Provided by: zmailer_2.99.56-2_i386
smtpserver - zmailer SMTP server
[-46aBhigntVvw] [-p port] [-l SYSLOG] [-l logfile]
[-s[ftveR]] [-s strict] [-I pidfile] [-L maxloadaver]
[-M SMTPmaxsize] [-P postoffice] [-R router] [-C cfgfile]
[-Z zenvfile] [-T â€™[220.127.116.11]â€™]
This program implements the server side of the SMTP protocol as
described in RFC-2821, and knows about the common extensions to the
protocol expected by Sendmail and BSMTP clients.
By default the program will kill the previous smtpserver(8zm) daemon,
if any, then detach and listen for SMTP connections. Incoming messages
will be submitted for processing using the zmailer(3zm) interface to
ZMailer. Nontrivial address checking is done asynchronously, although
this behaviour can be changed by a command line option if you cannot
afford to transfer data just to bounce it back. All checking is done
by executing the router(8zm) program in interactive mode, and executing
a well-known shell function with well-known parameters for each
Explicitely to use IPv4 type of socket even on machines that is
capable to do IPv6 type of sockets.
Explicitely to (try to) use IPv6 type of socket even if the
machine does not support it. For a default the server will try
to use IPv6, if it has been compiled on an environment where it
is present, but will do a fallback to IPv4 in case the runtime
system does not have IPv6.
turn on RFC931/RFC1413 indentification protocol, and log the
information acquired with it to the submitted file.
turn on usage of "whoson" protocol. This option is available
even if actual code is not available.
the gullible option will make the program believe any
information it is told (such as origin of a connection) without
check helo-parameter, per default that is not checked in any
way, with this option, syntax check is done on it.
runs the server interactively, which makes it usable for
processing a batched SMTP stream (BSMTP) on stdin. With -v
option this echoes incoming BSMTP to create more accurate
faximille of BITNET BSMTP mailers.
A magic value of "SYSLOG" for the logfile is interpreted by
directing all session log stuff thru syslogd; something which
may require better syslogd, than your system has by default; see
â€˜â€˜syslog-ngâ€™â€™ at a well indexed free software sites.
specifies a logfile and enables recording of incoming SMTP
conversations. If you want both file based session log, and
syslog() based, issue this option after â€˜â€˜-l SYSLOGâ€™â€™ one.
indicates the program is being run from inetd(8).
specifies the TCP port to listen on instead of the default SMTP
flags the email to arrive via BSMTP channel (via BITNET, for
specifies an alternate PID file location.
tells the maximum load-average the system is under when we still
accept email in.
Defines the asolute maximum size we accept from incoming email.
(Default: infinite) (This is local policy issue.)
specifies an alternate POSTOFFICE directory.
specifies an alternate router (8zm) program to use for address
specifies nonstandard configuration file location; the default
this turns on all kinds of strict smtp protocol adherence
checks, which in normal life can be relaxed slightly. Great for
compliance testing ;)
specifies the style of address verification to be performed.
There are four independent commands that can invoke some kind of
address verification, and four independent flags to control
whether this should be done. They are:
f check MAIL FROM addresses
t check RCPT TO addresses
v check VRFY command argument
e check EXPN command argument
R require addresses to be of syntax: local@remote (strict
allow sloppy input for systems incapable to respect RFC
821 properly; WinCE1.0 (and 2.0) does:
The flags are concatenated to form the argument to the -s
option. The default is ve.
Supply (in interactive mode) test address for policy dataset
address testing. The optionset recommended for that case is:
-i -d 1 -T â€™[18.104.22.168]â€™
A notable detail is that to see what really is going on in the
policy analysis,one must usei the â€˜â€˜-d 1â€™â€™ option to turn on the
debugging early enough to see its initial verdict at the time
the â€˜â€˜220..â€™â€™ greeting banner is produced..
Also notable is that brackets in the supplied IP address must be
present, otherwise illegal syntax will be reported. (Using RFC
821 address literal parser here.)
Set when running smtpserver under e.g. inetd, and using service
port number 465; a "well-known" deprecated one of SSL/SMTP;
(From the era before â€˜â€˜STARTTLSâ€™â€™ protocol verb.)
passes on explicite non-compiled-in-default located ZCONFIG
prints a version message and exits.
