Skip to content

REFERENCE.md

Latest commit

 

History

History
1247 lines (847 loc) · 47.4 KB

REFERENCE.md

File metadata and controls

1247 lines (847 loc) · 47.4 KB

Reference

Table of Contents

Classes

  • postfix: Manage Postfix to relay mail

Data types

Classes

postfix

Manage Postfix to relay mail

Parameters

The following parameters are available in the postfix class:

canonical_custom

Data type: Array

Array of custom line that should be added to the canonical map. These lines will be printed before the content of $canonical_maps.

Default value: []

canonical_db_type

Data type: String[1]

String of the database type that should be used for the canonical database. See https://www.postfix.org/DATABASE_README.html for more information about the possible database types.

Default value: 'hash'

canonical_maps_external

Data type: Boolean

Use a non-puppet managed source for the $canonical_maps parameter, for example nis: or ldap:. This parameter will cause the value of $main_canonical_maps to be added despite the canonical_maps parameter beeing undefined.

Default value: false

canonical_maps

Data type: Hash

Hash of entries to add to canonical maps file defined by $main_canonical_maps.

Default value: {}

main_alias_database

Data type: Optional[String[1]]

The alias databases for local(8) delivery that are updated with "newaliases" or with "sendmail -bi".

Default value: undef

main_alias_maps

Data type: Optional[String[1]]

The alias databases that are used for local(8) delivery. See aliases(5) for syntax details. The default list is system dependent. On systems with NIS, the default is to search the local alias database, then the NIS alias database. If you change the alias database, run "postalias /etc/aliases" (or wherever your system stores the mail alias file), or simply run "newaliases" to build the necessary DBM or DB file.

Default value: undef

main_append_dot_mydomain

Data type: Optional[Enum['yes', 'no']]

With locally submitted mail, append the string ".$mydomain" to addresses that have no ".domain" information. With remotely submitted mail, append the string ".$remote_header_rewrite_domain" instead. Note: this feature is enabled by default. If disabled, users will not be able to send mail to "user@partialdomainname" but will have to specify full domain names instead.

Default value: undef

main_biff

Data type: Optional[Enum['yes', 'no']]

Whether or not to use the local biff service. This service sends "new mail" notifications to users who have requested new mail notification with the UNIX command "biff y". For compatibility reasons this feature is on by default. On systems with lots of interactive users, the biff service can be a performance drain. Specify "biff = no" in main.cf to disable.

Default value: undef

main_canonical_maps

Data type: Stdlib::Absolutepath

Optional address mapping lookup tables for message headers and envelopes. The mapping is applied to both sender and recipient addresses, in both envelopes and in headers, as controlled with the canonical_classes parameter. This is typically used to clean up dirty addresses from legacy mail systems, or to replace login names by Firstname.Lastname. The table format and lookups are documented in canonical(5). For an overview of Postfix address manipulations see the ADDRESS_REWRITING_README document. Specify zero or more "type:name" lookup tables, separated by whitespace or comma. Tables will be searched in the specified order until a match is found. Note: these lookups are recursive.

Default value: '/etc/postfix/canonical'

main_command_directory

Data type: Optional[Stdlib::Absolutepath]

The location of all postfix administrative commands.

Default value: undef

main_compatibility_level

Data type: Optional[String[1]]

A safety net that causes Postfix to run with backwards-compatible default settings after an upgrade to a newer Postfix version. With backwards compatibility turned on (the main.cf compatibility_level value is less than the Postfix built-in value), Postfix looks for settings that are left at their implicit default value, and logs a message when a backwards-compatible default setting is required.

Default value: undef

main_custom

Data type: Hash

Hash of custom parameters and values to be added to Postfix configuration file main.cf. Each key-value pair will add one line in the given order. Example: {'param' => 'value'} will add this line to main.cf: param = value Multiline parameters can be added by using an array for the values. {'param' => ['value1', 'value2']} will add these lines to main.cf:

    value1
    value2```

Default value: `{}`

##### <a name="-postfix--main_daemon_directory"></a>`main_daemon_directory`

Data type: `Optional[Stdlib::Absolutepath]`

The directory with Postfix support programs and daemon programs. These should
not be invoked directly by humans. The directory must be owned by root.

Default value: `undef`

##### <a name="-postfix--main_data_directory"></a>`main_data_directory`

Data type: `Optional[Stdlib::Absolutepath]`

The directory with Postfix-writable data files (for example: caches,
pseudo-random numbers). This directory must be owned by the mail_owner
account, and must not be shared with non-Postfix software. This feature
is available in Postfix 2.5 and later.

Default value: `undef`

##### <a name="-postfix--main_debugger_command"></a>`main_debugger_command`

Data type: `Optional[String[1]]`

The external command to execute when a Postfix daemon program is invoked with
the -D option.
Use "command .. & sleep 5" so that the debugger can attach before the process
marches on. If you use an X-based debugger, be sure to set up your XAUTHORITY
environment variable before starting Postfix.
Note: the command is subject to $name expansion, before it is passed to the
default command interpreter. Specify "$$" to produce a single "$" character.

