You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

816 lines
32 KiB

  1. # DO NOT EDIT THIS FILE. EDIT THE MAIN.CF FILE INSTEAD. THE
  2. # TEXT HERE JUST SHOWS DEFAULT SETTINGS BUILT INTO POSTFIX.
  3. #
  4. 2bounce_notice_recipient = postmaster
  5. access_map_defer_code = 450
  6. access_map_reject_code = 554
  7. address_verify_cache_cleanup_interval = 12h
  8. address_verify_default_transport = $default_transport
  9. address_verify_local_transport = $local_transport
  10. address_verify_map = btree:$data_directory/verify_cache
  11. address_verify_negative_cache = yes
  12. address_verify_negative_expire_time = 3d
  13. address_verify_negative_refresh_time = 3h
  14. address_verify_poll_count = ${stress?1}${stress:3}
  15. address_verify_poll_delay = 3s
  16. address_verify_positive_expire_time = 31d
  17. address_verify_positive_refresh_time = 7d
  18. address_verify_relay_transport = $relay_transport
  19. address_verify_relayhost = $relayhost
  20. address_verify_sender = $double_bounce_sender
  21. address_verify_sender_dependent_default_transport_maps = $sender_dependent_default_transport_maps
  22. address_verify_sender_dependent_relayhost_maps = $sender_dependent_relayhost_maps
  23. address_verify_sender_ttl = 0s
  24. address_verify_service_name = verify
  25. address_verify_transport_maps = $transport_maps
  26. address_verify_virtual_transport = $virtual_transport
  27. allow_mail_to_commands = alias, forward
  28. allow_mail_to_files = alias, forward
  29. allow_min_user = no
  30. allow_percent_hack = yes
  31. allow_untrusted_routing = no
  32. alternate_config_directories =
  33. always_add_missing_headers = no
  34. always_bcc =
  35. anvil_rate_time_unit = 60s
  36. anvil_status_update_time = 600s
  37. append_at_myorigin = yes
  38. append_dot_mydomain = yes
  39. application_event_drain_time = 100s
  40. authorized_flush_users = static:anyone
  41. authorized_mailq_users = static:anyone
  42. authorized_submit_users = static:anyone
  43. backwards_bounce_logfile_compatibility = yes
  44. berkeley_db_create_buffer_size = 16777216
  45. berkeley_db_read_buffer_size = 131072
  46. best_mx_transport =
  47. biff = yes
  48. body_checks =
  49. body_checks_size_limit = 51200
  50. bounce_notice_recipient = postmaster
  51. bounce_queue_lifetime = 5d
  52. bounce_service_name = bounce
  53. bounce_size_limit = 50000
  54. bounce_template_file =
  55. broken_sasl_auth_clients = no
  56. canonical_classes = envelope_sender, envelope_recipient, header_sender, header_recipient
  57. canonical_maps =
  58. cleanup_service_name = cleanup
  59. command_execution_directory =
  60. command_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
  61. command_time_limit = 1000s
  62. connection_cache_protocol_timeout = 5s
  63. connection_cache_service_name = scache
  64. connection_cache_status_update_time = 600s
  65. connection_cache_ttl_limit = 2s
  66. content_filter =
  67. cyrus_sasl_config_path =
  68. daemon_table_open_error_is_fatal = no
  69. daemon_timeout = 18000s
  70. debug_peer_level = 2
  71. debug_peer_list =
  72. debugger_command =
  73. default_delivery_slot_cost = 5
  74. default_delivery_slot_discount = 50
  75. default_delivery_slot_loan = 3
  76. default_destination_concurrency_failed_cohort_limit = 1
  77. default_destination_concurrency_limit = 20
  78. default_destination_concurrency_negative_feedback = 1
  79. default_destination_concurrency_positive_feedback = 1
  80. default_destination_rate_delay = 0s
  81. default_destination_recipient_limit = 50
  82. default_extra_recipient_limit = 1000
  83. default_filter_nexthop =
  84. default_minimum_delivery_slots = 3
  85. default_privs = nobody
  86. default_process_limit = 100
  87. default_rbl_reply = $rbl_code Service unavailable; $rbl_class [$rbl_what] blocked using $rbl_domain${rbl_reason?; $rbl_reason}
  88. default_recipient_limit = 20000
  89. default_recipient_refill_delay = 5s
  90. default_recipient_refill_limit = 100
  91. default_transport = smtp
  92. default_verp_delimiters = +=
  93. defer_code = 450
  94. defer_service_name = defer
  95. defer_transports =
  96. delay_logging_resolution_limit = 2
  97. delay_notice_recipient = postmaster
  98. delay_warning_time = 0h
  99. deliver_lock_attempts = 20
  100. deliver_lock_delay = 1s
  101. destination_concurrency_feedback_debug = no
  102. detect_8bit_encoding_header = yes
  103. disable_dns_lookups = no
  104. disable_mime_input_processing = no
  105. disable_mime_output_conversion = no
  106. disable_verp_bounces = no
  107. disable_vrfy_command = no
