From c2f7ea22037f7336fbb3e46706062876bd0fddf5 Mon Sep 17 00:00:00 2001 From: PIVODEVAT Date: Thu, 25 Sep 2025 03:48:00 +0300 Subject: [PATCH] main.cf add opendkim support --- access | 94 +++++++++++++++++--------------- access.sample | 94 +++++++++++++++++--------------- aliases | 124 +++++++++++++++++++++++-------------------- aliases.sample | 124 +++++++++++++++++++++++-------------------- header_checks | 95 +++++++++++++++++---------------- header_checks.sample | 95 +++++++++++++++++---------------- main.cf | 6 +++ main.cf.default | 18 +++++-- main.cf.sample | 6 +-- master.cf.sample | 6 ++- virtual | 40 +++++++------- virtual.sample | 40 +++++++------- 12 files changed, 406 insertions(+), 336 deletions(-) diff --git a/access b/access index 5e3de53..984b180 100644 --- a/access +++ b/access @@ -349,95 +349,101 @@ # recipient(s). When multiple REDIRECT actions fire, # only the last one takes effect. # -# Note: this action overrides the FILTER action, and -# currently overrides all recipients of the message. +# Note 1: this action overrides the FILTER action, +# and currently overrides all recipients of the mes- +# sage. +# +# Note 2: a REDIRECT address is subject to canonical- +# ization (add missing domain) but NOT subject to +# canonical, masquerade, bcc, or virtual alias map- +# ping. # # This feature is available in Postfix 2.1 and later. # # INFO optional text... # Log an informational record with the optional text, -# together with client information and if available, -# with helo, sender, recipient and protocol informa- +# together with client information and if available, +# with helo, sender, recipient and protocol informa- # tion. # # This feature is available in Postfix 3.0 and later. # # WARN optional text... # Log a warning with the optional text, together with -# client information and if available, with helo, +# client information and if available, with helo, # sender, recipient and protocol information. # # This feature is available in Postfix 2.1 and later. # # ENHANCED STATUS CODES -# Postfix version 2.3 and later support enhanced status -# codes as defined in RFC 3463. When an enhanced status -# code is specified in an access table, it is subject to -# modification. The following transformations are needed -# when the same access table is used for client, helo, -# sender, or recipient access restrictions; they happen +# Postfix version 2.3 and later support enhanced status +# codes as defined in RFC 3463. When an enhanced status +# code is specified in an access table, it is subject to +# modification. The following transformations are needed +# when the same access table is used for client, helo, +# sender, or recipient access restrictions; they happen # regardless of whether Postfix replies to a MAIL FROM, RCPT # TO or other SMTP command. # -# o When a sender address matches a REJECT action, the -# Postfix SMTP server will transform a recipient DSN -# status (e.g., 4.1.1-4.1.6) into the corresponding +# o When a sender address matches a REJECT action, the +# Postfix SMTP server will transform a recipient DSN +# status (e.g., 4.1.1-4.1.6) into the corresponding # sender DSN status, and vice versa. # -# o When non-address information matches a REJECT -# action (such as the HELO command argument or the -# client hostname/address), the Postfix SMTP server -# will transform a sender or recipient DSN status -# into a generic non-address DSN status (e.g., +# o When non-address information matches a REJECT +# action (such as the HELO command argument or the +# client hostname/address), the Postfix SMTP server +# will transform a sender or recipient DSN status +# into a generic non-address DSN status (e.g., # 4.0.0). # # REGULAR EXPRESSION TABLES -# This section describes how the table lookups change when +# This section describes how the table lookups change when # the table is given in the form of regular expressions. For -# a description of regular expression lookup table syntax, +# a description of regular expression lookup table syntax, # see regexp_table(5) or pcre_table(5). # -# Each pattern is a regular expression that is applied to +# Each pattern is a regular expression that is applied to # the entire string being looked up. Depending on the appli- -# cation, that string is an entire client hostname, an +# cation, that string is an entire client hostname, an # entire client IP address, or an entire mail address. Thus, # no parent domain or parent network search is done, -# user@domain mail addresses are not broken up into their +# user@domain mail addresses are not broken up into their # user@ and domain constituent parts, nor is user+foo broken # up into user and foo. # -# Patterns are applied in the order as specified in the ta- -# ble, until a pattern is found that matches the search +# Patterns are applied in the order as specified in the ta- +# ble, until a pattern is found that matches the search # string. # -# Actions are the same as with indexed file lookups, with -# the additional feature that parenthesized substrings from +# Actions are the same as with indexed file lookups, with +# the additional feature that parenthesized substrings from # the pattern can be interpolated as $1, $2 and so on. # # TCP-BASED TABLES -# This section describes how the table lookups change when +# This section describes how the table lookups change when # lookups are directed to a TCP-based server. For a descrip- # tion of the TCP client/server lookup protocol, see tcp_ta- # ble(5). This feature is not available up to and including # Postfix version 2.4. # -# Each lookup operation uses the entire query string once. -# Depending on the application, that string is an entire +# Each lookup operation uses the entire query string once. +# Depending on the application, that string is an entire # client hostname, an entire client IP address, or an entire -# mail address. Thus, no parent domain or parent network -# search is done, user@domain mail addresses are not broken -# up into their user@ and domain constituent parts, nor is +# mail address. Thus, no parent domain or parent network +# search is done, user@domain mail addresses are not broken +# up into their user@ and domain constituent parts, nor is # user+foo broken up into user and foo. # # Actions are the same as with indexed file lookups. # # EXAMPLE -# The following example uses an indexed file, so that the -# order of table entries does not matter. The example per- -# mits access by the client at address 1.2.3.4 but rejects -# all other clients in 1.2.3.0/24. Instead of hash lookup -# tables, some systems use dbm. Use the command "postconf -# -m" to find out what lookup tables Postfix supports on +# The following example uses an indexed file, so that the +# order of table entries does not matter. The example per- +# mits access by the client at address 1.2.3.4 but rejects +# all other clients in 1.2.3.0/24. Instead of hash lookup +# tables, some systems use dbm. Use the command "postconf +# -m" to find out what lookup tables Postfix supports on # your system. # # /usr/local/etc/postfix/main.cf: @@ -448,11 +454,11 @@ # 1.2.3 REJECT # 1.2.3.4 OK # -# Execute the command "postmap /usr/local/etc/postfix/access" after +# Execute the command "postmap /usr/local/etc/postfix/access" after # editing the file. # # BUGS -# The table