Default value: `undef`

##### <a name="-postfix--main_debug_peer_level"></a>`main_debug_peer_level`

Data type: `Optional[String[1]]`

The increment in verbose logging level when a nexthop destination, remote
client or server name or network address matches a pattern given with the
debug_peer_list parameter.
Per-nexthop debug logging is available in Postfix 3.6 and later.

Default value: `undef`

##### <a name="-postfix--main_html_directory"></a>`main_html_directory`

Data type: `Optional[String[1]]`

The location of Postfix HTML files that describe how to build, configure
or operate a specific Postfix subsystem or feature.

Default value: `undef`

##### <a name="-postfix--main_inet_interfaces"></a>`main_inet_interfaces`

Data type: `Array[Postfix::Main_inet_interfaces]`

Array of network interface addresses that this mail system receives mail on.
Specify "all" to receive mail on all network interfaces (default), and
"loopback-only" to receive mail on loopback network interfaces only
(Postfix version 2.2 and later). The parameter also controls delivery
of mail to user@[ip.address].
Note 1: you need to stop and start Postfix when this parameter changes.
Note 2: address information may be enclosed inside [], but this form is
        not required here.
When inet_interfaces specifies just one IPv4 and/or IPv6 address that
is not a loopback address, the Postfix SMTP client will use this address
as the IP source address for outbound mail. Support for IPv6 is available
in Postfix version 2.2 and later.

Default value: `[]`

##### <a name="-postfix--main_inet_protocols"></a>`main_inet_protocols`

Data type: `Optional[String[1]]`

The Internet protocols Postfix will attempt to use when making or accepting
connections. Specify one or more of "ipv4" or "ipv6", separated by
whitespace or commas. The form "all" is equivalent to "ipv4, ipv6" or "ipv4",
depending on whether the operating system implements IPv6.
With Postfix 2.8 and earlier the default is "ipv4". For backwards
compatibility with these releases, the Postfix 2.9 and later upgrade
procedure appends an explicit "inet_protocols = ipv4" setting to main.cf
when no explicit setting is present. This compatibility workaround will be
phased out as IPv6 deployment becomes more common.

Default value: `undef`

##### <a name="-postfix--main_mailbox_command"></a>`main_mailbox_command`

Data type: `Optional[String[1]]`

Optional external command that the local(8) delivery agent should use for
mailbox delivery. The command is run with the user ID and the primary group
ID privileges of the recipient. Exception: command delivery for root
executes with $default_privs privileges. This is not a problem, because
1) mail for root should always be aliased to a real user and 2) do not log
in as root, use "su" instead.

Default value: `undef`

##### <a name="-postfix--main_mailbox_size_limit"></a>`main_mailbox_size_limit`

Data type: `Optional[Integer[0]]`

The maximal size of any local(8) individual mailbox or maildir file, or
zero (no limit). In fact, this limits the size of any file that is written
to upon local delivery, including files written by external commands that
are executed by the local(8) delivery agent.
Note: This limit must not be smaller than the message size limit.

Default value: `undef`

##### <a name="-postfix--main_mail_owner"></a>`main_mail_owner`

Data type: `Optional[String[1]]`

The UNIX system account that owns the Postfix queue and most Postfix daemon
processes. Specify the name of an unprivileged user account that does not
share a user or group ID with other accounts, and that owns no other files
or processes on the system. In particular, do not specify nobody or daemon.
PLEASE USE A DEDICATED USER ID AND GROUP ID.

When this parameter value is changed you need to re-run
"postfix set-permissions" (with Postfix version 2.0 and earlier:
"/etc/postfix/post-install set-permissions".

Default value: `undef`

##### <a name="-postfix--main_mailq_path"></a>`main_mailq_path`

Data type: `Optional[Stdlib::Absolutepath]`

Sendmail compatibility feature that specifies where the Postfix mailq(1)
command is installed. This command can be used to list the Postfix mail
queue.

Default value: `undef`

##### <a name="-postfix--main_manpage_directory"></a>`main_manpage_directory`

Data type: `Optional[Stdlib::Absolutepath]`

Where the Postfix manual pages are installed.

Default value: `undef`

##### <a name="-postfix--main_message_size_limit"></a>`main_message_size_limit`

Data type: `Optional[Integer[0]]`

The maximal size in bytes of a message, including envelope information. The
value cannot exceed LONG_MAX (typically, a 32-bit or 64-bit signed integer).

Default value: `undef`

##### <a name="-postfix--main_meta_directory"></a>`main_meta_directory`

Data type: `Optional[Stdlib::Absolutepath]`

The location of non-executable files that are shared among multiple Postfix
instances, such as postfix-files, dynamicmaps.cf, and the multi-instance
template files main.cf.proto and master.cf.proto. This directory should
contain only Postfix-related files. Typically, the meta_directory parameter
has the same default as the config_directory parameter (/etc/postfix or
/usr/local/etc/postfix).

