       The default time(1,2,n) unit is s (seconds).

lmtp_data_xfer_timeout (default: 180s)
       The  LMTP client time(1,2,n) limit for sending the LMTP message content.  When
       the connection stalls for more than  $lmtp_data_xfer_timeout  the  LMTP
       client terminates the transfer.

       Time  units:  s (seconds), m (minutes), h (hours), d (days), w (weeks).
       The default time(1,2,n) unit is s (seconds).

lmtp_destination_concurrency_limit   (default:    $default_destination_concur-
       rency_limit)
       The  maximal  number of parallel deliveries to the same destination via
       the lmtp message delivery transport. This  limit  is  enforced  by  the
       queue(1,3)  manager.  The message delivery transport name is the first field
       in(1,8) the entry in(1,8) the master.cf file.

lmtp_destination_recipient_limit    (default:     $default_destination_recipi-
       ent_limit)
       The  maximal  number  of  recipients  per delivery via the lmtp message
       delivery transport. This limit is enforced by the  queue(1,3)  manager.  The
       message  delivery transport name is the first field in(1,8) the entry in(1,8) the
       master.cf file.

       Setting this parameter to a value of 1 changes the meaning of lmtp_des-
       tination_concurrency_limit from concurrency per domain into concurrency
       per recipient.

lmtp_lhlo_timeout (default: 300s)
       The LMTP client time(1,2,n) limit for  receiving  the  LMTP  greeting  banner.
       When the server drops the connection without sending a greeting banner,
       or when it sends no greeting  banner  within  the  deadline,  the  LMTP
       client tries the next address on the mail(1,8) exchanger list.

       Time  units:  s (seconds), m (minutes), h (hours), d (days), w (weeks).
       The default time(1,2,n) unit is s (seconds).

lmtp_mail_timeout (default: 300s)
       The LMTP client time(1,2,n) limit for sending the MAIL FROM command,  and  for
       receiving the server response.

       Time  units:  s (seconds), m (minutes), h (hours), d (days), w (weeks).
       The default time(1,2,n) unit is s (seconds).

lmtp_quit_timeout (default: 300s)
       The LMTP client time(1,2,n) limit  for  sending  the  QUIT  command,  and  for
       receiving the server response.

       Time  units:  s (seconds), m (minutes), h (hours), d (days), w (weeks).
       The default time(1,2,n) unit is s (seconds).

lmtp_rcpt_timeout (default: 300s)
       The LMTP client time(1,2,n) limit for sending the RCPT  TO  command,  and  for
       receiving the server response.

       Time  units:  s (seconds), m (minutes), h (hours), d (days), w (weeks).
       The default time(1,2,n) unit is s (seconds).

lmtp_rset_timeout (default: 20s)
       The LMTP client time(1,2,n) limit  for  sending  the  RSET  command,  and  for
       receiving  the  server response. The LMTP client sends RSET in(1,8) order to
       finish a recipient address probe, or to verify(1,8) that a cached connection
       is still alive.

       Time  units:  s (seconds), m (minutes), h (hours), d (days), w (weeks).
       The default time(1,2,n) unit is s (seconds).

lmtp_sasl_auth_enable (default: no)
       Enable SASL authentication in(1,8) the Postfix LMTP client.

lmtp_sasl_password_maps (default: empty)
       Optional LMTP client lookup tables with one username:password entry per
       host(1,5)  or  domain.   If a remote host(1,5) or domain has no username:password
       entry, then the Postfix LMTP client will not attempt to authenticate to
       the remote host.

lmtp_sasl_security_options (default: noplaintext, noanonymous)
       What  authentication  mechanisms  the Postfix LMTP client is allowed to
       use. The list of available authentication mechanisms is  system  depen-
       dent.

       noplaintext
              Disallow authentication methods that use plaintext passwords.

       noactive
              Disallow  authentication methods that are vulnerable to non-dic-
              tionary active attacks.

       nodictionary
              Disallow authentication methods that are vulnerable  to  passive
              dictionary attack.

       noanonymous
              Disallow anonymous logins.

       Example:

       lmtp_sasl_security_options = noplaintext

lmtp_send_xforward_command (default: no)
       Send  an  XFORWARD command to the LMTP server when the LMTP LHLO server
       response announces XFORWARD support.  This allows an  lmtp(8)  delivery
       agent,  used for content filter(1,3x,3x curs_util) message injection, to forward the name,
       address, protocol and HELO name of the original client to  the  content
       filter(1,3x,3x curs_util) and downstream queuing LMTP server.  Before you change the value
       to yes, it is best to make sure that your content filter(1,3x,3x curs_util) supports  this
       command.

       This feature is available in(1,8) Postfix 2.1 and later.

lmtp_skip_quit_response (default: no)
       Wait for the response to the LMTP QUIT command.

lmtp_tcp_port (default: 24)
       The default TCP port that the Postfix LMTP client connects to.

lmtp_xforward_timeout (default: 300s)
       The  LMTP  client  time(1,2,n) limit for sending the XFORWARD command, and for
       receiving the server response.

       In case of problems the client does NOT try the  next  address  on  the
       mail(1,8) exchanger list.

       Time  units:  s (seconds), m (minutes), h (hours), d (days), w (weeks).
       The default time(1,2,n) unit is s (seconds).

       This feature is available in(1,8) Postfix 2.1 and later.

local_command_shell (default: empty)
       Optional shell program for local(8) delivery  to  non-Postfix  command.
       By  default,  non-Postfix  commands are executed directly; commands are
       given to given to /bin/sh only when they contain shell meta  characters
       or shell built-in commands.

       "sendmail(1,8)'s  restricted  shell" (smrsh) is what most people will use in(1,8)
       order to restrict what programs can be run  from  e.g.  .forward  files
       (smrsh is part of the Sendmail distribution).

       Note:  when  a  shell program is specified, it is invoked even when the
       command contains no shell built-in commands or meta characters.

       Example:

       local_command_shell = /some/where/smrsh -c

local_destination_concurrency_limit (default: 2)
       The maximal number of parallel deliveries via the local  mail(1,8)  delivery
       transport   to  the  same  recipient  (when  "local_destination_recipi-
       ent_limit = 1") or the maximal number of  parallel  deliveries  to  the
       same  local domain (when "local_destination_recipient_limit > 1"). This
       limit is enforced by the queue(1,3) manager. The message delivery  transport
       name is the first field in(1,8) the entry in(1,8) the master.cf file.

       A  low limit of 2 is recommended, just in(1,8) case someone has an expensive
       shell command in(1,8) a .forward file(1,n) or in(1,8) an alias (e.g., a  mailing  list
       manager).  You don't want to run lots of those at the same time.

local_destination_recipient_limit (default: 1)
       The  maximal  number  of  recipients per message delivery via the local
       mail(1,8) delivery transport. This limit is enforced by the  queue(1,3)  manager.
       The  message delivery transport name is the first field in(1,8) the entry in(1,8)
       the master.cf file.

       Setting this parameter to a value > 1 changes the meaning of local_des-
       tination_concurrency_limit  from concurrency per recipient into concur-
       rency per domain.

local_header_rewrite_clients (default: permit_inet_interfaces)
       Rewrite message header addresses in(1,8) mail(1,8) from these clients and  update(7,n)
       incomplete  addresses  with  the domain name in(1,8) $myorigin or $mydomain;
       either don't rewrite message headers from other clients at all, or  re-
       write(1,2)  message  headers and update(7,n) incomplete addresses with the domain
       specified in(1,8) the remote_header_rewrite_domain parameter.

       See  the  append_at_myorigin  and  append_dot_mydomain  parameters  for
       details of how domain names are appended to incomplete addresses.

       Specify a list of zero or more of the following:

        permit_inet_interfaces
              Append the domain name in(1,8) $myorigin or $mydomain when the client
              IP address matches $inet_interfaces. This is enabled by default.

        permit_mynetworks
              Append the domain name in(1,8) $myorigin or $mydomain when the client
              IP address matches any network  or  network  address  listed  in(1,8)
              $mynetworks.  This  setting  will not prevent remote mail(1,8) header
              address rewriting when mail(1,8) from a remote client is forwarded by
              a neighboring system.

        permit_sasl_authenticated
              Append the domain name in(1,8) $myorigin or $mydomain when the client
              is successfully authenticated via the RFC 2554 (AUTH)  protocol.

        permit_tls_clientcerts
              Append the domain name in(1,8) $myorigin or $mydomain when the client
              TLS certificate is successfully verified, and  the  client  cer-
              tificate fingerprint is listed in(1,8) $relay_clientcerts.

        permit_tls_all_clientcerts
              Append the domain name in(1,8) $myorigin or $mydomain when the client
              TLS certificate is successfully verified, regardless of  whether
              it  is  listed  on  the server, and regardless of the certifying
              authority.

        check_address_map type:table

        type:table
              Append the domain name in(1,8) $myorigin or $mydomain when the client
              IP  address  matches  the  specified  lookup  table.  The lookup
              result is ignored, and no subnet lookup is done. This  is  suit-
              able for, e.g., pop-before-smtp lookup tables.

       Examples:

       The  Postfix < 2.2 backwards compatible setting: always rewrite message
       headers,  and  always  append  my  own  domain  to  incomplete   header
       addresses.

           local_header_rewrite_clients = static:all

       The  purist  (and  default)  setting: rewrite headers only in(1,8) mail(1,8) from
       Postfix sendmail(1,8) and in(1,8) SMTP mail(1,8) from this machine.

           local_header_rewrite_clients = permit_inet_interfaces

       The intermediate setting: rewrite header addresses and append $myorigin
       or  $mydomain  information  only  with mail(1,8) from Postfix sendmail(1,8), from
       local clients, or from authorized SMTP clients.

       Note: this setting will not prevent remote mail(1,8) header address  rewrit-
       ing  when  mail(1,8) from a remote client is forwarded by a neighboring sys-
       tem.

           local_header_rewrite_clients = permit_mynetworks,
               permit_sasl_authenticated permit_tls_clientcerts
               check_address_map hash:/etc/postfix/pop-before-smtp

local_recipient_maps (default: proxy:unix:passwd.byname $alias_maps)
       Lookup tables with all names or addresses of local recipients: a recip-
       ient   address   is  local  when  its  domain  matches  $mydestination,
       $inet_interfaces or $proxy_interfaces.  Specify @domain as a  wild-card
       for  domains  that  do  not  have a valid recipient list.  Technically,
       tables listed with $local_recipient_maps are  used  as  lists:  Postfix
       needs  to know only if(3,n) a lookup string(3,n) is found or not, but it does not
       use the result from table lookup.

       If this parameter is non-empty (the default),  then  the  Postfix  SMTP
       server will reject mail(1,8) for unknown local users.

       To  turn off local recipient checking in(1,8) the Postfix SMTP server, spec-
       ify "local_recipient_maps =" (i.e. empty).

       The default setting assumes that you  use  the  default  Postfix  local
       delivery agent for local delivery. You need to update(7,n) the local_recipi-
       ent_maps setting if:

             You redefine the local delivery agent in(1,8) master.cf.

             You redefine the "local_transport" setting in(1,8) main.cf.

             You  use  the  "luser_relay",  "mailbox_transport",  or   "fall-
              back_transport"  feature of the Postfix local(8) delivery agent.

       Details are described in(1,8) the LOCAL_RECIPIENT_README file.

       Beware: if(3,n) the Postfix SMTP server runs chrooted, you  need  to  access(2,5)
       the  passwd(1,5)  file(1,n)  via  the  proxymap(8)  service, in(1,8) order to overcome
       chroot(1,2) access(2,5) restrictions. The alternative, maintaining a copy of  the
       system password file(1,n) in(1,8) the chroot(1,2) jail is not practical.

