PPoossttffiixx EETTRRNN HHoowwttoo ------------------------------------------------------------------------------- PPuurrppoossee ooff tthhee PPoossttffiixx ffaasstt EETTRRNN sseerrvviiccee The SMTP ETRN command was designed for sites that have intermittent Internet connectivity. With ETRN, a site can tell the mail server of its provider to "Please deliver all my mail now". The SMTP server searches the queue for mail to the customer, and delivers that mail bbyy ccoonnnneeccttiinngg ttoo tthhee ccuussttoommeerr''ss SSMMTTPP sseerrvveerr. The mail is not delivered via the connection that was used for sending ETRN. As of version 1.0, Postfix has a fast ETRN implementation that does not require Postfix to examine every queue file. Instead, Postfix maintains a record of what queue files contain mail for destinations that are configured for ETRN service. ETRN service is no longer available for domains that aren't configured for the service. This document provides information on the following topics: * Using the Postfix fast ETRN service * How Postfix fast ETRN works * Postfix fast ETRN service limitations * Configuring the Postfix fast ETRN service * Configuring a domain for ETRN service only * Testing the Postfix fast ETRN service Other documents with information on this subject: * flush(8), flush service implementation UUssiinngg tthhee PPoossttffiixx ffaasstt EETTRRNN sseerrvviiccee The following is an example SMTP session that shows how an SMTP client requests the ETRN service. Client commands are shown in bold font. 220 my.server.tld ESMTP Postfix HHEELLOO mmyy..cclliieenntt..ttlldd 250 Ok EETTRRNN ssoommee..ccuussttoommeerr..ddoommaaiinn 250 Queuing started QQUUIITT 221 Bye As mentioned in the introduction, the mail is delivered by connecting to the customer's SMTP server; it is not sent over the connection that was used to send the ETRN command. The Postfix operator can request delivery for a specific customer by using the command "sendmail -qRdestination" and, with Postfix version 1.1 and later, "postqueue -sdestination". Access to this feature is controlled with the authorized_flush_users configuration parameter (Postfix version 2.2 and later). HHooww PPoossttffiixx ffaasstt EETTRRNN wwoorrkkss When a Postfix delivery agent decides that mail must be delivered later, it sends the destination domain name and the queue file name to the flush(8) daemon which maintains per-destination logfiles with file names of queued mail. These logfiles are kept below $queue_directory/flush. Per-destination logfiles are maintained only for destinations that are listed with the $fast_flush_domains parameter and that have syntactically valid domain names. Postfix Postfix One logfile delivery -(domain, queue ID)-> flush -(queue ID)-> per eligible agent daemon domain When Postfix receives a request to "deliver mail for a domain now", the flush (8) daemon moves all deferred queue files that are listed for that domain to the incoming queue, and requests that the queue manager deliver them. In order to force delivery, the queue manager temporarily ignores the lists of undeliverable destinations: the volatile in-memory list of dead domains, and the list of message delivery transports specified with the defer_transports configuration parameter. PPoossttffiixx ffaasstt EETTRRNN sseerrvviiccee lliimmiittaattiioonnss The design of the flush(8) server and of the flush queue introduce a few limitations that should not be an issue unless you want to turn on fast ETRN service for every possible destination. * The flush(8) daemon maintains per-destination logfiles with queue file names. When a request to "deliver mail now" arrives, Postfix will attempt to deliver all recipients in the queue files that have mail for the destination in question. This does not perform well with queue files that have recipients in many different domains, such as queue files with outbound mailing list traffic. * The flush(8) daemon maintains per-destination logfiles only for destinations listed with $fast_flush_domains. With other destinations you cannot request delivery with "sendmail -qRdestination" or, with Postfix version 1.1 and later, "postqueue -sdestination". * Up to and including early versions of Postfix version 2.1, the "fast flush" service may not deliver some messages if the request to "deliver mail now" is received while a deferred queue scan is already in progress. The reason is that the queue manager does not ignore the volatile in-memory list of dead domains, and the list of message delivery transports specified with the defer_transports configuration parameter. * Up to and including Postfix version 2.3, the "fast flush" service may not deliver some messages if the request to "deliver mail now" arrives while an incoming queue scan is already in progress. CCoonnffiigguurriinngg tthhee PPoossttffiixx ffaasstt EETTRRNN sseerrvviiccee The behavior of the flush(8) daemon is controlled by parameters in the main.cf configuration file. By default, Postfix "fast ETRN" service is available only for destinations that Postfix is willing to relay mail to: /etc/postfix/main.cf: fast_flush_domains = $relay_domains smtpd_etrn_restrictions = permit_mynetworks, reject Notes: * The relay_domains parameter specifies