smtp - Postfix remote delivery via SMTP
smtp [generic Postfix daemon options]
The SMTP client processes message delivery requests from the queue manager. Each request
specifies a queue file, a sender address, a domain or host to deliver to, and recipient
information. This program expects to be run from the master(8) process manager.
The SMTP client updates the queue file and marks recipients as finished, or it informs the
queue manager that delivery should be tried again at a later time. Delivery problem
reports are sent to the bounce(8) or defer(8) daemon as appropriate.
The SMTP client looks up a list of mail exchanger addresses for the destination host,
sorts the list by preference, and connects to each listed address until it finds a server
When the domain or host is specified as a comma/whitespace separated list, the SMTP client
repeats the above process for all destinations until it finds a server that responds.
Once the SMTP client has received the server greeting banner, no error will cause it to
proceed to the next address on the mail exchanger list. Instead, the message is either
bounced, or its delivery is deferred until later.
The SMTP client is moderately security-sensitive. It talks to SMTP servers and to DNS
servers on the network. The SMTP client can be run chrooted at fixed low privilege.
RFC 821 (SMTP protocol)
RFC 1651 (SMTP service extensions)
RFC 1870 (Message Size Declaration)
RFC 2197 (Pipelining)
RFC 2554 (AUTH command)
RFC 2821 (SMTP protocol)
Problems and transactions are logged to syslogd(8). Corrupted message files are marked so
that the queue manager can move them to the corrupt queue for further inspection.
Depending on the setting of the notify_classes parameter, the postmaster is notified of
bounces, protocol problems, and of other trouble.
The following main.cf parameters are especially relevant to this program. See the Postfix
main.cf file for syntax details and for default values. Use the postfix reload command
after a configuration change.
Name of the delivery transport to use when the local machine is the most-preferred
mail exchanger (by default, a mailer loop is reported, and the message is bounced).
Verbose logging level increment for hosts that match a pattern in the
List of domain or network patterns. When a remote host matches a pattern, increase
the verbose logging level by the amount specified in the debug_peer_level parame-
Disable DNS lookups. This means that mail must be forwarded via a smart relay host.
Recipient of protocol/policy/resource/software error notices.
Hosts to hand off mail to if a message destination is not found or if a destination
When a name server fails to respond to an MX query, search for an A record instead
deferring mail delivery.
The network interface addresses that this mail system receives mail on. When any of
those addresses appears in the list of mail exchangers for a remote destination,
the list is truncated to avoid mail delivery loops.
When this parameter includes the protocol class, send mail to the postmaster with
transcripts of SMTP sessions with protocol errors.
Always send EHLO at the start of a connection.
Never send EHLO at the start of a connection.
Numerical source network address to bind to when making a connection.
Length limit for SMTP message content lines. Zero means no limit. Some SMTP
servers misbehave on long lines.
Skip servers that greet us with a 4xx status code.
Skip servers that greet us with a 5xx status code.
Do not wait for the server response after sending QUIT.
The time to pause before sending .<CR><LF>, while working around the CISCO PIX
firewall <CR><LF>.<CR><LF> bug.
The time a message must be queued before the CISCO PIX firewall <CR><LF>.<CR><LF>
bug workaround is turned on.
Enable per-session authentication as per RFC 2554 (SASL). By default, Postfix is
built without SASL support.
Lookup tables with per-host or domain name:password entries. No entry for a host
means no attempt to authenticate.
Zero or more of the following.
Disallow authentication methods that use plaintext passwords.
Disallow authentication methods that are vulnerable to non-dictionary active
Disallow authentication methods that are vulnerable to passive dictionary
Disallow anonymous logins.
Limit the number of parallel deliveries to the same destination. The default limit
is taken from the default_destination_concurrency_limit parameter.
Limit the number of recipients per message delivery. The default limit is taken
from the default_destination_recipient_limit parameter.
The default time unit is seconds; an explicit time unit can be specified by appending a
one-letter suffix to the value: s (seconds), m (minutes), h (hours), d (days) or w
Timeout for completing a TCP connection. When no connection can be made within the
deadline, the SMTP client tries the next address on the mail exchanger list.
Timeout for receiving the SMTP greeting banner. When the server drops the connec-
tion without sending a greeting banner, or when it sends no greeting banner within
the deadline, the SMTP client tries the next address on the mail exchanger list.
Timeout for sending the HELO command, and for receiving the server response.
Timeout for sending the MAIL FROM command, and for receiving the server response.
Timeout for sending the RCPT TO command, and for receiving the server response.
Timeout for sending the DATA command, and for receiving the server response.
Timeout for sending the message content.
Timeout for sending the "." command, and for receiving the server response. When no
response is received, a warning is logged that the mail may be delivered multiple
Timeout for sending the QUIT command, and for receiving the server response.
bounce(8) non-delivery status reports
master(8) process manager
qmgr(8) queue manager
syslogd(8) system logging
The Secure Mailer license must be distributed with this software.
IBM T.J. Watson Research
P.O. Box 704
Yorktown Heights, NY 10598, USA