  108. dnsblog_reply_delay = 0s
  109. dnsblog_service_name = dnsblog
  110. dont_remove = 0
  111. double_bounce_sender = double-bounce
  112. duplicate_filter_limit = 1000
  113. empty_address_default_transport_maps_lookup_key = <>
  114. empty_address_recipient = MAILER-DAEMON
  115. empty_address_relayhost_maps_lookup_key = <>
  116. enable_long_queue_ids = no
  117. enable_original_recipient = yes
  118. error_delivery_slot_cost = $default_delivery_slot_cost
  119. error_delivery_slot_discount = $default_delivery_slot_discount
  120. error_delivery_slot_loan = $default_delivery_slot_loan
  121. error_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
  122. error_destination_concurrency_limit = $default_destination_concurrency_limit
  123. error_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
  124. error_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
  125. error_destination_rate_delay = $default_destination_rate_delay
  126. error_destination_recipient_limit = $default_destination_recipient_limit
  127. error_extra_recipient_limit = $default_extra_recipient_limit
  128. error_initial_destination_concurrency = $initial_destination_concurrency
  129. error_minimum_delivery_slots = $default_minimum_delivery_slots
  130. error_notice_recipient = postmaster
  131. error_recipient_limit = $default_recipient_limit
  132. error_recipient_refill_delay = $default_recipient_refill_delay
  133. error_recipient_refill_limit = $default_recipient_refill_limit
  134. error_service_name = error
  135. execution_directory_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
  136. expand_owner_alias = no
  137. export_environment = TZ MAIL_CONFIG LANG
  138. fallback_transport =
  139. fallback_transport_maps =
  140. fast_flush_domains = $relay_domains
  141. fast_flush_purge_time = 7d
  142. fast_flush_refresh_time = 12h
  143. fault_injection_code = 0
  144. flush_service_name = flush
  145. fork_attempts = 5
  146. fork_delay = 1s
  147. forward_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
  148. forward_path = $home/.forward${recipient_delimiter}${extension}, $home/.forward
  149. frozen_delivered_to = yes
  150. hash_queue_depth = 1
  151. hash_queue_names = deferred, defer
  152. header_address_token_limit = 10240
  153. header_checks =
  154. header_size_limit = 102400
  155. helpful_warnings = yes
  156. home_mailbox =
  157. hopcount_limit = 50
  158. ignore_mx_lookup_error = no
  159. import_environment = MAIL_CONFIG MAIL_DEBUG MAIL_LOGTAG TZ XAUTHORITY DISPLAY LANG=C
  160. in_flow_delay = 1s
  161. inet_interfaces = all
  162. inet_protocols = all
  163. initial_destination_concurrency = 5
  164. internal_mail_filter_classes =
  165. invalid_hostname_reject_code = 501
  166. ipc_idle = 5s
  167. ipc_timeout = 3600s
  168. ipc_ttl = 1000s
  169. line_length_limit = 2048
  170. lmdb_map_size = 16777216
  171. lmtp_address_preference = any
  172. lmtp_assume_final = no
  173. lmtp_bind_address =
  174. lmtp_bind_address6 =
  175. lmtp_body_checks =
  176. lmtp_cname_overrides_servername = no
  177. lmtp_connect_timeout = 0s
  178. lmtp_connection_cache_destinations =
  179. lmtp_connection_cache_on_demand = yes
  180. lmtp_connection_cache_time_limit = 2s
  181. lmtp_connection_reuse_count_limit = 0
  182. lmtp_connection_reuse_time_limit = 300s
  183. lmtp_data_done_timeout = 600s
  184. lmtp_data_init_timeout = 120s
  185. lmtp_data_xfer_timeout = 180s
  186. lmtp_defer_if_no_mx_address_found = no
  187. lmtp_delivery_slot_cost = $default_delivery_slot_cost
  188. lmtp_delivery_slot_discount = $default_delivery_slot_discount
  189. lmtp_delivery_slot_loan = $default_delivery_slot_loan
  190. lmtp_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
  191. lmtp_destination_concurrency_limit = $default_destination_concurrency_limit
  192. lmtp_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
  193. lmtp_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
  194. lmtp_destination_rate_delay = $default_destination_rate_delay
  195. lmtp_destination_recipient_limit = $default_destination_recipient_limit
  196. lmtp_discard_lhlo_keyword_address_maps =
  197. lmtp_discard_lhlo_keywords =
  198. lmtp_dns_resolver_options =
  199. lmtp_dns_support_level =
  200. lmtp_enforce_tls = no
  201. lmtp_extra_recipient_limit = $default_extra_recipient_limit
  202. lmtp_generic_maps =
  203. lmtp_header_checks =
  204. lmtp_host_lookup = dns
  205. lmtp_initial_destination_concurrency = $initial_destination_concurrency
  206. lmtp_lhlo_name = $myhostname
  207. lmtp_lhlo_timeout = 300s