       Examples:

       local_recipient_maps =

local_transport (default: local:$myhostname)
       The  default mail(1,8) delivery transport for domains that match $mydestina-
       tion, $inet_interfaces or $proxy_interfaces.  This information  can  be
       overruled with the transport(5) table.

       By  default,  local  mail(1,8) is delivered to the transport called "local",
       which is just the name of a service that is defined the master.cf file.

       Specify  a string(3,n) of the form transport:nexthop, where transport is the
       name of a mail(1,8) delivery transport defined in(1,8) master.cf.   The  :nexthop
       part is optional.  For more details see the transport(5) manual page.

       Beware:  if(3,n) you override the default local delivery agent then you need
       to review  the  LOCAL_RECIPIENT_README  document,  otherwise  the  SMTP
       server may reject mail(1,8) for local recipients.

luser_relay (default: empty)
       Optional  catch-all  destination  for  unknown local(8) recipients.  By
       default, mail(1,8) for unknown recipients in(1,8) domains that match  $mydestina-
       tion,  $inet_interfaces  or $proxy_interfaces is returned as undeliver-
       able.

       The following $name expansions are done on luser_relay:

       $domain
              The recipient domain.

       $extension
              The recipient address extension.

       $home  The recipient's home directory.

       $local The entire recipient address localpart.

       $recipient
              The full recipient address.

       $recipient_delimiter
              The system-wide recipient address extension delimiter.

       $shell The recipient's login(1,3,5) shell.

       $user  The recipient username.

       ${name?value}
              Expands to value when $name has a non-empty value.

       ${name:value}
              Expands to value when $name has an empty value.

       Instead of $name you can also specify ${name} or $(name).

       Note: luser_relay works only for the Postfix local(8) delivery agent.

       Note: if(3,n) you use this feature for accounts not  in(1,8)  the  UNIX  password
       file(1,n),  then  you  must specify "local_recipient_maps =" (i.e. empty) in(1,8)
       the main.cf file(1,n), otherwise the Postfix SMTP server  will  reject  mail(1,8)
       for non-UNIX accounts with "User unknown in(1,8) local recipient table".

       Examples:

       luser_relay = $user@other.host
       luser_relay = $local@other.host
       luser_relay = admin+$local

mail_name (default: Postfix)
       The  mail(1,8)  system  name  that is displayed in(1,8) Received: headers, in(1,8) the
       SMTP greeting banner, and in(1,8) bounced mail.

mail_owner (default: postfix)
       The UNIX system account that owns the Postfix queue(1,3)  and  most  Postfix
       daemon  processes.   Specify  the  name of a user account that does not
       share a group with other accounts and that owns no other files or  pro-
       cesses  on  the system.  In particular, don't specify nobody or daemon.
       PLEASE USE A DEDICATED USER ID AND GROUP ID.

       When this parameter value is changed you need to re-run  "postfix  set-
       permissions"  (with Postfix 2.0 and earlier: "/etc/postfix/post-install
       set-permissions".

mail_release_date (default: see postconf(1,5) -d output)
       The Postfix release date, in(1,8) "YYYYMMDD" format.

mail_spool_directory (default: see postconf(1,5) -d output)
       The directory where local(8) UNIX-style mailboxes are kept. The default
       setting  depends  on  the  system  type. Specify a name ending in(1,8) / for
       maildir-style delivery.

       Note: maildir(1,5) delivery is done with the privileges  of  the  recipient.
       If you use the mail_spool_directory setting for maildir(1,5) style delivery,
       then you must create the top-level maildir(1,5) directory in(1,8) advance.  Post-
       fix will not create it.

       Examples:

       mail_spool_directory = /var/mail(1,8)
       mail_spool_directory = /var/spool/mail(1,8)

mail_version (default: see postconf(1,5) -d output)
       The   version(1,3,5)   of   the   mail(1,8)   system.  Stable  releases  are  named(5,8)
       major.minor.patchlevel. Experimental releases also include the  release
       date. The version(1,3,5) string(3,n) can be used in(1,8), for example, the SMTP greeting
       banner.

mailbox_command (default: empty)
       Optional external command that the local(8) delivery agent  should  use
       for mailbox delivery.  The command is run with the user ID and the pri-
       mary group ID privileges of the recipient.  Exception: command delivery
       for  root executes with $default_privs privileges.  This is not a prob-
       lem, because 1) mail(1,8) for root should always be aliased to a  real  user
       and 2) don't log in(1,8) as root, use "su" instead.

       The following environment variables are exported to the command:

       CLIENT_ADDRESS
              Remote  client  network  address.  Available  in(1,8) Postfix 2.2 and
              later.

       CLIENT_HELO
              Remote client EHLO command parameter. Available in(1,8)  Postfix  2.2
              and later.

       CLIENT_HOSTNAME
              Remote client hostname. Available in(1,8) Postfix 2.2 and later.

       CLIENT_PROTOCOL
              Remote client protocol. Available in(1,8) Postfix 2.2 and later.

       DOMAIN The domain part of the recipient address.

       EXTENSION
              The optional address extension.

       HOME   The recipient home directory.

       LOCAL  The recipient address localpart.

       LOGNAME
              The recipient's username.

       RECIPIENT
              The full recipient address.

       SASL_METHOD
              SASL  authentication  method specified in(1,8) the remote client AUTH
              command. Available in(1,8) Postfix 2.2 and later.

       SASL_SENDER
              SASL sender address specified in(1,8) the  remote  client  MAIL  FROM
              command. Available in(1,8) Postfix 2.2 and later.

       SASL_USER
              SASL  username  specified  in(1,8)  the  remote  client AUTH command.
              Available in(1,8) Postfix 2.2 and later.

       SENDER The full sender address.

       SHELL  The recipient's login(1,3,5) shell.

       USER   The recipient username.

       Unlike other  Postfix  configuration  parameters,  the  mailbox_command
       parameter  is  not subjected to $name substitutions. This is to make it
       easier to specify shell syntax (see example below).

       If you can, avoid shell meta characters because they will force Postfix
       to  run  an  expensive shell process. If you're delivering via Procmail
       then running a shell won't make a noticeable difference  in(1,8)  the  total
       cost.

       Note:  if(3,n)  you  use the mailbox_command feature to deliver mail(1,8) system-
       wide, you must set(7,n,1 builtins) up an alias that forwards mail(1,8) for root  to  a  real
       user.

       The  precedence  of  local(8)  delivery  features  from high to low is:
       aliases, .forward files, mailbox_transport, mailbox_command_maps, mail-
       box_command, home_mailbox, mail_spool_directory, fallback_transport and
       luser_relay.

       Examples:

       mailbox_command = /some/where/procmail
       mailbox_command = /some/where/procmail -a "$EXTENSION"
       mailbox_command = /some/where/maildrop -d "$USER"
               -f "$SENDER" "$EXTENSION"

mailbox_command_maps (default: empty)
       Optional lookup tables with per-recipient external commands to use  for
       local(8) mailbox delivery.  Behavior is as with mailbox_command.

       The  precedence  of  local(8)  delivery  features  from high to low is:
       aliases, .forward files, mailbox_transport, mailbox_command_maps, mail-
       box_command, home_mailbox, mail_spool_directory, fallback_transport and
       luser_relay.

mailbox_delivery_lock (default: see postconf(1,5) -d output)
       How to lock a UNIX-style local(8) mailbox before  attempting  delivery.
       For  a  list  of  available file(1,n) locking methods, use the "postconf(1,5) -l"
       command.

       This setting is ignored  with  maildir(1,5)  style  delivery,  because  such
       deliveries are safe without explicit locks.

       Note:  The  dotlock  method  requires that the recipient UID or GID has
       write(1,2) access(2,5) to the parent directory of the mailbox file.

       Note: the default setting of this parameter is system dependent.

mailbox_size_limit (default: 51200000)
       The maximal size of any local(8) individual mailbox or maildir(1,5) file(1,n), or
       zero  (no  limit).   In  fact, this limits the size of any file(1,n) that is
       written to upon local delivery, including  files  written  by  external
       commands that are executed by the local(8) delivery agent.

       This limit must not be smaller than the message size limit.

mailbox_transport (default: empty)
       Optional  message  delivery  transport that the local(8) delivery agent
       should use for mailbox delivery to all local recipients, whether or not
       they are found in(1,8) the UNIX passwd(1,5) database.

       The  precedence  of  local(8)  delivery  features  from high to low is:
       aliases, .forward files, mailbox_transport, mailbox_command_maps, mail-
       box_command, home_mailbox, mail_spool_directory, fallback_transport and
       luser_relay.

mailq_path (default: see postconf(1,5) -d output)
       Sendmail  compatibility  feature  that  specifies  where  the   Postfix
       mailq(1)  command  is  installed.  This command can be used to list the
       Postfix mail(1,8) queue.

manpage_directory (default: see postconf(1,5) -d output)
       Where the Postfix manual pages are installed.

maps_rbl_domains (default: empty)
       Obsolete feature: use the reject_rbl_client feature instead.

maps_rbl_reject_code (default: 554)
       The numerical Postfix SMTP server response  code  when  a  remote  SMTP
       client     request     is    blocked    by    the    reject_rbl_client,
       reject_rhsbl_client,  reject_rhsbl_sender   or   reject_rhsbl_recipient
       restriction.

       Do not change this unless you have a complete understanding of RFC 821.

masquerade_classes (default: envelope_sender, header_sender, header_recipient)
       What addresses are subject to address masquerading.

       By   default,  address  masquerading  is  limited  to  envelope  sender
       addresses, and to header sender and header recipient  addresses.   This
       allows  you  to  use address masquerading on a mail(1,8) gateway while still
       being able to forward mail(1,8) to users(1,5) on individual machines.

       Specify  zero  or   more   of:   envelope_sender,   envelope_recipient,
       header_sender, header_recipient

masquerade_domains (default: empty)
       Optional list of domains whose subdomain structure will be stripped off
       in(1,8) email addresses.

       The list is processed left to right, and processing stops at the  first
       match.  Thus,

           masquerade_domains = foo.example.com example.com

       strips  "user@any.thing.foo.example.com" to "user@foo.example.com", but
       strips "user@any.thing.else.example.com" to "user@example.com".

       A domain name prefixed with ! means do not masquerade  this  domain  or
       its subdomains. Thus,

           masquerade_domains = !foo.example.com example.com

       does  not  change  "user@any.thing.foo.example.com"  or "user@foo.exam-
       ple.com", but strips "user@any.thing.else.example.com"  to  "user@exam-
       ple.com".

       Note:  with  Postfix  version(1,3,5)  2.2, message header address masquerading
       happens only when message header address rewriting is enabled:

             The message is received with the Postfix sendmail(1,8)(1) command,

             The message is received  from  a  network  client  that  matches
              $local_header_rewrite_clients,

             The   message   is   received   from   the   network,   and  the
              remote_header_rewrite_domain  parameter  specifies  a  non-empty
              value.

       To  get  the  behavior  before  Postfix  2.2, specify "local_header_re-
       write_clients = static:all".

       Example:

       masquerade_domains = $mydomain

masquerade_exceptions (default: empty)
       Optional list of user names that are  not  subjected  to  address  mas-
       querading, even when their address matches $masquerade_domains.

       By default, address masquerading makes no exceptions.

       Specify  a  list  of user names, "/file(1,n)/name" or "type:table" patterns,
       separated by commas and/or whitespace. The  list  is  matched  left  to
       right,  and  the  search  stops  on the first match. Specify "!name" to
       exclude a name from the list. A "/file(1,n)/name" pattern is replaced by its
       contents;  a "type:table" lookup table is matched when a name matches a
       lookup key (the lookup result is  ignored).   Continue  long  lines  by
       starting the next line with whitespace.

       Examples:

       masquerade_exceptions = root, mailer-daemon
       masquerade_exceptions = root

max_idle (default: 100s)
       The  maximum  amount  of time(1,2,n) that an idle Postfix daemon process waits
       for the next service request before exiting.  This parameter is ignored
       by the Postfix queue(1,3) manager.