format does not understand quoting conventions. +# The table format does not understand quoting conventions. # # SEE ALSO # postmap(1), Postfix lookup table manager @@ -461,13 +467,13 @@ # transport(5), transport:nexthop syntax # # README FILES -# Use "postconf readme_directory" or "postconf html_direc- +# Use "postconf readme_directory" or "postconf html_direc- # tory" to locate this information. # SMTPD_ACCESS_README, built-in SMTP server access control # DATABASE_README, Postfix lookup table overview # # LICENSE -# The Secure Mailer license must be distributed with this +# The Secure Mailer license must be distributed with this # software. # # AUTHOR(S) diff --git a/access.sample b/access.sample index 5e3de53..984b180 100644 --- a/access.sample +++ b/access.sample @@ -349,95 +349,101 @@ # recipient(s). When multiple REDIRECT actions fire, # only the last one takes effect. # -# Note: this action overrides the FILTER action, and -# currently overrides all recipients of the message. +# Note 1: this action overrides the FILTER action, +# and currently overrides all recipients of the mes- +# sage. +# +# Note 2: a REDIRECT address is subject to canonical- +# ization (add missing domain) but NOT subject to +# canonical, masquerade, bcc, or virtual alias map- +# ping. # # This feature is available in Postfix 2.1 and later. # # INFO optional text... # Log an informational record with the optional text, -# together with client information and if available, -# with helo, sender, recipient and protocol informa- +# together with client information and if available, +# with helo, sender, recipient and protocol informa- # tion. # # This feature is available in Postfix 3.0 and later. # # WARN optional text... # Log a warning with the optional text, together with -# client information and if available, with helo, +# client information and if available, with helo, # sender, recipient and protocol information. # # This feature is available in Postfix 2.1 and later. # # ENHANCED STATUS CODES -# Postfix version 2.3 and later support enhanced status -# codes as defined in RFC 3463. When an enhanced status -# code is specified in an access table, it is subject to -# modification. The following transformations are needed -# when the same access table is used for client, helo, -# sender, or recipient access restrictions; they happen +# Postfix version 2.3 and later support enhanced status +# codes as defined in RFC 3463. When an enhanced status +# code is specified in an access table, it is subject to +# modification. The following transformations are needed +# when the same access table is used for client, helo, +# sender, or recipient access restrictions; they happen # regardless of whether Postfix replies to a MAIL FROM, RCPT # TO or other SMTP command. # -# o When a sender address matches a REJECT action, the -# Postfix SMTP server will transform a recipient DSN -# status (e.g., 4.1.1-4.1.6) into the corresponding +# o When a sender address matches a REJECT action, the +# Postfix SMTP server will transform a recipient DSN +# status (e.g., 4.1.1-4.1.6) into the corresponding # sender DSN status, and vice versa. # -# o When non-address information matches a REJECT -# action (such as the HELO command argument or the -# client hostname/address), the Postfix SMTP server -# will transform a sender or recipient DSN status -# into a generic non-address DSN status (e.g., +# o When non-address information matches a REJECT +# action (such as the HELO command argument or the +# client hostname/address), the Postfix SMTP server +# will transform a sender or recipient DSN status +# into a generic non-address DSN status (e.g., # 4.0.0). # # REGULAR EXPRESSION TABLES -# This section describes how the table lookups change when +# This section describes how the table lookups change when # the table is given in the form of regular expressions. For -# a description of regular expression lookup table syntax, +# a description of regular expression lookup table syntax, # see regexp_table(5) or pcre_table(5). # -# Each pattern is a regular expression that is applied to +# Each pattern is a regular expression that is applied to # the entire string being looked up. Depending on the appli- -# cation, that string is an entire client hostname, an +# cation, that string is an entire client hostname, an # entire client IP address, or an entire mail address. Thus, # no parent domain or parent network search is done, -# user@domain mail addresses are not broken up into their +# user@domain mail addresses are not broken up into their # user@ and domain constituent parts, nor is user+foo broken # up into user and foo. # -# Patterns are applied in the order as specified in the ta- -# ble, until a pattern is found that matches the search +# Patterns are applied in the order as specified in the ta- +# ble, until a pattern is found that matches the search # string. # -# Actions are the same as with indexed file lookups, with -# the additional feature that parenthesized substrings from +# Actions are the same as with indexed file lookups, with +# the additional feature that parenthesized substrings from # the pattern can be interpolated as $1, $2 and so on. # # TCP-BASED TABLES -# This section describes how the table lookups change when +# This section describes how the table lookups change when # lookups are directed to a TCP-based server. For a descrip- # tion of the TCP client/server lookup protocol, see tcp_ta- # ble(5). This feature is not available up to and including # Postfix version 2.4. # -# Each lookup operation uses the entire query string once. -# Depending on the application, that string is an entire +# Each lookup operation uses the entire query string once. +# Depending on the application, that string is an entire # client hostname, an entire client IP address, or an entire -# mail address. Thus, no parent domain or parent network -# search is done, user@domain mail addresses are not broken -# up into their user@ and domain constituent parts, nor is +# mail address. Thus, no parent domain or parent network +# search is done, user@domain mail addresses are not broken +# up into their user@ and domain constituent parts, nor is # user+foo broken up into user and foo. # # Actions are the same as with indexed file lookups. # # EXAMPLE -# The following example uses an indexed file, so that the -# order of table entries does not matter. The example per- -# mits access by the client at address 1.2.3.4 but rejects -# all other clients in 1.2.3.0/24. Instead of hash lookup -# tables, some systems use dbm. Use the command "postconf -# -m" to find out what lookup tables Postfix supports on +# The following example uses an indexed file, so that the +# order of table entries does not matter. The example per- +# mits access by the client at address 1.2.3.4 but rejects +# all other clients in 1.2.3.0/24. Instead of hash lookup +# tables, some systems use dbm. Use the command "postconf +# -m" to find out what lookup tables Postfix supports on # your system. # # /usr/local/etc/postfix/main.cf: @@ -448,11 +454,11 @@ # 1.2.3 REJECT # 1.2.3.4 OK # -# Execute the command "postmap /usr/local/etc/postfix/access" after +# Execute the command "postmap /usr/local/etc/postfix/access" after # editing the file. # # BUGS -# The table format does not understand