If the $MAILSHARE/smtpserver.conf exists it is read to configure two
kinds of things:
allow server start-time parametrization of several things,
Â· acceptance/rejection database definitions
Â· various feature parametrizations
On PARAM lines the system allows $-expansions of ZENV variables.
(Special note: â€™$$â€™ expands as â€™$â€™, not shell-style process-id
The style (-s) option
behaviour based on glob patterns matching the HELO/EHLO name
given by a remote client. Lines beginning with a # or
whitespace are ignored in the file, and all other lines must
consist of two tokens: a shell-style (glob) pattern starting at
the beginning of the line, whitespace, and a sequence of style
flags. The first matching line is used. As a special case, the
flags section may start with a ! character in which case the
remainder of the line is a failure comment message to print at
the client. This configuration capability is intended as a way
to control misbehaving client software or mailers.
This is synonym to start-time -M option.
PARAM min-availspace 5000
This defines, in kilobytes, the minimum available space in
POSTOFFICE directory after the message has been accepted in.
This defines how many recipients can be on a message whose
source address is MAIL FROM:<>. That is, is an error message.
(Sometimes SPAMs are tried to inject in that form...)
This sets the maximum number of active connections from any
given single IP address.
When the limit is reached, system tells the remote end:
450 Too many simultaneous connections...
(and then closes the connection.)
When the limit is exceeded by factor of four, the server just
closes the connection without telling anything.
Do note that this works only when the smtpserver is running as
its own daemon, not while run from under inetd!
This limits how many simultaneous connections the server will
accept in total -- e.g. how many childs a master server can have
running. Default value: 800.
Exceeding the limit by less than 100 will get a message
450 Too many simultaneous connections...
printed to the connection. In every case the connection is
closed right after the possible message.
Do note that this works only when the smtpserver is running as
its own daemon, not while run from under inetd!
This sets the listen queue size parameter for listen(2) call at
This sets setsockopt(SO_RCVBUF) value, in case the system
default is not suitable.
This sets setsockopt(SO_SNDBUF) value, in case the system
default is not suitable.
PARAM RcptLimitCount 10000
This sets the maximum number of accepted recipients per one
message transaction. Default (and minimum!) value is 100, which
is mandated by the RFC 821.
PARAM BindPort 25
PARAM BindAddress [0.0.0.0]
PARAM BindAddress [IPv6.0::0]
PARAM BindAddress iface:ifacename
Per default the server mode SMTP-server binds to port 25 and any
locally accepted address, but occasionally people seem to want
to have separate server instances with different configurations,
and for those cases are these parameters.
Multiple instances of BindAddress will work, and bind all
presently supported ports to all those addresses.
This trio (DEBUGcmd, EXPNcmd, VRFYcmd) are enablers of like
named SMTP verbs which have some uses in the debug mode.
They are normally disabled, but running them enabled does not
allow direct attacks with them. (That we know of.)
This enables interactive router use where user inputs reach the
router. As things turn out, while the canned scripts should be
safe against any and all inputs, a careless change in the router
scripts may endanger this status.
Per default this is disabled to protect your system.
To enable EXPN and VRFY, this must be enabled, but be very
carefull when you do this. This is also required for
interactive router processing of â€˜â€˜MAIL FROMâ€™â€™ and â€˜â€˜RCPT TOâ€™â€™
This enables â€™SMTP AUTHâ€™ facility (AUTH verb, plus optional
parameter to MAIL verb). With this the users who are able to
â€™loginâ€™ successfully to this host, are then able to relay the
email thru the server unlimited.
This enables â€™SMTP AUTHâ€™ facility usage also without running
under SSL/TLS security envelope.
If the system has been configured with SASL2 support, use that
instead of built-in plain-text authenticator code.
Presently experimental code!
PARAM smtp-mechanisms mech name list
List only those mechanisms that are wanted to be supported in
the running system. Undefined list means: any and all what the
Suggested list: "PLAIN LOGIN"
Other ways might work, or might not. Experience is partial, and
failed in several combinations.
Enable Message Submission Agent mode, where smtpserver requires
successful user authentication during SMTP sessions initiated
from outside of the trusted networks or the networks with
relaying enabled (see "fulltrustnet" and "relaycustnet" at the
sample proto/db/smtp-policy.src file).
PARAM SMTP-auth-pipe /path/to/program
This is a path to the external authentication program. The
authenticator should read a username from command line, and a
password from standard input. Exit status 0 means successful
It is relatively easy to make a mistake in external
authentication program that follows the specification. Use this
option only if you know exactly what you do! BE CAREFULL!
