summaryrefslogtreecommitdiff
path: root/sqmail-4.3.07/man/qmail-smtpd.8
diff options
context:
space:
mode:
authorJannis Hoffmann <jannis@fehcom.de>2024-07-09 11:44:11 +0200
committerJannis Hoffmann <jannis@fehcom.de>2024-07-09 11:44:11 +0200
commitf1b71c9fe7dbb4886588a036399cf5ebe16b7c47 (patch)
treee07786aa479c9fb6ee3e537078470aaab5454f80 /sqmail-4.3.07/man/qmail-smtpd.8
parenta293489ee83c8b05d845a162dc2a4de026f3775d (diff)
removed top level directory
Diffstat (limited to 'sqmail-4.3.07/man/qmail-smtpd.8')
-rw-r--r--sqmail-4.3.07/man/qmail-smtpd.81018
1 files changed, 0 insertions, 1018 deletions
diff --git a/sqmail-4.3.07/man/qmail-smtpd.8 b/sqmail-4.3.07/man/qmail-smtpd.8
deleted file mode 100644
index 393ec28..0000000
--- a/sqmail-4.3.07/man/qmail-smtpd.8
+++ /dev/null
@@ -1,1018 +0,0 @@
-.TH s/qmail: qmail-smtpd 8
-.SH "NAME"
-qmail-smtpd \- receive mail via SMTP
-.SH "SYNOPSIS"
-.B qmail-smtpd
-[
-.I checkprogram
-.I subprogram
-]
-.SH "DESCRIPTION"
-.B qmail-smtpd
-receives mail messages via the Simple Mail Transfer Protocol (SMTP)
-and invokes
-.B qmail-queue
-to deposit them into the outgoing queue.
-.B qmail-smtpd
-must be supplied with several environment variables;
-see
-.BR tcp-environ(5) .
-
-.B qmail-smtpd
-is responsible for counting hops.
-It rejects any message with 100 or more
-.B Received
-or
-.B Delivered-To
-header fields.
-
-.B qmail-smtpd
-supports ESMTP and offers 8BITMIME, DATA, PIPELINING, SIZE, AUTH, STARTTLS, and SMTPUTF8 options.
-.B qmail-smtpd
-includes a 'Mail From:' parameter parser and obeys 'Auth', 'Size', and 'SMTPUTF8' advertisements.
-.B qmail-smtpd
-supports SMTPUTF8 SMTP envelope addresses and provides 8 bit clean message transmission.
-.B qmail-smtpd
-STARTTLS and SMTPS implementation requires the use of
-.B sslserver
-from ucspi-ssl.
-
-Authentication is facilitated in case the environment variable
-SMTPAUTH is set which tells
-.B qmail-smtpd
-to accept LOGIN, PLAIN, and eventually CRAM-MD5 Auth types
-and if additionally a PAM
-.I checkprogram
-is available which reads on file descriptor 3 the username, a 0 byte,
-the password or CRAM-MD5 digest/response derived from the SMTP client,
-another 0 byte, a CRAM-MD5 challenge (if applicable to the Auth type),
-and a final 0 byte.
-.I checkprogram
-invokes
-.I subprogram
-upon successful authentication, which should return 0 to
-.BR qmail-smtpd ,
-effectively setting the environment variables RELAYCLIENT and
-TCPREMOTEINFO or TCP6REMOTEINFO
-(any supplied value replaced with the authenticated username).
-.B qmail-smtpd
-will reject the authentication attempt if it receives a nonzero return
-value from
-.I checkprogram
-or
-.IR subprogram .
-
-STARTTLS support is enabled setting the environment variable UCSPITLS.
-In this case,
-.B qmail-smtpd
-communicates with the
-.B sslserver
-program interface through a control socket, a reading and a writing pipe, dynamically
-defined during the session start to be used for transport layer encryption.
-.B qmail-smtpd
-provides mutual authentication based on X.509 client certs and relaying
-with additional SMTP Return-Path validation.
-
-.B qmail-smtpd
-may employ additional DNS look-ups for the 'Mail From:' envelope sender
-address and/or the HELO/EHLO greeting string from the MTA client.
-
-.B qmail-smtpd
-implements a SPF record check for the domain part of the received
-.I Mail-From:\ <return-path>
-address or
-the
-.I HELO/EHLO
-statement in case the domain information is missing.
