Provided by: zmailer_2.99.56-2_i386 bug


       smtpserver - zmailer SMTP server


                  [-46aBhigntVvw]     [-p port]    [-l SYSLOG]    [-l logfile]
                  [-s[ftveR]]   [-s strict]   [-I pidfile]    [-L maxloadaver]
                  [-M SMTPmaxsize]  [-P postoffice]  [-R router]  [-C cfgfile]
                  [-Z zenvfile] [-T []]


       This program implements  the  server  side  of  the  SMTP  protocol  as
       described  in  RFC-2821,  and  knows about the common extensions to the
       protocol expected by Sendmail and BSMTP clients.

       By default the program will kill the previous  smtpserver(8zm)  daemon,
       if any, then detach and listen for SMTP connections.  Incoming messages
       will be submitted for processing using the  zmailer(3zm)  interface  to
       ZMailer.   Nontrivial address checking is done asynchronously, although
       this behaviour can be changed by a command line option  if  you  cannot
       afford  to  transfer data just to bounce it back.  All checking is done
       by executing the router(8zm) program in interactive mode, and executing
       a  well-known  shell  function  with  well-known  parameters  for  each


              Explicitely to use IPv4 type of socket even on machines that  is
              capable to do IPv6 type of sockets.

              Explicitely  to  (try  to)  use  IPv6 type of socket even if the
              machine does not support it.  For a default the server will  try
              to  use IPv6, if it has been compiled on an environment where it
              is present, but will do a fallback to IPv4 in case  the  runtime
              system does not have IPv6.

              turn  on  RFC931/RFC1413  indentification  protocol, and log the
              information acquired with it to the submitted file.

              turn on usage of "whoson" protocol.  This  option  is  available
              even if actual code is not available.

              the   gullible   option   will  make  the  program  believe  any
              information it is told (such as origin of a connection)  without

              check  helo-parameter,   per  default that is not checked in any
              way, with this option, syntax check is done on it.

              runs  the  server  interactively,  which  makes  it  usable  for
              processing  a  batched  SMTP  stream  (BSMTP) on stdin.  With -v
              option this  echoes  incoming  BSMTP  to  create  more  accurate
              faximille of BITNET BSMTP mailers.

       -l SYSLOG
              A  magic  value  of  "SYSLOG"  for the logfile is interpreted by
              directing all session log stuff thru  syslogd;  something  which
              may require better syslogd, than your system has by default; see
              ‘‘syslog-ng’’ at a well indexed free software sites.

       -l logfile
              specifies a logfile  and  enables  recording  of  incoming  SMTP
              conversations.   If  you  want  both file based session log, and
              syslog() based, issue this option after ‘‘-l SYSLOG’’ one.

              indicates the program is being run from inetd(8).

              specifies the TCP port to listen on instead of the default  SMTP
              port, 25.

              flags  the  email  to  arrive via BSMTP channel (via BITNET, for

       -I pidfile
              specifies an alternate PID file location.

       -L maxloadaver
              tells the maximum load-average the system is under when we still
              accept email in.

       -M SMTPmaxsize
              Defines  the asolute maximum size we accept from incoming email.
              (Default: infinite) (This is local policy issue.)

       -P postoffice
              specifies an alternate POSTOFFICE directory.

       -R router
              specifies an alternate router (8zm) program to use  for  address

       -C cfgfile
              specifies  nonstandard  configuration file location; the default
              is $MAILSHARE/smtpserver.conf.

       -s strict
              this turns on  all  kinds  of  strict  smtp  protocol  adherence
              checks, which in normal life can be relaxed slightly.  Great for
              compliance testing ;)

       -s [ftveRS]
              specifies the style of address  verification  to  be  performed.
              There are four independent commands that can invoke some kind of
              address verification, and  four  independent  flags  to  control
              whether this should be done.  They are:

              f      check MAIL FROM addresses

              t      check RCPT TO addresses

              v      check VRFY command argument

              e      check EXPN command argument

              R      require  addresses  to be of syntax: local@remote (strict

                     allow sloppy input for systems incapable to  respect  RFC
                     821 properly; WinCE1.0 (and 2.0) does:
                        "MAIL FROM:user@domain"

              The  flags  are  concatenated  to  form  the  argument to the -s
              option.  The default is ve.

       -T ’[]’

       -T ’[ipv6.hhhh:hhhh:hhhh:hhhh:hhhh:hhhh:]’
              Supply (in interactive mode) test  address  for  policy  dataset
              address testing.  The optionset recommended for that case is:

                 -i -d 1 -T ’[]’

              A  notable  detail is that to see what really is going on in the
              policy analysis,one must usei the ‘‘-d 1’’ option to turn on the
              debugging  early  enough  to see its initial verdict at the time
              the ‘‘220..’’ greeting banner is produced..

              Also notable is that brackets in the supplied IP address must be
              present,  otherwise illegal syntax will be reported.  (Using RFC
              821 address literal parser here.)

