読者です 読者をやめる 読者になる 読者になる

Postfixのパラメータ

Postfix

Postfix をちゃんと調べたのは「Postfix辞典」を執筆した頃なので、2.2 が主流で 2.3 が出たばっかりの頃でした。もう6年くらい前のことです。

Postfix 辞典 (DESKTOP REFERENCE)

Postfix 辞典 (DESKTOP REFERENCE)

最近はあまりちゃんと調べずに使うだけになってたのですが、Postfix 2.9.0 が出たのをきっかけに久しぶりにパラメータの追加/削除/変更について調べてみました。

2.2 では 411個だったパラメータが 2.9 ではなんと 700個に!
増えているとは思ってましたが、こんなに増えていたとは…。

最新バージョンで「Postfix辞典」のような内容のドキュメントをまた書いてみたいです。書籍はむずかしいだろう(多分売れないので)から、ブログで細々とでも。

Postfix 2.0.20

パラメータ数 276

Postfix 2.1.6

パラメータ数 333

追加パラメータ
address_verify_default_transport
address_verify_local_transport
address_verify_map
address_verify_negative_cache
address_verify_negative_expire_time
address_verify_negative_refresh_time
address_verify_poll_count
address_verify_poll_delay
address_verify_positive_expire_time
address_verify_positive_refresh_time
address_verify_relay_transport
address_verify_relayhost
address_verify_sender
address_verify_service_name
address_verify_transport_maps
address_verify_virtual_transport
application_event_drain_time
backwards_bounce_logfile_compatibility
bounce_queue_lifetime
enable_errors_to
enable_original_recipient
html_directory
ipc_ttl
lmtp_send_xforward_command
lmtp_xforward_timeout
multi_recipient_bounce_reject_code
receive_override_options
recipient_bcc_maps
resolve_null_domain
sender_based_routing
sender_bcc_maps
smtp_defer_if_no_mx_address_found
smtp_host_lookup
smtp_mx_address_limit
smtp_mx_session_limit
smtp_quote_rfc821_envelope
smtp_rset_timeout
smtp_send_xforward_command
smtp_xforward_timeout
smtpd_authorized_xclient_hosts
smtpd_authorized_xforward_hosts
smtpd_client_connection_count_limit
smtpd_client_connection_limit_exceptions
smtpd_client_connection_rate_limit
smtpd_policy_service_max_idle
smtpd_policy_service_max_ttl
smtpd_policy_service_timeout
smtpd_proxy_ehlo
smtpd_proxy_filter
smtpd_proxy_timeout
smtpd_recipient_overshoot_limit
smtpd_reject_unlisted_recipient
smtpd_reject_unlisted_sender
smtpd_sasl_application_name
smtpd_sasl_exceptions_networks
trace_service_name
unverified_recipient_reject_code
unverified_sender_reject_code
virtual_alias_expansion_limit
virtual_alias_recursion_limit
デフォルト値変更
hash_queue_names   "incoming,active,deferred,bounce,defer,flush,hold" → "incoming, active, deferred, bounce, defer, flush, hold, trace"
lmtp_rset_timeout  300s → 120s
mydestination      "$myhostname, localhost.$mydomain" → "$myhostname, localhost.$mydomain, localhost"
パラメータ名変更
authorized_verp_clients → smtpd_authorized_verp_clients
削除パラメータ
extract_recipient_limit
program_directory
smtp_skip_4xx_greeting