Default value: `undef`

##### <a name="-postfix--main_mydestination"></a>`main_mydestination`

Data type: `Optional[String[1]]`

The list of domains that are delivered via the $local_transport mail
delivery transport. By default this is the Postfix local(8) delivery
agent which looks up all recipients in /etc/passwd and /etc/aliases.
The SMTP server validates recipient addresses with $local_recipient_maps
and rejects non-existent recipients. See also the local domain class in
the ADDRESS_CLASS_README file.
The default mydestination value specifies names for the local machine only.
On a mail domain gateway, you should also include $mydomain.

Default value: `undef`

##### <a name="-postfix--main_mydomain"></a>`main_mydomain`

Data type: `Optional[Stdlib::Host]`

The internet hostname of this mail system. The default is to use the
fully-qualified domain name (FQDN) from gethostname(), or to use the
non-FQDN result from gethostname() and append ".$mydomain". $myhostname is
used as a default value for many other configuration parameters.

Default value: `undef`

##### <a name="-postfix--main_myhostname"></a>`main_myhostname`

Data type: `Optional[Stdlib::Host]`

The internet hostname of this mail system. The default is to use the
fully-qualified domain name (FQDN) from gethostname(), or to use the
non-FQDN result from gethostname() and append ".$mydomain". $myhostname
is used as a default value for many other configuration parameters.

Default value: `undef`

##### <a name="-postfix--main_mynetworks"></a>`main_mynetworks`

Data type: `Array`

Array of the list of "trusted" remote SMTP clients that have more privileges
than "strangers". In particular, "trusted" SMTP clients are allowed to relay
mail through Postfix. Specify a list of network addresses or
network/netmask patterns, separated by commas and/or whitespace.

Default value: `[]`

##### <a name="-postfix--main_myorigin"></a>`main_myorigin`

Data type: `Optional[String[1]]`

The domain name that locally-posted mail appears to come from, and that
locally posted mail is delivered to. The default, $myhostname, is adequate
for small sites. If you run a domain with multiple machines, you should (1)
change this to $mydomain and (2) set up a domain-wide alias database that
aliases each user to user@that.users.mailhost.

Default value: `undef`

##### <a name="-postfix--main_newaliases_path"></a>`main_newaliases_path`

Data type: `Optional[Stdlib::Absolutepath]`

Sendmail compatibility feature that specifies the location of the
newaliases(1) command. This command can be used to rebuild the local(8)
aliases(5) database.

Default value: `undef`

##### <a name="-postfix--main_queue_directory"></a>`main_queue_directory`

Data type: `Optional[Stdlib::Absolutepath]`

The location of the Postfix top-level queue directory. This is the root
directory of Postfix daemon processes that run chrooted.

Default value: `undef`

##### <a name="-postfix--main_readme_directory"></a>`main_readme_directory`

Data type: `Optional[String[1]]`

The location of Postfix README files that describe how to build, configure
or operate a specific Postfix subsystem or feature.

Default value: `undef`

##### <a name="-postfix--main_recipient_delimiter"></a>`main_recipient_delimiter`

Data type: `Optional[String[1]]`

The set of characters that can separate a user name from its address
extension (user+foo). See canonical(5), local(8), relocated(5) and virtual(5)
for the effects this has on aliases, canonical, virtual, and relocated
lookups. Basically, the software tries user+foo and .forward+foo before
trying user and .forward.

Default value: `undef`

##### <a name="-postfix--main_relay_domains"></a>`main_relay_domains`

Data type: `Optional[String[1]]`

What destination domains (and subdomains thereof) this system will relay
mail to. For details about how the relay_domains value is used, see the
description of the permit_auth_destination and reject_unauth_destination
SMTP recipient restrictions.

Default value: `undef`

##### <a name="-postfix--main_relayhost"></a>`main_relayhost`

Data type: `Optional[Stdlib::Host]`

The next-hop destination of non-local mail; overrides non-local domains
in recipient addresses. This information is overruled with relay_transport,
sender_dependent_default_transport_maps, default_transport,
sender_dependent_relayhost_maps and with the transport(5) table.
In the case of SMTP, specify a domain name, hostname, hostname:port,
[hostname]:port, [hostaddress] or [hostaddress]:port. The form [hostname]
turns off MX lookups.

Default value: `undef`

##### <a name="-postfix--main_relayhost_port"></a>`main_relayhost_port`

Data type: `Integer[0]`

The next-hop destination of non-local mail; overrides non-local domains
in recipient addresses. This information is overruled with relay_transport,
sender_dependent_default_transport_maps, default_transport,
sender_dependent_relayhost_maps and with the transport(5) table.
In the case of SMTP, specify a domain name, hostname, hostname:port,
[hostname]:port, [hostaddress] or [hostaddress]:port. The form [hostname]
turns off MX lookups.