              Set when running smtpserver under e.g. inetd, and using  service
              port  number  465;  a  "well-known"  deprecated one of SSL/SMTP;
              (From the era before ‘‘STARTTLS’’ protocol verb.)

       -Z zenvfile
              passes  on  explicite  non-compiled-in-default  located  ZCONFIG
              environment file.

              prints a version message and exits.


       If  the  $MAILSHARE/smtpserver.conf  exists it is read to configure two
       kinds of things:

       PARAM -entries
              allow  server  start-time  parametrization  of  several  things,

               · help-texts

               · acceptance/rejection database definitions

               · various feature parametrizations

              On PARAM lines the system allows $-expansions of ZENV variables.
              (Special note: ’$$’ expands as ’$’, not  shell-style  process-id

       The style (-s) option
              behaviour  based  on  glob  patterns matching the HELO/EHLO name
              given  by  a  remote  client.   Lines  beginning  with  a  #  or
              whitespace  are  ignored  in  the file, and all other lines must
              consist of two tokens: a shell-style (glob) pattern starting  at
              the  beginning  of the line, whitespace, and a sequence of style
              flags.  The first matching line is used.  As a special case, the
              flags  section  may  start with a !  character in which case the
              remainder of the line is a failure comment message to  print  at
              the  client.  This configuration capability is intended as a way
              to control misbehaving client software or mailers.

       PARAM maxsize
              This is synonym to start-time -M option.

       PARAM min-availspace 5000
              This defines, in  kilobytes,  the  minimum  available  space  in
              POSTOFFICE directory after the message has been accepted in.

       PARAM max-error-recipients
              This  defines  how  many  recipients  can  be on a message whose
              source address is MAIL FROM:<>.  That is, is an  error  message.
              (Sometimes SPAMs are tried to inject in that form...)

       PARAM MaxSameIpSource
              This  sets  the  maximum  number  of active connections from any
              given single IP address.

              When the limit is reached, system tells the remote end:
                 450 Too many simultaneous connections...
              (and then closes the connection.)

              When the limit is exceeded by factor of four,  the  server  just
              closes the connection without telling anything.

              Do  note that this works only when the smtpserver  is running as
              its own daemon, not while run from under inetd!

       PARAM MaxParallelConnections
              This limits how many simultaneous connections  the  server  will
              accept in total -- e.g. how many childs a master server can have
              running.  Default value: 800.

              Exceeding the limit by less than 100 will get a message
                 450 Too many simultaneous connections...
              printed to the connection.  In  every  case  the  connection  is
              closed right after the possible message.

              Do  note  that this works only when the smtpserver is running as
              its own daemon, not while run from under inetd!

       PARAM ListenQueueSize
              This sets the listen queue size parameter for listen(2) call  at
              the server.

       PARAM TcpRcvBufferSize
              This  sets   setsockopt(SO_RCVBUF)   value,  in  case the system
              default is not suitable.

       PARAM TcpXmitBufferSize
              This sets  setsockopt(SO_SNDBUF)   value,  in  case  the  system
              default is not suitable.

       PARAM RcptLimitCount 10000
              This  sets  the  maximum  number  of accepted recipients per one
              message transaction.  Default (and minimum!) value is 100, which
              is mandated by the RFC 821.

       PARAM BindPort    25

       PARAM BindAddress []

       PARAM BindAddress [IPv6.0::0]

       PARAM BindAddress iface:ifacename
              Per default the server mode SMTP-server binds to port 25 and any
              locally accepted address, but occasionally people seem  to  want
              to have separate server instances with different configurations,
              and for those cases are these parameters.

              Multiple instances  of  BindAddress  will  work,  and  bind  all
              presently supported ports to all those addresses.

       PARAM DEBUGcmd

       PARAM EXPNcmd

       PARAM VRFYcmd
              This  trio  (DEBUGcmd,  EXPNcmd,  VRFYcmd)  are enablers of like
              named SMTP verbs which have some uses in the debug mode.

              They are normally disabled, but running them  enabled  does  not
              allow direct attacks with them.  (That we know of.)

       PARAM enable-router
              This  enables interactive router use where user inputs reach the
              router.  As things turn out, while the canned scripts should  be
              safe against any and all inputs, a careless change in the router
              scripts may endanger this status.

              Per default this is disabled to protect your system.

              To enable EXPN and VRFY, this  must  be  enabled,  but  be  very
              carefull   when   you  do  this.   This  is  also  required  for
              interactive router processing of ‘‘MAIL FROM’’ and  ‘‘RCPT  TO’’

       PARAM smtp-auth
              This  enables  ’SMTP  AUTH’  facility  (AUTH verb, plus optional
              parameter to MAIL verb).  With this the users who  are  able  to
              ’login’  successfully  to  this host, are then able to relay the
              email thru the server unlimited.

       PARAM AUTH-LOGIN-also-without-TLS
              This enables ’SMTP AUTH’ facility  usage  also  without  running
              under SSL/TLS security envelope.

       PARAM smtp-auth-sasl
              If  the  system has been configured with SASL2 support, use that
              instead of built-in plain-text authenticator code.

              Presently experimental code!

