autoupdate

[postfix-master.git] / postfix-master / postscreen.8.html

<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
        "http://www.w3.org/TR/html4/loose.dtd">
<html> <head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<title> Postfix manual - postscreen(8) </title>
</head> <body> <pre>
POSTSCREEN(8)                                                    POSTSCREEN(8)

<b>NAME</b>
       postscreen - Postfix zombie blocker

<b>SYNOPSIS</b>
       <b>postscreen</b> [generic Postfix daemon options]

<b>DESCRIPTION</b>
       The Postfix <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server performs triage on multi-
       ple inbound SMTP connections at the  same  time.  While  a
       single  <a href="postscreen.8.html"><b>postscreen</b>(8)</a>  process  keeps  spambots  away from
       Postfix SMTP server processes, more  Postfix  SMTP  server
       processes remain available for legitimate clients.

       This program should not be used on SMTP ports that receive
       mail from end-user clients (MUAs). In  a  typical  deploy-
       ment,  <a href="postscreen.8.html"><b>postscreen</b>(8)</a>  is  used  on  the "port 25" service,
       while MUA clients submit mail via the <b>submission</b>  service.

       <a href="postscreen.8.html"><b>postscreen</b>(8)</a>  maintains a temporary whitelist for clients
       that have passed a number of tests.  When an  SMTP  client
       IP  address  is  whitelisted,  <a href="postscreen.8.html"><b>postscreen</b>(8)</a> hands off the
       connection immediately to a Postfix SMTP  server  process.
       This minimizes the overhead for legitimate mail.

       By  default,  <a href="postscreen.8.html"><b>postscreen</b>(8)</a>  logs statistics and hands off
       every connection to a Postfix SMTP server  process,  while
       excluding clients in <a href="postconf.5.html#mynetworks">mynetworks</a> from all tests (primarily,
       to avoid problems with non-standard  SMTP  implementations
       in  network  appliances).   This  mode  is useful for non-
       destructive testing.

       In a typical production setting, <a href="postscreen.8.html"><b>postscreen</b>(8)</a> is  config-
       ured  to  reject  mail  from clients that fail one or more
       tests. <a href="postscreen.8.html"><b>postscreen</b>(8)</a> logs rejected mail  with  the  client
       address, helo, sender and recipient information.

       <a href="postscreen.8.html"><b>postscreen</b>(8)</a>  is  not an SMTP proxy; this is intentional.
       The purpose is to keep spambots  away  from  Postfix  SMTP
       server processes, while minimizing overhead for legitimate
       traffic.

<b>SECURITY</b>
       The <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server is moderately security-sensitive.
       It  talks to untrusted clients on the network. The process
       can be run chrooted at fixed low privilege.

<b>STANDARDS</b>
       <a href="http://tools.ietf.org/html/rfc821">RFC 821</a> (SMTP protocol)
       <a href="http://tools.ietf.org/html/rfc1123">RFC 1123</a> (Host requirements)
       <a href="http://tools.ietf.org/html/rfc1652">RFC 1652</a> (8bit-MIME transport)
       <a href="http://tools.ietf.org/html/rfc1869">RFC 1869</a> (SMTP service extensions)
       <a href="http://tools.ietf.org/html/rfc1870">RFC 1870</a> (Message Size Declaration)
       <a href="http://tools.ietf.org/html/rfc1985">RFC 1985</a> (ETRN command)
       <a href="http://tools.ietf.org/html/rfc2034">RFC 2034</a> (SMTP Enhanced Status Codes)
       <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a> (SMTP protocol)
       Not: <a href="http://tools.ietf.org/html/rfc2920">RFC 2920</a> (SMTP Pipelining)
       <a href="http://tools.ietf.org/html/rfc3207">RFC 3207</a> (STARTTLS command)
       <a href="http://tools.ietf.org/html/rfc3461">RFC 3461</a> (SMTP DSN Extension)
       <a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced Status Codes)
       <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a> (SMTP protocol, including multi-line 220 banners)

<b>DIAGNOSTICS</b>
       Problems and transactions are logged to <b>syslogd</b>(8).

