summaryrefslogtreecommitdiff
path: root/man
diff options
context:
space:
mode:
authorJannis Hoffmann <jannis@fehcom.de>2024-07-09 11:44:11 +0200
committerJannis Hoffmann <jannis@fehcom.de>2024-07-09 11:44:11 +0200
commitf1b71c9fe7dbb4886588a036399cf5ebe16b7c47 (patch)
treee07786aa479c9fb6ee3e537078470aaab5454f80 /man
parenta293489ee83c8b05d845a162dc2a4de026f3775d (diff)
removed top level directory
Diffstat (limited to 'man')
-rw-r--r--man/Makefile515
-rw-r--r--man/Makefile.mandoc512
-rw-r--r--man/TARGETS105
-rw-r--r--man/addresses.5260
-rw-r--r--man/bouncesaying.171
-rw-r--r--man/columnt.129
-rw-r--r--man/condredirect.163
-rw-r--r--man/datetime.373
-rw-r--r--man/dnscname.835
-rw-r--r--man/dnsfq.834
-rw-r--r--man/dnsip.831
-rw-r--r--man/dnsmxip.842
-rw-r--r--man/dnsptr.827
-rw-r--r--man/dnstlsa.851
-rw-r--r--man/dnstxt.829
-rw-r--r--man/dot-qmail.9396
-rw-r--r--man/envelopes.5231
-rw-r--r--man/except.133
-rw-r--r--man/fastforward.1123
-rw-r--r--man/forgeries.7104
-rw-r--r--man/forward.124
-rw-r--r--man/hostname.814
-rw-r--r--man/ipmeprint.815
-rw-r--r--man/maildir.5239
-rw-r--r--man/maildir2mbox.153
-rw-r--r--man/maildirmake.115
-rw-r--r--man/maildirwatch.123
-rw-r--r--man/mailsubj.138
-rw-r--r--man/matchup.1111
-rw-r--r--man/mbox.5235
-rw-r--r--man/newaliases.1366
-rw-r--r--man/newinclude.188
-rw-r--r--man/preline.157
-rw-r--r--man/printforward.116
-rw-r--r--man/printmaillist.115
-rw-r--r--man/qbiff.131
-rw-r--r--man/qmail-authuser.9490
-rw-r--r--man/qmail-badloadertypes.948
-rw-r--r--man/qmail-badmimetypes.946
-rw-r--r--man/qmail-clean.813
-rw-r--r--man/qmail-command.8149
-rw-r--r--man/qmail-control.9110
-rw-r--r--man/qmail-dkim.8217
-rw-r--r--man/qmail-dksign.9336
-rw-r--r--man/qmail-dkverify.8137
-rw-r--r--man/qmail-getpw.9114
-rw-r--r--man/qmail-header.5332
-rw-r--r--man/qmail-inject.8309
-rw-r--r--man/qmail-limits.933
-rw-r--r--man/qmail-local.899
-rw-r--r--man/qmail-log.5448
-rw-r--r--man/qmail-lspawn.846
-rw-r--r--man/qmail-mfrules.9108
-rw-r--r--man/qmail-mrtg.8145
-rw-r--r--man/qmail-newmrh.941
-rw-r--r--man/qmail-newu.943
-rw-r--r--man/qmail-pop3d.846
-rw-r--r--man/qmail-popup.8131
-rw-r--r--man/qmail-postgrey.890
-rw-r--r--man/qmail-pw2u.9241
-rw-r--r--man/qmail-qmaint.865
-rw-r--r--man/qmail-qmqpc.837
-rw-r--r--man/qmail-qmqpd.825
-rw-r--r--man/qmail-qmtpd.836
-rw-r--r--man/qmail-qread.825
-rw-r--r--man/qmail-qstat.818
-rw-r--r--man/qmail-queue.8199
-rw-r--r--man/qmail-recipients.948
-rw-r--r--man/qmail-remote.8806
-rw-r--r--man/qmail-rspawn.821
-rw-r--r--man/qmail-send.9265
-rw-r--r--man/qmail-showctl.812
-rw-r--r--man/qmail-smtpam.8110
-rw-r--r--man/qmail-smtpd.81018
-rw-r--r--man/qmail-start.994
-rw-r--r--man/qmail-tcpok.824
-rw-r--r--man/qmail-tcpto.830
-rw-r--r--man/qmail-todo.8128
-rw-r--r--man/qmail-users.9117
-rw-r--r--man/qmail-vmailuser.9108
-rw-r--r--man/qreceipt.133
-rw-r--r--man/setforward.1204
-rw-r--r--man/setmaillist.172
-rw-r--r--man/spfquery.8147
-rw-r--r--man/splogger.860
-rw-r--r--man/sqmail.9130
-rw-r--r--man/srsforward.196
-rw-r--r--man/srsreverse.987
-rw-r--r--man/tai64nfrac.518
-rw-r--r--man/tcp-environ.586
-rw-r--r--man/xqp.118
-rw-r--r--man/xrecipient.114
-rw-r--r--man/xsender.114
93 files changed, 12041 insertions, 0 deletions
diff --git a/man/Makefile b/man/Makefile
new file mode 100644
index 0000000..1422378
--- /dev/null
+++ b/man/Makefile
@@ -0,0 +1,515 @@
+# Don't edit Makefile! Use ../conf-* for configuration.
+
+SHELL=/bin/sh
+
+default: modules docs dns
+
+addresses.0: \
+addresses.5
+ nroff -man addresses.5 > addresses.0
+
+bouncesaying.0: \
+bouncesaying.1
+ nroff -man bouncesaying.1 > bouncesaying.0
+
+columnt.0: \
+columnt.1
+ nroff -man columnt.1 > columnt.0
+
+condredirect.0: \
+condredirect.1
+ nroff -man condredirect.1 > condredirect.0
+
+dns:\
+dnscname.0 dnsfq.0 dnsip.0 dnsmxip.0 dnsptr.0 dnstxt.0 \
+hostname.0 ipmeprint.0
+
+dnscname.0: \
+dnscname.8
+ nroff -man dnscname.8 > dnscname.0
+
+dnsfq.0: \
+dnsfq.8
+ nroff -man dnsfq.8 > dnsfq.0
+
+dnsip.0: \
+dnsip.8
+ nroff -man dnsip.8 > dnsip.0
+
+dnsmxip.0: \
+dnsmxip.8
+ nroff -man dnsmxip.8 > dnsmxip.0
+
+dnsptr.0: \
+dnsptr.8
+ nroff -man dnsptr.8 > dnsptr.0
+
+dnstxt.0: \
+dnstxt.8
+ nroff -man dnstxt.8 > dnstxt.0
+
+datetime.0: \
+datetime.3
+ nroff -man datetime.3 > datetime.0
+
+docs:\
+addresses.0 dot-qmail.0 envelopes.0 forgeries.0 mbox.0 maildir.0 \
+qmail-command.0 qmail-control.0 qmail-header.0 qmail-limits.0 \
+tcp-environ.0
+
+dot-qmail.0: \
+dot-qmail.5
+ nroff -man dot-qmail.5 > dot-qmail.0
+
+dot-qmail.5: \
+dot-qmail.9 ../conf-home ../conf-break ../conf-spawn
+ cat dot-qmail.9 \
+ | sed s}SQMAIL}"`head -1 ../conf-home`"}g \
+ | sed s}BREAK}"`head -1 ../conf-break`"}g \
+ | sed s}SPAWN}"`head -1 ../conf-spawn`"}g \
+ > dot-qmail.5
+
+envelopes.0: \
+envelopes.5
+ nroff -man envelopes.5 > envelopes.0
+
+except.0: \
+except.1
+ nroff -man except.1 > except.0
+
+fastforward.0: \
+fastforward.1
+ nroff -man fastforward.1 > fastforward.0
+
+forgeries.0: \
+forgeries.7
+ nroff -man forgeries.7 > forgeries.0
+
+forward.0: \
+forward.1
+ nroff -man forward.1 > forward.0
+
+hostname.0: \
+hostname.8
+ nroff -man hostname.8 > hostname.0
+
+ipmeprint.0: \
+ipmeprint.8
+ nroff -man ipmeprint.8 > ipmeprint.0
+
+maildir.0: \
+maildir.5
+ nroff -man maildir.5 > maildir.0
+
+maildir2mbox.0: \
+maildir2mbox.1
+ nroff -man maildir2mbox.1 > maildir2mbox.0
+
+maildirmake.0: \
+maildirmake.1
+ nroff -man maildirmake.1 > maildirmake.0
+
+maildirwatch.0: \
+maildirwatch.1
+ nroff -man maildirwatch.1 > maildirwatch.0
+
+mailsubj.0: \
+mailsubj.1
+ nroff -man mailsubj.1 > mailsubj.0
+
+matchup.0: \
+matchup.1
+ nroff -man matchup.1 > matchup.0
+
+mbox.0: \
+mbox.5
+ nroff -man mbox.5 > mbox.0
+
+modules: \
+qmail-local.0 qmail-lspawn.0 qmail-getpw.0 qmail-remote.0 qmail-smtpam.0 \
+qmail-todo.0 qmail-vmailuser.0 qmail-authuser.0 qmail-postgrey.0 \
+qmail-rspawn.0 qmail-clean.0 qmail-send.0 qmail-start.0 splogger.0 spfquery.0 \
+qmail-queue.0 qmail-inject.0 mailsubj.0 qmail-showctl.0 qmail-newu.0 qmail-qmaint.0 \
+qmail-badmimetypes.0 qmail-badloadertypes.0 qmail-recipients.0 qmail-mfrules.0 \
+qmail-pw2u.0 qmail-qread.0 qmail-qstat.0 qmail-tcpto.0 qmail-tcpok.0 \
+qmail-pop3d.0 qmail-popup.0 qmail-qmqpc.0 qmail-qmqpd.0 qmail-qmtpd.0 \
+qmail-smtpd.0 qmail-newmrh.0 qmail-mrtg.0 qmail-users.0 qreceipt.0 qbiff.0 \
+forward.0 preline.0 condredirect.0 bouncesaying.0 except.0 maildirmake.0 \
+maildir2mbox.0 maildirwatch.0 sqmail.0 tai64nfrac.0 \
+columnt.0 matchup.0 xqp.0 xrecipient.0 xsender.0 newaliases.0 newinclude.0 \
+fastforward.0 printforward.0 printmaillist.0 setforward.0 setmaillist.0 \
+srsforward.0 srsreverse.0 \
+qmail-dkim.0 qmail-dksign.0 qmail-dkverify.0 \
+
+newaliases.0: \
+newaliases.1
+ nroff -man newaliases.1 > newaliases.0
+
+newinclude.0: \
+newinclude.1
+ nroff -man newinclude.1 > newinclude.0
+
+preline.0: \
+preline.1
+ nroff -man preline.1 > preline.0
+
+printforward.0: \
+printforward.1
+ nroff -man printforward.1 > printforward.0
+
+printmaillist.0: \
+printmaillist.1
+ nroff -man printmaillist.1 > printmaillist.0
+
+qbiff.0: \
+qbiff.1
+ nroff -man qbiff.1 > qbiff.0
+
+qmail-clean.0: \
+qmail-clean.8
+ nroff -man qmail-clean.8 > qmail-clean.0
+
+qmail-authuser.0: \
+qmail-authuser.8
+ nroff -man qmail-authuser.8 > qmail-authuser.0
+
+qmail-authuser.8: \
+qmail-authuser.9 ../conf-home
+ cat qmail-authuser.9 \
+ | sed s}SQMAIL}"`head -1 ../conf-home`"}g \
+ > qmail-authuser.8
+
+qmail-badmimetypes.0: \
+qmail-badmimetypes.8
+ nroff -man qmail-badmimetypes.8 > qmail-badmimetypes.0
+
+qmail-badmimetypes.8: \
+qmail-badmimetypes.9 ../conf-home
+ cat qmail-badmimetypes.9 \
+ | sed s}SQMAIL}"`head -1 ../conf-home`"}g \
+ > qmail-badmimetypes.8
+
+qmail-badloadertypes.0: \
+qmail-badloadertypes.8
+ nroff -man qmail-badloadertypes.8 > qmail-badloadertypes.0
+
+qmail-badloadertypes.8: \
+qmail-badloadertypes.9 ../conf-home
+ cat qmail-badloadertypes.9 \
+ | sed s}SQMAIL}"`head -1 ../conf-home`"}g \
+ > qmail-badloadertypes.8
+
+qmail-command.0: \
+qmail-command.8
+ nroff -man qmail-command.8 > qmail-command.0
+
+qmail-control.0: \
+qmail-control.5
+ nroff -man qmail-control.5 > qmail-control.0
+
+qmail-control.5: \
+qmail-control.9 ../conf-home
+ cat qmail-control.9 \
+ | sed s}SQMAIL}"`head -1 ../conf-home`"}g \
+ > qmail-control.5
+
+qmail-dkim.0: \
+qmail-dkim.8
+ nroff -man qmail-dkim.8 > qmail-dkim.0
+
+qmail-dksign.0: \
+qmail-dksign.8
+ nroff -man qmail-dksign.8 > qmail-dksign.0
+
+qmail-dksign.8: \
+qmail-dksign.9 ../conf-home
+ cat qmail-dksign.9 \
+ | sed s}SQMAIL}"`head -1 ../conf-home`"}g \
+ > qmail-dksign.8
+
+qmail-dkverify.0: \
+qmail-dkverify.8
+ nroff -man qmail-dkverify.8 > qmail-dkverify.0
+
+qmail-getpw.0: \
+qmail-getpw.8
+ nroff -man qmail-getpw.8 > qmail-getpw.0
+
+qmail-getpw.8: \
+qmail-getpw.9 ../conf-home
+ cat qmail-getpw.9 \
+ | sed s}SQMAIL}"`head -1 ../conf-home`"}g \
+ | sed s}BREAK}"`head -1 ../conf-break`"}g \
+ > qmail-getpw.8
+
+qmail-header.0: \
+qmail-header.5
+ nroff -man qmail-header.5 > qmail-header.0
+
+qmail-inject.0: \
+qmail-inject.8
+ nroff -man qmail-inject.8 > qmail-inject.0
+
+qmail-limits.0: \
+qmail-limits.7
+ nroff -man qmail-limits.7 > qmail-limits.0
+
+qmail-limits.7: \
+qmail-limits.9 ../conf-home ../conf-break ../conf-spawn
+ cat qmail-limits.9 \
+ | sed s}SQMAIL}"`head -1 ../conf-home`"}g \
+ | sed s}BREAK}"`head -1 ../conf-break`"}g \
+ | sed s}SPAWN}"`head -1 ../conf-spawn`"}g \
+ > qmail-limits.7
+
+qmail-local.0: \
+qmail-local.8
+ nroff -man qmail-local.8 > qmail-local.0
+
+qmail-log.0: \
+qmail-log.5
+ nroff -man qmail-log.5 > qmail-log.0
+
+qmail-lspawn.0: \
+qmail-lspawn.8
+ nroff -man qmail-lspawn.8 > qmail-lspawn.0
+
+qmail-mfrules.0: \
+qmail-mfrules.8
+ nroff -man qmail-mfrules.8 > qmail-mfrules.0
+
+qmail-mfrules.8: \
+qmail-mfrules.9 ../conf-home
+ cat qmail-mfrules.9 \
+ | sed s}SQMAIL}"`head -1 ../conf-home`"}g \
+ > qmail-mfrules.8
+
+qmail-mrtg.0: \
+qmail-mrtg.8
+ nroff -man qmail-mrtg.8 > qmail-mrtg.0
+
+qmail-newmrh.0: \
+qmail-newmrh.8
+ nroff -man qmail-newmrh.8 > qmail-newmrh.0
+
+qmail-newmrh.8: \
+qmail-newmrh.9 ../conf-home
+ cat qmail-newmrh.9 \
+ | sed s}SQMAIL}"`head -1 ../conf-home`"}g \
+ > qmail-newmrh.8
+
+qmail-newu.0: \
+qmail-newu.8
+ nroff -man qmail-newu.8 > qmail-newu.0
+
+qmail-newu.8: \
+qmail-newu.9 ../conf-home
+ cat qmail-newu.9 \
+ | sed s}SQMAIL}"`head -1 ../conf-home`"}g \
+ > qmail-newu.8
+
+qmail-pop3d.0: \
+qmail-pop3d.8
+ nroff -man qmail-pop3d.8 > qmail-pop3d.0
+
+qmail-popup.0: \
+qmail-popup.8
+ nroff -man qmail-popup.8 > qmail-popup.0
+
+qmail-postgrey.0: \
+qmail-postgrey.8
+ nroff -man qmail-postgrey.8 > qmail-postgrey.0
+
+qmail-pw2u.0: \
+qmail-pw2u.8
+ nroff -man qmail-pw2u.8 > qmail-pw2u.0
+
+qmail-pw2u.8: \
+qmail-pw2u.9 ../conf-home
+ cat qmail-pw2u.9 \
+ | sed s}SQMAIL}"`head -1 ../conf-home`"}g \
+ | sed s}BREAK}"`head -1 ../conf-break`"}g \
+ > qmail-pw2u.8
+
+qmail-qmqpc.0: \
+qmail-qmqpc.8
+ nroff -man qmail-qmqpc.8 > qmail-qmqpc.0
+
+qmail-qmqpd.0: \
+qmail-qmqpd.8
+ nroff -man qmail-qmqpd.8 > qmail-qmqpd.0
+
+qmail-qmtpd.0: \
+qmail-qmtpd.8
+ nroff -man qmail-qmtpd.8 > qmail-qmtpd.0
+
+qmail-qread.0: \
+qmail-qread.8
+ nroff -man qmail-qread.8 > qmail-qread.0
+
+qmail-qstat.0: \
+qmail-qstat.8
+ nroff -man qmail-qstat.8 > qmail-qstat.0
+
+qmail-qmaint.0: \
+qmail-qmaint.8
+ nroff -man qmail-qmaint.8 > qmail-qmaint.0
+
+qmail-queue.0: \
+qmail-queue.8
+ nroff -man qmail-queue.8 > qmail-queue.0
+
+qmail-recipients.0: \
+qmail-recipients.8
+ nroff -man qmail-recipients.8 > qmail-recipients.0
+
+qmail-recipients.8: \
+qmail-recipients.9 ../conf-home
+ cat qmail-recipients.9 \
+ | sed s}SQMAIL}"`head -1 ../conf-home`"}g \
+ > qmail-recipients.8
+
+qmail-remote.0: \
+qmail-remote.8
+ nroff -man qmail-remote.8 > qmail-remote.0
+
+qmail-rspawn.0: \
+qmail-rspawn.8
+ nroff -man qmail-rspawn.8 > qmail-rspawn.0
+
+qmail-send.0: \
+qmail-send.8
+ nroff -man qmail-send.8 > qmail-send.0
+
+qmail-send.8: \
+qmail-send.9 ../conf-home
+ cat qmail-send.9 \
+ | sed s}SQMAIL}"`head -1 ../conf-home`"}g \
+ | sed s}BREAK}"`head -1 ../conf-break`"}g \
+ > qmail-send.8
+
+qmail-showctl.0: \
+qmail-showctl.8
+ nroff -man qmail-showctl.8 > qmail-showctl.0
+
+qmail-smtpam.0: \
+qmail-smtpam.8
+ nroff -man qmail-smtpam.8 > qmail-smtpam.0
+
+qmail-smtpd.0: \
+qmail-smtpd.8
+ nroff -man qmail-smtpd.8 > qmail-smtpd.0
+
+qmail-start.0: \
+qmail-start.8
+ nroff -man qmail-start.8 > qmail-start.0
+
+qmail-start.8: \
+qmail-start.9 ../conf-home ../conf-break ../conf-spawn
+ cat qmail-start.9 \
+ | sed s}SQMAIL}"`head -1 ../conf-home`"}g \
+ | sed s}BREAK}"`head -1 ../conf-break`"}g \
+ | sed s}SPAWN}"`head -1 ../conf-spawn`"}g \
+ > qmail-start.8
+
+qmail-tcpok.0: \
+qmail-tcpok.8
+ nroff -man qmail-tcpok.8 > qmail-tcpok.0
+
+qmail-tcpto.0: \
+qmail-tcpto.8
+ nroff -man qmail-tcpto.8 > qmail-tcpto.0
+
+qmail-todo.0: \
+qmail-todo.8
+ nroff -man qmail-todo.8 > qmail-todo.0
+
+qmail-users.0: \
+qmail-users.5
+ nroff -man qmail-users.5 > qmail-users.0
+
+qmail-users.5: \
+qmail-users.9 ../conf-home
+ cat qmail-users.9 \
+ | sed s}SQMAIL}"`head -1 ../conf-home`"}g \
+ > qmail-users.5
+
+qmail-vmailuser.0: \
+qmail-vmailuser.8
+ nroff -man qmail-vmailuser.8 > qmail-vmailuser.0
+
+qmail-vmailuser.8: \
+qmail-vmailuser.9 ../conf-home
+ cat qmail-vmailuser.9 \
+ | sed s}SQMAIL}"`head -1 ../conf-home`"}g \
+ > qmail-vmailuser.8
+
+qreceipt.0: \
+qreceipt.1
+ nroff -man qreceipt.1 > qreceipt.0
+
+setforward.0: \
+setforward.1
+ nroff -man setforward.1 > setforward.0
+
+setmaillist.0: \
+setmaillist.1
+ nroff -man setmaillist.1 > setmaillist.0
+
+spfquery.0: \
+spfquery.8
+ nroff -man spfquery.8 > spfquery.0
+
+splogger.0: \
+splogger.8
+ nroff -man splogger.8 > splogger.0
+
+sqmail.0: \
+sqmail.7
+ nroff -man sqmail.7 > sqmail.0
+
+sqmail.7: \
+sqmail.9 ../package/version
+ cat sqmail.9 \
+ | sed s}VERSION}"`head -1 ../package/version`"}g \
+ > sqmail.7
+
+srsforward.0: \
+srsforward.1
+ nroff -man srsforward.1 > srsforward.0
+
+srsreverse.0: \
+srsreverse.8
+ nroff -man srsreverse.8 > srsreverse.0
+
+srsreverse.8: \
+srsreverse.9 ../conf-home
+ cat srsreverse.9 \
+ | sed s}SQMAIL}"`head -1 ../conf-home`"}g \
+ > srsreverse.8
+
+tai64nfrac.0: \
+tai64nfrac.5
+ nroff -man tai64nfrac.5 > tai64nfrac.0
+
+tcp-environ.0: \
+tcp-environ.5
+ nroff -man tcp-environ.5 > tcp-environ.0
+
+xqp.0: \
+xqp.1
+ nroff -man xqp.1 > xqp.0
+
+xrecipient.0: \
+xrecipient.1
+ nroff -man xrecipient.1 > xrecipient.0
+
+xsender.0: \
+xsender.1
+ nroff -man xsender.1 > xsender.0
+
+clean: \
+TARGETS
+ rm -f `cat TARGETS`
+# gzip -q -d *.gz
+
diff --git a/man/Makefile.mandoc b/man/Makefile.mandoc
new file mode 100644
index 0000000..3369cbb
--- /dev/null
+++ b/man/Makefile.mandoc
@@ -0,0 +1,512 @@
+# Don't edit Makefile! Use ../conf-* for configuration.
+
+SHELL=/bin/sh
+
+default: modules docs dns
+
+addresses.0: \
+addresses.5
+ mandoc -man addresses.5 > addresses.0
+
+bouncesaying.0: \
+bouncesaying.1
+ mandoc -man bouncesaying.1 > bouncesaying.0
+
+columnt.0: \
+columnt.1
+ mandoc -man columnt.1 > columnt.0
+
+condredirect.0: \
+condredirect.1
+ mandoc -man condredirect.1 > condredirect.0
+
+dns:\
+dnscname.0 dnsfq.0 dnsip.0 dnsmxip.0 dnsptr.0 dnstxt.0 \
+hostname.0 ipmeprint.0
+
+dnscname.0: \
+dnscname.8
+ mandoc -man dnscname.8 > dnscname.0
+
+dnsfq.0: \
+dnsfq.8
+ mandoc -man dnsfq.8 > dnsfq.0
+
+dnsip.0: \
+dnsip.8
+ mandoc -man dnsip.8 > dnsip.0
+
+dnsmxip.0: \
+dnsmxip.8
+ mandoc -man dnsmxip.8 > dnsmxip.0
+
+dnsptr.0: \
+dnsptr.8
+ mandoc -man dnsptr.8 > dnsptr.0
+
+dnstxt.0: \
+dnstxt.8
+ mandoc -man dnstxt.8 > dnstxt.0
+
+datetime.0: \
+datetime.3
+ mandoc -man datetime.3 > datetime.0
+
+docs:\
+addresses.0 dot-qmail.0 envelopes.0 forgeries.0 mbox.0 maildir.0 \
+qmail-command.0 qmail-control.0 qmail-header.0 qmail-limits.0 \
+tcp-environ.0
+
+dot-qmail.0: \
+dot-qmail.5
+ mandoc -man dot-qmail.5 > dot-qmail.0
+
+dot-qmail.5: \
+dot-qmail.9 ../conf-home ../conf-break ../conf-spawn
+ cat dot-qmail.9 \
+ | sed s}SQMAIL}"`head -1 ../conf-home`"}g \
+ | sed s}BREAK}"`head -1 ../conf-break`"}g \
+ | sed s}SPAWN}"`head -1 ../conf-spawn`"}g \
+ > dot-qmail.5
+
+envelopes.0: \
+envelopes.5
+ mandoc -man envelopes.5 > envelopes.0
+
+except.0: \
+except.1
+ mandoc -man except.1 > except.0
+
+fastforward.0: \
+fastforward.1
+ mandoc -man fastforward.1 > fastforward.0
+
+forgeries.0: \
+forgeries.7
+ mandoc -man forgeries.7 > forgeries.0
+
+forward.0: \
+forward.1
+ mandoc -man forward.1 > forward.0
+
+hostname.0: \
+hostname.8
+ mandoc -man hostname.8 > hostname.0
+
+ipmeprint.0: \
+ipmeprint.8
+ mandoc -man ipmeprint.8 > ipmeprint.0
+
+maildir.0: \
+maildir.5
+ mandoc -man maildir.5 > maildir.0
+
+maildir2mbox.0: \
+maildir2mbox.1
+ mandoc -man maildir2mbox.1 > maildir2mbox.0
+
+maildirmake.0: \
+maildirmake.1
+ mandoc -man maildirmake.1 > maildirmake.0
+
+maildirwatch.0: \
+maildirwatch.1
+ mandoc -man maildirwatch.1 > maildirwatch.0
+
+mailsubj.0: \
+mailsubj.1
+ mandoc -man mailsubj.1 > mailsubj.0
+
+matchup.0: \
+matchup.1
+ mandoc -man matchup.1 > matchup.0
+
+mbox.0: \
+mbox.5
+ mandoc -man mbox.5 > mbox.0
+
+modules: \
+qmail-local.0 qmail-lspawn.0 qmail-getpw.0 qmail-remote.0 qmail-smtpam.0 \
+qmail-todo.0 qmail-vmailuser.0 qmail-authuser.0 qmail-postgrey.0 \
+qmail-rspawn.0 qmail-clean.0 qmail-send.0 qmail-start.0 splogger.0 spfquery.0 \
+qmail-queue.0 qmail-inject.0 mailsubj.0 qmail-showctl.0 qmail-newu.0 qmail-qmaint.0 \
+qmail-badmimetypes.0 qmail-badloadertypes.0 qmail-recipients.0 qmail-mfrules.0 \
+qmail-pw2u.0 qmail-qread.0 qmail-qstat.0 qmail-tcpto.0 qmail-tcpok.0 \
+qmail-pop3d.0 qmail-popup.0 qmail-qmqpc.0 qmail-qmqpd.0 qmail-qmtpd.0 \
+qmail-smtpd.0 qmail-newmrh.0 qmail-mrtg.0 qmail-users.0 qreceipt.0 qbiff.0 \
+forward.0 preline.0 condredirect.0 bouncesaying.0 except.0 maildirmake.0 \
+maildir2mbox.0 maildirwatch.0 sqmail.0 tai64nfrac.0 \
+columnt.0 matchup.0 xqp.0 xrecipient.0 xsender.0 newaliases.0 newinclude.0 \
+fastforward.0 printforward.0 printmaillist.0 setforward.0 setmaillist.0 \
+srsforward.0 srsreverse.0 \
+qmail-dkim.0 qmail-dksign.0 qmail-dkverify.0 \
+
+newaliases.0: \
+newaliases.1
+ mandoc -man newaliases.1 > newaliases.0
+
+newinclude.0: \
+newinclude.1
+ mandoc -man newinclude.1 > newinclude.0
+
+preline.0: \
+preline.1
+ mandoc -man preline.1 > preline.0
+
+printforward.0: \
+printforward.1
+ mandoc -man printforward.1 > printforward.0
+
+printmaillist.0: \
+printmaillist.1
+ mandoc -man printmaillist.1 > printmaillist.0
+
+qbiff.0: \
+qbiff.1
+ mandoc -man qbiff.1 > qbiff.0
+
+qmail-clean.0: \
+qmail-clean.8
+ mandoc -man qmail-clean.8 > qmail-clean.0
+
+qmail-authuser.0: \
+qmail-authuser.8
+ mandoc -man qmail-authuser.8 > qmail-authuser.0
+
+qmail-authuser.8: \
+qmail-authuser.9 ../conf-home
+ cat qmail-authuser.9 \
+ | sed s}SQMAIL}"`head -1 ../conf-home`"}g \
+ > qmail-authuser.8
+
+qmail-badmimetypes.0: \
+qmail-badmimetypes.8
+ mandoc -man qmail-badmimetypes.8 > qmail-badmimetypes.0
+
+qmail-badmimetypes.8: \
+qmail-badmimetypes.9 ../conf-home
+ cat qmail-badmimetypes.9 \
+ | sed s}SQMAIL}"`head -1 ../conf-home`"}g \
+ > qmail-badmimetypes.8
+
+qmail-badloadertypes.0: \
+qmail-badloadertypes.8
+ mandoc -man qmail-badloadertypes.8 > qmail-badloadertypes.0
+
+qmail-badloadertypes.8: \
+qmail-badloadertypes.9 ../conf-home
+ cat qmail-badloadertypes.9 \
+ | sed s}SQMAIL}"`head -1 ../conf-home`"}g \
+ > qmail-badloadertypes.8
+
+qmail-command.0: \
+qmail-command.8
+ mandoc -man qmail-command.8 > qmail-command.0
+
+qmail-control.0: \
+qmail-control.5
+ mandoc -man qmail-control.5 > qmail-control.0
+
+qmail-control.5: \
+qmail-control.9 ../conf-home
+ cat qmail-control.9 \
+ | sed s}SQMAIL}"`head -1 ../conf-home`"}g \
+ > qmail-control.5
+
+qmail-dkim.0: \
+qmail-dkim.8
+ mandoc -man qmail-dkim.8 > qmail-dkim.0
+
+qmail-dksign.0: \
+qmail-dksign.8
+ mandoc -man qmail-dksign.8 > qmail-dksign.0
+
+qmail-dksign.8: \
+qmail-dksign.9 ../conf-home
+ cat qmail-dksign.9 \
+ | sed s}SQMAIL}"`head -1 ../conf-home`"}g \
+ > qmail-dksign.8
+
+qmail-dkverify.0: \
+qmail-dkverify.8
+ mandoc -man qmail-dkverify.8 > qmail-dkverify.0
+
+qmail-getpw.0: \
+qmail-getpw.8
+ mandoc -man qmail-getpw.8 > qmail-getpw.0
+
+qmail-getpw.8: \
+qmail-getpw.9 ../conf-home
+ cat qmail-getpw.9 \
+ | sed s}SQMAIL}"`head -1 ../conf-home`"}g \
+ > qmail-getpw.8
+
+qmail-header.0: \
+qmail-header.5
+ mandoc -man qmail-header.5 > qmail-header.0
+
+qmail-inject.0: \
+qmail-inject.8
+ mandoc -man qmail-inject.8 > qmail-inject.0
+
+qmail-limits.0: \
+qmail-limits.7
+ mandoc -man qmail-limits.7 > qmail-limits.0
+
+qmail-limits.7: \
+qmail-limits.9 ../conf-home ../conf-break ../conf-spawn
+ cat qmail-limits.9 \
+ | sed s}SQMAIL}"`head -1 ../conf-home`"}g \
+ | sed s}BREAK}"`head -1 ../conf-break`"}g \
+ | sed s}SPAWN}"`head -1 ../conf-spawn`"}g \
+ > qmail-limits.7
+
+qmail-local.0: \
+qmail-local.8
+ mandoc -man qmail-local.8 > qmail-local.0
+
+qmail-log.0: \
+qmail-log.5
+ mandoc -man qmail-log.5 > qmail-log.0
+
+qmail-lspawn.0: \
+qmail-lspawn.8
+ mandoc -man qmail-lspawn.8 > qmail-lspawn.0
+
+qmail-mfrules.0: \
+qmail-mfrules.8
+ mandoc -man qmail-mfrules.8 > qmail-mfrules.0
+
+qmail-mfrules.8: \
+qmail-mfrules.9 ../conf-home
+ cat qmail-mfrules.9 \
+ | sed s}SQMAIL}"`head -1 ../conf-home`"}g \
+ > qmail-mfrules.8
+
+qmail-mrtg.0: \
+qmail-mrtg.8
+ mandoc -man qmail-mrtg.8 > qmail-mrtg.0
+
+qmail-newmrh.0: \
+qmail-newmrh.8
+ mandoc -man qmail-newmrh.8 > qmail-newmrh.0
+
+qmail-newmrh.8: \
+qmail-newmrh.9 ../conf-home
+ cat qmail-newmrh.9 \
+ | sed s}SQMAIL}"`head -1 ../conf-home`"}g \
+ > qmail-newmrh.8
+
+qmail-newu.0: \
+qmail-newu.8
+ mandoc -man qmail-newu.8 > qmail-newu.0
+
+qmail-newu.8: \
+qmail-newu.9 ../conf-home
+ cat qmail-newu.9 \
+ | sed s}SQMAIL}"`head -1 ../conf-home`"}g \
+ > qmail-newu.8
+
+qmail-pop3d.0: \
+qmail-pop3d.8
+ mandoc -man qmail-pop3d.8 > qmail-pop3d.0
+
+qmail-popup.0: \
+qmail-popup.8
+ mandoc -man qmail-popup.8 > qmail-popup.0
+
+qmail-postgrey.0: \
+qmail-postgrey.8
+ mandoc -man qmail-postgrey.8 > qmail-postgrey.0
+
+qmail-pw2u.0: \
+qmail-pw2u.8
+ mandoc -man qmail-pw2u.8 > qmail-pw2u.0
+
+qmail-pw2u.8: \
+qmail-pw2u.9 ../conf-home
+ cat qmail-pw2u.9 \
+ | sed s}SQMAIL}"`head -1 ../conf-home`"}g \
+ > qmail-pw2u.8
+
+qmail-qmqpc.0: \
+qmail-qmqpc.8
+ mandoc -man qmail-qmqpc.8 > qmail-qmqpc.0
+
+qmail-qmqpd.0: \
+qmail-qmqpd.8
+ mandoc -man qmail-qmqpd.8 > qmail-qmqpd.0
+
+qmail-qmtpd.0: \
+qmail-qmtpd.8
+ mandoc -man qmail-qmtpd.8 > qmail-qmtpd.0
+
+qmail-qread.0: \
+qmail-qread.8
+ mandoc -man qmail-qread.8 > qmail-qread.0
+
+qmail-qstat.0: \
+qmail-qstat.8
+ mandoc -man qmail-qstat.8 > qmail-qstat.0
+
+qmail-qmaint.0: \
+qmail-qmaint.8
+ mandoc -man qmail-qmaint.8 > qmail-qmaint.0
+
+qmail-queue.0: \
+qmail-queue.8
+ mandoc -man qmail-queue.8 > qmail-queue.0
+
+qmail-recipients.0: \
+qmail-recipients.8
+ mandoc -man qmail-recipients.8 > qmail-recipients.0
+
+qmail-recipients.8: \
+qmail-recipients.9 ../conf-home
+ cat qmail-recipients.9 \
+ | sed s}SQMAIL}"`head -1 ../conf-home`"}g \
+ > qmail-recipients.8
+
+qmail-remote.0: \
+qmail-remote.8
+ mandoc -man qmail-remote.8 > qmail-remote.0
+
+qmail-rspawn.0: \
+qmail-rspawn.8
+ mandoc -man qmail-rspawn.8 > qmail-rspawn.0
+
+qmail-send.0: \
+qmail-send.8
+ mandoc -man qmail-send.8 > qmail-send.0
+
+qmail-send.8: \
+qmail-send.9 ../conf-home
+ cat qmail-send.9 \
+ | sed s}SQMAIL}"`head -1 ../conf-home`"}g \
+ > qmail-send.8
+
+qmail-showctl.0: \
+qmail-showctl.8
+ mandoc -man qmail-showctl.8 > qmail-showctl.0
+
+qmail-smtpam.0: \
+qmail-smtpam.8
+ mandoc -man qmail-smtpam.8 > qmail-smtpam.0
+
+qmail-smtpd.0: \
+qmail-smtpd.8
+ mandoc -man qmail-smtpd.8 > qmail-smtpd.0
+
+qmail-start.0: \
+qmail-start.8
+ mandoc -man qmail-start.8 > qmail-start.0
+
+qmail-start.8: \
+qmail-start.9 ../conf-home ../conf-break ../conf-spawn
+ cat qmail-start.9 \
+ | sed s}SQMAIL}"`head -1 ../conf-home`"}g \
+ | sed s}BREAK}"`head -1 ../conf-break`"}g \
+ | sed s}SPAWN}"`head -1 ../conf-spawn`"}g \
+ > qmail-start.8
+
+qmail-tcpok.0: \
+qmail-tcpok.8
+ mandoc -man qmail-tcpok.8 > qmail-tcpok.0
+
+qmail-tcpto.0: \
+qmail-tcpto.8
+ mandoc -man qmail-tcpto.8 > qmail-tcpto.0
+
+qmail-todo.0: \
+qmail-todo.8
+ mandoc -man qmail-todo.8 > qmail-todo.0
+
+qmail-users.0: \
+qmail-users.5
+ mandoc -man qmail-users.5 > qmail-users.0
+
+qmail-users.5: \
+qmail-users.9 ../conf-home
+ cat qmail-users.9 \
+ | sed s}SQMAIL}"`head -1 ../conf-home`"}g \
+ > qmail-users.5
+
+qmail-vmailuser.0: \
+qmail-vmailuser.8
+ mandoc -man qmail-vmailuser.8 > qmail-vmailuser.0
+
+qmail-vmailuser.8: \
+qmail-vmailuser.9 ../conf-home
+ cat qmail-vmailuser.9 \
+ | sed s}SQMAIL}"`head -1 ../conf-home`"}g \
+ > qmail-vmailuser.8
+
+qreceipt.0: \
+qreceipt.1
+ mandoc -man qreceipt.1 > qreceipt.0
+
+setforward.0: \
+setforward.1
+ mandoc -man setforward.1 > setforward.0
+
+setmaillist.0: \
+setmaillist.1
+ mandoc -man setmaillist.1 > setmaillist.0
+
+spfquery.0: \
+spfquery.8
+ mandoc -man spfquery.8 > spfquery.0
+
+splogger.0: \
+splogger.8
+ mandoc -man splogger.8 > splogger.0
+
+sqmail.0: \
+sqmail.7
+ mandoc -man sqmail.7 > sqmail.0
+
+sqmail.7: \
+sqmail.9 ../package/version
+ cat sqmail.9 \
+ | sed s}VERSION}"`head -1 ../package/version`"}g \
+ > sqmail.7
+
+srsforward.0: \
+srsforward.1
+ mandoc -man srsforward.1 > srsforward.0
+
+srsreverse.0: \
+srsreverse.8
+ mandoc -man srsreverse.8 > srsreverse.0
+
+srsreverse.8: \
+srsreverse.9 ../conf-home
+ cat srsreverse.9 \
+ | sed s}SQMAIL}"`head -1 ../conf-home`"}g \
+ > srsreverse.8
+
+tai64nfrac.0: \
+tai64nfrac.5
+ mandoc -man tai64nfrac.5 > tai64nfrac.0
+
+tcp-environ.0: \
+tcp-environ.5
+ mandoc -man tcp-environ.5 > tcp-environ.0
+
+xqp.0: \
+xqp.1
+ mandoc -man xqp.1 > xqp.0
+
+xrecipient.0: \
+xrecipient.1
+ mandoc -man xrecipient.1 > xrecipient.0
+
+xsender.0: \
+xsender.1
+ mandoc -man xsender.1 > xsender.0
+
+clean: \
+TARGETS
+ rm -f `cat TARGETS`
+# gzip -q -d *.gz
+
diff --git a/man/TARGETS b/man/TARGETS
new file mode 100644
index 0000000..89773bb
--- /dev/null
+++ b/man/TARGETS
@@ -0,0 +1,105 @@
+addresses.0
+bouncesaying.0
+columnt.0
+condredirect.0
+datetime.0
+dot-qmail.0
+dot-qmail.5
+dnscname.0
+dnsfq.0
+dnsip.0
+dnsptr.0
+dnsmxip.0
+dnstxt.0
+envelopes.0
+except.0
+fastforward.0
+forgeries.0
+forward.0
+hostname.0
+ipmeprint.0
+maildir.0
+maildir2mbox.0
+maildirmake.0
+maildirwatch.0
+mailsubj.0
+matchup.0
+mbox.0
+newaliases.0
+newinclude.0
+preline.0
+printforward.0
+printmaillist.0
+qbiff.0
+qmail-authuser.0
+qmail-authuser.8
+qmail-badloadertypes.0
+qmail-badloadertypes.8
+qmail-badmimetypes.0
+qmail-badmimetypes.8
+qmail-clean.0
+qmail-command.0
+qmail-dksign.0
+qmail-dksign.8
+qmail-dkim.0
+qmail-dkverify.0
+qmail-getpw.0
+qmail-getpw.8
+qmail-header.0
+qmail-inject.0
+qmail-limits.0
+qmail-limits.7
+qmail-local.0
+qmail-lspawn.0
+qmail-mfrules.0
+qmail-mfrules.8
+qmail-mrtg.0
+qmail-newmrh.0
+qmail-newmrh.8
+qmail-newu.0
+qmail-newu.8
+qmail-pop3d.0
+qmail-popup.0
+qmail-postgrey.0
+qmail-pw2u.0
+qmail-pw2u.8
+qmail-qmqpc.0
+qmail-qmqpd.0
+qmail-qmtpd.0
+qmail-qread.0
+qmail-qstat.0
+qmail-qmaint.0
+qmail-queue.0
+qmail-recipients.0
+qmail-recipients.8
+qmail-remote.0
+qmail-rspawn.0
+qmail-send.0
+qmail-send.8
+qmail-showctl.0
+qmail-smtpam.0
+qmail-smtpd.0
+qmail-start.0
+qmail-start.8
+qmail-tcpok.0
+qmail-tcpto.0
+qmail-todo.0
+qmail-users.0
+qmail-users.5
+qmail-vmailuser.0
+qmail-vmailuser.8
+qreceipt.0
+setforward.0
+setmaillist.0
+spfquery.0
+splogger.0
+sqmail.0
+sqmail.7
+srsforward.0
+srsreverse.0
+srsreverse.8
+tai64nfrac.0
+tcp-environ.0
+xqp.0
+xrecipient.0
+xsender.0
diff --git a/man/addresses.5 b/man/addresses.5
new file mode 100644
index 0000000..72a234f
--- /dev/null
+++ b/man/addresses.5
@@ -0,0 +1,260 @@
+.TH s/qmail: addresses 5
+.SH "NAME"
+addresses \- formats for Internet mail addresses
+.SH "INTRODUCTION"
+A
+.B mail address
+is a string of characters containing @.