       PARAM smtp-mechanisms mech name list
              List only those mechanisms that are wanted to  be  supported  in
              the  running system.  Undefined list means: any and all what the
              SASL-system supports.

              Suggested list: "PLAIN LOGIN"

              Other ways might work, or might not.  Experience is partial, and
              failed in several combinations.

       PARAM MSA-mode
              Enable  Message Submission Agent mode, where smtpserver requires
              successful user authentication during  SMTP  sessions  initiated
              from  outside  of  the  trusted  networks  or  the networks with
              relaying enabled (see "fulltrustnet" and "relaycustnet"  at  the
              sample proto/db/smtp-policy.src file).

       PARAM SMTP-auth-pipe /path/to/program
              This  is  a  path  to  the external authentication program.  The
              authenticator should read a username from command  line,  and  a
              password  from  standard  input.  Exit status 0 means successful

              It  is  relatively  easy  to  make   a   mistake   in   external
              authentication  program that follows the specification. Use this
              option only if you know exactly what you do! BE CAREFULL!

       PARAM use-tcp-wrapper
              If TCP-WRAPPER is configured in, uncommenting this will activate
              its use to look service name:  smtp-receiver



       PARAM NoDSN




              This  set  contains  disablers  of like named Extended SMTP EHLO
              responses, plus EHLO verb itself, e.g. using these will turn off
              given  (for  example  ‘‘PIPELINING’’)  response  from  the  EHLO
              replies, and then a client possibly capable to  feed  PIPELINING
              will  not do it -- unless it breaks rules, and does it even when
              the server does not report facility being available.

              If you want to disable any of these,  you  better  have  a  good
              reason for it, as in general they work quite fine.

              Of  these,  8BITMIME  can  not  in reality be disabled, only its
              adverticement can be turned off.

       PARAM no-multiline-replies
              Turn off  ZMailer’s  default  multiline  replies;  many  systems
              (especially   from  M$  breed)  don’t  do  RFC  821  Appendix  E

       PARAM force-rcpt-notify-never
              Whatever the incoming DNS NOTIFY= value is, we force  it  always
              to  be  NOTIFY=NEVER.    This is for those who won’t like to let
              others even to find out that the message made into  the  system,
              but still want to support incoming DSN. (That is, not to disable

       PARAM hdr220 a string of stuff
              This allows full customization of the initial greeting  message.
              For details, see the sample configuration below.

       PARAM help ....
              This  allows adding locally relevant data into the SMTP protocol
              HELP  command  response  texts.   See  example  in  the   sample
              configuration below.

       PARAM policydb DBTYPE /path/to/dbfile
              This  defines  smtp  input  policy  filtering/analysis  database
              location.     See     the     comments     at     the     sample
              proto/db/smtp-policy.src file.

              An  error  here  will  be  reported  with obscureish code; "1" =
              "DBTYPE parameter unknown/unsupported", "2" =  "can’t  open  the

       PARAM contentfilter $MAILBIN/smtp-contentfilter
              An external program for received message content analysis.

              The  interface  is  desribed  below  at  CONTENTFILTER INTERFACE

       PARAM debug-contentfilter
              Sends some debug-data of the content-filter interface  into  the
              smtpserver protocol log file.

       PARAM tarpit initial exponent toplimit
              This  defines  a  pre-reply  slow-down  factor,  and  next delay
              multiplier (both are integers).   Default  values  are  (0,  0).
              Delay  tops  at  250  (seconds).  The ‘‘initial’’ is used as the
              initial  tarpit  delay,  and  ‘‘exponent’’  is  multiplier   for
              formula: next = prev + (prev * exponent)

              Finally, ‘‘toplimit’’ caps the delay value.

       PARAM use-tls

       PARAM tls-CAfile $MAILVAR/db/smtpserver-CAcert.pem

       PARAM tls-cert-file  $MAILVAR/db/smtpserver-cert.pem

       PARAM tls-key-file   $MAILVAR/db/smtpserver-key.pem

       PARAM tls-dcert-file  $MAILVAR/db/smtpserver-dcert.pem

       PARAM tls-dkey-file   $MAILVAR/db/smtpserver-dkey.pem
              These  are  TLSv1  parameters,  and  all parts of this parameter
              cluster must be set for the facility to work!

              See        doc/guides/openssl,       or:      http://www.aet.tu-
              something ZMailer specific gets written...)

              Also see below section OPENSSL RELATED PARAMETERS.

              The "dcert" and "dkey" are for  DSA  derived  private  key,  and

       PARAM tls-dh512  $MAILVAR/db/smtpserver-cert-dh512.pem

       PARAM tls-dh1024 $MAILVAR/db/smtpserver-cert-dh1024.pem
              Optional  file  to  supply  auxiliary  DH parameters for the DSA
              related key exchange, in case the certificate is so old, that it
              does  not  contain them.  The system has built-in default values
              for these.

       PARAM listen-ssmtp
              Listen on port TCP/465, which is  deprecated  SSL/SMTP  listener

       PARAM outlook-tls-bug
              Microsoft does it again...  If TLS is set at Outlook, and server
              port is not 25, it bloody well seems to expect that  the  server
              starts in TLS handshake mode.

