diff options
author | Jannis Hoffmann <jannis@fehcom.de> | 2024-07-09 11:44:11 +0200 |
---|---|---|
committer | Jannis Hoffmann <jannis@fehcom.de> | 2024-07-09 11:44:11 +0200 |
commit | f1b71c9fe7dbb4886588a036399cf5ebe16b7c47 (patch) | |
tree | e07786aa479c9fb6ee3e537078470aaab5454f80 /sqmail-4.3.07/man/qmail-smtpd.8 | |
parent | a293489ee83c8b05d845a162dc2a4de026f3775d (diff) |
removed top level directory
Diffstat (limited to 'sqmail-4.3.07/man/qmail-smtpd.8')
-rw-r--r-- | sqmail-4.3.07/man/qmail-smtpd.8 | 1018 |
1 files changed, 0 insertions, 1018 deletions
diff --git a/sqmail-4.3.07/man/qmail-smtpd.8 b/sqmail-4.3.07/man/qmail-smtpd.8 deleted file mode 100644 index 393ec28..0000000 --- a/sqmail-4.3.07/man/qmail-smtpd.8 +++ /dev/null @@ -1,1018 +0,0 @@ -.TH s/qmail: qmail-smtpd 8 -.SH "NAME" -qmail-smtpd \- receive mail via SMTP -.SH "SYNOPSIS" -.B qmail-smtpd -[ -.I checkprogram -.I subprogram -] -.SH "DESCRIPTION" -.B qmail-smtpd -receives mail messages via the Simple Mail Transfer Protocol (SMTP) -and invokes -.B qmail-queue -to deposit them into the outgoing queue. -.B qmail-smtpd -must be supplied with several environment variables; -see -.BR tcp-environ(5) . - -.B qmail-smtpd -is responsible for counting hops. -It rejects any message with 100 or more -.B Received -or -.B Delivered-To -header fields. - -.B qmail-smtpd -supports ESMTP and offers 8BITMIME, DATA, PIPELINING, SIZE, AUTH, STARTTLS, and SMTPUTF8 options. -.B qmail-smtpd -includes a 'Mail From:' parameter parser and obeys 'Auth', 'Size', and 'SMTPUTF8' advertisements. -.B qmail-smtpd -supports SMTPUTF8 SMTP envelope addresses and provides 8 bit clean message transmission. -.B qmail-smtpd -STARTTLS and SMTPS implementation requires the use of -.B sslserver -from ucspi-ssl. - -Authentication is facilitated in case the environment variable -SMTPAUTH is set which tells -.B qmail-smtpd -to accept LOGIN, PLAIN, and eventually CRAM-MD5 Auth types -and if additionally a PAM -.I checkprogram -is available which reads on file descriptor 3 the username, a 0 byte, -the password or CRAM-MD5 digest/response derived from the SMTP client, -another 0 byte, a CRAM-MD5 challenge (if applicable to the Auth type), -and a final 0 byte. -.I checkprogram -invokes -.I subprogram -upon successful authentication, which should return 0 to -.BR qmail-smtpd , -effectively setting the environment variables RELAYCLIENT and -TCPREMOTEINFO or TCP6REMOTEINFO -(any supplied value replaced with the authenticated username). -.B qmail-smtpd -will reject the authentication attempt if it receives a nonzero return -value from -.I checkprogram -or -.IR subprogram . - -STARTTLS support is enabled setting the environment variable UCSPITLS. -In this case, -.B qmail-smtpd -communicates with the -.B sslserver -program interface through a control socket, a reading and a writing pipe, dynamically -defined during the session start to be used for transport layer encryption. -.B qmail-smtpd -provides mutual authentication based on X.509 client certs and relaying -with additional SMTP Return-Path validation. - -.B qmail-smtpd -may employ additional DNS look-ups for the 'Mail From:' envelope sender -address and/or the HELO/EHLO greeting string from the MTA client. - -.B qmail-smtpd -implements a SPF record check for the domain part of the received -.I Mail-From:\ <return-path> -address or -the -.I HELO/EHLO -statement in case the domain information is missing. -This behavior is triggered by the environment variable -.BR SPF . - -.B qmail-smtpd -can be advised to communicate with a Greylisting server prior of acceptance, like -.BR postgrey , -submitting the connection information -.IR Mail\ From: , -.IR Rcpt\ To: , -.IR TCPREMOTEIP -and -.I