+
+Every mail address has a
+.B local part
+and a
+.B domain part\fR.
+The domain part is everything after the final @.
+The local part is everything before.
+
+For example, the mail addresses
+
+.EX
+ God@heaven.af.mil
+ @heaven.af.mil
+ @at@@heaven.af.mil
+.EE
+
+all have domain part
+.BR heaven.af.mil .
+The local parts are
+.BR God ,
+empty,
+and
+.BR @at@ .
+
+Some domains have owners.
+It is up to the owner of
+.B heaven.af.mil
+to say how mail messages will be delivered to addresses with domain part
+.BR heaven.af.mil .
+
+The domain part of an address is interpreted without regard to case, so
+
+.EX
+ God@heaven.af.mil
+.br
+ God@HEAVEN.AF.MIL
+.br
+ God@Heaven.AF.Mil
+.EE
+
+all refer to the same domain.
+
+There is one exceptional address that does not contain an @:
+namely, the empty string.
+The empty string cannot be used as a recipient address.
+It can be used as a sender address so that
+the real sender doesn't receive bounces.
+.SH "QMAIL EXTENSIONS"
+The
+.B qmail
+system allows several further types of addresses in mail envelopes.
+
+First, an envelope recipient address without an @ is interpreted as being at
+.IR envnoathost .
+For example, if
+.I envnoathost
+is
+.BR heaven.af.mil ,
+the address
+.B God
+will be rewritten as
+.BR God@heaven.af.mil .
+
+Second, the address
+.B #@[]
+is used as an envelope sender address for double bounces.
+
+Third, envelope sender addresses of the form
+.I pre\fB@\fIhost\fB-@[]
+are used to support variable envelope return paths (VERPs).
+.B qmail-send
+will rewrite
+.I pre\fB@\fIhost\fB-@[]
+as
+.I prerecip\fB=\fIdomain\fB@\fIhost
+for deliveries to
+.IR recip\fB@\fIdomain .
+Bounces directly from
+.B qmail-send
+will come back to
+.IR pre\fB@\fIhost .
+.SH "CHOOSING MAIL ADDRESSES"
+Here are some suggestions on choosing mail addresses for the Internet.
+
+Do not use non-ASCII characters.
+Under RFC 822 and RFC 821,
+these characters cannot be used in mail headers or in SMTP commands.
+In practice, they are regularly corrupted.
+
+Do not use ASCII control characters.
+NUL is regularly corrupted.
+CR and LF cannot be used in some combinations
+and are corrupted in all.
+None of these characters are usable on business cards.
+
+Avoid spaces and the characters
+
+.EX
+ \\"<>()[],;:
+.EE
+
+These all require quoting in mail headers and in SMTP.
+Many existing mail programs do not handle quoting properly.
+
+Do not use @ in a local part.
+@ requires quoting in mail headers and in SMTP.
+Many programs incorrectly look for the first @,
+rather than the last @,
+to find the domain part of an address.
+
+In a local part,
+do not use two consecutive dots, a dot at the beginning, or a dot at the end.
+Any of these would require quoting in mail headers.
+
+Do not use an empty local part; it cannot appear in SMTP commands.
+
+Avoid local parts longer than 64 characters.
+
+Be wary of uppercase letters in local parts.
+Some mail programs (and users!) will incorrectly convert
+.B God@heaven.af.mil
+to
+.BR god@heaven.af.mil .
+
+Be wary of the following characters:
+
+.EX
+ $&!#~`'^*|{}
+.EE
+
+Some users will not know
+how to feed these characters safely to their mail programs.
+
+In domain names, stick to letters, digits, dash, and dot.
+One popular DNS resolver has,
+under the banner of security,
+recently begun destroying domain names
+that contain certain other characters,
+including underscore.
+Exception: A dotted-decimal IP address in brackets,
+such as
+.BR [127.0.0.1] ,
+identifies a domain owned by whoever owns the host at that IP address,
+and can be used safely.
+
+In a domain name,
+do not use two consecutive dots,
+a dot at the beginning,
+or a dot at the end.
+This means that,
+when a domain name is broken down into components separated by dots,
+there are no empty components.
+
+Always use at least one dot in a domain name.
+If you own the
+.B mil
+domain,
+don't bother using the address
+.BR root@mil ;
+most users will be unable to send messages to that address.
+Same for the root domain.
+
+Avoid domain names longer than 64 characters.
+.SH "ENCODED ADDRESSES IN SMTP COMMANDS"
+RFC 821 defines an encoding of mail addresses in SMTP.
+For example, the addresses
+
+.EX
+ God@heaven.af.mil
+.br
+ a"quote@heaven.af.mil
+.br
+ The Almighty.One@heaven.af.mil
+.EE
+
+could be encoded in RCPT commands as
+
+.EX
+ RCPT TO:<God@heaven.af.mil>
+.br
+ RCPT TO:<a\\"quote@heaven.af.mil>
+.br
+ RCPT TO:<The\\ Almighty.One@heaven.af.mil>
+.EE
+
+There are several restrictions in RFC 821
+on the mail addresses that can be used over SMTP.
+Non-ASCII characters are prohibited.
+The local part must not be empty.
+The domain part must be a sequence of elements separated by dots,
+where each element is either a component,
+a sequence of digits preceded by #,
+or a dotted-decimal IP address surrounded by brackets.
+The only allowable characters in components are
+letters, digits, and dashes.
+Every component must (believe it or not)
+have at least three characters;
+the first character must be a letter;
+the last character must not be a hyphen.
+.SH "ENCODED ADDRESSES IN MAIL HEADERS"
+RFC 822 defines an encoding of mail addresses
+in certain header fields in a mail message.
+For example, the addresses
+
+.EX
+ God@heaven.af.mil
+.br
+ a"quote@heaven.af.mil
+.br
+ The Almighty.One@heaven.af.mil
+.EE
+
+could be encoded in a
+.B To
+field as
+
+.EX
+ To: God@heaven.af.mil,
+.br
+ <@brl.mil:"a\\"quote"@heaven.af.mil>,
+.br
+ "The Almighty".One@heaven.af.mil
+.EE
+
+or perhaps
+
+.EX
+ To: < "God"@heaven .af.mil>,
+.br
+ "a\\"quote" (Who?) @ heaven . af. mil
+.br
+ , God<"The Almighty.One"@heaven.af.mil>
+.EE
+
+There are several restrictions on the mail addresses that can
+be used in these header fields.
+Non-ASCII characters are prohibited.
+The domain part must be a sequence of elements separated by dots,
+where each element either (1) begins with [ and ends with ]
+or (2) is a nonempty string of printable ASCII characters
+not including any of
+
+.EX
+ \\".<>()[],;:
+.EE
+
+and not including space.
+.SH "SEE ALSO"
+envelopes(5),
+qmail-header(5),
+qmail-inject(8),
+qmail-remote(8),
+qmail-smtpd(8)
diff --git a/man/bouncesaying.1 b/man/bouncesaying.1
new file mode 100644
index 0000000..9f46b67
--- /dev/null
+++ b/man/bouncesaying.1
@@ -0,0 +1,71 @@
+.TH s/qmail: bouncesaying 1
+.SH NAME
+bouncesaying \- perhaps bounce each incoming message
+.SH SYNOPSIS
+in
+.BR .qmail :
+.B |bouncesaying
+.I error
+[
+.I program
+[
+.I arg ...
+]
+]
+.SH DESCRIPTION
+.B bouncesaying
+feeds each new mail message to
+.I program
+with the given arguments.
+If
+.I program
+exits 0,
+.B bouncesaying
+prints
+.I error
+and bounces the message.
+
+If
+.I program
+exits 111,
+.B bouncesaying
+exits 111,
+so delivery will be retried later.
+
+If
+.I program
+exits anything else
+(or does not exist),
+.B bouncesaying
+exits 0,
+so the rest of
+.B .qmail
+will be processed as usual.
+
+Note that
+it is not safe for
+.I program
+to fork a child that
+reads the message in the background.
+
+If
+.I program
+is not supplied,
+.B bouncesaying
+always bounces the message:
+
+.EX
+ |bouncesaying 'This address no longer accepts mail.'
+.EE
+
+.B WARNING:
+If you create a
+.B .qmail
+file to enable
+.BR bouncesaying ,
+make sure to also add a line specifying delivery to your normal mailbox.
+.SH "SEE ALSO"
+condredirect(1),
+except(1),
+dot-qmail(5),
+qmail-command(8)
diff --git a/man/columnt.1 b/man/columnt.1
new file mode 100644
index 0000000..24eeeef
--- /dev/null
+++ b/man/columnt.1
@@ -0,0 +1,29 @@
+.TH s/qmail: columnt 1
+.SH NAME
+columnt \- align columns in a table
+.SH SYNTAX
+.B columnt
+.SH DESCRIPTION
+.B columnt
+reads a table of whitespace-separated lines.
+
+.B columnt
+then prints the table,
+changing the spacing so that
+the first column takes the same amount of space in every line,
+the second column takes the same amount of space in every line,
+etc.
+
+In the
+.B columnt
+output,
+all columns except the last are right-justified;
+the last column is left-justified.
+There are two spaces between adjacent columns.
+
+.B columnt
+needs enough memory to read the entire input.
+Other than this,
+it has no limits on line length or on the number of columns.
+.SH "SEE ALSO"
+column(1)
diff --git a/man/condredirect.1 b/man/condredirect.1
new file mode 100644
index 0000000..b9418db
--- /dev/null
+++ b/man/condredirect.1
@@ -0,0 +1,63 @@
+.TH s/qmail: condredirect 1
+.SH NAME
+condredirect \- perhaps redirect mail to another address
+.SH SYNOPSIS
+in
+.BR .qmail :
+.B |condredirect
+.I newaddress
+.I program
+[
+.I arg ...
+]
+.SH DESCRIPTION
+.B condredirect
+feeds each new mail message to
+.I program
+with the given arguments.
+If
+.I program
+exits 0,
+.B condredirect
+forwards the mail message to
+.IR newaddress ,
+and then exits 99,
+so further commands in
+.B .qmail
+are ignored.
+
+If
+.I program
+exits 111,
+.B condredirect
+exits 111,
+so delivery will be retried later.
+
+If
+.I program
+exits anything else
+(or does not exist),
+.B condredirect
+exits 0,
+so the rest of
+.B .qmail
+will be processed as usual.
+
+Note that
+it is not safe for
+.I program
+to fork a child that
+reads the message in the background.
+
+.B WARNING:
+If you create a
+.B .qmail
+file to enable
+.BR condredirect ,
+make sure to also add a line specifying delivery to your normal mailbox.
+.SH "SEE ALSO"
+bouncesaying(1),
+except(1),
+dot-qmail(5),
+qmail-command(8),
+qmail-queue(8)
diff --git a/man/datetime.3 b/man/datetime.3
new file mode 100644
index 0000000..f62c02d
--- /dev/null
+++ b/man/datetime.3
@@ -0,0 +1,73 @@
+.TH s/qmail: datetime 3
+.SH NAME
+datetime \- convert between TAI labels and seconds
+.SH SYNTAX
+.B #include <datetime.h>
+
+void \fBdatetime_tai\fP(&\fIdt\fR,\fIt\fR);
+
+datetime_sec \fBdatetime_untai\fP(&\fIdt\fR);
+
+struct datetime \fIdt\fR;
+.br
+datetime_sec \fIt\fR;
+.SH DESCRIPTION
+International Atomic Time, TAI,
+is the fundamental unit for time measurements.
+TAI has one label for every second of real time,
+without complications such as leap seconds.
+
+A
+struct datetime
+variable,
+such as
+.IR dt ,
+stores a TAI label.
+.I dt\fB.year
+is the year number minus 1900;
+.I dt\fB.mon
+is the month number, from 0 (January) through 11 (December);
+.I dt\fB.mday
+is the day of the month, from 1 through 31;
+.I dt\fB.hour
+is the hour, from 0 through 23;
+.I dt\fB.min
+is the minute, from 0 through 59;
+.I dt\fB.sec
+is the second, from 0 through 59;
+.I dt\fB.wday
+is the day of the week, from 0 (Sunday) through 6 (Saturday);
+.I dt\fB.yday
+is the day of the year, from 0 through 365.
+
+The
+.B datetime
+library supports more convenient TAI manipulation with
+the datetime_sec type.
+A datetime_sec value, such as
+.IR t ,
+is an integer referring to the
+.IR t th
+second after the beginning of 1970 TAI.
+The first second of 1970 TAI was 0;
+the next second was 1;
+the last second of 1969 TAI was -1.
+The difference between two datetime_sec values is a number
+of real-time seconds.
+
+.B datetime_tai
+converts a datetime_sec to a TAI label.
+
+.B datetime_untai
+reads a TAI label
+(specifically
+.IR dt\fB.year ,
+.IR dt\fB.mon ,
+.IR dt\fB.mday ,
+.IR dt\fB.hour ,
+.IR dt\fB.min ,
+and
+.IR dt\fB.sec )
+and returns a datetime_sec.
+.SH "SEE ALSO"
+now(3)
diff --git a/man/dnscname.8 b/man/dnscname.8
new file mode 100644
index 0000000..7fd3889
--- /dev/null
+++ b/man/dnscname.8
@@ -0,0 +1,35 @@
+.TH s/qmail: dnscname 8
+.SH NAME
+dnscname
+.SH SYNOPSIS
+.B dnscname
+.I fqdn
+.SH DESCRIPTION
+.B dnscame
+takes the given
+.I fqdn
+for a host and employs an one-stage
+.I CNAME
+DNS lookup for
+.IR fqdn .
+The retrieved DNS name could instead be an alias,
+rather than a \fIcanonical name\fR.
+Use
+.B dnsfq
+to evaluate the entire
+.I CNAME
+chain.
+.SH "EXIT CODES"
+.B dnscname
+return
+.I 0
+on success,
+.I 1
+in case no CNAME was found, and
+.I 111
+in case of memory errors.
+.SH "SEE ALSO"
+dnsfq(8),
+dnsmxip(8),
+dnsptr(8),
+dnstxt(8).
diff --git a/man/dnsfq.8 b/man/dnsfq.8
new file mode 100644
index 0000000..4773fcb
--- /dev/null
+++ b/man/dnsfq.8
@@ -0,0 +1,34 @@
+.TH s/qmail: dnsfq 8
+.SH NAME
+dnsfq
+.SH SYNOPSIS
+.B dnsfq
+.I fqdn
+.SH DESCRIPTION
+.B fqdns
+takes the given
+.I fqdn
+for a host and employs a
+.I CNAME
+DNS lookup while finally retrieving the
+.I AAAA
+and
+.I A
+record following the chain of potential alias names.
+On output, the entire chain of nested DNS information
+is displayed together with the retrieved IP(v4|v6)
+addresses.
+.SH "EXIT CODES"
+.B dnsfq
+returns
+.I 0
+on success,
+.I 1
+if DNS query errors did occure, and
+.I 111
+in case of memory errors.
+.SH "SEE ALSO"
+dnscname(8),
+dnsmxip(8),
+dnsptr(8),
+dnstxt(8).
diff --git a/man/dnsip.8 b/man/dnsip.8
new file mode 100644
index 0000000..eaa9930
--- /dev/null
+++ b/man/dnsip.8
@@ -0,0 +1,31 @@
+.TH s/qmail: dnsip 8
+.SH NAME
+dnsip
+.SH SYNOPSIS
+.B dnsip
+.I fqdn .
+.SH DESCRIPTION
+.B dnsip
+does a DNS
+.I AAAA
+and
+.I A
+lookup and displays the retrieved
+.I IPv6
+and
+.I IPv4
+addresses on one line for the given
+.IR fqdn .
+.SH "EXIT CODES"
+.B dnsip
+always returns
+.I 0
+except of
+.I 111
+in case of memory errors.
+.SH "SEE ALSO"
+dnscname(8),
+dnsmxip(8),
+dnsfq(8),
+dnsptr(8),
+dnstxt(8).
diff --git a/man/dnsmxip.8 b/man/dnsmxip.8
new file mode 100644
index 0000000..cc3250d
--- /dev/null
+++ b/man/dnsmxip.8
@@ -0,0 +1,42 @@
+.TH s/qmail: dnsmxip 8
+.SH NAME
+dnsmxip
+.SH SYNOPSIS
+.B dnsmxip
+.I fqdn
+.SH DESCRIPTION
+.B dnsmxip
+takes the given
+.I fqdn
+as domain name and employs a
+.I MX
+lookup for
+.I fqdn
+while evaluating for the retrieved MX host(s) the respective
+.I AAAA
+and
+.I A
+address(es).
+
+On output, for each MX
+.I host
+its provided
+.I weight
+and the respective
+.I AAAA
+and
+.I A
+addresses (in perenthesis) are displayed on separate lines.
+.SH "EXIT CODES"
+.B dnsmxip
+returns
+.I 0
+and eventually
+.I 1
+in case of DNS query errors.
+.SH "SEE ALSO"
+dnscname(8),
+dnsip(8),
+dnsfq(8),
+dnsptr(8),
+dnstxt(8).
diff --git a/man/dnsptr.8 b/man/dnsptr.8
new file mode 100644
index 0000000..c3df614
--- /dev/null
+++ b/man/dnsptr.8
@@ -0,0 +1,27 @@
+.TH s/qmail: dnsptr 8
+.SH NAME
+dnsptr
+.SH SYNOPSIS
+.B dnsptr
+.I IPv4
+or
+.IR IPv6 .
+.SH DESCRIPTION
+.B dnsptr
+does a DNS
+.I PTR
+lookup and displays the retrieved
+.IR fqdn .
+.SH "EXIT CODES"
+.B dnsptr
+always returns
+.I 0
+except for wrong IP address
+formats while returning
+.IR 100 .
+.SH "SEE ALSO"
+dnscname(8),
+dnsmxip(8),
+dnsfq(8),
+dnsip(8),
+dnstxt(8).
diff --git a/man/dnstlsa.8 b/man/dnstlsa.8
new file mode 100644
index 0000000..879ed39
--- /dev/null
+++ b/man/dnstlsa.8
@@ -0,0 +1,51 @@
+.TH s/qmail: dnstlsa 8
+.SH NAME
+dnstlsa
+.SH SYNOPSIS
+.B dnstlsa
+.I [-v] [-p port] [-u(dp)|-t(cp)] fqdn
+.SH DESCRIPTION
+.B dnstlsa
+uses the
+.I fqdn
+for a host employing a
+DNS query for a synthesized hostname given as
+.I _port._[tcp|udp].fqdn
+while doing an initial CNAME resolution
+followed by a TLSA query
+and displays the result(s).
+If
+.I -p\ port
+is missing
+.I port\ 25
+is assumed.
+If either
+.I -u
+or
+.I -t
+is omitted,
+.I tcp
+is used.
+Each entry is shown on one line, telling
+.IR Usage ,
+.IR Selector ,
+.IR Matching\ Type
+together with the hex-encoded fingerprint or certificate.
+
+In verbose mode
+.I -v
+the synthezised record is displayed as well.
+.SH "EXIT CODES"
+.B dnstlsa
+returns
+.I 0
+on success,
+.I 1
+for DNS query errors, and
+.I 111
+in case of memory errors.
+.SH "SEE ALSO"
+dnstxt(8),
+dnsfq(8),
+dnsmxip(8),
+dnsptr(8).
diff --git a/man/dnstxt.8 b/man/dnstxt.8
new file mode 100644
index 0000000..933f06f
--- /dev/null
+++ b/man/dnstxt.8
@@ -0,0 +1,29 @@
+.TH s/qmail: dnstxt 8
+.SH NAME
+dnstxt
+.SH SYNOPSIS
+.B dnstxt
+.I fqdn
+.SH DESCRIPTION
+.B dnstxt
+takes the given
+.I fqdn
+for a host employing a
+.I TXT
+DNS lookup for
+.I fqdn
+and displays the result(s).
+.SH "EXIT CODES"
+.B dnstxt
+returns
+.I 0
+on success,
+.I 1
+for DNS query errors, and
+.I 111
+in case of memory errors.
+.SH "SEE ALSO"
+dnscname(8),
+dnsfq(8),
+dnsmxip(8),
+dnsptr(8).
diff --git a/man/dot-qmail.9 b/man/dot-qmail.9
new file mode 100644
index 0000000..f01f24e
--- /dev/null
+++ b/man/dot-qmail.9
@@ -0,0 +1,396 @@
+.TH s/qmail: dot-qmail 5
+.SH NAME
+dot-qmail \- control the delivery of mail messages
+.SH DESCRIPTION
+Normally the
+.B qmail-local
+program delivers each incoming message to your system mailbox,
+.IR homedir\fB/Mailbox ,
+where
+.I homedir
+is your home directory.
+
+It can instead
+write the mail to a different file or directory,
+forward it to another address,
+distribute it to a mailing list,
+or even execute programs,
+all under your control.
+.SH "THE QMAIL FILE"
+To change
+.BR qmail-local 's
+behavior, set up a
+.B .qmail
+file in your home directory.
+
+.B .qmail
+contains one or more lines.
+Each line is a delivery instruction.
+.B qmail-local
+follows each instruction in turn.
+There are five types of delivery instructions:
+(1) comment; (2) program; (3) forward; (4) mbox; (5) maildir.
+.TP 5
+(1)
+A comment line begins with a number sign:
+
+.EX
+ # this is a comment
+.EE
+
+.B qmail-local
+ignores the line.
+.TP 5
+(2)
+A program line begins with a vertical bar:
+
+.EX
+ |preline /usr/ucb/vacation djb
+.EE
+
+.B qmail-local
+takes the rest of the line as a command to supply to
+.BR sh .
+See
+.B qmail-command(8)
+for further information.
+.TP 5
+(3)
+A forward line begins with an ampersand:
+
+.EX
+ &me@new.job.com
+.EE
+
+.B qmail-local
+takes the rest of the line as a mail address;
+it uses
+.B qmail-queue
+to forward the message to that address.
+The address must contain a fully qualified domain name;
+it must not contain extra spaces, angle brackets, or comments:
+
+.EX
+ # the following examples are WRONG
+.br
+ &me@new
+.br
+ &<me@new.job.com>
+.br
+ & me@new.job.com
+.br
+ &me@new.job.com (New Address)
+.EE
+
+If the address begins with a letter or number,
+you may leave out the ampersand:
+
+.EX
+ me@new.job.com
+.EE
+
+Note that
+.B qmail-local
+omits its new
+.B Return-Path
+line when forwarding messages.
+.TP 5
+(4)
+An
+.I mbox
+line begins with a slash or dot,
+and does not end with a slash:
+
+.EX
+ /home/djb/Mailbox.sos
+.EE
+
+.B qmail-local
+takes the entire line as a filename.
+It appends the mail message to that file,
+using
+.BR flock -style
+file locking if possible.
+.B qmail-local
+stores the mail message in
+.I mbox
+format, as described in
+.BR mbox(5) .
+
+.B WARNING:
+On many systems,
+anyone who can read a file can
+.B flock
+it, and thus hold up
+.BR qmail-local 's
+delivery forever.
+Do not deliver mail to a publicly accessible file!
+
+If
+.B qmail-local
+is able to lock the file, but has trouble writing to it
+(because, for example, the disk is full),
+it will truncate the file back to its original length.
+However, it cannot prevent mailbox corruption if the system
+crashes during delivery.
+.TP 5
+(5)
+A
+.I maildir
+line begins with a slash or dot,
+and ends with a slash:
+
+.EX
+ /home/djb/Maildir/
+.EE
+
+.B qmail-local
+takes the entire line as the name of a directory in
+.I maildir
+format.
+It reliably stores the incoming message in that directory.
+See
+.B maildir(5)
+for more details.
+.PP
+If
+.B .qmail
+has the execute bit set,
+it must not contain any
+program lines,
+.I mbox
+lines,
+or
+.I maildir
+lines.
+If
+.B qmail-local
+sees any such lines,
+it will stop and indicate a temporary failure.
+
+If
+.B .qmail
+is completely empty (0 bytes long), or does not exist,
+.B qmail-local
+follows the
+.I defaultdelivery
+instructions set by your system administrator;
+normally
+.I defaultdelivery
+is
+.BR ./Mailbox ,
+so
+.B qmail-local
+appends the mail message to
+.B Mailbox
+in
+.I mbox
+format.
+
+.B .qmail
+may contain extra spaces and tabs at the end of a line.
+Blank lines are allowed, but not for the first line of
+.BR .qmail .
+
+If
+.B .qmail
+is world-writable or group-writable,
+.B qmail-local
+stops and indicates a temporary failure.
+.SH "SAFE QMAIL EDITING"
+Incoming messages can arrive at any moment.
+If you want to safely edit your
+.B .qmail
+file, first set the sticky bit on your home directory:
+
+.EX
+ chmod +t $HOME
+.EE
+
+.B qmail-local
+will temporarily defer delivery of any message to you
+if your home directory is sticky
+(or group-writable or other-writable,
+which should never happen).
+Make sure to
+
+.EX
+ chmod -t $HOME
+.EE
+
+when you are done!
+It's a good idea to test your new
+.B .qmail
+file as follows:
+
+.EX
+ qmail-local -n $USER ~ $USER '' '' '' '' ./Mailbox
+.EE
+
+.SH "EXTENSION ADDRESSES"
+In the
+.B qmail
+system,
+you control all local addresses of the form
+.IR user\fBBREAK\fIanything ,
+as well as the address
+.I user
+itself,
+where
+.I user
+is your account name.
+Delivery to
+.I user\fBBREAK\fIanything
+is controlled by the file
+.IR homedir/\fB.qmail\-\fIanything .
+(These rules may be changed by the system administrator;
+see
+.BR qmail-users (5).)
+
+The
+.B alias
+user controls all other addresses.
+Delivery to
+.I local
+is controlled by the file
+.IR homedir/\fB.qmail\-\fIlocal ,
+where
+.I homedir
+is
+.BR alias 's
+home directory.
+
+In the following description,
+.B qmail-local
+is handling a message addressed to
+.IR local@domain ,
+where
+.I local
+is controlled by
+.BR .qmail\-\fIext .
+Here is what it does.
+
+If
+.B .qmail\-\fIext
+is completely empty,
+.B qmail-local
+follows the
+.I defaultdelivery
+instructions set by your system administrator.
+
+If
+.B .qmail\-\fIext
+doesn't exist,
+.B qmail-local
+will try some default
+.B .qmail
+files.
+For example,
+if
+.I ext
+is
+.BR foo-bar ,
+.B qmail-local
+will try first
+.BR .qmail-foo-bar ,
+then
+.BR .qmail-foo-default ,
+and finally
+.BR .qmail-default .
+If none of these exist,
+.B qmail-local
+will bounce the message.
+(Exception: for the basic
+.I user
+address,
+.B qmail-local
+treats a nonexistent
+.B .qmail
+the same as an empty
+.BR .qmail .)
+
+.B WARNING:
+For security,
+.B qmail-local
+replaces any dots in
+.I ext
+with colons before checking
+.BR .qmail\-\fIext .
+For convenience,
+.B qmail-local
+converts any uppercase letters in
+.I ext
+to lowercase.
+
+When
+.B qmail-local
+forwards a message as instructed in
+.B .qmail\-\fIext
+(or
+.BR .qmail-default ),
+it checks whether
+.B .qmail\-\fIext\fB-owner\fP
+exists.
+If so,
+it uses
+.I local\fB-owner@\fIdomain
+as the envelope sender for the forwarded message.
+Otherwise it retains the envelope sender of the original message.
+Exception:
+.B qmail-local
+always retains the original envelope sender
+if it is the empty address or
+.BR #@[] ,
+i.e., if this is a bounce message.
+
+.B qmail-local
+also supports
+.B variable envelope return paths
+(VERPs):
+if
+.B .qmail\-\fIext\fB-owner\fP
+and
+.B .qmail\-\fIext\fB-owner-default\fP
+both exist, it uses
+.I local\fB\-owner\-@\fIdomain\fB-@[]
+as the envelope sender.
+This will cause a recipient
+.I recip\fB@\fIreciphost
+to see an envelope sender of
+.IR local\fB\-owner\-\fIrecip\fB=\fIreciphost\fB@\fIdomain .
+.SH "ERROR HANDLING"
+If a delivery instruction fails,
+.B qmail-local
+stops immediately and reports failure.
+.B qmail-local
+handles forwarding after all other instructions,
+so any error in another type of delivery will prevent all forwarding.
+
+If a program returns exit code 99,
+.B qmail-local
+ignores all succeeding lines in
+.BR .qmail ,
+but it still pays attention to previous forward lines.
+
+To set up independent instructions,
+where a temporary or permanent failure in one instruction
+does not affect the others,
+move each instruction into a separate
+.B .qmail\-\fIext
+file, and set up a central
+.B .qmail
+file that forwards to all of the
+.BR .qmail\-\fIext s.
+Note that
+.B qmail-local
+can handle any number of forward lines simultaneously.
+
+.SH "SEE ALSO"
+envelopes(5),
+maildir(5),
+mbox(5),
+qmail-users(5),
+qmail-local(8),
+qmail-command(8),
+qmail-queue(8),
+qmail-lspawn(8)
diff --git a/man/envelopes.5 b/man/envelopes.5
new file mode 100644
index 0000000..9f06ed7
--- /dev/null
+++ b/man/envelopes.5
@@ -0,0 +1,231 @@
+.TH s/qmail: envelopes 5
+.SH "NAME"
+envelopes \- sender/recipient lists attached to messages
+.SH "INTRODUCTION"
+Electronic mail messages are delivered in
+.IR envelopes .
+
+An envelope lists a
+.I sender
+and one or more
+.IR recipients .
+Usually these
+envelope addresses are the same
+as the addresses listed in the message header:
+
+.EX
+ (envelope) from djb to root
+.br
+ From: djb
+.br
+ To: root
+.EE
+
+In more complicated situations, though,
+the envelope addresses may differ from the header addresses.
+.SH "ENVELOPE EXAMPLES"
+When a message is delivered to
+several people at different locations,
+it is first photocopied
+and placed into several envelopes:
+
+.EX
+ (envelope) from djb to root
+.br
+ From: djb Copy #1 of message
+.br
+ To: root, god@brl.mil
+.EE
+
+.EX
+ (envelope) from djb to god@brl.mil
+.br
+ From: djb Copy #2 of message
+.br
+ To: root, god@brl.mil
+.EE
+
+When a message is delivered
+to several people at the same location,
+the sender doesn't have to photocopy it.
+He can instead stuff it into
+one envelope with several addresses;
+the recipients will make the photocopy:
+
+.EX
+ (envelope) from djb to god@brl.mil, angel@brl.mil
+.br
+ From: djb
+.br
+ To: god@brl.mil, angel@brl.mil, joe, frde
+.EE
+
+Bounced mail is sent back to the envelope sender address.
+The bounced mail doesn't list an envelope sender,
+so bounce loops are impossible:
+
+.EX
+ (envelope) from <> to djb
+.br
+ From: MAILER-DAEMON
+.br
+ To: djb
+.br
+ Subject: unknown user frde
+.EE
+
+The recipient of a message may make another copy
+and forward it in a new envelope:
+
+.EX
+ (envelope) from djb to joe
+.br
+ From: djb Original message
+.br
+ To: joe
+.EE
+
+.EX
+ (envelope) from joe to fred
+.br
+ From: djb Forwarded message
+.br
+ To: joe
+.EE
+
+A mailing list works almost the same way:
+
+.EX
+ (envelope) from djb to sos-list
+.br
+ From: djb Original message
+.br
+ To: sos-list
+.EE
+
+.EX
+ (envelope) from sos-owner to god@brl.mil
+.br
+ From: djb Forwarded message
+.br
+ To: sos-list to recipient #1
+.EE
+
+.EX
+ (envelope) from sos-owner to frde
+.br
+ From: djb Forwarded message
+.br
+ To: sos-list to recipient #2
+.EE
+
+Notice that the mailing list is set up
+to replace the envelope sender with something new,
+.BR sos-owner .
+So bounces will come back to
+.BR sos-owner :
+
+.EX
+ (envelope) from <> to sos-owner
+.br
+ From: MAILER-DAEMON
+.br
+ To: sos-owner
+.br
+ Subject: unknown user frde
+.EE
+
+It's a good idea to set up an extra address,
+.BR sos-owner ,
+like this:
+the original envelope sender (\fBdjb\fP)
+has no way to fix bad
+.B sos-list
+addresses,
+and of course bounces must not be sent to
+.B sos-list
+itself.
+.SH "HOW ENVELOPE ADDRESSES ARE STORED"
+Envelope sender and envelope recipient addresses
+are transmitted and recorded in several ways.
+
+When a user injects mail through
+.BR qmail-inject ,
+he can supply a
+.B Return-Path
+line or a
+.B \-f
+option for the envelope sender;
+by default the envelope sender is his login name.
+The envelope recipient addresses can be taken
+from the command line or from various header fields,
+depending on the options to
+.BR qmail-inject .
+Similar comments apply to
+.BR sendmail .
+
+When a message is transferred from one machine to another through SMTP,
+the envelope sender is given in a
+.B MAIL FROM
+command,
+the envelope recipients are given in
+.B RCPT TO
+commands,
+and the message is supplied separately by a
+.B DATA
+command.
+
+When a message is delivered by
+.B qmail
+to a single local recipient,
+.B qmail-local
+records the recipient in
+.B Delivered-To
+and the envelope sender in
+.BR Return-Path .
+It uses
+.B Delivered-To
+to detect mail forwarding loops.
+
+.B sendmail
+normally records the envelope sender in
+.BR Return-Path .
+It does not record envelope recipient addresses,
+on the theory that they are redundant:
+you received the mail,
+so you must have been one of the envelope recipients.
+
+Note that,
+if the header doesn't have any recipient addresses,
+.B sendmail
+will move envelope recipient addresses back into the header.
+This situation occurs if all addresses were originally listed as
+.BR Bcc ,
+since
+.B Bcc
+is automatically removed.
+When
+.B sendmail
+sees this, it creates a new
+.B Apparently-To
+header field with the envelope recipient addresses.
+This has the strange effect that each blind-carbon-copy recipient will see
+a list of all recipients on the same machine.
+
+When a message is stored in
+.B mbox
+format,
+the envelope sender is recorded at the top of the message
+as a UUCP-style
+.B From
+(no colon) line.
+Note that this line is less reliable than the
+.B Return-Path
+line added by
+.B qmail-local
+or
+.B sendmail\fP.
+.SH "SEE ALSO"
+qmail-header(5),
+qmail-local(8),
+qmail-inject(8)
diff --git a/man/except.1 b/man/except.1
new file mode 100644
index 0000000..336bc1a
--- /dev/null
+++ b/man/except.1
@@ -0,0 +1,33 @@
+.TH s/qmail: except 1
+.SH NAME
+except \- reverse the exit code of a program
+.SH SYNOPSIS
+.B except
+.I program
+[
+.I arg ...
+]
+.SH DESCRIPTION
+.B except
+runs
+.I program
+with the given arguments.
+
+If
+.I program
+exits 0,
+.B except
+exits 100.
+If
+.I program
+exits 111,
+.B except
+exits 111.
+If
+.I program
+exits anything else,
+.B except
+exits 0.
+.SH "SEE ALSO"
+bouncesaying(1),
+condredirect(1)
diff --git a/man/fastforward.1 b/man/fastforward.1
new file mode 100644
index 0000000..d56e7dc
--- /dev/null
+++ b/man/fastforward.1
@@ -0,0 +1,123 @@
+.TH s/qmail: fastforward 1
+.SH NAME
+fastforward \- forward mail according to a cdb database
+.SH SYNOPSIS
+in
+.BR .qmail-default :
+.B | fastforward
+[
+.B \-nNpPdD
+]
+.I cdb
+.SH DESCRIPTION
+.B fastforward
+forwards each incoming message
+according to instructions in
+.I cdb
+created by
+.BR setforward .
+
+If there is no forwarding instruction in
+.I cdb
+for the incoming recipient address,
+.B fastforward
+will bounce the message.
+
+You can override
+.B .qmail-default
+with a specific
+.BR .qmail-\fIrecipient ;
+see
+.BR dot-qmail (5).
+
+Warning to system administrators:
+Messages do not reach
+.B ~alias/.qmail-default
+unless they are controlled by the
+.B alias
+user.
+See
+.BR qmail-getpw (8).
+
+.B SECURITY WARNING:
+If
+.I cdb
+includes instructions pointing to a mailing list owned by another user,
+that user gains some amount of control over
+.BR fastforward 's
+behavior.
+In particular, he can force
+.B fastforward
+to open any file that you can access,
+and to read any world-readable file that you own,
+even if the file is in a world-inaccessible directory.
+.SH "OPTIONS"
+.TP 5
+.B \-n
+No delivery.
+.B fastforward
+will print a description of its actions,
+but will not actually read or forward a message.
+.TP
+.B \-N
+(Default.)
+Forward a message as usual.
+.TP
+.B \-p
+Pass through.
+If
+.B fastforward
+does not find the recipient in
+.IR cdb ,
+it exits 0,
+giving the message to further commands in
+.BR .qmail-default .
+If
+.B fastforward
+finds the recipient,
+it forwards the message and exits 99,
+so that further commands are skipped.
+.TP
+.B \-P
+(Default.)
+Do not pass through.
+If
+.B fastforward
+finds the recipient,
+it forwards the message and exits 0.
+Otherwise it bounces the message.
+.TP
+.B \-d
+Use
+.B $DEFAULT@$HOST
+as the recipient address, or
+.B $EXT@$HOST
+if
+.B $DEFAULT
+is not set.
+.TP
+.B \-D
+(Default.)
+Use
+.B $RECIPIENT
+as the recipient address.
+.SH VERSION
+The original
+.B fastforward
+verion is 0.51, and the respective
+.B fastforward
+home page is
+.BR http://pobox.com/~djb/fastforward.html .
+However, this version is tightly integrated into
+.BR s/qmail .
+
+.SH "SEE ALSO"
+newaliases(1),
+printforward(1),
+setforward(1),
+dot-qmail(5),
+qmail-command(8),
+qmail-local(8),
+qmail-recpients(8),
+qmail-authuser(8),
+qmail-getpw(8)
diff --git a/man/forgeries.7 b/man/forgeries.7
new file mode 100644
index 0000000..85cc947
--- /dev/null
+++ b/man/forgeries.7
@@ -0,0 +1,104 @@
+.TH s/qmail: forgeries 7
+.SH "NAME"
+forgeries \- how easy it is to forge mail
+.SH "SUMMARY"
+An electronic mail message can easily be forged.
+Almost everything in it,
+including the return address,
+is completely under the control of the sender.
+
+An electronic mail message can be manually traced to its origin
+if (1) all system administrators of intermediate machines
+are both cooperative and competent,
+(2) the sender did not break low-level TCP/IP security,
+and
+(3) all intermediate machines are secure.
+
+Users of
+.I cryptography
+can automatically ensure the integrity and secrecy
+of their mail messages, as long as
+the sending and receiving machines are secure.
+.SH "FORGERIES"
+Like postal mail,
+electronic mail can be created entirely at the whim of the sender.
+.BR From ,
+.BR Sender ,
+.BR Return-Path ,
+and
+.BR Message-ID
+can all contain whatever information the sender wants.
+
+For example, if you inject a message through
+.B sendmail
+or
+.B qmail-inject
+or
+.BR SMTP ,
+you can simply type in a
+.B From
+field.
+In fact,
+.B qmail-inject
+lets you set up
+.BR MAILUSER ,
+.BR MAILHOST ,
+and
+.B MAILNAME
+environment variables
+to produce your desired
+.B From
+field on every message.
+.SH "TRACING FORGERIES"
+Like postal mail,
+electronic mail is postmarked when it is sent.
+Each machine that receives an electronic mail message
+adds a
+.B Received
+line to the top.
+
+A modern
+.B Received
+line contains quite a bit of information.
+In conjunction with the machine's logs,
+it lets a competent system administrator
+determine where the machine received the message from,
+as long as the sender did not break low-level TCP/IP security
+or security on that machine.
+
+Large multi-user machines often come with inadequate logging software.
+Fortunately, a system administrator can easily obtain a copy of a
+931/1413/Ident/TAP server, such as
+.BR pidentd .
+Unfortunately,
+some system administrators fail to do this,
+and are thus unable to figure out which local user
+was responsible for generating a message.
+
+If all intermediate system administrators are competent,
+and the sender did not break machine security or low-level TCP/IP security,
+it is possible to trace a message backwards.