If TCP-WRAPPER is configured in, uncommenting this will activate
its use to look service name: smtp-receiver
This set contains disablers of like named Extended SMTP EHLO
responses, plus EHLO verb itself, e.g. using these will turn off
given (for example â€˜â€˜PIPELININGâ€™â€™) response from the EHLO
replies, and then a client possibly capable to feed PIPELINING
will not do it -- unless it breaks rules, and does it even when
the server does not report facility being available.
If you want to disable any of these, you better have a good
reason for it, as in general they work quite fine.
Of these, 8BITMIME can not in reality be disabled, only its
adverticement can be turned off.
Turn off ZMailerâ€™s default multiline replies; many systems
(especially from M$ breed) donâ€™t do RFC 821 Appendix E
Whatever the incoming DNS NOTIFY= value is, we force it always
to be NOTIFY=NEVER. This is for those who wonâ€™t like to let
others even to find out that the message made into the system,
but still want to support incoming DSN. (That is, not to disable
PARAM hdr220 a string of stuff
This allows full customization of the initial greeting message.
For details, see the sample configuration below.
PARAM help ....
This allows adding locally relevant data into the SMTP protocol
HELP command response texts. See example in the sample
PARAM policydb DBTYPE /path/to/dbfile
This defines smtp input policy filtering/analysis database
location. See the comments at the sample
An error here will be reported with obscureish code; "1" =
"DBTYPE parameter unknown/unsupported", "2" = "canâ€™t open the
PARAM contentfilter $MAILBIN/smtp-contentfilter
An external program for received message content analysis.
The interface is desribed below at CONTENTFILTER INTERFACE
Sends some debug-data of the content-filter interface into the
smtpserver protocol log file.
PARAM tarpit initial exponent toplimit
This defines a pre-reply slow-down factor, and next delay
multiplier (both are integers). Default values are (0, 0).
Delay tops at 250 (seconds). The â€˜â€˜initialâ€™â€™ is used as the
initial tarpit delay, and â€˜â€˜exponentâ€™â€™ is multiplier for
formula: next = prev + (prev * exponent)
Finally, â€˜â€˜toplimitâ€™â€™ caps the delay value.
PARAM tls-CAfile $MAILVAR/db/smtpserver-CAcert.pem
PARAM tls-cert-file $MAILVAR/db/smtpserver-cert.pem
PARAM tls-key-file $MAILVAR/db/smtpserver-key.pem
PARAM tls-dcert-file $MAILVAR/db/smtpserver-dcert.pem
PARAM tls-dkey-file $MAILVAR/db/smtpserver-dkey.pem
These are TLSv1 parameters, and all parts of this parameter
cluster must be set for the facility to work!
See doc/guides/openssl, or: http://www.aet.tu-
something ZMailer specific gets written...)
Also see below section OPENSSL RELATED PARAMETERS.
The "dcert" and "dkey" are for DSA derived private key, and
PARAM tls-dh512 $MAILVAR/db/smtpserver-cert-dh512.pem
PARAM tls-dh1024 $MAILVAR/db/smtpserver-cert-dh1024.pem
Optional file to supply auxiliary DH parameters for the DSA
related key exchange, in case the certificate is so old, that it
does not contain them. The system has built-in default values
Listen on port TCP/465, which is deprecated SSL/SMTP listener
Microsoft does it again... If TLS is set at Outlook, and server
port is not 25, it bloody well seems to expect that the server
starts in TLS handshake mode.
This implements a 2 second startup delay in case the port is
some other than 25, and if some byte is received from client
during that time, and it happens to be 0x80, then this server
will initiate TLS negotiation. If nothing happens (well-
behaving client), normal SMTP greeting is presented.
PARAM tls-loglevel 0
PARAM tls-ccert-vd 0
PARAM tls-ask-cert 0
PARAM tls-require-cert 0
PARAM tls-CApath ... (somewhen: verify clientâ€™s certificates)
PARAM tls-enforce-tls 1
These are some futher thoughs that may materialize some time..
This quintet controls what possibly collected data is shown at
the published â€˜â€˜Received:â€™â€™ header that this system generates.