TCPREMOTEHOST -given its IPv4/IPv6 address as environment variable -.IR POSTGREY -and potentially including the port number (60000 is default) -following the IP address separated by a semi-colon. -For IPv6 LLU addresses the interface name followwing a percent sign can be included: -.IR fe80::1%eth0;60000 . -A return value of -.I 10 -will advise -.B qmail-smtpd -to defer the SMTP connection providing a -.I 450\ greylisted\ (#4.3.0) -response to the connecting MTA, which can be tailored (see below). -This mechanism shall not be used for SMTP connections on the -.I Submission -port. -Setting -.I POSTGREY='-' -disables the lookup. - -.SH "TRANSPARENCY" -.B qmail-smtpd -converts the SMTP newline convention into the UNIX newline convention -by converting CR LF into LF. -Usually, it returns a temporary error and drops the connection on bare LFs. - -.B qmail-smtpd -accepts messages that contain long lines or non-ASCII characters -and thus is initially capable for SMTPUTF8 support. - -.SH "CONTROL FILES" -.TP 5 -.IR badhelo -Unacceptable HELO/EHLO greeting strings. -.B qmail-smtpd -will reject every connection attempt -if the client MTA's HELO/EHLO greeting compares with -a wildmat pattern provided in -.IR badhelo -in case the environment variable -.B HELOCHECK -is set. -.IR badhelo -checks have precedence over DNS lookups. -DNS lookups can be avoided, if the announced -HELO/EHLO greeting string is concatinated -with a trailing '!' and included in -.IR badhelo : - -.EX - localhost - localhost.localdomain - 127.0.0.1 - mygreetingstring - [192.168.1.2]! -.EE - -.TP 5 -.I badmailfrom -Unacceptable envelope sender addresses. -.B qmail-smtpd -will reject every recipient address for a message -if the envelope sender address is listed in -.IR badmailfrom . -A line in -.I badmailfrom -may be of the form -.BR @\fIhost , -meaning every address at -.IR host . -Additionally, any envelope sender address can be filtered -with a wildmat check: - -.EX - *@earthlink.net - !fred@earthlink.net - [0-9][0-9][0-9][0-9][0-9]@[0-9][0-9][0-9].com - answerme@save* - *%* - @yahoo.com- - @hotmail.com= - @mydomain.tld+ - ~yahoo.com - ?nobody@example.com -.EE - -A -.I badmailfrom -file with this contents reject all mail from Earthlink except from -fred@earthlink.net. It also rejects all mail with addresses like: -12345@123.com and answerme@savetrees.com. Further, any mail with -a sender address containing a percent sign (%) is rejected. - -This implementation recognises 'extended' addresss in -.I badmailfrom -allowing to reject mails with particluar spoofed domain addresses: - -(1) The address is appended with a '-'. -Now, if -.I TCP(6)REMOTEHOST -equals 'unknown', mails with the corresponding address are rejected -(badmailfromunknown). - -(2) The address is appended with a '='. -In case -.I TCP(6)REMEOTEHOST -is set mails, whose domain part of the envelope addresses -.B not -matching -the corresponding entry are rejected (badmailfromwellknown). - -(3) The address is appended with a '+'. -If -.I RELAYCLIENT -is not set and the sender address matches a corresponding entry -(anti-spoofing for internal addresses). - -(4) The address is enhanced with a leading '~'. -This requires a (left to right partial) matching of -.I TCP(6)REMOTEHOST -with the domain part of the envelope address. -Thus, this specific entry in -.I badmailfrom -uses -.I TCP(6)REMOTEHOST -in the first place (badmailfrommismachteddomains). - -(5) The address is enhanced with a leading '?'. -Emails with the corresponding sender address pass by all further -.I badmailfrom -tests including the -.I MFDNSCHECK -check. - -Note: The 'enhanced' addresses are not subject of the wildmat check -and are evaluated in lower-case. - -The wildmat check is done in the order: -Least significant to most significant. -Example: - -.EX - * - ! - !