mirror of
https://github.com/Stichting-MINIX-Research-Foundation/netbsd.git
synced 2025-09-06 13:48:27 -04:00
234 lines
12 KiB
HTML
234 lines
12 KiB
HTML
<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
|
|
"http://www.w3.org/TR/html4/loose.dtd">
|
|
<html> <head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
|
|
<title> Postfix manual - verify(8) </title>
|
|
</head> <body> <pre>
|
|
VERIFY(8) VERIFY(8)
|
|
|
|
<b>NAME</b>
|
|
verify - Postfix address verification server
|
|
|
|
<b>SYNOPSIS</b>
|
|
<b>verify</b> [generic Postfix daemon options]
|
|
|
|
<b>DESCRIPTION</b>
|
|
The <a href="verify.8.html"><b>verify</b>(8)</a> address verification server maintains a
|
|
record of what recipient addresses are known to be deliv-
|
|
erable or undeliverable.
|
|
|
|
Addresses are verified by injecting probe messages into
|
|
the Postfix queue. Probe messages are run through all the
|
|
routing and rewriting machinery except for final delivery,
|
|
and are discarded rather than being deferred or bounced.
|
|
|
|
Address verification relies on the answer from the nearest
|
|
MTA for the specified address, and will therefore not
|
|
detect all undeliverable addresses.
|
|
|
|
The <a href="verify.8.html"><b>verify</b>(8)</a> server is designed to run under control by
|
|
the Postfix master server. It maintains an optional per-
|
|
sistent database. To avoid being interrupted by "postfix
|
|
stop" in the middle of a database update, the process runs
|
|
in a separate process group.
|
|
|
|
The <a href="verify.8.html"><b>verify</b>(8)</a> server implements the following requests:
|
|
|
|
<b>update</b> <i>address status text</i>
|
|
Update the status and text of the specified
|
|
address.
|
|
|
|
<b>query</b> <i>address</i>
|
|
Look up the <i>status</i> and <i>text</i> for the specified
|
|
<i>address</i>. If the status is unknown, a probe is sent
|
|
and an "in progress" status is returned.
|
|
|
|
<b>SECURITY</b>
|
|
The address verification server is not security-sensitive.
|
|
It does not talk to the network, and it does not talk to
|
|
local users. The verify server can run chrooted at fixed
|
|
low privilege.
|
|
|
|
The address verification server can be coerced to store
|
|
unlimited amounts of garbage. Limiting the cache expiry
|
|
time trades one problem (disk space exhaustion) for
|
|
another one (poor response time to client requests).
|
|
|
|
With Postfix version 2.5 and later, the <a href="verify.8.html"><b>verify</b>(8)</a> server
|
|
no longer uses root privileges when opening the
|
|
<b><a href="postconf.5.html#address_verify_map">address_verify_map</a></b> cache file. The file should now be
|
|
stored under the Postfix-owned <b><a href="postconf.5.html#data_directory">data_directory</a></b>. As a
|
|
migration aid, an attempt to open a cache file under a
|
|
non-Postfix directory is redirected to the Postfix-owned
|
|
<b><a href="postconf.5.html#data_directory">data_directory</a></b>, and a warning is logged.
|
|
|
|
<b>DIAGNOSTICS</b>
|
|
Problems and transactions are logged to <b>syslogd</b>(8).
|
|
|
|
<b>BUGS</b>
|
|
Address verification probe messages add additional traffic
|
|
to the mail queue. Recipient verification may cause an
|
|
increased load on down-stream servers in the case of a
|
|
dictionary attack or a flood of backscatter bounces.
|
|
Sender address verification may cause your site to be
|
|
blacklisted by some providers.
|
|
|
|
If the persistent database ever gets corrupted then the
|
|
world comes to an end and human intervention is needed.
|
|
This violates a basic Postfix principle.