              This  implements  a  2  second startup delay in case the port is
              some other than 25, and if some byte  is  received  from  client
              during  that  time,  and it happens to be 0x80, then this server
              will  initiate  TLS  negotiation.   If  nothing  happens  (well-
              behaving client), normal SMTP greeting is presented.

       PARAM tls-loglevel   0

       PARAM tls-ccert-vd   0

       PARAM tls-ask-cert   0

       PARAM tls-require-cert 0

       PARAM tls-CApath ... (somewhen: verify client’s certificates)

       PARAM tls-enforce-tls 1
              These are some futher thoughs that may materialize some time..

       PARAM rcvd-ident

       PARAM rcvd-whoson

       PARAM rcvd-auth-user

       PARAM rcvd-tls-mode

       PARAM rcvd-tls-peer
              This  quintet  controls what possibly collected data is shown at
              the published ‘‘Received:’’ header that this system generates.

       PARAM etrn-cluster node-name-or-address mq2-username mq2-passwd
              In load-balance  clusters  a  network  level  load-balancer  may
              distribute  the  incoming  SMTP  connections  to  multiple  real
              machines, and by using this parameter (repeatedly) to list those
              peers,  system  can  relay  user  initiated ETRN requests to all
              cluster nodes.

              This method requires that the scheduler runs its  mailq  service
              in MAILQv2 mode!

       PARAM lmtp-mode
              When  desiring  to  test  LMTP (RFC 2033), this parameter can be
              turned on, however ZMailer is no  real  LMTP  server,  and  this
              feature is only for debug purposes.

       Here is a possible configuration file:

         # smtpserver.conf - autogenerated edition
         #PARAM maxsize        10000000 # Same as -M -option
         #PARAM min-availspace     5000 # Minimum free in POSTOFFICE after
         #                              # message has arrived; in kBs.
         #PARAM max-error-recipients  3 # More than this is probably SPAM!
         #PARAM max-unknown-commands 10 # More than this is probably broken
         #                              # client
         #PARAM MaxSameIpSource      10 # Max simultaneous connections
         #                              # from any IP source address
         #PARAM MaxParallelConnections 800 # Max simultaneous connections
         #                              # in total to the server
         #PARAM TcpRcvBufferSize  32000 # Should not need to set!
         #PARAM TcpXmitBufferSize 32000 # Should not need to set!
         #PARAM ListenQueueSize      10 # listen(2) parameter
         #PARAM RcptLimitCount    10000 # Max number of recipients for one
         #                              # MAIL FROM session. Minimum: 100
         #PARAM BindPort          25    # Binding port
         #PARAM BindAddress  []  # Binding address - for multihomers..
         #PARAM BindAddress [IPv6.0::0] # and here is for IPv6 - NO SPACES!
         # Enables of some commands:
         #PARAM  DEBUGcmd
         PARAM   EXPNcmd
         PARAM   VRFYcmd
         PARAM  enable-router
         #               # This is a security decission for you.
         #               # This is needed for EXPN/VRFY and interactive
         #               # processing of MAIL FROM and RCPT TO addresses.
         #               # However it also may allow external user entrance
         #               # to ZMailer router shell environment with some
         #               # suitably pervert input, if quotation rules are
         #               # broken in the scripts.
         #PARAM  smtp-auth-sasl
         #               # Authentication with SASL[2] mechanisms
         #               # in the system.  Enabling this takes precedence over
         #               # smtp-auth below!
         #PARAM  sasl-mechanisms  LIST OF SASL MECHANISMS
         #               # A space delimittered list of SASL mechanisms we
         #               # want to support.
         #PARAM  smtp-auth
         #               # enable if you want to allow SMTP to autenticate
         #               # with the default code against system /etc/passwd
         #               # (or whatever source  getpwnam() uses for it..)
         #PARAM  AUTH-LOGIN-also-without-TLS
         #               # Enable, if the "AUTH LOGIN" is to be allowed to
         #               # be used without running under SSL/TLS security
         #               # envelope.
         #PARAM  MSA-mode
         #               # Message Submission Agent mode. Require
         #               # successful user authentication during SMTP
         #               # sessions initiated from outside of the trusted
         #               # networks or the networks with relaying enabled
         #               # (see "fulltrustnet" and "relaycustnet" in
         #               # smtp-policy.src file).
         #PARAM  SMTP-auth-pipe /path/to/program
         #               # External authentication program. The
         #               # authenticator should read a username from
         #               # command line and a password from standard input.
         #               # Exit status 0 means successful authentication.
         #PARAM  use-tcp-wrapper
         #               # If TCP-WRAPPER is configured in, uncommenting this
         #               # will activate its use to look service name:  smtp-receiver
         # Disablers of some facility adverticements
         #PARAM  NoEHLO
         #PARAM  No8BITMIME
         #PARAM  NoDSN
         #PARAM  NoETRN
         #PARAM  no-multiline-replies # except to EHLO
         #PARAM  force-rcpt-notify-never # Want to hide something...
         # HDR220 metatags:
         #  %% -- ’%’ character
         #  %H -- SS->myhostname
         #  %I -- ’+IDENT’ if ’identflg’ is set
         #  %V -- VersionNumb
         #  %T -- curtime string
         #  %X -- xlatelang parameter
         #PARAM hdr220 %H ZMailer ESMTP-server %V running at Yoyodyne Inc.
         #PARAM hdr220 %H (NO UCE)(NO UBE) our local time is now %T
         PARAM help ------------------------------------------------------
         PARAM help  This mail-server is at Yoyodyne Propulsion Inc.
         PARAM help  Our telephone number is: +1-234-567-8900, and
         PARAM help  telefax number is: +1-234-567-8999
         PARAM help  Our business-hours are Mon-Fri: 0800-1700 (TZ: -0700)
         PARAM help
         PARAM help  Questions regarding our email service should be sent
         PARAM help  via email to address  <postmaster@OURDOMAIN>
         PARAM help  Reports about abuse are to be sent to: <abuse@OURDOMAIN>
         PARAM help ------------------------------------------------------
         # Uncomment following for not to strip incoming addresses of
         # form: <@aa,@bb:cc@dd> into non-source-routed base form: <cc@dd>
         #PARAM allowsourceroute
         # The policy database:
         # (NOTE: See ‘makedb’ for its default suffixes!)
         PARAM  policydb   $DBTYPE  $MAILVAR/db/smtp-policy
         # External program for received message content analysis:
         #PARAM  contentfilter  $MAILBIN/smtp-content-policy-analysis
         #PARAM  debug-contentfilter # Debug the content-filter interface