       Time  units:  s (seconds), m (minutes), h (hours), d (days), w (weeks).
       The default time(1,2,n) unit is s (seconds).

max_use (default: 100)
       The maximal number of  connection  requests  before  a  Postfix  daemon
       process terminates. This parameter is ignored by the Postfix queue(1,3) man-
       ager and by other long-lived Postfix daemon processes.

maximal_backoff_time (default: 4000s)
       The maximal time(1,2,n) between attempts to deliver a deferred message.

       Time units: s (seconds), m (minutes), h (hours), d (days),  w  (weeks).
       The default time(1,2,n) unit is s (seconds).

maximal_queue_lifetime (default: 5d)
       The maximal time(1,2,n) a message is queued before it is sent back as undeliv-
       erable.

       Time units: s (seconds), m (minutes), h (hours), d (days),  w  (weeks).
       The default time(1,2,n) unit is d (days).

       Specify 0 when mail(1,8) delivery should be tried only once.

message_size_limit (default: 10240000)
       The maximal size in(1,8) bytes of a message, including envelope information.

mime_boundary_length_limit (default: 2048)
       The maximal length of MIME multipart boundary strings. The MIME proces-
       sor  is unable to distinguish between boundary strings that do not dif-
       fer in(1,8) the first $mime_boundary_length_limit characters.

       This feature is available in(1,8) Postfix 2.0 and later.

mime_header_checks (default: $header_checks)
       Optional lookup tables for content inspection of MIME  related  message
       headers, as described in(1,8) the header_checks(5) manual page.

       This feature is available in(1,8) Postfix 2.0 and later.

mime_nesting_limit (default: 100)
       The maximal recursion level that the MIME processor will handle.  Post-
       fix refuses mail(1,8) that is nested deeper than the specified limit.

       This feature is available in(1,8) Postfix 2.0 and later.

minimal_backoff_time (default: 1000s)
       The minimal time(1,2,n) between attempts to deliver a deferred message.   This
       parameter  also  limits  the time(1,2,n) an unreachable destination is kept in(1,8)
       the short-term, in-memory, destination status cache.

       Time units: s (seconds), m (minutes), h (hours), d (days),  w  (weeks).
       The default time(1,2,n) unit is s (seconds).

multi_recipient_bounce_reject_code (default: 550)
       The  numerical  Postfix  SMTP  server  response code when a remote SMTP
       client request is blocked by the reject_multi_recipient_bounce restric-
       tion.

       Do not change this unless you have a complete understanding of RFC 821.

       This feature is available in(1,8) Postfix 2.1 and later.

mydestination (default: $myhostname, localhost.$mydomain, localhost)
       The list of domains that are delivered via  the  $local_transport  mail(1,8)
       delivery  transport.  By  default this is the Postfix local(8) delivery
       agent which looks up all recipients in(1,8)  /etc/passwd(1,5)  and  /etc/aliases.
       The  SMTP  server  validates  recipient  addresses  with $local_recipi-
       ent_maps and rejects non-existent recipients. See also the local domain
       class in(1,8) the ADDRESS_CLASS_README file.

       The  default  mydestination value specifies names for the local machine
       only.  On a mail(1,8) domain gateway, you should also include $mydomain.

       The  $local_transport  delivery  method  is  also  selected  for   mail(1,8)
       addressed  to  user@[the.net.work.address]  of  the mail(1,8) system (the IP
       addresses  specified  with  the  inet_interfaces  and  proxy_interfaces
       parameters).

       Warnings:

             Do  not specify the names of virtual(5,8) domains - those domains are
              specified elsewhere. See VIRTUAL_README for more information.

             Do not specify the names of domains that this machine is  backup
              MX host(1,5) for. See STANDARD_CONFIGURATION_README for how to set(7,n,1 builtins) up
              backup MX hosts.

             By default, the Postfix SMTP server rejects mail(1,8) for  recipients
              not  listed  with  the  local_recipient_maps parameter.  See the
              postconf(1,5)(5) manual for a description of the local_recipient_maps
              and unknown_local_recipient_reject_code parameters.

       Specify  a  list  of host(1,5) or domain names, "/file(1,n)/name" or "type:table"
       patterns, separated by commas and/or whitespace. A "/file(1,n)/name" pattern
       is  replaced  by  its  contents; a "type:table" lookup table is matched
       when a name matches a lookup key (the lookup result is ignored).   Con-
       tinue long lines by starting the next line with whitespace.

       Examples:

       mydestination = $myhostname, localhost.$mydomain $mydomain
       mydestination = $myhostname, localhost.$mydomain www.$mydomain, ftp.$mydomain

mydomain (default: see postconf(1,5) -d output)
       The  internet  domain  name of this mail(1,8) system.  The default is to use
       $myhostname minus the first component.  $mydomain is used as a  default
       value for many other configuration parameters.

       Example:

       mydomain = domain.tld

myhostname (default: see postconf(1,5) -d output)
       The  internet  hostname  of this mail(1,8) system. The default is to use the
       fully-qualified domain name from gethostname(). $myhostname is used  as
       a default value for many other configuration parameters.

       Example:

       myhostname = host.domain.tld

mynetworks (default: see postconf(1,5) -d output)
       The  list  of  "trusted"  SMTP  clients  that have more privileges than
       "strangers".

       In particular, "trusted" SMTP clients are allowed to relay mail(1,8) through
       Postfix.  See the smtpd_recipient_restrictions parameter description in(1,8)
       the postconf(1,5)(5) manual.

       You can specify the list of "trusted" network addresses by hand or  you
       can let Postfix do it for you (which is the default).  See the descrip-
       tion of the mynetworks_style parameter for more information.

       If you specify the mynetworks list by hand, Postfix ignores the  mynet-
       works_style setting.

       Specify  a list of network addresses or network/netmask patterns, sepa-
       rated by commas and/or whitespace. Continue long lines by starting  the
       next line with whitespace.

       The  netmask specifies the number of bits in(1,8) the network part of a host(1,5)
       address.  You can also specify "/file(1,n)/name" or  "type:table"  patterns.
       A  "/file(1,n)/name"  pattern  is  replaced  by its contents; a "type:table"
       lookup table is matched when a table entry matches a lookup string(3,n) (the
       lookup result is ignored).

       The  list  is  matched left to right, and the search stops on the first
       match.  Specify "!pattern" to exclude an address or network block  from
       the list.

       Note:  IP  version(1,3,5)  6  address  information  must  be  specified inside
       <tt>[]</tt> in(1,8) the  mynetworks  value,  and  in(1,8)  files  specified  with
       "/file(1,n)/name".   IP  version(1,3,5)  6 addresses contain the ":" character, and
       would otherwise be confused with a "type:table" pattern.

       Examples:

       mynetworks = 127.0.0.0/8 168.100.189.0/28
       mynetworks = !192.168.0.1, 192.168.0.0/28
       mynetworks = 127.0.0.0/8 168.100.189.0/28 [::1]/128 [2001:240:5c7::]/64
       mynetworks = $config_directory/mynetworks
       mynetworks = hash:/etc/postfix/network_table

mynetworks_style (default: subnet)
       The method to generate the default value for the mynetworks  parameter.
       This is the list of trusted networks for relay access(2,5) control etc.

             Specify  "mynetworks_style  =  host(1,5)" when Postfix should "trust"
              only the local machine.

             Specify "mynetworks_style = subnet" when Postfix should  "trust"
              SMTP  clients  in(1,8)  the same IP subnetworks as the local machine.
              On Linux, this works correctly only  with  interfaces  specified
              with the "ifconfig" command.

             Specify  "mynetworks_style  = class" when Postfix should "trust"
              SMTP clients in(1,8) the same IP class A/B/C networks  as  the  local
              machine.   Don't  do  this  with  a dialup site - it would cause
              Postfix to "trust" your  entire  provider's  network.   Instead,
              specify  an  explicit mynetworks list by hand, as described with
              the mynetworks configuration parameter.

myorigin (default: $myhostname)
       The domain name that locally-posted mail(1,8) appears to come from, and that
       locally  posted mail(1,8) is delivered to. The default, $myhostname, is ade-
       quate for small sites.  If you run a domain with multiple machines, you
       should  (1) change this to $mydomain and (2) set(7,n,1 builtins) up a domain-wide alias
       database that aliases each user to user@that.users.mailhost.

       Example:

       myorigin = $mydomain

nested_header_checks (default: $header_checks)
       Optional lookup tables for content inspection of non-MIME message head-
       ers  in(1,8)  attached messages, as described in(1,8) the header_checks(5) manual
       page.

       This feature is available in(1,8) Postfix 2.0 and later.

newaliases_path (default: see postconf(1,5) -d output)
       Sendmail compatibility feature  that  specifies  the  location  of  the
       newaliases(1) command. This command can be used to rebuild the local(8)
       aliases(5) database.

non_fqdn_reject_code (default: 504)
       The numerical Postfix SMTP server reply code when a client  request  is
       rejected  by  the  reject_non_fqdn_hostname,  reject_non_fqdn_sender or
       reject_non_fqdn_recipient restriction.

notify_classes (default: resource, software)
       The list of error(8,n) classes that are  reported  to  the  postmaster.  The
       default  is  to report only the most serious problems. The paranoid may
       wish to turn on the policy (UCE and mail(1,8) relaying) and  protocol  error(8,n)
       (broken mail(1,8) software) reports.

       The error(8,n) classes are:

       bounce (also implies 2bounce)
              Send  the  postmaster copies of the headers of bounced mail(1,8), and
              send(2,n) transcripts of SMTP sessions when Postfix rejects mail. The
              notification   is   sent  to  the  address  specified  with  the
              bounce_notice_recipient configuration parameter (default:  post-
              master(5,8)).

       2bounce
              Send undeliverable bounced mail(1,8) to the postmaster. The notifica-
              tion   is   sent   to   the   address   specified    with    the
              2bounce_notice_recipient configuration parameter (default: post-
              master(5,8)).

       delay  Send the postmaster copies of the headers of delayed  mail.  The
              notification   is   sent  to  the  address  specified  with  the
              delay_notice_recipient configuration parameter  (default:  post-
              master(5,8)).

       policy Send  the  postmaster  a  transcript  of the SMTP session when a
              client request was rejected because of (UCE) policy. The notifi-
              cation   is   sent   to   the   address   specified   with   the
              error_notice_recipient configuration parameter  (default:  post-
              master(5,8)).

       protocol
              Send  the postmaster a transcript of the SMTP session in(1,8) case of
              client or server protocol errors. The notification  is  sent  to
              the address specified with the error_notice_recipient configura-
              tion parameter (default: postmaster).

       resource
              Inform the postmaster of mail(1,8)  not  delivered  due  to  resource
              problems.   The  notification  is  sent to the address specified
              with   the   error_notice_recipient   configuration    parameter
              (default: postmaster).

       software
              Inform  the  postmaster  of  mail(1,8)  not delivered due to software
              problems.  The notification is sent  to  the  address  specified
              with    the   error_notice_recipient   configuration   parameter
              (default: postmaster).

       Examples:

       notify_classes = bounce, delay, policy, protocol, resource, software
       notify_classes = 2bounce, resource, software

owner_request_special (default: yes)
       Give special treatment to owner-listname and  listname-request  address
       localparts:  don't split(1,n) such addresses when the recipient_delimiter is
       set(7,n,1 builtins) to "-".  This feature is useful for mailing lists.

parent_domain_matches_subdomains (default: see postconf(1,5) -d output)
       What Postfix features match subdomains of  "domain.tld"  automatically,
       instead  of  requiring  an  explicit  ".domain.tld"  pattern.   This is
       planned backwards compatibility:  eventually, all Postfix features  are
       expected  to  require  explicit  ".domain.tld"  style patterns when you
       really want to match subdomains.

permit_mx_backup_networks (default: empty)
       Restrict the use of the permit_mx_backup SMTP access(2,5)  feature  to  only
       domains whose primary MX hosts match the listed networks.

pickup_service_name (default: pickup)
       The  name  of  the  pickup(8) service. This service picks up local mail(1,8)
       submissions from the Postfix maildrop queue.