Default value: `25`

##### <a name="-postfix--main_relocated_maps"></a>`main_relocated_maps`

Data type: `Stdlib::Absolutepath`

Optional lookup tables with new contact information for users or domains that
no longer exist. The table format and lookups are documented in relocated(5).
Specify zero or more "type:name" lookup tables, separated by whitespace or
comma. Tables will be searched in the specified order until a match is found.

Default value: `'/etc/postfix/relocated'`

##### <a name="-postfix--main_sample_directory"></a>`main_sample_directory`

Data type: `Optional[Stdlib::Absolutepath]`

The name of the directory with example Postfix configuration files. Starting
with Postfix 2.1, these files have been replaced with the postconf(5) manual
page.

Default value: `undef`

##### <a name="-postfix--main_sendmail_path"></a>`main_sendmail_path`

Data type: `Optional[Stdlib::Absolutepath]`

A Sendmail compatibility feature that specifies the location of the Postfix
sendmail(1) command. This command can be used to submit mail into the Postfix
queue.

Default value: `undef`

##### <a name="-postfix--main_setgid_group"></a>`main_setgid_group`

Data type: `Optional[String[1]]`

The group ownership of set-gid Postfix commands and of group-writable
Postfix directories. When this parameter value is changed you need to re-run
"postfix set-permissions" (with Postfix version 2.0 and earlier:
"/etc/postfix/post-install set-permissions".

Default value: `undef`

##### <a name="-postfix--main_shlib_directory"></a>`main_shlib_directory`

Data type: `Optional[Stdlib::Absolutepath]`

The location of Postfix dynamically-linked libraries (libpostfix-*.so), and
the default location of Postfix database plugins (postfix-*.so) that have a
relative pathname in the dynamicmaps.cf file. The shlib_directory parameter
defaults to "no" when Postfix dynamically-linked libraries and database
plugins are disabled at compile time, otherwise it typically defaults to
/usr/lib/postfix or /usr/local/lib/postfix.

Default value: `undef`

##### <a name="-postfix--main_smtpd_banner"></a>`main_smtpd_banner`

Data type: `Optional[String[1]]`

The text that follows the 220 status code in the  SMTP  greeting banner.

Default value: `undef`

##### <a name="-postfix--main_smtpd_delay_reject"></a>`main_smtpd_delay_reject`

Data type: `Optional[Enum['yes', 'no']]`

Wait until the RCPT TO command before evaluating $smtpd_client_restrictions,
$smtpd_helo_restrictions and $smtpd_sender_restrictions, or wait until the
ETRN command before evaluating $smtpd_client_restrictions and
$smtpd_helo_restrictions.
This feature is turned on by default because some clients apparently
mis-behave when the Postfix SMTP server rejects commands before RCPT TO.
The default setting has one major benefit: it allows Postfix to log recipient
address information when rejecting a client name/address or sender address,
so that it is possible to find out whose mail is being rejected.

Default value: `undef`

##### <a name="-postfix--main_smtpd_helo_required"></a>`main_smtpd_helo_required`

Data type: `Optional[Enum['yes', 'no']]`

Require that a remote SMTP client introduces itself with the HELO or EHLO
command before sending the MAIL command or other commands that require EHLO
negotiation.

Default value: `undef`

##### <a name="-postfix--main_smtpd_helo_restrictions"></a>`main_smtpd_helo_restrictions`

Data type: `Optional[Array[String[1]]]`

Optional restrictions that the Postfix SMTP server applies in the context of
a client HELO command. See SMTPD_ACCESS_README, section "Delayed evaluation
of SMTP access restriction lists" for a discussion of evaluation context and
time.
The default is to permit everything.
Note: specify  "smtpd_helo_required = yes" to fully enforce this restriction
(without "smtpd_helo_required = yes", a client can simply skip
smtpd_helo_restrictions by not sending HELO or EHLO).

Default value: `undef`

##### <a name="-postfix--main_smtpd_recipient_restrictions"></a>`main_smtpd_recipient_restrictions`

Data type: `Optional[Array[String[1]]]`

Optional restrictions that the Postfix SMTP server applies in the context of
a client RCPT TO command, after smtpd_relay_restrictions. See
SMTPD_ACCESS_README, section "Delayed evaluation of SMTP access restriction
lists" for a discussion of evaluation context and time. With Postfix versions
before 2.10, the rules for relay permission and spam blocking were combined
under smtpd_recipient_restrictions, resulting in error-prone configuration.
As of Postfix 2.10, relay permission rules are preferably implemented with
smtpd_relay_restrictions, so that a permissive spam blocking policy under
smtpd_recipient_restrictions will no longer result in a permissive mail relay
policy.
Read more in man pages.

Default value: `undef`

##### <a name="-postfix--main_smtpd_relay_restrictions"></a>`main_smtpd_relay_restrictions`

Data type: `Optional[String[1]]`

Access restrictions for mail relay control that the Postfix SMTP server
applies in the context of the RCPT TO command, before
smtpd_recipient_restrictions.
Read more in man pages.