*@*.* - *viagra* -.EE - -.TP 5 -.I badloadertypes.cdb -Unacceptable base64 loader types in the message. -.B qmail-smtpd -will reject every message if 5 significant -characters (eg. -.BR Mi5kb) -anyware in the base64 encoded attachment is identical -to those compiled into -.IR badloadertypes.cdb . -Use -.B qmail-badloadertypes -to derive -.I badloadertypes.cdb -from -.IR badloadertypes . -In order to make the search efficient, all bad loader -types have to start with the same character (eg. 'M'). -The control file -.I badloadertypes.cdb -is evaluated if the environment variable BADLOADERTYPE -is set to the first character according to the contents of -.IR badloadertypes . -.TP -.I badmimetypes.cdb -Unacceptable base64 encoded MIME types in message. -.B qmail-smtpd -will reject every message if the first 9 significant -characters (eg. -.BR TVqQAAMAA ) -of any of it's embedded MIME types is identical with one -compiled into -.IR badmimetypes.cdb . -Use -.B qmail-badmimetypes -to derive -.I badmimetypes.cdb -from -.IR badmimetypes . -The control file -.I badmimetypes.cdb -is evaluated if the environment variable -.I BADMIMETYPE -is set. -In addition, irregular BASE64 attachments carrying whitespaces can -be rejected defining -.IR BADMIMETYPE='!' . -.TP 5 -.I badrcptto -Unacceptable envelope recipient addresses. -.B qmail-smtpd -will reject every incoming message -if the envelope recipient address is listed in -.IR badrcptto . -This control file is complementary to -.IR badmailfrom . -A line in -.I badrcptto -may be of the form -.BR @\fIhost , -meaning every address at -.IR host . -.I badrcptto -employes the same filtering logic for the envelope recipient as -.IR badmailfrom . -Effectively, -.IR badrcptto -allows a 'whitelisting' of envelope recipient addresses: - -.EX - * - !user1@mydomain.com - !user2@mydomain.com - !*@anotherdomain.com -.EE - -.IR badrcptto -allows to tag recipient addresses to be reachable from -authorized clients only (aka relayclients), prepending it -in -.IR badrcptto -with -.IR + . - -.EX - +localaddress@mydomain.com -.EE - -.TP 5 -.I databytes -Maximum number of bytes allowed in a message, -or 0 for no limit. -Default: 0. -If a message exceeds this limit, -.B qmail-smtpd -returns a permanent error code to the client; -in contrast, if -the disk is full or -.B qmail-smtpd -hits a resource limit, -.B qmail-smtpd -returns a temporary error code. - -.I databytes -counts bytes as stored on disk, not as transmitted through the network. -It does not count the -.B qmail-smtpd -Received line, the -.B qmail-queue -Received line, or the envelope. - -If the environment variable DATABYTES -is set, it overrides -.IR databytes . -.TP 5 -.I localiphost -Replacement host name for local IP addresses. -Default: -.IR me , -if that is supplied. -.B qmail-smtpd -is responsible for recognizing native IPv4/IPv6 addresses for the -current host. -When it sees a recipient address of the form -.I box@[d.d.d.d] -or -.IR box@[a:b:c:d:e:f:g:h] , -where -.I d.d.d.d -or -.IR a:b:c:d:e:f:g:h -is a local IPv4/IPv6 address, -it replaces -.I [d.d.d.d] -or -.IR [a:b:c:d:e:f:g:h] -with -.IR localiphost . -This is done before -.IR rcpthosts . -.TP 5 -.I morercpthosts -Extra allowed RCPT domains. -If -.I rcpthosts -and -.I morercpthosts -both exist, -.I morercpthosts -is effectively appended to -.IR rcpthosts . - -You must run -.B qmail-newmrh -whenever -.I morercpthosts -changes. - -Rule of thumb for large sites: -Put your 50 most commonly used domains into -.IR rcpthosts , -and the rest into -.IR morercpthosts . -.TP 5 -.I mailfromrules -Acceptable 'Mail From:' addresses