-This behavior is triggered by the environment variable
-.BR SPF .
-
-.B qmail-smtpd
-can be advised to communicate with a Greylisting server prior of acceptance, like
-.BR postgrey ,
-submitting the connection information
-.IR Mail\ From: ,
-.IR Rcpt\ To: ,
-.IR TCPREMOTEIP
-and
-.I TCPREMOTEHOST
-given its IPv4/IPv6 address as environment variable
-.IR POSTGREY
-and potentially including the port number (60000 is default)
-following the IP address separated by a semi-colon.
-For IPv6 LLU addresses the interface name followwing a percent sign can be included:
-.IR fe80::1%eth0;60000 .
-A return value of
-.I 10
-will advise
-.B qmail-smtpd
-to defer the SMTP connection providing a
-.I 450\ greylisted\ (#4.3.0)
-response to the connecting MTA, which can be tailored (see below).
-This mechanism shall not be used for SMTP connections on the
-.I Submission
-port.
-Setting
-.I POSTGREY='-'
-disables the lookup.
-
-.SH "TRANSPARENCY"
-.B qmail-smtpd
-converts the SMTP newline convention into the UNIX newline convention
-by converting CR LF into LF.
-Usually, it returns a temporary error and drops the connection on bare LFs.
-
-.B qmail-smtpd
-accepts messages that contain long lines or non-ASCII characters
-and thus is initially capable for SMTPUTF8 support.
-
-.SH "CONTROL FILES"
-.TP 5
-.IR badhelo
-Unacceptable HELO/EHLO greeting strings.
-.B qmail-smtpd
-will reject every connection attempt
-if the client MTA's HELO/EHLO greeting compares with
-a wildmat pattern provided in
-.IR badhelo
-in case the environment variable
-.B HELOCHECK
-is set.
-.IR badhelo
-checks have precedence over DNS lookups.
-DNS lookups can be avoided, if the announced
-HELO/EHLO greeting string is concatinated
-with a trailing '!' and included in
-.IR badhelo :
-
-.EX
- localhost
- localhost.localdomain
- 127.0.0.1
- mygreetingstring
- [192.168.1.2]!
-.EE
-
-.TP 5
-.I badmailfrom
-Unacceptable envelope sender addresses.
-.B qmail-smtpd
-will reject every recipient address for a message
-if the envelope sender address is listed in
-.IR badmailfrom .
-A line in
-.I badmailfrom
-may be of the form
-.BR @\fIhost ,
-meaning every address at
-.IR host .
-Additionally, any envelope sender address can be filtered
-with a wildmat check:
-
-.EX
- *@earthlink.net
- !fred@earthlink.net
- [0-9][0-9][0-9][0-9][0-9]@[0-9][0-9][0-9].com
- answerme@save*
- *%*
- @yahoo.com-
- @hotmail.com=
- @mydomain.tld+
- ~yahoo.com
- ?nobody@example.com
-.EE
-
-A
-.I badmailfrom
-file with this contents reject all mail from Earthlink except from
-fred@earthlink.net. It also rejects all mail with addresses like:
-12345@123.com and answerme@savetrees.com. Further, any mail with
-a sender address containing a percent sign (%) is rejected.
-
-This implementation recognises 'extended' addresss in
-.I badmailfrom
-allowing to reject mails with particluar spoofed domain addresses:
-
-(1) The address is appended with a '-'.
-Now, if
-.I TCP(6)REMOTEHOST
-equals 'unknown', mails with the corresponding address are rejected
-(badmailfromunknown).
-
-(2) The address is appended with a '='.
-In case
-.I TCP(6)REMEOTEHOST
-is set mails, whose domain part of the envelope addresses
-.B not
-matching
-the corresponding entry are rejected (badmailfromwellknown).
-
-(3) The address is appended with a '+'.
-If
-.I RELAYCLIENT
-is not set and the sender address matches a corresponding entry
-(anti-spoofing for internal addresses).
-
-(4) The address is enhanced with a leading '~'.
-This requires a (left to right partial) matching of
-.I TCP(6)REMOTEHOST
-with the domain part of the envelope address.
-Thus, this specific entry in
-.I badmailfrom
-uses
-.I TCP(6)REMOTEHOST
-in the first place (badmailfrommismachteddomains).
-
-(5) The address is enhanced with a leading '?'.