quoting conventions. +# The table format does not understand quoting conventions. # # SEE ALSO # postmap(1), Postfix lookup table manager @@ -461,13 +467,13 @@ # transport(5), transport:nexthop syntax # # README FILES -# Use "postconf readme_directory" or "postconf html_direc- +# Use "postconf readme_directory" or "postconf html_direc- # tory" to locate this information. # SMTPD_ACCESS_README, built-in SMTP server access control # DATABASE_README, Postfix lookup table overview # # LICENSE -# The Secure Mailer license must be distributed with this +# The Secure Mailer license must be distributed with this # software. # # AUTHOR(S) diff --git a/aliases b/aliases index 280c3d2..f4b853c 100644 --- a/aliases +++ b/aliases @@ -44,30 +44,36 @@ decode: root # SYNOPSIS # newaliases # +# postalias -q name [file-type]:[file-name] +# # DESCRIPTION # The optional aliases(5) table (alias_maps) redirects mail # for local recipients. The redirections are processed by -# the Postfix local(8) delivery agent. +# the Postfix local(8) delivery agent. This table is always +# searched with an email address localpart (no domain por- +# tion). # # This is unlike virtual(5) aliasing (virtual_alias_maps) # which applies to all recipients: local(8), virtual, and # remote, and which is implemented by the cleanup(8) daemon. +# That table is often searched with a full email address +# (including domain). # # Normally, the aliases(5) table is specified as a text file -# that serves as input to the postalias(1) command. The -# result, an indexed file in dbm or db format, is used for -# fast lookup by the mail system. Execute the command -# newaliases in order to rebuild the indexed file after +# that serves as input to the postalias(1) command. The +# result, an indexed file in dbm or db format, is used for +# fast lookup by the mail system. Execute the command +# newaliases in order to rebuild the indexed file after # changing the Postfix alias database. # -# When the table is provided via other means such as NIS, -# LDAP or SQL, the same lookups are done as for ordinary +# When the table is provided via other means such as NIS, +# LDAP or SQL, the same lookups are done as for ordinary # indexed files. # -# Alternatively, the table can be provided as a regu- -# lar-expression map where patterns are given as regular -# expressions. In this case, the lookups are done in a -# slightly different way as described below under "REGULAR +# Alternatively, the table can be provided as a regu- +# lar-expression map where patterns are given as regular +# expressions. In this case, the lookups are done in a +# slightly different way as described below under "REGULAR # EXPRESSION TABLES". # # Users can control delivery of their own mail by setting up @@ -81,63 +87,64 @@ decode: root # # name: value1, value2, ... # -# o Empty lines and whitespace-only lines are ignored, -# as are lines whose first non-whitespace character +# o Empty lines and whitespace-only lines are ignored, +# as are lines whose first non-whitespace character # is a `#'. # -# o A logical line starts with non-whitespace text. A -# line that starts with whitespace continues a logi- +# o A logical line starts with non-whitespace text. A +# line that starts with whitespace continues a logi- # cal line. # -# The name is a local address (no domain part). Use double -# quotes when the name contains any special characters such -# as whitespace, `#', `:', or `@'. The name is folded to +# The name is a local address (no domain part). Use double +# quotes when the name contains any special characters such +# as whitespace, `#', `:', or `@'. The name is folded to # lowercase, in order to make database lookups case insensi- # tive. # -# In addition, when an alias exists for owner-name, this -# will override the envelope sender address, so that deliv- +# In addition, when an alias exists for owner-name, this +# will override the envelope sender address, so that deliv- # ery diagnostics are directed to owner-name, instead of the -# originator of the message (for details, see -# owner_request_special, expand_owner_alias and -# reset_owner_alias). This is typically used to direct -# delivery errors to the maintainer of a mailing list, who +# originator of the message (for details, see +# owner_request_special, expand_owner_alias and +# reset_owner_alias). This is typically used to direct +# delivery errors to the maintainer of a mailing list, who # is in a better position to deal with mailing list delivery # problems than the originator of the undelivered mail. # # The value contains one or more of the following: # # address -# Mail is forwarded to address, which is compatible +# Mail is forwarded to address, which is compatible # with the RFC 822 standard. # # /file/name -# Mail is appended to /file/name. For details on how -# a file is written see the sections "EXTERNAL FILE -# DELIVERY" and "DELIVERY RIGHTS" in the local(8) -# documentation. Delivery is not limited to regular -# files. For example, to dispose of unwanted mail, +# Mail is appended to /file/name. For details on how +# a file is written see the sections "EXTERNAL FILE +# DELIVERY" and "DELIVERY RIGHTS" in the local(8) +# documentation. Delivery is not limited to regular +# files. For example, to dispose of unwanted mail, # deflect it to /dev/null. # # |command -# Mail is piped into command. Commands that contain -# special characters, such as whitespace, should be -# enclosed between double quotes. For details on how -# a command is executed see "EXTERNAL COMMAND DELIV- +# Mail is piped into command. Commands that contain +# special characters, such as whitespace, should be +# enclosed between double quotes. For details on how +# a command is executed see "EXTERNAL COMMAND DELIV- # ERY" and "DELIVERY RIGHTS" in the local(8) documen- # tation. # # When the command fails, a limited amount of command -# output is mailed back to the sender. The file -# /usr/include/sysexits.h defines the expected exit -# status codes. For example, use "|exit 67" to simu- -# late a "user unknown" error, and "|exit 0" to +# output is mailed back to the sender. The file +# /usr/include/sysexits.h defines the expected exit +# status codes. For example, use "|exit 67" to simu- +# late a "user unknown" error, and "|exit 0" to # implement an expensive black hole. # # :include:/file/name -# Mail is sent to the destinations listed in the +# Mail is sent to the destinations listed in the # named file. Lines in :include: files have the same -# syntax as the right-hand side of alias entries. +# syntax as the right-hand side of aliases(5) +# entries. # # A destination can be any destination that is # described in this manual page. However, delivery to @@ -199,46 +206,49 @@ decode: root # updated with "newaliases" or with "sendmail -bi". # # alias_maps (see 'postconf -d' output) -# Optional lookup tables with aliases that apply only -# to local(8) recipients; this is unlike vir- -# tual_alias_maps that apply to all recipients: -# local(8), virtual, and remote. +# Optional lookup tables that are searched only with +# an email address localpart (no domain) and that +# apply only to local(8) recipients; this is unlike +# virtual_alias_maps that are often searched with a +# full email address (including domain) and that +# apply to all recipients: local(8), virtual, and +# remote. # # allow_mail_to_commands (alias, forward) -# Restrict local(8) mail delivery to external com- +# Restrict local(8) mail delivery to external com- # mands. # # allow_mail_to_files (alias, forward) -# Restrict local(8) mail delivery to external files. +# Restrict local(8) mail delivery to external files. # # expand_owner_alias (no) # When delivering to an alias "aliasname" that has an # "owner-aliasname" companion alias, set the envelope -# sender address to the expansion of the +# sender address to the expansion of the # "owner-aliasname" alias. # # propagate_unmatched_extensions (canonical, virtual) -# What address lookup tables copy an address exten- +# What address lookup tables copy an address exten- # sion from the lookup key to the lookup result. # # owner_request_special (yes) # Enable special treatment for owner-listname entries # in the aliases(5) file, and don't split owner-list- -# name and listname-request address localparts when +# name and listname-request address localparts when # the recipient_delimiter is set to "-". # # recipient_delimiter (empty) -# The set of characters that can separate an email -# address localpart, user name, or a .forward file +# The set of characters that can separate an email +# address localpart, user name, or a .forward file # name from its extension. # # Available in Postfix version 2.3 and later: # # frozen_delivered_to (yes) -# Update the local(8) delivery agent's idea of the -# Delivered-To: address (see prepend_deliv- -# ered_header) only once, at the start of a delivery -# attempt; do not update the Delivered-To: address +# Update the local(8) delivery agent's idea of the +# Delivered-To: address (see prepend_deliv- +# ered_header) only once, at the start of a delivery +# attempt; do not update the Delivered-To: address # while expanding aliases or .forward files. # # STANDARDS @@ -251,12 +261,12 @@ decode: root # postconf(5), configuration parameters # # README FILES -# Use "postconf readme_directory" or "postconf html_direc- +# Use "postconf readme_directory" or "postconf html_direc- # tory" to locate this information. # DATABASE_README, Postfix lookup table overview # # LICENSE -# The Secure Mailer license must be distributed with this +# The Secure Mailer license must be distributed with this # software. # # AUTHOR(S) diff --git a/aliases.sample b/aliases.sample index 280c3d2..f4b853c 100644 --- a/aliases.sample +++ b/aliases.sample @@ -44,30 +44,36 @@ decode: root # SYNOPSIS # newaliases # +# postalias -q name [file-type]:[file-name] +# # DESCRIPTION # The optional aliases(5) table (alias_maps) redirects mail # for local recipients. The redirections are processed by -# the Postfix local(8) delivery agent. +# the Postfix local(8) delivery agent. This table is always +# searched with an email address localpart (no domain por- +# tion). # # This is unlike virtual(5) aliasing (virtual_alias_maps) # which applies to all recipients: local(8), virtual, and # remote, and which is implemented by the cleanup(8) daemon. +# That table is often searched with a full email address +# (including domain). # # Normally, the aliases(5) table is specified as a text file -# that serves as input to the postalias(1) command. The -# result, an indexed file in dbm or db format, is used for -# fast lookup by the mail system. Execute the command -# newaliases in order to rebuild the indexed file after +# that serves as input to the postalias(1) command. The +# result, an indexed file in dbm or db format, is used for +# fast lookup by the mail system. Execute the command +# newaliases in order to rebuild the indexed file after # changing the Postfix alias database. # -# When the table is provided via other means such as NIS, -# LDAP or SQL, the same lookups are done as for ordinary +# When the table is provided via other means such as NIS, +# LDAP or SQL, the same lookups are done as for ordinary # indexed files. # -# Alternatively, the table can be provided as a regu- -# lar-expression map where patterns are given as regular -# expressions. In this case, the lookups are done in a -# slightly different way as described below under "REGULAR +# Alternatively, the table can be provided as a regu- +# lar-expression map where patterns are given as regular +# expressions. In this case, the lookups are done in a +# slightly different way as described below under "REGULAR # EXPRESSION TABLES". # # Users can control delivery of their own mail by setting up @@ -81,63 +87,64 @@ decode: root # # name: value1, value2, ... # -# o Empty lines and whitespace-only lines are ignored, -# as are lines whose first non-whitespace character +# o Empty lines and whitespace-only lines are ignored, +# as are lines whose first non-whitespace character # is a `#'. # -# o A logical line starts with non-whitespace text. A -# line that starts with whitespace continues a logi- +# o A logical line starts with non-whitespace text. A +# line that starts with whitespace continues a logi- # cal line. # -# The name is a local address (no domain part). Use double -# quotes when the name contains any special characters such -# as whitespace, `#', `:', or `@'. The name is folded to +# The name is a local address (no domain part). Use double +# quotes when the name contains any special characters such +# as whitespace, `#', `:', or `@'. The name is folded to # lowercase, in order to make database lookups case insensi- # tive. # -# In addition, when an alias exists for owner-name, this -# will override the envelope sender address, so that deliv- +# In addition, when an alias exists for owner-name, this +# will override the envelope sender address, so that deliv- # ery diagnostics are directed to owner-name, instead of the -# originator of the message (for details, see -# owner_request_special, expand_owner_alias and -# reset_owner_alias). This is typically used to direct -# delivery errors to the maintainer of a mailing list, who +# originator of the message (for details, see +# owner_request_special, expand_owner_alias and +# reset_owner_alias). This is typically used to direct +# delivery errors to the maintainer of a mailing list, who # is in a better position to deal with mailing list delivery # problems than the originator of the undelivered mail. # # The value contains one or more of the following: # # address -# Mail is forwarded to address, which is compatible +# Mail is forwarded to address, which is compatible # with the RFC 822 standard. # # /file/name -# Mail is appended to /file/name. For details on how -# a file is written see the sections "EXTERNAL FILE -# DELIVERY" and "DELIVERY RIGHTS" in the local(8) -# documentation. Delivery is not limited to regular -# files. For example, to dispose of unwanted mail, +# Mail is appended to /file/name. For details on how +# a file is written see the sections "EXTERNAL FILE +# DELIVERY" and "DELIVERY RIGHTS" in the local(8) +# documentation. Delivery is not limited to regular +# files. For example, to dispose of unwanted mail, # deflect it to /dev/null. # # |command -# Mail is piped into command. Commands that contain -# special characters, such as whitespace, should be -# enclosed between double quotes. For details on how -# a command is executed see "EXTERNAL COMMAND DELIV- +# Mail is piped into command. Commands that contain +# special characters, such as whitespace, should be +# enclosed between double quotes. For details on how +# a command is executed see "EXTERNAL COMMAND DELIV- # ERY" and "DELIVERY RIGHTS" in the local(8) documen- # tation. # # When the command fails, a limited amount of command -# output is mailed back to the sender. The file -# /usr/include/sysexits.h defines the expected exit -# status codes. For example, use "|exit 67" to simu- -# late a "user unknown" error, and "|exit 0" to +# output is mailed back to the sender. The file +# /usr/include/sysexits.h defines the expected exit +# status codes. For example, use "|exit 67" to simu- +# late a "user unknown" error, and "|exit 0" to # implement an expensive black hole. # # :include:/file/name -# Mail is sent to the destinations listed in the +# Mail is sent to the destinations listed in the # named file. Lines in :include: files have the same -# syntax as the right-hand side of alias entries. +# syntax as the right-hand side of aliases(5) +# entries. # # A destination can be any destination that is # described in this manual page. However, delivery to @@ -199,46 +206,49 @@ decode: root # updated with "newaliases" or with "sendmail -bi". # # alias_maps (see 'postconf -d' output) -# Optional lookup tables with aliases that apply only -# to local(8) recipients; this is unlike vir- -# tual_alias_maps that apply to all recipients: -# local(8), virtual, and remote. +# Optional lookup tables that are searched only with +# an email address localpart (no domain) and that +# apply only to local(8) recipients; this is unlike +# virtual_alias_maps that are often searched with a +# full email address (including domain) and that +# apply to all recipients: local(8), virtual, and +# remote. # # allow_mail_to_commands (alias, forward) -# Restrict local(8) mail delivery to external com- +# Restrict local(8) mail delivery to external com- # mands. # # allow_mail_to_files (alias, forward) -# Restrict local(8) mail delivery to external files. +# Restrict local(8) mail delivery to external files. # # expand_owner_alias (no) # When delivering to an alias "aliasname" that has an # "owner-aliasname" companion alias, set the envelope -# sender address to the expansion of the +# sender address to the expansion of the # "owner-aliasname" alias. # # propagate_unmatched_extensions (canonical, virtual) -# What address lookup tables copy an address exten- +# What address lookup tables copy an address exten- # sion from the lookup key to the lookup result. # # owner_request_special (yes) # Enable special treatment for owner-listname entries # in the aliases(5) file, and don't split owner-list- -# name and listname-request address localparts when +# name and listname-request address localparts when # the recipient_delimiter is set to "-". # # recipient_delimiter (empty) -# The set of characters that can separate an email -# address localpart, user name, or a .forward file +# The set of characters that can separate an email +# address localpart, user name, or a .forward file # name from its extension. # # Available in Postfix version 2.3 and later: # # frozen_delivered_to (yes) -# Update the local(8) delivery agent's idea of the -# Delivered-To: address (see prepend_deliv- -# ered_header) only once, at the start of a delivery -# attempt; do not update the Delivered-To: address +# Update the local(8) delivery agent's idea of the +# Delivered-To: address (see prepend_deliv- +# ered_header) only once, at the start of a delivery +# attempt; do not update the Delivered-To: address # while expanding aliases or .forward files. # # STANDARDS @@ -251,12 +261,12 @@ decode: root # postconf(5), configuration parameters # # README FILES -# Use "postconf readme_directory" or "postconf html_direc- +# Use "postconf readme_directory" or "postconf html_direc- # tory" to locate this information. # DATABASE_README, Postfix lookup table overview # # LICENSE -# The Secure Mailer license must be distributed with this +# The Secure Mailer license must be distributed with this # software. # # AUTHOR(S) diff --git a/header_checks b/header_checks index f36f2e3..8211d4e 100644 --- a/header_checks +++ b/header_checks @@ -346,10 +346,15 @@ # message is queued, it will be sent to the specified # address instead of the intended recipient(s). # -# Note: this action overrides the FILTER action, and -# affects all recipients of the message. If multiple -# REDIRECT actions fire, only the last one is exe- -# cuted. +# Note 1: this action overrides the FILTER action, +# and affects all recipients of the message. If mul- +# tiple REDIRECT actions fire, only the last one is +# executed. +# +# Note 2: a REDIRECT address is subject to canonical- +# ization (add missing domain) but NOT subject to +# canonical, masquerade, bcc, or virtual alias map- +# ping. # # This feature is available in Postfix 2.1 and later. # @@ -357,34 +362,34 @@ # checks. # # REPLACE text... -# Replace the current line with the specified text, +# Replace the current line with the specified text, # and inspect the next input line. # # This feature is available in Postfix 2.2 and later. -# The description below applies to Postfix 2.2.2 and +# The description below applies to Postfix 2.2.2 and # later. # # Notes: # -# o When replacing a message header line, the -# replacement text must begin with a valid +# o When replacing a message header line, the +# replacement text must begin with a valid # header label. # -# o The replaced text remains part of the input -# stream. Unlike the result from the PREPEND -# action, a replaced message header may be -# subject to address rewriting and may affect -# the way that Postfix adds missing message +# o The replaced text remains part of the input +# stream. Unlike the result from the PREPEND +# action, a replaced message header may be +# subject to address rewriting and may affect +# the way that Postfix adds missing message # headers. # # REJECT optional text... -# Reject the entire message. Do not inspect the -# remainder of the input message. Reply with -# optional text... when the optional text is speci- +# Reject the entire message. Do not inspect the +# remainder of the input message. Reply with +# optional text... when the optional text is speci- # fied, otherwise reply with a generic error message. # -# Note: this action disables further header or -# body_checks inspection of the current message and +# Note: this action disables further header or +# body_checks inspection of the current message and # affects all recipients. # # Postfix version 2.3 and later support enhanced sta- @@ -398,80 +403,80 @@ # STRIP optional text... # Log a "strip:" record with the optional text... (or # log a generic text), delete the input line from the -# input, and inspect the next input line. See IGNORE +# input, and inspect the next input line. See IGNORE # for a silent alternative. # # This feature is available in Postfix 3.2 and later. # # WARN optional text... -# Log a "warning:" record with the optional text... +# Log a "warning:" record with the optional text... # (or log a generic text), and inspect the next input -# line. This action is useful for debugging and for -# testing a pattern before applying more drastic +# line. This action is useful for debugging and for +# testing a pattern before applying more