Default value: `undef`

##### <a name="-postfix--main_smtpd_sasl_auth_enable"></a>`main_smtpd_sasl_auth_enable`

Data type: `Optional[Enum['yes', 'no']]`

Enable SASL authentication in the Postfix SMTP server. By default, the Postfix
SMTP server does not use authentication.

Default value: `undef`

##### <a name="-postfix--main_smtpd_sender_restrictions"></a>`main_smtpd_sender_restrictions`

Data type: `Optional[String[1]]`

Optional restrictions that the Postfix SMTP server applies in the context of
a client MAIL FROM command. See SMTPD_ACCESS_README, section "Delayed
evaluation of SMTP access restriction lists" for a discussion of evaluation
context and time.
The default is to permit everything.
Specify a list of restrictions, separated by commas and/or whitespace.
Continue long lines by starting the next line with whitespace. Restrictions
are applied in the order as specified; the first restriction that matches wins.
The following restrictions are specific to the sender address received with
the MAIL FROM command.

Default value: `undef`

##### <a name="-postfix--main_smtpd_tls_ask_ccert"></a>`main_smtpd_tls_ask_ccert`

Data type: `Optional[Enum['yes', 'no']]`

Ask a remote SMTP client for a client certificate. This information is needed
for certificate based mail relaying with, for example, the
permit_tls_clientcerts feature.
Some clients such as Netscape will either complain if no certificate is
available (for the list of CAs in $smtpd_tls_CAfile) or will offer multiple
client certificates to choose from. This may be annoying, so this option is
"off" by default.
This feature is available in Postfix 2.2 and later.

Default value: `undef`

##### <a name="-postfix--main_smtpd_tls_cert_file"></a>`main_smtpd_tls_cert_file`

Data type: `Optional[Stdlib::Absolutepath]`

File with the Postfix SMTP server RSA certificate in PEM format. This file
may also contain the Postfix SMTP server private RSA key.

Default value: `undef`

##### <a name="-postfix--main_smtpd_tls_key_file"></a>`main_smtpd_tls_key_file`

Data type: `Optional[Stdlib::Absolutepath]`

File with the Postfix SMTP server RSA private key in PEM format.

Default value: `undef`

##### <a name="-postfix--main_smtpd_tls_mandatory_protocols"></a>`main_smtpd_tls_mandatory_protocols`

Data type: `Optional[String[1]]`

List of SSL/TLS protocols that the Postfix SMTP server will use with mandatory
TLS encryption. An empty value means allow all protocols. The valid protocol
names, are "SSLv2", "SSLv3" and "TLSv1". The default value is "!SSLv2, !SSLv3"
for Postfix releases after the middle of 2015, "!SSLv2" for older releases.

Default value: `undef`

##### <a name="-postfix--main_smtpd_tls_protocols"></a>`main_smtpd_tls_protocols`

Data type: `Optional[String[1]]`

TLS protocols accepted by the Postfix SMTP server with opportunistic TLS
encryption. If the list is empty, the server supports all available TLS
protocol versions. A non-empty value is a list of protocol names to include
or exclude, separated by whitespace, commas or colons.
The valid protocol names (see SSL_get_version(3)) are "SSLv2", "SSLv3",
"TLSv1", "TLSv1.1", "TLSv1.2" and "TLSv1.3". Starting with Postfix 3.6,
the default value is ">=TLSv1", which sets TLS 1.0 as the lowest supported
TLS protocol version (see below). Older releases use the "!" exclusion
syntax, also described below.
As of Postfix 3.6, the preferred way to limit the range of acceptable
protocols is to set the lowest acceptable TLS protocol version and/or the
highest acceptable TLS protocol version. To set the lower bound include an
element of the form: ">=version" where version is a either one of the TLS
protocol names listed above, or a hexadecimal number corresponding to the
desired TLS protocol version (0301 for TLS 1.0, 0302 for TLS 1.1, etc.).
For the upper bound, use "<=version". There must be no whitespace between
the ">=" or "<=" symbols and the protocol name or number.
Read more in man pages.

Default value: `undef`

##### <a name="-postfix--main_smtpd_tls_received_header"></a>`main_smtpd_tls_received_header`

Data type: `Optional[Enum['yes', 'no']]`

Request that the Postfix SMTP server produces Received: message headers that
include information about the protocol and cipher used, as well as the remote
SMTP client CommonName and client certificate issuer CommonName. This is
disabled by default, as the information may be modified in transit through
other mail servers. Only information that was recorded by the final
destination can be trusted.
This feature is available in Postfix 2.2 and later.

Default value: `undef`

##### <a name="-postfix--main_smtpd_tls_security_level"></a>`main_smtpd_tls_security_level`

Data type: `Optional[String[1]]`

The SMTP TLS security level for the Postfix SMTP server. Specify one of the
following security levels: none, may, encrypt.