what destinations Postfix will relay to. For destinations that are not eligible for the "fast ETRN" service, Postfix replies with an error message. * The smtpd_etrn_restrictions parameter limits what clients may execute the ETRN command. By default, any client has permission. To enable "fast ETRN" for some other destination, specify: /etc/postfix/main.cf: fast_flush_domains = $relay_domains, some.other.domain To disable "fast ETRN", so that Postfix rejects all ETRN requests and so that it maintains no per-destination logfiles, specify: /etc/postfix/main.cf: fast_flush_domains = CCoonnffiigguurriinngg aa ddoommaaiinn ffoorr EETTRRNN sseerrvviiccee oonnllyy While an "ETRN" customer is off-line, Postfix will make spontaneous attempts to deliver mail to it. These attempts are separated in time by increasing time intervals, ranging from $minimal_backoff_time to $maximal_backoff_time, and should not be a problem unless a lot of mail is queued. To prevent Postfix from making spontaneous delivery attempts you can configure Postfix to always defer mail for the "ETRN" customer. Mail is delivered only after the ETRN command or with "sendmail -q", with "sendmail -qRdomain", or with "postqueue -sdomain"(Postfix version 1.1 and later only), In the example below we configure an "etrn-only" delivery transport which is simply a duplicate of the "smtp" and "relay" mail delivery transports. The only difference is that mail destined for this delivery transport is deferred as soon as it arrives. 1 /etc/postfix/master.cf: 2 # ============================================================= 3 # service type private unpriv chroot wakeup maxproc command 4 # (yes) (yes) (yes) (never) (100) 5 # ============================================================= 6 smtp unix - - n - - smtp 7 relay unix - - n - - smtp 8 etrn-only unix - - n - - smtp 9 10 /etc/postfix/main.cf: 11 relay_domains = customer.tld ...other domains... 12 defer_transports = etrn-only 13 transport_maps = hash:/etc/postfix/transport 14 15 /etc/postfix/transport: 16 customer.tld etrn-only:[mailhost.customer.tld] Translation: * Line 8: The "etrn-only" mail delivery service is a copy of the "smtp" and "relay" service. * Line 11: Don't forget to authorize relaying for this customer, either via relay_domains or with the permit_mx_backup feature. * Line 12: The "etrn-only" mail delivery service is configured so that spontaneous mail delivery is disabled. * Lines 13-16: Mail for the customer is given to the "etrn-only" mail delivery service. * Line 16: The "[mailhost.customer.tld]" turns off MX record lookups; you must specify this if your Postfix server is the primary MX host for the customer's domain. TTeessttiinngg tthhee PPoossttffiixx ffaasstt EETTRRNN sseerrvviiccee By default, "fast ETRN" service is enabled for all domains that match $relay_domains. If you run Postfix with "fast ETRN" service for the very first time, you need to run "sendmail -q" once in order to populate the per-site deferred mail logfiles. If you omit this step, no harm is done. The logfiles will eventually become populated as Postfix routinely attempts to deliver delayed mail, but that will take a couple hours. After the "sendmail -q" command has completed all delivery attempts (this can take a while), you're ready to test the "fast ETRN" service. To test the "fast ETRN" service, telnet to the Postfix SMTP server from a client that is allowed to execute ETRN commands (by default, that's every client), and type the commands shown in boldface: 220 my.server.tld ESMTP Postfix HHEELLOO mmyy..cclliieenntt..ttlldd 250 Ok EETTRRNN ssoommee..ccuussttoommeerr..ddoommaaiinn 250 Queuing started where "some.customer.domain" is the name of a domain that has a non-empty logfile somewhere under $queue_directory/flush. In the maillog file, you should immediately see a couple of logfile records, as evidence that the queue manager has opened queue files: Oct 2 10:51:19 myhostname postfix/qmgr[51999]: 682E8440A4: from=, size=12345, nrcpt=1 (queue active) Oct 2 10:51:19 myhostname postfix/qmgr[51999]: 02249440B7: from=, size=4711, nrcpt=1 (queue active) What happens next depends on whether the destination is reachable. If it's not reachable, the mail queue IDs will be added back to the some.customer.domain logfile under $queue_directory/flush. Repeat the exercise with some other destination that your server is willing to relay to (any domain listed in $relay_domains), but that has no mail queued. The text in bold face stands for the commands that you type: 220 my.server.tld ESMTP Postfix HHEELLOO mmyy..cclliieenntt..ttlldd 250 Ok EETTRRNN ssoommee..ootthheerr..ccuussttoommeerr..ddoommaaiinn 250 Queuing started This time, the "ETRN"" command should trigger NO mail deliveries at all. If this triggers delivery of all mail, then you used the wrong domain name, or "fast ETRN" service is turned off. Finally, repeat the exercise with a destination that your mail server is not willing to relay to. It does not matter if your server has mail queued for that destination. 220 my.server.tld ESMTP Postfix HHEELLOO mmyy..cclliieenntt..ttlldd 250 Ok EETTRRNN nnoott..aa..ccuussttoommeerr..ddoommaaiinn 459 : service unavailable In this case, Postfix should reject the request as shown above.