PARAM etrn-cluster node-name-or-address mq2-username mq2-passwd
In load-balance clusters a network level load-balancer may
distribute the incoming SMTP connections to multiple real
machines, and by using this parameter (repeatedly) to list those
peers, system can relay user initiated ETRN requests to all
This method requires that the scheduler runs its mailq service
in MAILQv2 mode!
When desiring to test LMTP (RFC 2033), this parameter can be
turned on, however ZMailer is no real LMTP server, and this
feature is only for debug purposes.
Here is a possible configuration file:
# smtpserver.conf - autogenerated edition
#PARAM maxsize 10000000 # Same as -M -option
#PARAM min-availspace 5000 # Minimum free in POSTOFFICE after
# # message has arrived; in kBs.
#PARAM max-error-recipients 3 # More than this is probably SPAM!
#PARAM max-unknown-commands 10 # More than this is probably broken
# # client
#PARAM MaxSameIpSource 10 # Max simultaneous connections
# # from any IP source address
#PARAM MaxParallelConnections 800 # Max simultaneous connections
# # in total to the server
#PARAM TcpRcvBufferSize 32000 # Should not need to set!
#PARAM TcpXmitBufferSize 32000 # Should not need to set!
#PARAM ListenQueueSize 10 # listen(2) parameter
#PARAM RcptLimitCount 10000 # Max number of recipients for one
# # MAIL FROM session. Minimum: 100
#PARAM BindPort 25 # Binding port
#PARAM BindAddress [0.0.0.0] # Binding address - for multihomers..
#PARAM BindAddress [IPv6.0::0] # and here is for IPv6 - NO SPACES!
# Enables of some commands:
# # This is a security decission for you.
# # This is needed for EXPN/VRFY and interactive
# # processing of MAIL FROM and RCPT TO addresses.
# # However it also may allow external user entrance
# # to ZMailer router shell environment with some
# # suitably pervert input, if quotation rules are
# # broken in the scripts.
# # Authentication with SASL mechanisms
# # in the system. Enabling this takes precedence over
# # smtp-auth below!
#PARAM sasl-mechanisms LIST OF SASL MECHANISMS
# # A space delimittered list of SASL mechanisms we
# # want to support.
# # enable if you want to allow SMTP to autenticate
# # with the default code against system /etc/passwd
# # (or whatever source getpwnam() uses for it..)
# # Enable, if the "AUTH LOGIN" is to be allowed to
# # be used without running under SSL/TLS security
# # envelope.
# # Message Submission Agent mode. Require
# # successful user authentication during SMTP
# # sessions initiated from outside of the trusted
# # networks or the networks with relaying enabled
# # (see "fulltrustnet" and "relaycustnet" in
# # smtp-policy.src file).
#PARAM SMTP-auth-pipe /path/to/program
# # External authentication program. The
# # authenticator should read a username from
# # command line and a password from standard input.
# # Exit status 0 means successful authentication.
# # If TCP-WRAPPER is configured in, uncommenting this
# # will activate its use to look service name: smtp-receiver
# Disablers of some facility adverticements
#PARAM no-multiline-replies # except to EHLO
#PARAM force-rcpt-notify-never # Want to hide something...
# HDR220 metatags:
# %% -- â€™%â€™ character
# %H -- SS->myhostname
# %I -- â€™+IDENTâ€™ if â€™identflgâ€™ is set
# %V -- VersionNumb
# %T -- curtime string
# %X -- xlatelang parameter
#PARAM hdr220 %H ZMailer ESMTP-server %V running at Yoyodyne Inc.
#PARAM hdr220 %H (NO UCE)(NO UBE) our local time is now %T
PARAM help ------------------------------------------------------
PARAM help This mail-server is at Yoyodyne Propulsion Inc.
PARAM help Our telephone number is: +1-234-567-8900, and
PARAM help telefax number is: +1-234-567-8999
PARAM help Our business-hours are Mon-Fri: 0800-1700 (TZ: -0700)