  208. lmtp_line_length_limit = 998
  209. lmtp_mail_timeout = 300s
  210. lmtp_mime_header_checks =
  211. lmtp_minimum_delivery_slots = $default_minimum_delivery_slots
  212. lmtp_mx_address_limit = 5
  213. lmtp_mx_session_limit = 2
  214. lmtp_nested_header_checks =
  215. lmtp_per_record_deadline = no
  216. lmtp_pix_workaround_delay_time = 10s
  217. lmtp_pix_workaround_maps =
  218. lmtp_pix_workaround_threshold_time = 500s
  219. lmtp_pix_workarounds = disable_esmtp,delay_dotcrlf
  220. lmtp_quit_timeout = 300s
  221. lmtp_quote_rfc821_envelope = yes
  222. lmtp_randomize_addresses = yes
  223. lmtp_rcpt_timeout = 300s
  224. lmtp_recipient_limit = $default_recipient_limit
  225. lmtp_recipient_refill_delay = $default_recipient_refill_delay
  226. lmtp_recipient_refill_limit = $default_recipient_refill_limit
  227. lmtp_reply_filter =
  228. lmtp_rset_timeout = 20s
  229. lmtp_sasl_auth_cache_name =
  230. lmtp_sasl_auth_cache_time = 90d
  231. lmtp_sasl_auth_enable = no
  232. lmtp_sasl_auth_soft_bounce = yes
  233. lmtp_sasl_mechanism_filter =
  234. lmtp_sasl_password_maps =
  235. lmtp_sasl_path =
  236. lmtp_sasl_security_options = noplaintext, noanonymous
  237. lmtp_sasl_tls_security_options = $lmtp_sasl_security_options
  238. lmtp_sasl_tls_verified_security_options = $lmtp_sasl_tls_security_options
  239. lmtp_sasl_type = cyrus
  240. lmtp_send_dummy_mail_auth = no
  241. lmtp_send_xforward_command = no
  242. lmtp_sender_dependent_authentication = no
  243. lmtp_skip_5xx_greeting = yes
  244. lmtp_skip_quit_response = no
  245. lmtp_starttls_timeout = 300s
  246. lmtp_tcp_port = 24
  247. lmtp_tls_CAfile =
  248. lmtp_tls_CApath =
  249. lmtp_tls_block_early_mail_reply = no
  250. lmtp_tls_cert_file =
  251. lmtp_tls_ciphers = export
  252. lmtp_tls_dcert_file =
  253. lmtp_tls_dkey_file = $lmtp_tls_dcert_file
  254. lmtp_tls_eccert_file =
  255. lmtp_tls_eckey_file = $lmtp_tls_eccert_file
  256. lmtp_tls_enforce_peername = yes
  257. lmtp_tls_exclude_ciphers =
  258. lmtp_tls_fingerprint_cert_match =
  259. lmtp_tls_fingerprint_digest = md5
  260. lmtp_tls_force_insecure_host_tlsa_lookup = no
  261. lmtp_tls_key_file = $lmtp_tls_cert_file
  262. lmtp_tls_loglevel = 0
  263. lmtp_tls_mandatory_ciphers = medium
  264. lmtp_tls_mandatory_exclude_ciphers =
  265. lmtp_tls_mandatory_protocols = !SSLv2
  266. lmtp_tls_note_starttls_offer = no
  267. lmtp_tls_per_site =
  268. lmtp_tls_policy_maps =
  269. lmtp_tls_protocols = !SSLv2
  270. lmtp_tls_scert_verifydepth = 9
  271. lmtp_tls_secure_cert_match = nexthop
  272. lmtp_tls_security_level =
  273. lmtp_tls_session_cache_database =
  274. lmtp_tls_session_cache_timeout = 3600s
  275. lmtp_tls_trust_anchor_file =
  276. lmtp_tls_verify_cert_match = hostname
  277. lmtp_use_tls = no
  278. lmtp_xforward_timeout = 300s
  279. local_command_shell =
  280. local_delivery_slot_cost = $default_delivery_slot_cost
  281. local_delivery_slot_discount = $default_delivery_slot_discount
  282. local_delivery_slot_loan = $default_delivery_slot_loan
  283. local_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
  284. local_destination_concurrency_limit = 2
  285. local_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
  286. local_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
  287. local_destination_rate_delay = $default_destination_rate_delay
  288. local_destination_recipient_limit = 1
  289. local_extra_recipient_limit = $default_extra_recipient_limit
  290. local_header_rewrite_clients = permit_inet_interfaces
  291. local_initial_destination_concurrency = $initial_destination_concurrency
  292. local_minimum_delivery_slots = $default_minimum_delivery_slots
  293. local_recipient_limit = $default_recipient_limit
  294. local_recipient_maps = proxy:unix:passwd.byname $alias_maps
  295. local_recipient_refill_delay = $default_recipient_refill_delay
  296. local_recipient_refill_limit = $default_recipient_refill_limit
  297. local_transport = local:$myhostname
  298. luser_relay =
  299. mail_name = Postfix
  300. mail_owner = postfix
  301. mail_release_date = 20140507
  302. mail_version = 2.11.1
  303. mailbox_command =
  304. mailbox_command_maps =
  305. mailbox_delivery_lock = fcntl, dotlock
  306. mailbox_size_limit = 51200000
  307. mailbox_transport =
  308. mailbox_transport_maps =
  309. maps_rbl_domains =
  310. maps_rbl_reject_code = 554
  311. masquerade_classes = envelope_sender, header_sender, header_recipient
  312. masquerade_domains =
  313. masquerade_exceptions =
  314. master_service_disable =