+Unfortunately, some traces are stymied by intermediate system
+administrators who are uncooperative or untrustworthy.
+.SH "CRYPTOGRAPHY"
+The sender of a mail message may place his message into a
+.I cryptographic
+envelope stamped with his seal.
+Strong cryptography guarantees that any two messages with the same seal
+were sent by the same cryptographic entity:
+perhaps a single person, perhaps a group of cooperating people,
+but in any case somebody who knows a secret originally held
+only by the creator of the seal.
+The seal is called a
+.I public key\fR.
+
+Unfortunately, the creator of the seal is often an insecure machine,
+or an untrustworthy central agency,
+but most of the time seals are kept secure.
+
+One popular cryptographic program is
+.BR pgp .
+.SH "SEE ALSO"
+pgp(1),
+identd(8),
+qmail-header(8)
diff --git a/man/forward.1 b/man/forward.1
new file mode 100644
index 0000000..76d56e7
--- /dev/null
+++ b/man/forward.1
@@ -0,0 +1,24 @@
+.TH s/qmail: forward 1
+.SH NAME
+forward \- forward new mail to one or more addresses
+.SH SYNOPSIS
+in
+.BR .qmail :
+.B |forward
+.I address ...
+.SH DESCRIPTION
+.B forward
+forwards each new mail message to the specified list of addresses.
+It is a simple wrapper around
+.BR qmail-queue .
+It achieves the same results as listing each
+.I address
+separately in
+.BR .qmail ,
+but it is more programmable since
+.I address
+can be constructed on the fly.
+.SH "SEE ALSO"
+dot-qmail(5),
+qmail-command(8),
+qmail-queue(8)
diff --git a/man/hostname.8 b/man/hostname.8
new file mode 100644
index 0000000..9276f1e
--- /dev/null
+++ b/man/hostname.8
@@ -0,0 +1,14 @@
+.TH s/qmail: hostname 8
+
+.SH NAME
+hostname
+.SH SYNOPSIS
+.B hostname
+.SH DESCRIPTION
+.B hostname
+evaluates from the system its
+.I hostname
+employing a DNS lookup while erhaps including the domain
+and displays it as \fIFull Qualified Domain Name\fR (\fBFQDN\fR).
+.SH "SEE ALSO"
+ipmeprint(8).
diff --git a/man/ipmeprint.8 b/man/ipmeprint.8
new file mode 100644
index 0000000..473d83e
--- /dev/null
+++ b/man/ipmeprint.8
@@ -0,0 +1,15 @@
+.TH s/qmail: ipmeprint 8
+
+.SH NAME
+ipmeprint
+.SH SYNOPSIS
+.B ipmeprint
+.SH DESCRIPTION
+.B ipmeprints
+reads the kernel's bindings to
+.I IPv4
+and
+.IP IPv6
+addresses and displays those one per line.
+.SH "SEE ALSO"
+hostname(9).
diff --git a/man/maildir.5 b/man/maildir.5
new file mode 100644
index 0000000..49b2b23
--- /dev/null
+++ b/man/maildir.5
@@ -0,0 +1,239 @@
+.TH s/qmail: maildir 5
+.SH "NAME"
+maildir \- directory for incoming mail messages
+.SH "INTRODUCTION"
+.I maildir
+is a structure for
+directories of incoming mail messages.
+It solves the reliability problems that plague
+.I mbox
+files and
+.I mh
+folders.
+.SH "RELIABILITY ISSUES"
+A machine may crash while it is delivering a message.
+For both
+.I mbox
+files and
+.I mh
+folders this means that the message will be silently truncated.
+Even worse: for
+.I mbox
+format, if the message is truncated in the middle of a line,
+it will be silently joined to the next message.
+The mail transport agent will try again later to deliver the message,
+but it is unacceptable that a corrupted message should show up at all.
+In
+.IR maildir ,
+every message is guaranteed complete upon delivery.
+
+A machine may have two programs simultaneously delivering mail
+to the same user.
+The
+.I mbox
+and
+.I mh
+formats require the programs to update a single central file.
+If the programs do not use some locking mechanism,
+the central file will be corrupted.
+There are several
+.I mbox
+and
+.I mh
+locking mechanisms,
+none of which work portably and reliably.
+In contrast, in
+.IR maildir ,
+no locks are ever necessary.
+Different delivery processes never touch the same file.
+
+A user may try to delete messages from his mailbox at the same
+moment that the machine delivers a new message.
+For
+.I mbox
+and
+.I mh
+formats, the user's mail-reading program must know
+what locking mechanism the mail-delivery programs use.
+In contrast, in
+.IR maildir ,
+any delivered message
+can be safely updated or deleted by a mail-reading program.
+
+Many sites use Sun's
+.B Network F\fPa\fBil\fPur\fBe System
+(NFS),
+presumably because the operating system vendor does not offer
+anything else.
+NFS exacerbates all of the above problems.
+Some NFS implementations don't provide
+.B any
+reliable locking mechanism.
+With
+.I mbox
+and
+.I mh
+formats,
+if two machines deliver mail to the same user,
+or if a user reads mail anywhere except the delivery machine,
+the user's mail is at risk.
+.I maildir
+works without trouble over NFS.
+.SH "THE MAILDIR STRUCTURE"
+A directory in
+.I maildir
+format has three subdirectories,
+all on the same filesystem:
+.BR tmp ,
+.BR new ,
+and
+.BR cur .
+
+Each file in
+.B new
+is a newly delivered mail message.
+The modification time of the file is the delivery date of the message.
+The message is delivered
+.I without
+an extra UUCP-style
+.B From_
+line,
+.I without
+any
+.B >From
+quoting,
+and
+.I without
+an extra blank line at the end.
+The message is normally in RFC 822 format,
+starting with a
+.B Return-Path
+line and a
+.B Delivered-To
+line,
+but it could contain arbitrary binary data.
+It might not even end with a newline.
+
+Files in
+.B cur
+are just like files in
+.BR new .
+The big difference is that files in
+.B cur
+are no longer new mail:
+they have been seen by the user's mail-reading program.
+.SH "HOW A MESSAGE IS DELIVERED"
+The
+.B tmp
+directory is used to ensure reliable delivery,
+as discussed here.
+
+A program delivers a mail message in six steps.
+First, it
+.B chdir()\fPs
+to the
+.I maildir
+directory.
+Second, it
+.B stat()s
+the name
+.BR tmp/\fItime.pid.host ,
+where
+.I time
+is the number of seconds since the beginning of 1970 GMT,
+.I pid
+is the program's process ID,
+and
+.I host
+is the host name.
+Third, if
+.B stat()
+returned anything other than ENOENT,
+the program sleeps for two seconds, updates
+.IR time ,
+and tries the
+.B stat()
+again, a limited number of times.
+Fourth, the program
+creates
+.BR tmp/\fItime.pid.host .
+Fifth, the program
+.I NFS-writes
+the message to the file.
+Sixth, the program
+.BR link() s
+the file to
+.BR new/\fItime.pid.host .
+At that instant the message has been successfully delivered.
+
+The delivery program is required to start a 24-hour timer before
+creating
+.BR tmp/\fItime.pid.host ,
+and to abort the delivery
+if the timer expires.
+Upon error, timeout, or normal completion,
+the delivery program may attempt to
+.B unlink()
+.BR tmp/\fItime.pid.host .
+
+.I NFS-writing
+means
+(1) as usual, checking the number of bytes returned from each
+.B write()
+call;
+(2) calling
+.B fsync()
+and checking its return value;
+(3) calling
+.B close()
+and checking its return value.
+(Standard NFS implementations handle
+.B fsync()
+incorrectly
+but make up for it by abusing
+.BR close() .)
+.SH "HOW A MESSAGE IS READ"
+A mail reader operates as follows.
+
+It looks through the
+.B new
+directory for new messages.
+Say there is a new message,
+.BR new/\fIunique .
+The reader may freely display the contents of
+.BR new/\fIunique ,
+delete
+.BR new/\fIunique ,
+or rename
+.B new/\fIunique
+as
+.BR cur/\fIunique:info .
+See
+.B http://pobox.com/~djb/proto/maildir.html
+for the meaning of
+.IR info .
+
+The reader is also expected to look through the
+.B tmp
+directory and to clean up any old files found there.
+A file in
+.B tmp
+may be safely removed if it
+has not been accessed in 36 hours.
+
+It is a good idea for readers to skip all filenames in
+.B new
+and
+.B cur
+starting with a dot.
+Other than this, readers should not attempt to parse filenames.
+.SH "ENVIRONMENT VARIABLES"
+Mail readers supporting
+.I maildir
+use the
+.B MAILDIR
+environment variable
+as the name of the user's primary mail directory.
+.SH "SEE ALSO"
+mbox(5),
+qmail-local(8)
diff --git a/man/maildir2mbox.1 b/man/maildir2mbox.1
new file mode 100644
index 0000000..c63a6a8
--- /dev/null
+++ b/man/maildir2mbox.1
@@ -0,0 +1,53 @@
+.TH s/qmail: maildir2mbox 1
+.SH NAME
+maildir2mbox \- move mail from a maildir to an mbox
+.SH SYNOPSIS
+.B maildir2mbox
+.SH DESCRIPTION
+.B maildir2mbox
+moves mail from a
+.IR maildir -format
+directory to an
+.IR mbox -format
+file.
+
+You must supply three environment variables to
+.BR maildir2mbox :
+.B MAILDIR
+is the name of your
+.I maildir
+directory;
+.B MAIL
+is the name of your
+.I mbox
+file;
+and
+.B MAILTMP
+is a temporary file that
+.B maildir2mbox
+can overwrite.
+.B MAILTMP
+and
+.B MAIL
+must be on the same filesystem.
+
+.B maildir2mbox
+is reliable:
+it will not remove messages
+from
+.B MAILDIR
+until the messages have been successfully appended to
+.BR MAIL .
+
+.B maildir2mbox
+locks
+.B MAIL
+to protect against simultaneous access by a mail reader.
+This locking system does not protect against simultaneous access
+by another
+.BR maildir2mbox ;
+you should run only one
+.B maildir2mbox
+at a time.
+.SH "SEE ALSO"
+maildir(5)
diff --git a/man/maildirmake.1 b/man/maildirmake.1
new file mode 100644
index 0000000..875ab50
--- /dev/null
+++ b/man/maildirmake.1
@@ -0,0 +1,15 @@
+.TH s/qmail: maildirmake 1
+.SH NAME
+maildirmake \- create a maildir for incoming mail
+.SH SYNOPSIS
+.B maildirmake
+.I dir
+.SH DESCRIPTION
+.B maildirmake
+makes a new directory,
+.IR dir ,
+in
+.B maildir
+format.
+.SH "SEE ALSO"
+maildir(5)
diff --git a/man/maildirwatch.1 b/man/maildirwatch.1
new file mode 100644
index 0000000..c33b17e
--- /dev/null
+++ b/man/maildirwatch.1
@@ -0,0 +1,23 @@
+.TH s/qmail: maildirwatch 1
+.SH NAME
+maildirwatch \- look for new mail in a maildir
+.SH SYNOPSIS
+.B maildirwatch
+.SH DESCRIPTION
+.B maildirwatch
+watches your
+.I maildir
+for new mail.
+You must supply a
+.B MAILDIR
+environment variable
+with the name of your
+.I maildir
+directory.
+
+.B maildirwatch
+prints a new mail summary twice per minute.
+It is designed to run inside a (VT100-compatible) window;
+it clears the window before each summary.
+.SH "SEE ALSO"
+maildir(5)
diff --git a/man/mailsubj.1 b/man/mailsubj.1
new file mode 100644
index 0000000..ed4772d
--- /dev/null
+++ b/man/mailsubj.1
@@ -0,0 +1,38 @@
+.TH s/qmail: mailsubj 1
+.SH NAME
+mailsubj \- send a mail message with a subject line
+.SH SYNOPSIS
+.B mailsubj
+.I subject
+.I recip ...
+.SH DESCRIPTION
+.B mailsubj
+inserts
+.I subject
+and the list of
+.IR recip s
+into a mail message:
+
+.EX
+ Subject: subject
+.br
+ To: recip ...
+.br
+
+.br
+ body
+.EE
+
+.B mailsubj
+reads the body of the message from its standard input.
+Then it sends the message.
+
+Note that
+.I subject
+and
+.I recip
+must be quoted properly for the message header.
+.SH "SEE ALSO"
+addresses(5),
+qmail-header(8),
+qmail-inject(8)
diff --git a/man/matchup.1 b/man/matchup.1
new file mode 100644
index 0000000..1a3fbf0
--- /dev/null
+++ b/man/matchup.1
@@ -0,0 +1,111 @@
+.TH s/qmail: matchup 1
+.SH NAME
+matchup \- collect information on messages and deliveries
+.SH SYNTAX
+.B matchup
+.SH DESCRIPTION
+.B matchup
+reads a series of lines from
+.BR qmail-send ,
+with a numeric timestamp in front of each line.
+.B matchup
+matches the end of each delivery attempt with the start of the delivery attempt
+and with the relevant message information;
+it replaces
+.BR qmail-send 's
+message reports and delivery reports
+with message lines and delivery lines in the format described below.
+
+.B matchup
+exits after it sees end of file.
+It prints pending messages and deliveries on descriptor 5,
+in a format suitable for input to a future invocation of
+.BR matchup :
+
+.EX
+ <log.1 matchup >out.1 5>pending.2
+.br
+ cat pending.2 log.2 | matchup >out.2 5>pending.3
+.br
+ cat pending.3 log.3 | matchup >out.3 5>pending.4
+.EE
+
+Note that the 5> notation does not work with csh.
+.SH "MESSAGE LINES"
+A message line summarizes the delivery results for a message
+that has left the queue:
+
+.EX
+ m \fIbirth\fR \fIdone\fR \fIbytes\fR \fInk\fR \fInz\fR \fInd\fR <\fIsender\fR> \fIqp\fR \fIuid\fR
+.EE
+
+Here
+.I birth
+and
+.I done
+are timestamps,
+.I bytes
+is the number of bytes in the message,
+.I nk
+is the number of successful deliveries,
+.I nz
+is the number of deferred delivery attempts,
+.I nd
+is the number of failed delivery attempts,
+.I sender
+is the message's return path,
+.I qp
+is the message's long-term queue identifier,
+and
+.I uid
+is the userid of the user that queued the message.
+
+Note that
+.B matchup
+converts
+.I sender
+to lowercase.
+This can lose information,
+since a few hosts pay attention to the case in the box part of an address.
+.SH "DELIVERY LINES"
+A delivery line shows the result of a single delivery attempt:
+
+.EX
+ d \fIresult\fR \fIbirth\fR \fIdstart\fR \fIddone\fR \fIbytes\fR
+.br
+ <\fIsender\fR> \fIchan\fR.\fIrecip\fR \fIqp\fR \fIuid\fR \fIreason\fR
+.EE
+
+Here
+.IR birth ,
+.IR bytes ,
+.IR sender ,
+.IR qp ,
+and
+.I uid
+are message information as above;
+.I chan
+is the channel for this delivery;
+.I recip
+is the recipient address for this delivery;
+.I dstart
+and
+.I ddone
+are timestamps;
+.I result
+is the letter k for success, z for deferral, d for failure;
+and
+.I reason
+is a more detailed explanation of the delivery result.
+
+.B matchup
+converts
+.I recip
+to lowercase.
+.SH "SEE ALSO"
+xqp(1),
+xrecipient(1),
+xsender(1),
+accustamp(1),
+qmail-log(5),
+splogger(8)
diff --git a/man/mbox.5 b/man/mbox.5
new file mode 100644
index 0000000..e9860e4
--- /dev/null
+++ b/man/mbox.5
@@ -0,0 +1,235 @@
+.TH s/qmail: mbox 5
+.SH "NAME"
+mbox \- file containing mail messages
+.SH "INTRODUCTION"
+The most common format for storage of mail messages is
+.I mbox
+format.
+An
+.I mbox
+is a single file containing zero or more mail messages.
+.SH "MESSAGE FORMAT"
+A message encoded in
+.I mbox
+format begins with a
+.B From_
+line, continues with a series of
+.B \fRnon-\fBFrom_
+lines,
+and ends with a blank line.
+A
+.B From_
+line means any line that begins with the characters
+F, r, o, m, space:
+
+.EX
+ From god@heaven.af.mil Sat Jan 3 01:05:34 1996
+.br
+ Return-Path: <god@heaven.af.mil>
+.br
+ Delivered-To: djb@silverton.berkeley.edu
+.br
+ Date: 3 Jan 1996 01:05:34 -0000
+.br
+ From: God <god@heaven.af.mil>
+.br
+ To: djb@silverton.berkeley.edu (D. J. Bernstein)
+.br
+
+.br
+ How's that mail system project coming along?
+.br
+
+.EE
+
+The final line is a completely blank line (no spaces or tabs).
+Notice that blank lines may also appear elsewhere in the message.
+
+The
+.B From_
+line always looks like
+.B From
+.I envsender
+.I date
+.IR moreinfo .
+.I envsender
+is one word, without spaces or tabs;
+it is usually the envelope sender of the message.
+.I date
+is the delivery date of the message.
+It always contains exactly 24 characters in
+.B asctime
+format.
+.I moreinfo
+is optional; it may contain arbitrary information.
+
+Between the
+.B From_
+line and the blank line is a message in RFC 822 format,
+as described in
+.BR qmail-header(5) ,
+subject to
+.B >From quoting
+as described below.
+.SH "HOW A MESSAGE IS DELIVERED"
+Here is how a program appends a message to an
+.I mbox
+file.
+
+It first creates a
+.B From_
+line given the message's envelope sender and the current date.
+If the envelope sender is empty (i.e., if this is a bounce message),
+the program uses
+.B MAILER-DAEMON
+instead.
+If the envelope sender contains spaces, tabs, or newlines,
+the program replaces them with hyphens.
+
+The program then copies the message, applying
+.B >From quoting
+to each line.
+.B >From quoting
+ensures that the resulting lines are not
+.B From_
+lines:
+the program prepends a
+.B >
+to any
+.B From_
+line,
+.B >From_
+line,
+.B >>From_
+line,
+.B >>>From_
+line,
+etc.
+
+Finally the program appends a blank line to the message.
+If the last line of the message was a partial line,
+it writes two newlines;
+otherwise it writes one.
+.SH "HOW A MESSAGE IS READ"
+A reader scans through an
+.I mbox
+file looking for
+.B From_
+lines.
+Any
+.B From_
+line marks the beginning of a message.
+The reader should not attempt to take advantage of the fact that every
+.B From_
+line (past the beginning of the file)
+is preceded by a blank line.
+
+Once the reader finds a message,
+it extracts a (possibly corrupted) envelope sender
+and delivery date out of the
+.B From_
+line.
+It then reads until the next
+.B From_
+line or end of file, whichever comes first.
+It strips off the final blank line
+and
+deletes the
+quoting of
+.B >From_
+lines and
+.B >>From_
+lines and so on.
+The result is an RFC 822 message.
+.SH "COMMON MBOX VARIANTS"
+There are many variants of
+.I mbox
+format.
+The variant described above is
+.I mboxrd
+format, popularized by Rahul Dhesi in June 1995.
+
+The original
+.I mboxo
+format quotes only
+.B From_
+lines, not
+.B >From_
+lines.
+As a result it is impossible to tell whether
+
+.EX
+ From: djb@silverton.berkeley.edu (D. J. Bernstein)
+.br
+ To: god@heaven.af.mil
+.br
+
+.br
+ >From now through August I'll be doing beta testing.
+.br
+ Thanks for your interest.
+.EE
+
+was quoted in the original message.
+An
+.I mboxrd
+reader will always strip off the quoting.
+
+.I mboxcl
+format is like
+.I mboxo
+format, but includes a Content-Length field with the
+number of bytes in the message.
+.I mboxcl2
+format is like
+.I mboxcl
+but has no
+.B >From
+quoting.
+These formats are used by SVR4 mailers.
+.I mboxcl2
+cannot be read safely by
+.I mboxrd
+readers.
+.SH "UNSPECIFIED DETAILS"
+There are many locking mechanisms for
+.I mbox
+files.
+.B qmail-local
+always uses
+.B flock
+on systems that have it, otherwise
+.BR lockf .
+
+The delivery date in a
+.B From_
+line does not specify a time zone.
+.B qmail-local
+always creates the delivery date in GMT
+so that
+.I mbox
+files can be safely transported from one time zone to another.
+
+If the mtime on a nonempty
+.I mbox
+file is greater than the atime,
+the file has new mail.
+If the mtime is smaller than the atime,
+the new mail has been read.
+If the atime equals the mtime,
+there is no way to tell whether the file has new mail,
+since
+.B qmail-local
+takes much less than a second to run.
+One solution is for a mail reader to artificially set the
+atime to the mtime plus 1.
+Then the file has new mail if and only if the atime is
+less than or equal to the mtime.
+
+Some mail readers place
+.B Status
+fields in each message to indicate which messages have been read.
+.SH "SEE ALSO"
+maildir(5),
+qmail-header(5),
+qmail-local(8)
diff --git a/man/newaliases.1 b/man/newaliases.1
new file mode 100644
index 0000000..a51ff64
--- /dev/null
+++ b/man/newaliases.1
@@ -0,0 +1,366 @@
+.TH s/qmail: newaliases 1
+.SH NAME
+newaliases \- create a forwarding database from /etc/aliases
+.SH SYNOPSIS
+.B newaliases
+.SH DESCRIPTION
+.B newaliases
+reads a table of
+sendmail-style
+forwarding instructions from
+.B /etc/aliases
+and converts them into a forwarding database in
+.BR /etc/aliases.cdb .
+The forwarding database can be used by
+.BR fastforward .
+
+For safety,
+.B newaliases
+writes the forwarding database to
+.B /etc/aliases.tmp
+and then moves
+.B /etc/aliases.tmp
+to
+.BR /etc/aliases.cdb .
+If there is a problem creating
+.BR /etc/aliases.tmp ,
+.B newaliases
+complains and leaves
+.B /etc/aliases.cdb
+alone.
+Deliveries can continue using
+.B /etc/aliases.cdb
+in the meantime.
+
+.B newaliases
+always creates
+.B /etc/aliases.cdb
+world-readable.
+
+.B newaliases
+makes no attempt to protect against
+simultaneous updates of
+.BR /etc/aliases.cdb .
+.SH "INSTRUCTION FORMAT"
+.B newaliases
+imitates
+sendmail's
+handling of
+.BR /etc/aliases .
+For example,
+
+.EX
+ root: alice, bill
+.EE
+
+says that mail for
+.B root
+should be forwarded to
+.B alice
+and
+.BR bill .
+
+.B COMPATIBILITY WARNING:
+.B newaliases
+does not support file deliveries.
+You can use the file delivery mechanism described in
+.B dot-qmail(5)
+instead.
+.SH "SIMPLE ALIASES"
+The simplest type of forwarding instruction
+is a line of the form
+
+.EX
+ alias: recip
+.EE
+
+Any message sent to
+.I alias
+will be forwarded to the recipient address
+.IR recip .
+Addresses are compared to
+.I alias
+without regard to case.
+
+Forwarding instructions are cumulative.
+If
+.I recip
+is itself an alias,
+messages to
+.I alias
+will be forwarded the same way as
+messages to
+.IR recip .
+For example, with the following instructions,
+messages to
+.B postmaster@heaven.af.mil
+or
+.B root@heaven.af.mil
+will be delivered to Bob:
+
+.EX
+ postmaster@heaven.af.mil: bob@heaven.af.mil
+.EE
+.br
+.EX
+ root@heaven.af.mil: postmaster@heaven.af.mil
+.EE
+
+.B COMPATIBILITY WARNING:
+With
+sendmail,
+entries in
+.B /etc/aliases
+can override usernames.
+With
+.BR s/qmail ,
+if you install
+.B fastforward
+in
+.BR ~alias/.qmail-default ,
+it will not see addresses that are controlled by other users.
+See
+.BR qmail-getpw (8).
+To change this, see
+.BR qmail-users (5).
+
+.B COMPATIBILITY WARNING:
+Various versions of
+sendmail
+do various strange things with circular alias definitions.
+See
+.BR setforward (1)
+for details on
+.BR fastforward 's
+behavior.
+
+.B COMPATIBILITY WARNING:
+If there are several forwarding instructions for a single
+.IR alias ,
+sendmail
+will complain;
+.B fastforward
+will silently use the first instruction.
+.SH "WILDCARDS"
+.I alias
+can have the form
+.I user@host.dom
+for one user at one host,
+.I @host.dom
+for all users at one host, or
+.I user
+for one user at all hosts.
+
+.B COMPATIBILITY WARNING:
+sendmail
+supports only
+.IR user ;
+it does not support per-host aliases.
+It accepts
+.I user@host.dom
+if
+.I host.dom
+is a local host,
+but it then treats it the same way as
+.IR user ,
+applying to all local hosts and virtual domains.
+.SH "ADDRESS FORMATS"
+Addresses in
+.B /etc/aliases
+are parsed the same way as addresses in RFC 822 message headers.
+Parenthesized comments and bracketed addresses are permitted:
+
+.EX
+ root: bob (Bob, the postmaster)
+ joe: Joe Shmoe <shmoe@heaven.af.mil>
+.EE
+
+Addresses with special characters must be quoted:
+
+.EX
+ fred: "spaced out mailbox"@heaven.af.mil
+.EE
+
+Address groups are not permitted,
+since colons have a different use in
+.BR /etc/aliases .
+
+Any recipient address without a fully qualified domain name is
+fed through the
+.BR defaulthost ,
+.BR defaultdomain ,
+and
+.B plusdomain
+mechanisms described in
+.BR qmail-header (5).
+
+.B COMPATIBILITY WARNING:
+sendmail's
+handling of quotes and backslashes violates RFC 821 and RFC 822,
+and is not supported by
+.BR newaliases .
+The
+.B qmail-local
+delivery mechanism
+lets each user manage several addresses,
+so there is no need for a special syntax to get around forwarding.
+.SH "MULTIPLE RECIPIENTS"
+An instruction may list more than one recipient address:
+
+.EX
+ alias: recip1, recip2, recip3
+.EE
+
+Any message sent to
+.I alias
+will be forwarded to all of the addresses.
+
+A forwarding instruction may be split across several lines.
+Each line past the first must either (1) begin with space or tab
+or (2) be empty:
+
+.EX
+ hostmaster:
+.EE
+.br
+.EX
+ fred,
+.EE
+.br
+.EX
+ joe
+.EE
+
+.B COMPATIBILITY WARNING:
+sendmail
+requires the colon to be on the first line
+of a multi-line forwarding instruction.
+.B newaliases
+doesn't care whether the colon is present at all.
+
+.B COMPATIBILITY WARNING:
+sendmail
+does not permit blank lines in the middle of continuations.
+This has the undesirable effect that a blank line behaves differently
+from a line containing a single space.
+.SH "COMMENTS"
+Any line in
+.B /etc/aliases
+that begins with # is ignored:
+
+.EX
+ # this is a comment
+.EE
+
+A comment may be split across several lines.
+Each line past the first must either (1) begin with space or tab
+or (2) be empty.
+
+.B COMPATIBILITY WARNING:
+sendmail
+does not permit continuations of comment lines.
+.SH "PROGRAMS"
+If a recipient address does not contain a domain name,
+and begins with a vertical bar,
+.B newaliases
+takes the rest of the address as a program to run:
+
+.EX
+ weather: "|weather-server"
+.EE
+
+.B fastforward
+will run
+.B weather-server
+when a message arrives for
+.BR weather .
+
+.B COMPATIBILITY WARNING:
+Internet addresses can legitimately start with
+a slash or vertical bar.
+.B newaliases
+treats anything with an unquoted @ as an address.
+sendmail appears to have various problems
+coping with these addresses,
+and with commands that contain @ signs.
+
+.B COMPATIBILITY WARNING:
+.B newaliases
+does not allow a vertical bar before double quotes.
+.SH "INCLUDE FILES"
+A recipient address of the form
+.B :include:\fIfile
+means ``every address listed in
+.IR file .''
+(Actually
+.B fastforward
+reads
+.IR file\fB.bin ;
+see
+.BR newinclude (1)
+for further details.)
+
+Note that
+.I file
+is read by
+.BR fastforward ,
+not
+.BR newaliases ,
+so the system administrator does not have to run
+.B newaliases
+every time
+.I file
+changes.
+.I file
+must be world-readable
+and accessible to
+.BR fastforward .
+
+.B COMPATIBILITY WARNING:
+If an
+.B :include:
+file is unreadable or nonexistent,
+sendmail
+skips it;
+.B fastforward
+defers delivery of the message.
+
+.B COMPATIBILITY WARNING:
+sendmail
+does not permit spaces inside the literal text
+.BR :include: .
+.B newaliases
+does.
+
+.B COMPATIBILITY WARNING:
+Versions of
+sendmail
+before V8 did not strip quotes from
+.B :include:
+filenames.
+.SH "ALIAS OWNERS"
+If there is an alias for
+.BR owner-\fIlist ,
+any message forwarded through
+.I list
+will have its envelope sender set to
+.BR owner-\fIlist ,
+so that bounces go back to
+.BR owner-\fIlist .
+
+.B COMPATIBILITY WARNING:
+When an alias includes the same recipient both inside and outside
+a mailing list,
+.B fastforward
+sends the message twice,
+once with each envelope sender.
+sendmail
+sends the message only once;
+its choice of envelope sender for that recipient
+depends on the phase of the moon.
+.SH "SEE ALSO"
+fastforward(1),
+setforward(1),
+newinclude(1),
+printforward(1),
+dot-qmail(5)
diff --git a/man/newinclude.1 b/man/newinclude.1
new file mode 100644
index 0000000..44edb9d
--- /dev/null
+++ b/man/newinclude.1
@@ -0,0 +1,88 @@
+.TH s/qmail: newinclude 1
+.SH NAME
+newinclude \- create a binary mailing list from an :include: file
+.SH SYNOPSIS
+.B newinclude
+.I list
+.SH DESCRIPTION
+.B newinclude
+reads a
+sendmail-style
+.B :include:
+file,
+.IR list ,
+and converts it into a binary format in
+.I list\fB.bin
+for use by
+.BR fastforward .
+
+.B newinclude
+first writes the mailing list to
+.IR list\fB.tmp ,
+and then moves it to
+.IR list\fB.bin .
+If there is any problem creating
+.IR list\fB.tmp ,
+.B newinclude
+leaves
+.I list\fB.bin
+alone.
+
+.B newinclude
+always creates
+.I list\fB.bin
+world-readable.
+
+.B COMPATIBILITY WARNING:
+sendmail
+reads
+.I list
+directly;
+.B fastforward
+needs
+.IR list\fB.bin .
+sendmail's strategy is a disaster if you save
+.I list
+to disk at the same moment that
+sendmail
+reads it;
+the list will be truncated at a random spot,
+perhaps in the middle of an address.
+Furthermore, if the system crashes while you are writing
+.IR list ,
+.I list
+could be filled with all sorts of garbage.
+.SH "LIST FORMAT"
+.I list
+may contain any number of lines;
+each line may contain any number of addresses
+or further
+.B :include:
+files.
+See
+.BR newaliases (1)
+for details on the address format.
+Any line in
+.I file
+beginning with # is ignored.
+
+.B COMPATIBILITY WARNING:
+.B newinclude
+does not support file or program deliveries in
+.B :include:
+files.
+You can use the secure delivery mechanisms described in
+.B dot-qmail(5)
+instead.
+
+.B COMPATIBILITY WARNING:
+Versions of
+sendmail
+before V8 did not allow comments in
+.B :include:
+files.
+.SH "SEE ALSO"
+fastforward(1),
+newaliases(1),
+setmaillist(1),
+dot-qmail(5)
diff --git a/man/preline.1 b/man/preline.1
new file mode 100644
index 0000000..d324ff8
--- /dev/null
+++ b/man/preline.1
@@ -0,0 +1,57 @@
+.TH s/qmail: preline 1
+.SH NAME
+preline \- prepend lines to message
+.SH SYNOPSIS
+in
+.BR .qmail\fIext :
+.B | preline \fIcommand
+.SH DESCRIPTION
+.B preline
+feeds each incoming mail message through
+.IR command .
+At the top of each message it inserts
+a UUCP-style
+.B From_
+line, a
+.B Return-Path
+line, and a
+.B Delivered-To
+line.
+
+.B preline
+is useful for
+.B procmail
+and
+ELM's
+.BR filter ,
+which
+do not understand the
+.B qmail-command
+environment variables.
+.SH OPTIONS
+.TP
+.B \-d
+Do not include the
+.B Delivered-To
+line. You should use this option when the
+recipient of the incoming mail message is actually under remote control,
+but was sent here through
+.B control/virtualdomains
+for manual routing.
+.TP
+.B \-f
+Do not include the
+.B From_
+line. You should use this option except for
+.IR command s
+that create
+.I mbox
+files.
+.TP
+.B \-r
+Do not include the
+.B Return-Path
+line.
+.SH "SEE ALSO"
+mbox(5),
+qmail-command(8)
diff --git a/man/printforward.1 b/man/printforward.1
new file mode 100644
index 0000000..f4beaa0
--- /dev/null
+++ b/man/printforward.1
@@ -0,0 +1,16 @@
+.TH s/qmail: printforward 1
+.SH NAME
+printforward \- print the instructions in a forwarding database
+.SH SYNOPSIS
+.B printforward
+.SH DESCRIPTION
+.B printforward
+reads a forwarding database from its standard input
+and prints all the forwarding instructions
+in a format accepted by
+.BR setforward .
+.SH "SEE ALSO"
+fastforward(1),
+newaliases(1),
+printmaillist(1),
+setforward(1)
diff --git a/man/printmaillist.1 b/man/printmaillist.1
new file mode 100644
index 0000000..803cdab
--- /dev/null
+++ b/man/printmaillist.1
@@ -0,0 +1,15 @@
+.TH s/qmail: printmaillist 1
+.SH NAME
+printmaillist \- print the contents of a binary mailing list
+.SH SYNOPSIS
+.B printmaillist
+.SH DESCRIPTION
+.B printmaillist
+reads a binary mailing list from its standard input
+and prints all the forwarding instructions
+in a format accepted by
+.BR setmaillist .
+.SH "SEE ALSO"
+newinclude(1),
+printforward(1),
+setmaillist(1)
diff --git a/man/qbiff.1 b/man/qbiff.1
new file mode 100644
index 0000000..085d97e
--- /dev/null
+++ b/man/qbiff.1
@@ -0,0 +1,31 @@
+.TH s/qmail: qbiff 1
+.SH NAME
+qbiff \- announce new mail the moment it arrives
+.SH SYNOPSIS
+in
+.BR .qmail :
+.B |qbiff
+.SH DESCRIPTION
+.B qbiff
+writes a message to your screen
+whenever a new mail message is delivered,
+if you ran
+.B biff y
+after logging in.
+
+.B WARNING:
+If you create a
+.B .qmail
+file to enable
+.BR qbiff ,
+make sure to also add a line specifying delivery to your normal mailbox.
+For example:
+
+.EX
+ /home/joe/Mailbox
+.br
+ |qbiff
+.EE
+.SH "SEE ALSO"
+biff(1),
+dot-qmail(5)
diff --git a/man/qmail-authuser.9 b/man/qmail-authuser.9
new file mode 100644
index 0000000..d2e89d8
--- /dev/null
+++ b/man/qmail-authuser.9
@@ -0,0 +1,490 @@
+.TH s/qmail: qmail-authuser 8
+
+.SH "NAME"
+qmail-authuser \- user authentication
+.SH "SYNOPSIS"
+.B qmail-authuser
+[
+.I program maildirname
+|
+.I [-s authsocket [-x service=authmethod]]
+]
+.I subprogram [ args ]
+.SH "DESCRIPTION"
+.B qmail-authuser
+is a versatile authentication PAM for SMTP, POP3 and IMAP services
+providing four different operation modes depending on the input
+of the configuration file
+.I SQMAIL/users/authuser
+and the given arguments.
+It can be used as substitude for the authentication modules
+.IR checkpassword ,
+.IR cmd5checkpw ,
+.IR checkvpw
+(vmailmgr),
+and
+.I vchkpw
+(vpopmail)
+supporting the same arguments on call.
+.TP 5
+Native mode:
+.B qmail-authuser
+reads
+.I SQMAIL/users/authuser
+and uses the information as local authentication database.
+.TP 5
+System mode:
+.B qmail-authuser
+accesses the Unix
+.I /etc/password
+file (or it's shadow companion) as authentication source.
+.TP 5
+Virtual user mode:
+.B qmail-authuser
+calls either the virtual domain auth handler
+.B vchkpw
+or
+.BR checkvpw .
+.TP 5
+Dovecot mode:
+.B qmail-authuser
+queries
+.B dovecot
+as authentication provider.
+.SH "USE CASES"
+.B qmail-authuser
+can be used for
+.TP 5
+authentication only:
+.B qmail-authuser
+is called as a PAM typically by
+.B qmail-smtpd
+and verifies the user's credentials
+(userid/password)
+as given by the client.
+.I subprogram
+is typically
+.BR true .
+.TP 5
+mailbox interrogation:
+Called by
+.B qmail-popup
+or
+.BR bincimap-up ,
+upon successfull authentication
+.B qmail-authuser
+switches to the home directory of
+.I userid
+and hands over operations to
+.I program
+provided as
+.B qmail-pop3d
+or
+.BR bincimpad .
+
+Note:
+.I maildirname
+has to start with \'mail\' or \'mbox\'
+irrespective of case.
+.SH "INTERFACE DESCRIPTION"
+.B qmail-authuser
+can be called by
+.BR qmail-smtpd ,
+.BR qmail-popup ,
+or
+.B bincimap-up
+while following the
+.BR checkpassword 's
+interface specification and enabling
+LOGIN, PLAIN, and CRAM-MD5 authentication for SMTP
+as well as USER and APOP for POP3 and
+LOGIN and PLAIN for IMAP.
+
+The information supplied on descriptor 3
+is an \fIauthuser\fR name terminated by \e0,
+a \fIpassword\fR or \fIresponse\fR terminated by \e0,
+and a \fIchallenge\fR for CRAM-MD5 or APOP
+authentication terminated by \e0.
+There must be at most 512 bytes of data before end of file.
+
+In case
+.I authuser
+and
+.I password
+match,
+.B qmail-authuser
+calls
+.B pathexec
+to run
+.B subprogram
+with the given arguments and perhaps setting up the user environment.
+The use of
+.B program
+is required and can be expressed as
+.B /bin/true
+or
+.B /usr/bin/true
+for compliance reasons.
+
+.SH "FILES"
+.I SQMAIL/users/authuser
+contains pairs of
+.I authuser
+and
+.I password
+tokens separated by a colon (":").
+Both tokens may include white spaces (if supported by the OS) and may
+use special characters for certain actions. The provided
+.I password
+token should have a significant length (> 2 characters).
+
+Lines starting with the \'#\' sign are regarded as comment.
+Trailing empty spaces in lines are removed prior of evaluation.
+.SH "AUTHUSER"
+The
+.I authuser
+token is the public part of the identity and
+may include a composit information, typically the
+.I userid
+and the
+.I domain
+respectively, described as
+.IR userid@domain .
+.B qmail-authuser
+may treat both parts independently.
+Domain specific authentication may be considered using the
+.I @domain
+part within the
+.I authuser
+token. However, as an abbreviation,
+this may be provided simply as
+.IR @ ,
+telling
+.B qmail-authuser
+to consider all unspecified authusers solely and transparently
+as \'virtual users\'.
+On the other hand, the
+.I authuser
+token may be wildcarded as
+.IR * .
+Now,
+.B qmail-authuser
+is instructed to query the local Unix system as identity provider.
+
+More specific
+.I authuser
+tokens have precedence over less specific, irrespectively of their order.
+System mode has precedence over virtual user mode.
+Particular users and domains can be disabled from authentication
+prepending the name with a \'!\' overruling acceptance:
+.IR !authuser .
+
+Note: Virtual Domain Managers require to include the domain within
+.I authuser
+in order to identify the domain the user belongs to.
+.SH "NATIVE MODE"
+.B qmail-authuser
+recalculates the digest using the provided challenge
+and the passwords from
+.IR SQMAIL/users/authuser
+and compares it with response (2nd parameter).
+
+If no challenge is provided,
+.B qmail-authuser
+compares the supplied password with the stored
+.I password
+token in
+.IR SQMAIL/users/authuser .
+Thus,
+.B qmail-authuser
+can be used as PAM identity provider for
+PLAIN, LOGIN, CRAM-MD5 and APOP auth methods.
+.SH "SYSTEM MODE"
+.B qmail-authuser
+may also been used as a replacement for the
+.B checkpassword
+PAM, allowing to evaluate the
+.I /etc/passwd
+and
+.I shadow
+files for the auth methods USER, PLAIN & LOGIN
+while only considerung the user part in
+.IR authuser .
+In this case,
+.B qmail-authuser
+has to be \'sticky\' and running as
+.IR root .
+.SH "VIRTUAL USER MODE"
+.B qmail-authuser
+includes the call of both
+.IR vpopmail 's
+.B vchkpw
+and
+.IR vmailmgr 's
+.B checkvpw
+(which need to be in the path)
+and transfers the received authentication information transparently to those.
+.SH "DOVECOT MODE"
+.B qmail-authuser
+is also capabable to connect to a Unix socket created for authentication by
+.IR Dovecot .
+.SH "POP3 AND APOP"
+Calling
+.B qmail-authuser
+for POP3 authentication with the option
+.I qmail-pop3d
+together with the format of the mailbox given as
+.IR maildirname ,
+which is typically
+.I Maildir
+or
+.IR mbox .
+The required environment variables
+\fIUSER\fR, \fIHOME\fR, and \fISHELL\fR
+for the respective user are evaluated from
+.IR /etc/passwd .
+APOP authentication is possible for a given user, if
+.I authuser
+and the
+.I password
+is included in
+.IR SQMAIL/users/authuser .
+Upon successful authentication
+.B qmail-authuser
+changes to $\fIHOME\fR.