PARAM help Questions regarding our email service should be sent
PARAM help via email to address <postmaster@OURDOMAIN>
PARAM help Reports about abuse are to be sent to: <abuse@OURDOMAIN>
PARAM help ------------------------------------------------------
# Uncomment following for not to strip incoming addresses of
# form: <@aa,@bb:cc@dd> into non-source-routed base form: <cc@dd>
# The policy database:
# (NOTE: See â€˜makedbâ€™ for its default suffixes!)
PARAM policydb $DBTYPE $MAILVAR/db/smtp-policy
# External program for received message content analysis:
#PARAM contentfilter $MAILBIN/smtp-content-policy-analysis
#PARAM debug-contentfilter # Debug the content-filter interface
#PARAM tarpit 0 0 0 # No "tarpit" for 4XX/5XX reply codes
#PARAM tarpit 20 2 300 # Initial delay: 20 secs, next = prev + (prev * 2)
# TLSv1/SSLv parameters;
# all must be used for the system to work!
# See doc/guides/openssl, or:
##PARAM listen-ssmtp # A deprecated TCP/465 port listener for SSL/SMTP
##PARAM outlook-tls-bug # Variant of ssmtp
#PARAM tls-CAfile $MAILVAR/db/smtpserver-CAcert.pem
#PARAM tls-cert-file $MAILVAR/db/smtpserver-cert.pem
#PARAM tls-key-file $MAILVAR/db/smtpserver-key.pem
#PARAM tls-dcert-file $MAILVAR/db/smtpserver-dcert.pem
#PARAM tls-dkey-file $MAILVAR/db/smtpserver-dkey.pem
#PARAM tls-dh512 $MAILVAR/db/smtpserver-dh512.pem
#PARAM tls-dh1024 $MAILVAR/db/smtpserver-dh1024.pem
# # Then some futher thoughs that may materialize some time..
#PARAM tls-loglevel 0
#PARAM tls-ccert-vd 0
#PARAM tls-ask-cert 0
#PARAM tls-require-cert 0
##PARAM tls-CApath ... (somewhen: verify clientâ€™s certificates)
##PARAM tls-enforce-tls 1
# Elements to be added into "Received:" headerâ€™s
# initial comment part:
#PARAM rcvd-ident # The ident lookup result
# # (or even admitting it having queried)
#PARAM rcvd-whoson # Likewise for "whoson"
#PARAM rcvd-auth-user # Authenticated Username
#PARAM rcvd-tls-mode # Cipher or not
#PARAM rcvd-tls-ccert # Client Certificate reference
# EGD/PRNGD type entropy source for OpenSSL in case your
# system does not have /dev/*random devices:
#PARAM tls-random-source /var/run/prngd-socket
# A load-balanced server cluster may want to communicate
# the ETRN request to cluster components, here is how:
# See also: doc/guides/etrn-cluster
#PARAM etrn-cluster localhost mq2-username mq2-passwd
#PARAM etrn-cluster node-2-name-or-address mq2-username mq2-passwd
#PARAM etrn-cluster node-3-name-or-address mq2-username mq2-passwd
#PARAM etrn-cluster node-40-name-or-address mq2-username mq2-passwd
# HELO/EHLO-pattern style-flags
# [max loadavg]
localhost 999 ftveR
some.host.domain 999 !NO EMAIL ACCEPTED FROM YOUR MACHINE
# If the host presents itself as: HELO [22.214.171.124] be lenient to
# it.. The syntax below is due to these patterns being SH-GLOB
# style patterns where the brackets are special characters.
\[*\] 999 ve
# Per default demant strict syntactic adherence, including fully
# qualified addresses for MAIL FROM, and RCPT TO. To be lenient
# on that detail, remove the "R" from "veR" string below:
* 999 veR
The contentfilter interface has been modified a few times, see your
README.UPGRADING file for details matching your running setup.
The contentfilter program is started without parameters running userid
of daemon in directory $POSTOFFICE.
The protocol in between the smtpserver(8zm), and the content-policy
program is a clone from the scheduler to transport-agent one. Namely:
0) server: spawn a sub-process for the policy program
1) policy: "#hungry\n"
2) server: "jobfilepath\n"
3) policy: "RESULT DATA\n"
The loop repeats from 1, and terminates at 2, when the content-filter
program reads an EOF.
The smtpserver does expect that the contentfilter program behaves
according to this protocol, and e.g. a system where the filter
program runs once, and exists, has in the past proven incompatible
with the system.
-1 550 5.7.1 negatives are condemned into rejection
0 250 2.6.0 zero is ok! gladly accepted
1 550 5.7.1 positives are sent into the freezer
The program may choose to order rejection, and report acceptance, or
which way ever:
-1 250 2.7.1 Glad to see some spam, immediately destroyed :)
0 250 2.6.0 Message OK!
1 550 5.7.1 That is spam, rejected!