|
|
|
|
<b>CONFIGURATION PARAMETERS</b>
|
|
Changes to <a href="postconf.5.html"><b>main.cf</b></a> are not picked up automatically, as
|
|
<a href="verify.8.html"><b>verify</b>(8)</a> processes are long-lived. Use the command "<b>post-</b>
|
|
<b>fix reload</b>" after a configuration change.
|
|
|
|
The text below provides only a parameter summary. See
|
|
<a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including examples.
|
|
|
|
<b>PROBE MESSAGE CONTROLS</b>
|
|
<b><a href="postconf.5.html#address_verify_sender">address_verify_sender</a> ($<a href="postconf.5.html#double_bounce_sender">double_bounce_sender</a>)</b>
|
|
The sender address to use in address verification
|
|
probes; prior to Postfix 2.5 the default was "post-
|
|
master".
|
|
|
|
Available with Postfix 2.9 and later:
|
|
|
|
<b><a href="postconf.5.html#address_verify_sender_ttl">address_verify_sender_ttl</a> (0s)</b>
|
|
The time between changes in the time-dependent por-
|
|
tion of address verification probe sender
|
|
addresses.
|
|
|
|
<b>CACHE CONTROLS</b>
|
|
<b><a href="postconf.5.html#address_verify_map">address_verify_map</a> (see 'postconf -d' output)</b>
|
|
Lookup table for persistent address verification
|
|
status storage.
|
|
|
|
<b><a href="postconf.5.html#address_verify_positive_expire_time">address_verify_positive_expire_time</a> (31d)</b>
|
|
The time after which a successful probe expires
|
|
from the address verification cache.
|
|
|
|
<b><a href="postconf.5.html#address_verify_positive_refresh_time">address_verify_positive_refresh_time</a> (7d)</b>
|
|
The time after which a successful address verifica-
|
|
tion probe needs to be refreshed.
|
|
|
|
<b><a href="postconf.5.html#address_verify_negative_cache">address_verify_negative_cache</a> (yes)</b>
|
|
Enable caching of failed address verification probe
|
|
results.
|
|
|
|
<b><a href="postconf.5.html#address_verify_negative_expire_time">address_verify_negative_expire_time</a> (3d)</b>
|
|
The time after which a failed probe expires from
|
|
the address verification cache.
|
|
|
|
<b><a href="postconf.5.html#address_verify_negative_refresh_time">address_verify_negative_refresh_time</a> (3h)</b>
|
|
The time after which a failed address verification
|
|
probe needs to be refreshed.
|
|
|
|
Available with Postfix 2.7 and later:
|
|
|
|
<b><a href="postconf.5.html#address_verify_cache_cleanup_interval">address_verify_cache_cleanup_interval</a> (12h)</b>
|
|
The amount of time between <a href="verify.8.html"><b>verify</b>(8)</a> address veri-
|
|
fication database cleanup runs.
|
|
|
|
<b>PROBE MESSAGE ROUTING CONTROLS</b>
|
|
By default, probe messages are delivered via the same
|
|
route as regular messages. The following parameters can
|
|
be used to override specific message routing mechanisms.
|
|
|
|
<b><a href="postconf.5.html#address_verify_relayhost">address_verify_relayhost</a> ($<a href="postconf.5.html#relayhost">relayhost</a>)</b>
|
|
Overrides the <a href="postconf.5.html#relayhost">relayhost</a> parameter setting for
|
|
address verification probes.
|
|
|
|
<b><a href="postconf.5.html#address_verify_transport_maps">address_verify_transport_maps</a> ($<a href="postconf.5.html#transport_maps">transport_maps</a>)</b>
|
|
Overrides the <a href="postconf.5.html#transport_maps">transport_maps</a> parameter setting for
|
|
address verification probes.
|
|
|
|
<b><a href="postconf.5.html#address_verify_local_transport">address_verify_local_transport</a> ($<a href="postconf.5.html#local_transport">local_transport</a>)</b>
|
|
Overrides the <a href="postconf.5.html#local_transport">local_transport</a> parameter setting for
|
|
address verification probes.