<b>BUGS</b>
       The <a href="postscreen.8.html"><b>postscreen</b>(8)</a> built-in SMTP protocol engine  currently
       does  not  announce support for AUTH, XCLIENT or XFORWARD.
       Support for AUTH may be added in the future.  In the  mean
       time, if you need to make these services available on port
       25, then do not enable  the  optional  "after  220  server
       greeting" tests, and do not use DNSBLs that reject traffic
       from dial-up and residential networks.

       The optional "after 220  server  greeting"  tests  involve
       <a href="postscreen.8.html"><b>postscreen</b>(8)</a>'s  built-in SMTP protocol engine. When these
       tests succeed, <a href="postscreen.8.html"><b>postscreen</b>(8)</a> adds the client to the tempo-
       rary  whitelist but it cannot not hand off the "live" con-
       nection to a Postfix SMTP server process in the middle  of
       a  session.   Instead,  <a href="postscreen.8.html"><b>postscreen</b>(8)</a>  defers  attempts to
       deliver mail with a 4XX status, and waits for  the  client
       to  disconnect.   The next time a good client connects, it
       will be allowed to talk to a Postfix SMTP  server  process
       to  deliver  mail.  <a href="postscreen.8.html"><b>postscreen</b>(8)</a>  mitigates the impact of
       this limitation by giving such  tests  a  long  expiration
       time.

<b>CONFIGURATION PARAMETERS</b>
       Changes  to  <a href="postconf.5.html">main.cf</a>  are  not picked up automatically, as
       <a href="postscreen.8.html"><b>postscreen</b>(8)</a> processes may run for  several  hours.   Use
       the command "postfix reload" after a configuration change.

       The text below provides  only  a  parameter  summary.  See
       <a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including examples.

       NOTE:  Some  <a href="postscreen.8.html"><b>postscreen</b>(8)</a>  parameters  implement  stress-
       dependent behavior.   This  is  supported  only  when  the
       default  parameter  value is stress-dependent (that is, it
       looks like ${stress?X}${stress:Y}, or it is the  $<i>name</i>  of
       an  smtpd  parameter  with  a  stress-dependent  default).
       Other parameters always evaluate as if the <b>stress</b>  parame-
       ter value is the empty string.

<b>COMPATIBILITY CONTROLS</b>
       <b><a href="postconf.5.html#postscreen_command_filter">postscreen_command_filter</a> ($<a href="postconf.5.html#smtpd_command_filter">smtpd_command_filter</a>)</b>
              A  mechanism to transform commands from remote SMTP
              clients.

       <b><a href="postconf.5.html#postscreen_discard_ehlo_keyword_address_maps">postscreen_discard_ehlo_keyword_address_maps</a>  ($<a href="postconf.5.html#smtpd_discard_ehlo_keyword_address_maps">smtpd_dis</a>-</b>
       <b><a href="postconf.5.html#smtpd_discard_ehlo_keyword_address_maps">card_ehlo_keyword_address_maps</a>)</b>
              Lookup tables, indexed by the  remote  SMTP  client
              address,  with  case insensitive lists of EHLO key-
              words (pipelining, starttls, auth, etc.)  that  the
              <a href="postscreen.8.html"><b>postscreen</b>(8)</a>  server  will  not  send  in the EHLO
              response to a remote SMTP client.

       <b><a href="postconf.5.html#postscreen_discard_ehlo_keywords">postscreen_discard_ehlo_keywords</a> ($<a href="postconf.5.html#smtpd_discard_ehlo_keywords">smtpd_discard_ehlo_key</a>-</b>
       <b><a href="postconf.5.html#smtpd_discard_ehlo_keywords">words</a>)</b>
              A case insensitive list of EHLO keywords  (pipelin-
              ing,  starttls,  auth, etc.) that the <a href="postscreen.8.html"><b>postscreen</b>(8)</a>
              server will not send in  the  EHLO  response  to  a
              remote SMTP client.