       This feature is available in(1,8) Postfix 2.0 and later.

prepend_delivered_header (default: command, file(1,n), forward)
       The message delivery contexts where the Postfix local(8) delivery agent
       prepends a Delivered-To:  message header.

       By  default,  the Postfix local delivery agent prepends a Delivered-To:
       header when forwarding mail(1,8) and when delivering to file(1,n)  (mailbox)  and
       command.  Turning  off the Delivered-To: header when forwarding mail(1,8) is
       not recommended.

       Specify zero or more of forward, file(1,n), or command.

       Example:

       prepend_delivered_header = forward

process_id (read-only)
       The process ID of a Postfix command or daemon process.

process_id_directory (default: pid)
       The location of Postfix PID files relative to  $queue_directory.   This
       is a read-only parameter.

process_name (read-only)
       The process name of a Postfix command or daemon process.

propagate_unmatched_extensions (default: canonical, virtual(5,8))
       What  address  lookup  tables copy an address extension from the lookup
       key to the lookup result.

       For example, with a virtual(5,8)(5) mapping of "joe@domain -> joe.user", the
       address "joe+foo@domain" would rewrite to "joe.user+foo".

       Specify  zero or more of canonical, virtual(5,8), alias, forward, include or
       generic. These cause address extension propagation  with  canonical(5),
       virtual(5,8)(5),  and  aliases(5) maps, with local(8) .forward and :include:
       file(1,n) lookups, and with smtp(8) generic maps, respectively.

       Note: enabling this feature for types other than canonical and  virtual(5,8)
       is  likely  to  cause  problems  when mail(1,8) is forwarded to other sites,
       especially with mail(1,8) that is sent to a mailing list exploder address.

       Examples:

       propagate_unmatched_extensions = canonical, virtual(5,8), alias,
               forward, include
       propagate_unmatched_extensions = canonical, virtual(5,8)

proxy_interfaces (default: empty)
       The network interface addresses that this mail(1,8) system receives mail(1,8)  on
       by way of a proxy or network address translation unit.

       This feature is available in(1,8) Postfix 2.0 and later.

       You must specify your "outside" proxy/NAT addresses when your system is
       a backup MX host(1,5) for other domains, otherwise mail(1,8) delivery loops  will
       happen when the primary MX host(1,5) is down.

       Example:

       proxy_interfaces = 1.2.3.4

proxy_read_maps (default: see postconf(1,5) -d output)
       The  lookup  tables  that  the proxymap(8) server is allowed to access.
       Table references that don't begin with proxy: are ignored.   The  prox-
       ymap(8) table accesses are read-only.

       This feature is available in(1,8) Postfix 2.0 and later.

qmgr_clog_warn_time (default: 300s)
       The minimal delay between warnings that a specific destination is clog-
       ging up the Postfix active queue. Specify 0 to disable.

       This feature is enabled with the helpful_warnings parameter.

       This feature is available in(1,8) Postfix 2.0 and later.

qmgr_fudge_factor (default: 100)
       Obsolete feature: the percentage of delivery resources that a busy mail(1,8)
       system will use up for delivery of a large mailing  list message.

       This feature exists only in(1,8) the oqmgr(8) old queue(1,3) manager. The current
       queue(1,3) manager solves the problem in(1,8) a better way.

qmgr_message_active_limit (default: 20000)
       The maximal number of messages in(1,8) the active queue.

qmgr_message_recipient_limit (default: 20000)
       The maximal number of recipients held in(1,8) memory by  the  Postfix  queue(1,3)
       manager,  and the maximal size of the size of the short-term, in-memory
       "dead" destination status cache.

qmgr_message_recipient_minimum (default: 10)
       The minimal number of in-memory recipients for any message. This  takes
       priority  over  any  other in-memory recipient limits (i.e., the global
       qmgr_message_recipient_limit and the per transport _recipient_limit) if(3,n)
       necessary. The minimum value allowed for this parameter is 1.

qmqpd_authorized_clients (default: empty)
       What clients are allowed to connect to the QMQP server port.

       By  default,  no  client is allowed to use the service. This is because
       the QMQP server will relay mail(1,8) to any destination.

       Specify a list of client patterns. A  list  pattern  specifies  a  host(1,5)
       name,  a  domain  name, an internet address, or a network/mask pattern,
       where the mask specifies the number of bits in(1,8) the network part.   When
       a  pattern  specifies a file(1,n) name, its contents are substituted for the
       file(1,n) name; when a pattern is a "type:table" table specification,  table
       lookup is used instead.

       Patterns are separated by whitespace and/or commas. In order to reverse
       the result, precede a non-file name pattern with an  exclamation  point
       (!).

       Example:

       qmqpd_authorized_clients = !192.168.0.1, 192.168.0.0/24

qmqpd_error_delay (default: 1s)
       How  long the QMQP server will pause before sending a negative reply to
       the client. The purpose is to slow down confused or malicious  clients.

       Time  units:  s (seconds), m (minutes), h (hours), d (days), w (weeks).
       The default time(1,2,n) unit is s (seconds).

qmqpd_timeout (default: 300s)
       The time(1,2,n) limit for sending or receiving information over  the  network.
       If  a  read(2,n,1 builtins) or write(1,2) operation blocks for more than $qmqpd_timeout sec-
       onds the QMQP server gives up and disconnects.

       Time units: s (seconds), m (minutes), h (hours), d (days),  w  (weeks).
       The default time(1,2,n) unit is s (seconds).

queue_directory (default: see postconf(1,5) -d output)
       The location of the Postfix top-level queue(1,3) directory. This is the root
       directory of Postfix daemon processes that run chrooted.

queue_file_attribute_count_limit (default: 100)
       The maximal number of (name=value) attributes that may be stored  in(1,8)  a
       Postfix queue(1,3) file. The limit is enforced by the cleanup(8) server.

       This feature is available in(1,8) Postfix 2.0 and later.

queue_minfree (default: 0)
       The minimal amount of free space in(1,8) bytes in(1,8) the queue(1,3) file(1,n) system that
       is needed to receive mail.  This is currently used by the  SMTP  server
       to decide if(3,n) it will accept(2,8) any mail(1,8) at all.

       By default, the Postfix 2.1 SMTP server rejects MAIL FROM commands when
       the amount of free space  is  less(1,3)  than  1.5*$message_size_limit.   To
       specify  a  higher  minimum  free  space limit, specify a queue_minfree
       value that is at least 1.5*$message_size_limit.

       With Postfix versions 2.0 and earlier, a queue_minfree  value  of  zero
       means there is no minimum required amount of free space.

queue_run_delay (default: 1000s)
       The time(1,2,n) between deferred queue(1,3) scans by the queue(1,3) manager.

       Time  units:  s (seconds), m (minutes), h (hours), d (days), w (weeks).
       The default time(1,2,n) unit is s (seconds).

queue_service_name (default: qmgr)
       The name of the qmgr(8) service. This service manages the Postfix queue(1,3)
       and schedules delivery requests.

       This feature is available in(1,8) Postfix 2.0 and later.

rbl_reply_maps (default: empty)
       Optional  lookup  tables  with  RBL  response templates. The tables are
       indexed by the RBL domain name. By default, Postfix  uses  the  default
       template  as specified with the default_rbl_reply configuration parame-
       ter. See there for a discussion of the syntax of RBL reply templates.

       This feature is available in(1,8) Postfix 2.0 and later.

readme_directory (default: see postconf(1,5) -d output)
       The location of Postfix README files that describe how to  build,  con-
       figure or operate a specific Postfix subsystem or feature.

receive_override_options (default: empty)
       Enable  or disable recipient validation, built-in content filtering, or
       address mapping. Typically, these are specified in(1,8)  master.cf  as  com-
       mand-line arguments for the smtpd(8), qmqpd(8) or pickup(8) daemons.

       Specify  zero  or  more of the following options.  The options override
       main.cf settings and are either implemented by smtpd(8),  qmqpd(8),  or
       pickup(8) themselves, or they are forwarded to the cleanup server.

       no_unknown_recipient_checks
              Do  not  try  to  reject  unknown recipients (SMTP server only).
              This is typically specified AFTER an external content filter.

       no_address_mappings
              Disable canonical address mapping, virtual(5,8) alias map  expansion,
              address  masquerading,  and  automatic  BCC  (blind carbon-copy)
              recipients. This is typically specified BEFORE an external  con-
              tent filter.

       no_header_body_checks
              Disable header/body_checks. This is typically specified AFTER an
              external content filter.

       Note: when the "BEFORE content filter(1,3x,3x curs_util)" receive_override_options setting
       is  specified  in(1,8)  the main.cf file(1,n), specify the "AFTER content filter(1,3x,3x curs_util)"
       receive_override_options setting in(1,8) master.cf (and vice versa).

       Examples:

       receive_override_options =
           no_unknown_recipient_checks, no_header_body_checks
       receive_override_options = no_address_mappings

       This feature is available in(1,8) Postfix 2.1 and later.

recipient_bcc_maps (default: empty)
       Optional BCC (blind carbon-copy)  address  lookup  tables,  indexed  by
       recipient  address.   The  BCC  address  (multiple results are not sup-
       ported) is added when mail(1,8) enters from outside of Postfix.

       This feature is available in(1,8) Postfix 2.1 and later.

       The table search order is as follows:

             Look up the "user+extension@domain.tld"  address  including  the
              optional address extension.

             Look  up  the  "user@domain.tld"  address  without  the optional
              address extension.

             Look up the "user+extension" address local part when the recipi-
              ent domain equals $myorigin, $mydestination, $inet_interfaces or
              $proxy_interfaces.

             Look up the "user" address local part when the recipient  domain
              equals    $myorigin,    $mydestination,    $inet_interfaces   or
              $proxy_interfaces.

             Look up the "@domain.tld" part.

       Specify the types and names of databases to  use.   After  change,  run
       "postmap /etc/postfix/recipient_bcc".

       Note:  if(3,n)  mail(1,8)  to  the BCC address bounces it will be returned to the
       sender.

       Note: automatic BCC recipients are produced  only  for  new  mail.   To
       avoid mailer loops, automatic BCC recipients are not generated for mail(1,8)
       that Postfix forwards internally, nor for mail(1,8) that  Postfix  generates
       itself.

       Example:

       recipient_bcc_maps = hash:/etc/postfix/recipient_bcc

recipient_canonical_classes (default: envelope_recipient, header_recipient)
       What addresses are subject to recipient_canonical_maps address mapping.
       By default, recipient_canonical_maps  address  mapping  is  applied  to
       envelope recipient addresses, and to header recipient addresses.

       Specify one or more of: envelope_recipient, header_recipient

       This feature is available in(1,8) Postfix 2.2 and later.

recipient_canonical_maps (default: empty)
       Optional  address mapping lookup tables for envelope and header recipi-
       ent addresses.  The table format and lookups are documented in(1,8)  canoni-
       cal(5).

       Note: $recipient_canonical_maps is processed before $canonical_maps.

       Example:

       recipient_canonical_maps = hash:/etc/postfix/recipient_canonical

recipient_delimiter (default: empty)
       The  separator  between  user  names and address extensions (user+foo).
       See canonical(5), local(8), relocated(5) and virtual(5,8)(5) for the effects
       this has on aliases, canonical, virtual(5,8), relocated and on .forward file(1,n)
       lookups.  Basically,  the  software  tries  user+foo  and  .forward+foo
       before trying user and .forward.

