Maintenance Procedures qmail-smtpd(8) NNNNAAAAMMMMEEEE qmail-smtpd - receive mail via SMTP SSSSYYYYNNNNOOOOPPPPSSSSIIIISSSS qqqqmmmmaaaaiiiillll----ssssmmmmttttppppdddd DDDDEEEESSSSCCCCRRRRIIIIPPPPTTTTIIIIOOOONNNN qqqqmmmmaaaaiiiillll----ssssmmmmttttppppdddd receives mail messages via the Simple Mail Transfer Protocol (SMTP) and invokes qqqqmmmmaaaaiiiillll----qqqquuuueeeeuuuueeee to deposit them into the outgoing queue. qqqqmmmmaaaaiiiillll----ssssmmmmttttppppdddd must be supplied several environment variables; see ttttccccpppp----eeeennnnvvvviiiirrrroooonnnn((((5555)))). If the environment variable SSSSMMMMTTTTPPPPSSSS is non-empty, qqqqmmmmaaaaiiiillll----ssssmmmmttttppppdddd starts a TLS session (to support the deprecated SMTPS proto- col, normally on port 465). Otherwise, qqqqmmmmaaaaiiiillll----ssssmmmmttttppppdddd offers the STARTTLS extension to ESMTP. qqqqmmmmaaaaiiiillll----ssssmmmmttttppppdddd is responsible for counting hops. It rejects any message with 100 or more RRRReeeecccceeeeiiiivvvveeeedddd or DDDDeeeelllliiiivvvveeeerrrreeeedddd----TTTToooo header fields. qqqqmmmmaaaaiiiillll----ssssmmmmttttppppdddd supports ESMTP, including the 8BITMIME, DATA, PIPELINING, SIZE, and AUTH options. qqqqmmmmaaaaiiiillll----ssssmmmmttttppppdddd includes a 'MAIL FROM:' parameter parser and obeys 'Auth' and 'Size' advertisements. qqqqmmmmaaaaiiiillll----ssssmmmmttttppppdddd can accept LOGIN, PLAIN, and CRAM-MD5 AUTH types. It invokes _c_h_e_c_k_p_r_o_g_r_a_m, which reads on file descriptor 3 the username, a 0 byte, the password or CRAM-MD5 digest/response derived from the SMTP client, another 0 byte, a CRAM-MD5 challenge (if applicable to the AUTH type), and a final 0 byte. _c_h_e_c_k_p_r_o_g_r_a_m invokes _s_u_b_- _p_r_o_g_r_a_m upon successful authentication, which should in turn return 0 to qqqqmmmmaaaaiiiillll----ssssmmmmttttppppdddd, effectively setting the environment variables $RELAYCLIENT and $TCPREMOTEINFO (any supplied value replaced with the authenticated username). qqqqmmmmaaaaiiiillll---- ssssmmmmttttppppdddd will reject the authentication attempt if it receives a nonzero return value from _c_h_e_c_k_p_r_o_g_r_a_m or _s_u_b_p_r_o_g_r_a_m. TTTTRRRRAAAANNNNSSSSPPPPAAAARRRREEEENNNNCCCCYYYY qqqqmmmmaaaaiiiillll----ssssmmmmttttppppdddd converts the SMTP newline convention into the UNIX newline convention by converting CR LF into LF. It returns a temporary error and drops the connection on bare LFs; see hhhhttttttttpppp::::////////ppppoooobbbbooooxxxx....ccccoooommmm////~~~~ddddjjjjbbbb////ddddooooccccssss////ssssmmmmttttppppllllffff....hhhhttttmmmmllll. qqqqmmmmaaaaiiiillll----ssssmmmmttttppppdddd accepts messages that contain long lines or non-ASCII characters, even though such messages violate the SMTP protocol. CCCCOOOONNNNTTTTRRRROOOOLLLL FFFFIIIILLLLEEEESSSS _b_a_d_h_e_l_o Unacceptable HELO/EHLO host names. qqqqmmmmaaaaiiiillll----ssssmmmmttttppppdddd will reject every recipient address for a message if the SunOS 5.11 Last change: 1 Maintenance Procedures qmail-smtpd(8) host name is listed in, or matches a POSIX regular expression pattern listed in, _b_a_d_h_e_l_o. If the NNNNOOOOBBBBAAAADDDDHHHHEEEELLLLOOOO environment variable is set, then the con- tents of _b_a_d_h_e_l_o will be ignored. For more informa- tion, please have a look at doc/README.qregex. _b_a_d_m_a_i_l_f_r_o_m Unacceptable envelope sender addresses. qqqqmmmmaaaaiiiillll----ssssmmmmttttppppdddd will reject every recipient address for a message if the envelope sender address is listed in, or matches a POSIX regular expression pattern listed in, _b_a_d_m_a_i_l_- _f_r_o_m. A line in _b_a_d_m_a_i_l_f_r_o_m may be of the form @@@@_h_o_s_t, meaning