  315. max_idle = 100s
  316. max_use = 100
  317. maximal_backoff_time = 4000s
  318. maximal_queue_lifetime = 5d
  319. message_reject_characters =
  320. message_size_limit = 10240000
  321. message_strip_characters =
  322. milter_command_timeout = 30s
  323. milter_connect_macros = j {daemon_name} v
  324. milter_connect_timeout = 30s
  325. milter_content_timeout = 300s
  326. milter_data_macros = i
  327. milter_default_action = tempfail
  328. milter_end_of_data_macros = i
  329. milter_end_of_header_macros = i
  330. milter_header_checks =
  331. milter_helo_macros = {tls_version} {cipher} {cipher_bits} {cert_subject} {cert_issuer}
  332. milter_macro_daemon_name = $myhostname
  333. milter_macro_v = $mail_name $mail_version
  334. milter_mail_macros = i {auth_type} {auth_authen} {auth_author} {mail_addr} {mail_host} {mail_mailer}
  335. milter_protocol = 6
  336. milter_rcpt_macros = i {rcpt_addr} {rcpt_host} {rcpt_mailer}
  337. milter_unknown_command_macros =
  338. mime_boundary_length_limit = 2048
  339. mime_header_checks = $header_checks
  340. mime_nesting_limit = 100
  341. minimal_backoff_time = 300s
  342. multi_instance_directories =
  343. multi_instance_enable = no
  344. multi_instance_group =
  345. multi_instance_name =
  346. multi_instance_wrapper =
  347. multi_recipient_bounce_reject_code = 550
  348. mydestination = $myhostname, localhost.$mydomain, localhost
  349. mynetworks_style = subnet
  350. myorigin = $myhostname
  351. nested_header_checks = $header_checks
  352. non_fqdn_reject_code = 504
  353. non_smtpd_milters =
  354. notify_classes = resource, software
  355. owner_request_special = yes
  356. parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,relay_domains,smtpd_access_maps
  357. permit_mx_backup_networks =
  358. pickup_service_name = pickup
  359. plaintext_reject_code = 450
  360. postmulti_control_commands = reload flush
  361. postmulti_start_commands = start
  362. postmulti_stop_commands = stop abort drain quick-stop
  363. postscreen_access_list = permit_mynetworks
  364. postscreen_bare_newline_action = ignore
  365. postscreen_bare_newline_enable = no
  366. postscreen_bare_newline_ttl = 30d
  367. postscreen_blacklist_action = ignore
  368. postscreen_cache_cleanup_interval = 12h
  369. postscreen_cache_map = btree:$data_directory/postscreen_cache
  370. postscreen_cache_retention_time = 7d
  371. postscreen_client_connection_count_limit = $smtpd_client_connection_count_limit
  372. postscreen_command_count_limit = 20
  373. postscreen_command_filter =
  374. postscreen_command_time_limit = ${stress?10}${stress:300}s
  375. postscreen_disable_vrfy_command = $disable_vrfy_command
  376. postscreen_discard_ehlo_keyword_address_maps = $smtpd_discard_ehlo_keyword_address_maps
  377. postscreen_discard_ehlo_keywords = $smtpd_discard_ehlo_keywords
  378. postscreen_dnsbl_action = ignore
  379. postscreen_dnsbl_reply_map =
  380. postscreen_dnsbl_sites =
  381. postscreen_dnsbl_threshold = 1
  382. postscreen_dnsbl_ttl = 1h
  383. postscreen_dnsbl_whitelist_threshold = 0
  384. postscreen_enforce_tls = $smtpd_enforce_tls
  385. postscreen_expansion_filter = $smtpd_expansion_filter
  386. postscreen_forbidden_commands = $smtpd_forbidden_commands
  387. postscreen_greet_action = ignore
  388. postscreen_greet_banner = $smtpd_banner
  389. postscreen_greet_ttl = 1d
  390. postscreen_greet_wait = ${stress?2}${stress:6}s
  391. postscreen_helo_required = $smtpd_helo_required
  392. postscreen_non_smtp_command_action = drop
  393. postscreen_non_smtp_command_enable = no
  394. postscreen_non_smtp_command_ttl = 30d
  395. postscreen_pipelining_action = enforce
  396. postscreen_pipelining_enable = no
  397. postscreen_pipelining_ttl = 30d
  398. postscreen_post_queue_limit = $default_process_limit
  399. postscreen_pre_queue_limit = $default_process_limit
  400. postscreen_reject_footer = $smtpd_reject_footer
  401. postscreen_tls_security_level = $smtpd_tls_security_level
  402. postscreen_upstream_proxy_protocol =
  403. postscreen_upstream_proxy_timeout = 5s
  404. postscreen_use_tls = $smtpd_use_tls
  405. postscreen_watchdog_timeout = 10s
  406. postscreen_whitelist_interfaces = static:all
  407. prepend_delivered_header = command, file, forward
  408. process_id = 6537
  409. process_id_directory = pid
  410. process_name = postconf
  411. propagate_unmatched_extensions = canonical, virtual
  412. proxy_interfaces =
  413. proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $sender_bcc_maps $recipient_bcc_maps $smtp_generic_maps $lmtp_generic_maps $alias_maps