-Emails with the corresponding sender address pass by all further
-.I badmailfrom
-tests including the
-.I MFDNSCHECK
-check.
-
-Note: The 'enhanced' addresses are not subject of the wildmat check
-and are evaluated in lower-case.
-
-The wildmat check is done in the order:
-Least significant to most significant.
-Example:
-
-.EX
- *
- !
- !*@*.*
- *viagra*
-.EE
-
-.TP 5
-.I badloadertypes.cdb
-Unacceptable base64 loader types in the message.
-.B qmail-smtpd
-will reject every message if 5 significant
-characters (eg.
-.BR Mi5kb)
-anyware in the base64 encoded attachment is identical
-to those compiled into
-.IR badloadertypes.cdb .
-Use
-.B qmail-badloadertypes
-to derive
-.I badloadertypes.cdb
-from
-.IR badloadertypes .
-In order to make the search efficient, all bad loader
-types have to start with the same character (eg. 'M').
-The control file
-.I badloadertypes.cdb
-is evaluated if the environment variable BADLOADERTYPE
-is set to the first character according to the contents of
-.IR badloadertypes .
-.TP
-.I badmimetypes.cdb
-Unacceptable base64 encoded MIME types in message.
-.B qmail-smtpd
-will reject every message if the first 9 significant
-characters (eg.
-.BR TVqQAAMAA )
-of any of it's embedded MIME types is identical with one
-compiled into
-.IR badmimetypes.cdb .
-Use
-.B qmail-badmimetypes
-to derive
-.I badmimetypes.cdb
-from
-.IR badmimetypes .
-The control file
-.I badmimetypes.cdb
-is evaluated if the environment variable
-.I BADMIMETYPE
-is set.
-In addition, irregular BASE64 attachments carrying whitespaces can
-be rejected defining
-.IR BADMIMETYPE='!' .
-.TP 5
-.I badrcptto
-Unacceptable envelope recipient addresses.
-.B qmail-smtpd
-will reject every incoming message
-if the envelope recipient address is listed in
-.IR badrcptto .
-This control file is complementary to
-.IR badmailfrom .
-A line in
-.I badrcptto
-may be of the form
-.BR @\fIhost ,
-meaning every address at
-.IR host .
-.I badrcptto
-employes the same filtering logic for the envelope recipient as
-.IR badmailfrom .
-Effectively,
-.IR badrcptto
-allows a 'whitelisting' of envelope recipient addresses:
-
-.EX
- *
- !user1@mydomain.com
- !user2@mydomain.com
- !*@anotherdomain.com
-.EE
-
-.IR badrcptto
-allows to tag recipient addresses to be reachable from
-authorized clients only (aka relayclients), prepending it
-in
-.IR badrcptto
-with
-.IR + .
-
-.EX
- +localaddress@mydomain.com
-.EE
-
-.TP 5
-.I databytes
-Maximum number of bytes allowed in a message,
-or 0 for no limit.
-Default: 0.
-If a message exceeds this limit,
-.B qmail-smtpd
-returns a permanent error code to the client;
-in contrast, if
-the disk is full or
-.B qmail-smtpd
-hits a resource limit,
-.B qmail-smtpd
-returns a temporary error code.
-
-.I databytes
-counts bytes as stored on disk, not as transmitted through the network.
-It does not count the
-.B qmail-smtpd
-Received line, the
-.B qmail-queue
-Received line, or the envelope.
-
-If the environment variable DATABYTES
-is set, it overrides
-.IR databytes .
-.TP 5
-.I localiphost
-Replacement host name for local IP addresses.
-Default:
-.IR me ,
-if that is supplied.
-.B qmail-smtpd
-is responsible for recognizing native IPv4/IPv6 addresses for the
-current host.
-When it sees a recipient address of the form
-.I box@[d.d.d.d]
-or
-.IR box@[a:b:c:d:e:f:g:h] ,
-where
-.I d.d.d.d
-or
-.IR a:b:c:d:e:f:g:h
-is a local IPv4/IPv6 address,
-it replaces
-.I [d.d.d.d]
-or
-.IR [a:b:c:d:e:f:g:h]
-with
-.IR localiphost .
-This is done before
-.IR rcpthosts .
-.TP 5
-.I morercpthosts
-Extra allowed RCPT domains.