drastic # actions. # # BUGS # Empty lines never match, because some map types mis-behave -# when given a zero-length search string. This limitation -# may be removed for regular expression tables in a future +# when given a zero-length search string. This limitation +# may be removed for regular expression tables in a future # release. # -# Many people overlook the main limitations of header and +# Many people overlook the main limitations of header and # body_checks rules. # -# o These rules operate on one logical message header +# o These rules operate on one logical message header # or one body line at a time. A decision made for one # line is not carried over to the next line. # -# o If text in the message body is encoded (RFC 2045) +# o If text in the message body is encoded (RFC 2045) # then the rules need to be specified for the encoded # form. # -# o Likewise, when message headers are encoded (RFC -# 2047) then the rules need to be specified for the +# o Likewise, when message headers are encoded (RFC +# 2047) then the rules need to be specified for the # encoded form. # -# Message headers added by the cleanup(8) daemon itself are +# Message headers added by the cleanup(8) daemon itself are # excluded from inspection. Examples of such message headers # are From:, To:, Message-ID:, Date:. # -# Message headers deleted by the cleanup(8) daemon will be +# Message headers deleted by the cleanup(8) daemon will be # examined before they are deleted. Examples are: Bcc:, Con- # tent-Length:, Return-Path:. # # CONFIGURATION PARAMETERS # body_checks (empty) -# Optional lookup tables for content inspection as +# Optional lookup tables for content inspection as # specified in the body_checks(5) manual page. # # body_checks_size_limit (51200) # How much text in a message body segment (or attach- -# ment, if you prefer to use that term) is subjected +# ment, if you prefer to use that term) is subjected # to body_checks inspection. # # header_checks (empty) -# Optional lookup tables for content inspection of -# primary non-MIME message headers, as specified in +# Optional lookup tables for content inspection of +# primary non-MIME message headers, as specified in # the header_checks(5) manual page. # # mime_header_checks ($header_checks) -# Optional lookup tables for content inspection of -# MIME related message headers, as described in the +# Optional lookup tables for content inspection of +# MIME related message headers, as described in the # header_checks(5) manual page. # # nested_header_checks ($header_checks) -# Optional lookup tables for content inspection of -# non-MIME message headers in attached messages, as +# Optional lookup tables for content inspection of +# non-MIME message headers in attached messages, as # described in the header_checks(5) manual page. # # disable_mime_input_processing (no) # Turn off MIME processing while receiving mail. # # EXAMPLES -# Header pattern to block attachments with bad file name -# extensions. For convenience, the PCRE /x flag is speci- -# fied, so that there is no need to collapse the pattern -# into a single line of text. The purpose of the +# Header pattern to block attachments with bad file name +# extensions. For convenience, the PCRE /x flag is speci- +# fied, so that there is no need to collapse the pattern +# into a single line of text. The purpose of the # [[:xdigit:]] sub-expressions is to recognize Windows CLSID # strings. # @@ -510,7 +515,7 @@ # RFC 2047, message header encoding for non-ASCII text # # README FILES -# Use "postconf readme_directory" or "postconf html_direc- +# Use "postconf readme_directory" or "postconf html_direc- # tory" to locate this information. # DATABASE_README, Postfix lookup table overview # CONTENT_INSPECTION_README, Postfix content inspection overview @@ -518,7 +523,7 @@ # BACKSCATTER_README, blocking returned forged mail # # LICENSE -# The Secure Mailer license must be distributed with this +# The Secure Mailer license must be distributed with this # software. # # AUTHOR(S) diff --git a/header_checks.sample b/header_checks.sample index f36f2e3..8211d4e 100644 --- a/header_checks.sample +++ b/header_checks.sample @@ -346,10 +346,15 @@ # message is queued, it will be sent to the specified # address instead of the intended recipient(s). # -# Note: this action overrides the FILTER action, and -# affects all recipients of the message. If multiple -# REDIRECT actions fire, only the last one is exe- -# cuted. +# Note 1: this action overrides the FILTER action, +# and affects all recipients of the message. If mul- +# tiple REDIRECT actions fire, only the last one is +# executed. +# +# Note 2: a REDIRECT address is subject to canonical- +# ization (add missing domain) but NOT subject to +# canonical, masquerade, bcc, or virtual alias map- +# ping. # # This feature is available in Postfix 2.1 and later. # @@ -357,34 +362,34 @@ # checks. # # REPLACE text... -# Replace the current line with the specified text, +# Replace the current line with the specified text, # and inspect the next input line. # # This feature is available in Postfix 2.2 and later. -# The description below applies to Postfix 2.2.2 and +# The description below applies to Postfix 2.2.2 and # later. # # Notes: # -# o When replacing a message header line, the -# replacement text must begin with a valid +# o When replacing a message header line, the +# replacement text must begin with a valid # header label. # -# o The replaced text remains part of the input -# stream. Unlike the result from the PREPEND -# action, a replaced message header may be -# subject to address rewriting and may affect -# the way that Postfix adds missing message +# o The replaced text remains part of the input +# stream. Unlike the result from the PREPEND +# action, a replaced message header may be +# subject to address rewriting and may affect +# the way that Postfix adds missing message # headers. # # REJECT optional text... -# Reject the entire message. Do not inspect the -# remainder of the input message. Reply with -# optional text... when the optional text is speci- +# Reject the entire message. Do not inspect the +# remainder of the input message. Reply with +# optional text... when the optional text is speci- # fied, otherwise reply with a generic error message. # -# Note: this action disables further header or -# body_checks inspection of the current message and +# Note: this action disables further header or +# body_checks inspection of the current message and # affects all recipients. # # Postfix version 2.3 and later support enhanced sta- @@ -398,80 +403,80 @@ # STRIP optional text... # Log a "strip:" record with the optional text... (or # log a generic text), delete the input line from the -# input, and inspect the next input line. See IGNORE +# input, and inspect the next input line. See IGNORE # for a silent alternative. # # This feature is available in Postfix 3.2 and later. # # WARN optional text... -# Log a "warning:" record with the optional text... +# Log a "warning:" record with the optional text... # (or log a generic text), and inspect the next input -# line. This action is useful for debugging and for -# testing a pattern before applying more drastic +# line. This action is useful for debugging and for +# testing a pattern before applying more drastic # actions. # # BUGS # Empty lines never match, because some map types mis-behave -# when given a zero-length search string. This limitation -# may be removed for regular expression tables in a future +# when given a zero-length search string. This limitation +# may be removed for regular expression tables in a future # release. # -# Many people overlook the main limitations of header and +# Many people overlook the main limitations of header and # body_checks rules. # -# o These rules operate on one logical message header +# o These rules operate on one logical message header # or one body line at a time. A decision made for one # line is not carried over to the next line. # -# o If text in the message body is encoded (RFC 2045) +# o If text in the message body is encoded (RFC 2045) # then the rules need to be specified for the encoded # form. # -# o Likewise, when message headers are encoded (RFC -# 2047) then the rules need to be specified for the +# o Likewise, when message headers are encoded (RFC +# 2047) then the rules need to be specified for the # encoded form. # -# Message headers added by the cleanup(8) daemon itself are +# Message headers added by the cleanup(8) daemon itself are # excluded from inspection. Examples of such message headers # are From:, To:, Message-ID:, Date:. # -# Message headers deleted by the cleanup(8) daemon will be +# Message headers deleted by the cleanup(8) daemon will be # examined before they are deleted. Examples are: Bcc:, Con- # tent-Length:, Return-Path:. # # CONFIGURATION PARAMETERS # body_checks (empty) -# Optional lookup tables for content inspection as +# Optional lookup tables for content inspection as # specified in the body_checks(5) manual page. # # body_checks_size_limit (51200) # How much text in a message body segment (or attach- -# ment, if you prefer to use that term) is subjected +# ment, if you prefer to use that term) is subjected # to body_checks inspection. # # header_checks (empty) -# Optional lookup tables for content inspection of -# primary non-MIME message headers, as specified in +# Optional lookup tables for content inspection of +# primary non-MIME message headers, as specified in # the header_checks(5) manual page. # # mime_header_checks ($header_checks) -# Optional lookup tables for content inspection of -# MIME related message headers, as described in the +# Optional lookup tables for content inspection of +# MIME related message headers, as described in the # header_checks(5) manual page. # # nested_header_checks ($header_checks) -# Optional lookup tables for content inspection of -# non-MIME message headers in attached messages, as +# Optional lookup tables for content inspection of +# non-MIME message headers in attached messages, as # described in the header_checks(5) manual page. # # disable_mime_input_processing (no) # Turn off MIME processing while receiving mail. # # EXAMPLES -# Header pattern to block attachments with bad file name -# extensions. For convenience, the PCRE /x flag is speci- -# fied, so that there is no need to collapse the pattern -# into a single line of text. The purpose of the +# Header pattern to block attachments with bad file name +# extensions. For convenience, the PCRE /x flag is speci- +# fied, so that there is no need to collapse the pattern +# into a single line of text. The purpose of the # [[:xdigit:]] sub-expressions is to recognize Windows CLSID # strings. # @@ -510,7 +515,7 @@ # RFC 2047, message header encoding for non-ASCII text # # README FILES -# Use "postconf readme_directory" or "postconf html_direc- +# Use "postconf readme_directory" or "postconf html_direc- # tory" to locate this information. # DATABASE_README, Postfix lookup table overview # CONTENT_INSPECTION_README, Postfix content inspection overview @@ -518,7 +523,7 @@ # BACKSCATTER_README, blocking returned forged mail # # LICENSE -# The Secure Mailer license must be distributed with this +# The Secure Mailer license must be distributed with this # software. # # AUTHOR(S) diff --git a/main.cf b/main.cf index f2a4a5a..d720dfe 100644 --- a/main.cf +++ b/main.cf @@ -725,3 +725,9 @@ smtpd_recipient_restrictions = meta_directory = /usr/local/libexec/postfix shlib_directory = /usr/local/lib/postfix + +# opendkim +milter_default_action = accept +milter_protocol = 6 +smtpd_milters = inet:localhost:8891 +non_smtpd_milters = $smtpd_milters diff --git a/main.cf.default b/main.cf.default index 99d8513..83037a5 100644 --- a/main.cf.default +++ b/main.cf.default @@ -168,6 +168,7 @@ fork_delay = 1s forward_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ forward_path = $home/.forward${recipient_delimiter}${extension}, $home/.forward frozen_delivered_to = yes +full_name_encoding_charset = utf-8 hash_queue_depth = 1 hash_queue_names = deferred, defer header_address_token_limit = 10240 @@ -313,6 +314,9 @@ lmtp_tls_session_cache_timeout = 3600s lmtp_tls_trust_anchor_file = lmtp_tls_verify_cert_match = hostname lmtp_tls_wrappermode = no +lmtp_tlsrpt_enable = no +lmtp_tlsrpt_skip_reused_handshakes = yes +lmtp_tlsrpt_socket_name = lmtp_transport_rate_delay = $default_transport_rate_delay lmtp_use_tls = no lmtp_xforward_timeout = 300s @@ -341,9 +345,9 @@ local_transport_rate_delay = $default_transport_rate_delay luser_relay = mail_name = Postfix mail_owner = postfix -mail_release_date = 20241204 +mail_release_date = 20250710 mail_spool_directory = /var/mail -mail_version = 3.9.1 +mail_version = 3.10.3 mailbox_command = mailbox_command_maps = mailbox_delivery_lock = flock, dotlock @@ -653,7 +657,7 @@ smtp_tls_cert_file = smtp_tls_chain_files = smtp_tls_ciphers = medium smtp_tls_connection_reuse = no -smtp_tls_dane_insecure_mx_policy = ${{$smtp_tls_security_level} == {dane} ? {dane} : {may}} +smtp_tls_dane_insecure_mx_policy = dane smtp_tls_dcert_file = smtp_tls_dkey_file = $smtp_tls_dcert_file smtp_tls_eccert_file = @@ -682,6 +686,9 @@ smtp_tls_session_cache_timeout = 3600s smtp_tls_trust_anchor_file = smtp_tls_verify_cert_match = hostname smtp_tls_wrappermode = no +smtp_tlsrpt_enable = no +smtp_tlsrpt_skip_reused_handshakes = yes +smtp_tlsrpt_socket_name = smtp_transport_rate_delay = $default_transport_rate_delay smtp_use_tls = no smtp_xforward_timeout = 300s @@ -720,6 +727,7 @@ smtpd_forbidden_commands = CONNECT GET POST regexp:{{/^[^A-Z]/ Bogus}} smtpd_hard_error_limit = ${stress?{1}:{20}} smtpd_helo_required = no smtpd_helo_restrictions = +smtpd_hide_client_session = no smtpd_history_flush_threshold = 100 smtpd_junk_command_limit = ${stress?