|
|
|
|
<b><a href="postconf.5.html#address_verify_virtual_transport">address_verify_virtual_transport</a> ($<a href="postconf.5.html#virtual_transport">virtual_transport</a>)</b>
|
|
Overrides the <a href="postconf.5.html#virtual_transport">virtual_transport</a> parameter setting
|
|
for address verification probes.
|
|
|
|
<b><a href="postconf.5.html#address_verify_relay_transport">address_verify_relay_transport</a> ($<a href="postconf.5.html#relay_transport">relay_transport</a>)</b>
|
|
Overrides the <a href="postconf.5.html#relay_transport">relay_transport</a> parameter setting for
|
|
address verification probes.
|
|
|
|
<b><a href="postconf.5.html#address_verify_default_transport">address_verify_default_transport</a> ($<a href="postconf.5.html#default_transport">default_transport</a>)</b>
|
|
Overrides the <a href="postconf.5.html#default_transport">default_transport</a> parameter setting
|
|
for address verification probes.
|
|
|
|
Available in Postfix 2.3 and later:
|
|
|
|
<b><a href="postconf.5.html#address_verify_sender_dependent_relayhost_maps">address_verify_sender_dependent_relayhost_maps</a></b>
|
|
<b>($<a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a>)</b>
|
|
Overrides the <a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a>
|
|
parameter setting for address verification probes.
|
|
|
|
Available in Postfix 2.7 and later:
|
|
|
|
<b><a href="postconf.5.html#address_verify_sender_dependent_default_transport_maps">address_verify_sender_dependent_default_transport_maps</a></b>
|
|
<b>($<a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a>)</b>
|
|
Overrides the <a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_trans</a>-
|
|
<a href="postconf.5.html#sender_dependent_default_transport_maps">port_maps</a> parameter setting for address verifica-
|
|
tion probes.
|
|
|
|
<b>MISCELLANEOUS CONTROLS</b>
|
|
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
|
|
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
|
|
<a href="master.5.html">master.cf</a> configuration files.
|
|
|
|
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
|
|
How much time a Postfix daemon process may take to
|
|
handle a request before it is terminated by a
|
|
built-in watchdog timer.
|
|
|
|
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
|
|
The time limit for sending or receiving information
|
|
over an internal communication channel.
|
|
|
|
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
|
|
The process ID of a Postfix command or daemon
|
|
process.
|
|
|
|
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
|
|
The process name of a Postfix command or daemon
|
|
process.
|
|
|
|
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
|
|
The location of the Postfix top-level queue direc-
|
|
tory.
|
|
|
|
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
|
|
The syslog facility of Postfix logging.
|
|
|
|
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
|
|
The mail system name that is prepended to the
|
|
process name in syslog records, so that "smtpd"
|
|
becomes, for example, "postfix/smtpd".
|
|
|
|
<b>SEE ALSO</b>
|
|
<a href="smtpd.8.html">smtpd(8)</a>, Postfix SMTP server
|
|
<a href="cleanup.8.html">cleanup(8)</a>, enqueue Postfix message
|
|
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
|
|
syslogd(5), system logging
|
|
|
|
<b>README FILES</b>
|
|
<a href="ADDRESS_VERIFICATION_README.html">ADDRESS_VERIFICATION_README</a>, address verification howto
|
|
|
|
<b>LICENSE</b>
|
|
The Secure Mailer license must be distributed with this
|
|
software.
|
|
|
|
<b>HISTORY</b>
|
|
This service was introduced with Postfix version 2.1.
|
|
|
|
<b>AUTHOR(S)</b>
|
|
Wietse Venema
|
|
IBM T.J. Watson Research
|
|
P.O. Box 704
|
|
Yorktown Heights, NY 10598, USA
|
|
|
|
VERIFY(8)
|
|
</pre> </body> </html>
|