This file is indexed.

/usr/share/doc/postfix/html/postscreen.8.html is in postfix-doc 2.9.6-2.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
        "http://www.w3.org/TR/html4/loose.dtd">
<html> <head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<title> Postfix manual - postscreen(8) </title>
</head> <body> <pre>
POSTSCREEN(8)                                                    POSTSCREEN(8)

<b>NAME</b>
       postscreen - Postfix zombie blocker

<b>SYNOPSIS</b>
       <b>postscreen</b> [generic Postfix daemon options]

<b>DESCRIPTION</b>
       The Postfix <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server performs triage on multi-
       ple inbound SMTP connections at the  same  time.  While  a
       single  <a href="postscreen.8.html"><b>postscreen</b>(8)</a>  process  keeps  spambots  away from
       Postfix SMTP server processes, more  Postfix  SMTP  server
       processes remain available for legitimate clients.

       This program should not be used on SMTP ports that receive
       mail from end-user clients (MUAs). In  a  typical  deploy-
       ment,  <a href="postscreen.8.html"><b>postscreen</b>(8)</a>  is  used  on  the "port 25" service,
       while MUA clients submit mail via the <b>submission</b>  service,
       or  via  a  "port  25"  server that provides no MX service
       (i.e.  a dedicated server that provides <b>submission</b> service
       on port 25).

       <a href="postscreen.8.html"><b>postscreen</b>(8)</a>  maintains a temporary whitelist for clients
       that have passed a number of tests.  When an  SMTP  client
       IP  address  is  whitelisted,  <a href="postscreen.8.html"><b>postscreen</b>(8)</a> hands off the
       connection immediately to a Postfix SMTP  server  process.
       This minimizes the overhead for legitimate mail.

       By  default,  <a href="postscreen.8.html"><b>postscreen</b>(8)</a>  logs statistics and hands off
       every connection to a Postfix SMTP server  process,  while
       excluding clients in <a href="postconf.5.html#mynetworks">mynetworks</a> from all tests (primarily,
       to avoid problems with non-standard  SMTP  implementations
       in  network  appliances).   This  mode  is useful for non-
       destructive testing.

       In a typical production setting, <a href="postscreen.8.html"><b>postscreen</b>(8)</a> is  config-
       ured  to  reject  mail  from clients that fail one or more
       tests. <a href="postscreen.8.html"><b>postscreen</b>(8)</a> logs rejected mail  with  the  client
       address, helo, sender and recipient information.

       <a href="postscreen.8.html"><b>postscreen</b>(8)</a>  is  not an SMTP proxy; this is intentional.
       The purpose is to keep spambots  away  from  Postfix  SMTP
       server processes, while minimizing overhead for legitimate
       traffic.

<b>SECURITY</b>
       The <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server is moderately security-sensitive.
       It  talks to untrusted clients on the network. The process
       can be run chrooted at fixed low privilege.

<b>STANDARDS</b>
       <a href="http://tools.ietf.org/html/rfc821">RFC 821</a> (SMTP protocol)
       <a href="http://tools.ietf.org/html/rfc1123">RFC 1123</a> (Host requirements)
       <a href="http://tools.ietf.org/html/rfc1652">RFC 1652</a> (8bit-MIME transport)
       <a href="http://tools.ietf.org/html/rfc1869">RFC 1869</a> (SMTP service extensions)
       <a href="http://tools.ietf.org/html/rfc1870">RFC 1870</a> (Message Size Declaration)
       <a href="http://tools.ietf.org/html/rfc1985">RFC 1985</a> (ETRN command)
       <a href="http://tools.ietf.org/html/rfc2034">RFC 2034</a> (SMTP Enhanced Status Codes)
       <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a> (SMTP protocol)
       Not: <a href="http://tools.ietf.org/html/rfc2920">RFC 2920</a> (SMTP Pipelining)
       <a href="http://tools.ietf.org/html/rfc3207">RFC 3207</a> (STARTTLS command)
       <a href="http://tools.ietf.org/html/rfc3461">RFC 3461</a> (SMTP DSN Extension)
       <a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced Status Codes)
       <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a> (SMTP protocol, including multi-line 220 banners)

<b>DIAGNOSTICS</b>
       Problems and transactions are logged to <b>syslogd</b>(8).