Postfix 2.2.12

パラメータ数 411

追加パラメータ
anvil_rate_time_unit
anvil_status_update_time
authorized_flush_users
authorized_mailq_users
authorized_submit_users
canonical_classes
command_execution_directory
connection_cache_service
connection_cache_status_update_time
connection_cache_ttl_limit
execution_directory_expansion_filter
inet_protocols
local_header_rewrite_clients
recipient_canonical_classes
relay_clientcerts
remote_header_rewrite_domain
sender_canonical_classes
smtp_bind_address6
smtp_cname_overrides_servername
smtp_connection_cache_destinations
smtp_connection_cache_on_demand
smtp_connection_cache_reuse_limit
smtp_connection_cache_time_limit
smtp_discard_ehlo_keyword_address_maps
smtp_discard_ehlo_keywords
smtp_enforce_tls
smtp_generic_maps
smtp_sasl_mechanism_filter
smtp_sasl_tls_security_options
smtp_starttls_timeout
smtp_tls_CAfile
smtp_tls_CApath
smtp_tls_cert_file
smtp_tls_cipherlist
smtp_tls_dcert_file
smtp_tls_dkey_file
smtp_tls_enforce_peername
smtp_tls_key_file
smtp_tls_loglevel
smtp_tls_note_starttls_offer
smtp_tls_per_site
smtp_tls_scert_verifydepth
smtp_tls_session_cache_database
smtp_tls_session_cache_timeout
smtp_use_tls
smtpd_client_message_rate_limit
smtpd_client_recipient_rate_limit
smtpd_discard_ehlo_keyword_address_maps
smtpd_discard_ehlo_keywords
smtpd_end_of_data_restrictions
smtpd_enforce_tls
smtpd_forbidden_commands
smtpd_sasl_tls_security_options
smtpd_starttls_timeout
smtpd_tls_CAfile
smtpd_tls_CApath
smtpd_tls_ask_ccert
smtpd_tls_auth_only
smtpd_tls_ccert_verifydepth
smtpd_tls_cert_file
smtpd_tls_cipherlist
smtpd_tls_dcert_file
smtpd_tls_dh1024_param_file
smtpd_tls_dh512_param_file
smtpd_tls_dkey_file
smtpd_tls_key_file
smtpd_tls_loglevel
smtpd_tls_received_header
smtpd_tls_req_ccert
smtpd_tls_session_cache_database
smtpd_tls_session_cache_timeout
smtpd_tls_wrappermode
smtpd_use_tls
tls_daemon_random_bytes
tls_random_bytes
tls_random_exchange_name
tls_random_prng_update_period
tls_random_reseed_period
tls_random_source
デフォルト値変更
hash_queue_names    "incoming, active, deferred, bounce, defer, flush, hold, trace" → "deferred, defer"
lmtp_rset_timeout   120s → 20s
smtp_rset_timeout   120s → 20s
パラメータ名変更
smtpd_client_connection_limit_exceptions → smtpd_client_event_limit_exceptions
削除パラメータ
enable_errors_to

Postfix 2.3.19

パラメータ数 514

追加パラメータ
address_verify_sender_dependent_relayhost_maps
bounce_template_file
connection_cache_protocol_timeout
delay_logging_resolution_limit
fallback_transport_maps
frozen_delivered_to
internal_mail_filter_classes
lmtp_bind_address
lmtp_bind_address6
lmtp_cname_overrides_servername
lmtp_connection_cache_destinations
lmtp_connection_cache_on_demand
lmtp_connection_cache_time_limit
lmtp_connection_reuse_time_limit
lmtp_defer_if_no_mx_address_found
lmtp_discard_lhlo_keyword_address_maps
lmtp_discard_lhlo_keywords
lmtp_enforce_tls
lmtp_generic_maps
lmtp_host_lookup
lmtp_lhlo_name
lmtp_line_length_limit
lmtp_mx_address_limit
lmtp_mx_session_limit
lmtp_pix_workaround_delay_time
lmtp_pix_workaround_threshold_time
lmtp_quote_rfc821_envelope
lmtp_randomize_addresses
lmtp_sasl_mechanism_filter
lmtp_sasl_path
lmtp_sasl_tls_security_options
lmtp_sasl_tls_verified_security_options
lmtp_sasl_type
lmtp_sender_dependent_authentication
lmtp_skip_5xx_greeting
lmtp_starttls_timeout
lmtp_tls_CAfile
lmtp_tls_CApath
lmtp_tls_cert_file
lmtp_tls_dcert_file
lmtp_tls_dkey_file
lmtp_tls_enforce_peername
lmtp_tls_exclude_ciphers
lmtp_tls_key_file
lmtp_tls_loglevel
lmtp_tls_mandatory_ciphers
lmtp_tls_mandatory_exclude_ciphers
lmtp_tls_mandatory_protocols
lmtp_tls_note_starttls_offer
lmtp_tls_per_site
lmtp_tls_policy_maps
lmtp_tls_scert_verifydepth
lmtp_tls_secure_cert_match
lmtp_tls_security_level
lmtp_tls_session_cache_database
lmtp_tls_session_cache_timeout
lmtp_tls_verify_cert_match
lmtp_use_tls
mailbox_transport_maps
message_reject_characters
message_strip_characters
milter_command_timeout
milter_connect_macros
milter_connect_timeout
milter_content_timeout
milter_data_macros
milter_default_action
milter_end_of_data_macros
milter_helo_macros
milter_macro_daemon_name
milter_macro_v
milter_mail_macros
milter_protocol
milter_rcpt_macros
milter_unknown_command_macros
non_smtpd_milters
plaintext_reject_code
resolve_numeric_domain
sender_dependent_relayhost_maps
smtp_fallback_relay
smtp_sasl_path
smtp_sasl_tls_verified_security_options
smtp_sasl_type
smtp_sender_dependent_authentication
smtp_tls_exclude_ciphers
smtp_tls_mandatory_ciphers
smtp_tls_mandatory_exclude_ciphers
smtp_tls_mandatory_protocols
smtp_tls_policy_maps
smtp_tls_secure_cert_match
smtp_tls_security_level
smtp_tls_verify_cert_match
smtpd_client_new_tls_session_rate_limit
smtpd_delay_open_until_valid_rcpt
smtpd_milters
smtpd_peername_lookup
smtpd_sasl_authenticated_header
smtpd_sasl_type
smtpd_tls_always_issue_session_ids
smtpd_tls_exclude_ciphers
smtpd_tls_mandatory_ciphers
smtpd_tls_mandatory_exclude_ciphers
smtpd_tls_mandatory_protocols
smtpd_tls_security_level
tls_export_cipherlist
tls_high_cipherlist
tls_low_cipherlist
tls_medium_cipherlist
tls_null_cipherlist
デフォルト値変更
export_environment                 "TZ MAIL_CONFIG" → "TZ MAIL_CONFIG LANG"
import_environment                 "LANG=C" 追加
proxy_read_maps                    "$sender_bcc_maps $recipient_bcc_maps $smtp_generic_maps $lmtp_generic_maps" 追加
smtp_cname_overrides_servername    yes → no
smtp_mx_address_limit              0 → 5
smtp_sasl_tls_security_options     "noplaintext, noanonymous" → "$smtp_sasl_security_options"
パラメータ名変更
connection_cache_service          → connection_cache_service_name
smtp_connection_cache_reuse_limit → smtp_connection_reuse_time_limit
smtpd_sasl_application_name       → smtpd_sasl_path
削除パラメータ
fallback_relay
lmtp_cache_connection
lmtp_skip_quit_response
sender_based_routing
smtp_tls_cipherlist
smtpd_tls_cipherlist