<b>TROUBLE SHOOTING CONTROLS</b>
       <b><a href="postconf.5.html#postscreen_expansion_filter">postscreen_expansion_filter</a> (see 'postconf -d' output)</b>
              List   of   characters   that   are   permitted  in
              <a href="postconf.5.html#postscreen_reject_footer">postscreen_reject_footer</a> attribute expansions.

       <b><a href="postconf.5.html#postscreen_reject_footer">postscreen_reject_footer</a> ($<a href="postconf.5.html#smtpd_reject_footer">smtpd_reject_footer</a>)</b>
              Optional information that is appended after  a  4XX
              or 5XX server response.

       <b><a href="postconf.5.html#soft_bounce">soft_bounce</a> (no)</b>
              Safety net to keep mail queued that would otherwise
              be returned to the sender.

<b>PERMANENT WHITE/BLACKLIST TEST</b>
       This test is executed  immediately  after  a  remote  SMTP
       client  connects.  If a client is permanently whitelisted,
       the client will be handed off  immediately  to  a  Postfix
       SMTP server process.

       <b><a href="postconf.5.html#postscreen_access_list">postscreen_access_list</a> (<a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>)</b>
              Permanent white/blacklist for remote SMTP client IP
              addresses.

       <b><a href="postconf.5.html#postscreen_blacklist_action">postscreen_blacklist_action</a> (ignore)</b>
              The action that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes  when  an  SMTP
              client   is   permanently   blacklisted   with  the
              <a href="postconf.5.html#postscreen_access_list">postscreen_access_list</a> parameter.

<b>MAIL EXCHANGER POLICY TESTS</b>
       When a remote SMTP client is not on the  permanent  access
       list,  <a href="postscreen.8.html"><b>postscreen</b>(8)</a>  can  implement a number of whitelist
       tests before it grants the client  a  temporary  whitelist
       status to talk to a Postfix SMTP server process.

       By  listening  on  both  primary  and backup MX addresses,
       <a href="postscreen.8.html"><b>postscreen</b>(8)</a> can deny the temporary whitelist  status  to
       clients that connect only to backup MX hosts.

       <b><a href="postconf.5.html#postscreen_whitelist_interfaces">postscreen_whitelist_interfaces</a> (<a href="DATABASE_README.html#types">static</a>:all)</b>
              A  list  of local <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server IP addresses
              where a  non-whitelisted  SMTP  client  can  obtain
              <a href="postscreen.8.html"><b>postscreen</b>(8)</a>'s  temporary whitelist status to talk
              to a Postfix SMTP server process.

<b>BEFORE-GREETING TESTS</b>
       These tests are executed before  the  remote  SMTP  client
       receives the "220 servername" greeting. If no tests remain
       after the successful completion of this phase, the  client
       will  be  handed  off immediately to a Postfix SMTP server
       process.

       <b><a href="postconf.5.html#dnsblog_service_name">dnsblog_service_name</a> (dnsblog)</b>
              The name of the <a href="dnsblog.8.html"><b>dnsblog</b>(8)</a> service  entry  in  mas-
              ter.cf.

       <b><a href="postconf.5.html#postscreen_dnsbl_action">postscreen_dnsbl_action</a> (ignore)</b>
              The  action  that  <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when an SMTP
              client's  combined  DNSBL  score  is  equal  to  or
              greater  than  a  threshold  (as  defined  with the
              <a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> and <a href="postconf.5.html#postscreen_dnsbl_threshold">postscreen_dnsbl_thresh</a>-
              <a href="postconf.5.html#postscreen_dnsbl_threshold">old</a> parameters).

       <b><a href="postconf.5.html#postscreen_dnsbl_reply_map">postscreen_dnsbl_reply_map</a> (empty)</b>
              A  mapping  from  actual  DNSBL  domain  name which
              includes a secret password,  to  the  DNSBL  domain
              name  that  postscreen  will  reply  with  when  it
              rejects mail.

       <b><a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> (empty)</b>
              Optional list of DNS white/blacklist domains,  fil-
              ters and weight factors.