  414. proxy_write_maps = $smtp_sasl_auth_cache_name $lmtp_sasl_auth_cache_name $address_verify_map $postscreen_cache_map
  415. proxymap_service_name = proxymap
  416. proxywrite_service_name = proxywrite
  417. qmgr_clog_warn_time = 300s
  418. qmgr_daemon_timeout = 1000s
  419. qmgr_fudge_factor = 100
  420. qmgr_ipc_timeout = 60s
  421. qmgr_message_active_limit = 20000
  422. qmgr_message_recipient_limit = 20000
  423. qmgr_message_recipient_minimum = 10
  424. qmqpd_authorized_clients =
  425. qmqpd_client_port_logging = no
  426. qmqpd_error_delay = 1s
  427. qmqpd_timeout = 300s
  428. queue_file_attribute_count_limit = 100
  429. queue_minfree = 0
  430. queue_run_delay = 300s
  431. queue_service_name = qmgr
  432. rbl_reply_maps =
  433. receive_override_options =
  434. recipient_bcc_maps =
  435. recipient_canonical_classes = envelope_recipient, header_recipient
  436. recipient_canonical_maps =
  437. recipient_delimiter =
  438. reject_code = 554
  439. reject_tempfail_action = defer_if_permit
  440. relay_clientcerts =
  441. relay_delivery_slot_cost = $default_delivery_slot_cost
  442. relay_delivery_slot_discount = $default_delivery_slot_discount
  443. relay_delivery_slot_loan = $default_delivery_slot_loan
  444. relay_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
  445. relay_destination_concurrency_limit = $default_destination_concurrency_limit
  446. relay_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
  447. relay_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
  448. relay_destination_rate_delay = $default_destination_rate_delay
  449. relay_destination_recipient_limit = $default_destination_recipient_limit
  450. relay_domains = $mydestination
  451. relay_domains_reject_code = 554
  452. relay_extra_recipient_limit = $default_extra_recipient_limit
  453. relay_initial_destination_concurrency = $initial_destination_concurrency
  454. relay_minimum_delivery_slots = $default_minimum_delivery_slots
  455. relay_recipient_limit = $default_recipient_limit
  456. relay_recipient_maps =
  457. relay_recipient_refill_delay = $default_recipient_refill_delay
  458. relay_recipient_refill_limit = $default_recipient_refill_limit
  459. relay_transport = relay
  460. relayhost =
  461. relocated_maps =
  462. remote_header_rewrite_domain =
  463. require_home_directory = no
  464. reset_owner_alias = no
  465. resolve_dequoted_address = yes
  466. resolve_null_domain = no
  467. resolve_numeric_domain = no
  468. retry_delivery_slot_cost = $default_delivery_slot_cost
  469. retry_delivery_slot_discount = $default_delivery_slot_discount
  470. retry_delivery_slot_loan = $default_delivery_slot_loan
  471. retry_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
  472. retry_destination_concurrency_limit = $default_destination_concurrency_limit
  473. retry_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
  474. retry_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
  475. retry_destination_rate_delay = $default_destination_rate_delay
  476. retry_destination_recipient_limit = $default_destination_recipient_limit
  477. retry_extra_recipient_limit = $default_extra_recipient_limit
  478. retry_initial_destination_concurrency = $initial_destination_concurrency
  479. retry_minimum_delivery_slots = $default_minimum_delivery_slots
  480. retry_recipient_limit = $default_recipient_limit
  481. retry_recipient_refill_delay = $default_recipient_refill_delay
  482. retry_recipient_refill_limit = $default_recipient_refill_limit
  483. rewrite_service_name = rewrite
  484. send_cyrus_sasl_authzid = no
  485. sender_bcc_maps =
  486. sender_canonical_classes = envelope_sender, header_sender
  487. sender_canonical_maps =
  488. sender_dependent_default_transport_maps =
  489. sender_dependent_relayhost_maps =
  490. sendmail_fix_line_endings = always
  491. service_throttle_time = 60s
  492. setgid_group = postdrop
  493. show_user_unknown_table_name = yes
  494. showq_service_name = showq
  495. smtp_address_preference = any
  496. smtp_always_send_ehlo = yes
  497. smtp_bind_address =
  498. smtp_bind_address6 =
  499. smtp_body_checks =
  500. smtp_cname_overrides_servername = no
  501. smtp_connect_timeout = 30s
  502. smtp_connection_cache_destinations =
  503. smtp_connection_cache_on_demand = yes
  504. smtp_connection_cache_time_limit = 2s
  505. smtp_connection_reuse_count_limit = 0
  506. smtp_connection_reuse_time_limit = 300s
  507. smtp_data_done_timeout = 600s
  508. smtp_data_init_timeout = 120s
  509. smtp_data_xfer_timeout = 180s