<b>BUGS</b>
       The <a href="postscreen.8.html"><b>postscreen</b>(8)</a> built-in SMTP protocol engine  currently
       does  not  announce support for AUTH, XCLIENT or XFORWARD.
       Support for AUTH may be added in the future.  In the  mean
       time, if you need to make these services available on port
       25, then do not enable  the  optional  "after  220  server
       greeting" tests, and do not use DNSBLs that reject traffic
       from dial-up and residential networks.

       The optional "after 220  server  greeting"  tests  involve
       <a href="postscreen.8.html"><b>postscreen</b>(8)</a>'s  built-in SMTP protocol engine. When these
       tests succeed, <a href="postscreen.8.html"><b>postscreen</b>(8)</a> adds the client to the tempo-
       rary  whitelist but it cannot not hand off the "live" con-
       nection to a Postfix SMTP server process in the middle  of
       a  session.   Instead,  <a href="postscreen.8.html"><b>postscreen</b>(8)</a>  defers  attempts to
       deliver mail with a 4XX status, and waits for  the  client
       to  disconnect.   The next time a good client connects, it
       will be allowed to talk to a Postfix SMTP  server  process
       to  deliver  mail.  <a href="postscreen.8.html"><b>postscreen</b>(8)</a>  mitigates the impact of
       this limitation by giving such  tests  a  long  expiration
       time.

<b>CONFIGURATION PARAMETERS</b>
       Changes  to  <a href="postconf.5.html">main.cf</a>  are  not picked up automatically, as
       <a href="postscreen.8.html"><b>postscreen</b>(8)</a> processes may run for  several  hours.   Use
       the command "postfix reload" after a configuration change.

       The text below provides  only  a  parameter  summary.  See
       <a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including examples.

       NOTE:  Some  <a href="postscreen.8.html"><b>postscreen</b>(8)</a>  parameters  implement  stress-
       dependent behavior.   This  is  supported  only  when  the
       default  parameter  value is stress-dependent (that is, it
       looks like ${stress?X}${stress:Y}, or it is the  $<i>name</i>  of
       an  smtpd  parameter  with  a  stress-dependent  default).
       Other parameters always evaluate as if the <b>stress</b>  parame-
       ter value is the empty string.

<b>COMPATIBILITY CONTROLS</b>
       <b><a href="postconf.5.html#postscreen_command_filter">postscreen_command_filter</a> ($<a href="postconf.5.html#smtpd_command_filter">smtpd_command_filter</a>)</b>
              A  mechanism to transform commands from remote SMTP
              clients.

       <b><a href="postconf.5.html#postscreen_discard_ehlo_keyword_address_maps">postscreen_discard_ehlo_keyword_address_maps</a>  ($<a href="postconf.5.html#smtpd_discard_ehlo_keyword_address_maps">smtpd_dis</a>-</b>
       <b><a href="postconf.5.html#smtpd_discard_ehlo_keyword_address_maps">card_ehlo_keyword_address_maps</a>)</b>
              Lookup tables, indexed by the  remote  SMTP  client
              address,  with  case insensitive lists of EHLO key-
              words (pipelining, starttls, auth, etc.)  that  the
              <a href="postscreen.8.html"><b>postscreen</b>(8)</a>  server  will  not  send  in the EHLO
              response to a remote SMTP client.

       <b><a href="postconf.5.html#postscreen_discard_ehlo_keywords">postscreen_discard_ehlo_keywords</a> ($<a href="postconf.5.html#smtpd_discard_ehlo_keywords">smtpd_discard_ehlo_key</a>-</b>
       <b><a href="postconf.5.html#smtpd_discard_ehlo_keywords">words</a>)</b>
              A case insensitive list of EHLO keywords  (pipelin-
              ing,  starttls,  auth, etc.) that the <a href="postscreen.8.html"><b>postscreen</b>(8)</a>
              server will not send in  the  EHLO  response  to  a
              remote SMTP client.