Postfix2.4.16

パラメータ数 522

追加パラメータ
default_recipient_refill_delay
default_recipient_refill_limit
lmtp_pix_workaround_maps
lmtp_pix_workarounds
send_cyrus_sasl_authzid
smtp_pix_workaround_maps
smtp_pix_workarounds
tls_append_default_CA
デフォルト値変更
daemon_directory          /usr/libexec/postfix → 環境によっては /usr/lib/postfix
default_recipient_limit   10000 → 20000
ipc_idle                  100s → 5s
mailbox_delivery_lock     "flock" → "flock, dotlock" / "fcntl" → "fcntl, dotlock"
manpage_directory         /usr/local/man → 環境によっては /usr/share/man
minimal_backoff_time      1000s → 300s
queue_run_delay           1000s → 300s
readme_directory          no → 環境によっては /usr/share/doc/postfix
sample_directory          /etc/postfix → 環境によっては /usr/share/doc/postfix/examples
tls_null_cipherlist       !aNULL:eNULL+kRSA → eNULL:!aNULL
virtual_mailbox_lock      "fcntl" → "fcntl, dotlock"
制約変更
undisclosed_recipients_header   0文字以上 → 1文字以上

Postfix 2.5.16

パラメータ数 556

追加パラメータ
cyrus_sasl_config_path
data_directory
default_destination_concurrency_failed_cohort_limit
default_destination_concurrency_negative_feedback
default_destination_concurrency_positive_feedback
default_destination_rate_delay
destination_concurrency_feedback_debug
detect_8bit_encoding_header
empty_address_relayhost_maps_lookup_key
lmtp_body_checks
lmtp_header_checks
lmtp_mime_header_checks
lmtp_nested_header_checks
lmtp_sasl_auth_cache_name
lmtp_sasl_auth_cache_time
lmtp_sasl_auth_soft_bounce
lmtp_tls_fingerprint_cert_match
lmtp_tls_fingerprint_digest
milter_end_of_header_macros
proxy_write_maps
qmqpd_client_port_logging
smtp_body_checks
smtp_header_checks
smtp_mime_header_checks
smtp_nested_header_checks
smtp_sasl_auth_cache_name
smtp_sasl_auth_cache_time
smtp_sasl_auth_soft_bounce
smtp_tls_fingerprint_cert_match
smtp_tls_fingerprint_digest
smtpd_client_port_logging
smtpd_tls_fingerprint_digest
stress
strict_mailbox_ownership
デフォルト値変更
address_verify_sender           postmaster → $double_bounce_sender
lmtp_tls_scert_verifydepth      5 → 9
smtp_tls_scert_verifydepth      5 → 9
smtpd_tls_ccert_verifydepth     5 → 9
tls_random_exchange_name        ${config_directory}/prng_exch → ${data_directory}/prng_exch