Default value: `undef`

##### <a name="-postfix--main_smtpd_use_tls"></a>`main_smtpd_use_tls`

Data type: `Optional[Enum['yes', 'no']]`

Opportunistic TLS: announce STARTTLS support to remote SMTP clients, but do
not require that clients use TLS encryption.
This feature is available in Postfix 2.2 and later. With Postfix 2.3 and later
use smtpd_tls_security_level instead.

Default value: `undef`

##### <a name="-postfix--main_smtp_enforce_tls"></a>`main_smtp_enforce_tls`

Data type: `Optional[Enum['yes', 'no']]`

Enforcement mode: require that remote SMTP servers use TLS encryption, and
never send mail in the clear. This also requires that the remote SMTP server
hostname matches the information in the remote server certificate, and that
the remote SMTP server certificate was issued by a CA that is trusted by the
Postfix SMTP client. If the certificate doesn't verify or the hostname
doesn't match, delivery is deferred and mail stays in the queue.
The server hostname is matched against all names provided as dNSNames in the
SubjectAlternativeName. If no dNSNames are specified, the CommonName is
checked. The behavior may be changed with the smtp_tls_enforce_peername option.
This option is useful only if you are definitely sure that you will only
connect to servers that support RFC 2487 _and_ that provide valid server
certificates. Typical use is for clients that send all their email to a
dedicated mailhub.
This feature is available in Postfix 2.2 and later. With Postfix 2.3 and later
use smtp_tls_security_level instead.

Default value: `undef`

##### <a name="-postfix--main_smtp_sasl_auth_enable"></a>`main_smtp_sasl_auth_enable`

Data type: `Optional[Enum['yes', 'no']]`

Enable SASL authentication in the Postfix SMTP client. By default, the
Postfix SMTP client uses no authentication.

Default value: `undef`

##### <a name="-postfix--main_smtp_tls_cafile"></a>`main_smtp_tls_cafile`

Data type: `Optional[Stdlib::Absolutepath]`

A file containing CA certificates of root CAs trusted to sign either remote
SMTP server certificates or intermediate CA certificates. These are loaded
into memory before the smtp(8) client enters the chroot jail. If the number
of trusted roots is large, consider using smtp_tls_CApath instead, but note
that the latter directory must be present in the chroot jail if the smtp(8)
client is chrooted. This file may also be used to augment the client
certificate trust chain, but it is best to include all the required
certificates directly in $smtp_tls_cert_file
(or, Postfix >= 3.4 $smtp_tls_chain_files).
Specify "smtp_tls_CAfile = /path/to/system_CA_file" to use ONLY the system-
supplied default Certification Authority certificates.
Specify "tls_append_default_CA = no" to prevent Postfix from appending the
system-supplied default CAs and trusting third-party certificates.

Default value: `undef`

##### <a name="-postfix--main_smtp_tls_capath"></a>`main_smtp_tls_capath`

Data type: `Optional[Stdlib::Absolutepath]`

Directory with PEM format Certification Authority certificates that the
Postfix SMTP client uses to verify a remote SMTP server certificate. Do not
forget to create the necessary "hash" links with, for example,
"$OPENSSL_HOME/bin/c_rehash /etc/postfix/certs".
To use this option in chroot mode, this directory (or a copy) must be inside
the chroot jail.

Default value: `undef`

##### <a name="-postfix--main_smtp_tls_mandatory_protocols"></a>`main_smtp_tls_mandatory_protocols`

Data type: `Optional[String[1]]`

List of SSL/TLS protocols that the Postfix SMTP client will use with
mandatory TLS encryption. An empty value means allow all protocols. The
valid protocol names, (see SSL_get_version(3)), are "SSLv2", "SSLv3" and
"TLSv1". The default value is "!SSLv2, !SSLv3" for Postfix releases after
the middle of 2015, "!SSLv2" for older releases.

Default value: `undef`

##### <a name="-postfix--main_smtp_tls_protocols"></a>`main_smtp_tls_protocols`

Data type: `Optional[String[1]]`

List of TLS protocols that the Postfix SMTP client will exclude or include
with opportunistic TLS encryption. The default value is "!SSLv2, !SSLv3" for
Postfix releases after the middle of 2015, "!SSLv2" for older releases.
Before Postfix 2.6, the Postfix SMTP client would use all protocols with
opportunistic TLS.

Default value: `undef`

##### <a name="-postfix--main_smtp_tls_security_level"></a>`main_smtp_tls_security_level`

Data type: `Optional[String[1]]`

The default SMTP TLS security level for the Postfix SMTP client. Specify
one of the following security levels: none, may, encrypt, dane, dane-only,
fingerprint, verify, secure.