<b>TROUBLE SHOOTING CONTROLS</b>
       <b><a href="postconf.5.html#postscreen_expansion_filter">postscreen_expansion_filter</a> (see 'postconf -d' output)</b>
              List   of   characters   that   are   permitted  in
              <a href="postconf.5.html#postscreen_reject_footer">postscreen_reject_footer</a> attribute expansions.

       <b><a href="postconf.5.html#postscreen_reject_footer">postscreen_reject_footer</a> ($<a href="postconf.5.html#smtpd_reject_footer">smtpd_reject_footer</a>)</b>
              Optional information that is appended after  a  4XX
              or 5XX <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server response.

       <b><a href="postconf.5.html#soft_bounce">soft_bounce</a> (no)</b>
              Safety net to keep mail queued that would otherwise
              be returned to the sender.

<b>PERMANENT WHITE/BLACKLIST TEST</b>
       This test is executed  immediately  after  a  remote  SMTP
       client  connects.  If a client is permanently whitelisted,
       the client will be handed off  immediately  to  a  Postfix
       SMTP server process.

       <b><a href="postconf.5.html#postscreen_access_list">postscreen_access_list</a> (<a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>)</b>
              Permanent white/blacklist for remote SMTP client IP
              addresses.

       <b><a href="postconf.5.html#postscreen_blacklist_action">postscreen_blacklist_action</a> (ignore)</b>
              The action that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when  a  remote
              SMTP  client  is  permanently  blacklisted with the
              <a href="postconf.5.html#postscreen_access_list">postscreen_access_list</a> parameter.

<b>MAIL EXCHANGER POLICY TESTS</b>
       When a remote SMTP client is not on the  permanent  access
       list,  <a href="postscreen.8.html"><b>postscreen</b>(8)</a>  can  implement a number of whitelist
       tests before it grants the client  a  temporary  whitelist
       status to talk to a Postfix SMTP server process.

       By  listening  on  both  primary  and backup MX addresses,
       <a href="postscreen.8.html"><b>postscreen</b>(8)</a> can deny the temporary whitelist  status  to
       clients that connect only to backup MX hosts.

       <b><a href="postconf.5.html#postscreen_whitelist_interfaces">postscreen_whitelist_interfaces</a> (<a href="DATABASE_README.html#types">static</a>:all)</b>
              A  list  of local <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server IP addresses
              where a  non-whitelisted  remote  SMTP  client  can
              obtain  <a href="postscreen.8.html"><b>postscreen</b>(8)</a>'s temporary whitelist status.

<b>BEFORE-GREETING TESTS</b>
       These tests are executed before  the  remote  SMTP  client
       receives the "220 servername" greeting. If no tests remain
       after the successful completion of this phase, the  client
       will  be  handed  off immediately to a Postfix SMTP server
       process.

       <b><a href="postconf.5.html#dnsblog_service_name">dnsblog_service_name</a> (dnsblog)</b>
              The name of the <a href="dnsblog.8.html"><b>dnsblog</b>(8)</a> service  entry  in  mas-
              ter.cf.

       <b><a href="postconf.5.html#postscreen_dnsbl_action">postscreen_dnsbl_action</a> (ignore)</b>
              The  action  that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when a remote
              SMTP client's combined DNSBL score is equal  to  or
              greater  than  a  threshold  (as  defined  with the
              <a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> and <a href="postconf.5.html#postscreen_dnsbl_threshold">postscreen_dnsbl_thresh</a>-
              <a href="postconf.5.html#postscreen_dnsbl_threshold">old</a> parameters).

       <b><a href="postconf.5.html#postscreen_dnsbl_reply_map">postscreen_dnsbl_reply_map</a> (empty)</b>
              A  mapping  from  actual  DNSBL  domain  name which
              includes a secret password,  to  the  DNSBL  domain
              name  that  postscreen  will  reply  with  when  it
              rejects mail.

       <b><a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> (empty)</b>
              Optional list of DNS white/blacklist domains,  fil-
              ters and weight factors.