+.SH "QUERY AND STORAGE MODES"
+The first character
+.I X
+of the
+.I password
+token is used to indicate the password's query and storage method.
+The following cases may be considered:
+
+.EX
+ (1a) authuser:clearpwd
+ (1b) authuser:%pwdhash
+ (2a) authuser:?
+ (2b) *:?
+ (3a) authuser:+
+ (3b) @domain:+
+ (3c) @:+
+ (3d) authuser:&
+ (3e) @domain:&
+ (3f) @:&
+ (4a) authuser:=
+ (4b) @domain:=
+ (4c) @:=
+.EE
+
+(1) Local query/storage:
+Here, together with the
+.I authuser
+plaintext (1a) or hashed passwords (1b)
+may be provisioned in the
+.I SQMAIL/users/authuser
+control file.
+In case of
+.IR %pwdhash ,
+the password is stored as MD5, SHA1, or SHA256 hash prepended with the \'%\'.
+If the plaintext password is given as
+.I password
+this means that the following password is taken literally
+though allwowing a leading \'%\'.
+
+(2) Unix system query/storage:
+In case the
+.I password
+token consists of
+.IR '?' ,
+the received authentication information is used to emulate a
+standard Unix user login taking the
+.I userid
+information as system user account. Therefore, no particular
+.I password
+token is required here.
+The inclusion of any specific
+.I authuser
+information can be avoided in case
+.I '*'
+is used as shortcut within
+.I SQMAIL/users/authuser
+followed by
+.I '?'
+as
+.I password
+token. Now, the received
+.I userid
+and password is taken from the Unix system for authentication (crypt).
+
+(3) Virtual domain query/storage:
+Alternatively,
+.B qmail-authuser
+may call either
+.B checkvpw
+once a
+.I '+'
+or
+.B vchkpw
+in case
+.I '&'
+is given as
+.I password
+token.
+
+(4) Dovecot as Identity Provider:
+.B Dovecot
+can be used as authentication backend in case a
+.I '='
+is included as
+.I password
+token. Assuming
+.B doveadm
+is in the path, a particular
+.B auth-qmail
+listener (socket) is tested by
+.I doveadm
+with the arguments
+.I \'auth test -a\'
+provided the socket is available via
+.IR \'-s\ authsocket\' .
+
+
+The definition of the auth socket
+needs to be included in
+.BR Dovecot 's
+control file in the following way:
+
+.EX
+service auth {
+ unix_listener /var/run/dovecot/auth-qmail {
+ mode = 0600
+ user = qmaild
+ group = nofiles
+ }
+}
+.EE
+
+Reversely, this socket has to be
+specified as calling argument for
+.B qmail-authuser
+providing
+.I -s /var/run/dovecot/auth-sqmail
+together with an additional executable (true).
+The name of the auth socket can
+be freely chosen.
+
+A particular authentication method
+can be specified by means of
+.I -x service=authmethod
+in the call of
+.BR qmail-authuser .
+Check the
+.b doveadmn
+documentation for particular authentication methods,
+typically available as \fIsmtp\fR and \fIpop3\fR.
+
+Note: All authentication storage and query mechanism
+can be used concurrently, depending on the settings
+of the
+.I authuser
+and
+.I password
+token in
+.IR SQMAIL/users/authuser .
+.SH "SECURITY"
+.B qmail-authuser
+is invoked in the environment of
+.BR qmail-smtpd ,
+.BR qmail-popup ,
+or
+.B bincimap-up
+which is typically run as user
+.IR qmaild .
+The file
+.I SQMAIL/users/authuser
+shall be
+.I qmaild
+owned and belonging to the group
+.I sqmail
+and SHOULD NOT be readble by the \fIworld\fR.
+
+Since the given
+.I authuser
+token is visible in the email, it could be typically chosen as
+.I user@domain
+making it usable for virtual domain managers and allowing
+a common
+.I password
+for ESMTP/IMAP4/POP3 services.
+
+The included
+.I password
+token shall solely be used for ESMTP/IMAP4/POP3 authentication
+and should possess enough entropy.
+
+A sticky and root-owned
+.B qmail-authuser
+is a potential security risk.
+.SH "PASSWORD HASHES"
+Instead of plaintext passwords, additionally
+MD5, SHA1, or SHA256 hashes of the passwords may be used. However,
+in spite of rainbow tables this requires none-trivial passwords.
+.SH "AUTH METHODS"
+In case hashed passwords or the UNIX passwords are used,
+only the auth methods USER, PLAIN, and LOGIN are working.
+Those methods are only secure on encrypted
+connections or otherwise are an easy victim of an eavesdropper.
+Challenge/Response methods - like CRAM-MD5 and APOP -
+require having access to the plain-text passwords. For
+.B vchkpw
+C/R is possible querying the local \'vpopmail\' database.
+.SH "EXIT CODES"
+In case the provided
+.I authuser
+or
+.I userid
+does not exist, or the digest and the response,
+or the passwords
+differ,
+.B qmail-authuser
+exits 1.
+If
+.B qmail-authuser
+is misused, it may instead exit 2.
+In case
+.I SQMAIL/users/authuser
+is not readeable,
+.B qmail-authuser
+exits 110.
+If there is a temporary problem checking the password,
+.B qmail-authuser
+exits 111.
+.SH "ENVIRONMENT VARIABLES SET"
+Upon call,
+.B qmail-authuser
+clears the environment variable
+.I USER
+and sets to the
+.I userid
+irrespective whether authentication was successful or not.
+Since
+.I USER
+may be used by other authentication PAMs called in the chain,
+additionally
+.I AUTHUSER
+is set keeping the original
+.I userid
+information for logging purpose.
+.SH "CREDITS"
+The MD5 implementation originates from RSA though now supporting a
+64 bit OS as well. SHA1 has been created by Steve Reid, and
+SHA256 was done by Brad Conte, all released in the Public Domain.
+Drew Wells receives credits for putting me into the current direction.
+.SH "SEE ALSO"
+qmail-popup(8),
+qmail-smtpd(8),
+checkpassword(8),
+vchkpw(8),
+checkvpw(8),
+doveadm(1),
+doveadm-auth(1).
diff --git a/man/qmail-badloadertypes.9 b/man/qmail-badloadertypes.9
new file mode 100644
index 0000000..daf07cf
--- /dev/null
+++ b/man/qmail-badloadertypes.9
@@ -0,0 +1,48 @@
+.TH s/qmail: qmail-badloadertypes 8
+
+.SH "NAME"
+qmail-badloadertypes \- prepare badloadertypes for qmail-smtpd
+.SH SYNOPSIS
+.B qmail-badloadertypes
+
+.SH "DESCRIPTION"
+.B qmail-badloadertypes
+reads the instructions in
+.B SQMAIL/control/badloadertypes
+and writes them into
+.B SQMAIL/control/badloadertypes.cdb
+in a binary format suited
+for quick access by
+.BR qmail-smtpd .
+
+If there is a problem with
+.BR control/badloadertypes ,
+.B qmail-badloadertypes
+complains and leaves
+.B control/badloadertypes.cdb
+alone.
+
+.B qmail-badloadertypes
+ensures that
+.B SQMAIL/control/badloadertypes.cdb
+is updated atomically,
+so
+.B qmail-smtpd
+never has to wait for
+.B qmail-badloadertypes
+to finish.
+However,
+.B qmail-badloadertypes
+makes no attempt to protect against two simultaneous updates of
+.BR control/badloadertypes.cdb .
+For convenience,
+.B qmail-badloadertypes
+allows comments (lines starting with '#') and
+copies only the significant leading characters to
+.BR control/badloadertypes.cdb .
+
+The binary
+.B control/badloadertypes.cdb
+format is portable across machines.
+.SH "SEE ALSO"
+qmail-smtpd(8)
diff --git a/man/qmail-badmimetypes.9 b/man/qmail-badmimetypes.9
new file mode 100644
index 0000000..b9dab16
--- /dev/null
+++ b/man/qmail-badmimetypes.9
@@ -0,0 +1,46 @@
+.TH s/qmail: qmail-badmimetype 8
+.SH NAME
+qmail-badmimetypes \- prepare badmimetypes for qmail-smtpd
+.SH SYNOPSIS
+.B qmail-badmimetype
+.SH DESCRIPTION
+.B qmail-badmimetypes
+reads the instructions in
+.B SQMAIL/control/badmimetypes
+and writes them into
+.B SQMAIL/control/badmimetypes.cdb
+in a binary format suited
+for quick access by
+.BR qmail-smtpd .
+
+If there is a problem with
+.BR control/badmimetypes ,
+.B qmail-badmimetypes
+complains and leaves
+.B control/badmimetypes.cdb
+alone.
+
+.B qmail-badmimetypes
+ensures that
+.B control/badmimetypes.cdb
+is updated atomically,
+so
+.B qmail-smtpd
+never has to wait for
+.B qmail-badmimetypes
+to finish.
+However,
+.B qmail-badmimetypes
+makes no attempt to protect against two simultaneous updates of
+.BR control/badmimetypes.cdb .
+For convenience,
+.B qmail-badmimetypes
+allows comments (lines starting with '#') and
+copies only the significant leading characters to
+.BR control/badmimetypes.cdb .
+
+The binary
+.B control/badmimetypes.cdb
+format is portable across machines.
+.SH "SEE ALSO"
+qmail-smtpd(8)
diff --git a/man/qmail-clean.8 b/man/qmail-clean.8
new file mode 100644
index 0000000..b4cbc1d
--- /dev/null
+++ b/man/qmail-clean.8
@@ -0,0 +1,13 @@
+.TH s/qmail: qmail-clean 8
+.SH NAME
+qmail-clean \- clean up the queue directory
+.SH SYNOPSIS
+.B qmail-clean
+.SH DESCRIPTION
+.B qmail-clean
+reads a cleanup command from descriptor 0,
+performs the cleanup,
+prints the results to descriptor 1,
+and repeats.
+.SH "SEE ALSO"
+qmail-send(8)
diff --git a/man/qmail-command.8 b/man/qmail-command.8
new file mode 100644
index 0000000..33f28d7
--- /dev/null
+++ b/man/qmail-command.8
@@ -0,0 +1,149 @@
+.TH s/qmail: qmail-command 8
+.SH NAME
+qmail-command \- user-specified mail delivery program
+.SH SYNOPSIS
+in
+.BR .qmail\fIext :
+.B |\fIcommand
+.SH DESCRIPTION
+.B qmail-local
+will, upon your request,
+feed each incoming mail message through a program of your choice.
+
+When a mail message arrives,
+.B qmail-local
+runs
+.B sh -c \fIcommand
+in your home directory.
+It makes the message available on
+.IR command 's
+standard input.
+
+.B WARNING:
+The mail message does not begin with
+.BR qmail-local 's
+usual
+.B Return-Path
+and
+.B Delivered-To
+lines.
+
+Note that
+.B qmail-local
+uses the same file descriptor for every delivery
+in your
+.B .qmail
+file, so it is not safe for
+.I command
+to fork a child that
+reads the message in the background while the parent exits.
+.SH "EXIT CODES"
+.IR command 's
+exit codes are interpreted as follows:
+0 means that the delivery was successful;
+99 means that the delivery was successful,
+but that
+.B qmail-local
+should ignore all further delivery instructions;
+100 means that the delivery failed permanently (hard error);
+111 means that the delivery failed but should be tried again
+in a little while (soft error).
+
+Currently 64, 65, 70, 76, 77, 78, and 112 are considered hard errors,
+and all other codes are considered soft errors,
+but
+.I command
+should avoid relying on this.
+.SH "ENVIRONMENT VARIABLES"
+.B qmail-local
+supplies several useful environment variables to
+.IR command .
+.B WARNING:
+These environment variables are not quoted.
+They may contain special characters.
+They are under the control of a possibly malicious remote user.
+
+.B SENDER
+is the envelope sender address.
+.B NEWSENDER
+is the forwarding envelope sender address,
+as setup in
+.BR dot-qmail(5) .
+.B RECIPIENT
+is the envelope recipient address,
+.IR local@domain .
+.B USER
+is
+.IR user .
+.B HOME
+is your home directory,
+.IR homedir .
+.B HOST
+is the
+.I domain
+part of the recipient address.
+.B LOCAL
+is the
+.I local
+part.
+.B EXT
+is the
+address extension,
+.IR ext .
+
+.B HOST2
+is the portion of
+.B HOST
+preceding the last dot;
+.B HOST3
+is the portion of
+.B HOST
+preceding the second-to-last dot;
+.B HOST4
+is the portion of
+.B HOST
+preceding the third-to-last dot.
+
+.B EXT2
+is the portion of
+.B EXT
+following the first dash;
+.B EXT3
+is the portion
+following the second dash;
+.B EXT4
+is the portion
+following the third dash.
+.B DEFAULT
+is the portion
+corresponding to the
+.B default
+part of the
+.BR .qmail\- ...
+file name;
+.B DEFAULT
+is not set if
+the file name does not end with
+.BR default .
+
+.B DTLINE
+and
+.B RPLINE
+are the usual
+.B Delivered-To
+and
+.B Return-Path
+lines,
+including newlines.
+.B UFLINE
+is the UUCP-style
+.B From_
+line that
+.B qmail-local
+adds to
+.IR mbox -format
+files.
+.SH "SEE ALSO"
+dot-qmail(5),
+envelopes(5),
+qmail-local(8)
diff --git a/man/qmail-control.9 b/man/qmail-control.9
new file mode 100644
index 0000000..5aa1de6
--- /dev/null
+++ b/man/qmail-control.9
@@ -0,0 +1,110 @@
+.TH s/qmail: qmail-control 5
+.SH "NAME"
+qmail-control \- qmail configuration files
+.SH "INTRODUCTION"
+You can change the behavior of the
+.B qmail
+system by modifying
+.BR s/qmail 's
+.I control files
+in
+.BR SQMAIL/control .
+
+.B s/qmail
+can survive with just one control file,
+.IR me ,
+containing the
+fully-qualified name of the current host.
+This file is used as the default for
+other hostname-related control files.
+
+Comments (\'# comment\') are allowed
+in
+.IR badmailfrom ,
+.IR badmimetypes ,
+.IR badloadertypes ,
+.IR dkimdomains ,
+.IR locals ,
+.IR percenthack ,
+.IR qmqpservers ,
+.IR rcpthosts ,
+.IR smtproutes ,
+.IR srsdomains ,
+.IR tlsdestinations ,
+and
+.IR virtualdomains .
+Trailing spaces and tabs are allowed in any control.
+
+The following table lists all control files
+other than
+.IR me .
+See the corresponding man pages for further details.
+
+.RS
+.nf
+.ta 5c 10c
+control default used by
+
+.I authsenders \fR(none) \fRqmail-remote
+.I badhelo \fR(none) \fRqmail-smtpd
+.I badmailfrom \fR(none) \fRqmail-smtpd
+.I badmimetypes \fR$BADMIMETYPE \fRqmail-smtpd
+.I badloadertypes \fR$BADLOADERTYPE \fRqmail-smtpd
+.I badrcptto \fR(none) \fRqmail-smtpd
+.I bouncefrom \fRMAILER-DAEMON \fRqmail-send
+.I bouncehost \fIme \fRqmail-send
+.I bouncemaxbytes \fI0 \fRqmail-send
+.I concurrencylocal \fR10 \fRqmail-send
+.I concurrencyremote \fR20 \fRqmail-send
+.I dkimdomains \fR(none) \fRqmail-dksign
+.I domaincerts \fR(none) \fRqmail-remote
+.I domainips \fR(none) \fRqmail-remote, \frqmail-smtpam
+.I defaultdomain \fIme \fRqmail-inject
+.I defaulthost \fIme \fRqmail-inject
+.I databytes \fR$DATABYTES \fRqmail-smtpd
+.I doublebouncehost \fIme \fRqmail-send
+.I doublebounceto \fRpostmaster \fRqmail-send
+.I envnoathost \fIme \fRqmail-send
+.I helohost \fIme \fRqmail-remote
+.I idhost \fIme \fRqmail-inject
+.I localiphost \fIme \fRqmail-smtpd
+.I locals \fIme \fRqmail-send
+.I morercpthosts \fR(none) \fRqmail-smtpd
+.I mailfromrules \fR(none) \fRqmail-smtpd
+.I percenthack \fR(none) \fRqmail-send
+.I plusdomain \fIme \fRqmail-inject
+.I qmqpservers \fR(none) \fRqmail-qmqpc
+.I qmtproutes \fR(none) \fRqmail-remote
+.I queuelifetime \fR604800 \fRqmail-send
+.I rcpthosts \fR(none) \fRqmail-smtpd
+.I recipients \fR(none) \fRqmail-smtpd
+.I spfexplain \fRSPF_DEFEXP \fRqmail-smtpd
+.I spflocalrules \fR(none) \fRqmail-smtpd
+.I srsdomains \fR(none) \fRsrsforward, \fRsrsreverse
+.I smtpgreeting \fIme \fRqmail-smtpd
+.I smtproutes \fR(none) \fRqmail-remote
+.I timeoutconnect \fR60 \fRqmail-remote, \fRqmail-smtpam
+.I timeoutremote \fR1200 \fRqmail-remote, \fRqmail-smtpam
+.I timeoutsmtpd \fR1200 \fRqmail-smtpd
+.I tlsdestinations \fR(none) \fRqmail-remote, \fRqmail-smtpam
+.I virtualdomains \fR(none) \fRqmail-send
+.fi
+
+.RE
+.IR Defaultvalues
+following a $ sign (ie. $RELAYCLIENT) depend on the
+corresponding environment variable.
+
+.IR Use
+.BR qmail-showctl
+to display actual settings.
+
+.SH "SEE ALSO"
+srsforward(1),
+qmail-dksgin(8),
+qmail-inject(8),
+qmail-qmqpc(8),
+qmail-remote(8),
+qmail-send(8),
+qmail-showctl(8),
+qmail-smtpd(8).
diff --git a/man/qmail-dkim.8 b/man/qmail-dkim.8
new file mode 100644
index 0000000..53463e9
--- /dev/null
+++ b/man/qmail-dkim.8
@@ -0,0 +1,217 @@
+.TH s/qmail: qmail-dkim 8
+.SH "NAME"
+qmail-dkim \- libdkim implementation for s/qmail
+.SH "SYNOPSIS"
+.B qmail-dkim
+[
+.I -h
+.I -v
+.I -V
+.I -s[ecckey]
+.I -b[1|2|3]
+.I -c[s|t|u]
+.I -d domain
+.I -i identity
+.I -l
+.I -q
+.I -t
+.I -x expire_time
+.I -y selector
+.I -Y selector2
+.I -z[1|2|3|4|5]
+]
+.I in_message
+.I RSA_private_key
+.I out_message
+.I Ed25519_private_key
+.SH "DESCRIPTION"
+.B qmail-dkim
+is the implementation of
+.B libdkim
+for s/qmail providing API compatibility
+and supporting RSA and Ed25519 DKIM signatures
+in single or hybrid mode.
+In hybrid mode, two
+.I private keys
+and two
+.I selectors
+need to be provided.
+.B qmail-dkim
+supports distinct operations:
+.TP 5
+.B qmail-dkim \fI-s in_message RSA_private_key out_message\fR
+DKIM signes
+.I in_message
+with the given
+.I private_key
+and returns
+.IR out_message .
+.TP 5
+.B qmail-dkim \fI-s in_message RSA_private_key out_message Ed255_private_key\fR
+signs
+.I in_message
+with both a RSA
+.I RSA_private_key
+and a
+.IR Ed25519_private_key.
+Here, the RSA default selector is \fIdefault\fR and the
+Ed25519 default selector is \fIeddy\fR; both subject of change.
+.TP 5
+.B qmail-dkim \fI-v in_message\fR
+verifies the
+.IR in_message .
+.SH "DKIM FORMATS"
+DKIM needs a common understanding of the attributes
+subject for signing and verification.
+The following attributes can be set:
+.TP 5
+-c
+is the 'canonicalization', thus how a validiation client
+should deal with signature verification of the
+message headers and/or body. Here, the choices are given
+via an appended character:
+.I r
+relax on header,
+.I s
+simple (strict) on message body,
+.I t
+relax/simple, or eventually
+.I u
+simple relaxed.
+Finally, the hash function to be used in the signature
+can be given as
+.TP 5
+-z
+following either with
+.I 1
+using sha1, or
+.I 2
+using sha256, or finally as default
+.I 3
+providing both signature values in the mail header.
+.I 4
+telling
+.B qmail-dkim
+to use the Ed25519 signature scheme.
+.I 5
+allows
+.B qmail-dkim
+to attach both a
+.I RSA-SHA256
+as well as a
+.I Ed25519
+signature to the message, which considered to be a
+.I hybrid
+mode.
+
+.SH "DKIM SIGNING"
+.B qmail-dkim
+will include (several) message headers detailing the
+.B DKIM signature
+with at least the following fields:
+.TP 3
+a
+=<signature type>
+.TP 3
+c
+=<used canoncicalization>
+.TP 3
+s
+=<selector>
+.TP 3
+d
+=<identity>
+.TP 3
+i
+=<identifier>
+.TP 3
+h
+=<included header1:header2:...>
+.TP 3
+bh
+=<hash of the canonicalized body until its upper limit length; if given>
+.TP 3
+b
+=<base64 encoded signature>
+.P
+Additional settings can be achieved using the following options:
+.TP 5
+.I -d domain
+is the signer's domain name and together with the prepended
+.TP 5
+.I -y selector
+it is used for the DNS TXT lookup of the public key; supporting
+mainly key roll-over. The first selector is used for RSA signatures.
+.TP 5
+.I -Y selector2
+Same as \fI-y\fR but now for Ed25519 signatures.
+.TP 5
+.I -I identifier
+giving an additional hint about the agent or identifier
+responsible for the signing like 'postmaster@domain'; defaults to
+.IR domain .
+.TP 5
+.I -t expire_time
+given in seconds, tells how log the signature is valid.
+It defaults to
+.I 604800
+secconds (seven days).
+.P
+Further, some more option fields can be displayed in the header:
+.TP 5
+.I -l
+include a body length tag.
+.TP 5
+.I -q
+include the query method tag.
+
+.SH "DKIM VERIFICATION"
+.B qmail-dkim
+as invoked by
+.B qmail-dkverify
+extracting the received DKIM header fields,
+and following the signature verification procedure
+as given here, while fetching the signer's
+.I public key
+using a DNS TXT lookup.
+Now, the respective header lines, and/or
+the message body will be hashed and compared
+against the values taken from the signatures.
+
+The results will be indicated by either return code
+.I 0
+in case of success,
+.I 1
+in case of mismatch, or
+.I -1
+if other failures were encountered.
+
+Given the call argument
+.TP 3
+-v
+.B qmail-dkim
+will provide the DKIM results
+.I pass
+or
+.I fail
+including verbose reasons on the commmand line.
+This is the legacy mode.
+
+.RE
+Rather, invoking
+.B qmail-dkim
+with argument
+.TP 3
+-V
+it communicates the results over a file interface
+to be picked up by
+.IR qmail-dkverify .
+
+.SH "SEE ALSO"
+qmail-queue(8),
+qmail-remote(8),
+qmail-dksign(8),
+qmail-dkverify(8),
+qmail-send(8),
+qmail-log(8).
+
diff --git a/man/qmail-dksign.9 b/man/qmail-dksign.9
new file mode 100644
index 0000000..08d310e
--- /dev/null
+++ b/man/qmail-dksign.9
@@ -0,0 +1,336 @@
+.TH s/qmail: qmail-dksign 8
+.SH "NAME"
+qmail-dksign \- DKIM sign outgoing messages
+.SH "SYNOPSIS"
+.B qmail-dksign
+.I host
+.I sender
+.I recip
+[
+.I recip ...
+]
+.SH "DESCRIPTION"
+.B qmail-dksign
+is a stub routine to be invoked by
+.B qmail-spawn
+in place of
+.B qmail-remote
+and is required to customize the signing policy
+for outgoing emails according to RFC 6893/8463 by means of
+.B qmail-dkim
+and finally to invoke
+.B qmail-remote
+for subsequent message delivery.
+
+.B qmail-dksign
+is also an extension to
+.B qmail-queue
+(with comparable permissions) using
+.I queue/dkim/<n>/<m>
+to provide a temporary but persistent staging
+area for outgoing messages to be DKIM signed.
+.SH "CONTROL FILE"
+.B qmail-dksign
+will be only called by
+.B qmail-rspawn
+if
+.I SQMAIL/control/dkimdomains
+is present.
+
+.IR dkimdomains :
+\'domain:selector[,selector2]|sdid|[auid|~]|expire|c:z:l\'
+allows multitenant and hybrid DKIM signing settings per sending
+.IR domain .
+
+.I domain
+is the sender's envelope domain in order to fetch the
+individually tailored DKIM signing paramaters for these.
+
+The following DKIM parameters can be specified:
+.TP 5
+.I selector
+is used as prepending name label for
+.IR domain :
+.IR selector._domainkey.domain .
+If not explicitely given, it defaults to
+.I default
+and is mostly used to support the key roll-over.
+.TP 5
+.I selector,selector2
+defines a hybrid selector and allows to provide
+two different selectors together
+with their private keys for concurrently signing of messages
+according to both the RSA-SHA256 and the Ed25519 algorithm.
+.TP 5
+.I sdid
+Here, you can overwrite the 'Signing Domain Identifier' (SDID),
+thus decouple the information given in the DKIM header from
+the envelope domain sender. This allows to setup common DNS
+public keys for several domains irrespectively of the sending
+.IR domain .
+.TP 5
+.I auid
+is the 'Agent/User Identifier' of the signer,
+in case it is not the sending
+.IR domain .
+In most cases it can be neglected and is obsolete.
+Rather, you can specifiy that the
+.I auid
+is always included as
+.I originator
+of the mail while providing the tilde symbol
+.I ~
+here as generic substitude.
+.TP 5
+.I expire
+determins the validity period of the signature in DKIM signed
+message. Due to the assumed key-rollover, it is limited
+and defaults to
+.I 604800
+secs since the email was signed.
+.TP 5
+.I c
+is the 'canonicalization'; thus how a validation client
+should deal with signature verification of the received
+message header and/or body. Here, the choices are
+.I r
+relax (allow mangling of whitespaces and cases; default)
+.I s
+simple (=strict)
+.I t
+relax on header, simple on body,
+.I u
+simple on header, relax on body.
+.TP 5
+.I z
+The signature algorithm can be specified as
+.I 1
+RSA with sha1,
+.I 2
+RSA with sha256 (as default), or
+.I 3
+providing both signature values in the mail header;
+.I 4
+Ed25519 ECC signatures.
+.I 5
+tells
+.B qmail-dksign
+to include both
+.I RSA-SHA256
+and
+.I Ed25519
+signatures in the mail header.
+Here, you need two different
+.I selectors
+and
+.IR private\ keys.
+Finally, setting
+.TP 5
+.I l
+(literal) advices
+.I qmail-dkim
+to include the body hash length (after canonicalization)
+to the DKIM header. This might be useful to cope with programs
+like mailing list servers adding a 'footer' to the mail
+after the signing operation has been completed.
+
+.RE
+RSA and Ed25519 signatures can now be used simultaneously
+while providing different keys available as distinct selectors.
+Those settings are handed-over to
+.B qmail-dkim
+to provide the signing of emails.
+.B qmail-dksign
+calls
+.B qmail-dkim
+to automatically include the query method
+.I q=dns/txt
+in the DKIM header.
+.SH "SELECTING DOMAINS FOR SIGNING"
+.B qmail-dksign
+can be instructed to sign all outgoing mails with the
+MTA's private key. This is achieved by simply using
+.I *:
+in
+.IR control/dkimdomains .
+Rather, the signing operation can be restricted for domains
+.B s/qmail
+has responsibility for, as given in
+.IR rcpthosts .
+This is commanded via
+.IR =: .
+Alternatively, in multitenant mode
+.B qmail-dksign
+may use domain specific DKIM settings and private keys
+for the sending domains and permitting parenting.
+Particular domains for which outgoing emails shall
+not be DKIM signed can be given as:
+.IR !nodkim.org .
+
+.EE
+ *:
+ =:default,eddy||~||:5
+ .heaven.com:||me@devil.com|500000|r:3
+ cloud1.com:january|postmaster@cloud.com|||t::l
+ cloud7.com:february|postmaster@cloud.com|||u:1
+ mybuddy.org:eddy||||:4
+ !nodkim.org:
+.EX
+
+Note: The owner of the crypto material (public and private keys) is
+.IR qmailq .
+.SH "CRYPTO MATERIAL"
+.B qmail-dksign
+follows the conventions from
+.B qmail-remote
+to use the directory
+.I SQMAIL/ssl/domainkeys
+to store public and private keys.
+
+Each
+.I domain
+may have its own key material resulting in a structure
+.IR SQMAIL/ssl/domainkeys/<domain>/ ,
+where the following keyfiles are expected:
+.TP 5
+.IR <selector>\ (default:\ 'default')
+is a mandatory symbolic link to
+.I [rsa|ed25519].private_<selector>
+used for signing.
+.TP 5
+.I rsa.public_<selector>
+is the DER-header enriched and base64 encoded RSA public key.
+.TP 5
+.I ed25519.public_<selector>
+is the 'naked' base64 encoded Ed25519 public key.
+
+.RE
+Here,
+.I <selector>
+is the name of the current
+.IR selector .
+After having generated keys and providing a new
+.IR selector ,
+this name has to be included as
+.I selector
+for the given domain in
+.I SQMAIL/control/dkimdomains
+in order to become active for signing.
+
+In case of
+.I hybrid\ signatures
+different selectors need to be given for the
+RSA and the Ed25519 keys each.
+They have to be provided concatinated by a colon in
+.IR dkimdomains .
+White spaces are not allowed. If the RSA selector is
+.IR default ,
+it can be omitted while followed by the colon and the
+Ed25519 selector name.
+
+.SH "SHARING KEYS FOR DIFFERENT DOMAINS"
+Different
+.I domains
+may however share common keys for signing and verification.
+In order to allow a common private key for signing, simply
+create symlinks for the others domains under
+.I SQMAIL/ssl/domainkeys/
+to the master one.
+.B qmail-dksign
+will now pick up those and use the provided key for signing.
+
+However, in general this reqires to deploy DKIM records
+for those domains sharing the same public key but require
+different domain names as distinguished DNS TXT records.
+
+Rather, you may want to publish just one
+DKIM DNS TXT record which is commonly shared for all
+concerning domains. Since the
+.I sending\ domain
+is used as default for the
+.IR SDID ,
+you need now to provide the same
+.I SDID
+explicitely for each domain of concern in
+.IR control/dkimdomains .
+
+The '<selector>' - and not the SDID -
+together with the literal
+.I ._domainkey.
+and the domain name defines the binding of the
+private key with the DKIM TXT record:
+.IR <selector>._domainkey.<domain> .
+
+.SH "GNERATING CRYPTO MATERIAL"
+Public/private keys can be generated by
+.I OpenSSL
+or
+.I LibreSSL
+or compatible TLS implementations and
+shall be provided in canonical format.
+The directory
+.I SQMAIL/ssl/domainkeys/
+and the resulting key needs to be readable by
+.IR qmailq ,
+the user
+.B qmail-dksign
+and
+.B qmail-dkim
+runs under. The private key shall
+.B NEVER
+exposed to the public.
+
+The script
+.B mkdkimkey
+is enabled to generate
+.I RSA
+or
+.I Ed25519
+private and public keys in the required format
+together with a
+.I BIND
+compliant DKIM DNS TXT record.
+.SH "RESPONSES"
+.B qmail-dksign
+may provide the following responses indicating an error:
+.TP 5
+Z
+Unable to switch to target directory.
+.TP 5
+Z
+Unable to create DKIM stage file: <file>
+.TP 5
+Z
+Unable to unlink DKIM stage file.
+.TP 5
+Z
+Unable to read control files.
+.TP 5
+Z
+Unable to read message.
+.TP 5
+D
+SMTP cannot transfer messages with partial final lines.
+.TP 5
+K
+can't read private file: <file> continue without signing.
+.TP 5
+Z
+unable to run qmail-remote. (=> configuration/permission error)
+.SH "SYSTEM IMPACT"
+.B qmail-dksign
+makes heavy use of system file descriptors.
+Given a high
+.I concurrencyremote
+you may run out of file descriptors which thus need to be enhanced
+either system-wide or for the specific users
+.I qmailr
+and
+.IR qmails .
+.SH "SEE ALSO"
+qmail-queue(8),
+qmail-remote(8),
+qmail-dkim(8),
+qmail-dkverify(8),
+qmail-log(8).
+
diff --git a/man/qmail-dkverify.8 b/man/qmail-dkverify.8
new file mode 100644
index 0000000..eb56952
--- /dev/null
+++ b/man/qmail-dkverify.8
@@ -0,0 +1,137 @@
+.TH s/qmail: qmail-dkverify 8
+.SH "NAME"
+qmail-dkverify \- verification of DKIM signatures in messages upon receipt
+.SH "SYNOPSIS"
+.B qmail-dkverify
+.SH "DESCRIPTION"
+.B qmail-dkverify
+is invoked faciliting the
+.I QMAILQUEUE(_EXTRA)
+mechanism.
+
+.SH "CALLING CHAIN"
+Verifying DKIM signatures upon receipt involves the
+following calling chain:
+
+1.
+.B qmail-smtpd
+called from
+.B sslserver
+/
+.BR tcpserver.
+
+2.
+.B qmail-dkverify
+called by the
+.I QMAILQUEUE(_EXTRA)
+mechanism as (first) replacement for
+.B qmail-queue
+as a stub.
+The incoming message is enhanced by the required CR
+characters line-by-line and stored in
+.IR queue/dkim/[split]/xyz .
+
+3.
+.B qmail-dkim
+is called by
+.B qmail-dkverify
+as a child performing the actual verification on
+.I queue/dkim/[split]/xyz
+while using a DNS TXT lookup for the sender's public key
+given in the DKIM message header and
+calling the fehQlibs DNS routines.
+The verification results are persisted at
+.IR queue/dkim/[split]/zyx .
+
+4.
+.B qmail-dkverify
+(as parent) reading the evaluated DKIM information from
+.B qmail-dkim
+and assembling a DKIM header line with the results
+prepended to the message.
+
+5.
+.B qmail-queue
+is finally called to queue the message for delivery.
+
+.SH "INVOCATION AND USAGE"
+In order to invoke
+.B qmail-dkverify
+the environment variable
+.I QMAILQUEUE="bin/qmail-dkverify"
+has to be populated in the context of
+.BR qmail-smtpd .
+
+Since
+.B qmail-smtpd
+is typically called by means of
+.B sslserver
+or
+.BR tcpserver ,
+the
+.I tcpd.smtp.cdb
+database as compiled by
+.B tcprules
+can be enhanced to include a line like
+.I :alllow:QMAILQUEUE="bin/qmail-dkverify"
+making use of the QMAILQUEUE_EXTRA mechanism.
+
+Alternatively, this environment variable could be
+defined as part of
+.BR qmail-smtpd 's
+start script which would now enable to
+provide DKIM signature checking for all
+SMTP sessions irrespectively of their origin.
+
+Usually,
+.B qmail-dkverify
+works in annotation mode only.
+
+However, setting additionally the environment variable
+.I DKIM="+"
+would command
+.B qmail-dkverify
+to reject mails failing the
+DKIM signature verification.
+In case of a rejection, the
+.B qmail-smtpd
+log shows the following message:
+.IR Reject::DKIM::Signature .
+
+Note:
+.B qmail-dkverify
+shall not be used for authenticated
+SMTP sessions, typically provided on the
+.I Submission
+port.
+
+.SH "LOGGING"
+No particular logging is currently forseen.
+Rather, each individual RFC 822 message is enhanced by
+the following header line in case a DKIM signature
+is recognized:
+
+.I X-Authentication-Results: sender dkim=[pass|fail (verbose error message)] MTA
+including the
+.I sender
+and the evaluating
+.I MTA
+as given in
+.IR control/me .
+In case of a \fIfail\fR, the verbose reason
+follows in parenthesis.
+
+.SH "SYSTEM IMPACT"
+.B qmail-dkverify
+does several reads and writes on the
+received messages. Apart from the cryptographic
+operations, this will slow down message exchange
+and increase the load on the system.
+
+.SH "SEE ALSO"
+qmail-queue(8),
+qmail-remote(8),
+qmail-dkim(8),
+qmail-dksign(8),
+qmail-log(8).
+
diff --git a/man/qmail-getpw.9 b/man/qmail-getpw.9
new file mode 100644
index 0000000..c246b0e
--- /dev/null
+++ b/man/qmail-getpw.9
@@ -0,0 +1,114 @@
+.TH s/qmail: qmail-getpw 8
+.SH NAME
+qmail-getpw \- give addresses to users
+.SH SYNOPSIS
+.B qmail-getpw
+.I local
+.SH DESCRIPTION
+In
+.BR s/qmail ,
+each user controls a vast array of local addresses.
+.B qmail-getpw
+finds the user that controls a particular address,
+.IR local .
+It prints six pieces of information,
+each terminated by NUL:
+.IR user ;
+.IR uid ;
+.IR gid ;
+.IR homedir ;
+.IR dash ;
+and
+.IR ext .
+The user's account name is
+.IR user ;
+the user's uid and gid in decimal are
+.I uid
+and
+.IR gid ;
+the user's home directory is
+.IR homedir ;
+and messages to
+.I local
+will be handled by
+.IR homedir\fB/.qmail\fIdashext .
+
+In case of trouble,
+.B qmail-getpw
+exits nonzero without printing anything.
+
+.B WARNING:
+The operating system's
+.B getpwnam
+function, which is at the heart of
+.BR qmail-getpw ,
+is inherently unreliable:
+it fails to distinguish between temporary errors and nonexistent users.
+Future versions of
+.B getpwnam
+should return ETXTBSY to indicate temporary errors
+and ESRCH to indicate nonexistent users.
+.SH "RULES"
+.B qmail-getpw
+considers an account in
+.B /etc/passwd
+to be a user if
+(1) the account has a nonzero uid,
+(2) the account's home directory exists (and is visible to
+.BR qmail-getpw ),
+and
+(3) the account owns its home directory.
+.B qmail-getpw
+ignores account names containing uppercase letters.
+.B qmail-getpw
+also assumes that all account names are shorter than 32 characters.
+
+.B qmail-getpw
+gives each user
+control over the basic
+.I user
+address and
+all addresses of the form
+.IR user\fBBREAK\fIanything .
+When
+.I local
+is
+.IR user ,
+.I dash
+and
+.I ext
+are both empty.
+When
+.I local
+is
+.IR user\fBBREAK\fIanything ,
+.I dash
+is a hyphen and
+.I ext
+is
+.IR anything .
+.I user
+may appear in any combination of uppercase and lowercase letters
+at the front of
+.IR local .
+
+A catch-all user,
+.BR alias ,
+controls all other addresses.
+In this case
+.I ext
+is
+.I local
+and
+.I dash
+is a hyphen.
+
+You can override all of
+.BR qmail-getpw 's
+decisions with the
+.B qmail-users
+mechanism, which is reliable, highly configurable, and much faster than
+.BR qmail-getpw .
+.SH "SEE ALSO"
+qmail-users(5),
+qmail-lspawn(8)
diff --git a/man/qmail-header.5 b/man/qmail-header.5
new file mode 100644
index 0000000..7142364
--- /dev/null
+++ b/man/qmail-header.5
@@ -0,0 +1,332 @@
+.TH s/qmail: qmail-header 5
+.SH NAME
+qmail-header \- format of a mail message
+.SH OVERVIEW
+At the top of every mail message is a
+highly structured
+.BR header .
+Many programs expect the header to carry certain information,
+as described below.
+The main function of
+.B qmail-inject
+is to make sure that each outgoing message has an appropriate header.
+
+For more detailed information, see
+.BR http://pobox.com/~djb/proto/immhf.html .
+.SH "MESSAGE STRUCTURE"
+A message contains a series of
+.I header fields\fR,
+a blank line,
+and a
+.IR body :
+
+.EX
+ Received: (qmail-queue invoked by uid 666);
+.br
+ 30 Jul 1996 11:54:54 -0000
+.br
+ From: djb@silverton.berkeley.edu (D. J. Bernstein)
+.br
+ To: fred@silverton.berkeley.edu
+.br
+ Date: 30 Jul 1996 11:54:54 -0000
+.br
+ Subject: Go, Bears!
+.br
+
+.br
+ I've got money on this one. How about you?
+.br
+
+.br
+ ---Dan (this is the third line of the body)
+.EE
+
+Each header field has a
+.IR name ,
+a colon,
+some
+.IR contents ,
+and a newline:
+
+.EX
+ Subject: Go, Bears!
+.EE
+
+The field contents may be folded across several lines.
+Each line past the first must begin with a space or tab:
+
+.EX
+ Received: (qmail-queue invoked by uid 666);
+.br
+ 30 Jul 1996 11:54:54 -0000
+.EE
+
+The field name must not contain spaces, tabs, or colons.
+Also, an empty field name is illegal.
+.B qmail-inject
+does not allow field names with unprintable characters.
+
+Case is irrelevant in field names:
+.B subject
+and
+.B SUBJECT
+and
+.B SuBjEcT
+have the same meaning.
+.SH "ADDRESS LISTS"
+Certain fields, such as
+.BR To ,
+contain
+.I address lists\fR.
+
+An address list contains some number of
+.I addresses
+or
+.I address groups\fR,
+separated by commas:
+
+.EX
+ a@b, c@d (Somebody), A Person <e@f>,
+.br
+ random group: g@h, i@j;, k@l
+.EE
+
+An
+.I address group
+has some text, a colon, a list of addresses,
+and a semicolon:
+
+.EX
+ random group: g@h, i@j;
+.EE
+
+An address can appear in several forms.
+The most common form is
+.IR box@host .
+
+Every address must include a host name.
+If
+.B qmail-inject
+sees a lone box name
+it adds the
+.I default host name\fR.
+
+All host names should be fully qualified.