Postfix 2.6.13

パラメータ数 596

追加パラメータ
access_map_defer_code
always_add_missing_headers
lmtp_assume_final
lmtp_skip_quit_response
lmtp_tls_ciphers
lmtp_tls_eccert_file
lmtp_tls_eckey_file
lmtp_tls_protocols
master_service_disable
multi_instance_directories
multi_instance_enable
multi_instance_group
multi_instance_name
multi_instance_wrapper
postmulti_control_commands
postmulti_start_commands
postmulti_stop_commands
proxymap_service_name
proxywrite_service_name
reject_tempfail_action
smtp_tls_ciphers
smtp_tls_eccert_file
smtp_tls_eckey_file
smtp_tls_protocols
smtpd_tls_ciphers
smtpd_tls_eccert_file
smtpd_tls_eckey_file
smtpd_tls_eecdh_grade
smtpd_tls_protocols
tcp_windowsize
tls_eecdh_strong_curve
tls_eecdh_ultra_curve
unknown_address_tempfail_action
unknown_helo_hostname_tempfail_action
unverified_recipient_defer_code
unverified_recipient_reject_reason
unverified_recipient_tempfail_action
unverified_sender_defer_code
unverified_sender_reject_reason
unverified_sender_tempfail_action
デフォルト値変更
address_verify_poll_count       3 → ${stress?1}${stress:3}
milter_mail_macros              "i {auth_type} {auth_authen} {auth_author} {mail_addr}" → "i {auth_type} {auth_authen} {auth_author} {mail_addr} {mail_host} {mail_mailer}"
milter_protocol                 2 → 6
milter_rcpt_macros              "i {rcpt_addr}" → "i {rcpt_addr} {rcpt_host} {rcpt_mailer}"
smtpd_hard_error_limit          20 → ${stress?1}${stress:20}
smtpd_junk_command_limit        100 → ${stress?1}${stress:100}
smtpd_timeout                   300s → ${stress?10}${stress:300}s
syslog_name                     postfix → 環境によっては "${multi_instance_name:postfix}${multi_instance_name?$multi_instance_name}"
tls_export_cipherlist           "ALL:+RC4:@STRENGTH" → "PREFER_aNULLALL:+RC4:@STRENGTH"
tls_high_cipherlist             "ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH" → "PREFER_aNULLALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH"
tls_low_cipherlist              "ALL:!EXPORT:+RC4:@STRENGTH" → "PREFER_aNULLALL:!EXPORT:+RC4:@STRENGTH"
tls_medium_cipherlist           "ALL:!EXPORT:!LOW:+RC4:@STRENGTH" → "PREFER_aNULLALL:!EXPORT:!LOW:+RC4:@STRENGTH"
tls_random_source               環境によっては "dev:/dev/arandom"
制約変更
unverified_recipient_reject_code    0以上 → 200以上599以下
unverified_sender_reject_code       0以上 → 200以上599以下

Postfix 2.7.7

パラメータ数 608

追加パラメータ
address_verify_cache_cleanup_interval
address_verify_sender_dependent_default_transport_maps
default_filter_nexthop
empty_address_default_transport_maps_lookup_key
lmtp_reply_filter
lmtp_tls_block_early_mail_reply
milter_header_checks
sender_dependent_default_transport_maps
smtp_reply_filter
smtp_tls_block_early_mail_reply
smtpd_command_filter
smtpd_proxy_options
デフォルト値変更
address_verify_map      "" → "btree:$data_directory/verify_cache"