       <b><a href="postconf.5.html#postscreen_dnsbl_threshold">postscreen_dnsbl_threshold</a> (1)</b>
              The  inclusive  lower  bound  for  blocking an SMTP
              client,  based  on  its  combined  DNSBL  score  as
              defined  with the <a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> parameter.

       <b><a href="postconf.5.html#postscreen_greet_action">postscreen_greet_action</a> (ignore)</b>
              The action that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes  when  an  SMTP
              client speaks before its turn within the time spec-
              ified with the <a href="postconf.5.html#postscreen_greet_wait">postscreen_greet_wait</a> parameter.

       <b><a href="postconf.5.html#postscreen_greet_banner">postscreen_greet_banner</a> ($<a href="postconf.5.html#smtpd_banner">smtpd_banner</a>)</b>
              The  <i>text</i>  in  the  optional  "220-<i>text</i>..."  server
              response that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> sends ahead of the real
              Postfix SMTP server's "220 text..." response, in an
              attempt  to  confuse  bad SMTP clients so that they
              speak before their turn (pre-greet).

       <b><a href="postconf.5.html#postscreen_greet_wait">postscreen_greet_wait</a> (${stress?2}${stress:6}s)</b>
              The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will wait for
              an  SMTP  client to send a command before its turn,
              and for DNS  blocklist  lookup  results  to  arrive
              (default:  up  to  2  seconds under stress, up to 6
              seconds otherwise).

       <b><a href="postconf.5.html#smtpd_service_name">smtpd_service_name</a> (smtpd)</b>
              The internal service that <a href="postscreen.8.html"><b>postscreen</b>(8)</a>  hands  off
              allowed connections to.

<b>AFTER-GREETING TESTS</b>
       These  tests  are  executed  after  the remote SMTP client
       receives the "220 servername" greeting. If a client passes
       all  tests  during  this  phase,  it  will  receive  a 4XX
       response to RCPT TO commands until the  client  hangs  up.
       After this, the client will be allowed to talk directly to
       a Postfix SMTP server process.

       <b><a href="postconf.5.html#postscreen_bare_newline_action">postscreen_bare_newline_action</a> (ignore)</b>
              The action that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes  when  an  SMTP
              client  sends  a bare newline character, that is, a
              newline not preceded by carriage return.

       <b><a href="postconf.5.html#postscreen_bare_newline_enable">postscreen_bare_newline_enable</a> (no)</b>
              Enable "bare newline" SMTP protocol  tests  in  the
              <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server.

       <b><a href="postconf.5.html#postscreen_disable_vrfy_command">postscreen_disable_vrfy_command</a> ($<a href="postconf.5.html#disable_vrfy_command">disable_vrfy_command</a>)</b>
              Disable  the SMTP VRFY command in the <a href="postscreen.8.html"><b>postscreen</b>(8)</a>
              daemon.

       <b><a href="postconf.5.html#postscreen_forbidden_commands">postscreen_forbidden_commands</a> ($<a href="postconf.5.html#smtpd_forbidden_commands">smtpd_forbidden_commands</a>)</b>
              List of commands that the <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server con-
              siders in violation of the SMTP protocol.

       <b><a href="postconf.5.html#postscreen_helo_required">postscreen_helo_required</a> ($<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a>)</b>
              Require  that  a  remote  SMTP client sends HELO or
              EHLO before commencing a MAIL transaction.

       <b><a href="postconf.5.html#postscreen_non_smtp_command_action">postscreen_non_smtp_command_action</a> (drop)</b>
              The action that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes  when  an  SMTP
              client  sends  non-SMTP  commands as specified with
              the <a href="postconf.5.html#postscreen_forbidden_commands">postscreen_forbidden_commands</a> parameter.

       <b><a href="postconf.5.html#postscreen_non_smtp_command_enable">postscreen_non_smtp_command_enable</a> (no)</b>
              Enable   "non-SMTP   command"    tests    in    the
              <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server.

       <b><a href="postconf.5.html#postscreen_pipelining_action">postscreen_pipelining_action</a> (enforce)</b>
              The  action  that  <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when an SMTP
              client sends multiple commands instead  of  sending
              one  command and waiting for the server to respond.