{1}:{100}} smtpd_log_access_permit_actions = @@ -805,6 +813,7 @@ smtpd_upstream_proxy_timeout = 5s smtpd_use_tls = no smtputf8_autodetect_classes = sendmail, verify smtputf8_enable = ${{$compatibility_level} _restrictions here, # specify "smtpd__restrictions=$mua__restrictions" @@ -37,9 +39,11 @@ smtp inet n - n - - smtpd #127.0.0.1:submissions inet n - n - - smtpd #submissions inet n - n - - smtpd # -o syslog_name=postfix/submissions +# -o smtpd_forbid_unauth_pipelining=no # -o smtpd_tls_wrappermode=yes # -o smtpd_sasl_auth_enable=yes # -o local_header_rewrite_clients=static:all +# -o smtpd_hide_client_session=yes # -o smtpd_reject_unlisted_recipient=no # Instead of specifying complex smtpd__restrictions here, # specify "smtpd__restrictions=$mua__restrictions" diff --git a/virtual b/virtual index 89b37b9..71127f5 100644 --- a/virtual +++ b/virtual @@ -14,10 +14,12 @@ # The optional virtual(5) alias table (virtual_alias_maps) # applies to all recipients: local(8), virtual, and remote. # This feature is implemented in the Postfix cleanup(8) dae- -# mon before mail is queued. +# mon before mail is queued. These tables are often queried +# with a full email address (including domain). # -# This is unlike the aliases(5) table (alias_maps) which -# applies only to local(8) recipients. +# This is unlike the aliases(5) table (alias_maps) which +# applies only to local(8) recipients. That table is only +# queried with the email address localpart (no domain). # # Virtual aliasing is recursive; to terminate recursion for # a specific address, alias that address to itself. @@ -256,46 +258,48 @@ # command after a configuration change. # # virtual_alias_maps ($virtual_maps) -# Optional lookup tables with aliases that apply to -# all recipients: local(8), virtual, and remote; this -# is unlike alias_maps that apply only to local(8) -# recipients. +# Optional lookup tables that are often searched with +# a full email address (including domain) and that +# apply to all recipients: local(8), virtual, and +# remote; this is unlike alias_maps that are only +# searched with an email address localpart (no +# domain) and that apply only to local(8) recipients. # # virtual_alias_domains ($virtual_alias_maps) -# Postfix is the final destination for the specified +# Postfix is the final destination for the specified # list of virtual alias domains, that is, domains for -# which all addresses are aliased to addresses in +# which all addresses are aliased to addresses in # other local or remote domains. # # propagate_unmatched_extensions (canonical, virtual) -# What address lookup tables copy an address exten- +# What address lookup tables copy an address exten- # sion from the lookup key to the lookup result. # # Other parameters of interest: # # inet_interfaces (all) -# The local network interface addresses that this +# The local network interface addresses that this # mail system receives mail on. # # mydestination ($myhostname, localhost.$mydomain, local- # host) -# The list of domains that are delivered via the +# The list of domains that are delivered via the # $local_transport mail delivery transport. # # myorigin ($myhostname) # The domain name that locally-posted mail appears to -# come from, and that locally posted mail is deliv- +# come from, and that locally posted mail is deliv- # ered to. # # owner_request_special (yes) # Enable special treatment for owner-listname entries # in the aliases(5) file, and don't split owner-list- -# name and listname-request address localparts when +# name and listname-request address localparts when # the recipient_delimiter is set to "-". # # proxy_interfaces (empty) -# The remote network interface addresses that this -# mail system receives mail on by way of a proxy or +# The remote network interface addresses that this +# mail system receives mail on by way of a proxy or # network address translation unit. # # SEE ALSO @@ -305,14 +309,14 @@ # canonical(5), canonical address mapping # # README FILES -# Use "postconf readme_directory" or "postconf html_direc- +# Use "postconf readme_directory" or "postconf html_direc- # tory" to locate this information. # ADDRESS_REWRITING_README, address rewriting guide # DATABASE_README, Postfix lookup table overview # VIRTUAL_README, domain hosting guide # # LICENSE -# The Secure Mailer license must be distributed with this +# The Secure Mailer license must be distributed with this # software. # # AUTHOR(S) diff --git a/virtual.sample b/virtual.sample index 89b37b9..71127f5 100644 --- a/virtual.sample +++ b/virtual.sample @@ -14,10 +14,12 @@ # The optional virtual(5) alias table (virtual_alias_maps) # applies to all recipients: local(8), virtual, and remote. # This feature is implemented in the Postfix cleanup(8) dae- -# mon before mail is queued. +# mon before mail is queued. These tables are often queried +# with a full email address (including domain). # -# This is unlike the aliases(5) table (alias_maps) which -# applies only to local(8) recipients. +# This is unlike the aliases(5) table (alias_maps) which +# applies only to local(8) recipients. That table is only +# queried with the email address localpart (no domain). # # Virtual aliasing is recursive; to terminate recursion for # a specific address, alias that address to itself. @@ -256,46 +258,48 @@ # command after a configuration change. # # virtual_alias_maps ($virtual_maps) -# Optional lookup tables with aliases that apply to -# all recipients: local(8), virtual, and remote; this -# is unlike alias_maps that apply only to local(8) -# recipients. +# Optional lookup tables that are often searched with +# a full email address (including domain) and that +# apply to all recipients: local(8), virtual, and +# remote; this is unlike alias_maps that are only +# searched with an email address localpart (no +# domain) and that apply only to local(8) recipients. # # virtual_alias_domains ($virtual_alias_maps) -# Postfix is the final destination for the specified +# Postfix is the final destination for the specified # list of virtual alias domains, that is, domains for -# which all addresses are aliased to addresses in +# which all addresses are aliased to addresses in # other local or remote domains. # # propagate_unmatched_extensions (canonical, virtual) -# What address lookup tables copy an address exten- +# What address lookup tables copy an address exten- # sion from the lookup key to the lookup result. # # Other parameters of interest: # # inet_interfaces (all) -# The local network interface addresses that this +# The local network interface addresses that this # mail system receives mail on. # # mydestination ($myhostname, localhost.$mydomain, local- # host) -# The list of domains that are delivered via the +# The list of domains that are delivered via the # $local_transport mail delivery transport. # # myorigin ($myhostname) # The domain name that locally-posted mail appears to -# come from, and that locally posted mail is deliv- +# come from, and that locally posted mail is deliv- # ered to. # # owner_request_special (yes) # Enable special treatment for owner-listname entries # in the aliases(5) file, and don't split owner-list- -# name and listname-request address localparts when +# name and listname-request address localparts when # the recipient_delimiter is set to "-". # # proxy_interfaces (empty) -# The remote network interface addresses that this -# mail system receives mail on by way of a proxy or +# The remote network interface addresses that this +# mail system receives mail on by way of a proxy or # network address translation unit. # # SEE ALSO @@ -305,14 +309,14 @@ # canonical(5), canonical address mapping # # README FILES -# Use "postconf readme_directory" or "postconf html_direc- +# Use "postconf readme_directory" or "postconf html_direc- # tory" to locate this information. # ADDRESS_REWRITING_README, address rewriting guide # DATABASE_README, Postfix lookup table overview # VIRTUAL_README, domain hosting guide # # LICENSE -# The Secure Mailer license must be distributed with this +# The Secure Mailer license must be distributed with this # software. # # AUTHOR(S)