Default value: `undef`

##### <a name="-postfix--main_smtp_use_tls"></a>`main_smtp_use_tls`

Data type: `Optional[Enum['yes', 'no']]`

Opportunistic mode: use TLS when a remote SMTP server announces STARTTLS
support, otherwise send the mail in the clear. Beware: some SMTP servers
offer STARTTLS even if it is not configured. With Postfix < 2.3, if the
TLS handshake fails, and no other server is available, delivery is deferred
and mail stays in the queue. If this is a concern for you, use the
smtp_tls_per_site feature instead.
This feature is available in Postfix 2.2 and later. With Postfix 2.3 and
later use smtp_tls_security_level instead.

Default value: `undef`

##### <a name="-postfix--main_strict_8bitmime"></a>`main_strict_8bitmime`

Data type: `Optional[Enum['yes', 'no']]`

Enable both strict_7bit_headers and strict_8bitmime_body.
This feature should not be enabled on a general purpose mail server,
because it is likely to reject legitimate email.
This feature is available in Postfix 2.0 and later.

Default value: `undef`

##### <a name="-postfix--main_strict_rfc821_envelopes"></a>`main_strict_rfc821_envelopes`

Data type: `Optional[Enum['yes', 'no']]`

Require that addresses received in SMTP MAIL FROM and RCPT TO commands are
enclosed with <>, and that those addresses do not contain RFC 822 style
comments or phrases. This stops mail from poorly written software.
By default, the Postfix SMTP server accepts RFC 822 syntax in MAIL FROM and
RCPT TO addresses.

Default value: `undef`

##### <a name="-postfix--main_transport_maps"></a>`main_transport_maps`

Data type: `Stdlib::Absolutepath`

Optional lookup tables with mappings from recipient address to (message
delivery transport, next-hop destination). See transport(5) for details.
This parameter can be used to specify a file not managed by this puppet module
to provide alternative lookup sources. For example ldap, nis, mysql, pcre, etc.
For more information see the man pages for postmap(1), transport(5)

Default value: `'/etc/postfix/transport'`

##### <a name="-postfix--main_unknown_local_recipient_reject_code"></a>`main_unknown_local_recipient_reject_code`

Data type: `Optional[Integer[0]]`

The numerical Postfix SMTP server response code when a recipient address is
local, and $local_recipient_maps specifies a list of lookup tables that does
not match the recipient. A recipient address is local when its domain matches
$mydestination, $proxy_interfaces or $inet_interfaces.
The default setting is 550 (reject mail) but it is safer to initially use 450
(try again later) so you have time to find out if your local_recipient_maps
settings are OK.

Default value: `undef`

##### <a name="-postfix--main_virtual_alias_domains"></a>`main_virtual_alias_domains`

Data type: `Optional[String[1]]`

Postfix is final destination for the specified list of virtual alias domains,
that is, domains for which all addresses are aliased to addresses in other
local or remote domains. The SMTP server validates recipient addresses with
$virtual_alias_maps and rejects non-existent recipients. See also the virtual
alias domain class in the ADDRESS_CLASS_README file.

Default value: `undef`

##### <a name="-postfix--main_virtual_alias_maps"></a>`main_virtual_alias_maps`

Data type: `Stdlib::Absolutepath`

Optional lookup tables that alias specific mail addresses or domains to other
local or remote address. The table format and lookups are documented in
virtual(5). For an overview of Postfix address manipulations see the
ADDRESS_REWRITING_README document.
This feature is available in Postfix 2.0 and later.

Default value: `'/etc/postfix/virtual'`

##### <a name="-postfix--no_postmap_db_types"></a>`no_postmap_db_types`

Data type: `Array`

Array of DB types that do not require postmap to create the Postfix lookup
tables.

Default value: `['regexp']`

##### <a name="-postfix--packages"></a>`packages`

Data type: `Array[String[1]]`

Array of package names used for installation.

Default value: `['postfix']`

##### <a name="-postfix--relocated_custom"></a>`relocated_custom`

Data type: `Array`

Array of custom line that should be added to the relocation map.
These lines will be printed before the content of $relocated_maps.

Default value: `[]`

##### <a name="-postfix--relocated_db_type"></a>`relocated_db_type`

Data type: `String[1]`

String of the database type that should be used for the relocated database.
See https://www.postfix.org/DATABASE_README.html for more information about
the possible database types.

Default value: `'hash'`

##### <a name="-postfix--relocated_maps_external"></a>`relocated_maps_external`

Data type: `Boolean`

Use a non-puppet managed source for the $relocated_maps parameter, for
example nis: or ldap:. This parameter will cause the value of
$main_relocated_maps to be added despite the relocated_maps
parameter beeing undefined.

Default value: `false`

##### <a name="-postfix--relocated_maps"></a>`relocated_maps`

Data type: `Hash`

Hash of entries to add to relocated maps file defined by $main_relocated_maps.

Default value: `{}`

##### <a name="-postfix--service_enable"></a>`service_enable`

Data type: `Variant[Boolean, Enum['true', 'false']]`

Whether a service should be enabled to start at boot.
Valid values are true, false.