+.B qmail-inject
+appends the
+.I default domain name
+to any name without dots:
+
+.EX
+ djb@silverton -> djb@silverton.berkeley.edu
+.EE
+
+It appends the
+.I plus domain name
+to any name
+that ends with a plus sign:
+
+.EX
+ eric@mammoth.cs+ -> eric@mammoth.cs.berkeley.edu
+.EE
+
+A host name may be a dotted-decimal address:
+
+.EX
+ djb@[128.32.183.163]
+.EE
+
+RFC 822 allows mailbox names inside angle brackets
+to include
+.I source routes\fR,
+but
+.B qmail-inject
+strips all source routes out of addresses.
+.SH "SENDER ADDRESSES"
+.B qmail-inject
+looks for sender address lists in the following fields:
+.BR Sender ,
+.BR From ,
+.BR Reply-To ,
+.BR Return-Path ,
+.BR Return-Receipt-To ,
+.BR Errors-To ,
+.BR Resent-Sender ,
+.BR Resent-From ,
+.BR Resent-Reply-To .
+
+If there is no
+.B From
+field,
+.B qmail-inject
+adds a new
+.B From
+field with the name of the user invoking
+.B qmail-inject.
+
+RFC 822 requires that certain sender fields contain
+only a single address, but
+.B qmail-inject
+does not enforce this restriction.
+.SH "RECIPIENT ADDRESSES"
+.B qmail-inject
+looks for recipient address lists in the following fields:
+.BR To ,
+.BR Cc ,
+.BR Bcc ,
+.BR Apparently-To ,
+.BR Resent-To ,
+.BR Resent-Cc ,
+.BR Resent-Bcc .
+
+Every message must contain at least one
+.B To
+or
+.B Cc
+or
+.BR Bcc .
+.B qmail-inject
+deletes any
+.B Bcc
+field.
+If there is no
+.B To
+or
+.B Cc
+field,
+.B qmail-inject
+adds a line
+
+.EX
+ Cc: recipient list not shown: ;
+.EE
+
+This complies with RFC 822;
+it also works around some strange
+.B sendmail
+behavior, in case the message is passed through
+.B sendmail
+on another machine.
+.SH STAMPS
+Every message must contain a
+.B Date
+field, with the date in a strict format defined by RFC 822.
+If necessary
+.B qmail-inject
+creates a new
+.B Date
+field with the current date (in GMT).
+
+Every message should contain a
+.B Message-Id
+field.
+The field contents are a unique worldwide identifier for this message.
+If necessary
+.B qmail-inject
+creates a new
+.B Message-Id
+field.
+
+Another important field is
+.BR Received .
+Every time the message is sent from one system to another,
+a new
+.B Received
+field is added to the top of the message.
+.B qmail-inject
+does not create any
+.B Received
+fields.
+.SH "RESENT MESSAGES"
+A message is
+.I resent
+if it contains any of the following fields:
+.BR Resent-Sender ,
+.BR Resent-From ,
+.BR Resent-Reply-To ,
+.BR Resent-To ,
+.BR Resent-Cc ,
+.BR Resent-Bcc ,
+.BR Resent-Date ,
+.BR Resent-Message-ID .
+
+If a message is resent,
+.B qmail-inject
+changes its behavior as follows.
+
+It deletes any
+.B Resent-Bcc
+field (as well as any
+.B Bcc
+field);
+if there are no
+.B Resent-To
+or
+.B Resent-Cc
+fields,
+.B qmail-inject
+adds an appropriate
+.B Resent-Cc
+line.
+It does
+.I not
+add a
+.B Cc
+line,
+even if neither
+.B To
+nor
+.B Cc
+is present.
+
+If there is no
+.B Resent-From
+field,
+.B qmail-inject
+adds a new
+.B Resent-From
+field.
+It does
+.I not
+add a new
+.B From
+field.
+
+.B qmail-inject
+adds
+.B Resent-Date
+if one is not already present;
+same for
+.BR Resent-Message-Id .
+It does
+.I not
+add new
+.B Date
+or
+.B Message-Id
+fields.
+.SH "OTHER FEATURES"
+Addresses are separated by commas, not spaces.
+When
+.B qmail-inject
+sees an illegal space,
+it inserts a comma:
+
+.EX
+ djb fred -> djb, fred
+.EE
+
+.B qmail-inject
+removes all
+.B Return-Path
+header fields.
+
+.B qmail-inject
+also removes any
+.B Content-Length
+fields.
+.SH "SEE ALSO"
+addresses(5),
+envelopes(5),
+qmail-inject(8)
diff --git a/man/qmail-inject.8 b/man/qmail-inject.8
new file mode 100644
index 0000000..33d37e2
--- /dev/null
+++ b/man/qmail-inject.8
@@ -0,0 +1,309 @@
+.TH s/qmail: qmail-inject 8
+.SH NAME
+qmail-inject \- preprocess and send a mail message
+.SH SYNOPSIS
+.B qmail-inject
+[
+.B \-nNaAhH
+] [
+.B \-f\fIsender
+] [
+.I recip ...
+]
+.SH DESCRIPTION
+.B qmail-inject
+reads a mail message from its standard input,
+adds appropriate information to the message header,
+and invokes
+.B qmail-queue
+to send the message
+to one or more recipients.
+
+See
+.B qmail-header(5)
+for information on how
+.B qmail-inject
+rewrites header fields.
+
+.B qmail-inject
+normally exits 0.
+It exits 100 if it was invoked improperly
+or if there is a severe syntax error in the message.
+It exits 111 for temporary errors.
+.SH "ENVIRONMENT VARIABLES"
+For the convenience of users who do not run
+.B qmail-inject
+directly,
+.B qmail-inject
+takes many options through environment variables.
+
+The user name in the
+.B From
+header field is set by
+.BR QMAILUSER ,
+.BR MAILUSER ,
+.BR USER ,
+or
+.BR LOGNAME ,
+whichever comes first.
+
+The host name is normally set by the
+.I defaulthost
+control
+but can be overridden with
+.B QMAILHOST
+or
+.BR MAILHOST .
+
+The personal name is
+.BR QMAILNAME ,
+.BR MAILNAME ,
+or
+.BR NAME .
+
+The default envelope sender address is the same as the
+default
+.B From
+address,
+but it can be overridden with
+.B QMAILSUSER
+and
+.BR QMAILSHOST .
+It may also be modified by the
+.B r
+and
+.B m
+letters described below.
+Bounces will be sent to this address.
+
+If
+.B QMAILMFTFILE
+is set,
+.B qmail-inject
+reads a list of mailing list addresses,
+one per line,
+from that file.
+If To+Cc includes one of those addresses (without regard to case),
+.B qmail-inject
+adds a Mail-Followup-To field
+with all the To+Cc addresses.
+.B qmail-inject
+does not add Mail-Followup-To
+to a message that already has one.
+
+The
+.B QMAILINJECT
+environment variable
+can contain any of the following letters:
+.TP
+.B c
+Use address-comment style for the
+.B From
+field.
+Normally
+.B qmail-inject
+uses name-address style.
+.TP
+.B s
+Do not look at any incoming
+.B Return-Path
+field.
+Normally, if
+.B Return-Path
+is supplied, it sets the envelope sender address,
+overriding all environment variables.
+.B Return-Path
+is deleted in any case.
+.TP
+.B f
+Delete any incoming
+.B From
+field.
+Normally, if
+.B From
+is supplied, it overrides the usual
+.B From
+field created by
+.BR qmail-inject .
+.TP
+.B i
+Delete any incoming
+.B Message-ID
+field.
+Normally, if
+.B Message-ID
+is supplied, it overrides the usual
+.B Message-ID
+field created by
+.BR qmail-inject .
+.TP
+.B r
+Use a per-recipient VERP.
+.B qmail-inject
+will append each recipient address to the envelope sender
+of the copy going to that recipient.
+.TP
+.B m
+Use a per-message VERP.
+.B qmail-inject
+will append the current date and process ID to the envelope sender.
+.SH OPTIONS
+.TP
+.B \-a
+Send the message to all addresses given as
+.I recip
+arguments;
+do not use header recipient addresses.
+.TP
+.B \-h
+Send the message to all header recipient addresses.
+For non-forwarded messages, this means
+the addresses listed under
+.BR To ,
+.BR Cc ,
+.BR Bcc ,
+.BR Apparently-To .
+For forwarded messages, this means
+the addresses listed under
+.BR Resent-To ,
+.BR Resent-Cc ,
+.BR Resent-Bcc .
+Do not use any
+.I recip
+arguments.
+.TP
+.B \-A
+(Default.)
+Send the message to all addresses given as
+.I recip
+arguments.
+If no
+.I recip
+arguments are supplied,
+send the message to all header recipient addresses.
+.TP
+.B \-H
+Send the message to all header recipient addresses,
+and to all addresses given as
+.I recip
+arguments.
+.TP
+.B \-f\fIsender
+Pass
+.I sender
+to
+.B qmail-queue
+as the envelope sender address.
+This overrides
+.B Return-Path
+and all environment variables.
+.TP
+.B \-N
+(Default.)
+Feed the resulting message to
+.BR qmail-queue .
+.TP
+.B \-n
+Print the message rather than feeding it to
+.BR qmail-queue .
+.SH "CONTROL FILES"
+.TP 5
+.I defaultdomain
+Default domain name.
+Default:
+.IR me ,
+if that is supplied;
+otherwise the literal name
+.BR defaultdomain ,
+which is probably not what you want.
+.B qmail-inject
+adds this name to any host name without dots,
+including
+.I defaulthost
+if
+.I defaulthost
+does not have dots.
+(Exception: see
+.IR plusdomain .)
+
+The
+.B QMAILDEFAULTDOMAIN
+environment variable
+overrides
+.IR defaultdomain .
+.TP 5
+.I defaulthost
+Default host name.
+Default:
+.IR me ,
+if that is supplied;
+otherwise the literal name
+.BR defaulthost ,
+which is probably not what you want.
+.B qmail-inject
+adds this name to any address without a host name.
+.I defaulthost
+need not be the current host's name.
+For example,
+you may prefer that outgoing mail show
+just your domain name.
+
+The
+.B QMAILDEFAULTHOST
+environment variable overrides
+.IR defaulthost .
+.TP 5
+.I idhost
+Host name for Message-IDs.
+Default:
+.IR me ,
+if that is supplied;
+otherwise the literal name
+.BR idhost ,
+which is certainly not what you want.
+.I idhost
+need not be the current host's name.
+For example, you may prefer to use fake
+host names in Message-IDs.
+However,
+.I idhost
+must be a fully-qualified name within your domain,
+and each host in your domain should use a different
+.IR idhost .
+
+The
+.B QMAILIDHOST
+environment variable overrides
+.IR idhost .
+.TP 5
+.I plusdomain
+Plus domain name.
+Default:
+.IR me ,
+if that is supplied;
+otherwise the literal name
+.BR plusdomain ,
+which is probably not what you want.
+.B qmail-inject
+adds this name to any host name that ends with a plus sign,
+including
+.I defaulthost
+if
+.I defaulthost
+ends with a plus sign.
+If a host name does not have dots but ends with a plus sign,
+.B qmail-inject
+uses
+.IR plusdomain ,
+not
+.IR defaultdomain .
+
+The
+.B QMAILPLUSDOMAIN
+environment variable overrides
+.IR plusdomain .
+.SH "SEE ALSO"
+addresses(5),
+qmail-control(5),
+qmail-header(5),
+qmail-queue(8)
diff --git a/man/qmail-limits.9 b/man/qmail-limits.9
new file mode 100644
index 0000000..47f81f4
--- /dev/null
+++ b/man/qmail-limits.9
@@ -0,0 +1,33 @@
+.TH s/qmail: qmail-limits 7
+.SH "NAME"
+qmail-limits \- artificial limits in the qmail system
+
+.SH "DESCRIPTION"
+The
+.B qmail
+system is able to handle messages of any size,
+addresses of any size, mailing lists of any size, and so on,
+except as limited by the available memory and disk space.
+
+However, it imposes certain artificial limits:
+.TP 5
+1.
+.B qmail-lspawn
+silently limits the number of simultaneous local deliveries to SPAWN.
+.B qmail-rspawn
+silently limits the number of simultaneous remote deliveries to SPAWN.
+.TP 5
+2.
+.B qmail-queue
+rejects any message with an envelope address longer than 1000 characters.
+.TP 5
+3.
+.B qmail-lspawn
+truncates any overly long error report from a delivery program.
+It appends a note saying that it did so.
+
+.SH "SEE ALSO"
+qmail-lspawn(8),
+qmail-queue(8),
+qmail-rspawn(8),
+ulimit(3).
diff --git a/man/qmail-local.8 b/man/qmail-local.8
new file mode 100644
index 0000000..9074d4e
--- /dev/null
+++ b/man/qmail-local.8
@@ -0,0 +1,99 @@
+.TH s/qmail: qmail-local 8
+.SH NAME
+qmail-local \- deliver or forward a mail message
+.SH SYNOPSIS
+.B qmail-local
+[
+.B \-nN
+]
+.I user
+.I homedir
+.I local
+.I dash
+.I ext
+.I domain
+.I sender
+.I defaultdelivery
+.SH DESCRIPTION
+.B qmail-local
+reads a mail message
+and delivers it to
+.I user
+by the procedure described in
+.BR dot-qmail(5) .
+
+The message's envelope recipient is
+.IR local@domain .
+.B qmail-local
+records
+.I local@domain
+in a new
+.B Delivered-To
+header field without the virtual user name extension.
+If exactly the same
+.B Delivered-To: \fIlocal@domain
+already appears in the header,
+.B qmail-local
+bounces the message,
+to prevent mail forwarding loops.
+
+The message's envelope sender is
+.IR sender .
+.B qmail-local
+records
+.I sender
+in a new
+.B Return-Path
+header field.
+
+.I homedir
+is the user's home directory.
+It must be an absolute directory name.
+
+.I dash
+and
+.I ext
+identify the
+.B .qmail\fIdashext
+file used by
+.BR qmail-local ;
+see
+.BR dot-qmail(5) .
+Normally
+.I dash
+is either empty or a lone hyphen.
+If it is empty,
+.B qmail-local
+treats a nonexistent
+.B .qmail\fIext
+the same way as an empty
+.BR .qmail\fIext :
+namely, following the delivery instructions in
+.IR defaultdelivery .
+
+The standard input for
+.B qmail-local
+must be a seekable file,
+so that
+.B qmail-local
+can read it more than once.
+.SH "OPTIONS"
+.TP
+.B \-n
+Instead of reading and delivering the message,
+print a description of the delivery instructions.
+.TP
+.B \-N
+(Default.) Read and deliver the message.
+.SH "EXIT CODES"
+0 if the delivery is completely successful;
+nonzero if any delivery instruction failed.
+Exit code 111
+indicates temporary failure.
+.SH "SEE ALSO"
+dot-qmail(5),
+envelopes(5),
+qmail-command(8),
+qmail-queue(8),
+qmail-send(8),
+qmail-lspawn(8)
diff --git a/man/qmail-log.5 b/man/qmail-log.5
new file mode 100644
index 0000000..a7584e1
--- /dev/null
+++ b/man/qmail-log.5
@@ -0,0 +1,448 @@
+.TH s/qmail: qmail-log 5
+.SH NAME
+qmail-log \- s/qmail activity record
+.SH DESCRIPTION
+.B qmail-send
+prints a series of lines describing its activities.
+Each possible line is described below.
+.SH "STATUS"
+.TP
+.B status: local \fIl\fR/\fIL\fR remote \fIr\fR/\fIR\fR ...
+.B qmail-send
+is waiting for
+.I l
+local deliveries
+and
+.I r
+remote deliveries.
+The concurrency limits are
+.I L
+and
+.IR R .
+.TP
+.B status: exiting
+.B qmail-send
+is done.
+.SH "FATAL PROBLEMS"
+.TP
+.B alert: cannot start: ...
+.B qmail-send
+is unable to prepare itself for delivering messages;
+it is giving up.
+This normally indicates a serious configuration error,
+but it can be caused by a temporary lack of resources.
+.TP
+.B alert: oh no! lost ...
+One of the other daemons has died.
+.B qmail-send
+will exit as soon as possible.
+.SH "SERIOUS PROBLEMS"
+.TP
+.B alert: unable to append to bounce message...
+.B qmail-send
+is unable to record a permanent failure,
+usually because the disk is full.
+This is a very serious problem;
+.B qmail-send
+cannot proceed without recording the results.
+It will try again in ten seconds.
+.TP
+.B alert: out of memory...
+.B qmail-send
+tried to allocate more memory and failed.
+It will try again in ten seconds.
+.TP
+.B alert: unable to opendir...
+.B qmail-send
+is having trouble reading a file list from disk,
+usually because the system's file descriptor table is full,
+but possibly because permissions are set incorrectly.
+It will try again in ten seconds.
+.TP
+.B alert: unable to switch back...
+.B qmail-send
+was sent SIGHUP,
+and it is unable to reenter the queue directory.
+This is a very serious problem;
+.B qmail-send
+cannot proceed outside the queue directory.
+It will try again in ten seconds.
+.TP
+.B alert: unable to reread...
+.B qmail-send
+was sent SIGHUP,
+but it is unable to read the new controls.
+It will continue operating with the original controls.
+.SH "MESSAGES"
+.TP
+.B new msg \fIm\fR
+.B qmail-send
+is going to preprocess a queued message.
+The message number,
+.IR m ,
+is its disk inode number.
+After a message is removed from the queue,
+its number can be reused immediately.
+.TP
+.B info msg \fIm\fR: bytes \fIb\fR from <\fIs\fR> qp \fIq\fR uid \fIu\fR
+Message
+.I m
+contains
+.I b
+bytes;
+its envelope sender is
+.IR s ;
+it was queued by a user with user ID
+.IR u .
+.I q
+is a long-term queue identifier,
+the process ID of the
+.B qmail-queue
+that queued the message.
+.TP
+.B bounce msg \fIm\fR qp \fIq\fR
+Message
+.I m
+had some delivery failures.
+The long-term queue identifier of the bounce (or double-bounce) message
+is
+.IR q .
+.TP
+.B double bounce: discarding ...
+Message
+.I m
+was discarded due to an \'empty\' recipient in
+.
+.IR doublebounceto .
+.TP
+.B triple bounce: discarding ...
+Message
+.I m
+had some delivery failures,
+but it is already a double-bounce message,
+so it must be thrown away.
+Triple-bounce messages do not exist.
+.TP
+.B end msg \fIm\fR
+.B qmail-send
+is about to remove
+message
+.I m
+from the queue.
+.SH "DELIVERIES"
+.TP
+.B starting delivery \fId\fR: msg \fIm\fR to ...
+.B qmail-send
+is telling
+.B qmail-lspawn
+or
+.B qmail-rspawn
+to deliver message
+.I m
+to one recipient.
+The delivery number,
+.IR d ,
+starts at 1 and increases by 1 for each new delivery.
+.TP
+.B delivery \fId\fR: success: ...
+Delivery
+.I d
+was successful.
+.TP
+.B delivery \fId\fR: failure: ...
+Delivery
+.I d
+failed permanently.
+The message will bounce.
+.TP
+.B delivery \fId\fR: deferral: ...
+Delivery
+.I d
+failed temporarily.
+This recipient will be retried later.
+.TP
+.B delivery \fId\fR: report mangled, will defer
+There is a serious bug in
+.B qmail-lspawn
+or
+.BR qmail-rspawn .
+This recipient will be retried later.
+.SH "WARNINGS"
+.TP
+.B internal error: delivery report out of range
+.B qmail-lspawn
+or
+.B qmail-rspawn
+has supplied a report on a nonexistent delivery.
+This is a serious bug.
+.TP
+.B qmail-clean unable to clean up ...
+For some reason
+.B qmail-clean
+is unable to remove the indicated file.
+It will try again later.
+.TP
+.B trouble fsyncing ...
+.B qmail-send
+was unable to write to disk the results of preprocessing a queued message.
+It will try again later.
+.TP
+.B trouble in select
+There is an operating system bug.
+.TP
+.B trouble injecting bounce message...
+.B qmail-send
+was unable to queue a bounce message,
+usually because the disk is full.
+It will try again later.
+.TP
+.B trouble marking ...
+.B qmail-send
+was unable to record the result of a successful or permanently
+unsuccessful delivery.
+This means that the delivery will be tried again later.
+.TP
+.B trouble opening ...
+.B qmail-send
+was unable to open the list of local or remote recipients
+for a message.
+It will try again later.
+.TP
+.B trouble reading ...
+Either
+.B qmail-send
+is unable to read a recipient list,
+or it is unable to read the envelope of a queued
+message, or it is out of memory.
+Whatever it was doing, it will try again later.
+.TP
+.B trouble writing to ...
+.B qmail-send
+was unable to preprocess a queued message,
+usually because the disk is full.
+It will try again later.
+.TP
+.B unable to create ...
+.B qmail-send
+was unable to preprocess a queued message,
+usually because the disk is out of inodes.
+It will try again later.
+.TP unable to create .... [info,delivery]
+.B qmail-send
+could not setup a valid file descriptor.
+This is a fatal error.
+.TP
+.B unable to open ...
+.B qmail-send
+is unable to read the envelope of a queued message
+for preprocessing.
+It will try again later.
+.TP
+.B unable to start qmail-queue...
+.B qmail-send
+is unable to queue a bounce message,
+usually because the machine is almost out of memory.
+It will try again later.
+This can also be caused by incorrect settings of
+.B $QMAILQUEUE
+or errors in a program or script which
+.B $QMAILQUEUE
++points to.
+.TP
+.B unable to stat ...
+.B qmail-send
+is unable to obtain information about a file that should exist.
+It will try again later.
+.TP
+.B unable to unlink ...
+.B qmail-send
+is unable to remove a file.
+It will try again later.
+.TP
+.B unable to utime ...
+.B qmail-send
+is about to exit,
+and it is unable to record on disk
+the next scheduled delivery time for a message.
+The message will be retried as soon as
+.B qmail-send
+is restarted.
+.TP
+.B unknown record type in ...
+There is a serious bug in either
+.B qmail-queue
+or
+.BR qmail-send .
+
+.SH "UNIFIED SMTPD/POP3D LOGGING"
+.B qmail-smtpd
+and
+.B qmail-popup
+log additional information in a unified extensible format
+\fIAction::Type::Condition\fR \fIInformation\fR.
+
+.B Action
+is either
+.IR Reject ,
+.IR Accept ,
+or additionally
+.IR Info .
+
+The
+.B Type
+belongs to the following information:
+.TP
+.I SNDR
+the client's hostname,
+.TP
+.I SPF
+indicating SPF validation,
+.TP
+.I TLS
+labeling TLS connections,
+.TP
+.I AUTH
+for Authenticated sessions. Further
+.TP
+.I ORIG
+relates to the return path \fIF:<Return-Path>\fR, and
+.TP
+.I RCTP
+to the forwarding path \fIT:<Forwarding-Path>\fR, and finally
+.TP
+.I DATA
+to the message.
+
+.TP 0
+The following \fBConditions\fR are provided:
+.TP 4
+.I Bad_Helo
+the client's HELO/EHLO greeting string was found in
+.IR badhelo
+or rejected because of one of the following conditions indicated
+in the information section: '!' (HELO/EHLO not provided/empty)
+, '\.'/'*' (HELO/EHLO rejected due to a direct/wildmat match with entries in
+.IR badhelo ).
+.TP
+.I Bad_Loader
+the content of a base64 encoded MIME part matched an
+entry in
+.IR badloadertypes.cdb .
+.TP
+.I Bad_MIME
+a base64 encoded MIME part matched an entry n
+.IR badmimetypes.cdb .
+.TP
+.I Bad_Mailfrom
+the provided <Return-Path> matched an entry in
+.I badmailfrom
+additionally with the rejection conditions: '@' (address), '*'
+(wildmat), '-' (badmailfromunknown), and '+' (spoofing).
+.TP
+.I Bad_Rcptto
+the provided <Forwarding-Path> matched an entry in
+.IR badrcptto .
+.TP
+.I DNS_Helo
+the client's HELO/EHLO greeting did not match it's
+FQDN or no DNS A/MX RR was found as indicated with the
+following symbols: '=' (HELO/EHLO does not match
+.BR TCPREMOTEHOST )
+, 'A' (DNS A-Name lookup failed for HELO/EHLO)
+, 'M' (DNS MX lookup failed for HELO/EHLO).
+.TP
+.I DNS_MF
+no DNS MX RR was found for the <Return-Path>.
+.TP
+.I Failed_Rcptto
+the <Forwarding-Path> did not match entry in the provdided
+cdbs as per
+.IR recipients .
+.TP
+.I Invalid_Relay
+the none-RELAYCLIENT provided a <Forwarding-Path> not
+allowed as per
+.I rcpthosts
+or
+.IR morercpthosts.cdb .
+.TP
+.I Invalid_Sender
+the <Return-Path> of a RELAYCLIENT did not match the
+provided value of LOCALMFCHECK or did not match against
+.I mailfromrules.cdb
+or was not found in
+.I rcpthosts
+or
+.IR morercpthosts.cdb .
+.TP
+.I Invalid_Size
+the message size exceeded the maximum as provided by
+DATEBYTES or
+.IR databytes .
+.TP
+.I Toomany_Rcptto
+the number of Recipients ('RCPT TO:') exaggerated the
+value provided as MAXRECPIENTS.
+.TP
+.I Cipher
+TLS session used this cipher.
+.TP
+.I Missing
+depending on the context, either the required
+Start-TLS or AUTH s/qmail: is not granted.
+.TP
+.I Pam
+SMTP authentication was granted by pam.
+.TP
+.I Recipients_Rcptto
+the <Forwarding-Path> matched an entry in the cdbs available per
+.IR reccients .
+.TP
+.I Recipients_Verp
+the Forwarding-Path was recogized as VERP and matched an entry
+in the cdbs available per
+.IR recipients .
+.TP
+.I Recipients_Domain
+the Forwarding-Path matched a wildcard domain entry in the cdbs
+available per
+.IR recipients .
+.TP
+.I Rcpthosts_Rcptto
+the domain part of the <Forwarding-Path> matched an entry in
+.I rcpthosts
+or
+.IR morercpthosts.cdb .
+
+.TP 0
+The displayed \fBInformation\fR:
+
+.TP 4
+.I P:protocol
+the effective SMTP or POP3 protocol in use.
+.TP
+.I S:IP:FQDN
+the sender's IP and FQDN address available via
+TCPREMOTEIP(6) and TCPREMOTEHOST.
+.TP
+.I H:string
+the client's HELO/EHLO greeting string.
+.TP
+.I F:Return-Path
+the provided 'MAIL FROM:' address (if any).
+.TP
+.I T:Forwarding-Path
+the given 'RCPT TO:' address.
+.TP
+.I ?~ 'userid'
+in case of authentication the provided userid.
+.TP
+.I != 'DN'
+in case of a TLS session, the presented client's
+\'Subject\' Distinguished Name (DN) - if available
+(otherwise \'unknown\').
+
+.SH "SEE ALSO"
+qmail-send(8),
+qmail-smtpd(8),
+qmail-control(9)
diff --git a/man/qmail-lspawn.8 b/man/qmail-lspawn.8
new file mode 100644
index 0000000..e97a93d
--- /dev/null
+++ b/man/qmail-lspawn.8
@@ -0,0 +1,46 @@
+.TH s/qmail: qmail-lspawn 8
+.SH NAME
+qmail-lspawn \- schedule local deliveries
+.SH SYNOPSIS
+.B qmail-lspawn
+.I defaultdelivery
+.SH DESCRIPTION
+.B qmail-lspawn
+reads a series of local delivery commands from descriptor 0,
+invokes
+.B qmail-local
+to perform the deliveries,
+and prints the results to descriptor 1.
+It passes
+.I defaultdelivery
+to
+.B qmail-local
+as the default delivery instruction.
+
+.B qmail-lspawn
+invokes
+.B qmail-local
+asynchronously,
+so the results may not be in the same order as the commands.
+
+For each recipient address,
+.B qmail-lspawn
+finds out which local user controls that address.
+It first checks the
+.B qmail-users
+mechanism; if the address is not listed there, it invokes
+.BR qmail-getpw .
+.B qmail-lspawn
+then runs
+.B qmail-local
+under the user's uid and gid.
+It does not set up any supplementary groups.
+
+.B qmail-lspawn
+treats an empty mailbox name as a trash address.
+.SH "SEE ALSO"
+envelopes(5),
+qmail-users(5),
+qmail-getpw(8),
+qmail-send(8),
+qmail-local(8)
diff --git a/man/qmail-mfrules.9 b/man/qmail-mfrules.9
new file mode 100644
index 0000000..17d575f
--- /dev/null
+++ b/man/qmail-mfrules.9
@@ -0,0 +1,108 @@
+.TH s/qmail: qmail-mfrules 8
+.SH "NAME"
+qmail-mfrules \- prepare mfrules for qmail-smtpd
+.SH SYNOPSIS
+.B qmail-mfrules
+
+.SH "DESCRIPTION"
+.B qmail-mfrules
+reads the addresses provided in
+.BR SQMAIL/control/mailfromrules ,
+converts them into lowercase, and writes them into
+.B SQMAIL/control/mailfromrules.cdb
+in a binary format suited
+for quick access by
+.BR qmail-smtpd .
+
+If there is a problem with
+.BR control/mailfromrules ,
+.B qmail-mfrules
+complains and leaves
+.B control/mailfromrules.cdb
+alone.
+
+.B qmail-mfrules
+ensures that
+.B control/mailfromrules.cdb
+is updated atomically,
+so
+.B qmail-smtpd
+never has to wait for
+.B qmail-mfrules
+to finish.
+However,
+.B qmail-mfrules
+makes no attempt to protect against two simultaneous updates of
+.BR control/mailfromrules.cdb .
+
+The binary
+.B control/mailfromrules.cdb
+format is portable across machines.
+
+.SH "RULE FORMAT"
+A rule is one line. A file containing rules may also contain comments: lines
+beginning with # are ignored. All addresses are evaluated case-insensitive.
+
+Each rule contains an address, an ampersend sign '&', and a list of strings separated by
+commas to be used for 'Mail From: Address Verification' (MAV). When
+.BR qmail-smtpd (8)
+receives a connection from that address, it checks whether the received
+envelope sender address correspondes with a MAV string (from the right
+to the left).
+The MAV string for an address may be NULL in order to allow any envelope
+sender address. NULLSENDER envelope addresses are not subject of the MAV.
+
+.SH "RULE BASE"
+.BR qmail-smtpd (8)
+looks for rules with various addresses in the following order:
+.IP 1
+$TCPREMOTEINFO, if $TCPREMOTEINFO is set (e.g. by SMTP Authentication);
+.IP 2.
+$TCPREMOTEINFO@$TCPREMOTEIP, if $TCPREMOTEINFO is set;
+.IP 3.
+$TCPREMOTEINFO@=$TCPREMOTEHOST, if $TCPREMOTEINFO is set and $TCPREMOTEHOST is
+set;
+.IP 4.
+the dotted decimal $TCPREMOTEIP address;
+.IP 5.
+the compactified $TCPREMOTEIP6 address;
+.IP 6.
+=$TCPREMOTEHOST, if $TCPREMOTEHOST is set;
+.IP 7.
+shorter and shorter prefixes of $TCPREMOTEIP ending with a dot;
+.IP 8.
+shorter and shorter values of $TCPREMOTEIP6 ending with a colon;
+.IP 9.
+shorter and shorter suffixes of $TCPREMOTEHOST starting with a dot, preceded
+by =, if $TCPREMOTEHOST is set; and finally
+.IP 10.
+=, if $TCPREMOTEHOST is set.
+.P
+.B qmail-smtpd
+employes the first matching rule for the MAV check. You should use the
+.B -p
+option to
+.BR sslserver
+if you rely on $TCPREMOTEHOST here.
+
+For example, here are some rules:
+
+.EX
+ jsmith@virtualdomain.com&john.smith@virtualdomain.com
+ joe@18.23.0.32&joe@example.com
+ 18.23&@example.com
+ =.heaven.mil&God@heaven.mil,st.peter@heaven.mil,-angles@heaven.mil
+ fe80:&user@myhost.local
+ 2001::feh:abc9:&me@fehnet.com
+.EE
+
+.SH "IP-ADDRESSES"
+.B qmail-mfrules
+recognizes the dotted-decimal IPv4 and the compactified
+IPv6 addresses tokenized by the 'dot' or the 'colon' character
+and compares the respective parts from right to left.
+However, the CIDR address format is not supported (yet).
+
+
+.SH "SEE ALSO"
+qmail-smtpd(8)
diff --git a/man/qmail-mrtg.8 b/man/qmail-mrtg.8
new file mode 100644
index 0000000..165c0d5
--- /dev/null
+++ b/man/qmail-mrtg.8
@@ -0,0 +1,145 @@
+.TH s/qmail: qmail-mrtg 8
+
+.SH NAME
+qmail-mrtg \- prepare s/qmail logs for MRTG analysis
+.SH SYNOPSIS
+.B qmail-mrtg [ -1 | -2 | -3 | -4 | -5 | -6 | -a | -b | -c | -d | -e | -f | -g | -h | -i | -j | k | -z | -A | -B ] [time]
+
+.SH DESCRIPTION
+.B qmail-mrtg
+reads the
+.B multilog
+tagged
+.B s/qmail
+logs with TAI64N timestamps on standard input
+to produce a counter for specifc
+.B s/qmail
+events and display them on standard output
+suitable for MRTG processing.
+
+.SH USAGE
+.B qmail-mrtg
+can be used to analyse
+.BR qmail-send ,
+.BR qmail-smtpd ,
+and
+.B qmail-pop3d
+logs in order to feed the results into MRTG.
+
+Typically,
+.B qmail-mrtg
+is called by the
+.B crontab
+facility together with a configuration files telling
+.B qmail-mrtg
+what to analyse.
+
+.SH ARGUMENTS
+.B qmail-mrtg
+posses three different sets of commands.
+Reading
+.B qmail-send
+logs:
+.I -1
+Deliveries/TLS transmitted,
+.I -2
+Message KBytes enqueued,
+.I -3
+Local/Remote Concurrency,
+.I -4
+Failure/Deferred Messages,
+.I -5
+Bounces/Triple bounces,
+.I -6
+qmtp/qmtps Messages.
+
+.B qmail-smtpd
+logs:
+.I -a
+total sessions,
+.I -b
+accepted/rejected sessions,
+.I -c
+rejected sessions (MTA),
+.I -d
+rejected originator,
+.I -e
+rejected recipient,
+.I -f
+rejected data (Mime + Loader),
+.I -g
+rejected data (Virus + Spam),
+.I -h
+authenticated sessions,
+.I -i
+accepted/rejected TLS sessions,
+.I -j
+recognized/rejected SPF sessions.
+.I -k
+deferred SMTP sessions (greylisted).
+Summaries are provided by
+.I -z
+total sessions, including
+.B qmail-smtpd
+and
+.BR tcpserver /
+.BR sslserver /
+.BR rblsmtpd .
+
+.BR qmail-pop3d /
+.B qmail-popup
+logs:
+.I -A
+accepted/rejected POP3 user,
+.I -B
+.BR qmail-pop3d /
+.BR tcpserver /
+.B sslserver
+connections.
+
+The intervals to evaluate the information given on STDIN
+defaults to
+.IR 305\ secs
+and can be changed by the second argument for
+.B qmail-mrtg
+providing a value as
+.I minutes
+increased by an offset of 5 sec to cover a roll-over
+cut-off by
+.BR crontab .
+.SH "CONFIGURATION FILES"
+.B qmail-mrtg
+depends on a configuration file for each service.
+Sample configuration files are provided.
+
+.SH "CRON INVOCATION"
+Since
+.B qmail-mrtg
+typically is invoked by the
+.B cron
+facility, additional information neeeds to be supplied:
+
+.EX
+ */5 * * * * env LANG=C mrtg /etc/qmail-mrtg.send.cfg &>/dev/null
+ */5 * * * * env LANG=C mrtg /etc/qmail-mrtg.smtpd.cfg &>/dev/null
+ */5 * * * * env LANG=C mrtg /etc/qmail-mrtg.pop3d.cfg &>/dev/null
+.EE
+
+Note: The default interval of
+.IR 305\ secs
+allows a certain overlap for cron not to loose events at the very
+edge.
+
+.SH "CREDITS"
+.B MRTG
+is a program created by Tobias Oetiker and Dave Rand
+(http://oss.oetiker.ch/mrtg/).
+
+.SH "SEE ALSO"
+mrtg(1),
+crontab(5),
+cron(8),
+qmail-log(8),
+qmail-send(8),
+qmail-smtpd(8),
+qmail-popup(8).
diff --git a/man/qmail-newmrh.9 b/man/qmail-newmrh.9
new file mode 100644
index 0000000..941dc03
--- /dev/null
+++ b/man/qmail-newmrh.9
@@ -0,0 +1,41 @@
+.TH s/qmail: qmail-newmrh 8
+.SH NAME
+qmail-newmrh \- prepare morercpthosts for qmail-smtpd
+.SH SYNOPSIS
+.B qmail-newmrh
+.SH DESCRIPTION
+.B qmail-newmrh
+reads the instructions in
+.B SQMAIL/control/morercpthosts
+and writes them into
+.B SQMAIL/control/morercpthosts.cdb
+in a binary format suited
+for quick access by
+.BR qmail-smtpd .
+
+If there is a problem with
+.BR control/morercpthosts ,
+.B qmail-newmrh
+complains and leaves
+.B control/morercpthosts.cdb
+alone.
+
+.B qmail-newmrh
+ensures that
+.B control/morercpthosts.cdb
+is updated atomically,
+so
+.B qmail-smtpd
+never has to wait for
+.B qmail-newmrh
+to finish.
+However,
+.B qmail-newmrh
+makes no attempt to protect against two simultaneous updates of
+.BR control/morercpthosts.cdb .
+
+The binary
+.B control/morercpthosts.cdb
+format is portable across machines.
+.SH "SEE ALSO"
+qmail-smtpd(8)
diff --git a/man/qmail-newu.9 b/man/qmail-newu.9
new file mode 100644
index 0000000..a030794
--- /dev/null
+++ b/man/qmail-newu.9
@@ -0,0 +1,43 @@
+.TH s/qmail: qmail-newu 8
+.SH NAME
+qmail-newu \- prepare address assignments for qmail-lspawn
+.SH SYNOPSIS
+.B qmail-newu
+.SH DESCRIPTION
+.B qmail-newu
+reads the assignments in
+.B SQMAIL/users/assign
+and writes them into
+.B SQMAIL/users/assign.cdb
+in a binary format suited
+for quick access by
+.BR qmail-lspawn .
+
+If there is a problem with
+.BR users/assign ,
+.B qmail-newu
+complains and leaves
+.B users/assign.cdb
+alone.
+
+.B qmail-newu
+ensures that
+.B users/assign.cdb
+is updated atomically,
+so
+.B qmail-lspawn
+never has to wait for
+.B qmail-newu
+to finish.
+However,
+.B qmail-newu
+makes no attempt to protect against two simultaneous updates of
+.BR users/assign.cdb .
+
+The binary
+.B users/assign.cdb
+format is portable across machines.
+.SH "SEE ALSO"
+qmail-users(5),
+qmail-lspawn(8),
+qmail-pw2u(8)
diff --git a/man/qmail-pop3d.8 b/man/qmail-pop3d.8
new file mode 100644
index 0000000..14afa93
--- /dev/null
+++ b/man/qmail-pop3d.8
@@ -0,0 +1,46 @@
+.TH s/qmail: qmail-pop3d 8
+.SH NAME
+qmail-pop3d \- provide mail via POP3
+.SH SYNOPSIS
+.B qmail-pop3d
+.I maildirname
+.SH DESCRIPTION
+.B qmail-pop3d
+lets a user read and delete his mail through the network.
+
+Mail is stored in a
+.B maildir
+called
+.IR maildirname ,
+normally
+.BR Maildir ,
+in the user's home directory.
+
+.B qmail-pop3d
+is normally invoked
+under
+.BR qmail-popup ,
+which reads a username and password,
+and
+.BR qmail-authuser ,
+which checks the password and sets up environment variables.
+
+.B qmail-pop3d
+has a 20-minute idle timeout.
+
+.B qmail-pop3d
+supports TOP, USER, UIDL, STLS, and LAST.
+
+.B qmail-pop3d
+appends an extra blank line to every message
+to work around serious bugs in certain clients.
+
+.B qmail-pop3d
+is based on a program contributed by Russ Nelson.
+
+.SH "SEE ALSO"
+maildir(5),
+qmail-authuser(8),
+qmail-local(8),
+qmail-popup(8),
+qmail-log(8).
diff --git a/man/qmail-popup.8 b/man/qmail-popup.8
new file mode 100644
index 0000000..bc4aeef
--- /dev/null
+++ b/man/qmail-popup.8
@@ -0,0 +1,131 @@
+.TH s/qmail: qmail-popup 8
+.SH NAME
+qmail-popup \- read a POP username and password
+.SH SYNOPSIS
+.B qmail-popup
+.I hostname
+.I subprogram
+.SH DESCRIPTION
+.B qmail-popup
+reads a POP username and password from the network.
+It then runs
+.IR subprogram .
+
+.B qmail-popup
+expects descriptor 0 to read from the network
+and descriptor 1 to write to the network.
+It reads a username and password from descriptor 0
+in POP's USER-PASS style or APOP style.
+File descriptor 5 is used to provide additional logging.
+It invokes
+.IR subprogram ,
+with the same descriptors 0 and 1;
+descriptor 2 writing to the network;
+and descriptor 3 reading the username, a 0 byte, the password,
+another 0 byte,
+an APOP timestamp derived from
+.IR hostname ,
+and a final 0 byte.
+.B qmail-popup
+then waits for
+.I subprogram
+to finish.
+It prints an error message if
+.I subprogram
+crashes or exits nonzero.
+
+.B qmail-popup
+has a 20-minute idle timeout.
+
+.SH "AUTHENTICATION"
+.B qmail-popup
+supports both username/password and APOP authentication.
+This latter is invoked, once the
+environment variable
+.I POP3AUTH='apop'
+or
+.I POP3AUTH='+apop'
+is set.
+In this case, you need to provide a
+APOP-capable PAM, eg.
