VERIFY(8) System Manager's Manual VERIFY(8)
NAME
verify - Postfix address verification server
SYNOPSIS
verify [generic Postfix daemon options]
DESCRIPTION
The verify(8) address verification server maintains a record of what re-
cipient addresses are known to be deliverable or undeliverable.
Addresses are verified by injecting probe messages into the Postfix
queue. Probe messages are run through all the routing and rewriting ma-
chinery except for final delivery, and are discarded rather than being
deferred or bounced.
Address verification relies on the answer from the nearest MTA for the
specified address, and will therefore not detect all undeliverable ad-
dresses.
The verify(8) server is designed to run under control by the Postfix
master server. It maintains an optional persistent database. To avoid
being interrupted by "postfix stop" in the middle of a database update,
the process runs in a separate process group.
The verify(8) server implements the following requests:
update address status text
Update the status and text of the specified address.
query address
Look up the status and text for the specified address. If the
status is unknown, a probe is sent and an "in progress" status is
returned.
SECURITY
The address verification server is not security-sensitive. It does not
talk to the network, and it does not talk to local users. The verify
server can run chrooted at fixed low privilege.
The address verification server can be coerced to store unlimited
amounts of garbage. Limiting the cache expiry time trades one problem
(disk space exhaustion) for another one (poor response time to client
requests).
With Postfix version 2.5 and later, the verify(8) server no longer uses
root privileges when opening the address_verify_map cache file. The file
should now be stored under the Postfix-owned data_directory. As a mi-
gration aid, an attempt to open a cache file under a non-Postfix direc-
tory is redirected to the Postfix-owned data_directory, and a warning is
logged.
DIAGNOSTICS
Problems and transactions are logged to syslogd(8) or postlogd(8).
BUGS
Address verification probe messages add additional traffic to the mail
queue. Recipient verification may cause an increased load on
down-stream servers in the case of a dictionary attack or a flood of
backscatter bounces. Sender address verification may cause your site to
be denylisted by some providers.
If the persistent database ever gets corrupted then the world comes to
an end and human intervention is needed. This violates a basic Postfix
principle.
CONFIGURATION PARAMETERS
Changes to main.cf are not picked up automatically, as verify(8)
processes are long-lived. Use the command "postfix reload" after a con-
figuration change.
The text below provides only a parameter summary. See postconf(5) for
more details including examples.
PROBE MESSAGE CONTROLS
address_verify_sender ($double_bounce_sender)
The sender address to use in address verification probes; prior
to Postfix 2.5 the default was "postmaster".
Available with Postfix 2.9 and later:
address_verify_sender_ttl (0s)
The time between changes in the time-dependent portion of address
verification probe sender addresses.
CACHE CONTROLS
address_verify_map (see 'postconf -d' output)
Lookup table for persistent address verification status storage.
address_verify_positive_expire_time (31d)
The time after which a successful probe expires from the address
verification cache.
address_verify_positive_refresh_time (7d)
The time after which a successful address verification probe
needs to be refreshed.
address_verify_negative_cache (yes)
Enable caching of failed address verification probe results.
address_verify_negative_expire_time (3d)
The time after which a failed probe expires from the address ver-
ification cache.
address_verify_negative_refresh_time (3h)
The time after which a failed address verification probe needs to
be refreshed.
Available with Postfix 2.7 and later:
address_verify_cache_cleanup_interval (12h)
The amount of time between verify(8) address verification data-
base cleanup runs.
PROBE MESSAGE ROUTING CONTROLS
By default, probe messages are delivered via the same route as regular
messages. The following parameters can be used to override specific
message routing mechanisms.
address_verify_relayhost ($relayhost)
Overrides the relayhost parameter setting for address verifica-
tion probes.
address_verify_transport_maps ($transport_maps)
Overrides the transport_maps parameter setting for address veri-
fication probes.
address_verify_local_transport ($local_transport)
Overrides the local_transport parameter setting for address veri-
fication probes.
address_verify_virtual_transport ($virtual_transport)
Overrides the virtual_transport parameter setting for address
verification probes.
address_verify_relay_transport ($relay_transport)
Overrides the relay_transport parameter setting for address veri-
fication probes.
address_verify_default_transport ($default_transport)
Overrides the default_transport parameter setting for address
verification probes.
Available in Postfix 2.3 and later:
address_verify_sender_dependent_relayhost_maps ($sender_dependent_relay-
host_maps)
Overrides the sender_dependent_relayhost_maps parameter setting
for address verification probes.
Available in Postfix 2.7 and later:
address_verify_sender_dependent_default_transport_maps ($sender_depen-
dent_default_transport_maps)
Overrides the sender_dependent_default_transport_maps parameter
setting for address verification probes.
SMTPUTF8 CONTROLS
Preliminary SMTPUTF8 support is introduced with Postfix 3.0.
smtputf8_autodetect_classes (sendmail, verify)
Detect that a message requires SMTPUTF8 support for the specified
mail origin classes.
Available in Postfix version 3.2 and later:
enable_idna2003_compatibility (no)
Enable 'transitional' compatibility between IDNA2003 and
IDNA2008, when converting UTF-8 domain names to/from the ASCII
form that is used for DNS lookups.
MISCELLANEOUS CONTROLS
config_directory (see 'postconf -d' output)
The default location of the Postfix main.cf and master.cf config-
uration files.
daemon_timeout (18000s)
How much time a Postfix daemon process may take to handle a re-
quest before it is terminated by a built-in watchdog timer.
ipc_timeout (3600s)
The time limit for sending or receiving information over an in-
ternal communication channel.
process_id (read-only)
The process ID of a Postfix command or daemon process.
process_name (read-only)
The process name of a Postfix command or daemon process.
queue_directory (see 'postconf -d' output)
The location of the Postfix top-level queue directory.
syslog_facility (mail)
The syslog facility of Postfix logging.
syslog_name (see 'postconf -d' output)
A prefix that is prepended to the process name in syslog records,
so that, for example, "smtpd" becomes "prefix/smtpd".
Available in Postfix 3.3 and later:
service_name (read-only)
The master.cf service name of a Postfix daemon process.
SEE ALSO
smtpd(8), Postfix SMTP server
cleanup(8), enqueue Postfix message
postconf(5), configuration parameters
postlogd(8), Postfix logging
syslogd(8), system logging
README FILES
Use "postconf readme_directory" or "postconf html_directory" to locate
this information.
ADDRESS_VERIFICATION_README, address verification howto
LICENSE
The Secure Mailer license must be distributed with this software.
HISTORY
This service was introduced with Postfix version 2.1.
AUTHOR(S)
Wietse Venema
IBM T.J. Watson Research
P.O. Box 704
Yorktown Heights, NY 10598, USA
Wietse Venema
Google, Inc.
111 8th Avenue
New York, NY 10011, USA
VERIFY(8)
Generated by dwww version 1.16 on Tue Dec 9 02:17:20 CET 2025.