for -RELAYCLIENTs are included here. Use -.B qmail-mfrules -to derive -.TP 5 -.I mailfromrules.cdb -from -.IR mailfromrules . -.TP 5 -.I rcpthosts -Allowed RCPT domains. -If -.I rcpthosts -is supplied, -.B qmail-smtpd -will reject -any envelope recipient address with a domain not listed in -.IR rcpthosts . - -Exception: -If the environment variable RELAYCLIENT is set, -.B qmail-smtpd -will ignore -.IR rcpthosts , -and will append the value of RELAYCLIENT -to each incoming recipient address. - -.I rcpthosts -may include wildcards: - -.EX - heaven.af.mil - .heaven.af.mil -.EE - -Envelope recipient addresses without @ signs are -always allowed through. -.TP 5 -.I recipients -List of external resources providing acceptable, -full-qualified envelope addresses -(\'RCPT to: <recip@domain>\') -to be used for recipient verification -during the SMTP session. - -The external sources can be either -.B fastforward -compliant cdbs including the envelope addresses, -where the path to a cdb has to be referenced -relative to Qmail's home directory, or a -.B qmail-users -build cdb available as -.IR users/assign.cdb , -or a -.B checkpassword -compatible Plugable Authentication Modules -(PAM), receiving the envelope address on FD 3 -as 'recip@domain\\0\\0\\0' and returning '0' -in a case of success and '1' in case of failure. -The use of a PAM is indicated with a delimiting '|' and -it will be called with up to five additional parameters; -while a cdb follows a ':', which can be omitted. - -The list of external sources is consulted line-by-line for each -recipient envelope address until the first positive answer, -or a final negative response is encountered. -Which external source to be queried, depends on the domain part of the -recipient envelope address specified on the left side of the -.I recipients -file, while the external resource is provided right from the delimitor. - -The addresses' domain part is evaluated in lower-case. -An exact domain match can be encompassed by means of a leading '@'. -The '*' is a generic wildcard for all domains. -Specific domains can be excluded from the lookup by means of a -leading '!'; thus all recipient addresses are accepted for this domain. -Additionally, a '!*' can be used as wildcard for all domains not encountered -before in -.I recipients -(pass-thru). - -A -.I recipients -file is always constructed like 'domain:cdb','domain|pam', -or simply 'cdb': - -.EX - !nocheck.com - mydomain.com:users/recipients.cdb - @mx.mydomain.com:= - example.com|bin/qmail-smtpam mx.example.com - *:etc/fastforward.cdb - *|PATH/ldapam ldapserver host port DN passwd - !* -.EE - -.B qmail-smtpd -will semi-automatically consult -.I users/assign.cdb -generated by -.B qmail-newu -in case the domain name is -followed by a colon and the equal sign '='. -Now, the received \'Rcpt to:\' address -is compared against each local part address -(starting with a '=') in -.IR users/assign.cdb . -However, no VERP addresses are considered, -which are indicated therein via a '+'. - -Lagacy format: - -.EX - users/recipients.cdb - etc/fastforward.cdb -.EE - -Note: Excluded domains starting with a '!' -should be placed in the beginning of the -.I recipients -file for performance reasons, while the pass-thru -statement '!