+.BR qmail-authuser .
+
+.B qmail-popup
+should be used only within a secure network.
+Otherwise an eavesdropper can steal passwords.
+Even if you use APOP,
+an active attacker can still take over the connection
+and wreak havoc.
+
+.SH "STLS/POP3S SUPPORT"
+.B qmail-popup
+can be adviced to work on a TLS encrypted connection.
+
+At first, using
+.B sslserver
+and binding
+.BR qmail-popup ,
+.B qmail-pop3d
+on (in particular) the POP3S port
+.I 995
+provides mandatory TLS encryption.
+
+Second, in case you provide
+the environment variable
+.I UCSPITLS=''
+together with
+.BR sslserver ,
+.B qmail-popup
+communicates with the
+.B sslserver
+program interface through a control socket,
+a reading and a writing pipe created dynamically
+during the session start after announcing
+.I STLS
+to the client, thus allowing TLS encryption on request.
+In case
+.IR UCSPITLS='!'
+is set, STLS is required; while setting
+.IR UCSPITLS='-'
+disables STLS.
+
+.SH "LOGGING"
+.B qmail-popup
+provides logging of accepted and rejected POP3 sessions
+using about the same format as
+.BR qmail-smtpd .
+The authentication mechanism is indicated via
+.I User
+in case the userid/password method was used, and
+.I Apop
+if APOP challenge/response was applicable.
+The communication protocol may be either
+.I POP3
+or
+.I POP3S
+for of a STLS/POP3S secured connection.
+The
+.I username
+provided for authentication is displayed after the
+sequence
+.IR '?~' .
+In case
+.B qmail-popup
+is setup requiring STLS by means of
+.IR UCSPITLS='!' ,
+the log displays 'Any' as auth method
+and 'unknown' as username.
+
+
+The log is available on file descriptor 5.
+In order to display the result use the redirection '5>&1'.
+
+.B qmail-popup
+is based on a program contributed by Russ Nelson.
+
+.SH "SEE ALSO"
+maildir(5),
+qmail-authuser(8),
+qmail-pop3d(8),
+qmail-log(8).
+
diff --git a/man/qmail-postgrey.8 b/man/qmail-postgrey.8
new file mode 100644
index 0000000..b2532ce
--- /dev/null
+++ b/man/qmail-postgrey.8
@@ -0,0 +1,90 @@
+.TH s/qmail: qmail-postgrey 8
+.SH NAME
+qmail-postgrey \- send SMTP connection data to greylisting server
+.SH SYNOPSIS
+.B qmail-postgrey ip%netid;port Mail From: Rcpt To: TCPREMOTEIP TCPREMOTEHOST
+.SH DESCRIPTION
+.B qmail-postgrey
+is usually invoked by
+.B qmail-smtpd
+automatically provissioning the SMTP connection information
+.IR Mail\ From: ,
+.IR Rcpt\ To: ,
+.IR TCPREMOTEIP
+and
+.I TCPREMOTEHOST
+to a greylising server given by
+.IR IPv4|IPv6%netid;port .
+.I port
+defaults to
+.I 60000
+and thus can be omitted.
+IPv6 LLU addresses can be specified
+adding the
+.I netid
+name following the percentage sign.
+.SH "GREYLISTING SERVER"
+Since there is neither a formal API defined for the
+greylisting lookup nor for the behavior and return
+codes of the greylisting server,
+.B qmail-postgrey
+only works well with
+.I David\ Schweikert's
+.B postgrey
+implementation.
+
+Here, the server's response upon recognizing the triple
+.RI CLIENT_IP ,
+.I (SMTP\ envelope)\ SENDER
+and
+.I (SMTP\ envelope)\ RECIPIENT
+is either
+.IR action=DUNNO ,
+.I action=PREPEND
+or
+.I action=DEFER_IF_PERMIT
+and in case of the last,
+.B qmail-postgrey
+returns with
+.I 10
+telling
+.B qmail-smtpd
+to respond to the client with a SMTP
+.I 450\ greylisted
+reply code. Otherwise
+.B qmail-postgrey
+returns
+.IR 0 .
+.SH "INVOCATION"
+Unlike for testing reasons,
+.B qmail-postgrey
+is called directly from
+.B qmail-smtpd
+in case the environment variable
+.I POSTGREY
+is defined and provissioned with the greylisting
+server's IP address (and perhaps netid and port)
+listening there.
+
+The environment variable
+.I POSTGREY
+is typically defined within
+.B sslserver\'s
+.IR cdb .
+Additionally,
+.I REPLY_GREYLISTED
+can be used as environment variable
+to provide some more descriptive
+information to the sending MTA which will eventually
+be visible in a bounce message.
+.SH "CREDITS"
+.B qmail-postgrey
+and its integration into
+.B qmail-smtpd
+is based on
+.I Jan\ Mojzis
+implementation and used by permission.
+.SH "SEE ALSO"
+qmail-control(5),
+qmail-smtpd(8),
+https://postgrey.schweikert.ch
diff --git a/man/qmail-pw2u.9 b/man/qmail-pw2u.9
new file mode 100644
index 0000000..269d1f4
--- /dev/null
+++ b/man/qmail-pw2u.9
@@ -0,0 +1,241 @@
+.TH s/qmail: qmail-pw2u 8
+.SH NAME
+qmail-pw2u \- build address assignments from a passwd file
+.SH SYNOPSIS
+.B qmail-pw2u
+[
+.B \-/ohHuUC
+]
+[
+.B \-c\fIchar
+]
+.SH DESCRIPTION
+.B qmail-pw2u
+reads a V7-format passwd file from standard input
+and prints a
+.BR qmail-users -format
+assignment file.
+
+A V7-format passwd file is a series of lines.
+Each line has the format
+
+.EX
+ user:password:uid:gid:gecos:home:shell
+.EE
+
+where
+.I user
+is an account name,
+.I uid
+and
+.I gid
+are the user id and group id of that account,
+and
+.I home
+is the account's home directory.
+.IR password ,
+.IR gecos ,
+and
+.I shell
+are ignored by
+.BR qmail-pw2u .
+
+If you put the output of
+.B qmail-pw2u
+into
+.BR SQMAIL/users/assign ,
+and then run
+.BR qmail-newu ,
+.B qmail-lspawn
+will obey the assignments printed by
+.BR qmail-pw2u .
+.B WARNING:
+After changing any users, uids, gids, or home directories
+in your passwd file,
+you must run
+.B qmail-pw2u
+and
+.B qmail-newu
+again if you want
+.B qmail-lspawn
+to see the changes.
+.SH RULES
+By default,
+.B qmail-pw2u
+follows the same rules as
+.BR qmail-getpw .
+It skips
+.I user
+if (1)
+.I uid
+is zero,
+(2)
+.I home
+does not exist,
+(3)
+.I user
+does not own
+.IR home ,
+or
+(4)
+.I user
+contains uppercase letters.
+It then gives each remaining
+.I user
+control over the basic
+.I user
+address and
+all addresses of the form
+.IR user\fBBREAK\fIanything .
+A catch-all user,
+.BR alias ,
+controls all other addresses.
+
+You may change these rules by setting up files in
+.BR SQMAIL/users :
+.TP
+.B include
+Allowed users, one per line.
+If
+.B include
+exists, and
+.I user
+is not listed in
+.BR include ,
+.I user
+is ignored.
+.TP
+.B exclude
+Ignored users, one per line.
+If
+.B exclude
+exists, and
+.I user
+is listed in
+.BR exclude ,
+.I user
+is ignored.
+.TP
+.B mailnames
+Replacement names for users.
+Each line has the form
+
+.EX
+ user:mailname1:mailname2:...
+.EE
+
+The addresses
+.I mailname1
+and
+.I mailname1\fBBREAK\fIext
+and
+.I mailname2
+and so on will be delivered
+to
+.IR user .
+
+.B WARNING:
+The addresses
+.I user
+and
+.I user\fBBREAK\fIext
+will not be delivered to
+.I user
+unless
+.I user
+is listed as one of the
+.IR mailname s.
+
+A line in
+.B mailnames
+is silently ignored if the user does not exist.
+.TP
+.B subusers
+Extra addresses.
+Each line has the form
+
+.EX
+ sub:user:pre:
+.EE
+
+.I sub
+will be handled by
+.IR home\fB/.qmail\-\fIpre ,
+where
+.I home
+is
+.IR user 's
+home directory;
+.I sub\fBBREAK\fIext
+will be handled by
+.IR home\fB/.qmail\-\fIpre\fB\-\fIext .
+.TP
+.B append
+Extra assignments,
+printed at the end of
+.BR qmail-pw2u 's
+output.
+.SH OPTIONS
+.TP
+.B \-o
+(Default.)
+Skip
+.I user
+if
+.I home
+does not exist (or is not visible to
+.BR qmail-pw2u ).
+Skip
+.I user
+if
+.I home
+is not owned by
+.IR user .
+.TP
+.B \-h
+Stop if
+.I home
+does not exist.
+This is appropriate if every user is supposed to have a home directory.
+Skip
+.I user
+if
+.I home
+is not owned by
+.IR user .
+.TP
+.B \-H
+Do not check the existence or ownership of
+.IR home .
+.TP
+.B \-U
+(Default.)
+Skip
+.I user
+if there are any uppercase letters in
+.IR user .
+.TP
+.B \-u
+Allow uppercase letters in
+.IR user .
+.TP
+.B \-c\fIchar
+Use
+.I char
+as the user-extension delimiter
+in place of
+.BR BREAK .
+.TP
+.B \-C
+Disable the user-extension mechanism.
+.TP
+.B \-/
+Use
+.IR home\fB/.qmail\-/ ...
+instead of
+.IR home\fB/.qmail\- ...
+.SH "SEE ALSO"
+qmail-users(5),
+qmail-lspawn(8),
+qmail-newu(8),
+qmail-getpw(8)
diff --git a/man/qmail-qmaint.8 b/man/qmail-qmaint.8
new file mode 100644
index 0000000..54342b4
--- /dev/null
+++ b/man/qmail-qmaint.8
@@ -0,0 +1,65 @@
+.TH s/qmail: qmail-qmaint 8
+.SH NAME
+qmail-qmaint \- queue maintenance
+.SH SYNOPSIS
+.B qmail-qmaint
+[
+.I -i
+]
+|
+[
+.I -d messid
+]
+.SH DESCRIPTION
+.B qmail-qmaint
+inspects
+.B s/qmail's
+queue and validates its consistancy.
+In
+.I -i
+interactive mode, individual fixes
+can be commanded.
+Queue maintanence also allows to remove
+particular messages from the queue referencing their
+.I messid
+as given by
+.B qmail-qread
+(without the leading pound sign '#') by means of
+.IR -d\ messid .
+Here, only pre-processed and bounce messages are taken
+into consideration.
+
+.B qmail-qmaint
+must be run either as root or with user id
+.I qmails
+and group id
+.IR sqmail .
+.SH "WARNING"
+It is strongly advised to use
+.B qmail-qmaint
+only in case
+.B qmail-send
+was shut down before. Queue inspection on a `sane` queue
+is however none-destructive.
+.SH "EXIT CODES"
+.B qmail-qmaint
+unlike
+.B qmail-queue
+prints diagnostics messages.
+It exits
+0 if
+it has successfully inspected the queue
+or the message has been deleted.
+It may exit
+99 in case of a warning, or
+100 if an operation can not be completed, or
+110 if a directory can not be accessed.
+.SH "SEE ALSO"
+qmail-qstat(8),
+qmail-qread(8),
+qmail-send(8),
+qmail-queue(9)
+.SH "CREDITS"
+.B qmail-qmaint
+is based on the program 'queue-fix'
+written be Eric Huss.
diff --git a/man/qmail-qmqpc.8 b/man/qmail-qmqpc.8
new file mode 100644
index 0000000..5a04e38
--- /dev/null
+++ b/man/qmail-qmqpc.8
@@ -0,0 +1,37 @@
+.TH s/qmail: qmail-qmqpc 8
+.SH NAME
+qmail-qmqpc \- queue a mail message via QMQP
+.SH SYNOPSIS
+.B qmail-qmqpc
+.SH DESCRIPTION
+.B qmail-qmqpc
+offers the same interface as
+.BR qmail-queue ,
+but it gives the message to a QMQP server
+instead of storing it locally.
+
+In a
+.B mini-qmail
+installation,
+.B qmail-queue
+is replaced with a symbolic link to
+.BR qmail-qmqpc .
+.SH "CONTROL FILES"
+.TP 5
+.I qmqpservers
+IP addresses of QMQP servers, one address per line and eventually
+include the name of the interface to bind to for IPv6 LLUs:
+
+.EX
+ 192.168.1.1
+ 2001:fefe::31
+ fe80::fefe:1%eth0
+.EE
+
+.B qmail-qmqpc
+will try each address in turn until it establishes a QMQP connection
+or runs out of addresses.
+.SH "SEE ALSO"
+qmail-control(5),
+qmail-queue(8),
+qmail-qmqpd(8)
diff --git a/man/qmail-qmqpd.8 b/man/qmail-qmqpd.8
new file mode 100644
index 0000000..1913a7e
--- /dev/null
+++ b/man/qmail-qmqpd.8
@@ -0,0 +1,25 @@
+.TH s/qmail: qmail-qmqpd 8
+.SH NAME
+qmail-qmqpd \- receive mail via QMQP
+.SH SYNOPSIS
+.B qmail-qmqpd
+.SH DESCRIPTION
+.B qmail-qmqpd
+receives mail messages via the Quick Mail Queueing Protocol (QMQP)
+and invokes
+.B qmail-queue
+to deposit them into the outgoing queue.
+.B qmail-qmqpd
+must be supplied several environment variables;
+see
+.BR tcp-environ(5) .
+
+.B qmail-qmqpd
+will relay messages to any destination.
+It should be invoked only for connections from preauthorized users.
+.SH "SEE ALSO"
+tcpserver(1),
+sslserver(1),
+tcp-environ(5),
+qmail-qmqpc(8),
+qmail-queue(8)
diff --git a/man/qmail-qmtpd.8 b/man/qmail-qmtpd.8
new file mode 100644
index 0000000..545ea8c
--- /dev/null
+++ b/man/qmail-qmtpd.8
@@ -0,0 +1,36 @@
+.TH s/qmail: qmail-qmtpd 8
+.SH NAME
+qmail-qmtpd \- receive mail via QMTP/QMTPS
+.SH SYNOPSIS
+.B qmail-qmtpd
+.SH DESCRIPTION
+.B qmail-qmtpd
+receives mail messages via the Quick Mail Transfer Protocol (QMTP)
+or the TLS secured QMTP (QMTPS) version
+and invokes
+.B qmail-queue
+to deposit them into the outgoing queue.
+.B qmail-qmtpd
+must be supplied several environment variables;
+see
+.BR tcp-environ(5) .
+In case a valid X.509 client certificate is recognized,
+QMTPS enables
+.I relaying
+of mail messages.
+
+.B qmail-qmtpd
+supports the
+.IR rcpthosts ,
+.IR morercpthosts ,
+.BR RELAYCLIENT ,
+.IR databytes ,
+and
+.B DATABYTES
+mechanisms described in
+.BR qmail-smtpd(8) .
+.SH "SEE ALSO"
+tcp-environ(5),
+qmail-control(5),
+qmail-queue(8),
+qmail-smtpd(8)
diff --git a/man/qmail-qread.8 b/man/qmail-qread.8
new file mode 100644
index 0000000..5774f6b
--- /dev/null
+++ b/man/qmail-qread.8
@@ -0,0 +1,25 @@
+.TH s/qmail: qmail-qread 8
+.SH NAME
+qmail-qread \- list outgoing messages and recipients
+.SH SYNOPSIS
+.B qmail-qread
+.SH DESCRIPTION
+.B qmail-qread
+scans the outgoing queue of messages.
+For each message it prints various human-readable information,
+including the date the message entered the queue,
+the number of bytes in the message,
+the message sender,
+and all the recipients still under consideration.
+
+.B qmail-qread
+must be run either as
+.B root
+or with user id
+.B qmails
+and group id
+.BR sqmail .
+.SH "SEE ALSO"
+qmail-qstat(8),
+qmail-qmaint(8),
+qmail-send(8)
diff --git a/man/qmail-qstat.8 b/man/qmail-qstat.8
new file mode 100644
index 0000000..e21068a
--- /dev/null
+++ b/man/qmail-qstat.8
@@ -0,0 +1,18 @@
+.TH s/qmail: qmail-qstat 8
+.SH NAME
+qmail-qstat \- summarize status of mail queue
+.SH SYNOPSIS
+.B qmail-qstat
+.SH DESCRIPTION
+.B qmail-qstat
+gives a human-readable breakdown
+of the number of messages at various spots in the mail queue.
+
+.B qmail-qstat
+must be run either as
+.B root
+or with group id
+.BR sqmail .
+.SH "SEE ALSO"
+qmail-qread(8),
+qmail-send(8)
diff --git a/man/qmail-queue.8 b/man/qmail-queue.8
new file mode 100644
index 0000000..b025c95
--- /dev/null
+++ b/man/qmail-queue.8
@@ -0,0 +1,199 @@
+.TH s/qmail: qmail-queue 8
+.SH NAME
+qmail-queue \- queue a mail message for delivery
+.SH SYNOPSIS
+.B qmail-queue
+.SH DESCRIPTION
+.B qmail-queue
+reads a mail message from descriptor 0.
+It then reads envelope information from descriptor 1.
+It places the message into the outgoing queue
+for future delivery by
+.BR qmail-send .
+
+The envelope information is
+an envelope sender address
+followed by a list of envelope recipient addresses.
+The sender address is preceded by the letter F
+and terminated by a 0 byte.
+Each recipient address is preceded by the letter T
+and terminated by a 0 byte.
+The list of recipient addresses is terminated by an extra 0 byte.
+If
+.B qmail-queue
+sees end-of-file before the extra 0 byte,
+it aborts without placing the message into the queue.
+
+Every envelope recipient address
+should contain a username,
+an @ sign,
+and a fully qualified domain name.
+
+.B qmail-queue
+always adds a
+.B Received
+line to the top of the message.
+Other than this,
+.B qmail-queue
+does not inspect the message
+and does not enforce any restrictions on its contents.
+However, the recipients probably expect to see a proper header,
+as described in
+.BR qmail-header(5) .
+
+Programs included with qmail which invoke
+.B qmail-queue
+will invoke the contents of
+.B QMAILQUEUE
+instead, if that environment variable is set.
+.SH "FILESYSTEM RESTRICTIONS"
+.B qmail-queue
+imposes two constraints on the queue structure:
+each
+.B mess
+subdirectory must be in the same filesystem as the
+.B pid
+directory; and each
+.B todo
+subdirectory must be in the same filesystem as the
+.B intd
+directory.
+.SH "EXIT CODES"
+.B qmail-queue
+does not print diagnostics.
+It exits
+0 if
+it has successfully queued the message.
+It exits between 1 and 99 if
+it has failed to queue the message.
+
+All
+.B qmail-queue
+error codes between 11 and 40
+indicate permanent errors:
+.TP 5
+.B 11
+Address too long.
+.TP
+.B 31
+Mail server permanently refuses to send the message to any recipients.
+(Not used by
+.BR qmail-queue),
+.TP
+.B 32
+Mail server does not accept the message.
+(The message includes an identified virus.)
+.TP
+.B 33
+Mail server does not accept the message.
+(The message is identified as spam.)
+.TP
+.B 34
+Mail server does not accept the message.
+(The message carries an invalid MIME attachment.)
+.PP
+All other
+.B qmail-queue
+error codes indicate temporary errors:
+.TP 5
+.B 51
+Out of memory.
+.TP
+.B 52
+Timeout.
+.TP
+.B 53
+Write error; e.g., disk full.
+.TP
+.B 54
+Unable to read the message or envelope.
+.TP
+.B 55
+Unable to read a configuration file.
+The virus scanner called via the
+.BR QHPSI
+returned with return code other then
+0 or QHPSIRC.
+.TP
+.B 56
+Problem making a network connection from this host.
+(Not used by
+.BR qmail-queue .)
+.TP
+.B 61
+Problem with the qmail home directory.
+.TP
+.B 62
+Problem with the queue directory.
+.TP
+.B 63
+Problem with queue/pid.
+.TP
+.B 64
+Problem with queue/mess.
+.TP
+.B 65
+Problem with queue/intd.
+.TP
+.B 66
+Problem with queue/todo.
+.TP
+.B 71
+Mail server temporarily refuses to send the message to any recipients.
+(Not used by
+.BR qmail-queue .)
+.TP
+.B 72
+Connection to mail server timed out.
+(Not used by
+.BR qmail-queue .)
+.TP
+.B 73
+Connection to mail server rejected.
+(Not used by
+.BR qmail-queue .)
+.TP
+.B 74
+Connection to mail server succeeded,
+but communication failed.
+(Not used by
+.BR qmail-queue .)
+.TP
+.B 81
+Internal bug; e.g., segmentation fault.
+.TP
+.B 91
+Envelope format error.
+.SH "QHPSI ARGUMENTS"
+The Qmail High Performance Scanner interface QHPSI allows
+.B qmail-queue
+to read up to seven arguments taken from the environment to be used
+as a call-interface for an external virus scanner:
+.TP 5
+.B QHPSI
+is set to the file name of the virus scanner, ie. QHPSI='/usr/local/bin/clamscan'.
+The path can be omitted, if the virus scanner is in the default path.
+.TP
+.B QHPSIARG1...3
+Optional additional arguments can be included here, ie. QHPSIARG1="--verbose".
+Useful to suppress output in case an email is
+clean and to enable mailbox support for the virus scanner.
+.TP
+.B QHPSIRC
+To specify the return code of the virus scanner in case of an infection; default is 1.
+.TP
+.B QHPSIMINSIZE
+The minimal size of the message to invoke the virus scanner; default is 0.
+A typical choice would be QHPSIMINSIZE=10000 (~10k).
+.TP
+.B QHPSIMAXSIZE
+The maximal size of the message to invoke the virus scanner; default is unrestricted.
+A typical choice would be QHPSIMAXSIZE=1000000 (~1M).
+.SH "SEE ALSO"
+addresses(5),
+envelopes(5),
+qmail-header(5),
+qmail-inject(8),
+qmail-qmqpc(8),
+qmail-send(8),
+qmail-smtpd(8)
diff --git a/man/qmail-recipients.9 b/man/qmail-recipients.9
new file mode 100644
index 0000000..04974fe
--- /dev/null
+++ b/man/qmail-recipients.9
@@ -0,0 +1,48 @@
+.TH s/qmail: qmail-recipients 8
+.SH NAME
+qmail-recipients \- prepare recipients for qmail-smtpd
+.SH SYNOPSIS
+.B qmail-recipients
+.SH DESCRIPTION
+.B qmail-recipients
+reads the addresses provided in
+.BR SQMAIL/users/recipients ,
+converting into lowercase, and writes them into
+.B SQMAIL/users/recipients.cdb
+in a binary format suited
+for quick access by
+.BR qmail-smtpd .
+
+If there is a problem with
+.BR users/recipients ,
+.B qmail-recipients
+complains and leaves
+.B users/recipients.cdb
+alone.
+
+.B qmail-recipients
+ensures that
+.B users/recipients.cdb
+is updated atomically,
+so
+.B qmail-smtpd
+never has to wait for
+.B qmail-recipients
+to finish.
+However,
+.B qmail-recipients
+makes no attempt to protect against two simultaneous updates of
+.BR users/recipients.cdb .
+
+The binary
+.B users/recipients.cdb
+is compatible with
+.B setforward
+generated \'fastforward\' cdbs and it's
+format is portable across machines.
+
+.SH "SEE ALSO"
+qmail-smtpd(8),
+qmail-vmailusr(8),
+setforward(8),
+fastforward(8).
diff --git a/man/qmail-remote.8 b/man/qmail-remote.8
new file mode 100644
index 0000000..363c972
--- /dev/null
+++ b/man/qmail-remote.8
@@ -0,0 +1,806 @@
+.TH s/qmail: qmail-remote 8
+.SH NAME
+qmail-remote \- send mail via SMTP(S) or QMTP(S)
+.SH SYNOPSIS
+.B qmail-remote
+.I host
+.I sender
+.I recip
+[
+.I recip ...
+]
+.SH DESCRIPTION
+.B qmail-remote
+reads a mail message from its input
+and sends the message
+to one or more recipients
+at a remote host.
+
+The remote host is
+.BR qmail-remote 's
+first argument,
+.IR host .
+.B qmail-remote
+sends the message to
+.IR host ,
+or to a mail exchanger for
+.I host
+listed in the Domain Name System,
+via the Simple Mail Transfer Protocol (SMTP/ESMTP)
+perhaps encrypted via STARTTLS/TLS
+or the Quick Mail Transfer Protocol (QMTP/QMTPS).
+Prior of setting up a TLS connection,
+.B qmail-remote
+will lookup automatically the corresponding TLSA
+record in the DNS and uses this for X.509 certificate
+validation.
+.I host
+can be either a fully-qualified domain name:
+
+.EX
+ silverton.berkeley.edu
+.EE
+
+or an IPv4 or IPv6 address enclosed in brackets:
+
+.EX
+ [128.32.183.163]
+ [2001::163]
+.EE
+
+In case the primary mail exchanger for that Domain
+will issue a 5xy reply message during the connection,
+.B qmail-remote
+will contact all responsible mail exchangers in turn
+in order to deliver the message anyway.
+
+The envelope recipient addresses are listed as
+.I recip
+arguments to
+.BR qmail-remote .
+The envelope sender address is listed as
+.I sender\fP.
+
+In case the remote host issues the EHLO SIZE extension,
+.I qmail-remote
+will handover the size of the message (in byte)
+prior of transmission and respects the remote host's reply code.
+
+Note that
+.B qmail-remote
+does not take options
+and does not follow the
+.B getopt
+standard.
+.SH "TRANSPARENCY"
+End-of-file in SMTP is encoded as dot CR LF.
+A dot at the beginning of a line is encoded as dot dot.
+It is impossible in SMTP to send a message that does not end with a newline.
+.B qmail-remote
+respects SMTPUTF8 and EAI addresses
+and converts the UNIX newline convention into the
+SMTP newline convention by inserting CR before each LF.
+
+.SH "RESULTS"
+.B qmail-remote
+prints some number of
+.I recipient reports\fP,
+followed by a
+.I message report\fR.
+Each report is terminated by a 0 byte.
+Each report begins with a single letter:
+.TP 5
+r
+Recipient report: acceptance.
+.TP 5
+h
+Recipient report: permanent rejection.
+.TP 5
+s
+Recipient report: temporary rejection.
+.TP 5
+K
+Message report: success.
+.I host
+has taken responsibility for delivering the message to each
+acceptable recipient.
+.TP 5
+Z
+Message report: greylisted or temporary failure.
+.TP 5
+D
+Message report: permanent failure.
+.PP
+After this letter comes a human-readable description of
+what happened.
+
+.B qmail-remote
+may use SMTP Authenticaton to connect to remote hosts.
+The following reports are provided:
+.TP 5
+K
+no supported AUTH s/qmail: method found, continuing without authentication.
+.TP 5
+Z
+Connected to
+.I host
+but authentication was rejected (AUTH s/qmail: PLAIN).
+.TP 5
+Z
+Connected to
+.I host
+but unable to base64encode (plain).
+.TP 5
+Z
+Connected to
+.I host
+but authentication was rejected (plain).
+.TP 5
+Z
+Connected to
+.I host
+but authentication was rejected (AUTH s/qmail: LOGIN).
+.TP 5
+Z
+Connected to
+.I host
+but unable to base64encode user.
+.TP 5
+Z
+Connected to
+.I host
+but authentication was rejected (username).
+.TP 5
+Z
+Connected to
+.I host
+but unable to base64encode pass.
+.TP 5
+Z
+Connected to
+.I host
+but authentication was rejected (AUTH s/qmail: CRAM-MD5).
+.TP 5
+Z
+Connected to
+.I host
+but unable to base64decode challenge.
+.TP 5
+Z
+Connected to
+.I host
+but unable to base64encode username+digest.
+.TP 5
+Z
+Connected to
+.I host
+but authentication was rejected (username+digest).
+.PP
+The recipient reports will always be printed in the same order as
+.BR qmail-remote 's
+.I recip
+arguments.
+Note that in failure cases there may be fewer
+recipient reports
+than
+.I recip
+arguments.
+.PP
+In case a CNAME can not be resovled
+.B qmail-remote
+issues the following message:
+.TP 5
+Z
+CNAME lookup failed temporarily for:
+.IR host .
+.PP
+If a SMTP connection is bound to a none-existing IP address
+.B qmail-remote
+will complain with the message:
+.TP 5
+Z
+System resources temporarily unavailable.
+.TP 5
+Z
+System can't bind to local ip address:
+.IR ip .
+.PP
+In case a QMTP connection can not be established
+.B qmail-remote
+will issue the error message:
+.TP 5
+Z
+recipient
+.I host
+did not talk proper QMTP.
+.PP
+On demand
+.B qmail-remote
+supports TLS/STARTTLS and will log the following notifications:
+.TP 5
+K
+TLS transmitted message accepted
+.TP 5
+K
+TLS (verfied CA) transmitted message accepted
+.TP 5
+K
+TLS (verified CA+DN*) transmitted message accepted
+.TP 5
+K
+TLS (verified CA+DN) transmitted message accepted
+.TP 5
+K
+TLS (CERT pinning) transmitted message accepted
+.TP 5
+K
+TLS (TLSA validated) transmitted message accepted
+.PP
+.B qmail-remote
+needs to read some X.509 certificates and key files
+prior of setting up a TLS connection. Failures are indicated as:
+.TP 5
+Z
+Can't load X.509 certificate:
+.IR certfile .
+.TP 5
+Z
+Can't load X.509 private key:
+.IR keyfile .
+.TP 5
+Z
+Keyfile does not match X.509 certificate:
+.IR password .
+.TP 5
+Z
+I wasn't able to process the TLS ciphers:
+.IR ciphers .
+.TP 5
+Z
+I wasn't able to setup CAFILE:
+.I cafile
+or CADIR:
+.I cadir
+for TLS.
+.PP
+Connection problems for TLS are not uncommon.
+Here,
+.I host
+is the domain or host to connect with and
+.I remotehost
+is the corresponding MX.
+.B
+qmail-remote
+provides the following diagnostic messages:
+.TP 5
+Z
+I wasn't able to create TLS context for:
+.I host
+at
+.IR remotehost .
+.TP 5
+Z
+I wasn't able to establish a TLS connection with:
+.I remotehost
+for
+.IR host .
+.TP 5
+Z
+TLS connection/protocol error with host:
+.I remotehost
+for
+.IR host .
+.TP 5
+Z
+I wasn't able to negotiate a StartTLS connection with:
+.I remotehost
+for
+.IR host .
+.PP
+For each MX to reach via TLS,
+.B qmail-remote
+performs an automatic TLSA lookup comparing the received
+X.509 fingerprints with the issued cert during the TLS handshake.
+X.509 certificate checks can also been performed. Failures here
+are given as:
+.TP 5
+Z
+Unable to obtain X.500 certificate from:
+.I remotehost
+for
+.IR host .
+.TP 5
+Z
+Unable to validate X.500 certificate Subject for:
+.I host
+at
+.IR remotehost .
+.TP 5
+Z
+TLSA X.509 cert required but missing from:
+.I remotehost
+for
+.IR host .
+.TP 5
+Z
+Received X.500 certificate from:
+.I remotehost
+for
+.I host
+does not match provided fingerprint:
+.IR hashvalue .
+.TP 5
+Z
+Received X.500 certificate from:
+.I remotehost
+for
+.I host
+posses an unknown digest method.
+.PP
+.SH "CONTROL FILES"
+.TP 5
+.I authsenders
+Authenticated sender.
+For each
+.I sender
+included in
+.IR authsenders :
+.I sender\fB:\fIrelay\fB;\fI[s]port\fB|\fIuser\fB|\fIpassword
+.B qmail-remote
+will try SMTP Authentication
+of type CRAM-MD5, LOGIN, or PLAIN
+with the provided user name
+.I user
+and password
+.I password
+(the authentication information)
+and eventually relay the
+mail through
+.I relay
+on port
+.IR port .
+If
+.I port
+is given als or prepended with
+.I s
+like
+.I s587
+\'implicit TLS\' is used omitting StartTLS upon connection.
+The use of
+.I relay
+and
+.I port
+follows the same rules as for
+.IR smtproutes
+Note: In case
+.I sender
+is empty,
+.B qmail-remote
+will try to deliver each outgoing mail
+SMTP authenticated. If the authentication
+information is missing, the mail is
+delivered none-authenticated.
+.I authsenders
+can be constructed as follows:
+
+.EX
+ @example.com:relay.example.com|user|passwd
+ info@example.com:relay.example.com;26|infouser|infopasswd
+ :mailrelay.example.com|e=mc2|testpass
+.EE
+.TP 5
+.I domaincerts
+In case
+.B qmail-remote
+needs to present a client certificate to the server
+(for authentication purposes) the PEM encoded
+X.509 certificate can be provided per sending domain:
+.IR domain\fB:\fIcertificate\fB|\fIkeyfile\fB|\fIpassword .
+If
+.I domain
+equals '*' this
+.I certificate
+is used as default.
+The file
+.I certificate
+may include the private key, thus
+.I keyfile
+can be omitted. Additionally, the private key can be protected with a
+.IR password .
+
+.TP 5
+.I domainips
+IP addresses to be used for outgoing connections.
+Each line has the form
+.IR domain\fB:\fIlocalip(%ifname)\fB|\fIhelohost ,
+without any extra spaces.
+If
+.I domain
+matches the domain part in
+.IR sender ,
+.B qmail-remote
+will bind to
+.IR localip
+when connecting to
+.IR host .
+LLU IPv6 addresses need to be appended with the binding
+.IR ifname
+following
+.IR localip
+with a '%'.
+If it matches, it will set the provided HELO string as greeting;
+otherwise, it will use the default.
+.I domain
+can be the wildcard
+.I *
+in which case
+.B qmail-remote
+binds to the provided address for any sender domain name.
+.TP 5
+.I helohost
+Current host name,
+for use solely in saying ehlo/hello to the remote SMTP server.
+Default:
+.IR me ,
+if that is supplied;
+otherwise
+.B qmail-remote
+refuses to run.
+.TP 5
+.I qmtproutes
+Additional QMTP routes which have precedence over
+.IR smtproutes .
+QMTP routes should obey the form
+.IR domain\fB:\fIrelay\fB;\fIport ,
+without any extra spaces.
+.I qmtproutes
+follows the same syntax as
+.IR smtproutes .
+By default,
+.B qmail-remote
+connects to QMTP service port 209. However
+you can chose a dedicated high-port for QMTP communication
+as defined in
+.IR qmtproutes .
+In case the QMTP port is chosen to be
+.I 6209
+the TLS secured QMTPS protocol will be used,
+irrespectively of the settings in
+.IR tlsdestinations .
+.TP 5
+.I smtproutes
+Artificial SMTP routes.
+Each route has the well-known form
+.I domain\fB:\fIrelay
+or the enhanced syntax
+.I domain\fB:\fIrelay;\fI[s]port\fB|\fIuser\fB|\fIpassword|localip
+without any extra spaces.
+If
+.I domain
+matches
+.IR host ,
+.B qmail-remote
+will connect to
+.IR relay ,
+as if
+.I host
+had
+.I relay
+as its only MX.
+(It will also avoid doing any CNAME lookups on
+.IR recip .)
+.I host
+may include a semi-colon and a port number to use instead of the
+normal SMTP port, 25.
+If
+.I port
+is given as or prepended with
+.I s
+\'implicit TLS\' is assumed.
+In case, a userid and password is
+present,
+.B qmail-remote
+will try a SMTP authenticated session:
+
+.EX
+ inside.af.mil:firewall.af.mil;26
+ :submission.myrelay.com;s587|myuserid|mypasswd
+.EE
+
+However,
+.I authsenders
+routes have precedence.
+
+.I relay
+may be empty;
+this tells
+.B qmail-remote
+to look up MX records as usual.
+.I smtproutes
+may include wildcards:
+
+.EX
+ .af.mil:
+ :heaven.af.mil
+.EE
+
+Here
+any address ending with
+.B .af.mil
+(but not
+.B af.mil
+itself)
+is routed by its MX records;
+any other address is artificially routed to
+.BR heaven.af.mil .
+
+The outgoing IP address used by
+.B qmail-remote
+can be specified:
+
+.EX
+ :bouncehost.org||10.1.1.0
+ :partnermx.net;42||2001::fefe
+.EE
+
+Note:
+.I localip
+can be private IP address subject of NAT'ing.
+
+Additionally,
+.I smtproutes
+allows to forward bounces (with a 'Nullsender' MAIL FROM: <>)
+literally expressed as '!@'
+to a particular bounce host:
+
+.EX
+ !@:bouncehost.af.mil;27
+.EE
+
+The
+.B qmail
+system does not protect you if you create an artificial
+mail loop between machines.
+However,
+you are always safe using
+.I smtproutes
+if you do not accept mail from the network.
+.TP 5
+.I timeoutconnect
+Number of seconds
+.B qmail-remote
+will wait for the remote SMTP server to accept a connection.
+Default: 60.
+The kernel normally imposes a 75-second upper limit.
+.TP 5
+.I timeoutremote
+Number of seconds
+.B qmail-remote
+will wait for each response from the remote SMTP server.
+Default: 1200.
+.TP 5
+.I tlsdestinations
+If present, this file advices
+.B qmail-remote
+to use TLS (optionally or mandatory) encryption for specific destination domains
+as provided by the forward-path and to validate/verify
+the server certificate perhaps for a particular sender's domain:
+.I destination:cafile|ciphers|verifydepth;[s]port|domain
+or
+.IR destination:=fingerprint|ciphers|verifydepth;[s]port|domain .
+Unless explicitely configured,
+.B qmail-remote
+accepts any or no certificate provided by the server (opportunistic encryption)
+using the following (single character) rules:
+
+.EX
+ (0) *: # Enable TLS but fallback to NOTLS (default);
+ server authentication is optional, given further settings
+.EE
+
+Special settings:
+
+.EX
+ (1) ?: # fallthru to no TLS in case of TLS protocol errors (exceptional)
+ (2) -: # allow anonymous connections
+ (3) /: # disable TLSA lookup and verification
+.EE
+
+Double character rules instruct
+.B qmail-remote
+to require a STARTTLS or SMTPS connection (mandatory TLS):
+
+.EX
+ (4) -*: # at least anonymous connections
+ (5) +*: # require and validate X.509 certs
+ (6) ~*: # cert + validate SAN/DN, however accept wildcard certs and partial matching
+ (7) =*: # cert + validate SAN/DN against FQDN
+ (8) /*: # don't do TSLA lookup and X.509 matching
+.EE
+
+Additionally,
+.B qmail-remote
+can be told to use per-domain connection settings:
+
+.EX
+ (9) example.com:
+ (10) securityfirst.com:/etc/ssl/cafile|!SSLv2:HIGH
+ (11) remote.com:/etc/ssl/certdir/||3;465
+ (12) mx.partner.com:/etc/ssl/partnerca||2|mydomain.net
+ (13) =mx.myfriend.com:/etc/ssl/cacert||4
+ (14) ~wildneighbor.net:
+ (15) -adhonlydomain.com:||aNULL:!kRSA
+ (16) %peer.partner.com:=E44194C56EF.....
+ (17) !nosslhost.example.com:
+ (18) hiddenpartner.org:;35
+ (19) ?tlsold.net:
+ (20) /nodane.org:
+.EE
+
+The ninth line requires from
+.B qmail-remote
+to demand a STARTTLS connection for any destination
+address targeting domain
+.IR example.com .
+
+The tenth line accepts STARTTLS connections
+for
+.I securityfirst.com
+only, if the X.509 certificate can be verified against
+the CA cert as provided via
+.I /etc/ssl/cafile
+and with the acceptable ciphers
+.IR SSLv2:HIGH .
+
+Line number eleven tells
+.B qmail-remote
+to use a
+.I SMTPS
+connection on port
+.I 465
+to any host at
+.I remote.com
+and accept this host only, if the peer's cert
+can be validated against the CA certs available
+in
+.I /etc/ssl/certdir/
+and does not exceed a verification depth of
+.IR 3 .
+
+Line twelve shows an example, how
+.I tlsdestinations
+can be bound exclusively to a sender domain. In the shown case,
+only if
+.I mx.mydomain.net
+is used as sender domain,
+a connection for the destination address
+.I mx.partner.com
+is mandatory secured by TLS with a CA cert available as
+.I /etc/ssl/partnerca
+with a verification depth of
+.IR 2 .
+
+Furthermore, the sample on line thirteen demonstrates the case where
+.B qmail-remote
+sees a destination address concatinated with
+.IR = .
+Now it will only accept the certificate,
+if the X.509's DN can be validated
+against the FQDN of the server (by means of a DNS lookup)
+and it verifies against the
+.IR cacert
+CA certificate and does not exceed a verification depth of
+.IR 1 .
+
+In case a certain
+.I destination
+may use 'wildcard' domain names in the SAN/DN,
+.B qmail-remote
+can cope with this (line fourteeen)
+prepending the destination with a '~':
+.IR ~wildneighor.net .
+This mechanism also supports partial matching
+of SAN/DN and domain name.
+
+In the same sense (line fiveteen),
+.B qmail-remote
+may accept TLS connections based on Anonymous DH (ADH)
+- where the server does not provide a cert for authentication -
+once the domain name is prepended with a
+.I -
+as key encryption cipher and discards
+.I !RSA
+for authentication if told so.
+
+Certificate pinning for a particular
+.I %host
+indicated by the leading character '%' is shown on line sixteen.
+Instead of the CA file, now the
+.I =fingerprint
+of the peer host certificate needs to be provided.
+The X.509 fingerprint
+should prepended with an equal sign ('=') and to
+be stripped from additional colons (':'). The fingerprint
+string is evaluated case-insensitive.
+.BR qmail-remote 's
+certificate pinning supports SHA1, SHA224, SHA256, and SHA512
+digests, determined by the length of the fingerprint given.