Default value: `true`

##### <a name="-postfix--service_ensure"></a>`service_ensure`

Data type: `Stdlib::Ensure::Service`

Whether a service should be running. Valid values are 'stopped' or 'running'.

Default value: `'running'`

##### <a name="-postfix--service_hasrestart"></a>`service_hasrestart`

Data type: `Boolean`

Specify that an init script has a restart command. If this is false and you do
not specify a command in the restart attribute, the init scripts stop and
start commands will be used. Defaults to false. Valid values are 'true' or
'false'.

Default value: `true`

##### <a name="-postfix--service_hasstatus"></a>`service_hasstatus`

Data type: `Boolean`

Declare whether the services init script has a functional status command;
defaults to true. This attributes default value changed in Puppet 2.7.0.
Valid values are 'true' or 'false'.

Default value: `true`

##### <a name="-postfix--service_name"></a>`service_name`

Data type: `Optional[String[1]]`

The name of the service to run. This name is used to find the service; on
platforms where services have short system names and long display names,
this should be the short name.

Default value: `undef`

##### <a name="-postfix--transport_custom"></a>`transport_custom`

Data type: `Array`

Array of custom line that should be added to the transport map.
These lines will be printed before the content of $transport_maps.

Default value: `[]`

##### <a name="-postfix--transport_db_type"></a>`transport_db_type`

Data type: `String[1]`

String of the database type that should be used for the transport database.
See https://www.postfix.org/DATABASE_README.html for more information about
the possible database types.

Default value: `'hash'`

##### <a name="-postfix--transport_maps"></a>`transport_maps`

Data type: `Hash`

Hash of entries to add to transport_maps file defined by
$main_transport_maps. The value must be a string.

Default value: `{}`

##### <a name="-postfix--transport_maps_external"></a>`transport_maps_external`

Data type: `Boolean`

Use a non-puppet managed source for the $transport_maps, for example nis: or
ldap:. This parameter will cause the value of main_transport_maps to be
added despite the transport_map parameter beeing undefined.

Default value: `false`

##### <a name="-postfix--virtual_alias_maps"></a>`virtual_alias_maps`

Data type: `Hash`

Hash of entries to add to virtual_alias_maps file defined by
$main_virtual_alias_maps.

Default value: `{}`

##### <a name="-postfix--virtual_alias_maps_external"></a>`virtual_alias_maps_external`

Data type: `Boolean`

Use a non-puppet managed source for the $virtual_alias_maps parameter, for
example nis: or ldap:. This parameter will cause the value of
$main_virtual_alias_maps to be added despite the virtual_alias_maps
parameter beeing undefined.

Default value: `false`

##### <a name="-postfix--virtual_alias_custom"></a>`virtual_alias_custom`

Data type: `Array`

Array of custom line that should be added to the virtual alias map.
These lines will be printed before the content of $virtual_alias_maps.

Default value: `[]`

##### <a name="-postfix--virtual_alias_db_type"></a>`virtual_alias_db_type`

Data type: `String[1]`

String of the database type that should be used for the virtual database.
See https://www.postfix.org/DATABASE_README.html for more information about
the possible database types.

Default value: `'hash'`

## Data types

### <a name="Postfix--Ipv6_address_brackets"></a>`Postfix::Ipv6_address_brackets`

IPv6 surrounded brackets
Based on https://stackoverflow.com/a/17871737

Alias of `Pattern[/\A\[(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))\]\Z/]`

### <a name="Postfix--Main_inet_interfaces"></a>`Postfix::Main_inet_interfaces`

Data type for inet_interfaces in main.conf

Alias of `Variant[Postfix::Main_inet_interfaces_string, Postfix::Main_inet_interfaces_array]`

### <a name="Postfix--Main_inet_interfaces_array"></a>`Postfix::Main_inet_interfaces_array`

Data type for array values for inet_interfaces in main.conf

Alias of

```puppet
Array[Variant[
    Stdlib::Host,
    Postfix::Ipv6_address_brackets,
    Postfix::Variables,
  ]]

Postfix::Main_inet_interfaces_string

Data type for string value for inet_interfaces in main.conf

Alias of

Variant[Enum[
    'all',
    'loopback-only',
  ], Stdlib::Host, Postfix::Ipv6_address_brackets, Postfix::Variables]

Postfix::Variables

Datatype for variables in Postfix Variable names can only contain characters matching [a-zA-Z0-9_]. Can be surrounded by { } and contain some expressions. See https://www.postfix.org/postconf.5.html for full context.

Alias of Pattern[/\A\$[a-zA-Z0-9_]+\Z/, /\A\$\{[a-zA-Z0-9_]+[:?]?[a-zA-Z0-9_]+}\Z/, /\A\$\{[a-zA-Z0-9_]+\?\{[a-zA-Z0-9_]+\}(:\{([a-zA-Z0-9_]+\})){0,1}\}\Z/]