       <b><a href="postconf.5.html#postscreen_pipelining_enable">postscreen_pipelining_enable</a> (no)</b>
              Enable "pipelining"  SMTP  protocol  tests  in  the
              <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server.

<b>CACHE CONTROLS</b>
       <b><a href="postconf.5.html#postscreen_cache_cleanup_interval">postscreen_cache_cleanup_interval</a> (12h)</b>
              The  amount  of  time  between  <a href="postscreen.8.html"><b>postscreen</b>(8)</a> cache
              cleanup runs.

       <b><a href="postconf.5.html#postscreen_cache_map">postscreen_cache_map</a>                   (btree:$data_direc-</b>
       <b>tory/postscreen_cache)</b>
              Persistent storage  for  the  <a href="postscreen.8.html"><b>postscreen</b>(8)</a>  server
              decisions.

       <b><a href="postconf.5.html#postscreen_cache_retention_time">postscreen_cache_retention_time</a> (7d)</b>
              The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will cache an
              expired temporary  whitelist  entry  before  it  is
              removed.

       <b><a href="postconf.5.html#postscreen_bare_newline_ttl">postscreen_bare_newline_ttl</a> (30d)</b>
              The  amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use the
              result from a successful "bare newline" SMTP proto-
              col test.

       <b><a href="postconf.5.html#postscreen_dnsbl_ttl">postscreen_dnsbl_ttl</a> (1h)</b>
              The  amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use the
              result from a successful DNS blocklist test.

       <b><a href="postconf.5.html#postscreen_greet_ttl">postscreen_greet_ttl</a> (1d)</b>
              The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use  the
              result from a successful PREGREET test.

       <b><a href="postconf.5.html#postscreen_non_smtp_command_ttl">postscreen_non_smtp_command_ttl</a> (30d)</b>
              The  amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use the
              result from a  successful  "non_smtp_command"  SMTP
              protocol test.

       <b><a href="postconf.5.html#postscreen_pipelining_ttl">postscreen_pipelining_ttl</a> (30d)</b>
              The  amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use the
              result from a successful "pipelining" SMTP protocol
              test.

<b>RESOURCE CONTROLS</b>
       <b><a href="postconf.5.html#line_length_limit">line_length_limit</a> (2048)</b>
              Upon  input,  long lines are chopped up into pieces
              of at most this length; upon delivery,  long  lines
              are reconstructed.

       <b><a href="postconf.5.html#postscreen_client_connection_count_limit">postscreen_client_connection_count_limit</a></b>
       <b>($<a href="postconf.5.html#smtpd_client_connection_count_limit">smtpd_client_connection_count_limit</a>)</b>
              How  many  simultaneous  connections  any client is
              allowed to have with the <a href="postscreen.8.html"><b>postscreen</b>(8)</a> daemon.

       <b><a href="postconf.5.html#postscreen_command_count_limit">postscreen_command_count_limit</a> (20)</b>
              The limit on the total number of commands per  SMTP
              session  for <a href="postscreen.8.html"><b>postscreen</b>(8)</a>'s built-in SMTP protocol
              engine.

       <b><a href="postconf.5.html#postscreen_command_time_limit">postscreen_command_time_limit</a> (${stress?10}${stress:300}s)</b>
              The time limit to read an entire command line  with
              <a href="postscreen.8.html"><b>postscreen</b>(8)</a>'s built-in SMTP protocol engine.

       <b><a href="postconf.5.html#postscreen_post_queue_limit">postscreen_post_queue_limit</a> ($<a href="postconf.5.html#default_process_limit">default_process_limit</a>)</b>
              The  number of clients that can be waiting for ser-
              vice from a real SMTP server process.

       <b><a href="postconf.5.html#postscreen_pre_queue_limit">postscreen_pre_queue_limit</a> ($<a href="postconf.5.html#default_process_limit">default_process_limit</a>)</b>
              The number of non-whitelisted clients that  can  be
              waiting  for  a  decision whether they will receive
              service from a real SMTP server process.

