|
NAMEverify - Postfix address verification serverSYNOPSISverify [generic Postfix daemon options] DESCRIPTIONThe verify(8) address verification server maintains a record of what recipient addresses are known to be deliverable or undeliverable. Addresses are verified by injecting probe messages into the Postfix queue. Probe messages are run through all the routing and rewriting machinery except for final delivery, and are discarded rather than being deferred or bounced. Address verification relies on the answer from the nearest MTA for the specified address, and will therefore not detect all undeliverable addresses. The verify(8) server is designed to run under control by the Postfix master server. It maintains an optional persistent database. To avoid being interrupted by "postfix stop" in the middle of a database update, the process runs in a separate process group. The verify(8) server implements the following requests:
SECURITYThe address verification server is not security-sensitive. It does not talk to the network, and it does not talk to local users. The verify server can run chrooted at fixed low privilege. The address verification server can be coerced to store unlimited amounts of garbage. Limiting the cache expiry time trades one problem (disk space exhaustion) for another one (poor response time to client requests). With Postfix version 2.5 and later, the verify(8) server no longer uses root privileges when opening the address_verify_map cache file. The file should now be stored under the Postfix-owned data_directory. As a migration aid, an attempt to open a cache file under a non-Postfix directory is redirected to the Postfix-owned data_directory, and a warning is logged. DIAGNOSTICSProblems and transactions are logged to syslogd(8) or postlogd(8). BUGSAddress verification probe messages add additional traffic to the mail queue. Recipient verification may cause an increased load on down-stream servers in the case of a dictionary attack or a flood of backscatter bounces. Sender address verification may cause your site to be denylisted by some providers. If the persistent database ever gets corrupted then the world comes to an end and human intervention is needed. This violates a basic Postfix principle. CONFIGURATION PARAMETERSChanges to main.cf are not picked up automatically, as verify(8) processes are long-lived. Use the command "postfix reload" after a configuration change. The text below provides only a parameter summary. See postconf(5) for more details including examples. PROBE MESSAGE CONTROLS
Available with Postfix 2.9 and later:
CACHE CONTROLS
Available with Postfix 2.7 and later:
PROBE MESSAGE ROUTING CONTROLSBy default, probe messages are delivered via the same route as regular messages. The following parameters can be used to override specific message routing mechanisms.
Available in Postfix 2.3 and later:
Available in Postfix 2.7 and later:
SMTPUTF8 CONTROLSPreliminary SMTPUTF8 support is introduced with Postfix 3.0.
Available in Postfix version 3.2 and later:
MISCELLANEOUS CONTROLS
Available in Postfix 3.3 and later:
SEE ALSOsmtpd(8), Postfix SMTP server cleanup(8), enqueue Postfix message postconf(5), configuration parameters postlogd(8), Postfix logging syslogd(8), system logging README FILESUse "postconf readme_directory" or "postconf html_directory" to locate this information. ADDRESS_VERIFICATION_README, address verification howto LICENSEThe Secure Mailer license must be distributed with this software. HISTORYThis service was introduced with Postfix version 2.1. AUTHOR(S)Wietse Venema IBM T.J. Watson Research P.O. Box 704 Yorktown Heights, NY 10598, USA Wietse Venema Google, Inc. 111 8th Avenue New York, NY 10011, USA Visit the GSP FreeBSD Man Page Interface. |