*' has to be on the last line. -The recipients check is applied after the -.I rcpthosts -evaluation. - -.B qmail-recipients -may be used to construct a -.I users/recipients.cdb -from -.IR users/recipients . - -The -.B qmail-smtpd -recipients mechanism supports Qmail's address extension (VERP). -Unqualified envelope recipients are appended with \'@localhost\'. -.TP 5 -.I smtpgreeting -SMTP greeting message. -Default: -.IR me , -if that is supplied; -otherwise -.B qmail-smtpd -will refuse to run. -The first word of -.I smtpgreeting -should be the current host's name. -.TP 5 -.I spfexplain -An additional SPF explanation can be given here to provide more -specific information for the sender in case of a reject. -SPF macro expansion is possible. It will override the default one, e.g.: - -.EE -See https://example.com/spfrules.html (#5.7.1) -.EX -.TP 5 -.I spflocalrules -As 'last resort', it is possible to include SPF local rules here -(on one line), that will be applied before other SPF rules would fail. -This can be used to allow certain MX to send mails anyway. Example: - -.EE -include:spf.trusted-forwarder.org -.EX -.TP 5 -.I timeoutsmtpd -Number of seconds -.B qmail-smtpd -will wait for each new buffer of data from the remote SMTP client. -Default: 1200. - -.SH "CONDITIONAL CONTROL FILES" -The control files \fIrcpthosts\fR, \fImorecpthosts\fR, -\fIrecipients\fR, \fIbadhelo\fR -are 'conditional' control files and evaluated -only if the environment variable RELAYCLIENT is not set. -On the other hand, -\fImailfromrules.cdb\fR is only taken into account, if -RELAYCLIENT is set. -This allows -.B qmail-smtpd -to relay mail messages from local clients and to filter -mails with certain SMTP envelope conditions -originating from particular clients ('Split Horizon'). -Other conditional control files are -\fIbadloadertypes\fR, -\fIbadmimetypes\fR -which depend on the setting of the corresponding -environment variables. - -Further, the control files \fIspfexplain\fR and -\fIspflocalrules\fR are only evaluated if the -environment variable -.I SPF -is defined and greater than 0 and -.I RELAYCLIENT -is not set. - -.SH "ENVIRONMENT VARIABLES READ" -Environment variables may be defined globally in the -.B qmail-smtpd -startup script and/or individually as part of the -.BR sslserver 's -cdb database. -The environment variables may be quoted ("variable", or 'variable') and -in case of global use, have to be exported. -.B qmail-smtpd -supports the following legacy environment variables, typically -provided by -.B sslserver -or -.B tcpserver: -.IR TCP(6)REMOTEIP , -.IR TCP(6)REMOTEHOST -.IR TCP(6)REMOTEINFO -and -.IR TCPLOCALPORT -as well as -.IR RELAYCLIENT . -Additionally, -.B qmail-smtpd -may use several environment variables for different purposes. -.P -Controlling the SMTP HELO/EHLO: -.IP -.TP 5 -.I HELOCHECK='' -enables a check of the provided HELO/EHLO greeting against -the content of the control file -.IR badhelo . -In case no HELO/EHLO greeting is given, SMTP -connections can be rejected, if -.I HELOCHECK='!' -is set. Checks on the presence and the content of -the HELO/EHLO greeting string is facilitated, setting -.IR HELOCHECK='.' . -To enforce the match of the HELO/EHLO greeting with -the remote host's FQDN ( -.IR TCP(6)REMOTEHOST ), -use -.IR HELOCHECK='=' . -.TP 5 -.I HELOCHECK='A' | HELOCHECK='M' -enable DNS A/MX lookup for the HELO/EHLO greeting string. -In addition, the HELO/EHLO string is checked against -the content of -.IR badhelo . -.TP 5 -.I UTF8 -display the -.I SMTPUTF8 -greeting string. This is off by default. -.p -Since -.B qmail-smtpd -is 8 bit clean, setting of -.I UTF8 -has no real consequences except for displaying this -setting in the log as -.IR ESMTP[SA]UTF8 . -.P -Controlling the SMTP Mail From: -.IP -.TP 5 -.I LOCALMFCHECK -is used to enable a 'Mail From:' address Verification (MAV) for RELAYCLIENTs. -Thus, the domain part of the 'Mail From:' envelope sender address -has to match an entry in -.IR rcpthosts -or -.IR morercpthosts -control files, if not explicitly defined otherwise. - -If LOCALMFCHECK='!' is set, the control file -.I mailfromrules.cdb -is evaluated and the MAV is facilitated