If the message has no text, some defaults are supplied. If the message
text starts with numbers, it is presumed that it contains both the SMTP
reply code, and ENHANCEDSTATUSCODE before the text. (If no
ENHANCEDSTATUSCODE part is present, then some possibly senseless
default is supplied.)
Interface message text lines beginning with anything except signed
integer are logged, and the communication channel from the smtpserver
to the contentfilter program is closed. Interface continues to scan
things reported by the contentfilter program, and if no properly
formatted line appears, default is to send the message into the freezer
with code "1".
The message text may contain CR characters, in which case the code in
smtp-server will produce multi-line replies to the message originator.
Keep always in mind, that SMTP protocol (and thus the message texts
here) are presumed to be plain 7-bit US-ASCII! However: You may (most
of the time) get away with 8-bit chars in the texts...
TCP-WRAPPER AND SMTPSERVER
If the ZMailer system is configured with tcp-wrapper code, and â€˜â€˜PARAM
use-tcp-wrapperâ€™â€™ is active in configuration, then service-id "smtp-
receiver" is looked for all those addresses that are allowed to feed
SMTP email in.
Usually this mode of operation is not used, and files hosts.allow, and
hosts.deny contain following kind of entries:
mailq : ALL@126.96.36.199
ALL : ALL@ALL
Alternatively, all the functions which tcp-wrapper could supply are
also available thru the policy database machinery.
(Do note that scheduler(8zm) has also tcp-wrapper support, which
becomes active simultaneously with smtpserverâ€™s tcp-wrapper code!)
SASL AUTHENTICATION MECHANISMS
The smtpserver does contain experimental code supporting authentication
interaction using SASL mechanisms as they are implemented in CMU
This will also necessitate adding SASL-2 library related configuration
telling what backside systems are to be used. Possible configuration
# ---- /usr/lib/sasl2/smtpserver.conf ----
TO BE WRITTEN; Some further notes on how to setup the TLS encryption on
the smtpserver(8zm). For the time being, see notes at
"doc/guides/openssl" as well as what is written above at the "PARAM
use-tls", or there abouts.
SMTP-AUTH -- AUTHENTICATE (RELAY) USER
The idea with "smtp-auth" is to authenticate the user who wants extra
privileges from the SMTP service, namely if a user wants to send email
to an address considered non-local at the system, this user needs
In usual cases the privilege is granted based on IP address of the user
(See "smtp-policy.relay*" below in SMTP-Policy Configuration).
The privilege can also be granted by doing a "login" procedure where
the user gives some personal identifier, and related secret.
Becase the normal authenticator is a plain-text password, this
operation should be done under the security envelope of the SSL. (Or
equivalent under IPSEC encryption, although ZMailerâ€™s smtpserver does
not know how to detect the session being IPSEC protected!)
You will likely need:
Â· "PARAM smtp-auth"
Â· The TLS related notes above.
Â· "PARAM AUTH-LOGIN-also-without-TLS"
Â· "PARAM SMTP-auth-pipe /path/to/program"
Â· And possibly also PAM-support for SMTP-Auth, see below.
PAM-SUPPORT FOR SMTP-AUTH
If the system has <security/pam_appl.h> file, following file will also
be needed for the system:
------- /etc/pam.d/smtpauth-login -----------
auth required /lib/security/pam_pwdb.so shadow
auth required /lib/security/pam_nologin.so
account required /lib/security/pam_pwdb.so
This subsystem of smtpserver(8zm) does control acceptability of
recipient envelope addresses per several criteria:
Â· "contactee IP address"
Â· SMTP "MAIL FROM:<..>" address
Â· SMTP "RCPT TO:<..>" addresses
Â· "various control files"
Specifically the $MAILBIN/policy-builder.sh script uses following
MAILVAR/db/smtp-policy.src The boilerplate
MAILVAR/db/localnames (â€™= _local_namesâ€™)
MAILVAR/db/smtp-policy.relay.manual (â€™= _full_rightsâ€™)
MAILVAR/db/smtp-policy.relay (â€™= _full_rightsâ€™)
MAILVAR/db/smtp-policy.mx.manual (â€™= _relaytargetâ€™)
MAILVAR/db/smtp-policy.mx (â€™= _relaytargetâ€™)
MAILVAR/db/smtp-policy.spam.manual (â€™= _bulk_mailâ€™)
MAILVAR/db/smtp-policy.spam (â€™= _bulk_mailâ€™)
If you want, you can modify your boiler plate, as well as your
installed policy-builder.sh script. (Doing â€™make installâ€™ will
overwrite policy-builder.sh, but not smtp-policy.src)
Basically these various source files (when existing) are used to
combine knowledge of valid users around us. Some datasets have two
input source files, smtp-policy.NN and smtp-policy.NN.manual, the
".manual" is intended to be overrider of of possibly autogenerated data
at the "plain" version of files.