  510. smtp_defer_if_no_mx_address_found = no
  511. smtp_delivery_slot_cost = $default_delivery_slot_cost
  512. smtp_delivery_slot_discount = $default_delivery_slot_discount
  513. smtp_delivery_slot_loan = $default_delivery_slot_loan
  514. smtp_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
  515. smtp_destination_concurrency_limit = $default_destination_concurrency_limit
  516. smtp_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
  517. smtp_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
  518. smtp_destination_rate_delay = $default_destination_rate_delay
  519. smtp_destination_recipient_limit = $default_destination_recipient_limit
  520. smtp_discard_ehlo_keyword_address_maps =
  521. smtp_discard_ehlo_keywords =
  522. smtp_dns_resolver_options =
  523. smtp_dns_support_level =
  524. smtp_enforce_tls = no
  525. smtp_extra_recipient_limit = $default_extra_recipient_limit
  526. smtp_fallback_relay = $fallback_relay
  527. smtp_generic_maps =
  528. smtp_header_checks =
  529. smtp_helo_name = $myhostname
  530. smtp_helo_timeout = 300s
  531. smtp_host_lookup = dns
  532. smtp_initial_destination_concurrency = $initial_destination_concurrency
  533. smtp_line_length_limit = 998
  534. smtp_mail_timeout = 300s
  535. smtp_mime_header_checks =
  536. smtp_minimum_delivery_slots = $default_minimum_delivery_slots
  537. smtp_mx_address_limit = 5
  538. smtp_mx_session_limit = 2
  539. smtp_nested_header_checks =
  540. smtp_never_send_ehlo = no
  541. smtp_per_record_deadline = no
  542. smtp_pix_workaround_delay_time = 10s
  543. smtp_pix_workaround_maps =
  544. smtp_pix_workaround_threshold_time = 500s
  545. smtp_pix_workarounds = disable_esmtp,delay_dotcrlf
  546. smtp_quit_timeout = 300s
  547. smtp_quote_rfc821_envelope = yes
  548. smtp_randomize_addresses = yes
  549. smtp_rcpt_timeout = 300s
  550. smtp_recipient_limit = $default_recipient_limit
  551. smtp_recipient_refill_delay = $default_recipient_refill_delay
  552. smtp_recipient_refill_limit = $default_recipient_refill_limit
  553. smtp_reply_filter =
  554. smtp_rset_timeout = 20s
  555. smtp_sasl_auth_cache_name =
  556. smtp_sasl_auth_cache_time = 90d
  557. smtp_sasl_auth_enable = no
  558. smtp_sasl_auth_soft_bounce = yes
  559. smtp_sasl_mechanism_filter =
  560. smtp_sasl_password_maps =
  561. smtp_sasl_path =
  562. smtp_sasl_security_options = noplaintext, noanonymous
  563. smtp_sasl_tls_security_options = $smtp_sasl_security_options
  564. smtp_sasl_tls_verified_security_options = $smtp_sasl_tls_security_options
  565. smtp_sasl_type = cyrus
  566. smtp_send_dummy_mail_auth = no
  567. smtp_send_xforward_command = no
  568. smtp_sender_dependent_authentication = no
  569. smtp_skip_5xx_greeting = yes
  570. smtp_skip_quit_response = yes
  571. smtp_starttls_timeout = 300s
  572. smtp_tls_CAfile =
  573. smtp_tls_CApath =
  574. smtp_tls_block_early_mail_reply = no
  575. smtp_tls_cert_file =
  576. smtp_tls_ciphers = export
  577. smtp_tls_dcert_file =
  578. smtp_tls_dkey_file = $smtp_tls_dcert_file
  579. smtp_tls_eccert_file =
  580. smtp_tls_eckey_file = $smtp_tls_eccert_file
  581. smtp_tls_enforce_peername = yes
  582. smtp_tls_exclude_ciphers =
  583. smtp_tls_fingerprint_cert_match =
  584. smtp_tls_fingerprint_digest = md5
  585. smtp_tls_force_insecure_host_tlsa_lookup = no
  586. smtp_tls_key_file = $smtp_tls_cert_file
  587. smtp_tls_loglevel = 0
  588. smtp_tls_mandatory_ciphers = medium
  589. smtp_tls_mandatory_exclude_ciphers =
  590. smtp_tls_mandatory_protocols = !SSLv2
  591. smtp_tls_note_starttls_offer = no
  592. smtp_tls_per_site =
  593. smtp_tls_policy_maps =
  594. smtp_tls_protocols = !SSLv2
  595. smtp_tls_scert_verifydepth = 9
  596. smtp_tls_secure_cert_match = nexthop, dot-nexthop
  597. smtp_tls_security_level =
  598. smtp_tls_session_cache_database =
  599. smtp_tls_session_cache_timeout = 3600s
  600. smtp_tls_trust_anchor_file =
  601. smtp_tls_verify_cert_match = hostname
  602. smtp_use_tls = no
  603. smtp_xforward_timeout = 300s
  604. smtpd_authorized_verp_clients = $authorized_verp_clients
  605. smtpd_authorized_xclient_hosts =
  606. smtpd_authorized_xforward_hosts =
  607. smtpd_banner = $myhostname ESMTP $mail_name
  608. smtpd_client_connection_count_limit = 50
  609. smtpd_client_connection_rate_limit = 0
  610. smtpd_client_event_limit_exceptions = ${smtpd_client_connection_limit_exceptions:$mynetworks}
  611. smtpd_client_message_rate_limit = 0
  612. smtpd_client_new_tls_session_rate_limit = 0
  613. smtpd_client_port_logging = no