+
+Note, that in this case, no TLSA validation is performed;
+it is thus a 'silent' verification'.
+.B qmail-remote
+can be instructed to omit the STARTTLS command for the recipient address
+.I nosslhost.example.com
+as indicated with a leading
+.I !
+as shown on line seventeen. This behavior can be relaxed (line nineteen) using
+.I ?
+followed by a colon, a host, or domain name. Now
+.B qmail-remote
+will initally try a TLS connection by however is alllowed to switch back
+to none-encryption mode, in case this is not possible due
+protocol reasons.
+
+.B qmail-remote
+allows an \'implicit TLS\' connection on any port, if
+.I port
+is prended with an
+.I s
+even without providing the port.
+
+In case, no particular ciphers or CA certs are
+required, a colon/semi-colon ':;' can be used as shortcut (line eighteen).
+Generally, any port can be provided after the semi-colon.
+If however,
+.I port
+equals
+.IR 465 ,
+SMTPS will be used instead of STARTTLS and if
+.I port
+equals
+.IR 6209 ,
+QMTPS is the chosen transport protocol.
+The settings here overrule previous instructions.
+
+Finally, TLSA lookups can be disabled, prepending a
+domain name with
+.I /
+for the target domain as shown on line twenty.
+
+Note that 'destination' is subject of the
+forwarding rules as provided by
+.IR authsenders ,
+.IR qmtproutes ,
+and
+.IR smtproutes .
+.SU "ADDENDUM"
+.B qmail-remote
+needs to read the message from a file in order
+to announce the
+.I SIZE
+in the SMTP dialogue.
+However, if called through a pipe, it will not
+provide this information to the receiving MTA.
+More severe, a delivery over
+.I QMTP(S)
+will fail.
+.SH "RETURN CODES"
+.B qmail-remote
+always exits
+.I 0
+for SMTP(S) delivery.
+In case of QMTP(S)
+.I 1
+is returned in case a buffer feed fails and
+.I 0
+otherwise.
+.SH "SEE ALSO"
+addresses(5),
+envelopes(5),
+qmail-control(5),
+qmail-send(8),
+qmail-smtpd(8),
+qmail-smtpam(8),
+qmail-dksign(8),
+qmail-dkim(8),
+qmail-tcpto(8)
diff --git a/man/qmail-rspawn.8 b/man/qmail-rspawn.8
new file mode 100644
index 0000000..71a43d7
--- /dev/null
+++ b/man/qmail-rspawn.8
@@ -0,0 +1,21 @@
+.TH s/qmail: qmail-rspawn 8
+.SH NAME
+qmail-rspawn \- schedule remote deliveries
+.SH SYNOPSIS
+.B qmail-rspawn
+.SH DESCRIPTION
+.B qmail-rspawn
+reads a series of remote delivery commands from descriptor 0,
+invokes
+.B qmail-remote
+to perform the deliveries,
+and prints the results to descriptor 1.
+
+.B qmail-rspawn
+invokes
+.B qmail-remote
+asynchronously,
+so the results may not be in the same order as the commands.
+.SH "SEE ALSO"
+qmail-send(8),
+qmail-remote(8)
diff --git a/man/qmail-send.9 b/man/qmail-send.9
new file mode 100644
index 0000000..334bfa9
--- /dev/null
+++ b/man/qmail-send.9
@@ -0,0 +1,265 @@
+.TH s/qmail: qmail-send 8
+.SH NAME
+qmail-send \- deliver mail messages from the queue
+.SH SYNOPSIS
+.B qmail-send
+.SH DESCRIPTION
+.B qmail-send
+handles messages placed into the outgoing queue by
+.BR qmail-queue .
+It uses
+.B qmail-lspawn
+to deliver messages to local recipients and
+.B qmail-rspawn
+to deliver messages to remote recipients.
+If a message is temporarily undeliverable to one or more addresses,
+.B qmail-send
+leaves it in the queue and tries the addresses again later.
+
+.B qmail-send
+prints a readable record of its activities to descriptor 0.
+It writes commands to
+.BR qmail-lspawn ,
+.BR qmail-rspawn ,
+and
+.B qmail-clean
+on descriptors 1, 3, and 5,
+and reads responses from descriptors 2, 4, and 6.
+Communication with
+.B qmail-todo
+is based on decriptors 7 and 8.
+.B qmail-send
+is responsible for avoiding deadlock.
+
+If
+.B qmail-send
+receives a TERM signal,
+it will exit cleanly, after waiting
+(possibly more than a minute)
+for current delivery attempts to finish.
+
+If
+.B qmail-send
+receives an ALRM signal,
+it will reschedule every message in the queue for immediate delivery.
+
+.SH "CONTROL FILES"
+.B WARNING:
+.B qmail-send
+reads its control files only when it starts.
+If you change the control files,
+you must stop and restart
+.BR qmail-send .
+Exception:
+If
+.B qmail-send
+receives a HUP signal,
+it will reread
+.IR locals ,
+.IR virtualdomains ,
+as well as
+.IR concurrencylocal ,
+.IR concurrencyremote ,
+and in addition
+.IR queuelifetime .
+.TP 5
+.I bouncefrom
+Bounce username.
+Default:
+.BR MAILER-DAEMON .
+.TP 5
+.I bouncehost
+Bounce host.
+Default:
+.IR me ,
+if that is supplied;
+otherwise the literal name
+.BR bouncehost ,
+which is probably not what you want.
+If a message is permanently undeliverable,
+.B qmail-send
+sends a
+.B single-bounce
+notice back to the message's envelope sender.
+The notice is
+.B From: \fIbouncefrom\fB@\fIbouncehost\fR,
+although its envelope sender is empty.
+.TP 5
+.I bouncemaxbytes
+Maximum size (in bytes) of bounce messages.
+Bounce messages exceeding this limit will be truncated.
+Default is 0; which means no limit.
+.TP 5
+.I concurrencylocal
+Maximum number of simultaneous local delivery attempts.
+Default: 10.
+If 0, local deliveries will be put on hold.
+.I concurrencylocal
+is limited at compile time to
+SPAWN.
+.TP 5
+.I concurrencyremote
+Maximum number of simultaneous remote delivery attempts.
+Default: 20.
+If 0, remote deliveries will be put on hold.
+.I concurrencyremote
+is limited at compile time to
+SPAWN.
+.TP 5
+.I doublebouncehost
+Double-bounce host.
+Default:
+.IR me ,
+if that is supplied;
+otherwise the literal name
+.BR doublebouncehost ,
+which is probably not what you want.
+.TP 5
+.I doublebounceto
+User to receive double-bounces.
+Default:
+.BR postmaster .
+If a single-bounce notice is permanently undeliverable,
+.B qmail-send
+sends a
+.B double-bounce
+notice to
+.IR doublebounceto\fB@\fIdoublebouncehost .
+(If that bounces,
+.B qmail-send
+gives up.)
+As a special case, if the first line of
+.IR doublebounceto
+contains a '@' or an empty line
+.B qmail-send
+will discard all double-bounces.
+.TP 5
+.I envnoathost
+Presumed domain name for addresses without @ signs.
+Default:
+.IR me ,
+if that is supplied;
+otherwise the literal name
+.BR envnoathost ,
+which is probably not what you want.
+If
+.B qmail-send
+sees an envelope recipient address without an @ sign,
+it appends
+.B @\fIenvnoathost\fR.
+.TP 5
+.I locals
+List of domain names that the current host
+receives mail for,
+one per line.
+Default:
+.IR me ,
+if that is supplied;
+otherwise
+.B qmail-send
+refuses to run.
+An address
+.I user@domain
+is considered local if
+.I domain
+is listed in
+.IR locals .
+.TP 5
+.I percenthack
+List of domain names where the percent hack is applied.
+If
+.I domain
+is listed in
+.IR percenthack ,
+any address of the form
+.I user%fqdn@domain
+is rewritten as
+.IR user@fqdn .
+.I user
+may contain %,
+so the percent hack may be applied repeatedly.
+.B qmail-send
+handles
+.I percenthack
+before
+.IR locals .
+.TP 5
+.I queuelifetime
+Number of seconds
+a message can stay in the queue.
+Default: 604800 (one week).
+After this time expires,
+.B qmail-send
+will try the message once more,
+but it will treat any temporary delivery failures as
+permanent failures.
+.TP 5
+.I virtualdomains
+List of virtual users or domains, one per line.
+A virtual user has the form
+.IR user\fB@\fIdomain\fB:\fIprepend ,
+without any extra spaces.
+When
+.B qmail-send
+sees the recipient address
+.IR user\fB@\fIdomain ,
+it converts it to
+.I prepend\fB-\fIuser\fB@\fIdomain
+and treats it as local.
+
+A virtual domain has the form
+.IR domain\fB:\fIprepend .
+It applies to any recipient address at
+.IR domain .
+For example, if
+
+.EX
+ nowhere.mil:joeBREAKfoo
+.EE
+
+is in
+.IR virtualdomains ,
+and a message arrives for
+.BR info@nowhere.mil ,
+.B qmail-send
+will rewrite the recipient address as
+.B joeBREAKfoo-info@nowhere.mil
+and deliver the message locally.
+
+.I virtualdomains
+may contain wildcards:
+
+.EX
+ .fax:uucpBREAKfax
+ :aliasBREAKcatchall
+ .nowhere.mil:joeBREAKfoo-host
+.EE
+
+.I virtualdomains
+may also contain exceptions:
+an empty
+.I prepend
+means that
+.I domain
+is not a virtual domain.
+
+.B qmail-send
+handles
+.I virtualdomains
+after
+.IR locals :
+if a domain is listed in
+.IR locals ,
+.I virtualdomains
+does not apply.
+.SH "SEE ALSO"
+nice(1),
+addresses(5),
+envelopes(5),
+qmail-control(5),
+qmail-log(5),
+qmail-todo(8),
+qmail-queue(8),
+qmail-clean(8),
+qmail-lspawn(8),
+qmail-rspawn(8)
diff --git a/man/qmail-showctl.8 b/man/qmail-showctl.8
new file mode 100644
index 0000000..ddd90d7
--- /dev/null
+++ b/man/qmail-showctl.8
@@ -0,0 +1,12 @@
+.TH s/qmail: qmail-showctl 8
+.SH NAME
+qmail-showctl \- analyze the qmail configuration files
+.SH SYNOPSIS
+.B qmail-showctl
+.SH DESCRIPTION
+.B qmail-showctl
+explains the current
+.B s/qmail
+configuration.
+.SH "SEE ALSO"
+qmail-control(8)
diff --git a/man/qmail-smtpam.8 b/man/qmail-smtpam.8
new file mode 100644
index 0000000..9fe8e90
--- /dev/null
+++ b/man/qmail-smtpam.8
@@ -0,0 +1,110 @@
+.TH s/qmail: qmail-smtpam 8
+.SH NAME
+qmail-smtpam \- SMTP client PAM
+.SH SYNOPSIS
+.B qmail-smtpam
+.I host
+.I [s]port
+.SH DESCRIPTION
+.B qmail-smtpam
+reads an email address from FD 3
+and tries to verify this
+connecting to the remote
+.IR host
+on
+.IR port .
+If
+.I port
+starts is
+.I s
+\'implicit TLS\' ist used on that port.
+In a standard SMTP dialog,
+.B qmail-smtpam
+supplies the HELO greeting,
+a MAIL FROM: <> address, and
+the purported RCPT TO: <address>.
+.SH "CONTROL FILES"
+.TP 5
+.I domainips
+IP addresses to be used on outgoing connections.
+Each line has the form
+.IR domain\fB:\fIlocalip(%ifname)\fB|\fIhelohost ,
+without any extra spaces.
+If
+.I domain
+matches the domain part in
+.IR sender ,
+.B qmail-smtpam
+will bind to
+.IR localip
+when connecting to
+.IR host .
+LLU IPv6 addresses need to be appended with the binding
+.IR ifname
+following
+.IR localip
+with a '%'.
+If it matches, it will set the provided HELO string as greeting;
+otherwise, it will use the default.
+.TP 5
+.I helohost
+Current host name,
+for use solely in saying hello to the remote SMTP server.
+Default:
+.IR me ,
+if that is supplied;
+otherwise
+.B qmail-smtpam
+refuses to run.
+.TP 5
+.I timeoutconnect
+Number of seconds
+.B qmail-smtpam
+will wait for the remote SMTP server to accept a connection.
+Default: 60.
+The kernel normally imposes a 75-second upper limit.
+.TP 5
+.I timeoutremote
+Number of seconds
+.B qmail-smtpam
+will wait for each response from the remote SMTP server.
+Default: 1200.
+.TP 5
+.I tlsdestinations
+If present, this file advices
+.B qmail-smtpam
+to use TLS encryption for specific destination domains
+as provided by the forward-path and perhaps to validate/verify
+the domain's server certificate:
+.IR destination:cafile|verifydepth;[s]port|ciphers|domain .
+If
+.I port
+is give as or prepended with
+.I s
+\'implict TLS\' is used; omitting StartTLS.
+Unless explicitely configured,
+.B qmail-smtpam
+accepts any or no certificate provided by the server,
+thus uses TLS for encryption only.
+.B qmail-smtpam
+uses the same certificate validation/verification
+mechanism as
+.B qmail-remote
+except for distinguishing among the sender's domain information.
+.SH "RETURN CODES"
+.B qmail-smtpam
+exits
+.I 0
+if the remote server
+replies with '250', otherwise
+.IR 1 .
+In case the control files can not
+be read or a communication problem has
+occured, it exits
+.IR 111 .
+.SH "SEE ALSO"
+addresses(5),
+envelopes(5),
+qmail-control(5),
+qmail-remote(8),
+qmail-smtpd(8)
diff --git a/man/qmail-smtpd.8 b/man/qmail-smtpd.8
new file mode 100644
index 0000000..393ec28
--- /dev/null
+++ b/man/qmail-smtpd.8
@@ -0,0 +1,1018 @@
+.TH s/qmail: qmail-smtpd 8
+.SH "NAME"
+qmail-smtpd \- receive mail via SMTP
+.SH "SYNOPSIS"
+.B qmail-smtpd
+[
+.I checkprogram
+.I subprogram
+]
+.SH "DESCRIPTION"
+.B qmail-smtpd
+receives mail messages via the Simple Mail Transfer Protocol (SMTP)
+and invokes
+.B qmail-queue
+to deposit them into the outgoing queue.
+.B qmail-smtpd
+must be supplied with several environment variables;
+see
+.BR tcp-environ(5) .
+
+.B qmail-smtpd
+is responsible for counting hops.
+It rejects any message with 100 or more
+.B Received
+or
+.B Delivered-To
+header fields.
+
+.B qmail-smtpd
+supports ESMTP and offers 8BITMIME, DATA, PIPELINING, SIZE, AUTH, STARTTLS, and SMTPUTF8 options.
+.B qmail-smtpd
+includes a 'Mail From:' parameter parser and obeys 'Auth', 'Size', and 'SMTPUTF8' advertisements.
+.B qmail-smtpd
+supports SMTPUTF8 SMTP envelope addresses and provides 8 bit clean message transmission.
+.B qmail-smtpd
+STARTTLS and SMTPS implementation requires the use of
+.B sslserver
+from ucspi-ssl.
+
+Authentication is facilitated in case the environment variable
+SMTPAUTH is set which tells
+.B qmail-smtpd
+to accept LOGIN, PLAIN, and eventually CRAM-MD5 Auth types
+and if additionally a PAM
+.I checkprogram
+is available which reads on file descriptor 3 the username, a 0 byte,
+the password or CRAM-MD5 digest/response derived from the SMTP client,
+another 0 byte, a CRAM-MD5 challenge (if applicable to the Auth type),
+and a final 0 byte.
+.I checkprogram
+invokes
+.I subprogram
+upon successful authentication, which should return 0 to
+.BR qmail-smtpd ,
+effectively setting the environment variables RELAYCLIENT and
+TCPREMOTEINFO or TCP6REMOTEINFO
+(any supplied value replaced with the authenticated username).
+.B qmail-smtpd
+will reject the authentication attempt if it receives a nonzero return
+value from
+.I checkprogram
+or
+.IR subprogram .
+
+STARTTLS support is enabled setting the environment variable UCSPITLS.
+In this case,
+.B qmail-smtpd
+communicates with the
+.B sslserver
+program interface through a control socket, a reading and a writing pipe, dynamically
+defined during the session start to be used for transport layer encryption.
+.B qmail-smtpd
+provides mutual authentication based on X.509 client certs and relaying
+with additional SMTP Return-Path validation.
+
+.B qmail-smtpd
+may employ additional DNS look-ups for the 'Mail From:' envelope sender
+address and/or the HELO/EHLO greeting string from the MTA client.
+
+.B qmail-smtpd
+implements a SPF record check for the domain part of the received
+.I Mail-From:\ <return-path>
+address or
+the
+.I HELO/EHLO
+statement in case the domain information is missing.
+This behavior is triggered by the environment variable
+.BR SPF .
+
+.B qmail-smtpd
+can be advised to communicate with a Greylisting server prior of acceptance, like
+.BR postgrey ,
+submitting the connection information
+.IR Mail\ From: ,
+.IR Rcpt\ To: ,
+.IR TCPREMOTEIP
+and
+.I TCPREMOTEHOST
+given its IPv4/IPv6 address as environment variable
+.IR POSTGREY
+and potentially including the port number (60000 is default)
+following the IP address separated by a semi-colon.
+For IPv6 LLU addresses the interface name followwing a percent sign can be included:
+.IR fe80::1%eth0;60000 .
+A return value of
+.I 10
+will advise
+.B qmail-smtpd
+to defer the SMTP connection providing a
+.I 450\ greylisted\ (#4.3.0)
+response to the connecting MTA, which can be tailored (see below).
+This mechanism shall not be used for SMTP connections on the
+.I Submission
+port.
+Setting
+.I POSTGREY='-'
+disables the lookup.
+
+.SH "TRANSPARENCY"
+.B qmail-smtpd
+converts the SMTP newline convention into the UNIX newline convention
+by converting CR LF into LF.
+Usually, it returns a temporary error and drops the connection on bare LFs.
+
+.B qmail-smtpd
+accepts messages that contain long lines or non-ASCII characters
+and thus is initially capable for SMTPUTF8 support.
+
+.SH "CONTROL FILES"
+.TP 5
+.IR badhelo
+Unacceptable HELO/EHLO greeting strings.
+.B qmail-smtpd
+will reject every connection attempt
+if the client MTA's HELO/EHLO greeting compares with
+a wildmat pattern provided in
+.IR badhelo
+in case the environment variable
+.B HELOCHECK
+is set.
+.IR badhelo
+checks have precedence over DNS lookups.
+DNS lookups can be avoided, if the announced
+HELO/EHLO greeting string is concatinated
+with a trailing '!' and included in
+.IR badhelo :
+
+.EX
+ localhost
+ localhost.localdomain
+ 127.0.0.1
+ mygreetingstring
+ [192.168.1.2]!
+.EE
+
+.TP 5
+.I badmailfrom
+Unacceptable envelope sender addresses.
+.B qmail-smtpd
+will reject every recipient address for a message
+if the envelope sender address is listed in
+.IR badmailfrom .
+A line in
+.I badmailfrom
+may be of the form
+.BR @\fIhost ,
+meaning every address at
+.IR host .
+Additionally, any envelope sender address can be filtered
+with a wildmat check:
+
+.EX
+ *@earthlink.net
+ !fred@earthlink.net
+ [0-9][0-9][0-9][0-9][0-9]@[0-9][0-9][0-9].com
+ answerme@save*
+ *%*
+ @yahoo.com-
+ @hotmail.com=
+ @mydomain.tld+
+ ~yahoo.com
+ ?nobody@example.com
+.EE
+
+A
+.I badmailfrom
+file with this contents reject all mail from Earthlink except from
+fred@earthlink.net. It also rejects all mail with addresses like:
+12345@123.com and answerme@savetrees.com. Further, any mail with
+a sender address containing a percent sign (%) is rejected.
+
+This implementation recognises 'extended' addresss in
+.I badmailfrom
+allowing to reject mails with particluar spoofed domain addresses:
+
+(1) The address is appended with a '-'.
+Now, if
+.I TCP(6)REMOTEHOST
+equals 'unknown', mails with the corresponding address are rejected
+(badmailfromunknown).
+
+(2) The address is appended with a '='.
+In case
+.I TCP(6)REMEOTEHOST
+is set mails, whose domain part of the envelope addresses
+.B not
+matching
+the corresponding entry are rejected (badmailfromwellknown).
+
+(3) The address is appended with a '+'.
+If
+.I RELAYCLIENT
+is not set and the sender address matches a corresponding entry
+(anti-spoofing for internal addresses).
+
+(4) The address is enhanced with a leading '~'.
+This requires a (left to right partial) matching of
+.I TCP(6)REMOTEHOST
+with the domain part of the envelope address.
+Thus, this specific entry in
+.I badmailfrom
+uses
+.I TCP(6)REMOTEHOST
+in the first place (badmailfrommismachteddomains).
+
+(5) The address is enhanced with a leading '?'.
+Emails with the corresponding sender address pass by all further
+.I badmailfrom
+tests including the
+.I MFDNSCHECK
+check.
+
+Note: The 'enhanced' addresses are not subject of the wildmat check
+and are evaluated in lower-case.
+
+The wildmat check is done in the order:
+Least significant to most significant.
+Example:
+
+.EX
+ *
+ !
+ !*@*.*
+ *viagra*
+.EE
+
+.TP 5
+.I badloadertypes.cdb
+Unacceptable base64 loader types in the message.
+.B qmail-smtpd
+will reject every message if 5 significant
+characters (eg.
+.BR Mi5kb)
+anyware in the base64 encoded attachment is identical
+to those compiled into
+.IR badloadertypes.cdb .
+Use
+.B qmail-badloadertypes
+to derive
+.I badloadertypes.cdb
+from
+.IR badloadertypes .
+In order to make the search efficient, all bad loader
+types have to start with the same character (eg. 'M').
+The control file
+.I badloadertypes.cdb
+is evaluated if the environment variable BADLOADERTYPE
+is set to the first character according to the contents of
+.IR badloadertypes .
+.TP
+.I badmimetypes.cdb
+Unacceptable base64 encoded MIME types in message.
+.B qmail-smtpd
+will reject every message if the first 9 significant
+characters (eg.
+.BR TVqQAAMAA )
+of any of it's embedded MIME types is identical with one
+compiled into
+.IR badmimetypes.cdb .
+Use
+.B qmail-badmimetypes
+to derive
+.I badmimetypes.cdb
+from
+.IR badmimetypes .
+The control file
+.I badmimetypes.cdb
+is evaluated if the environment variable
+.I BADMIMETYPE
+is set.
+In addition, irregular BASE64 attachments carrying whitespaces can
+be rejected defining
+.IR BADMIMETYPE='!' .
+.TP 5
+.I badrcptto
+Unacceptable envelope recipient addresses.
+.B qmail-smtpd
+will reject every incoming message
+if the envelope recipient address is listed in
+.IR badrcptto .
+This control file is complementary to
+.IR badmailfrom .
+A line in
+.I badrcptto
+may be of the form
+.BR @\fIhost ,
+meaning every address at
+.IR host .
+.I badrcptto
+employes the same filtering logic for the envelope recipient as
+.IR badmailfrom .
+Effectively,
+.IR badrcptto
+allows a 'whitelisting' of envelope recipient addresses:
+
+.EX
+ *
+ !user1@mydomain.com
+ !user2@mydomain.com
+ !*@anotherdomain.com
+.EE
+
+.IR badrcptto
+allows to tag recipient addresses to be reachable from
+authorized clients only (aka relayclients), prepending it
+in
+.IR badrcptto
+with
+.IR + .
+
+.EX
+ +localaddress@mydomain.com
+.EE
+
+.TP 5
+.I databytes
+Maximum number of bytes allowed in a message,
+or 0 for no limit.
+Default: 0.
+If a message exceeds this limit,
+.B qmail-smtpd
+returns a permanent error code to the client;
+in contrast, if
+the disk is full or
+.B qmail-smtpd
+hits a resource limit,
+.B qmail-smtpd
+returns a temporary error code.
+
+.I databytes
+counts bytes as stored on disk, not as transmitted through the network.
+It does not count the
+.B qmail-smtpd
+Received line, the
+.B qmail-queue
+Received line, or the envelope.
+
+If the environment variable DATABYTES
+is set, it overrides
+.IR databytes .
+.TP 5
+.I localiphost
+Replacement host name for local IP addresses.
+Default:
+.IR me ,
+if that is supplied.
+.B qmail-smtpd
+is responsible for recognizing native IPv4/IPv6 addresses for the
+current host.
+When it sees a recipient address of the form
+.I box@[d.d.d.d]
+or
+.IR box@[a:b:c:d:e:f:g:h] ,
+where
+.I d.d.d.d
+or
+.IR a:b:c:d:e:f:g:h
+is a local IPv4/IPv6 address,
+it replaces
+.I [d.d.d.d]
+or
+.IR [a:b:c:d:e:f:g:h]
+with
+.IR localiphost .
+This is done before
+.IR rcpthosts .
+.TP 5
+.I morercpthosts
+Extra allowed RCPT domains.
+If
+.I rcpthosts
+and
+.I morercpthosts
+both exist,
+.I morercpthosts
+is effectively appended to
+.IR rcpthosts .
+
+You must run
+.B qmail-newmrh
+whenever
+.I morercpthosts
+changes.
+
+Rule of thumb for large sites:
+Put your 50 most commonly used domains into
+.IR rcpthosts ,
+and the rest into
+.IR morercpthosts .
+.TP 5
+.I mailfromrules
+Acceptable 'Mail From:' addresses for
+RELAYCLIENTs are included here. Use
+.B qmail-mfrules
+to derive
+.TP 5
+.I mailfromrules.cdb
+from
+.IR mailfromrules .
+.TP 5
+.I rcpthosts
+Allowed RCPT domains.
+If
+.I rcpthosts
+is supplied,
+.B qmail-smtpd
+will reject
+any envelope recipient address with a domain not listed in
+.IR rcpthosts .
+
+Exception:
+If the environment variable RELAYCLIENT is set,
+.B qmail-smtpd
+will ignore
+.IR rcpthosts ,
+and will append the value of RELAYCLIENT
+to each incoming recipient address.
+
+.I rcpthosts
+may include wildcards:
+
+.EX
+ heaven.af.mil
+ .heaven.af.mil
+.EE
+
+Envelope recipient addresses without @ signs are
+always allowed through.
+.TP 5
+.I recipients
+List of external resources providing acceptable,
+full-qualified envelope addresses
+(\'RCPT to: <recip@domain>\')
+to be used for recipient verification
+during the SMTP session.
+
+The external sources can be either
+.B fastforward
+compliant cdbs including the envelope addresses,
+where the path to a cdb has to be referenced
+relative to Qmail's home directory, or a
+.B qmail-users
+build cdb available as
+.IR users/assign.cdb ,
+or a
+.B checkpassword
+compatible Plugable Authentication Modules
+(PAM), receiving the envelope address on FD 3
+as 'recip@domain\\0\\0\\0' and returning '0'
+in a case of success and '1' in case of failure.
+The use of a PAM is indicated with a delimiting '|' and
+it will be called with up to five additional parameters;
+while a cdb follows a ':', which can be omitted.
+
+The list of external sources is consulted line-by-line for each
+recipient envelope address until the first positive answer,
+or a final negative response is encountered.
+Which external source to be queried, depends on the domain part of the
+recipient envelope address specified on the left side of the
+.I recipients
+file, while the external resource is provided right from the delimitor.
+
+The addresses' domain part is evaluated in lower-case.
+An exact domain match can be encompassed by means of a leading '@'.
+The '*' is a generic wildcard for all domains.
+Specific domains can be excluded from the lookup by means of a
+leading '!'; thus all recipient addresses are accepted for this domain.
+Additionally, a '!*' can be used as wildcard for all domains not encountered
+before in
+.I recipients
+(pass-thru).
+
+A
+.I recipients
+file is always constructed like 'domain:cdb','domain|pam',
+or simply 'cdb':
+
+.EX
+ !nocheck.com
+ mydomain.com:users/recipients.cdb
+ @mx.mydomain.com:=
+ example.com|bin/qmail-smtpam mx.example.com
+ *:etc/fastforward.cdb
+ *|PATH/ldapam ldapserver host port DN passwd
+ !*
+.EE
+
+.B qmail-smtpd
+will semi-automatically consult
+.I users/assign.cdb
+generated by
+.B qmail-newu
+in case the domain name is
+followed by a colon and the equal sign '='.
+Now, the received \'Rcpt to:\' address
+is compared against each local part address
+(starting with a '=') in
+.IR users/assign.cdb .
+However, no VERP addresses are considered,
+which are indicated therein via a '+'.
+
+Lagacy format:
+
+.EX
+ users/recipients.cdb
+ etc/fastforward.cdb
+.EE
+
+Note: Excluded domains starting with a '!'
+should be placed in the beginning of the
+.I recipients
+file for performance reasons, while the pass-thru
+statement '!*' has to be on the last line.
+The recipients check is applied after the
+.I rcpthosts
+evaluation.
+
+.B qmail-recipients
+may be used to construct a
+.I users/recipients.cdb
+from
+.IR users/recipients .
+
+The
+.B qmail-smtpd
+recipients mechanism supports Qmail's address extension (VERP).
+Unqualified envelope recipients are appended with \'@localhost\'.
+.TP 5
+.I smtpgreeting
+SMTP greeting message.
+Default:
+.IR me ,
+if that is supplied;
+otherwise
+.B qmail-smtpd
+will refuse to run.
+The first word of
+.I smtpgreeting
+should be the current host's name.
+.TP 5
+.I spfexplain
+An additional SPF explanation can be given here to provide more
+specific information for the sender in case of a reject.
+SPF macro expansion is possible. It will override the default one, e.g.:
+
+.EE
+See https://example.com/spfrules.html (#5.7.1)
+.EX
+.TP 5
+.I spflocalrules
+As 'last resort', it is possible to include SPF local rules here
+(on one line), that will be applied before other SPF rules would fail.
+This can be used to allow certain MX to send mails anyway. Example:
+
+.EE
+include:spf.trusted-forwarder.org
+.EX
+.TP 5
+.I timeoutsmtpd
+Number of seconds
+.B qmail-smtpd
+will wait for each new buffer of data from the remote SMTP client.
+Default: 1200.
+
+.SH "CONDITIONAL CONTROL FILES"
+The control files \fIrcpthosts\fR, \fImorecpthosts\fR,
+\fIrecipients\fR, \fIbadhelo\fR
+are 'conditional' control files and evaluated
+only if the environment variable RELAYCLIENT is not set.
+On the other hand,
+\fImailfromrules.cdb\fR is only taken into account, if
+RELAYCLIENT is set.
+This allows
+.B qmail-smtpd
+to relay mail messages from local clients and to filter
+mails with certain SMTP envelope conditions
+originating from particular clients ('Split Horizon').
+Other conditional control files are
+\fIbadloadertypes\fR,
+\fIbadmimetypes\fR
+which depend on the setting of the corresponding
+environment variables.
+
+Further, the control files \fIspfexplain\fR and
+\fIspflocalrules\fR are only evaluated if the
+environment variable
+.I SPF
+is defined and greater than 0 and
+.I RELAYCLIENT
+is not set.
+
+.SH "ENVIRONMENT VARIABLES READ"
+Environment variables may be defined globally in the
+.B qmail-smtpd
+startup script and/or individually as part of the
+.BR sslserver 's
+cdb database.
+The environment variables may be quoted ("variable", or 'variable') and
+in case of global use, have to be exported.
+.B qmail-smtpd
+supports the following legacy environment variables, typically
+provided by
+.B sslserver
+or
+.B tcpserver:
+.IR TCP(6)REMOTEIP ,
+.IR TCP(6)REMOTEHOST
+.IR TCP(6)REMOTEINFO
+and
+.IR TCPLOCALPORT
+as well as
+.IR RELAYCLIENT .
+Additionally,
+.B qmail-smtpd
+may use several environment variables for different purposes.
+.P
+Controlling the SMTP HELO/EHLO:
+.IP
+.TP 5
+.I HELOCHECK=''
+enables a check of the provided HELO/EHLO greeting against
+the content of the control file
+.IR badhelo .
+In case no HELO/EHLO greeting is given, SMTP
+connections can be rejected, if
+.I HELOCHECK='!'
+is set. Checks on the presence and the content of
+the HELO/EHLO greeting string is facilitated, setting
+.IR HELOCHECK='.' .
+To enforce the match of the HELO/EHLO greeting with
+the remote host's FQDN (
+.IR TCP(6)REMOTEHOST ),
+use
+.IR HELOCHECK='=' .
+.TP 5
+.I HELOCHECK='A' | HELOCHECK='M'
+enable DNS A/MX lookup for the HELO/EHLO greeting string.
+In addition, the HELO/EHLO string is checked against
+the content of
+.IR badhelo .
+.TP 5
+.I UTF8
+display the
+.I SMTPUTF8
+greeting string. This is off by default.
+.p
+Since
+.B qmail-smtpd
+is 8 bit clean, setting of
+.I UTF8
+has no real consequences except for displaying this
+setting in the log as
+.IR ESMTP[SA]UTF8 .
+.P
+Controlling the SMTP Mail From:
+.IP
+.TP 5
+.I LOCALMFCHECK
+is used to enable a 'Mail From:' address Verification (MAV) for RELAYCLIENTs.
+Thus, the domain part of the 'Mail From:' envelope sender address
+has to match an entry in
+.IR rcpthosts
+or
+.IR morercpthosts
+control files, if not explicitly defined otherwise.
+
+If LOCALMFCHECK='!' is set, the control file
+.I mailfromrules.cdb
+is evaluated and the MAV is facilitated employing the environment variables
+.IR TCP(6)REMOTEINFO ,
+.IR TCP(6)REMOTIP ,
+or
+.I TCP(6)REMOTEHOST
+as a key.
+However, if LOCALMFCHECK='=' is provided,
+.IR TCP(6)REMOTEINFO
+(i.e. set by Auth) has to match the 'Mail From:'
+envelope address (case insensitive).
+Alternativley, using LOCALMFCHECK='?' the email address
+embedded in the DN of a X.509 client is used and compared
+against the 'Mail From:' envelope address.
+Of course, this requires
+.B sslserver
+to request a client cert for mutual authentication.
+
+Note: Adding a qualifier to LOCALMFCHCEK,
+the domain part of the 'Mail From:' address is compared
+against the provided string.
+.TP 5
+.IR MFDNSCHECK
+enable DNS MX lookup for the domain part of the 'Mail From:' envelope sender address.
+.TP 5
+.I SPF='0'|'1'|'2'|'3'|'4'|'5'|'6'
+SPF Records will be evaluated for the current SMTP session in case
+.B SPF
+is defined. The value of
+.B SPF
+may be given between 1 and 6 to enable SPF checks.
+.I 1
+selects 'annotate-only' mode, where
+.B qmail-smtpd
+will annotate incoming email with a
+.B Received-SPF
+header, but will not reject any messages.
+.I 2
+will produce temporary failures on DNS lookup problems
+so you can be sure always to have a meaningful Received-SPF header.
+.I 3
+selects 'reject' mode, where incoming mail will be rejected
+if the SPF record says 'fail'.
+.I 4
+selects a more stricter rejection mode, which is like 'reject' mode,
+except that incoming mail will also be rejected, when the SPF record
+says 'softfail'. Further,
+.I 5
+will reject when the SPF record says 'neutral', and
+.I 6
+rejects, if no SPF records are available at all
+(or a syntax error was encountered).
+If
+.B SPF
+is given as
+.IR 0 ,
+SPF checks are disabled.
+
+Note: Additional control files are
+.I spfexplain
+and
+.IR spflocalrules .
+
+.P
+Controlling the SMTP RCPT TO:
+.IP
+.TP 5
+.I MAXRECIPIENTS
+is the number of Rcpt To:'s
+.B qmail-smtpd
+will accept in a SMTP session.
+If MAXRECIPIENTS ist not set, any number is allowed.
+.TP 5
+.IR TARPITCOUNT
+is the number of Rcpt To:
+.B qmail-smtpd
+accepts before it starts tarpitting.
+Default: 0 which means no tarpitting.
+.TP 5
+.IR TARPITDELAY
+tarpitdelay is the time in seconds of delay
+to be introduced after each subsequent Rcpt To:.
+
+Smart Rejection Notes:
+If
+.IR TARPITCOUNT
+is set and
+.IR TARPITDELAY
+= 0 (default)
+.B qmail-smtpd
+will issue after recognising
+.IR TARPITCOUNT
+invalid Rcpt To: a Recipient failure;
+thus additional Rcpt Tos will not be accepted.
+If, however
+.IR TARPITCOUNT
+is set and
+.IR TARPITDELAY
+= 999
+.B qmail-smtpd
+will issue after
+.IR TARPITCOUNT
+invalid Rcpt To: a Recipient failure
+.TP 5
+.I RECIPIENTS450
+tells
+.b qmail-smtpd
+to issue a SMTP reply '450' (temporary rejection)
+instead the default '550'
+in case the recipient was not listed in any
+.I recipients
+cdb.
+
+.P
+Controlling the email body:
+.IP
+.TP 5
+.I BADLOADERTYPE='c'
+tells
+.B qmail-smtpd
+to evaluate the control file
+.I badloadertypes.cdb
+with the starting string 'c'.
+If
+.I BADLOADERTYPE='-'
+is set, the check is disabled.
+In case
+.I BADLOADERTYPE='+'
+is defined, the check is disabled for
+.IR RELAYCLIENTS .
+.TP 5
+.I BADMIMETYPE
+see control file
+.IR badmimetypes.cdb .
+In case
+.I BADMIMETYPE='-'
+is set;
+.I badmimetypes.cdb
+is not considered; thus the check is disabled.
+Setting
+.I BADMIMTETYPE='!'
+the mime type is rejected if it includes whitespaces;
+even without the control file
+.IR badmimetypes.cdb .
+Providing
+.I BADMIMTETYPE='+'
+the check is disabled if in addition
+.IR RELAYCLIENTS
+are recognized.
+
+.TP 5
+.I BASE64
+tells QHPSI to enable virus checking only if a base64 encoded
+attachment was identified.
+.TP 5
+.I DATABYTES
+see control file
+.IR databytes .
+.TP 5
+.I QHPSI
+is used by
+.B qmail-smtpd
+to supply the name of the virus scanner and it's path.
+.P
+Environment variables for SMTP authentication:
+.IP
+.TP 5
+.I SMTPAUTH
+is used to enable SMTP Authentication for the
+Auth types
+LOGIN and PLAIN.
+In case
+.TP 5
+.I SMTPAUTH='+cram'
+is defined,
+.B qmail-smtpd
+honors LOGIN, PLAIN, and additionally CRAM-MD5 authentication.
+Simply
+.TP 5
+.I SMTPAUTH='cram'
+restricts authentication just to CRAM-MD5.
+If however
+.TP 5
+.I SMTPAUTH='!'
+starts with an exclamation mark, Auth is required.
+You can enforce 'Submission' using this option
+and binding
+.B qmail-smtpd
+to the SUBMISSION port \'587'\.
+In particular,
+.TP 5
+.I SMTPAUTH='!cram'
+may be useful.
+In opposite, if
+.TP 5
+.I SMTPAUTH='-'
+starts with a dash, Auth disabled for particular
+connections.
+Note: The use of 'cram' requires a CRAM-MD5 enabled PAM.
+.P
+Setting up the TLS/STARTTLS environment:
+.IP
+.TP 5
+.I UCSPITLS
+enables encrypted SMTP communication
+via STARTTLS in case
+.B sslserver
+is provided.
+If
+.I UCSPITLS='!'
+is set, STARTTLS is required; while setting
+.I UCSPITLS='-'
+disables STARTTLS.
+Further,
+.I UCSPITLS='?'
+may be used to force the client to present a X.509 cert
+for authentication purpose which may be refined
+requesting
+.I UCSPITLS='@'
+to additionally fetch the email address
+from the client's cert to be perhaps subject of
+.IR LOCALMFCHECK .
+.P
+Other environment variables used:
+.IP
+.TP 5
+.I DELIVERTO
+mail address for special recipients.
+.TP 5
+.I RBLSMTPD
+feed from
+.B rblsmtpd
+including the information received from the
+inquired RBL hosts and displayed as
+.I X-RBL-Info:
+message header.
+.TP 5
+.I POSTGREY
+triggering the call of
+.B qmail-postgrey
+and feeding it with the IP address and port of the
+.I greylisting
+server. If
+.I POSTGREY
+is set to
+.I -
+no lookup is performed.
+
+.SH "CUSTOMIZABLE RETURN MESSAGES"
+In case of rejected or defered SMTP connections
+.B qmail-smtpd
+can provide additional informations in the SMTP reply message
+which are sandwiched between the reply code and the EMMSC.
+.B qmail-smtpd
+recognizes these environment variables:
+.TP 5
+.I REPLY_GREYLISTED
+following 450 greylisting
+.TP 5
+.I REPLY_HELO
+following 550 Bad Helo
+.TP 5
+.I REPLY_MAILBOX
+following 550 mailbox not existing
+.TP 5
+.I REPLY_MAXSIZE
+following 552 message size to large
+.TP 5
+.I REPLY_BADMAILFROM
+following 553 badmail from
+.TP 5
+.I REPLY_BADRCPTTO
+following 553 badrcpt to
+.TP 5
+.I REPLY_SENDEREXIST
+following 553 SMTP sender DNS
+.TP 5
+.I REPLY_NOGATEWAY
+following 553 No gateway
+.TP 5
+.I REPLY_SENDERINVALID
+following 553 SMTP sender invalid
+.TP 5
+.I REPLY_CONTENT
+following 554 Message content invalid
+
+.SH "ENVIRONMENT VARIABLES SET"
+By means of the following environment variables,
+the SMTP session can be interrogated:
+.TP 5
+.I HELOHOST
+the HELO/EHLO greeting of the SMTP client.
+.TP 5
+.I AUTHPROTOCOL
+the ESMTPA protocol used for authentication.
+.TP 5
+.I AUTHUSER
+the supplied username for authentication.