-If
-.I rcpthosts
-and
-.I morercpthosts
-both exist,
-.I morercpthosts
-is effectively appended to
-.IR rcpthosts .
-
-You must run
-.B qmail-newmrh
-whenever
-.I morercpthosts
-changes.
-
-Rule of thumb for large sites:
-Put your 50 most commonly used domains into
-.IR rcpthosts ,
-and the rest into
-.IR morercpthosts .
-.TP 5
-.I mailfromrules
-Acceptable 'Mail From:' addresses for
-RELAYCLIENTs are included here. Use
-.B qmail-mfrules
-to derive
-.TP 5
-.I mailfromrules.cdb
-from
-.IR mailfromrules .
-.TP 5
-.I rcpthosts
-Allowed RCPT domains.
-If
-.I rcpthosts
-is supplied,
-.B qmail-smtpd
-will reject
-any envelope recipient address with a domain not listed in
-.IR rcpthosts .
-
-Exception:
-If the environment variable RELAYCLIENT is set,
-.B qmail-smtpd
-will ignore
-.IR rcpthosts ,
-and will append the value of RELAYCLIENT
-to each incoming recipient address.
-
-.I rcpthosts
-may include wildcards:
-
-.EX
- heaven.af.mil
- .heaven.af.mil
-.EE
-
-Envelope recipient addresses without @ signs are
-always allowed through.
-.TP 5
-.I recipients
-List of external resources providing acceptable,
-full-qualified envelope addresses
-(\'RCPT to: <recip@domain>\')
-to be used for recipient verification
-during the SMTP session.
-
-The external sources can be either
-.B fastforward
-compliant cdbs including the envelope addresses,
-where the path to a cdb has to be referenced
-relative to Qmail's home directory, or a
-.B qmail-users
-build cdb available as
-.IR users/assign.cdb ,
-or a
-.B checkpassword
-compatible Plugable Authentication Modules
-(PAM), receiving the envelope address on FD 3
-as 'recip@domain\\0\\0\\0' and returning '0'
-in a case of success and '1' in case of failure.
-The use of a PAM is indicated with a delimiting '|' and
-it will be called with up to five additional parameters;
-while a cdb follows a ':', which can be omitted.
-
-The list of external sources is consulted line-by-line for each
-recipient envelope address until the first positive answer,
-or a final negative response is encountered.
-Which external source to be queried, depends on the domain part of the
-recipient envelope address specified on the left side of the
-.I recipients
-file, while the external resource is provided right from the delimitor.
-
-The addresses' domain part is evaluated in lower-case.
-An exact domain match can be encompassed by means of a leading '@'.
-The '*' is a generic wildcard for all domains.
-Specific domains can be excluded from the lookup by means of a
-leading '!'; thus all recipient addresses are accepted for this domain.
-Additionally, a '!*' can be used as wildcard for all domains not encountered
-before in
-.I recipients
-(pass-thru).
-
-A
-.I recipients
-file is always constructed like 'domain:cdb','domain|pam',
-or simply 'cdb':
-
-.EX
- !nocheck.com
- mydomain.com:users/recipients.cdb
- @mx.mydomain.com:=
- example.com|bin/qmail-smtpam mx.example.com
- *:etc/fastforward.cdb
- *|PATH/ldapam ldapserver host port DN passwd
- !*
-.EE
-
-.B qmail-smtpd
-will semi-automatically consult
-.I users/assign.cdb
-generated by
-.B qmail-newu
-in case the domain name is
-followed by a colon and the equal sign '='.
-Now, the received \'Rcpt to:\' address
-is compared against each local part address
-(starting with a '=') in
-.IR users/assign.cdb .
-However, no VERP addresses are considered,
-which are indicated therein via a '+'.
-
-Lagacy format:
-
-.EX
- users/recipients.cdb
- etc/fastforward.cdb
-.EE
-
-Note: Excluded domains starting with a '!'
-should be placed in the beginning of the
-.I recipients
-file for performance reasons, while the pass-thru
-statement '!*' has to be on the last line.
-The recipients check is applied after the
-.I rcpthosts
-evaluation.
-
-.B qmail-recipients
-may be used to construct a
-.I users/recipients.cdb
-from
-.IR users/recipients .
-
-The
-.B qmail-smtpd
-recipients mechanism supports Qmail's address extension (VERP).