       Example:

       recipient_delimiter = +

reject_code (default: 554)
       The  numerical  Postfix  SMTP  server  response code when a remote SMTP
       client request is rejected by the "reject" restriction.

       Do not change this unless you have a complete understanding of RFC 821.

relay_clientcerts (default: empty)
       The  list of remote SMTP client certificates for which the Postfix SMTP
       server will allow access(2,5) with the permit_tls_clientcerts feature.  This
       feature  does not use certificate names, because Postfix list manipula-
       tion routines treat whitespace and some other  characters  as  special.
       Instead  we  use certificate fingerprints as they are difficult to fake
       but easy to use for lookup.

       Postfix lookup tables are in(1,8) the form of (key, value) pairs.  Since  we
       only  need  the  key, the value can be chosen freely, e.g.  the name of
       the  user  or   host:   D7:04:2F:A7:0B:8C:A5:21:FA:31:77:E1:41:8A:EE:80
       lutzpc.at.home

       Example:

       relay_clientcerts = hash:/etc/postfix/relay_clientcerts

       For  more  fine-grained  control,  use  check_ccert_access to select(2,7,2 select_tut) an
       appropriate  access(2,5)(5)  policy   for   each   client.    See   RESTRIC-
       TION_CLASS_README.

       This feature is available with Postfix 2.2.

relay_destination_concurrency_limit   (default:   $default_destination_concur-
       rency_limit)
       The maximal number of parallel deliveries to the same  destination  via
       the  relay  message  delivery  transport. This limit is enforced by the
       queue(1,3) manager. The message delivery transport name is the  first  field
       in(1,8) the entry in(1,8) the master.cf file.

       This feature is available in(1,8) Postfix version(1,3,5) 2.0 and later.

relay_destination_recipient_limit    (default:    $default_destination_recipi-
       ent_limit)
       The maximal number of recipients per delivery  via  the  relay  message
       delivery  transport.  This  limit is enforced by the queue(1,3) manager. The
       message delivery transport name is the first field in(1,8) the entry in(1,8)  the
       master.cf file.

       Setting  this  parameter  to  a  value  of  1  changes  the  meaning of
       relay_destination_concurrency_limit from concurrency  per  domain  into
       concurrency per recipient.

       This feature is available in(1,8) Postfix version(1,3,5) 2.0 and later.

relay_domains (default: $mydestination)
       What  destination  domains  (and  subdomains  thereof) this system will
       relay  mail(1,8)  to.  Subdomain  matching  is  controlled  with  the   par-
       ent_domain_matches_subdomains  parameter.  For  details  about  how the
       relay_domains  value  is  used,  see  the  description  of   the   per-
       mit_auth_destination   and   reject_unauth_destination  SMTP  recipient
       restrictions.

       Domains that match $relay_domains are delivered with the  $relay_trans-
       port  mail(1,8)  delivery  transport.  The  SMTP  server validates recipient
       addresses with $relay_recipient_maps and rejects  non-existent  recipi-
       ents.   See   also   the   relay   domains   address   class   in(1,8)   the
       ADDRESS_CLASS_README file.

       Note: Postfix will not automatically forward mail(1,8) for domains that list
       this  system  as  their  primary  or  backup  MX  host.  See  the  per-
       mit_mx_backup restriction in(1,8) the postconf(1,5)(5) manual page.

       Specify a list of  host(1,5)  or  domain  names,  "/file(1,n)/name"  patterns  or
       "type:table"  lookup  tables,  separated  by  commas and/or whitespace.
       Continue long lines by  starting  the  next  line  with  whitespace.  A
       "/file(1,n)/name" pattern is replaced by its contents; a "type:table" lookup
       table is matched when a (parent) domain appears as lookup key.

relay_domains_reject_code (default: 554)
       The numerical Postfix SMTP server response code when a  client  request
       is rejected by the reject_unauth_destination recipient restriction.

       Do not change this unless you have a complete understanding of RFC 821.

relay_recipient_maps (default: empty)
       Optional lookup tables with all valid addresses  in(1,8)  the  domains  that
       match  $relay_domains.  Specify @domain as a wild-card for domains that
       do not have a valid recipient list.  Technically,  tables  listed  with
       $relay_recipient_maps  are used as lists: Postfix needs to know only if(3,n)
       a lookup string(3,n) is found or not, but it does not use  the  result  from
       table lookup.

       If  this  parameter  is  non-empty,  then  the Postfix SMTP server will
       reject mail(1,8) to unknown relay users. This feature is off by default.

       See also the relay domains address class  in(1,8)  the  ADDRESS_CLASS_README
       file.

       Example:

       relay_recipient_maps = hash:/etc/postfix/relay_recipients

       This feature is available in(1,8) Postfix 2.0 and later.

relay_transport (default: relay)
       The  default  mail(1,8)  delivery  transport  and  next-hop  information for
       domains that match the $relay_domains parameter value. This information
       can be overruled with the transport(5) table.

       Specify  a string(3,n) of the form transport:nexthop, where transport is the
       name of a mail(1,8) delivery transport defined in(1,8) master.cf.   The  :nexthop
       part is optional.  For more details see the transport(5) manual page.

       See  also  the  relay domains address class in(1,8) the ADDRESS_CLASS_README
       file.

       This feature is available in(1,8) Postfix 2.0 and later.

relayhost (default: empty)
       The default host(1,5) to send(2,n) non-local mail(1,8) to when no entry is matched  in(1,8)
       the  optional  transport(5)  table. When no relayhost is given, mail(1,8) is
       routed directly to the destination.

       On an intranet, specify the organizational domain name. If your  inter-
       nal  DNS  uses  no MX records, specify the name of the intranet gateway
       host(1,5) instead.

       In the case of SMTP, specify a domain  name,  hostname,  hostname:port,
       [hostname]:port,  [hostaddress]  or [hostaddress]:port. The form [host-
       name] turns off MX lookups.

       If you're connected via UUCP,  see  the  UUCP_README  file(1,n)  for  useful
       information.

       Examples:

       relayhost = $mydomain
       relayhost = [gateway.my.domain]
       relayhost = uucphost
       relayhost = [an.ip.add.ress]

relocated_maps (default: empty)
       Optional  lookup  tables  with  new  contact  information  for users(1,5) or
       domains that no longer exist.  The table format and lookups  are  docu-
       mented in(1,8) relocated(5).

       If  you use this feature, run "postmap /etc/postfix/relocated" to build
       the necessary DBM or DB file(1,n) after change,  then  "postfix  reload"  to
       make the changes visible.

       Examples:

       relocated_maps = dbm:/etc/postfix/relocated
       relocated_maps = hash:/etc/postfix/relocated

remote_header_rewrite_domain (default: empty)
       Don't  rewrite  message  headers  from  remote clients at all when this
       parameter is empty; otherwise, rewrite message headers and  append  the
       specified  domain  name  to incomplete addresses.  The local_header_re-
       write_clients parameter controls what clients Postfix considers  local.

       Examples:

       The   safe   setting:  append  "domain.invalid"  to  incomplete  header
       addresses from remote SMTP clients, so that those addresses  cannot  be
       confused with local addresses.

           remote_header_rewrite_domain = domain.invalid

       The default, purist, setting: don't rewrite headers from remote clients
       at all.

           remote_header_rewrite_domain =

require_home_directory (default: no)
       Whether or not a local(8) recipient's home directory must exist  before
       mail(1,8)  delivery  is attempted. By default this test is disabled.  It can
       be useful for environments that import home  directories  to  the  mail(1,8)
       server (NOT RECOMMENDED).

resolve_dequoted_address (default: yes)
       Resolve  a  recipient  address  safely instead of correctly, by looking
       inside quotes.

       By default, the Postfix address resolver(3,5) does  not  quote  the  address
       localpart  as  per  RFC  822, so that additional @ or % or !  operators
       remain visible. This behavior is safe but it is also technically incor-
       rect.

       If  you  specify  "resolve_dequoted_address  =  no",  then  the Postfix
       resolver(3,5) will not know about additional @ etc. operators in(1,8) the address
       localpart. This opens opportunities for obscure mail(1,8) relay attacks with
       user@domain@domain addresses when Postfix provides  backup  MX  service
       for Sendmail systems.

resolve_null_domain (default: no)
       Resolve  an  address  that  ends in(1,8) the "@" null domain as if(3,n) the local
       hostname were specified, instead of rejecting the address as invalid.

       This feature is available in(1,8) Postfix version(1,3,5) 2.1  and  later.   Earlier
       versions always resolve the null domain as the local hostname.

       The  Postfix  SMTP  server  uses this feature to reject mail(1,8) from or to
       addresses that end in(1,8) the "@" null domain, and from addresses that  re-
       write(1,2) into a form that ends in(1,8) the "@" null domain.

rewrite_service_name (default: rewrite)
       The  name  of  the  address  rewriting  service.  This service rewrites
       addresses to standard form and resolves them  to  a  (delivery  method,
       next-hop host(1,5), recipient) triple.

       This feature is available in(1,8) Postfix 2.0 and later.

sample_directory (default: /etc/postfix)
       The name of the directory with example Postfix configuration files.

sender_based_routing (default: no)
       This parameter should not be used.

sender_bcc_maps (default: empty)
       Optional  BCC  (blind  carbon-copy)  address  lookup tables, indexed by
       sender address.  The BCC address (multiple results are  not  supported)
       is added when mail(1,8) enters from outside of Postfix.

       This feature is available in(1,8) Postfix 2.1 and later.

       The table search order is as follows:

             Look  up  the  "user+extension@domain.tld" address including the
              optional address extension.

             Look up  the  "user@domain.tld"  address  without  the  optional
              address extension.

             Look  up the "user+extension" address local part when the sender
              domain equals  $myorigin,  $mydestination,  $inet_interfaces  or
              $proxy_interfaces.

             Look  up  the  "user"  address local part when the sender domain
              equals   $myorigin,    $mydestination,    $inet_interfaces    or
              $proxy_interfaces.

             Look up the "@domain.tld" part.

       Specify  the  types  and  names of databases to use.  After change, run
       "postmap /etc/postfix/sender_bcc".

       Note: if(3,n) mail(1,8) to the BCC address bounces it will  be  returned  to  the
       sender.

       Note:  automatic  BCC  recipients  are  produced only for new mail.  To
       avoid mailer loops, automatic BCC recipients are not generated for mail(1,8)
       that  Postfix  forwards internally, nor for mail(1,8) that Postfix generates
       itself.

       Example:

       sender_bcc_maps = hash:/etc/postfix/sender_bcc

sender_canonical_classes (default: envelope_sender, header_sender)
       What addresses are subject to  sender_canonical_maps  address  mapping.
       By  default,  sender_canonical_maps address mapping is applied to enve-
       lope sender addresses, and to header sender addresses.

       Specify one or more of: envelope_sender, header_sender

       This feature is available in(1,8) Postfix 2.2 and later.

sender_canonical_maps (default: empty)
       Optional address mapping lookup tables for envelope and  header  sender
       addresses.   The  table  format  and  lookups are documented in(1,8) canoni-
       cal(5).

       Example: you want to rewrite the SENDER address  "user@ugly.domain"  to
       "user@pretty.domain", while still being able to send(2,n) mail(1,8) to the RECIP-
       IENT address "user@ugly.domain".

       Note: $sender_canonical_maps is processed before $canonical_maps.

       Example:

       sender_canonical_maps = hash:/etc/postfix/sender_canonical

sendmail_path (default: see postconf(1,5) -d output)
       A Sendmail compatibility feature that specifies  the  location  of  the
       Postfix  sendmail(1,8)(1)  command.  This command can be used to submit mail(1,8)
       into the Postfix queue.

service_throttle_time (default: 60s)
       How long the Postfix master(5,8)(8)  waits  before  forking  a  server  that
       appears to be malfunctioning.