+.TP 5
+.I MAILFROM
+containes the received 'Mail From:' address.
+.TP 5
+.I RCPTTO
+containes all received 'Rcpt To:' addresses separated by blanks.
+.TP 5
+.I TCP(6)REMOTEINFO
+in authentication mode set to the accepted username.
+.TP 5
+.I SSL_*
+information from
+.BR sslserver ,
+if applicable.
+
+.SH "SEE ALSO"
+tcp-environ(5),
+qmail-control(5),
+qmail-inject(8),
+qmail-newmrh(8),
+qmail-newbmt(8),
+qmail-authuser(8),
+qmail-recipients(8),
+qmail-postgrey(8),
+qmail-smtpam(8),
+qmail-mfrules(8),
+qmail-queue(8),
+qmail-remote(8),
+qmail-send(8),
+qmail-log(8),
+tcpserver(8),
+sslserver(8).
+
diff --git a/man/qmail-start.9 b/man/qmail-start.9
new file mode 100644
index 0000000..b801ac2
--- /dev/null
+++ b/man/qmail-start.9
@@ -0,0 +1,94 @@
+.TH s/qmail: qmail-start 8
+.SH NAME
+qmail-start \- turn on mail delivery
+.SH SYNOPSIS
+.B qmail-start
+[
+.I defaultdelivery
+[
+.I logger arg ...
+]
+]
+.SH DESCRIPTION
+.B qmail-start
+invokes
+.BR qmail-send ,
+.BR qmail-lspawn ,
+.BR qmail-rspawn ,
+and
+.BR qmail-clean ,
+under the proper uids and gids.
+These four daemons cooperate to deliver messages from the queue.
+
+.B qmail-start
+arranges for
+.BR qmail-send 's
+activity record to be sent to
+.BR qmail-start 's
+output.
+See
+.B qmail-log(5)
+for the format of the activity record.
+Other than this,
+.B qmail-start
+does not print anything, even on failure.
+
+If
+.I defaultdelivery
+is supplied,
+.B qmail-start
+passes it to
+.BR qmail-lspawn .
+
+If
+.I logger
+is supplied,
+.B qmail-start
+invokes
+.I logger
+with the given arguments,
+and feeds
+.BR qmail-send 's
+activity record through
+.IR logger .
+
+Environment variables given to
+.B qmail-start
+will eventually be passed on to
+.BR qmail-local ,
+so make sure to clean up the environment if you run
+.B qmail-start
+manually:
+
+.EX
+ # env - PATH="HOME/bin:$PATH"
+.br
+ qmail-start ./Mailbox splogger qmail &
+.br
+ (all on one line)
+.EE
+
+Resource limits, controlling ttys, et al. are also passed from
+.B qmail-start
+to
+.BR qmail-local .
+
+Note that
+.B qmail-send
+normally juggles several simultaneous deliveries.
+To reduce
+.BR qmail-send 's
+impact on other programs,
+you can run
+.B qmail-start
+with a low priority.
+.SH "SEE ALSO"
+logger(1),
+splogger(1),
+nice(1),
+qmail-log(5),
+qmail-local(8),
+qmail-clean(8),
+qmail-lspawn(8),
+qmail-rspawn(8),
+qmail-send(8)
diff --git a/man/qmail-tcpok.8 b/man/qmail-tcpok.8
new file mode 100644
index 0000000..3052c96
--- /dev/null
+++ b/man/qmail-tcpok.8
@@ -0,0 +1,24 @@
+.TH s/qmail: qmail-tcpok 8
+.SH NAME
+qmail-tcpok \- clear TCP timeout table
+.SH SYNOPSIS
+.B qmail-tcpok
+.SH DESCRIPTION
+.B qmail-tcpok
+erases
+.BR qmail-remote 's
+current list of timeouts,
+so that
+.B qmail-remote
+does not make any assumptions about failing addresses.
+
+.B qmail-tcpok
+must be run either as
+.B root
+or with user id
+.B qmailr
+and group id
+.BR sqmail .
+.SH "SEE ALSO"
+qmail-remote(8),
+qmail-tcpto(8)
diff --git a/man/qmail-tcpto.8 b/man/qmail-tcpto.8
new file mode 100644
index 0000000..ed44617
--- /dev/null
+++ b/man/qmail-tcpto.8
@@ -0,0 +1,30 @@
+.TH s/qmail: qmail-tcpto 8
+.SH NAME
+qmail-tcpto \- print TCP timeout table
+.SH SYNOPSIS
+.B qmail-tcpto
+.SH DESCRIPTION
+After an SMTP connection attempt times out,
+.B qmail-remote
+records the relevant IP address.
+If the same address fails again (after at least two minutes with
+no intervening successful connections),
+.B qmail-remote
+assumes that further attempts will fail for at least another hour.
+
+.B qmail-tcpto
+prints
+.BR qmail-remote 's
+current list of timeouts.
+
+.B qmail-tcpto
+must be run either as
+.B root
+or with user id
+.B qmailr
+and group id
+.BR sqmail .
+.SH "SEE ALSO"
+qmail-qread(8),
+qmail-remote(8),
+qmail-tcpok(8)
diff --git a/man/qmail-todo.8 b/man/qmail-todo.8
new file mode 100644
index 0000000..740f5b3
--- /dev/null
+++ b/man/qmail-todo.8
@@ -0,0 +1,128 @@
+.TH s/qmail: qmail-todo 8
+.SH NAME
+qmail-todo \- schedule state change of message for delivery
+.SH SYNOPSIS
+.B qmail-todo
+.SH DESCRIPTION
+.B s/qmail
+with a high local and remote concurrency number
+is able to deliver a tremendous amount of messages (throughput).
+Depending on the provided resources however,
+often this can not be achieved since
+.B qmail-send
+becomes a bottleneck on delivery.
+
+.B qmail-send
+preprocesses all new messages before deploying them for
+.I local
+or for
+.I remote
+delivering. In a particulur run,
+.B qmail-send
+does one 'todo' processing, but has the ability to close multiple jobs.
+Due to this layout, potentially
+.B qmail-send
+can not feed all the new available (local/remote) delivery slots
+and therefore, it is not possible to achieve the maximum throughput.
+
+This is a minor problem, given
+.B qmail-send
+is able to complete this in short time; but due to
+many file system calls (fsync and (un)link) a 'todo'
+run is expensive and throttles the throughput.
+
+.B qmail-todo
+solves this 'silly qmail (queue) problem'
+which is apparent only on system with high injection rates,
+delegating the scheduling of 'todo' runs to a dedicated process.
+
+.SH "COMMUNICATION"
+.B qmail-todo
+interfaces with
+.B qmail-send
+on file descriptors \fI[1,8]\fR on sending
+and \fI[7,0]\fR for receiving.
+.B qmail-todo
+communicates with
+.B qmail-clean
+on file descriptors \fI[2,0]\fR for sending
+and \fI[3,1]\fR for receiving.
+
+.B qmail-todo
+and
+.B qmail-send
+share an extended and peristent message exchange format:
+
+.EX
+D[LRB]<mesgid>\0
+ Start delivery for new message with id <messid>.
+ The character L, R or B defines the type
+ of delivery: Local, Remote, or Both, respectively.
+.EE
+
+.EX
+L<string>\0
+ Dump string to the logger without adding additional
+ '\\n' or similar.
+.EE
+
+.B qmail-todo
+sends "\\0" terminated messages, whereas
+.B qmail-send
+just sends one character to
+.BR qmail-todo .
+
+.SH "BIG PICTURE"
+.EX
+ +-------+ +-------+
+ | clean | | clean |
+ +--0-1--+ +--0-1--+ +-----------+
+ trigger ^ | ^ | +->0,1 lspawn |
+ | | v | v / +-----------+
+ +-------+ v +--2-3--+ +--5-6--+ /
+ | | | | 0<--7 1,2<-+
+ | queue |--+--| todo | | send |
+ | | | | 1-->8 3,4<-+
+ +-------+ +-------+ +---0---+ \\
+ | \\ +-----------+
+ v +->0,1 rspwan |
+ +---0---+ +-----------+
+ | logger|
+ +-------+
+.EE
+
+.SH "EXIT CODES"
+.B qmail-todo
+exits
+.I 0
+if the messages have been processed successfully.
+It exits
+.I 1
+in case there is a communication problem with
+.BR qmail-send .
+The exit code
+.I 111
+together with a diagnostic message is facilitated by
+.B qmail-todo
+in case it failes reading the required control files.
+
+.SH "DIAGNOSTICS"
+.B qmail-todo
+provides additional diagnostic messages to
+.B qmail-send
+to be displayed in the logs. In particular, in
+case of problems creating and (un)linking files.
+
+.SH "CREDITS"
+.B qmail-todo
+included in
+.B s/qmail
+has been created by Andre Oppermann (http://www.nrg4u.com)
+as part of this LDAP patch for
+.BR qmail .
+This man-page uses parts of his EXTERNAL discription.
+
+
+.SH "SEE ALSO"
+qmail-send(8),
+qmail-queue(8).
diff --git a/man/qmail-users.9 b/man/qmail-users.9
new file mode 100644
index 0000000..6ef5548
--- /dev/null
+++ b/man/qmail-users.9
@@ -0,0 +1,117 @@
+.TH s/qmail: qmail-users 5
+.SH NAME
+qmail-users \- assign mail addresses to users
+.SH OVERVIEW
+The file
+.B SQMAIL/users/assign
+assigns the local part of mail addresses to users. For example,
+
+.EX
+ =joe.shmoe:joe:503:78:/home/joe:::
+.EE
+
+says that mail for
+.B joe.shmoe
+should be delivered to user
+.BR joe ,
+with uid 503 and gid 78,
+as specified by
+.BR /home/joe/.qmail .
+
+Assignments fed to
+.B qmail-newu
+will be used by
+.B qmail-lspawn
+to control
+.BR qmail-local 's
+deliveries.
+Use
+.B qmail-newu (8)
+to generate
+.I users/assign.cdb
+from
+.IR users/assign .
+A change to
+.B SQMAIL/users/assign
+will have no effect until
+.B qmail-newu
+is run.
+.SH STRUCTURE
+.B SQMAIL/users/assign
+is a series of assignments, one per line.
+It ends with a line containing a single dot.
+Lines must not contain NUL.
+.SH "SIMPLE ASSIGNMENTS"
+A simple assignment is a line of the form
+
+.EX
+ =local:user:uid:gid:homedir:dash:ext:
+.EE
+
+Here
+.I local
+is an address;
+.IR user ,
+.IR uid ,
+and
+.I gid
+are the account name, uid, and gid
+of the user in charge of
+.IR local ;
+and messages to
+.I local
+will be controlled by
+.IR homedir\fB/.qmail\fIdashext .
+
+If there are several assignments for the same
+.I local
+address,
+.B qmail-lspawn
+will use the first one.
+
+.I local
+is interpreted without regard to case.
+.SH "WILDCARD ASSIGNMENTS"
+A wildcard assignment is a line of the form
+
+.EX
+ +loc:user:uid:gid:homedir:dash:pre:
+.EE
+
+This assignment applies to any address beginning with
+.IR loc ,
+including
+.I loc
+itself.
+It means the same as
+
+.EX
+ =locext:user:uid:gid:homedir:dash:preext:
+.EE
+
+for every string
+.IR ext .
+
+A more specific wildcard assignment overrides a less specific
+assignment, and a simple assignment overrides any wildcard assignment.
+For example:
+
+.EX
+ +:alias:7790:2108:SQMAIL/alias:-::
+ +joe-:joe:507:100:/home/joe:-::
+ =joe:joe:507:100:/home/joe:::
+.EE
+
+The address
+.B joe
+is handled by the third line;
+the address
+.B joe-direct
+is handled by the second line;
+the address
+.B bill
+is handled by the first line.
+.SH "SEE ALSO"
+qmail-pw2u(8),
+qmail-newu(8),
+qmail-lspawn(8)
diff --git a/man/qmail-vmailuser.9 b/man/qmail-vmailuser.9
new file mode 100644
index 0000000..e19898d
--- /dev/null
+++ b/man/qmail-vmailuser.9
@@ -0,0 +1,108 @@
+.TH s/qmail: qmail-vmailuser 8
+
+.SH "NAME"
+qmail-vmailuser \- recipient maildir validation
+
+.SH "SYNOPSIS"
+.B qmail-vmailuser
+.I [homedir]
+.I [-C]
+.SH "DESCRIPTION"
+.B qmail-vmailuser
+is a maildir verification PAM supporting
+.I VMailMgr
+and
+.I Vpopmail
+users for virtual domains.
+Invoked via
+.BR qmail-smtpd 's
+recipient mechanism, it checks the
+existence of the recipient directory
+for the provisioned virtual users in
+.IR SQMAIL/control/virtualusers .
+
+.B qmail-vmailuser
+follows
+.BR checkpassword 's
+interface specification evaluating the
+SMTP forwarding path (RCPT TO:) taken from
+discriptor 3 with a length of max 128 bytes.
+
+The forwarding path
+.I vuser@domain
+is tokenized to determine the
+virtual user in
+.I SQMAIL/control/virtualusers
+given by
+.I domain
+in the first step and then validating for
+.I vuser
+the existance of (v)user's mail directory
+in lower case while substituting dots by colons.
+.SH "USAGE"
+.B qmail-vmailuser
+is called as PAM from
+.BR qmail-smtpd 's
+control file
+.IR SQMAIL/control/recipients :
+
+.EX
+ domain|bin/qmail-vmailuser
+ *|bin/qmail-vmailuser /homedir -C
+.EE
+
+No specific settings are required to support
+either
+.I VMailMgr
+or
+.IR Vpopmail ,
+except for the
+.I homedir
+and perhaps the option
+.I -C
+evaluating
+.I vuser
+in case respect mode.
+Since
+.I homedir
+defaults mostly to
+.IR /home ,
+this argument can be omitted.
+.SH "SECURITY"
+For successfull operation
+.B qmail-vmailuser
+requires to stat
+.IR vuser 's
+directory though without reading
+it's actual contents. Due to
+restrictions given by
+.IR Vpopmail ,
+.B qmail-vmailuser
+needs to belong to
+.I vpopmail:vchkpw
+or gnerally to be
+root-owned and 'sticky'.
+.SH "RETURN CODES"
+If for the provided
+.I vuser@domain
+the user directory does not exist
+.B qmail-vmailuser
+exits 1.
+If
+.B qmail-vmailuser
+is misused, it may instead exit 2.
+If there is a temporary problem,
+.B qmail-vmailuser
+exits 111.
+In case
+.B qmail-vmailuser
+can't read
+.I SQMAIL/control/recipients
+it exits 110.
+.SH "SEE ALSO"
+addresses(5),
+envelopes(5),
+qmail-send(8),
+qmail-smtpd(8),
+qmail-recipients(8),
+qmail-authuser(8).
diff --git a/man/qreceipt.1 b/man/qreceipt.1
new file mode 100644
index 0000000..37b39ed
--- /dev/null
+++ b/man/qreceipt.1
@@ -0,0 +1,33 @@
+.TH s/qmail: qreceipt 1
+.SH NAME
+qreceipt \- respond to delivery notice requests
+.SH SYNOPSIS
+in
+.BR .qmail :
+.B |qreceipt
+.I youraddress
+.SH DESCRIPTION
+When a mail message arrives with
+.I youraddress
+listed in a
+.B Notice-Requested-Upon-Delivery-To
+header field,
+.B qreceipt
+sends a success notice back to the envelope sender.
+
+.B WARNING:
+If you create a
+.B .qmail
+file to enable
+.BR qreceipt ,
+make sure to also add a line specifying delivery to your normal mailbox.
+For example:
+
+.EX
+ /home/joe/Mailbox
+.br
+ |qreceipt joe@nowhere.mil
+.EE
+.SH "SEE ALSO"
+dot-qmail(5),
+envelopes(5)
diff --git a/man/setforward.1 b/man/setforward.1
new file mode 100644
index 0000000..1c2925c
--- /dev/null
+++ b/man/setforward.1
@@ -0,0 +1,204 @@
+.TH s/qmail: setforward 1
+.SH NAME
+setforward \- create a forwarding database
+.SH SYNOPSIS
+.B setforward
+.I cdb
+.I tmp
+.SH DESCRIPTION
+.B setforward
+reads a table of forwarding instructions from its standard input.
+It converts the table into a forwarding database.
+The forwarding database can be used by
+.BR fastforward .
+
+.B setforward
+writes the forwarding database to
+.IR tmp ;
+it then moves
+.I tmp
+to
+.IR cdb .
+.I tmp
+and
+.I cdb
+must be on the same filesystem.
+
+If there is a problem creating
+.IR tmp ,
+.B setforward
+complains and leaves
+.I cdb
+alone.
+
+The forwarding database format is portable across machines.
+.SH "INSTRUCTION FORMAT"
+A forwarding instruction contains a
+.I target\fR,
+a colon, a series of commands, and a semicolon.
+Each command is a
+.I recipient address\fR,
+.I owner address\fR,
+.I external mailing list\fR,
+or
+.I program\fR.
+Commands are separated by commas.
+
+For example,
+
+.EX
+ root@yp.to: god@heaven.af.mil, staff@af.mil;
+.EE
+
+says that mail for
+.B root@yp.to
+should be forwarded to the recipient addresses
+.B god@heaven.af.mil
+and
+.BR staff@af.mil .
+
+When
+.B setforward
+sees # it ignores all text from # to the end of the line:
+
+.EX
+ # this is a comment
+.EE
+
+.B setforward
+ignores all other line endings,
+so you can split a forwarding instruction across lines.
+It also ignores spaces and tabs.
+Exception:
+you can put a space (or tab or comma or whatever)
+into a target or command by putting a backslash in front of it.
+(However, NUL bytes are not permitted anywhere.)
+.SH "TARGETS"
+When
+.B fastforward
+sees the incoming address
+.IR user@host.dom ,
+it tries three targets:
+.IR user@host.dom ,
+.IR @host.dom ,
+and
+.IR user@ .
+It obeys the commands for the first target that it finds.
+Target names are interpreted without regard to case.
+
+All the commands for a single target must be listed in a single instruction.
+Exception: an owner address can be listed in a separate instruction.
+.SH "RECIPIENT ADDRESSES"
+If a command begins with an ampersand,
+.B setforward
+takes the remaining bytes in the command as a recipient address:
+
+.EX
+ boss@yp.to: &god@heaven.af.mil;
+.EE
+
+.B fastforward
+sends each incoming mail message
+to the recipient address.
+The recipient address must include a fully qualified domain name.
+It cannot be longer than 800 bytes.
+
+If a recipient address is itself a target in the forwarding table,
+.B fastforward
+will recursively handle the instructions for that target.
+Note that
+.I @host.dom
+and
+.I user@
+wildcards do not apply here;
+they apply only to the incoming address.
+
+If a command begins with a letter or number,
+.B setforward
+takes the entire command as a recipient address:
+
+.EX
+ boss@yp.to: god@heaven.af.mil;
+.EE
+.SH "OWNER ADDRESSES"
+If a command begins with a question mark,
+.B setforward
+takes the remaining bytes in the command as an owner address:
+
+.EX
+ sos@heaven.af.mil: ?owner-sos@heaven.af.mil;
+.EE
+
+.B fastforward
+uses that address as the envelope sender for forwarded mail,
+so bounces will go back to that address.
+(Normally, if a message is forwarded to a bad address,
+it will bounce back to the original envelope sender.)
+.SH "EXTERNAL MAILING LISTS"
+If a command begins with a dot or slash,
+.B setforward
+takes the entire command as the name of a binary mailing list file created by
+.BR setmaillist :
+
+.EX
+ sos@heaven.af.mil: /etc/lists/sos.bin;
+.EE
+
+.B fastforward
+will read and obey the commands in that file.
+The file must be world-readable
+and accessible to
+.BR fastforward .
+.SH "PROGRAMS"
+If a command begins with a vertical bar or exclamation point,
+.B setforward
+takes the rest of the command as the name of a program to run:
+
+.EX
+ dew@: |dew-monitor;
+.EE
+
+For a vertical bar,
+.B fastforward
+feeds the message
+to that program.
+An exclamation point works the same way except that
+.B fastforward
+inserts
+.BR $UFLINE ,
+.BR $RPLINE ,
+and
+.B $DTLINE
+in front of the message.
+.SH "DUPLICATES"
+When
+.B fastforward
+is building the recipient list for a message,
+it keeps track of the recipient addresses and external mailing lists
+it has used.
+If the same command shows up again, it skips it.
+For example:
+
+.EX
+ everybody@yp.to: programmers@yp.to, testers@yp.to;
+ programmers@yp.to: joe@yp.to, bob@yp.to;
+ testers@yp.to: joe@yp.to, fred@yp.to;
+.EE
+
+A message to
+.B everybody@yp.to
+will be sent to
+.B joe@yp.to
+only once.
+(This also means that addresses in an internal forwarding loop
+are discarded.)
+
+Exception:
+If a target has an owner address,
+commands for that target are considered different
+from commands for ``outside'' targets.
+.SH "SEE ALSO"
+newaliases(1),
+preline(1),
+printforward(1),
+setmaillist(1)
diff --git a/man/setmaillist.1 b/man/setmaillist.1
new file mode 100644
index 0000000..59fbf7d
--- /dev/null
+++ b/man/setmaillist.1
@@ -0,0 +1,72 @@
+.TH s/qmail: setmaillist 1
+.SH NAME
+setmaillist \- create a binary mailing list
+.SH SYNOPSIS
+.B setmaillist
+.I bin
+.I tmp
+.SH DESCRIPTION
+.B setmaillist
+reads a mailing list from its standard input.
+
+.B setmaillist
+writes the mailing list in a binary format to
+.IR tmp ;
+it then moves
+.I tmp
+to
+.IR bin .
+.I tmp
+and
+.I bin
+must be on the same filesystem.
+
+If there is a problem creating
+.IR tmp ,
+.B setmaillist
+complains and leaves
+.I bin
+alone.
+
+The binary mailing list format is portable across machines.
+
+.B setmaillist
+always creates
+.I bin
+world-readable.
+.SH "MAILING LIST FORMAT"
+The mailing list read by
+.B setmaillist
+is a series of lines.
+NUL bytes are not allowed.
+
+If a line begins with a dot or slash,
+.B setmaillist
+takes the entire line as an include file name.
+
+If a line begins with an ampersand,
+.B setmaillist
+takes the rest of the line as a recipient address.
+If a line begins with a letter or number,
+.B setmaillist
+takes the entire line as a recipient address.
+Each recipient address must include a fully qualified domain name.
+Recipient addresses longer than 800 bytes are not allowed.
+
+.B setmaillist
+ignores blank lines
+and lines beginning with #.
+It also ignores spaces and tabs at the ends of lines.
+
+For example,
+
+.EX
+ god@heaven.af.mil
+ djb@silverton.berkeley.edu
+.EE
+
+is a mailing list with two addresses.
+.SH "SEE ALSO"
+setforward(1),
+newinclude(1),
+printmaillist(1)
diff --git a/man/spfquery.8 b/man/spfquery.8
new file mode 100644
index 0000000..4c26323
--- /dev/null
+++ b/man/spfquery.8
@@ -0,0 +1,147 @@
+.TH s/qmail: spfquery 8
+.SH NAME
+spfquery \- SPF test program
+.SH SYNOPSIS
+.B spfquery
+.I sender-ip
+.I sender-helo
+.I envelope-from
+.I [local rules]
+.I [-v]
+.SH DESCRIPTION
+.B spfquery
+is a test program to allow evaluation
+of
+.I SPF records
+fetched on demand by means of
+.BR qmail-smtpd .
+
+.SH "ARGUMENTS"
+.B spfquery
+uses the given arguments
+.IR sender-ip ,
+.IR sender-helo ,
+and
+.I envelope-from
+to perform a DNS SPF TXT lookup
+and evaluates the results.
+In addition, \'local-rules\' might
+be included as
+.IR local-rules .
+By means of the (last) option
+.I -v
+a verbose output is provided.
+
+.SH "RESPONSE"
+The result of
+.B spfquery
+shows the SPF return codes of the retrieved
+information after the DNS evaluation.
+Additionally, the mechanisms and
+results are displayed as chain
+of resulting codes. In case the option
+.I -v
+is given, the received DNS SPF TXT records
+for the analysed domain are shown in raw
+format to allow further diagnostics.
+
+.SH "SPF MECHANISMS"
+.B spfquery
+and of course
+.B qmail-smtpd
+support all mechanisms defined in
+.IR RFC\ 7208 ,
+in particular:
+.IR A/AAAA ,
+.IR IPv4 ,
+.IR IPv6 ,
+.IR MX ,
+.IR PTR ,
+.IR Exists .
+Nesting of SPF records - indicated by the commands
+.I include:
+and
+.I redirect=
+- is allowed and the chain is followed.
+Further,
+.I exp(lanation)=
+is supported.
+
+.SH "SPF QUALIFIERS"
+SPF makes uses of command and explanation qualifiers.
+Command and explanation characters are:
+.I +
+pass (default),
+.I -
+fail,
+.I ~
+softfail,
+.I ?
+neutral.
+
+.SH "EXPLANATION CHARACTERS"
+This implementation uses the following
+additional explanation characters:
+.I o
+none,
+.I u
+unknown,
+.I d
+DNS problem (not used).
+
+.SH "MACRO EXPANSION"
+Macros (keyword) expansion is supported conforming to
+.IR RFC\ 7208 .
+
+
+.SH "SPF EVALUATION"
+.B spfquery
+provides a brief summary of results for the evaluation:
+.I S
+the sending IP,
+.I O
+the envelope-from address,
+.I C
+the requested domain for lookup,
+.I H
+the HELO/EHLO of the contacted MTA,
+.I M
+the SPF lookup mechanis as explained,
+.I I
+the included domanin for lookup,
+.I D
+the (re)direct to follow,
+.I P
+a potential problem observed.
+These letters are followed by an equal sign '='
+and detail the information.
+.I R
+is the lookup result obtained, followed by a
+colon ':'.
+
+.SH "DIAGNOSTICS"
+Additional DNS diagnostic routines are available:
+.B dnstxt
+returns the DNS TXT for
+.IR host .
+.B dnsptr
+returns the DNS PTR for
+.IR IP .
+.B dnsmxip
+returns the MTA IPs for
+.IR domain .
+
+.SH "CREDITS"
+The
+.B spfquery
+program and the SPF integration into
+.B s/qmail
+follows mainly the implementation of
+Jana Saout (http://www.saout.de/misc/spf/)
+and is used by permission.
+
+.SH "SEE ALSO"
+qmail-control(5),
+qmail-smtpd(8)
+dnsmxip(8),
+dnstxt(8).
diff --git a/man/splogger.8 b/man/splogger.8
new file mode 100644
index 0000000..c9137a3
--- /dev/null
+++ b/man/splogger.8
@@ -0,0 +1,60 @@
+.TH s/qmail: splogger 8
+.SH NAME
+splogger \- make entries in syslog
+.SH SYNOPSIS
+.B splogger
+[
+.I tag
+[
+.I fac
+]
+]
+.SH DESCRIPTION
+.B splogger
+reads a series of messages and feeds them to
+.BR syslog .
+At the front of each message it puts
+.I tag
+(default:
+.BR splogger )
+and a numerical timestamp.
+
+.B splogger
+checks for
+.B alert:
+or
+.B warning:
+at the beginning of each message.
+It selects a priority of
+LOG_ALERT, LOG_WARNING, or LOG_INFO accordingly.
+
+.B splogger
+logs messages with facility
+.IR fac .
+.I fac
+(default: 2)
+must be numeric.
+
+.B splogger
+converts unprintable characters to question marks.
+
+.B splogger
+does not log blank lines.
+
+.B splogger
+folds messages after 800 characters,
+since
+.B syslog
+can't handle long messages.
+.B splogger
+uses a + after the timestamp
+to mark folded lines.
+
+Note that the
+.B syslog
+mechanism is inherently unreliable:
+it does not guarantee that messages will be logged.
+It is also very slow.
+.SH "SEE ALSO"
+syslog(3),
+logger(8)
diff --git a/man/sqmail.9 b/man/sqmail.9
new file mode 100644
index 0000000..921a95c
--- /dev/null
+++ b/man/sqmail.9
@@ -0,0 +1,130 @@
+.TH s/qmail: s/qmail 7
+.SH "NAME"
+s/qmail \- overview of s/qmail documentation
+.SH "INTRODUCTION"
+.B s/qmail
+is a secure, encrypting, authenticating, reliable, efficient,
+yet simple IPv4/IPv6 message transfer agent based on
+.B qmail
+and ought to be plug-in compatible.
+The
+.B s/qmail
+software includes Dan Bernstein's
+.B fastforward
+and
+.B qmailanalog
+package in addition with other enhancements taken mainly from the
+.B Spamcontrol
+patch.
+
+The current version of
+.B s/qmail
+depends on the
+.B fehQlibs
+and
+.B OpenSSL
+or
+.BR LibreSSL .
+
+Users who want to control incoming messages
+should read
+.BR dot-qmail (5).
+Available commands for the
+.B .qmail
+file include
+.BR qbiff (1),
+.BR qreceipt (1),
+.BR forward (1),
+.BR fastforward (1),
+.BR bouncesaying (1),
+and
+.BR condredirect (1).
+Other helpful commands include
+.BR maildirmake (1),
+.BR maildir2mbox (1),
+and
+.BR maildirwatch (1).
+
+System administrators who want to control the entire
+.B s/qmail
+system should start with
+.BR qmail-control (5),
+.BR qmail-mfrules (8),
+and
+.BR qmail-start (8).
+
+There are four queue-monitoring/mangement tools:
+.BR qmail-qread (8),
+.BR qmail-qstat (8),
+.BR qmail-qmaint (8),
+and
+.BR qmail-tcpto (8).
+.BR qmail-mrtg (8)
+allows to feed the
+.B s/qmail
+logs to
+.BR MRTG .
+Incoming SMTP connections are handled by
+.BR qmail-smtpd (8)
+and
+.BR qmail-recipients (8)
+optionally together with
+.BR qmail-smtpam (8),
+.BR qmail-authuser (8)
+and perhaps with
+.BR qmail-vmailusers (8)
+if virtual mail managers like
+.B vpopmail
+or
+.B vmailmgr
+are in use.
+
+SRS is availalable within
+.B s/qmail
+by means of the additional commands
+.BR srsforward (1)
+and
+.BR srsreverse (1).
+DKIM message signing and verification is achieved with
+.B qmail-dksign (8)
+and
+.BR qmail-dkverify (8).
+
+.B s/qmail
+offers two command-line message-sending interfaces:
+.BR qmail-inject (8)
+and
+.BR mailsubj (1).
+For background information on Internet mail messages,
+see
+.BR addresses (5),
+.BR envelopes (5),
+.BR qmail-header (5),
+and
+.BR forgeries (7).
+
+Miscellaneous documentation includes
+.BR qmail-limits (7)
+and
+.BR qmail-pop3d (8).
+
+Apart from the Internet mail message transport protocols
+.I ESMTP/ESMTPS
+.B s/qmail
+supports
+.I QMTP/QMTPS
+together with the Pop Office message protocols
+.IR POP3/POP3S
+depending on the
+.B ucspi-ssl
+package for TLS support.
+
+This documentation describes version
+VERSION
+of
+.BR s/qmail .
+See
+.B https://www.fehcom.de/djbware.html
+for other
+.BR s/qmail -related
+software.
diff --git a/man/srsforward.1 b/man/srsforward.1
new file mode 100644
index 0000000..930c3df
--- /dev/null
+++ b/man/srsforward.1
@@ -0,0 +1,96 @@
+.TH s/qmail: srsforward 1
+.SH NAME
+srsforward \- forward mail to one or more addresses including a SRS extension
+.SH SYNOPSIS
+in
+.BR .qmail :
+.B |srsforward
+.I address ...
+.SH DESCRIPTION
+.B srsforward
+forwards mails for dedicated recipient
+.I srsdomains
+to the specified list of addresses
+while extending the SMTP 'RCPT TO:' envelope address with
+SRS (Sender Rewriting Scheme) information.
+It is a simple wrapper around
+.B qmail-queue
+rewriting the SMTP recipient address. The forwarded email
+ought to be acceptable for SPF enabled recipient MTAs.
+Additionally, it mitigates the forgery of addresses for bounces.
+.SH "CONTROL FILE"
+.B srsforward
+reads the control file
+.IR srsdomains .
+Here, you can specify
+
+.I srsdomain:SRS_secret1 SRS_secret2 ...|[+,-,=]|[srsaddress(.)]
+
+.I srsdomain
+is
+.B s/qmail's
+recipient domain; typically
+.I defaultdomain
+or any domain given in
+.IR rcpthosts .
+.I srsdomain
+can be simply expressed as '*', thus the
+following informations are
+applicable for all
+.B srsfoward
+domains as default values, while
+particular
+.I srsdomain
+settings have precedence.
+Reversely, recipient
+domains can be disable for SRS fowarding:
+.IR !nosrsfoward.example.com: .
+
+.B srsforward
+accepts several 'secrets' for each
+.I srsdomain
+separated by empty spaces.
+
+.BR srsfoward 's
+.I delimiter
+is a character chosen out of the set
+.I +,-,=
+with default
+.I =
+and thus is optional.
+
+.B srsforward
+may include
+.I srsaddress
+to construct the domain part of the RCPT TO:
+envelope address for SRS fowarded mails. If
+.I srsaddress
+ends with a dot '.',
+this name is used to prepend the original
+host name and typically is chosen as
+.IR srs. .
+Otherwise, the original host name is
+used as default
+.I srsaddress
+for forwarding and also relevant for
+potential bounces being subject of
+.BR srsreverse .
+.SH "ENVIRONMENT VARIABLES"
+.B srsforward
+reads the environment variables
+.IR HOST ,
+which is used to determine the
+.IR srsdomain ,
+.IR DTLINE ,
+and
+.IR NEWSENDER .
+.SH REFERENCE
+.B srsforward
+uses srs2.c from
+.IR libsrs2 .
+.SH "SEE ALSO"
+srsreverse(1),
+dot-qmail(5),
+qmail-command(8),
+qmail-queue(8),
+qmail-send(8).
diff --git a/man/srsreverse.9 b/man/srsreverse.9
new file mode 100644
index 0000000..5057330
--- /dev/null
+++ b/man/srsreverse.9
@@ -0,0 +1,87 @@
+.TH s/qmail: srsreverse 1
+.SH NAME
+srsreverse \- reconstruct the original address from its SRS extension
+and forward bounce mail
+.SH SYNOPSIS
+in
+.BR .qmail :
+.B |srsreverse
+.SH DESCRIPTION
+Upon reception by
+.BR qmail-smtpd ,
+.B qmail-local
+may feed a locally delivered bounce email through
+.B srsrevers
+in order to reconstruct the original sender from
+the received SRS address provided in the local part
+and to forward the bounce mail to its original address.
+.SH "SRS DOMAINS"
+In order to accept emails for SRS modified
+return addresses, you need to setup those in
+.IR rcpthosts .
+If your domain is
+.I example.com
+in
+.I rcpthosts
+you probably want to set up additionally
+.IR srs.example.com .
+However,
+.I .example.com
+would be fine as well.
+.SH "VIRTUAL SRS USER"
+SRS can facilitate a virtual user typically named
+.I srs
+and thus requires an entry like
+.I srs.example.com:srs
+in
+.IR virtualdomains .
+.SH "DOT QMAIL"
+.B srsreverse
+is called from a
+.I dot-qmail
+file which could be
+.IR SQMAIL/alias/.qmail-srs-default .
+.SH "CONTROL FILES"
+.B srsreverse
+reads the control file
+.I virtualdomains
+to exfiltrate the (virtual) SRS user name for the received domain,
+if given. With the evaluated
+.IR srsdomain ,
+.B srsrevers
+fetches the
+.I SRS secret
+from
+.I srsdomains
+in order to validate the SRS bounce address.
+.SH "ENVIRONMENT VARIABLES"
+.B srsrverse
+reads the environment variables
+.IR DTLINE ,
+.IR HOST ,
+and
+.IR RECIPIENTS .
+.I HOST
+is used to determine the
+.IR srsdomain .
+The forwarding bounce address is reconstructed from
+the local part of
+.IR RECIPIENTS .
+.SH VERP
+The Sender Rewriting Scheme SRS can be considered
+as tailored form of VERP: Variable Envelope Return Path.
+The chosen primary delimiter
+.I =
+is recognized by
+.BR qmail-smtpd 's
+recipient extension.
+.SH REFERENCE
+.B srsreverse
+uses srs2.c from
+.IR libsrs2 .
+.SH "SEE ALSO"
+srsforward(1),
+dot-qmail(5),
+qmail-command(8),
+qmail-queue(8),
+qmail-send(8).
diff --git a/man/tai64nfrac.5 b/man/tai64nfrac.5
new file mode 100644
index 0000000..6a2cc5f
--- /dev/null
+++ b/man/tai64nfrac.5
@@ -0,0 +1,18 @@
+.TH s/qmail: tai64nfrac 5
+.SH NAME
+tai64nfrac \- evaluate the TAI64 timestamp and write the fractional seconds
+.SH SYNOPSIS
+.B tai64nfrac
+
+.SH DESCRIPTION
+Reads a TAI64N external format timestamp following the '@'
+as first character from
+.I stdin
+and
+writes the fractional seconds since epoch (TAI, not UTC) to
+.IR stdout .
+Returns the following characters after the timestamp unaltered.
+
+.SH "SEE ALSO"
+tcpserver(1),
+sslserver(1).
diff --git a/man/tcp-environ.5 b/man/tcp-environ.5
new file mode 100644
index 0000000..244d32a
--- /dev/null
+++ b/man/tcp-environ.5
@@ -0,0 +1,86 @@
+.TH s/qmail: tcp-environ 5
+.SH NAME
+tcp-environ \- TCP-related environment variables
+.SH DESCRIPTION
+The following environment variables
+describe a TCP connection.
+They are set up by
+.B tcpclient
+and
+.B tcpserver
+as well as
+.BR sslclient
+and
+.BR sslserver .
+
+Note that
+.BR TCPLOCALHOST ,
+.BR TCP6LOCALHOST ,
+.BR TCPREMOTEHOST ,
+.BR TCP6REMOTEHOST ,
+and
+.BR TCPREMOTEINFO ,
+.BR TCP6REMOTEINFO ,
+can contain arbitrary characters.
+.TP 5
+PROTO
+The string
+.BR TCP ,
+or
+.BR TCP6 .
+.TP 5
+TCPLOCALHOST/TCP6LOCALHOST
+The domain name of the local host,
+with uppercase letters converted to lowercase.
+If there is no currently available domain name
+for the local IP address,
+.BR TCPLOCALHOST ,
+.B TCP6LOCALHOST
+is not set.
+.TP 5
+TCPLOCALIP
+The IPv4 address of the local host, in dotted-decimal form.
+.TP 5
+TCP6LOCALIP
+The compactified IPv6 address of the local host.
+.TP 5
+TCPLOCALPORT/TCP6LOCALPORT
+The local TCP port number, in decimal.
+.TP 5
+TCPREMOTEHOST/TCP6RMOTEHOST
+The domain name of the remote host,
+with uppercase letters converted to lowercase.
+If there is no currently available domain name
+for the remote IP address,
+.B TCPREMOTEHOST
+or
+.B TCP6REMOTEHOST
+is not set.
+.TP 5
+TCPREMOTEINFO/TCP6REMOTEINFO
+A connection-specific string, perhaps a username,
+supplied by the remote host
+via 931/1413/IDENT/TAP.
+If the remote host did not supply connection information,
+.BR TCPREMOTEINFO ,
+.B TCP6REMOTEINFO
+is not set.
+.TP 5
+TCPREMOTEIP
+The IPv4 address of the remote host.
+.TP 5
+TCP6REMOTEIP
+The IPv6 address of the remote host.
+.TP 5
+TCPREMOTEPORT/TCP6REMOTEPORT
+The remote TCP port number.
+.TP 5
+TCP6INTERFACE
+contains the interface name for IPv6 connections.
+
+.SH "SEE ALSO"
+tcpclient(1),
+tcpserver(1),
+sslclient(1),
+sslserver(1),
+tcp(4)
diff --git a/man/xqp.1 b/man/xqp.1
new file mode 100644
index 0000000..14bf370
--- /dev/null
+++ b/man/xqp.1
@@ -0,0 +1,18 @@
+.TH s/qmail: xqp 1
+.SH NAME
+xqp \- locate a message given its qp
+.SH SYNTAX
+.B xqp
+.I qp
+.SH DESCRIPTION
+.B xqp
+reads message lines and delivery lines printed by
+.BR matchup .
+It prints the lines that involve messages with long-term queue identifier
+.IR qp .
+
+Long-term queue identifiers are not permanent identifiers.
+They are based on process IDs;
+15-bit process IDs can easily wrap around in less than an hour on a busy system.
+.SH "SEE ALSO"
+matchup(1)
diff --git a/man/xrecipient.1 b/man/xrecipient.1
new file mode 100644
index 0000000..ec58832
--- /dev/null
+++ b/man/xrecipient.1
@@ -0,0 +1,14 @@
+.TH s/qmail: xrecipient 1
+.SH NAME
+xrecipient \- locate all deliveries to one recipient
+.SH SYNTAX
+.B xrecipient
+.I channel.recipient
+.SH DESCRIPTION
+.B xrecipient
+reads message lines and delivery lines printed by
+.BR matchup .
+It prints the delivery lines that involve messages sent to
+.IR channel.recipient .
+.SH "SEE ALSO"
+matchup(1)
diff --git a/man/xsender.1 b/man/xsender.1
new file mode 100644
index 0000000..f919f8a
--- /dev/null
+++ b/man/xsender.1
@@ -0,0 +1,14 @@
+.TH s/qmail: xsender 1
+.SH NAME
+xsender \- locate all messages from one sender
+.SH SYNTAX
+.B xsender
+.I sender
+.SH DESCRIPTION
+.B xsender
+reads message lines and delivery lines printed by
+.BR matchup .
+It prints the lines that involve messages with return path
+.IR sender .
+.SH "SEE ALSO"
+matchup(1)