  614. smtpd_client_recipient_rate_limit = 0
  615. smtpd_client_restrictions =
  616. smtpd_command_filter =
  617. smtpd_data_restrictions =
  618. smtpd_delay_open_until_valid_rcpt = yes
  619. smtpd_delay_reject = yes
  620. smtpd_discard_ehlo_keyword_address_maps =
  621. smtpd_discard_ehlo_keywords =
  622. smtpd_end_of_data_restrictions =
  623. smtpd_enforce_tls = no
  624. smtpd_error_sleep_time = 1s
  625. smtpd_etrn_restrictions =
  626. smtpd_expansion_filter = \t\40!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~
  627. smtpd_forbidden_commands = CONNECT GET POST
  628. smtpd_hard_error_limit = ${stress?1}${stress:20}
  629. smtpd_helo_required = no
  630. smtpd_helo_restrictions =
  631. smtpd_history_flush_threshold = 100
  632. smtpd_junk_command_limit = ${stress?1}${stress:100}
  633. smtpd_log_access_permit_actions =
  634. smtpd_milters =
  635. smtpd_noop_commands =
  636. smtpd_null_access_lookup_key = <>
  637. smtpd_peername_lookup = yes
  638. smtpd_per_record_deadline = ${stress?yes}${stress:no}
  639. smtpd_policy_service_max_idle = 300s
  640. smtpd_policy_service_max_ttl = 1000s
  641. smtpd_policy_service_timeout = 100s
  642. smtpd_proxy_ehlo = $myhostname
  643. smtpd_proxy_filter =
  644. smtpd_proxy_options =
  645. smtpd_proxy_timeout = 100s
  646. smtpd_recipient_limit = 1000
  647. smtpd_recipient_overshoot_limit = 1000
  648. smtpd_recipient_restrictions =
  649. smtpd_reject_footer =
  650. smtpd_reject_unlisted_recipient = yes
  651. smtpd_reject_unlisted_sender = no
  652. smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination
  653. smtpd_restriction_classes =
  654. smtpd_sasl_auth_enable = no
  655. smtpd_sasl_authenticated_header = no
  656. smtpd_sasl_exceptions_networks =
  657. smtpd_sasl_local_domain =
  658. smtpd_sasl_path = smtpd
  659. smtpd_sasl_security_options = noanonymous
  660. smtpd_sasl_service = smtp
  661. smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
  662. smtpd_sasl_type = cyrus
  663. smtpd_sender_login_maps =
  664. smtpd_sender_restrictions =
  665. smtpd_service_name = smtpd
  666. smtpd_soft_error_limit = 10
  667. smtpd_starttls_timeout = ${stress?10}${stress:300}s
  668. smtpd_timeout = ${stress?10}${stress:300}s
  669. smtpd_tls_CAfile =
  670. smtpd_tls_CApath =
  671. smtpd_tls_always_issue_session_ids = yes
  672. smtpd_tls_ask_ccert = no
  673. smtpd_tls_auth_only = no
  674. smtpd_tls_ccert_verifydepth = 9
  675. smtpd_tls_cert_file =
  676. smtpd_tls_ciphers = export
  677. smtpd_tls_dcert_file =
  678. smtpd_tls_dh1024_param_file =
  679. smtpd_tls_dh512_param_file =
  680. smtpd_tls_dkey_file = $smtpd_tls_dcert_file
  681. smtpd_tls_eccert_file =
  682. smtpd_tls_eckey_file = $smtpd_tls_eccert_file
  683. smtpd_tls_eecdh_grade = strong
  684. smtpd_tls_exclude_ciphers =
  685. smtpd_tls_fingerprint_digest = md5
  686. smtpd_tls_key_file = $smtpd_tls_cert_file
  687. smtpd_tls_loglevel = 0
  688. smtpd_tls_mandatory_ciphers = medium
  689. smtpd_tls_mandatory_exclude_ciphers =
  690. smtpd_tls_mandatory_protocols = !SSLv2
  691. smtpd_tls_protocols =
  692. smtpd_tls_received_header = no
  693. smtpd_tls_req_ccert = no
  694. smtpd_tls_security_level =
  695. smtpd_tls_session_cache_database =
  696. smtpd_tls_session_cache_timeout = 3600s
  697. smtpd_tls_wrappermode = no
  698. smtpd_upstream_proxy_protocol =
  699. smtpd_upstream_proxy_timeout = 5s
  700. smtpd_use_tls = no
  701. soft_bounce = no
  702. stale_lock_time = 500s
  703. stress =
  704. strict_7bit_headers = no
  705. strict_8bitmime = no
  706. strict_8bitmime_body = no
  707. strict_mailbox_ownership = yes
  708. strict_mime_encoding_domain = no
  709. strict_rfc821_envelopes = no
  710. sun_mailtool_compatibility = no
  711. swap_bangpath = yes
  712. syslog_facility = mail
  713. syslog_name = ${multi_instance_name:postfix}${multi_instance_name?$multi_instance_name}
  714. tcp_windowsize = 0
  715. tls_append_default_CA = no
  716. tls_daemon_random_bytes = 32
  717. tls_dane_digest_agility = on
  718. tls_dane_digests = sha512 sha256
  719. tls_dane_trust_anchor_digest_enable = yes
  720. tls_disable_workarounds =
  721. tls_eecdh_strong_curve = prime256v1
  722. tls_eecdh_ultra_curve = secp384r1
  723. tls_export_cipherlist = ALL:+RC4:@STRENGTH
  724. tls_high_cipherlist = ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH
  725. tls_legacy_public_key_fingerprints = no
  726. tls_low_cipherlist = ALL:!EXPORT:+RC4:@STRENGTH
  727. tls_medium_cipherlist = ALL:!EXPORT:!LOW:+RC4:@STRENGTH
  728. tls_null_cipherlist = eNULL:!aNULL