       Time  units:  s (seconds), m (minutes), h (hours), d (days), w (weeks).
       The default time(1,2,n) unit is s (seconds).

setgid_group (default: postdrop)
       The group ownership of set-gid Postfix commands and  of  group-writable
       Postfix  directories.  When this parameter value is changed you need to
       re-run  "postfix  set-permissions"  (with  Postfix  2.0  and   earlier:
       "/etc/postfix/post-install set-permissions".

show_user_unknown_table_name (default: yes)
       Display  the  name  of  the  recipient  table  in(1,8)  the  "User  unknown"
       responses.  The extra detail makes trouble  shooting  easier  but  also
       reveals information that is nobody elses business.

       This feature is available in(1,8) Postfix 2.0 and later.

showq_service_name (default: showq)
       The name of the showq(8) service. This service produces mail(1,8) queue(1,3) sta-
       tus reports.

       This feature is available in(1,8) Postfix 2.0 and later.

smtp_always_send_ehlo (default: yes)
       Always send(2,n) EHLO at the start of an SMTP session.

       With "smtp_always_send_ehlo = no", Postfix sends  EHLO  only  when  the
       word  "ESMTP"  appears  in(1,8)  the  server  greeting  banner (example: 220
       spike.porcupine.org ESMTP Postfix).

smtp_bind_address (default: empty)
       An optional numerical network address that the SMTP client should  bind(2,n,1 builtins)
       to when making an IPv4 connection.

       This  can  be specified in(1,8) the main.cf file(1,n) for all SMTP clients, or it
       can be specified in(1,8) the master.cf file(1,n) for a specific client, for exam-
       ple:

         /etc/postfix/master.cf:
               smtp ... smtp -o smtp_bind_address=11.22.33.44

       Note  1:  when inet_interfaces specifies no more than one IPv4 address,
       and that address is a non-loopback address, it is automatically used as
       the  smtp_bind_address.  This supports virtual(5,8) IP hosting, but can be a
       problem on multi-homed firewalls. See the inet_interfaces documentation
       for more detail.

       Note  2:  address  information  may be enclosed inside <tt>[]</tt>, but
       this form is not recommended here.

smtp_bind_address6 (default: empty)
       An optional numerical network address that the SMTP client should  bind(2,n,1 builtins)
       to when making an IPv6 connection.

       This feature is available in(1,8) Postfix version(1,3,5) 2.2 and later.

       This  can  be specified in(1,8) the main.cf file(1,n) for all SMTP clients, or it
       can be specified in(1,8) the master.cf file(1,n) for a specific client, for exam-
       ple:

         /etc/postfix/master.cf:
               smtp ... smtp -o smtp_bind_address6=1:2:3:4:5:6:7:8

       Note  1:  when inet_interfaces specifies no more than one IPv6 address,
       and that address is a non-loopback address, it is automatically used as
       the smtp_bind_address6.  This supports virtual(5,8) IP hosting, but can be a
       problem on multi-homed firewalls. See the inet_interfaces documentation
       for more detail.

       Note  2:  address  information  may be enclosed inside <tt>[]</tt>, but
       this form is not recommended here.

smtp_connect_timeout (default: 30s)
       The SMTP client time(1,2,n) limit for completing a  TCP  connection,  or  zero
       (use the operating system built-in time(1,2,n) limit).

       When  no  connection  can  be made within the deadline, the SMTP client
       tries the next address on the mail(1,8) exchanger list. Specify 0 to disable
       the time(1,2,n) limit (i.e. use whatever timeout(1,3x,3x cbreak) is implemented by the operat-
       ing system).

       Time units: s (seconds), m (minutes), h (hours), d (days),  w  (weeks).
       The default time(1,2,n) unit is s (seconds).

smtp_connection_cache_destinations (default: empty)
       Permanently  enable  SMTP connection caching for the specified destina-
       tions.  With SMTP connection caching, a connection is not closed  imme-
       diately  after  completion of a mail(1,8) transaction.  Instead, the connec-
       tion is kept open(2,3,n) for up to $smtp_connection_cache_time_limit  seconds.
       This  allows  connections  to  be  reused for other deliveries, and can
       improve mail(1,8) delivery performance.

       Specify a comma or  white  space  separated  list  of  destinations  or
       pseudo-destinations:

             if(3,n)  mail(1,8) is sent without a relay host: a domain name (the right-
              hand side of an email address, without the [] around  a  numeric
              IP address),

             if(3,n)  mail(1,8) is sent via a relay host: a relay host(1,5) name (without []
              or non-default TCP port), as specified  in(1,8)  main.cf  or  in(1,8)  the
              transport map,

             a  /file(1,n)/name  with  domain  names  and/or  relay  host(1,5) names as
              defined above,

             a "type:table" with domain names and/or relay hosts name on  the
              left-hand  side.   The  right-hand side result from "type:table"
              lookups is ignored.

       This feature is available in(1,8) Postfix 2.2 and later.

smtp_connection_cache_on_demand (default: yes)
       Temporarily enable SMTP connection caching while a  destination  has  a
       high volume of mail(1,8) in(1,8) the active queue.  With SMTP connection caching,
       a connection is not closed  immediately  after  completion  of  a  mail(1,8)
       transaction.  Instead, the connection is kept open(2,3,n) for up to $smtp_con-
       nection_cache_time_limit seconds.  This allows connections to be reused
       for other deliveries, and can improve mail(1,8) delivery performance.

       This feature is available in(1,8) Postfix 2.2 and later.

smtp_connection_cache_reuse_limit (default: 10)
       When  SMTP  connection  caching is enabled, the number of times that an
       SMTP session is reused before it is closed.

       This feature is available in(1,8) Postfix 2.2 and later.

smtp_connection_cache_time_limit (default: 2s)
       When SMTP connection caching is enabled, the amount  of  time(1,2,n)  that  an
       unused  SMTP  client  socket(2,7,n)  is kept open(2,3,n) before it is closed.  Do not
       specify larger values without permission from the remote sites.

       This feature is available in(1,8) Postfix 2.2 and later.

smtp_data_done_timeout (default: 600s)
       The SMTP client time(1,2,n) limit for sending the SMTP ".", and for  receiving
       the server response.

       When  no  response is received within the deadline, a warning is logged
       that the mail(1,8) may be delivered multiple times.

       Time units: s (seconds), m (minutes), h (hours), d (days),  w  (weeks).
       The default time(1,2,n) unit is s (seconds).

smtp_data_init_timeout (default: 120s)
       The  SMTP  client time(1,2,n) limit for sending the SMTP DATA command, and for
       receiving the server response.

       Time units: s (seconds), m (minutes), h (hours), d (days),  w  (weeks).
       The default time(1,2,n) unit is s (seconds).

smtp_data_xfer_timeout (default: 180s)
       The  SMTP client time(1,2,n) limit for sending the SMTP message content.  When
       the connection makes no progress for more than  $smtp_data_xfer_timeout
       seconds the SMTP client terminates the transfer.

       Time  units:  s (seconds), m (minutes), h (hours), d (days), w (weeks).
       The default time(1,2,n) unit is s (seconds).

smtp_defer_if_no_mx_address_found (default: no)
       Defer mail(1,8) delivery when no MX record resolves to an IP address.

       The default (no) is to return the mail(1,8)  as  undeliverable.  With  older
       Postfix  versions  the  default  was to keep trying to deliver the mail(1,8)
       until someone fixed the MX record or until the mail(1,8) was too old.

       Note: Postfix always ignores MX records with equal or worse  preference
       than the local MTA itself.

       This feature is available in(1,8) Postfix 2.1 and later.

smtp_destination_concurrency_limit    (default:   $default_destination_concur-
       rency_limit)
       The maximal number of parallel deliveries to the same  destination  via
       the  smtp  message  delivery  transport.  This limit is enforced by the
       queue(1,3) manager. The message delivery transport name is the  first  field
       in(1,8) the entry in(1,8) the master.cf file.

smtp_destination_recipient_limit     (default:    $default_destination_recipi-
       ent_limit)
       The maximal number of recipients per  delivery  via  the  smtp  message
       delivery  transport.  This  limit is enforced by the queue(1,3) manager. The
       message delivery transport name is the first field in(1,8) the entry in(1,8)  the
       master.cf file.

       Setting this parameter to a value of 1 changes the meaning of smtp_des-
       tination_concurrency_limit from concurrency per domain into concurrency
       per recipient.

smtp_discard_ehlo_keyword_address_maps (default: empty)
       Lookup  tables,  indexed  by  the remote SMTP server address, with case
       insensitive lists of EHLO keywords (pipelining, starttls,  auth,  etc.)
       that  the  SMTP  client  will ignore in(1,8) the EHLO response from a remote
       SMTP server. See smtp_discard_ehlo_keywords for details.

smtp_discard_ehlo_keywords (default: empty)
       A case insensitive list of EHLO keywords (pipelining,  starttls,  auth,
       etc.)  that  the  SMTP  client  will ignore in(1,8) the EHLO response from a
       remote SMTP server.

       Notes:

             Specify the silent-discard pseudo keyword to prevent this action
              from being logged.

             Use  the  smtp_discard_ehlo_keyword_address_maps feature to dis-
              card EHLO keywords selectively.

smtp_enforce_tls (default: no)
       Enforcement mode: require that remote SMTP servers use TLS  encryption,
       and  never  send(2,n) mail(1,8) in(1,8) the clear.  This also requires that the remote
       SMTP server hostname matches the information in(1,8) the remote server  cer-
       tificate,  and  that the remote SMTP server certificate was issued by a
       CA that is trusted by the  Postfix  SMTP  client.  If  the  certificate
       doesn't  verify(1,8) or the hostname doesn't match, delivery is deferred and
       mail(1,8) stays in(1,8) the queue.

       The server hostname is matched against all names provided  as  dNSNames
       in(1,8)  the SubjectAlternativeName.  If no dNSNames are specified, the Com-
       monName  is  checked.   The  behavior   may   be   changed   with   the
       smtp_tls_enforce_peername option.

       This  option  is  useful  only if(3,n) you are definitely sure that you will
       only connect to servers that support RFC 2487 _and_ that provide  valid
       server  certificates.   Typical  use is for clients that send(2,n) all their
       email to a dedicated mailhub.

smtp_generic_maps (default: empty)
       Optional lookup tables that  perform  address  rewriting  in(1,8)  the  SMTP
       client,  typically to transform a locally valid address into a globally
       valid address when sending mail(1,8) across the Internet.   This  is  needed
       when  the local machine does not have its own Internet domain name, but
       uses something like localdomain.local instead.

       The table format and lookups are documented in(1,8) generic(5); examples are
       shown in(1,8) the ADDRESS_REWRITING_README and STANDARD_CONFIGURATION_README
       documents.

       This feature is available in(1,8) Postfix 2.2 and later.

smtp_helo_name (default: $myhostname)
       The hostname to send(2,n) in(1,8) the SMTP EHLO or HELO command.

       The default value is the  machine  hostname.   Specify  a  hostname  or
       [ip.add.re.ss].

       This  information  can  be  specified  in(1,8) the main.cf file(1,n) for all SMTP
       clients, or it can be specified in(1,8) the master.cf file(1,n)  for  a  specific
       client, for example:

         /etc/postfix/master.cf:
               mysmtp ... smtp -o smtp_helo_name=foo.bar.com

       This feature is available in(1,8) Postfix 2.0 and later.

smtp_helo_timeout (default: 300s)
       The  SMTP  client  time(1,2,n) limit for sending the HELO or EHLO command, and
       for receiving the initial server response.

       Time units: s (seconds), m (minutes), h (hours), d (days),  w  (weeks).
       The default time(1,2,n) unit is s (seconds).

smtp_host_lookup (default: dns)
       What  mechanisms  when  the  SMTP  client  uses  to look(1,8,3 Search::Dict) up a host(1,5)'s IP
       address.  This parameter is ignored when DNS lookups are disabled.