-Unqualified envelope recipients are appended with \'@localhost\'.
-.TP 5
-.I smtpgreeting
-SMTP greeting message.
-Default:
-.IR me ,
-if that is supplied;
-otherwise
-.B qmail-smtpd
-will refuse to run.
-The first word of
-.I smtpgreeting
-should be the current host's name.
-.TP 5
-.I spfexplain
-An additional SPF explanation can be given here to provide more
-specific information for the sender in case of a reject.
-SPF macro expansion is possible. It will override the default one, e.g.:
-
-.EE
-See https://example.com/spfrules.html (#5.7.1)
-.EX
-.TP 5
-.I spflocalrules
-As 'last resort', it is possible to include SPF local rules here
-(on one line), that will be applied before other SPF rules would fail.
-This can be used to allow certain MX to send mails anyway. Example:
-
-.EE
-include:spf.trusted-forwarder.org
-.EX
-.TP 5
-.I timeoutsmtpd
-Number of seconds
-.B qmail-smtpd
-will wait for each new buffer of data from the remote SMTP client.
-Default: 1200.
-
-.SH "CONDITIONAL CONTROL FILES"
-The control files \fIrcpthosts\fR, \fImorecpthosts\fR,
-\fIrecipients\fR, \fIbadhelo\fR
-are 'conditional' control files and evaluated
-only if the environment variable RELAYCLIENT is not set.
-On the other hand,
-\fImailfromrules.cdb\fR is only taken into account, if
-RELAYCLIENT is set.
-This allows
-.B qmail-smtpd
-to relay mail messages from local clients and to filter
-mails with certain SMTP envelope conditions
-originating from particular clients ('Split Horizon').
-Other conditional control files are
-\fIbadloadertypes\fR,
-\fIbadmimetypes\fR
-which depend on the setting of the corresponding
-environment variables.
-
-Further, the control files \fIspfexplain\fR and
-\fIspflocalrules\fR are only evaluated if the
-environment variable
-.I SPF
-is defined and greater than 0 and
-.I RELAYCLIENT
-is not set.
-
-.SH "ENVIRONMENT VARIABLES READ"
-Environment variables may be defined globally in the
-.B qmail-smtpd
-startup script and/or individually as part of the
-.BR sslserver 's
-cdb database.
-The environment variables may be quoted ("variable", or 'variable') and
-in case of global use, have to be exported.
-.B qmail-smtpd
-supports the following legacy environment variables, typically
-provided by
-.B sslserver
-or
-.B tcpserver:
-.IR TCP(6)REMOTEIP ,
-.IR TCP(6)REMOTEHOST
-.IR TCP(6)REMOTEINFO
-and
-.IR TCPLOCALPORT
-as well as
-.IR RELAYCLIENT .
-Additionally,
-.B qmail-smtpd
-may use several environment variables for different purposes.
-.P
-Controlling the SMTP HELO/EHLO:
-.IP
-.TP 5
-.I HELOCHECK=''
-enables a check of the provided HELO/EHLO greeting against
-the content of the control file
-.IR badhelo .
-In case no HELO/EHLO greeting is given, SMTP
-connections can be rejected, if
-.I HELOCHECK='!'
-is set. Checks on the presence and the content of
-the HELO/EHLO greeting string is facilitated, setting
-.IR HELOCHECK='.' .
-To enforce the match of the HELO/EHLO greeting with
-the remote host's FQDN (
-.IR TCP(6)REMOTEHOST ),
-use
-.IR HELOCHECK='=' .
-.TP 5
-.I HELOCHECK='A' | HELOCHECK='M'
-enable DNS A/MX lookup for the HELO/EHLO greeting string.
-In addition, the HELO/EHLO string is checked against
-the content of
-.IR badhelo .
-.TP 5
-.I UTF8
-display the
-.I SMTPUTF8
-greeting string. This is off by default.
-.p
-Since
-.B qmail-smtpd
-is 8 bit clean, setting of
-.I UTF8
-has no real consequences except for displaying this
-setting in the log as
-.IR ESMTP[SA]UTF8 .
-.P
-Controlling the SMTP Mail From:
-.IP
-.TP 5
-.I LOCALMFCHECK
-is used to enable a 'Mail From:' address Verification (MAV) for RELAYCLIENTs.