         #PARAM  tarpit 0 0 0    # No "tarpit" for 4XX/5XX reply codes
         #PARAM  tarpit 20 2 300 # Initial delay: 20 secs, next = prev + (prev * 2)

         # TLSv1/SSLv[23] parameters;
         # all must be used for the system to work!
         # See   doc/guides/openssl,  or:
         #PARAM  use-tls
         ##PARAM listen-ssmtp    # A deprecated TCP/465 port listener for SSL/SMTP
         ##PARAM outlook-tls-bug # Variant of ssmtp
         #PARAM  tls-CAfile      $MAILVAR/db/smtpserver-CAcert.pem
         #PARAM  tls-cert-file   $MAILVAR/db/smtpserver-cert.pem
         #PARAM  tls-key-file    $MAILVAR/db/smtpserver-key.pem
         #PARAM  tls-dcert-file  $MAILVAR/db/smtpserver-dcert.pem
         #PARAM  tls-dkey-file   $MAILVAR/db/smtpserver-dkey.pem
         #PARAM  tls-dh512       $MAILVAR/db/smtpserver-dh512.pem
         #PARAM  tls-dh1024      $MAILVAR/db/smtpserver-dh1024.pem
         #  # Then some futher thoughs that may materialize some time..
         #PARAM tls-loglevel     0
         #PARAM tls-ccert-vd     0
         #PARAM tls-ask-cert     0
         #PARAM tls-require-cert 0
         ##PARAM tls-CApath ... (somewhen: verify client’s certificates)
         ##PARAM tls-enforce-tls 1

         # Elements to be added into "Received:" header’s
         # initial comment part:
         #PARAM rcvd-ident       # The ident lookup result
         #                       # (or even admitting it having queried)
         #PARAM rcvd-whoson      # Likewise for "whoson"
         #PARAM rcvd-auth-user   # Authenticated Username
         #PARAM rcvd-tls-mode    # Cipher or not
         #PARAM rcvd-tls-ccert   # Client Certificate reference

         # EGD/PRNGD type entropy source for OpenSSL in case your
         # system does not have  /dev/*random  devices:
         #PARAM tls-random-source /var/run/prngd-socket

         # A load-balanced server cluster may want to communicate
         # the ETRN request to cluster components, here is how:
         # See also:  doc/guides/etrn-cluster
         #PARAM etrn-cluster localhost mq2-username mq2-passwd
         #PARAM etrn-cluster node-2-name-or-address mq2-username mq2-passwd
         #PARAM etrn-cluster node-3-name-or-address mq2-username mq2-passwd
         #PARAM etrn-cluster node-40-name-or-address mq2-username mq2-passwd

         # HELO/EHLO-pattern     style-flags
         #               [max loadavg]
         localhost           999 ftveR    999 !NO EMAIL ACCEPTED FROM YOUR MACHINE
         # If the host presents itself as:  HELO []  be lenient to
         # it..  The syntax below is due to these patterns being SH-GLOB
         # style patterns where the brackets are special characters.
         \[*\]               999 ve
         # Per default demant strict syntactic adherence, including fully
         # qualified addresses for  MAIL FROM, and RCPT TO.  To be lenient
         # on that detail, remove the "R" from "veR" string below:
         *                   999 veR


       The  contentfilter  interface  has  been modified a few times, see your
       README.UPGRADING file for details matching your running setup.