       Specify one of the following:

       dns    Hosts can be found in(1,8) the DNS (preferred).

       native Use the native naming service only (nsswitch.conf, or equivalent
              mechanism).

       dns, native
              Use the native service for hosts not found in(1,8) the DNS.

       This feature is available in(1,8) Postfix 2.1 and later.

smtp_line_length_limit (default: 990)
       The  maximal  length of message header and body lines that Postfix will
       send(2,n) via SMTP.  Longer lines are broken by inserting "<CR><LF><SPACE>".
       This minimizes the damage to MIME formatted mail.

       By  default, the line length is limited to 990 characters, because some
       server implementations cannot receive mail(1,8) with long lines.

smtp_mail_timeout (default: 300s)
       The SMTP client time(1,2,n) limit for sending the MAIL FROM command,  and  for
       receiving the server response.

       Time  units:  s (seconds), m (minutes), h (hours), d (days), w (weeks).
       The default time(1,2,n) unit is s (seconds).

smtp_mx_address_limit (default: 0)
       The maximal number of MX (mail(1,8) exchanger) IP addresses that can  result
       from mail(1,8) exchanger lookups, or zero (no limit).

       This feature is available in(1,8) Postfix 2.1 and later.

smtp_mx_session_limit (default: 2)
       The  maximal number of SMTP sessions per delivery request before giving
       up or delivering to a fall-back relay host(1,5), or zero  (no  limit).  This
       restriction ignores IP addresses that fail to complete the SMTP initial
       handshake.

       This feature is available in(1,8) Postfix 2.1 and later.

smtp_never_send_ehlo (default: no)
       Never send(2,n) EHLO  at  the  start  of  an  SMTP  session.  See  also  the
       smtp_always_send_ehlo parameter.

smtp_pix_workaround_delay_time (default: 10s)
       How  long  the Postfix SMTP client pauses before sending ".<CR><LF>" in(1,8)
       order to work around the PIX firewall "<CR><LF>.<CR><LF>" bug.

       Choosing a too short time(1,2,n) makes this workaround ineffective when  send-
       ing large messages over slow network connections.

smtp_pix_workaround_threshold_time (default: 500s)
       How   long   a   message   must  be  queued  before  the  PIX  firewall
       "<CR><LF>.<CR><LF>" bug workaround is turned on.

       By default, the workaround is turned off for mail(1,8) that  is  queued  for
       less(1,3)  than  500  seconds.  In  other  words, the workaround is normally
       turned off for the first delivery attempt.

       Specify 0 to enable the PIX firewall "<CR><LF>.<CR><LF>" bug workaround
       upon the first delivery attempt.

smtp_quit_timeout (default: 300s)
       The  SMTP  client  time(1,2,n)  limit  for  sending  the QUIT command, and for
       receiving the server response.

       Time units: s (seconds), m (minutes), h (hours), d (days),  w  (weeks).
       The default time(1,2,n) unit is s (seconds).

smtp_quote_rfc821_envelope (default: yes)
       Quote  addresses  in(1,8) SMTP MAIL FROM and RCPT TO commands as required by
       RFC 821. This includes putting quotes around an address localpart  that
       ends in(1,8) ".".

       The  default  is  to comply with RFC 821. If you have to send(2,n) mail(1,8) to a
       broken SMTP server, configure a special SMTP client in(1,8) master.cf:

           /etc/postfix/master.cf:
               broken-smtp . . . smtp -o smtp_quote_rfc821_envelope=no

       and route mail(1,8) for the destination in(1,8)  question  to  the  "broken-smtp"
       message delivery with a transport(5) table.

       This feature is available in(1,8) Postfix 2.1 and later.

smtp_randomize_addresses (default: yes)
       Randomize  the  order of equal-preference MX host(1,5) addresses.  This is a
       performance feature of the Postfix SMTP client.

smtp_rcpt_timeout (default: 300s)
       The SMTP client time(1,2,n) limit for sending the SMTP RCPT  TO  command,  and
       for receiving the server response.

       Time  units:  s (seconds), m (minutes), h (hours), d (days), w (weeks).
       The default time(1,2,n) unit is s (seconds).

smtp_rset_timeout (default: 20s)
       The SMTP client time(1,2,n) limit  for  sending  the  RSET  command,  and  for
       receiving  the  server response. The SMTP client sends RSET in(1,8) order to
       finish a recipient address probe, or to verify(1,8) that a cached session is
       still usable.

       This feature is available in(1,8) Postfix 2.1 and later.

smtp_sasl_auth_enable (default: no)
       Enable SASL authentication in(1,8) the Postfix SMTP client.  By default, the
       Postfix SMTP client uses no authentication.

       Example:

       smtp_sasl_auth_enable = yes

smtp_sasl_mechanism_filter (default: empty)
       If non-empty, a Postfix SMTP client filter(1,3x,3x curs_util) for the remote SMTP server's
       list of offered SASL mechanisms.  Different client and server implemen-
       tations may support different mechanism lists. By default, the  Postfix
       SMTP  client  will  use  the  intersection of the two. smtp_sasl_mecha-
       nism_filter further restricts what server mechanisms  the  client  will
       take into consideration.

       Specify  mechanism  names, "/file(1,n)/name" patterns or "type:table" lookup
       tables.  The  right-hand  side  result  from  "type:table"  lookups  is
       ignored.

       This feature is available in(1,8) Postfix 2.2 and later.

       Examples:

       smtp_sasl_mechanism_filter = plain, login(1,3,5)
       smtp_sasl_mechanism_filter = /etc/postfix/smtp_mechs
       smtp_sasl_mechanism_filter = !gssapi, !login(1,3,5), static:rest

smtp_sasl_password_maps (default: empty)
       Optional SMTP client lookup tables with one username:password entry per
       remote hostname or domain.  If a remote host(1,5) or  domain  has  no  user-
       name:password  entry,  then the Postfix SMTP client will not attempt to
       authenticate to the remote host.

       The Postfix SMTP client opens the lookup table before going  to  chroot(1,2)
       jail, so you can leave the password file(1,n) in(1,8) /etc/postfix.

smtp_sasl_security_options (default: noplaintext, noanonymous)
       What  authentication  mechanisms  the Postfix SMTP client is allowed to
       use. The list of available authentication mechanisms is  system  depen-
       dent.

       Specify zero or more of the following:

       noplaintext
              Disallow methods that use plaintext passwords.

       noactive
              Disallow methods subject to active (non-dictionary) attack.

       nodictionary
              Disallow methods subject to passive (dictionary) attack.

       noanonymous
              Disallow methods that allow anonymous authentication.

       mutual_auth
              Only  allow  methods  that  provide  mutual  authentication (not
              available with SASL version(1,3,5) 1).

       Example:

       smtp_sasl_security_options = noplaintext

smtp_sasl_tls_security_options (default: $smtp_sasl_security_options)
       The SASL authentication security options that the Postfix  SMTP  client
       uses for TLS encrypted SMTP sessions.

smtp_send_xforward_command (default: no)
       Send  the  non-standard  XFORWARD  command when the Postfix SMTP server
       EHLO response announces XFORWARD support.

       This allows an "smtp" delivery agent, used for injecting  mail(1,8)  into  a
       content filter(1,3x,3x curs_util), to forward the name, address, protocol and HELO name of
       the original client to the content filter(1,3x,3x curs_util) and downstream  queuing  SMTP
       server.  This can produce more useful logging than localhost[127.0.0.1]
       etc.

       This feature is available in(1,8) Postfix 2.1 and later.

smtp_skip_4xx_greeting (default: yes)
       Skip SMTP servers that greet with a 4XX status code (go away, try again
       later).

       By   default,  Postfix  moves  on  the  next  mail(1,8)  exchanger.  Specify
       "smtp_skip_4xx_greeting = no" if(3,n) Postfix should defer delivery  immedi-
       ately.

       This  feature  is  available in(1,8) Postfix version(1,3,5) 2.0 and earlier.  Later
       Postfix versions always skip SMTP servers that greet with a 4XX  status
       code.

smtp_skip_5xx_greeting (default: yes)
       Skip  SMTP  servers  that greet with a 5XX status code (go away, do not
       try again later).

       By default, the Postfix SMTP client moves on the next  mail(1,8)  exchanger.
       Specify "smtp_skip_5xx_greeting = no" if(3,n) Postfix should bounce the mail(1,8)
       immediately. The default setting is incorrect, but it is what a lot  of
       people expect to happen.

smtp_skip_quit_response (default: yes)
       Do not wait for the response to the SMTP QUIT command.

smtp_starttls_timeout (default: 300s)
       Time limit for Postfix SMTP client write(1,2) and read(2,n,1 builtins) operations during TLS
       startup and shutdown(2,8) handshake procedures.

smtp_tls_CAfile (default: empty)
       The file(1,n) with the certificate of the certification authority (CA)  that
       issued  the  Postfix SMTP client certificate.  This is needed only when
       the CA certificate is not already present  in(1,8)  the  client  certificate
       file.

       Example:

       smtp_tls_CAfile = /etc/postfix/CAcert.pem

smtp_tls_CApath (default: empty)
       Directory  with  PEM format certificate authority certificates that the
       Postfix SMTP client uses to verify(1,8) a remote  SMTP  server  certificate.
       Don't  forget  to  create the necessary "hash" links with, for example,
       "$OPENSSL_HOME/bin/c_rehash /etc/postfix/certs".

       To use this option in(1,8) chroot(1,2) mode, this directory (or a copy)  must  be
       inside the chroot(1,2) jail.

       Example:

       smtp_tls_CApath = /etc/postfix/certs

smtp_tls_cert_file (default: empty)
       File  with the Postfix SMTP client RSA certificate in(1,8) PEM format.  This
       file(1,n) may also contain the client private key, and these may be the same
       as the server certificate and key file.

       In  order to verify(1,8) certificates, the CA certificate (in(1,8) case of a cer-
       tificate chain, all CA certificates) must be available.  You should add
       these  certificates  to  the server certificate, the server certificate
       first, then the issuing CA(s).

       Example: the certificate for "client.dom.ain" was issued by "intermedi-
       ate  CA"  which  itself  has  a  certificate  of "root CA".  Create the
       client.pem   file(1,n)   with   "cat   client_cert.pem   intermediate_CA.pem
       root_CA.pem > client.pem".

       If  you  want to accept(2,8) remote SMTP server certificates issued by these
       CAs  yourself,  you  can  also  add  the   CA   certificates   to   the
       smtp_tls_CAfile,  in(1,8) which case it is not necessary to have them in(1,8) the
       smtp_tls_cert_file or smtp_tls_dcert_file.

       A certificate supplied here must be usable as  SSL  client  certificate
       and hence pass the "openssl verify(1,8) -purpose sslclient ..." test.

       Example:

       smtp_tls_cert_file = /etc/postfix/client.pem

smtp_tls_cipherlist (default: empty)
       Controls  the  Postfix  SMTP  client  TLS cipher selection scheme.  For
       details, see the OpenSSL documentation. Note:  do  not  use  ""  quotes
       around the parameter value.

smtp_tls_dcert_file (default: empty)
       File  with the Postfix SMTP client DSA certificate in(1,8) PEM format.  This
       file(1,n) may also contain the server private key.

       See the discussion under smtp_tls_cert_file for more details.

       Example:

       smtp_tls_dcert_file = /etc/postfix/client-dsa.pem

smtp_tls_dkey_file (default: $smtp_tls_dcert_file)
       File with the Postfix SMTP client DSA private key in(1,8) PEM  format.   The
       private  key  must  not  be  encrypted. In other words, the key must be
       accessible without password.