Who we are -- ok for receiving; does not grant outgoing relay
Who can use us as outbound relay.
for listing those senders (networks) we absolutely trust.
Additionally you may give (at the same line) some attributes as
parameters for this key entry:
fulltrustnet + trustrecipient +
First pair will accept any source address, and any recipient
addresses that are fed to the server; the second will verify
the source address, but after that it will accept any recipient
You may also enter domains which are looked up for the hostname
of reversed IP address, but it is not very wise; IP-reversal is
not trustworthy data. It may also cause double- entry/level
descendance problems when two domain-suffixes have same ending
suffix (or are the same).. (Name/keyspace problem)
We can set the internal "always_accept" flag at the source IP
test, and never after.
Who really are our MX clients.
Use this when you really know them, and donâ€™t want just to trust
that if recipient has MX to you, it would be ok... You can
substitute this knowledge with a fuzzy feeling by using
â€™acceptifmx +â€™ attribute at the generic boilerplate.
List here domain names.
You CAN also list here all POSTMASTER addresses you accept email
these are magic addresses that email is accepted to, even when
everything else is blocked.
Those users & domains that are absolutely no-no for the senders,
or the recipients, no matter what earlier analysis has shown.
(Except for those that we absolutely trust..)
Short usage instructions:
Â· Fill in/modify related files
Â· Execute MAILBIN/policy-builder.sh script
You can run the smtpserver in a mode where you can claim to be from any
address in the outside world you wish:
$MAILBIN/smtpserver -i -d 1 -T â€™[188.8.131.52]â€™
The mode must be interactive (-i), and supplying debug mode (-d 1) to
it is good help.
Actual claimed connection source address is to be given inside square
brackets as a SMTP IP address literal.
Now you can try things like:
(Substitute some real domains into those RCPT TO lines --
"local.domain" is a hint about what to pick for it..)
Depending what kind of address you have supplied to the -T parameter,
they get either accepted, or rejected.
SMTP-POLICY RBL-TYPE BLOCKING LISTS
Per default the system does not use RBL-type blocking lists. There are
two ways how to take them into use:
You can start rejecting at the connection setup and then at MAIL
FROM (and RCPT TO).
However many (especially M$ environment) SMTP clients wonâ€™t react
on that properly, and will just keep repeating the delivery
You can delay the rejections until RCPT addresses are given.
SMTP-POLICY; IMMEDIATE REJECTION BY RBL
Like mentioned above, this method has a problem with many clients who
donâ€™t believe that HELO can give 500-series response.
Method is as follows:
Pick your choice of databases to the second variant â€˜â€˜_rbl0â€™â€™ label by
joining your selection from various things exemplified here below by
using â€˜â€˜:â€™â€™ character as glue in between:
â€˜â€˜+â€™â€™ alias â€˜â€˜rbl.maps.vix.comâ€™â€™
â€˜â€˜ok.orbs.org:relays.orbs.orgâ€™â€™ <-- THIS IS A PAIR!
For the â€˜â€˜ok.orbs.org:relays.orbs.orgâ€™â€™ the ZMailer 2.99.52patch2 has
special support, but it isnâ€™t entirely fool-proof thing... (Due to
false OKs in the OK zone while NETBLOCK type things exist at the RELAYS
An example for the resulting attribute pair: (RBL+DUL+RSS)
#| Second RBL variant: Early block with RBL+DUL+RSS
_rbl0 test-dns-rbl +:dul.maps.vix.com:relays.mail-abuse.org
_rbl1 # Nothing
SMTP-POLICY; DELAYED REJECTION BY RBL
Delay the rejection report to â€˜â€˜RCPT TOâ€™â€™ verbs by using the â€˜â€˜Third
#| Third RBL variant: Late block with RBL+DUL+RSS
_rbl0 rcpt-dns-rbl +:dul.maps.vix.com:relays.mail-abuse.org
_rbl1 test-rcpt-dns-rbl +
The sample boilerplace will use these as defaults unless you choose to
explicitely have â€˜â€˜test-rcpt-dns-rbl -â€™â€™ at some of the recipient
domains you list at smtp-policy.mx file:
sample.domain.no.rbl test-rcpt-dns-rbl -
OPENSSL RELATED PARAMETERS
Because the TLS related code is fairly straight copy from Postfix
specific one, the document is fairly direct copy, too..