       The contentfilter program is started without parameters running  userid
       of daemon in directory $POSTOFFICE.

       The  protocol  in  between  the smtpserver(8zm), and the content-policy
       program is a clone from the scheduler to transport-agent one.  Namely:

         0) server: spawn a sub-process for the policy program

         1) policy: "#hungry\n"

         2) server: "jobfilepath\n"

         3) policy: "RESULT DATA\n"

         The loop repeats from 1, and terminates at 2, when the content-filter
         program reads an EOF.

         The  smtpserver  does  expect  that the contentfilter program behaves
         according to this protocol,  and  e.g.  a  system  where  the  filter
         program  runs  once,  and exists, has in the past proven incompatible
         with the system.

       General rule:

        -1 550 5.7.1 negatives are condemned into rejection
         0 250 2.6.0 zero is ok! gladly accepted
         1 550 5.7.1 positives are sent into the freezer

       The program may choose to order rejection, and  report  acceptance,  or
       which way ever:

        -1 250 2.7.1 Glad to see some spam, immediately destroyed :)
         0 250 2.6.0 Message OK!
         1 550 5.7.1 That is spam, rejected!

       If the message has no text, some defaults are supplied.  If the message
       text starts with numbers, it is presumed that it contains both the SMTP
       reply   code,   and   ENHANCEDSTATUSCODE   before  the  text.   (If  no
       ENHANCEDSTATUSCODE  part  is  present,  then  some  possibly  senseless
       default is supplied.)

       Interface  message  text  lines  beginning  with anything except signed
       integer are logged, and the communication channel from  the  smtpserver
       to  the  contentfilter  program is closed.  Interface continues to scan
       things reported by  the  contentfilter  program,  and  if  no  properly
       formatted line appears, default is to send the message into the freezer
       with code "1".

       The message text may contain CR characters, in which case the  code  in
       smtp-server  will produce multi-line replies to the message originator.

       Keep always in mind, that SMTP protocol (and  thus  the  message  texts
       here)  are presumed to be plain 7-bit US-ASCII!  However: You may (most
       of the time) get away with 8-bit chars in the texts...


       If the ZMailer system is configured with tcp-wrapper code, and  ‘‘PARAM
       use-tcp-wrapper’’  is  active  in configuration, then service-id "smtp-
       receiver" is looked for all those addresses that are  allowed  to  feed
       SMTP email in.

       Usually  this mode of operation is not used, and files hosts.allow, and
       hosts.deny contain following kind of entries:

          mailq : ALL@
          smtp-receiver: ALL@ALL

          ALL : ALL@ALL

       Alternatively, all the functions which  tcp-wrapper  could  supply  are
       also available thru the policy database machinery.

       (Do  note  that  scheduler(8zm)  has  also  tcp-wrapper  support, which
       becomes active simultaneously with smtpservers tcp-wrapper code!)


       The smtpserver does contain experimental code supporting authentication
       interaction  using  SASL  mechanisms  as  they  are  implemented in CMU
       Cyrus-SASL-2 library.

       This will also necessitate adding SASL-2 library related  configuration
       telling  what  backside systems are to be used.  Possible configuration
       file is:

          # ---- /usr/lib/sasl2/smtpserver.conf ----
          pwcheck_method: saslauthd


       TO BE WRITTEN; Some further notes on how to setup the TLS encryption on
       the    smtpserver(8zm).    For   the   time   being,   see   notes   at
       "doc/guides/openssl" as well as what is written  above  at  the  "PARAM
       use-tls", or there abouts.


       The  idea  with "smtp-auth" is to authenticate the user who wants extra
       privileges from the SMTP service, namely if a user wants to send  email
       to  an  address  considered  non-local  at  the system, this user needs
       special privilege.

       In usual cases the privilege is granted based on IP address of the user
       (See "smtp-policy.relay*" below in SMTP-Policy Configuration).

       The  privilege  can  also be granted by doing a "login" procedure where
       the user gives some personal identifier, and related secret.

       Becase  the  normal  authenticator  is  a  plain-text  password,   this
       operation  should  be done under the security envelope of the SSL.  (Or
       equivalent under IPSEC encryption, although ZMailer’s  smtpserver  does
       not know how to detect the session being IPSEC protected!)

       You will likely need:

         ·  "PARAM smtp-auth"

         ·  The TLS related notes above.

       Possibly also:

         ·  "PARAM AUTH-LOGIN-also-without-TLS"

         ·  "PARAM SMTP-auth-pipe /path/to/program"

         ·  And possibly also PAM-support for SMTP-Auth, see below.