every address at _h_o_s_t. For more information, please have a look at doc/README.qregex. _b_a_d_m_a_i_l_f_r_o_m_n_o_r_e_l_a_y Functions the same as the _b_a_d_m_a_i_l_f_r_o_m control file but is read only if the RRRREEEELLLLAAAAYYYYCCCCLLLLIIIIEEEENNNNTTTT environment variable is not set. For more information, please have a look at doc/README.qregex. _b_a_d_m_a_i_l_t_o Unacceptable envelope recipient addresses. qqqqmmmmaaaaiiiillll----ssssmmmmttttppppdddd will reject every recipient address for a message if the recipient address is listed in, or matches a POSIX regular expression pattern listed in, _b_a_d_m_a_i_l_t_o. For more information, please have a look at doc/README.qregex. _b_a_d_m_a_i_l_t_o_n_o_r_e_l_a_y Functions the same as the _b_a_d_m_a_i_l_t_o control file but is read only if the RRRREEEELLLLAAAAYYYYCCCCLLLLIIIIEEEENNNNTTTT environment variable is not set. For more information, please have a look at doc/README.qregex. _c_l_i_e_n_t_c_a._p_e_m A list of Certifying Authority (CA) certificates that are used to verify the client-presented certificates during a TLS-encrypted session. _c_l_i_e_n_t_c_r_l._p_e_m A list of Certificate Revocation Lists (CRLs). If present it should contain the CRLs of the CAs in _c_l_i_e_n_t_c_a._p_e_m and client certs will be checked for revo- cation. _d_a_t_a_b_y_t_e_s Maximum number of bytes allowed in a message, or 0 for no limit. Default: 0. If a message exceeds this SunOS 5.11 Last change: 2 Maintenance Procedures qmail-smtpd(8) limit, qqqqmmmmaaaaiiiillll----ssssmmmmttttppppdddd returns a permanent error code to the client; in contrast, if the disk is full or qqqqmmmmaaaaiiiillll---- ssssmmmmttttppppdddd hits a resource limit, qqqqmmmmaaaaiiiillll----ssssmmmmttttppppdddd returns a tem- porary error code. _d_a_t_a_b_y_t_e_s counts bytes as stored on disk, not as transmitted through the network. It does not count the qqqqmmmmaaaaiiiillll----ssssmmmmttttppppdddd Received line, the qqqqmmmmaaaaiiiillll----qqqquuuueeeeuuuueeee Received line, or the envelope. If the environment variable DDDDAAAATTTTAAAABBBBYYYYTTTTEEEESSSS is set, it over- rides _d_a_t_a_b_y_t_e_s. _d_h_1_0_2_4._p_e_m If these 1024 bit DH parameters are provided, qqqqmmmmaaaaiiiillll---- ssssmmmmttttppppdddd will use them for TLS sessions instead of gen- erating one on-the-fly (which is very timeconsuming). _d_h_5_1_2._p_e_m 512 bit counterpart for ddddhhhh1111000022224444....ppppeeeemmmm.... _l_o_c_a_l_i_p_h_o_s_t Replacement host name for local IP addresses. Default: _m_e, if that is supplied. qqqqmmmmaaaaiiiillll----ssssmmmmttttppppdddd is responsible for recognizing dotted-decimal addresses for the current host. When it sees a recipient address of the form _b_o_x@[_d._d._d._d], where _d._d._d._d is a local IP address, it replaces [_d._d._d._d] with _l_o_c_a_l_i_p_h_o_s_t. This is done before _r_c_p_t_h_o_s_t_s. _m_o_r_e_r_c_p_t_h_o_s_t_s Extra allowed RCPT domains. If _r_c_p_t_h_o_s_t_s and _m_o_r_e_r_c_p_t_h_o_s_t_s both exist, _m_o_r_e_r_c_p_t_h_o_s_t_s is effectively appended to _r_c_p_t_h_o_s_t_s. You must run qqqqmmmmaaaaiiiillll----nnnneeeewwwwmmmmrrrrhhhh whenever _m_o_r_e_r_c_p_t_h_o_s_t_s changes. Rule of thumb for large sites: Put your 50 most com- monly used domains into _r_c_p_t_h_o_s_t_s, and the rest into _m_o_r_e_r_c_p_t_h_o_s_t_s. _r_c_p_t_h_o_s_t_s Allowed RCPT domains. If _r_c_p_t_h_o_s_t_s is supplied, qqqqmmmmaaaaiiiillll----ssssmmmmttttppppdddd will reject any envelope recipient address with a domain not listed in _r_c_p_t_h_o_s_t_s. Exception: If the environment variable RRRREEEELLLLAAAAYYYYCCCCLLLLIIIIEEEENNNNTTTT is set, qqqqmmmmaaaaiiiillll----ssssmmmmttttppppdddd will ignore _r_c_p_t_h_o_s_t_s, and will append the value of RRRREEEELLLLAAAAYYYYCCCCLLLLIIIIEEEENNNNTTTT to each incoming recipient SunOS 5.11 Last change: 3 Maintenance Procedures qmail-smtpd(8) address. _r_c_p_t_h_o_s_t_s may include wildcards: heaven.af.mil .heaven.af.mil Envelope recipient addresses without @ signs are always allowed through. _r_s_a_5_1_2._p_e_m If this 512 bit RSA key is provided, qqqqmmmmaaaaiiiillll----ssssmmmmttttppppdddd will use it for TLS sessions instead of generating one on- the-fly. _s_e_r_v_e_r_c_e_r_t._p_e_m SSL certificate to be presented to clients in TLS- encrypted sessions. Should contain both the certificate and the private key. Certifying Authority (CA) and intermediate certificates can be added at the end of the file. _s_m_t_p_g_r_e_e_t_i_n_g SMTP greeting message. Default: _m_e, if that is sup- plied; otherwise qqqqmmmmaaaaiiiillll----ssssmmmmttttppppdddd will refuse to run. The first word of _s_m_t_p_g_r_e_e_t_i_n_g should be the current host's name. _t_i_m_e_o_u_t_s_m_t_p_d Number of seconds qqqqmmmmaaaaiiiillll----ssssmmmmttttppppdddd will wait for each new buffer of data from the remote SMTP client. Default: 1200. _s_p_f_b_e_h_a_v_i_o_r Set to a value between 1 and 6 to enable SPF checks; 0 to disable. 1 selects 'annotate-only' mode, where qqqqmmmmaaaaiiiillll----ssssmmmmttttppppdddd will annotate incoming email with RRRReeeecccceeeeiiiivvvveeeedddd----SSSSPPPPFFFF fields, but will not reject any messages. 2 will produce temporary failures on DNS lookup prob- lems so you can make sure you always have meaningful Received-SPF headers. 3 selects 'reject' mode, where incoming mail will be rejected if the SPF record says 'fail'. 4 selects a more stricter rejection mode, which is like 'reject' mode, except that incoming mail will also be rejected when the SPF record says 'soft- fail'. 5 will also reject when the SPF record says 'neutral', and 6 if no SPF records are available at all (or a syntax error was encountered). The contents of this file are overridden by the value of the SunOS 5.11 Last change: 4 Maintenance Procedures qmail-smtpd(8) SSSSPPPPFFFFBBBBEEEEHHHHAAAAVVVVIIIIOOOORRRR environment variable, if set. Default: 0. _s_p_f_e_x_p You can add a line with a an SPF explanation that will be shown to the sender in case of a reject. It will override the default one. You can use SPF macro expan- sion. _s_p_f_g_u_e_s_s You can add a line with SPF rules that will be checked if a sender domain doesn't have a SPF record. The local rules will also be used in this case. _s_p_f_r_u_l_e_s You can add a line with SPF rules that will be checked before other SPF rules would fail. This can be used to always allow certain machines to send certain mails. _s_p_a_m_t The spam throttle parameters file. See qqqqmmmmaaaaiiiillll----nnnneeeewwwwsssstttt(8) and qqqqmmmmaaaaiiiillll----ssssppppaaaammmmtttt(5) for details. _t_l_s_c_l_i_e_n_t_s A list of email addresses. When relay rules would reject an incoming message, qqqqmmmmaaaaiiiillll----ssssmmmmttttppppdddd can allow it if the client presents a certificate that can be verified against the CA list in _c_l_i_e_n_t_c_a._p_e_m and the certificate email address is in _t_l_s_c_l_i_e_n_t_s. _t_l_s_s_e_r_v_e_r_c_i_p_h_e_r_s A set of OpenSSL cipher strings. Multiple ciphers con- tained in a string should be separated by a colon. If the environment variable TTTTLLLLSSSSCCCCIIIIPPPPHHHHEEEERRRRSSSS is set to such a string, it takes precedence. SSSSEEEEEEEE AAAALLLLSSSSOOOO tcp-env(1), tcp-environ(5), qmail-control(5), qmail- spamt(5), qmail-spamthrottle(5) qmail-inject(8), qmail- newmrh(8), qmail-newst(8), qmail-queue(8), qmail-remote(8) SunOS 5.11 Last change: 5