employing the environment variables -.IR TCP(6)REMOTEINFO , -.IR TCP(6)REMOTIP , -or -.I TCP(6)REMOTEHOST -as a key. -However, if LOCALMFCHECK='=' is provided, -.IR TCP(6)REMOTEINFO -(i.e. set by Auth) has to match the 'Mail From:' -envelope address (case insensitive). -Alternativley, using LOCALMFCHECK='?' the email address -embedded in the DN of a X.509 client is used and compared -against the 'Mail From:' envelope address. -Of course, this requires -.B sslserver -to request a client cert for mutual authentication. - -Note: Adding a qualifier to LOCALMFCHCEK, -the domain part of the 'Mail From:' address is compared -against the provided string. -.TP 5 -.IR MFDNSCHECK -enable DNS MX lookup for the domain part of the 'Mail From:' envelope sender address. -.TP 5 -.I SPF='0'|'1'|'2'|'3'|'4'|'5'|'6' -SPF Records will be evaluated for the current SMTP session in case -.B SPF -is defined. The value of -.B SPF -may be given between 1 and 6 to enable SPF checks. -.I 1 -selects 'annotate-only' mode, where -.B qmail-smtpd -will annotate incoming email with a -.B Received-SPF -header, but will not reject any messages. -.I 2 -will produce temporary failures on DNS lookup problems -so you can be sure always to have a meaningful Received-SPF header. -.I 3 -selects 'reject' mode, where incoming mail will be rejected -if the SPF record says 'fail'. -.I 4 -selects a more stricter rejection mode, which is like 'reject' mode, -except that incoming mail will also be rejected, when the SPF record -says 'softfail'. Further, -.I 5 -will reject when the SPF record says 'neutral', and -.I 6 -rejects, if no SPF records are available at all -(or a syntax error was encountered). -If -.B SPF -is given as -.IR 0 , -SPF checks are disabled. - -Note: Additional control files are -.I spfexplain -and -.IR spflocalrules . - -.P -Controlling the SMTP RCPT TO: -.IP -.TP 5 -.I MAXRECIPIENTS -is the number of Rcpt To:'s -.B qmail-smtpd -will accept in a SMTP session. -If MAXRECIPIENTS ist not set, any number is allowed. -.TP 5 -.IR TARPITCOUNT -is the number of Rcpt To: -.B qmail-smtpd -accepts before it starts tarpitting. -Default: 0 which means no tarpitting. -.TP 5 -.IR TARPITDELAY -tarpitdelay is the time in seconds of delay -to be introduced after each subsequent Rcpt To:. - -Smart Rejection Notes: -If -.IR TARPITCOUNT -is set and -.IR TARPITDELAY -= 0 (default) -.B qmail-smtpd -will issue after recognising -.IR TARPITCOUNT -invalid Rcpt To: a Recipient failure; -thus additional Rcpt Tos will not be accepted. -If, however -.IR TARPITCOUNT -is set and -.IR TARPITDELAY -= 999 -.B qmail-smtpd -will issue after -.IR TARPITCOUNT -invalid Rcpt To: a Recipient failure -.TP 5 -.I RECIPIENTS450 -tells -.b qmail-smtpd -to issue a SMTP reply '450' (temporary rejection) -instead the default '550' -in case the recipient was not listed in any -.I recipients -cdb. - -.P -Controlling the email body: -.IP -.TP 5 -.I BADLOADERTYPE='c' -tells -.B qmail-smtpd -to evaluate the control file -.I badloadertypes.cdb -with the starting string 'c'. -If -.I BADLOADERTYPE='-' -is set, the check is disabled. -In case -.I BADLOADERTYPE='+' -is defined, the check is disabled for -.IR RELAYCLIENTS . -.TP 5 -.I BADMIMETYPE -see control file -.IR badmimetypes.cdb . -In case -.I BADMIMETYPE='-' -is set; -.I badmimetypes.cdb -is not considered; thus the check is disabled. -Setting -.I BADMIMTETYPE='!' -the mime type is rejected if it includes whitespaces; -even without the control file -.IR badmimetypes.cdb . -Providing -.I BADMIMTETYPE='+' -the check is disabled if in addition -.IR RELAYCLIENTS -are recognized. - -.TP 5 -.I BASE64 -tells QHPSI to enable virus checking only if a base64 encoded -attachment was identified. -.TP 