       If  the system has <security/pam_appl.h> file, following file will also
       be needed for the system:

       ------- /etc/pam.d/smtpauth-login -----------
       auth     required  /lib/security/ shadow
       auth     required  /lib/security/
       account  required  /lib/security/


       This  subsystem  of  smtpserver(8zm)  does  control  acceptability   of
       recipient envelope addresses per several criteria:

         ·  "contactee IP address"

         ·  SMTP "MAIL FROM:<..>" address

         ·  SMTP "RCPT TO:<..>" addresses

         ·  "various control files"

       Specifically   the  $MAILBIN/  script  uses  following

       MAILVAR/db/smtp-policy.src            The boilerplate
       MAILVAR/db/localnames                 (’= _local_names’)
       MAILVAR/db/smtp-policy.relay.manual   (’= _full_rights’)
       MAILVAR/db/smtp-policy.relay          (’= _full_rights’)
       MAILVAR/db/      (’= _relaytarget’)
       MAILVAR/db/             (’= _relaytarget’)
       MAILVAR/db/smtp-policy.spam.manual    (’= _bulk_mail’)
       MAILVAR/db/smtp-policy.spam           (’= _bulk_mail’)

       If you want, you  can  modify  your  boiler  plate,  as  well  as  your
       installed   script.   (Doing  ’make  install’  will
       overwrite, but not smtp-policy.src)

       Basically these various  source  files  (when  existing)  are  used  to
       combine  knowledge  of  valid  users around us.  Some datasets have two
       input  source  files,  smtp-policy.NN  and  smtp-policy.NN.manual,  the
       ".manual" is intended to be overrider of of possibly autogenerated data
       at the "plain" version of files.

              Who we are -- ok for receiving; does not  grant  outgoing  relay


              Who can use us as outbound relay.

              Use here


              for  listing  those  senders  (networks)  we  absolutely  trust.
              Additionally you may give (at the same line) some attributes  as
              parameters for this key entry:

                     fulltrustnet + trustrecipient +

              First  pair  will  accept  any source address, and any recipient
              addresses that are fed to the server;  the  second  will  verify
              the  source address, but after that it will accept any recipient

              You may also enter domains which are looked up for the  hostname
              of  reversed IP address, but it is not very wise; IP-reversal is
              not trustworthy data.  It may  also  cause  double-  entry/level
              descendance  problems  when two domain-suffixes have same ending
              suffix (or are the same)..  (Name/keyspace problem)

              We can set the internal "always_accept" flag at  the  source  IP
              test, and never after.
              Who really are our MX clients.

              Use this when you really know them, and don’t want just to trust
              that if recipient has MX to you, it  would  be  ok...   You  can
              substitute   this  knowledge  with  a  fuzzy  feeling  by  using
              ’acceptifmx +’ attribute at the generic boilerplate.

              List here domain names.

              You CAN also list here all POSTMASTER addresses you accept email
              routed to:

                     postmaster@local.domain postmaster@client.domain

              these  are  magic addresses that email is accepted to, even when
              everything else is blocked.


              Those users & domains that are absolutely no-no for the senders,
              or  the  recipients,  no matter what earlier analysis has shown.
              (Except for those that we absolutely trust..)

       Short usage instructions:

         ·  Fill in/modify related files

         ·  Execute MAILBIN/ script


       You can run the smtpserver in a mode where you can claim to be from any
       address in the outside world you wish:

           $MAILBIN/smtpserver -i -d 1 -T ’[]’

       The  mode  must be interactive (-i), and supplying debug mode (-d 1) to
       it is good help.

       Actual claimed connection source address is to be given  inside  square
       brackets as a SMTP IP address literal.

       Now you can try things like:

         220 ...
         EHLO foo
         MAIL FROM:<>
         RCPT TO:<address@local.domain>
         RCPT TO:<address@elsewere.domain>

       (Substitute   some   real   domains   into   those  RCPT  TO  lines  --
       "local.domain" is a hint about what to pick for it..)

       Depending what kind of address you have supplied to the  -T  parameter,
       they get either accepted, or rejected.


       Per default the system does not use RBL-type blocking lists.  There are
       two ways how to take them into use:

            You can start rejecting at the connection setup and then  at  MAIL
           FROM (and RCPT TO).

           However  many  (especially M$ environment) SMTP clients won’t react
           on that  properly,  and  will  just  keep  repeating  the  delivery

           You can delay the rejections until RCPT addresses are given.


       Like  mentioned  above, this method has a problem with many clients who
       don’t believe that HELO can give 500-series response.

       Method is as follows:

       Pick your choice of databases to the second variant ‘‘_rbl0’’ label  by
       joining  your  selection  from various things exemplified here below by
       using ‘‘:’’ character as glue in between:

         ‘‘+’’ alias ‘‘’’
         ‘‘’’ <-- THIS IS A PAIR!

       For the ‘‘’’ the ZMailer  2.99.52patch2  has
       special  support,  but  it  isn’t entirely fool-proof thing...  (Due to
       false OKs in the OK zone while NETBLOCK type things exist at the RELAYS

       An example for the resulting attribute pair: (RBL+DUL+RSS)

         #| Second RBL variant: Early block with RBL+DUL+RSS
         _rbl0   test-dns-rbl
         _rbl1   # Nothing


       Delay  the  rejection  report to ‘‘RCPT TO’’ verbs by using the ‘‘Third
       RBL variant’’:

         #| Third RBL variant: Late block with RBL+DUL+RSS
         _rbl0   rcpt-dns-rbl
         _rbl1   test-rcpt-dns-rbl +

       The sample boilerplace will use these as defaults unless you choose  to
       explicitely  have  ‘‘test-rcpt-dns-rbl  -’’  at  some  of the recipient
       domains you list at file:

         #sample.domain.with.rbl    test-rcpt-dns-rbl -


       Because the TLS related code  is  fairly  straight  copy  from  Postfix
       specific one, the document is fairly direct copy, too..