  729. tls_preempt_cipherlist = no
  730. tls_random_bytes = 32
  731. tls_random_exchange_name = ${data_directory}/prng_exch
  732. tls_random_prng_update_period = 3600s
  733. tls_random_reseed_period = 3600s
  734. tls_random_source = dev:/dev/urandom
  735. tls_ssl_options =
  736. tls_wildcard_matches_multiple_labels = yes
  737. tlsmgr_service_name = tlsmgr
  738. tlsproxy_enforce_tls = $smtpd_enforce_tls
  739. tlsproxy_service_name = tlsproxy
  740. tlsproxy_tls_CAfile = $smtpd_tls_CAfile
  741. tlsproxy_tls_CApath = $smtpd_tls_CApath
  742. tlsproxy_tls_always_issue_session_ids = $smtpd_tls_always_issue_session_ids
  743. tlsproxy_tls_ask_ccert = $smtpd_tls_ask_ccert
  744. tlsproxy_tls_ccert_verifydepth = $smtpd_tls_ccert_verifydepth
  745. tlsproxy_tls_cert_file = $smtpd_tls_cert_file
  746. tlsproxy_tls_ciphers = $smtpd_tls_ciphers
  747. tlsproxy_tls_dcert_file = $smtpd_tls_dcert_file
  748. tlsproxy_tls_dh1024_param_file = $smtpd_tls_dh1024_param_file
  749. tlsproxy_tls_dh512_param_file = $smtpd_tls_dh512_param_file
  750. tlsproxy_tls_dkey_file = $smtpd_tls_dkey_file
  751. tlsproxy_tls_eccert_file = $smtpd_tls_eccert_file
  752. tlsproxy_tls_eckey_file = $smtpd_tls_eckey_file
  753. tlsproxy_tls_eecdh_grade = $smtpd_tls_eecdh_grade
  754. tlsproxy_tls_exclude_ciphers = $smtpd_tls_exclude_ciphers
  755. tlsproxy_tls_fingerprint_digest = $smtpd_tls_fingerprint_digest
  756. tlsproxy_tls_key_file = $smtpd_tls_key_file
  757. tlsproxy_tls_loglevel = $smtpd_tls_loglevel
  758. tlsproxy_tls_mandatory_ciphers = $smtpd_tls_mandatory_ciphers
  759. tlsproxy_tls_mandatory_exclude_ciphers = $smtpd_tls_mandatory_exclude_ciphers
  760. tlsproxy_tls_mandatory_protocols = $smtpd_tls_mandatory_protocols
  761. tlsproxy_tls_protocols = $smtpd_tls_protocols
  762. tlsproxy_tls_req_ccert = $smtpd_tls_req_ccert
  763. tlsproxy_tls_security_level = $smtpd_tls_security_level
  764. tlsproxy_use_tls = $smtpd_use_tls
  765. tlsproxy_watchdog_timeout = 10s
  766. trace_service_name = trace
  767. transport_maps =
  768. transport_retry_time = 60s
  769. trigger_timeout = 10s
  770. undisclosed_recipients_header =
  771. unknown_address_reject_code = 450
  772. unknown_address_tempfail_action = $reject_tempfail_action
  773. unknown_client_reject_code = 450
  774. unknown_helo_hostname_tempfail_action = $reject_tempfail_action
  775. unknown_hostname_reject_code = 450
  776. unknown_local_recipient_reject_code = 550
  777. unknown_relay_recipient_reject_code = 550
  778. unknown_virtual_alias_reject_code = 550
  779. unknown_virtual_mailbox_reject_code = 550
  780. unverified_recipient_defer_code = 450
  781. unverified_recipient_reject_code = 450
  782. unverified_recipient_reject_reason =
  783. unverified_recipient_tempfail_action = $reject_tempfail_action
  784. unverified_sender_defer_code = 450
  785. unverified_sender_reject_code = 450
  786. unverified_sender_reject_reason =
  787. unverified_sender_tempfail_action = $reject_tempfail_action
  788. verp_delimiter_filter = -=+
  789. virtual_alias_domains = $virtual_alias_maps
  790. virtual_alias_expansion_limit = 1000
  791. virtual_alias_maps = $virtual_maps
  792. virtual_alias_recursion_limit = 1000
  793. virtual_delivery_slot_cost = $default_delivery_slot_cost
  794. virtual_delivery_slot_discount = $default_delivery_slot_discount
  795. virtual_delivery_slot_loan = $default_delivery_slot_loan
  796. virtual_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
  797. virtual_destination_concurrency_limit = $default_destination_concurrency_limit
  798. virtual_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
  799. virtual_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
  800. virtual_destination_rate_delay = $default_destination_rate_delay
  801. virtual_destination_recipient_limit = $default_destination_recipient_limit
  802. virtual_extra_recipient_limit = $default_extra_recipient_limit
  803. virtual_gid_maps =
  804. virtual_initial_destination_concurrency = $initial_destination_concurrency
  805. virtual_mailbox_base =
  806. virtual_mailbox_domains = $virtual_mailbox_maps
  807. virtual_mailbox_limit = 51200000
  808. virtual_mailbox_lock = fcntl, dotlock
  809. virtual_mailbox_maps =
  810. virtual_minimum_delivery_slots = $default_minimum_delivery_slots
  811. virtual_minimum_uid = 100
  812. virtual_recipient_limit = $default_recipient_limit
  813. virtual_recipient_refill_delay = $default_recipient_refill_delay
  814. virtual_recipient_refill_limit = $default_recipient_refill_limit
  815. virtual_transport = virtual
  816. virtual_uid_maps =