       <b><a href="postconf.5.html#postscreen_dnsbl_threshold">postscreen_dnsbl_threshold</a> (1)</b>
              The  inclusive  lower  bound  for blocking a remote
              SMTP client, based on its combined DNSBL  score  as
              defined  with the <a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> parameter.

       <b><a href="postconf.5.html#postscreen_greet_action">postscreen_greet_action</a> (ignore)</b>
              The action that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when  a  remote
              SMTP  client speaks before its turn within the time
              specified with the <a href="postconf.5.html#postscreen_greet_wait">postscreen_greet_wait</a> parameter.

       <b><a href="postconf.5.html#postscreen_greet_banner">postscreen_greet_banner</a> ($<a href="postconf.5.html#smtpd_banner">smtpd_banner</a>)</b>
              The  <i>text</i>  in  the  optional  "220-<i>text</i>..."  server
              response that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> sends ahead of the real
              Postfix SMTP server's "220 text..." response, in an
              attempt to confuse bad SMTP clients  so  that  they
              speak before their turn (pre-greet).

       <b><a href="postconf.5.html#postscreen_greet_wait">postscreen_greet_wait</a> (${stress?2}${stress:6}s)</b>
              The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will wait for
              an SMTP client to send a command before  its  turn,
              and  for  DNS  blocklist  lookup  results to arrive
              (default: up to 2 seconds under  stress,  up  to  6
              seconds otherwise).

       <b><a href="postconf.5.html#smtpd_service_name">smtpd_service_name</a> (smtpd)</b>
              The  internal  service that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> hands off
              allowed connections to.

<b>AFTER-GREETING TESTS</b>
       These tests are executed  after  the  remote  SMTP  client
       receives the "220 servername" greeting. If a client passes
       all tests  during  this  phase,  it  will  receive  a  4XX
       response  to  RCPT  TO commands until the client hangs up.
       After this, the client will be allowed to talk directly to
       a Postfix SMTP server process.

       <b><a href="postconf.5.html#postscreen_bare_newline_action">postscreen_bare_newline_action</a> (ignore)</b>
              The  action  that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when a remote
              SMTP client sends a bare  newline  character,  that
              is, a newline not preceded by carriage return.

       <b><a href="postconf.5.html#postscreen_bare_newline_enable">postscreen_bare_newline_enable</a> (no)</b>
              Enable  "bare  newline"  SMTP protocol tests in the
              <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server.

       <b><a href="postconf.5.html#postscreen_disable_vrfy_command">postscreen_disable_vrfy_command</a> ($<a href="postconf.5.html#disable_vrfy_command">disable_vrfy_command</a>)</b>
              Disable the SMTP VRFY command in the  <a href="postscreen.8.html"><b>postscreen</b>(8)</a>
              daemon.

       <b><a href="postconf.5.html#postscreen_forbidden_commands">postscreen_forbidden_commands</a> ($<a href="postconf.5.html#smtpd_forbidden_commands">smtpd_forbidden_commands</a>)</b>
              List of commands that the <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server con-
              siders in violation of the SMTP protocol.

       <b><a href="postconf.5.html#postscreen_helo_required">postscreen_helo_required</a> ($<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a>)</b>
              Require that a remote SMTP  client  sends  HELO  or
              EHLO before commencing a MAIL transaction.

       <b><a href="postconf.5.html#postscreen_non_smtp_command_action">postscreen_non_smtp_command_action</a> (drop)</b>
              The  action  that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when a remote
              SMTP client sends non-SMTP  commands  as  specified
              with the <a href="postconf.5.html#postscreen_forbidden_commands">postscreen_forbidden_commands</a> parameter.

       <b><a href="postconf.5.html#postscreen_non_smtp_command_enable">postscreen_non_smtp_command_enable</a> (no)</b>
              Enable    "non-SMTP    command"    tests   in   the
              <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server.

       <b><a href="postconf.5.html#postscreen_pipelining_action">postscreen_pipelining_action</a> (enforce)</b>
              The action that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when  a  remote
              SMTP  client  sends  multiple  commands  instead of
              sending one command and waiting for the  server  to
              respond.