       <b><a href="postconf.5.html#postscreen_watchdog_timeout">postscreen_watchdog_timeout</a> (10s)</b>
              How much time a <a href="postscreen.8.html"><b>postscreen</b>(8)</a> process may  take  to
              respond  to  an SMTP client command or to perform a
              cache operation before it is terminated by a built-
              in watchdog timer.

<b>STARTTLS CONTROLS</b>
       <b><a href="postconf.5.html#postscreen_tls_security_level">postscreen_tls_security_level</a> ($<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a>)</b>
              The  SMTP  TLS security level for the <a href="postscreen.8.html"><b>postscreen</b>(8)</a>
              server; when a non-empty value is  specified,  this
              overrides       the       obsolete       parameters
              <a href="postconf.5.html#postscreen_use_tls">postscreen_use_tls</a> and <a href="postconf.5.html#postscreen_enforce_tls">postscreen_enforce_tls</a>.

       <b><a href="postconf.5.html#tlsproxy_service_name">tlsproxy_service_name</a> (tlsproxy)</b>
              The name of the <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> service entry  in  mas-
              ter.cf.

<b>OBSOLETE STARTTLS SUPPORT CONTROLS</b>
       These  parameters  are  supported  for  compatibility with
       <a href="smtpd.8.html"><b>smtpd</b>(8)</a> legacy parameters.

       <b><a href="postconf.5.html#postscreen_use_tls">postscreen_use_tls</a> ($<a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a>)</b>
              Opportunistic TLS:  announce  STARTTLS  support  to
              SMTP  clients,  but do not require that clients use
              TLS encryption.

       <b><a href="postconf.5.html#postscreen_enforce_tls">postscreen_enforce_tls</a> ($<a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a>)</b>
              Mandatory TLS: announce STARTTLS  support  to  SMTP
              clients,  and  require that clients use TLS encryp-
              tion.

<b>MISCELLANEOUS CONTROLS</b>
       <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
              The default location of  the  Postfix  <a href="postconf.5.html">main.cf</a>  and
              <a href="master.5.html">master.cf</a> configuration files.

       <b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
              The  maximal  number  of  digits  after the decimal
              point when logging sub-second delay values.

       <b><a href="postconf.5.html#command_directory">command_directory</a> (see 'postconf -d' output)</b>
              The location of  all  postfix  administrative  com-
              mands.

       <b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
              The  maximum  amount  of  time that an idle Postfix
              daemon process waits  for  an  incoming  connection
              before terminating voluntarily.

       <b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
              The  process  ID  of  a  Postfix  command or daemon
              process.

       <b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
              The process name of a  Postfix  command  or  daemon
              process.

       <b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
              The syslog facility of Postfix logging.

       <b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
              The  mail  system  name  that  is  prepended to the
              process name in syslog  records,  so  that  "smtpd"
              becomes, for example, "postfix/smtpd".

<b>SEE ALSO</b>
       <a href="smtpd.8.html">smtpd(8)</a>, Postfix SMTP server
       <a href="tlsproxy.8.html">tlsproxy(8)</a>, Postfix TLS proxy server
       <a href="dnsblog.8.html">dnsblog(8)</a>, DNS black/whitelist logger
       syslogd(8), system logging

<b>README FILES</b>
       <a href="POSTSCREEN_README.html">POSTSCREEN_README</a>, Postfix Postscreen Howto

<b>LICENSE</b>
       The Secure Mailer license must be  distributed  with  this
       software.

<b>HISTORY</b>
       This service was introduced with Postfix version 2.8.

       Many  ideas in <a href="postscreen.8.html"><b>postscreen</b>(8)</a> were explored in earlier work
       by Michael Tokarev, in OpenBSD spamd, and in  MailChannels
       Traffic Control.

<b>AUTHOR(S)</b>
       Wietse Venema
       IBM T.J. Watson Research
       P.O. Box 704
       Yorktown Heights, NY 10598, USA

                                                                 POSTSCREEN(8)
</pre> </body> </html>