5 -.I DATABYTES -see control file -.IR databytes . -.TP 5 -.I QHPSI -is used by -.B qmail-smtpd -to supply the name of the virus scanner and it's path. -.P -Environment variables for SMTP authentication: -.IP -.TP 5 -.I SMTPAUTH -is used to enable SMTP Authentication for the -Auth types -LOGIN and PLAIN. -In case -.TP 5 -.I SMTPAUTH='+cram' -is defined, -.B qmail-smtpd -honors LOGIN, PLAIN, and additionally CRAM-MD5 authentication. -Simply -.TP 5 -.I SMTPAUTH='cram' -restricts authentication just to CRAM-MD5. -If however -.TP 5 -.I SMTPAUTH='!' -starts with an exclamation mark, Auth is required. -You can enforce 'Submission' using this option -and binding -.B qmail-smtpd -to the SUBMISSION port \'587'\. -In particular, -.TP 5 -.I SMTPAUTH='!cram' -may be useful. -In opposite, if -.TP 5 -.I SMTPAUTH='-' -starts with a dash, Auth disabled for particular -connections. -Note: The use of 'cram' requires a CRAM-MD5 enabled PAM. -.P -Setting up the TLS/STARTTLS environment: -.IP -.TP 5 -.I UCSPITLS -enables encrypted SMTP communication -via STARTTLS in case -.B sslserver -is provided. -If -.I UCSPITLS='!' -is set, STARTTLS is required; while setting -.I UCSPITLS='-' -disables STARTTLS. -Further, -.I UCSPITLS='?' -may be used to force the client to present a X.509 cert -for authentication purpose which may be refined -requesting -.I UCSPITLS='@' -to additionally fetch the email address -from the client's cert to be perhaps subject of -.IR LOCALMFCHECK . -.P -Other environment variables used: -.IP -.TP 5 -.I DELIVERTO -mail address for special recipients. -.TP 5 -.I RBLSMTPD -feed from -.B rblsmtpd -including the information received from the -inquired RBL hosts and displayed as -.I X-RBL-Info: -message header. -.TP 5 -.I POSTGREY -triggering the call of -.B qmail-postgrey -and feeding it with the IP address and port of the -.I greylisting -server. If -.I POSTGREY -is set to -.I - -no lookup is performed. - -.SH "CUSTOMIZABLE RETURN MESSAGES" -In case of rejected or defered SMTP connections -.B qmail-smtpd -can provide additional informations in the SMTP reply message -which are sandwiched between the reply code and the EMMSC. -.B qmail-smtpd -recognizes these environment variables: -.TP 5 -.I REPLY_GREYLISTED -following 450 greylisting -.TP 5 -.I REPLY_HELO -following 550 Bad Helo -.TP 5 -.I REPLY_MAILBOX -following 550 mailbox not existing -.TP 5 -.I REPLY_MAXSIZE -following 552 message size to large -.TP 5 -.I REPLY_BADMAILFROM -following 553 badmail from -.TP 5 -.I REPLY_BADRCPTTO -following 553 badrcpt to -.TP 5 -.I REPLY_SENDEREXIST -following 553 SMTP sender DNS -.TP 5 -.I REPLY_NOGATEWAY -following 553 No gateway -.TP 5 -.I REPLY_SENDERINVALID -following 553 SMTP sender invalid -.TP 5 -.I REPLY_CONTENT -following 554 Message content invalid - -.SH "ENVIRONMENT VARIABLES SET" -By means of the following environment variables, -the SMTP session can be interrogated: -.TP 5 -.I HELOHOST -the HELO/EHLO greeting of the SMTP client. -.TP 5 -.I AUTHPROTOCOL -the ESMTPA protocol used for authentication. -.TP 5 -.I AUTHUSER -the supplied username for authentication. -.TP 5 -.I MAILFROM -containes the received 'Mail From:' address. -.TP 5 -.I RCPTTO -containes all received 'Rcpt To:' addresses separated by blanks. -.TP 5 -.I TCP(6)REMOTEINFO -in authentication mode set to the accepted username. -.TP 5 -.I SSL_* -information from -.BR sslserver , -if applicable. - -.SH "SEE ALSO" -tcp-environ(5), -qmail-control(5), -qmail-inject(8), -qmail-newmrh(8), -qmail-newbmt(8), -qmail-authuser(8), -qmail-recipients(8), -qmail-postgrey(8), -qmail-smtpam(8), -qmail-mfrules(8), -qmail-queue(8), -qmail-remote(8), -qmail-send(8), -qmail-log(8), -tcpserver(8), -sslserver(8). - |