       <b><a href="postconf.5.html#postscreen_pipelining_enable">postscreen_pipelining_enable</a> (no)</b>
              Enable  "pipelining"  SMTP  protocol  tests  in the
              <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server.

<b>CACHE CONTROLS</b>
       <b><a href="postconf.5.html#postscreen_cache_cleanup_interval">postscreen_cache_cleanup_interval</a> (12h)</b>
              The amount  of  time  between  <a href="postscreen.8.html"><b>postscreen</b>(8)</a>  cache
              cleanup runs.

       <b><a href="postconf.5.html#postscreen_cache_map">postscreen_cache_map</a>                   (btree:$data_direc-</b>
       <b>tory/postscreen_cache)</b>
              Persistent  storage  for  the  <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server
              decisions.

       <b><a href="postconf.5.html#postscreen_cache_retention_time">postscreen_cache_retention_time</a> (7d)</b>
              The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will cache an
              expired  temporary  whitelist  entry  before  it is
              removed.

       <b><a href="postconf.5.html#postscreen_bare_newline_ttl">postscreen_bare_newline_ttl</a> (30d)</b>
              The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use  the
              result from a successful "bare newline" SMTP proto-
              col test.

       <b><a href="postconf.5.html#postscreen_dnsbl_ttl">postscreen_dnsbl_ttl</a> (1h)</b>
              The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use  the
              result from a successful DNS blocklist test.

       <b><a href="postconf.5.html#postscreen_greet_ttl">postscreen_greet_ttl</a> (1d)</b>
              The  amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use the
              result from a successful PREGREET test.

       <b><a href="postconf.5.html#postscreen_non_smtp_command_ttl">postscreen_non_smtp_command_ttl</a> (30d)</b>
              The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use  the
              result  from  a  successful "non_smtp_command" SMTP
              protocol test.

       <b><a href="postconf.5.html#postscreen_pipelining_ttl">postscreen_pipelining_ttl</a> (30d)</b>
              The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use  the
              result from a successful "pipelining" SMTP protocol
              test.

<b>RESOURCE CONTROLS</b>
       <b><a href="postconf.5.html#line_length_limit">line_length_limit</a> (2048)</b>
              Upon input, long lines are chopped up  into  pieces
              of  at  most this length; upon delivery, long lines
              are reconstructed.

       <b><a href="postconf.5.html#postscreen_client_connection_count_limit">postscreen_client_connection_count_limit</a></b>
       <b>($<a href="postconf.5.html#smtpd_client_connection_count_limit">smtpd_client_connection_count_limit</a>)</b>
              How many simultaneous connections any  remote  SMTP
              client  is  allowed  to have with the <a href="postscreen.8.html"><b>postscreen</b>(8)</a>
              daemon.

       <b><a href="postconf.5.html#postscreen_command_count_limit">postscreen_command_count_limit</a> (20)</b>
              The limit on the total number of commands per  SMTP
              session  for <a href="postscreen.8.html"><b>postscreen</b>(8)</a>'s built-in SMTP protocol
              engine.

       <b><a href="postconf.5.html#postscreen_command_time_limit">postscreen_command_time_limit</a> (${stress?10}${stress:300}s)</b>
              The time limit to read an entire command line  with
              <a href="postscreen.8.html"><b>postscreen</b>(8)</a>'s built-in SMTP protocol engine.

       <b><a href="postconf.5.html#postscreen_post_queue_limit">postscreen_post_queue_limit</a> ($<a href="postconf.5.html#default_process_limit">default_process_limit</a>)</b>
              The  number of clients that can be waiting for ser-
              vice from a real Postfix SMTP server process.

       <b><a href="postconf.5.html#postscreen_pre_queue_limit">postscreen_pre_queue_limit</a> ($<a href="postconf.5.html#default_process_limit">default_process_limit</a>)</b>
              The number of non-whitelisted clients that  can  be
              waiting  for  a  decision whether they will receive
              service from a real Postfix SMTP server process.