Postfix 2.8.8

パラメータ数 690

追加パラメータ
dnsblog_reply_delay
dnsblog_service_name
lmtp_address_preference
lmtp_dns_resolver_options
postscreen_access_list
postscreen_bare_newline_action
postscreen_bare_newline_enable
postscreen_bare_newline_ttl
postscreen_blacklist_action
postscreen_cache_cleanup_interval
postscreen_cache_map
postscreen_cache_retention_time
postscreen_client_connection_count_limit
postscreen_command_count_limit
postscreen_command_filter
postscreen_command_time_limit
postscreen_disable_vrfy_command
postscreen_discard_ehlo_keyword_address_maps
postscreen_discard_ehlo_keywords
postscreen_dnsbl_action
postscreen_dnsbl_reply_map
postscreen_dnsbl_sites
postscreen_dnsbl_threshold
postscreen_dnsbl_ttl
postscreen_enforce_tls
postscreen_expansion_filter
postscreen_forbidden_commands
postscreen_greet_action
postscreen_greet_banner
postscreen_greet_ttl
postscreen_greet_wait
postscreen_helo_required
postscreen_non_smtp_command_action
postscreen_non_smtp_command_enable
postscreen_non_smtp_command_ttl
postscreen_pipelining_action
postscreen_pipelining_enable
postscreen_pipelining_ttl
postscreen_post_queue_limit
postscreen_pre_queue_limit
postscreen_reject_footer
postscreen_tls_security_level
postscreen_use_tls
postscreen_watchdog_timeout
qmgr_daemon_timeout
qmgr_ipc_timeout
reset_owner_alias
smtp_address_preference
smtp_dns_resolver_options
smtpd_reject_footer
smtpd_service_name
tls_disable_workarounds
tls_preempt_cipherlist
tlsproxy_enforce_tls
tlsproxy_service_name
tlsproxy_tls_CAfile
tlsproxy_tls_CApath
tlsproxy_tls_always_issue_session_ids
tlsproxy_tls_ask_ccert
tlsproxy_tls_ccert_verifydepth
tlsproxy_tls_cert_file
tlsproxy_tls_ciphers
tlsproxy_tls_dcert_file
tlsproxy_tls_dh1024_param_file
tlsproxy_tls_dh512_param_file
tlsproxy_tls_dkey_file
tlsproxy_tls_eccert_file
tlsproxy_tls_eckey_file
tlsproxy_tls_eecdh_grade
tlsproxy_tls_exclude_ciphers
tlsproxy_tls_fingerprint_digest
tlsproxy_tls_key_file
tlsproxy_tls_loglevel
tlsproxy_tls_mandatory_ciphers
tlsproxy_tls_mandatory_exclude_ciphers
tlsproxy_tls_mandatory_protocols
tlsproxy_tls_protocols
tlsproxy_tls_req_ccert
tlsproxy_tls_security_level
tlsproxy_tls_session_cache_timeout
tlsproxy_use_tls
tlsproxy_watchdog_timeout
デフォルト値変更
smtpd_starttls_timeout          300s → ${stress?10}${stress:300}s
smtpd_tls_eecdh_grade           環境によっては none → strong
undisclosed_recipients_header   "To: undisclosed-recipients:;" → ""

Postfix 2.9.0

パラメータ数 700

追加パラメータ
address_verify_sender_ttl
daemon_table_open_error_is_fatal
enable_long_queue_ids
lmtp_per_record_deadline
lmtp_send_dummy_mail_auth
postscreen_whitelist_interfaces
sendmail_fix_line_endings
smtp_per_record_deadline
smtp_send_dummy_mail_auth
smtpd_per_record_deadline
デフォルト値変更
inet_protocols             ipv4 → 環境によって all or ipv4
lmtp_address_preference    環境によって ipv6 or ipv4 → 環境によって any or ipv4
lmtp_line_length_limit     990 → 998
proxy_read_maps            "$alias_maps" 追加
proxy_write_maps           "$address_verify_map $postscreen_cache_map" 追加
smtp_address_preference    環境によって ipv6 or ipv4 → 環境によって any or ipv4
smtp_line_length_limit     990 → 998
制約変更
inet_interfaces                     1文字以上 → 0文字以上
mailbox_size_limit                  最大 2GB → 最大 8EB
message_size_limit                  最大 2GB → 最大 8EB
postscreen_cache_cleanup_interval   1以上 → 0 以上
virtual_mailbox_limit               最大 2GB → 最大 8EB

パラメータ調査

今回パラメータを調査するために作ったスクリプトは https://gist.github.com/7f850b0052c23bbc4c5d に置いておきました。