To use TLS we do need a certificate and a private key. Both must be in
be encrypted, that does mean: it must be accessable without password.
Both parts (certificate and private key) may be in the same file.
PARAM tls-cert-file /etc/postfix/server.pem
PARAM tls-key-file /etc/postfix/server.pem
The certificate was issued by a certification authority (CA), of which
the CA-cert must be available. This file may also contain the the CA
certificates of other trusted CAs. You must use this file for the list
of trusted CAs if you want to use chroot-mode.
PARAM tls-CAfile /etc/postfix/CAcert.pem
To verify the peer certificate, we need to know the certificates of
certification authorities. These certificates in The same CAs are
offered to clients for client verification. Donâ€™t forget to create the
necessary $OPENSSL_HOME/bin/c_rehash /etc/postfix/certs. A typical
place for the CA-certs may also be $OPENSSL_HOME/certs, so there is no
default and you explicitly have to set the value here!
PARAM tls-CApath /etc/postfix/certs
To get additional information during the TLS setup and negotiations you
can increase the loglevel from 0..4:
0: No output about the TLS subsystem
1: Printout startup and certificate information
2: 1 + Printout of levels during negotiation
3: 2 + Hex and ASCII dump of negotiation process
4: 3 + Hex and ASCII dump of complete transmission after STARTTLS
Use loglevel 3 only in case of problems. Use of loglevel 4 is strongly
PARAM tls-loglevel 0
By default TLS is disabled, so no difference to plain ZMailer is
visible. Explicitely switch it on here:
If the operating system isnâ€™t equipped with /dev/*random devices,
OpenSSLâ€™s RAND_bytes(3) function will use compilation time defaults to
locate EGD compatible entropy source. See dokumentation at:
RAND_egd(3) man-page. If you have something similar in your system,
but in non-default location (see the man-page above), you can set its
location with this:
PARAM tls-random-source /var/run/prngd-socket
ENVIRONMENT VARIABLES USED BY THE SMTPSERVER
The zmailer(3zm) libraryâ€™s mail_open() et.al. functions use several
environment variables. See that man-page.
Z-ENV VARIABLES USED BY THE SMTPSERVER
A collection of system configuration things
Alternate way to tell the system the same thing as config does:
Preferrably this is not to be used! Security dangers aplenty!
If exists (with valid content), BINDADDR specifies to which
local interface to bind smtpserver, smtp transport agent, and
scheduler. Possible specification formats are:
Used to find related router(8zm) program for interactive routing
PATH Passed on authentication subprocess program, see: PARAM
See also zmailer(3zm).
Passed on authentication subprocess program, see: PARAM
system global parameters
if PAM mechanism is present and plain-password authentication is
RFC 821/2821 The basic SMTP specification
RFC 1123 Various 821 parameter clarifications
Several extended SMTP facilities are implemented:
RFC 1341/1521/2045 MIME specification (body, formats)
RFC 1342/1522/2047 MIME specification (headers)
RFC 1425/1651/1869 ESMTP EHLO framework
RFC 1426/1652 ESMTP 8BITMIME
RFC 1427/1653/1870 ESMTP SIZE
RFC 1428 Basic MIME conversion rules
RFC 1830/3030 ESMTP CHUNKING
RFC 1854/2197/2920 ESMTP PIPELINING
RFC 1891/3461 ESMTP DSN
RFC 1893/3463 Enhanced Mail System Status Codes
RFC 1985 ESMTP ETRN
RFC 2033 LMTP server mode (for testing)
RFC 2034 ESMTP ENHANCEDSTATUSCODES
RFC 2487/3207 ESMTP STARTTLS
RFC 2222 SASL mechanism base definition
RFC 2554+M$ Exchange ESMTP AUTH LOGIN
RFC 2554+NetScape ESMTP AUTH=LOGIN
RFC 2852 ESMTP DELIVERBY (incomplete implementation)
This program authored and copyright by:
Rayan Zachariassen <no address>
Extended SMTP, policy facilities, etc. by
Matti Aarnio <email@example.com>