       <b><a href="postconf.5.html#postscreen_watchdog_timeout">postscreen_watchdog_timeout</a> (10s)</b>
              How much time a <a href="postscreen.8.html"><b>postscreen</b>(8)</a> process may  take  to
              respond  to a remote SMTP client command or to per-
              form a cache operation before it is terminated by a
              built-in watchdog timer.

<b>STARTTLS CONTROLS</b>
       <b><a href="postconf.5.html#postscreen_tls_security_level">postscreen_tls_security_level</a> ($<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a>)</b>
              The  SMTP  TLS security level for the <a href="postscreen.8.html"><b>postscreen</b>(8)</a>
              server; when a non-empty value is  specified,  this
              overrides       the       obsolete       parameters
              <a href="postconf.5.html#postscreen_use_tls">postscreen_use_tls</a> and <a href="postconf.5.html#postscreen_enforce_tls">postscreen_enforce_tls</a>.

       <b><a href="postconf.5.html#tlsproxy_service_name">tlsproxy_service_name</a> (tlsproxy)</b>
              The name of the <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> service entry  in  mas-
              ter.cf.

<b>OBSOLETE STARTTLS SUPPORT CONTROLS</b>
       These  parameters  are  supported  for  compatibility with
       <a href="smtpd.8.html"><b>smtpd</b>(8)</a> legacy parameters.

       <b><a href="postconf.5.html#postscreen_use_tls">postscreen_use_tls</a> ($<a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a>)</b>
              Opportunistic TLS:  announce  STARTTLS  support  to
              remote  SMTP  clients,  but  do  not  require  that
              clients use TLS encryption.

       <b><a href="postconf.5.html#postscreen_enforce_tls">postscreen_enforce_tls</a> ($<a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a>)</b>
              Mandatory TLS: announce STARTTLS support to  remote
              SMTP  clients,  and  require  that  clients use TLS
              encryption.

<b>MISCELLANEOUS CONTROLS</b>
       <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
              The default location of  the  Postfix  <a href="postconf.5.html">main.cf</a>  and
              <a href="master.5.html">master.cf</a> configuration files.

       <b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
              The  maximal  number  of  digits  after the decimal
              point when logging sub-second delay values.

       <b><a href="postconf.5.html#command_directory">command_directory</a> (see 'postconf -d' output)</b>
              The location of  all  postfix  administrative  com-
              mands.

       <b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
              The  maximum  amount  of  time that an idle Postfix
              daemon process waits  for  an  incoming  connection
              before terminating voluntarily.

       <b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
              The  process  ID  of  a  Postfix  command or daemon
              process.

       <b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
              The process name of a  Postfix  command  or  daemon
              process.

       <b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
              The syslog facility of Postfix logging.

       <b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
              The  mail  system  name  that  is  prepended to the
              process name in syslog  records,  so  that  "smtpd"
              becomes, for example, "postfix/smtpd".

<b>SEE ALSO</b>
       <a href="smtpd.8.html">smtpd(8)</a>, Postfix SMTP server
       <a href="tlsproxy.8.html">tlsproxy(8)</a>, Postfix TLS proxy server
       <a href="dnsblog.8.html">dnsblog(8)</a>, DNS black/whitelist logger
       syslogd(8), system logging

<b>README FILES</b>
       <a href="POSTSCREEN_README.html">POSTSCREEN_README</a>, Postfix Postscreen Howto

<b>LICENSE</b>
       The Secure Mailer license must be  distributed  with  this
       software.

<b>HISTORY</b>
       This service was introduced with Postfix version 2.8.

       Many  ideas in <a href="postscreen.8.html"><b>postscreen</b>(8)</a> were explored in earlier work
       by Michael Tokarev, in OpenBSD spamd, and in  MailChannels
       Traffic Control.

<b>AUTHOR(S)</b>
       Wietse Venema
       IBM T.J. Watson Research
       P.O. Box 704
       Yorktown Heights, NY 10598, USA

                                                                 POSTSCREEN(8)
</pre> </body> </html>