       To use TLS we do need a certificate and a private key.  Both must be in
       be encrypted, that does mean: it must be accessable  without  password.
       Both parts (certificate and private key) may be in the same file.

         PARAM tls-cert-file  /etc/postfix/server.pem
         PARAM tls-key-file   /etc/postfix/server.pem

       The  certificate was issued by a certification authority (CA), of which
       the CA-cert must be available.  This file may also contain the  the  CA
       certificates of other trusted CAs.  You must use this file for the list
       of trusted CAs if you want to use chroot-mode.

         PARAM tls-CAfile /etc/postfix/CAcert.pem

       To verify the peer certificate, we need to  know  the  certificates  of
       certification  authorities.   These  certificates  in  The same CAs are
       offered to clients for client verification.  Dont forget to create the
       necessary  $OPENSSL_HOME/bin/c_rehash  /etc/postfix/certs.   A  typical
       place for the CA-certs may also be $OPENSSL_HOME/certs, so there is  no
       default and you explicitly have to set the value here!

         PARAM tls-CApath /etc/postfix/certs

       To get additional information during the TLS setup and negotiations you
       can increase the loglevel from 0..4:

           0:  No output about the TLS subsystem

           1:  Printout startup and certificate information

           2:  1 + Printout of levels during negotiation

           3:  2 + Hex and ASCII dump of negotiation process

           4:  3 + Hex and ASCII dump of complete transmission after STARTTLS

       Use loglevel 3 only in case of problems.  Use of loglevel 4 is strongly

         PARAM tls-loglevel 0

       By  default  TLS  is  disabled,  so  no  difference to plain ZMailer is
       visible.  Explicitely switch it on here:

         PARAM use-tls

       If the operating system isnt  equipped  with   /dev/*random   devices,
       OpenSSLs  RAND_bytes(3) function will use compilation time defaults to
       locate  EGD  compatible  entropy   source.    See   dokumentation   at:
       RAND_egd(3)  man-page.   If  you have something similar in your system,
       but in non-default location (see the man-page above), you can  set  its
       location with this:

         PARAM tls-random-source /var/run/prngd-socket


       The  zmailer(3zm)  library’s  mail_open() functions use several
       environment variables.  See that man-page.


       A collection of system configuration things

              Alternate way to tell the system the same thing as config does:
                 PARAM allowsourceroute
              Preferrably this is not to be used!  Security dangers aplenty!

              If exists (with valid  content),  BINDADDR  specifies  to  which
              local  interface  to  bind smtpserver, smtp transport agent, and
              scheduler.  Possible specification formats are:

              See zmailer(3zm).

              See zmailer(3zm).

              Used to find related router(8zm) program for interactive routing

       PATH   Passed   on   authentication   subprocess  program,  see:  PARAM
              SMTP-auth-pipe ...

              See also zmailer(3zm).

              See zmailer(3zm).

              See zmailer(3zm).


              Passed  on  authentication  subprocess   program,   see:   PARAM
              SMTP-auth-pipe ...


              system global parameters



              if PAM mechanism is present and plain-password authentication is


       router(8zm), zmailer.conf(5zm).

       RFC 821/2821            The basic SMTP specification
       RFC 1123                Various 821 parameter clarifications

       Several extended SMTP facilities are implemented:

       RFC 1341/1521/2045      MIME specification (body, formats)
       RFC 1342/1522/2047      MIME specification (headers)
       RFC 1425/1651/1869      ESMTP EHLO framework
       RFC 1426/1652           ESMTP 8BITMIME
       RFC 1427/1653/1870      ESMTP SIZE
       RFC 1428                Basic MIME conversion rules
       RFC 1830/3030           ESMTP CHUNKING
       RFC 1854/2197/2920      ESMTP PIPELINING
       RFC 1891/3461           ESMTP DSN
       RFC 1893/3463           Enhanced Mail System Status Codes
       RFC 1985                ESMTP ETRN
       RFC 2033                LMTP server mode (for testing)
       RFC 2034                ESMTP ENHANCEDSTATUSCODES
       RFC 2487/3207           ESMTP STARTTLS
       RFC 2222                SASL mechanism base definition
       RFC 2554+M$ Exchange    ESMTP AUTH LOGIN
       RFC 2554+NetScape       ESMTP AUTH=LOGIN
       RFC 2852                ESMTP DELIVERBY (incomplete implementation)


       This program authored and copyright by:
          Rayan Zachariassen <no address>
       Extended SMTP, policy facilities, etc. by
          Matti Aarnio  <>

                                  2003-Aug-28                  SMTPSERVER(8zm)