# # Postfix master process configuration file. Each logical line # describes how a Postfix daemon program should be run. # # A logical line starts with non-whitespace, non-comment text. # Empty lines and whitespace-only lines are ignored, as are comment # lines whose first non-whitespace character is a `#'. # A line that starts with whitespace continues a logical line. # # The fields that make up each line are described below. A "-" field # value requests that a default value be used for that field. # # Service: any name that is valid for the specified transport type # (the next field). With INET transports, a service is specified as # host:port. The host part (and colon) may be omitted. Either host # or port may be given in symbolic form or in numeric form. Examples # for the SMTP server: localhost:smtp receives mail via the loopback # interface only; 10025 receives mail on port 10025. # # Transport type: "inet" for Internet sockets, "unix" for UNIX-domain # sockets, "fifo" for named pipes. # # Private: whether or not access is restricted to the mail system. # Default is private service. Internet (inet) sockets can't be private. # # Unprivileged: whether the service runs with root privileges or as # the owner of the Postfix system (the owner name is controlled by the # mail_owner configuration variable in the main.cf file). Only the # pipe, virtual and local delivery daemons require privileges. # # Chroot: whether or not the service runs chrooted to the mail queue # directory (pathname is controlled by the queue_directory configuration # variable in the main.cf file). Presently, all Postfix daemons can run # chrooted, except for the pipe, virtual and local delivery daemons. # The proxymap server can run chrooted, but doing so defeats most of # the purpose of having that service in the first place. # The files in the examples/chroot-setup subdirectory describe how # to set up a Postfix chroot environment for your type of machine. # # Wakeup time: automatically wake up the named service after the # specified number of seconds. A ? at the end of the wakeup time # field requests that wake up events be sent only to services that # are actually being used. Specify 0 for no wakeup. Presently, only # the pickup, queue manager and flush daemons need a wakeup timer. # # Max procs: the maximum number of processes that may execute this # service simultaneously. Default is to use a globally configurable # limit (the default_process_limit configuration parameter in main.cf). # Specify 0 for no process count limit. # # Command + args: the command to be executed. The command name is # relative to the Postfix program directory (pathname is controlled by # the daemon_directory configuration variable). Adding one or more # -v options turns on verbose logging for that service; adding a -D # option enables symbolic debugging (see the debugger_command variable # in the main.cf configuration file). See individual command man pages # for specific command-line options, if any. # # In order to use the "uucp" message tranport below, set up entries # in the transport table. # # In order to use the "cyrus" message transport below, configure it # in main.cf as the mailbox_transport. # # SPECIFY ONLY PROGRAMS THAT ARE WRITTEN TO RUN AS POSTFIX DAEMONS. # ALL DAEMONS SPECIFIED HERE MUST SPEAK A POSTFIX-INTERNAL PROTOCOL. # # DO NOT SHARE THE POSTFIX QUEUE BETWEEN MULTIPLE POSTFIX INSTANCES. # # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # ========================================================================== [% IF ! pmg.mail.before_queue_filtering -%] scan unix - - n - [% pmg.mail.max_filters %] lmtp -o lmtp_send_xforward_command=yes -o lmtp_connection_cache_on_demand=no -o disable_dns_lookups=yes [% END -%] [% pmg.mail.int_port %] inet n - - - [% pmg.mail.max_smtpd_out %] smtpd [% IF pmg.mail.before_queue_filtering -%] -o smtpd_proxy_filter=127.0.0.1:10023 -o smtpd_proxy_options=speed_adjust -o smtpd_client_connection_count_limit=[% pmg.mail.conn_count_limit div 5 %] [%- ELSE -%] -o content_filter=scan:127.0.0.1:10023 [%- END %] -o smtpd_recipient_restrictions=permit_mynetworks,reject_unauth_destination -o smtpd_helo_restrictions= -o smtpd_client_restrictions= -o smtpd_sender_restrictions= -o smtpd_milters={{ pmg_smtpd_milters_int | join(',') }} [% pmg.mail.ext_port %] inet n - - - 1 postscreen smtpd pass - - - - [% pmg.mail.max_smtpd_in %] smtpd [% IF pmg.mail.before_queue_filtering -%] -o smtpd_proxy_filter=127.0.0.1:10024 -o smtpd_proxy_options=speed_adjust -o smtpd_client_connection_count_limit=[% pmg.mail.conn_count_limit div 5 %] [%- ELSE -%] -o content_filter=scan:127.0.0.1:10024 [%- END %] -o receive_override_options=no_address_mappings -o smtpd_discard_ehlo_keywords=silent-discard,dsn -o mynetworks=127.0.0.0/8,[% postfix.int_ip %] 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks -o smtpd_helo_restrictions= -o smtpd_client_restrictions= -o smtpd_restriction_classes= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o smtpd_tls_security_level=none -o smtpd_authorized_xforward_hosts=127.0.0.0/8 -o message_size_limit=[% (pmg.mail.maxsize*2) %] pickup fifo n - - 60 1 pickup cleanup unix n - - - 0 cleanup -o message_size_limit=[% (pmg.mail.maxsize*2) %] qmgr fifo n - - 300 1 qmgr rewrite unix - - - - - trivial-rewrite bounce unix - - - - 0 bounce defer unix - - - - 0 bounce flush unix n - - 1000? 0 flush proxymap unix - - n - - proxymap smtp unix - - - - - smtp relay unix - - - - - smtp showq unix n - - - - showq error unix - - - - - error local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp verify unix - - - - 1 verify trace unix - - n - 0 bounce tlsmgr unix - - - 1000? 1 tlsmgr anvil unix - - - - 1 anvil scache unix - - - - 1 scache discard unix - - - - - discard retry unix - - - - - error dnsblog unix - - - - 0 dnsblog tlsproxy unix - - - - 0 tlsproxy