       This file(1,n) may be combined with the server  certificate  file(1,n)  specified
       with $smtp_tls_cert_file.

smtp_tls_enforce_peername (default: yes)
       When  TLS  encryption  is enforced, require that the remote SMTP server
       hostname matches the information in(1,8) the remote SMTP server certificate.
       As  of  RFC 2487 the requirements for hostname checking for MTA clients
       are not specified.

       This option can be set(7,n,1 builtins) to "no" to disable strict  peer  name  checking.
       This  setting  has  no  effect  on sessions that are controlled via the
       smtp_tls_per_site table.

       Disabling the hostname verification can make sense in(1,8)  closed  environ-
       ment where special CAs are created.  If not used carefully, this option
       opens the danger of a "man-in-the-middle"  attack  (the  CommonName  of
       this attacker will be logged).

smtp_tls_key_file (default: $smtp_tls_cert_file)
       File  with the Postfix SMTP client RSA private key in(1,8) PEM format.  This
       file(1,n) may be combined with the client certificate  file(1,n)  specified  with
       $smtp_tls_cert_file.

       The  private key must not be encrypted. In other words, the key must be
       accessible without password.

       Example:

       smtp_tls_key_file = $smtp_tls_cert_file

smtp_tls_loglevel (default: 0)
       Enable additional Postfix SMTP client logging of  TLS  activity.   Each
       logging  level  also includes the information that is logged at a lower
       logging level.

              0 Disable logging of TLS activity.

              1 Log TLS handshake and certificate information.

              2 Log levels during TLS negotiation.

              3 Log hexadecimal and ASCII dump of TLS negotiation process.

              4 Log hexadecimal and ASCII dump of complete transmission  after
              STARTTLS.

       Use "smtp_tls_loglevel = 3" only in(1,8) case of problems. Use of loglevel 4
       is strongly discouraged.

smtp_tls_note_starttls_offer (default: no)
       Log the hostname of a remote SMTP server that offers STARTTLS, when TLS
       is not already enabled for that server.

       The logfile record looks like:

       postfix/smtp[pid]:  Host offered STARTTLS: [name.of.host]

smtp_tls_per_site (default: empty)
       Optional lookup tables with the Postfix SMTP client TLS usage policy by
       next-hop domain name and by remote SMTP server hostname.

       Table format:  domain names or server hostnames are  specified  on  the
       left-hand side; no wildcards are allowed.  On the right hand side spec-
       ify one of the following keywords:

       NONE   Don't use TLS at all.

       MAY    Try to use STARTTLS if(3,n) offered, otherwise  use  the  unencrypted
              connection.

       MUST   Require  usage  of STARTTLS, require that the remote SMTP server
              hostname matches the information in(1,8) the remote SMTP server  cer-
              tificate,  and  require  that the remote SMTP server certificate
              was issued by a trusted CA.

       MUST_NOPEERMATCH
              Require usage of STARTTLS, but do not require  that  the  remote
              SMTP  server hostname matches the information in(1,8) the remote SMTP
              server certificate, or that the server certificate was issued by
              a trusted CA.

       Special  hint  for enforcement mode:  since no secure DNS lookup mecha-
       nism is available, the recommended  setup(2,8)  is:   specify  local  trans-
       port(5)  table  entries for sensitive domains with explicit smtp:[mail-
       host(1,5)] destinations (since you can assure security of this table  unlike
       DNS),  then  specify MUST for these mail(1,8) hosts in(1,8) the smtp_tls_per_site
       table.

smtp_tls_scert_verifydepth (default: 5)
       The verification depth for remote SMTP server certificates. A depth  of
       1  is  sufficient, if(3,n) the certificate is directly issued by a CA listed
       in(1,8) the CA files.  The default  value  (5)  should  suffice  for  longer
       chains (the root CA issues special CA which then issues the actual cer-
       tificate...).

smtp_tls_session_cache_database (default: empty)
       Name of the file(1,n) containing the optional Postfix SMTP client  TLS  ses-
       sion  cache. Specify a database type that supports enumeration, such as
       btree or sdbm; there is no need to support concurrent access.  The file(1,n)
       is created if(3,n) it does not exist.

       Note:  dbm  databases  are  not  suitable.  TLS session objects are too
       large.

       Example:

       smtp_tls_session_cache_database = btree:/var/postfix/smtp_scache

smtp_tls_session_cache_timeout (default: 3600s)
       The expiration time(1,2,n) of Postfix SMTP client TLS session  cache  informa-
       tion.   A  cache cleanup is performed periodically every $smtp_tls_ses-
       sion_cache_timeout seconds.

smtp_use_tls (default: no)
       Opportunistic mode: use TLS when a remote SMTP server announces  START-
       TLS  support,  otherwise  send(2,n) the mail(1,8) in(1,8) the clear. Beware: some SMTP
       servers offer STARTTLS even if(3,n) it is not configured.  If the TLS  hand-
       shake fails, and no other server is available, delivery is deferred and
       mail(1,8) stays in(1,8) the queue.  If  this  is  a  concern  for  you,  use  the
       smtp_tls_per_site feature instead.

smtp_xforward_timeout (default: 300s)
       The  SMTP  client  time(1,2,n) limit for sending the XFORWARD command, and for
       receiving the server response.

       Time units: s (seconds), m (minutes), h (hours), d (days),  w  (weeks).
       The default time(1,2,n) unit is s (seconds).

       This feature is available in(1,8) Postfix 2.1 and later.

smtpd_authorized_verp_clients (default: $authorized_verp_clients)
       What  SMTP clients are allowed to specify the XVERP command.  This com-
       mand requests that mail(1,8) be delivered one recipient at a time(1,2,n) with a per
       recipient return address.

       By default, no clients are allowed to specify XVERP.

       This parameter was renamed with Postfix 2.1. The default value is back-
       wards compatible with Postfix 2.0.

       Specify a list of network/netmask patterns, separated by commas  and/or
       whitespace.  The  mask specifies the number of bits in(1,8) the network part
       of a host(1,5) address. You can also specify hostnames or .domain names (the
       initial   dot   causes   the  domain  to  match  any  name  below  it),
       "/file(1,n)/name" or  "type:table"  patterns.   A  "/file(1,n)/name"  pattern  is
       replaced by its contents; a "type:table" lookup table is matched when a
       table entry matches a lookup string(3,n) (the  lookup  result  is  ignored).
       Continue long lines by starting the next line with whitespace.

       Note:  IP  version(1,3,5)  6  address  information  must  be  specified inside
       <tt>[]</tt> in(1,8) the smtpd_authorized_verp_clients value,  and  in(1,8)  files
       specified  with  "/file(1,n)/name".   IP version(1,3,5) 6 addresses contain the ":"
       character, and would otherwise be confused with a "type:table" pattern.

smtpd_authorized_xclient_hosts (default: empty)
       What SMTP clients are allowed to use the XCLIENT feature.  This command
       overrides SMTP client information that is used for access(2,5) control. Typ-
       ical use is for SMTP-based content filters, fetchmail-like programs, or
       SMTP server access(2,5) rule testing. See the  XCLIENT_README  document  for
       details.

       This feature is available in(1,8) Postfix 2.1 and later.

       By default, no clients are allowed to specify XCLIENT.

       Specify  a list of network/netmask patterns, separated by commas and/or
       whitespace. The mask specifies the number of bits in(1,8) the  network  part
       of a host(1,5) address. You can also specify hostnames or .domain names (the
       initial  dot  causes  the  domain  to  match  any   name   below   it),
       "/file(1,n)/name"  or  "type:table"  patterns.   A  "/file(1,n)/name"  pattern is
       replaced by its contents; a "type:table" lookup table is matched when a
       table  entry  matches  a  lookup string(3,n) (the lookup result is ignored).
       Continue long lines by starting the next line with whitespace.

       Note: IP  version(1,3,5)  6  address  information  must  be  specified  inside
       <tt>[]</tt>  in(1,8)  the smtpd_authorized_xclient_hosts value, and in(1,8) files
       specified with "/file(1,n)/name".  IP version(1,3,5) 6 addresses  contain  the  ":"
       character, and would otherwise be confused with a "type:table" pattern.

smtpd_authorized_xforward_hosts (default: empty)
       What SMTP clients are allowed to use the XFORWARD feature.   This  com-
       mand  forwards  information that is used to improve logging after SMTP-
       based content filters. See the XFORWARD_README document for details.

       This feature is available in(1,8) Postfix 2.1 and later.

       By default, no clients are allowed to specify XFORWARD.

       Specify a list of network/netmask patterns, separated by commas  and/or
       whitespace.  The  mask specifies the number of bits in(1,8) the network part
       of a host(1,5) address. You can also specify hostnames or .domain names (the
       initial   dot   causes   the  domain  to  match  any  name  below  it),
       "/file(1,n)/name" or  "type:table"  patterns.   A  "/file(1,n)/name"  pattern  is
       replaced by its contents; a "type:table" lookup table is matched when a
       table entry matches a lookup string(3,n) (the  lookup  result  is  ignored).
       Continue long lines by starting the next line with whitespace.

       Note:  IP  version(1,3,5)  6  address  information  must  be  specified inside
       <tt>[]</tt> in(1,8) the smtpd_authorized_xforward_hosts value, and in(1,8)  files
       specified  with  "/file(1,n)/name".   IP version(1,3,5) 6 addresses contain the ":"
       character, and would otherwise be confused with a "type:table" pattern.

smtpd_banner (default: $myhostname ESMTP $mail_name)
       The  text that follows the 220 status code in(1,8) the SMTP greeting banner.
       Some people like to see the mail(1,8) version(1,3,5) advertised. By default,  Post-
       fix shows no version.

       You MUST specify $myhostname at the start of the text. This is required
       by the SMTP protocol.

       Example:

       smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)

smtpd_client_connection_count_limit (default: 50)
       How many simultaneous connections any client is allowed to make to this
       service.   By  default,  the  limit  is set(7,n,1 builtins) to half the default process
       limit value.

       To disable this feature, specify a limit of 0.

       WARNING: The purpose of this feature is to limit abuse. It must not  be
       used to regulate legitimate mail(1,8) traffic.

       This feature is available in(1,8) Postfix 2.2 and later.

smtpd_client_connection_rate_limit (default: 0)
       The maximal number of connection attempts any client is allowed to make
       to this service per time(1,2,n) unit.  The time(1,2,n) unit  is  specified  with  the
       anvil_rate_time_unit configuration parameter.

       By  default,  a  client  can  make as many connections per time(1,2,n) unit as
       Postfix can accept.

       To disable this feature, specify a limit of 0.

       WARNING: The purpose of this feature is to limit abuse. It must not  be
       used to regulate legitimate mail(1,8) traffic.

       This feature is available in(1,8) Postfix 2.2 and later.

       Example:

       smtpd_client_connection_rate_limit = 1000

smtpd_client_event_limit_exceptions (default: $mynetworks)
       Clients  that  are  excluded from connection count, connection rate, or
       SMTP request rate restrictions.

       By default, clients in(1,8) trusted networks are excluded. Specify a list of
       network  blocks, hostnames or .domain names (the initial dot causes the
       domain to match any name below it).

       Note: IP  version(1,3,5)  6  address  information  must  be  specified  inside
       <tt>[]</tt>  in(1,8)  the  smtpd_client_event_limit_exceptions value, and in(1,8)
       files specified with "/file(1,n)/name".  IP version(1,3,5) 6 addresses contain  the
       ":" character, and would otherwise be confused with a "type:table" pat-
       tern.

       This feature is available in(1,8) Postfix 2.2 and later.

smtpd_client_message_rate_limit (default: 0)
       The maximal number of message delivery  requests  that  any  client  is
       allowed to make to this service per time(1,2,n) unit, regardless of whether or
       not Postfix actually accepts those messages.  The time(1,2,n) unit  is  speci-
       fied with the anvil_rate_time_unit configuration parameter.

       By  default,  a  client  can send(2,n) as many message delivery requests per
       time(1,2,