-Thus, the domain part of the 'Mail From:' envelope sender address
-has to match an entry in
-.IR rcpthosts
-or
-.IR morercpthosts
-control files, if not explicitly defined otherwise.
-
-If LOCALMFCHECK='!' is set, the control file
-.I mailfromrules.cdb
-is evaluated and the MAV is facilitated employing the environment variables
-.IR TCP(6)REMOTEINFO ,
-.IR TCP(6)REMOTIP ,
-or
-.I TCP(6)REMOTEHOST
-as a key.
-However, if LOCALMFCHECK='=' is provided,
-.IR TCP(6)REMOTEINFO
-(i.e. set by Auth) has to match the 'Mail From:'
-envelope address (case insensitive).
-Alternativley, using LOCALMFCHECK='?' the email address
-embedded in the DN of a X.509 client is used and compared
-against the 'Mail From:' envelope address.
-Of course, this requires
-.B sslserver
-to request a client cert for mutual authentication.
-
-Note: Adding a qualifier to LOCALMFCHCEK,
-the domain part of the 'Mail From:' address is compared
-against the provided string.
-.TP 5
-.IR MFDNSCHECK
-enable DNS MX lookup for the domain part of the 'Mail From:' envelope sender address.
-.TP 5
-.I SPF='0'|'1'|'2'|'3'|'4'|'5'|'6'
-SPF Records will be evaluated for the current SMTP session in case
-.B SPF
-is defined. The value of
-.B SPF
-may be given between 1 and 6 to enable SPF checks.
-.I 1
-selects 'annotate-only' mode, where
-.B qmail-smtpd
-will annotate incoming email with a
-.B Received-SPF
-header, but will not reject any messages.
-.I 2
-will produce temporary failures on DNS lookup problems
-so you can be sure always to have a meaningful Received-SPF header.
-.I 3
-selects 'reject' mode, where incoming mail will be rejected
-if the SPF record says 'fail'.
-.I 4
-selects a more stricter rejection mode, which is like 'reject' mode,
-except that incoming mail will also be rejected, when the SPF record
-says 'softfail'. Further,
-.I 5
-will reject when the SPF record says 'neutral', and
-.I 6
-rejects, if no SPF records are available at all
-(or a syntax error was encountered).
-If
-.B SPF
-is given as
-.IR 0 ,
-SPF checks are disabled.
-
-Note: Additional control files are
-.I spfexplain
-and
-.IR spflocalrules .
-
-.P
-Controlling the SMTP RCPT TO:
-.IP
-.TP 5
-.I MAXRECIPIENTS
-is the number of Rcpt To:'s
-.B qmail-smtpd
-will accept in a SMTP session.
-If MAXRECIPIENTS ist not set, any number is allowed.
-.TP 5
-.IR TARPITCOUNT
-is the number of Rcpt To:
-.B qmail-smtpd
-accepts before it starts tarpitting.
-Default: 0 which means no tarpitting.
-.TP 5
-.IR TARPITDELAY
-tarpitdelay is the time in seconds of delay
-to be introduced after each subsequent Rcpt To:.
-
-Smart Rejection Notes:
-If
-.IR TARPITCOUNT
-is set and
-.IR TARPITDELAY
-= 0 (default)
-.B qmail-smtpd
-will issue after recognising
-.IR TARPITCOUNT
-invalid Rcpt To: a Recipient failure;
-thus additional Rcpt Tos will not be accepted.
-If, however
-.IR TARPITCOUNT
-is set and
-.IR TARPITDELAY
-= 999
-.B qmail-smtpd
-will issue after
-.IR TARPITCOUNT
-invalid Rcpt To: a Recipient failure
-.TP 5
-.I RECIPIENTS450
-tells
-.b qmail-smtpd
-to issue a SMTP reply '450' (temporary rejection)
-instead the default '550'
-in case the recipient was not listed in any
-.I recipients
-cdb.
-
-.P
-Controlling the email body:
-.IP
-.TP 5
-.I BADLOADERTYPE='c'
-tells
-.B qmail-smtpd
-to evaluate the control file
-.I badloadertypes.cdb
-with the starting string 'c'.
-If
-.I BADLOADERTYPE='-'
-is set, the check is disabled.
-In case
-.I BADLOADERTYPE='+'
-is defined, the check is disabled for
-.IR RELAYCLIENTS .
-.TP 5
-.I BADMIMETYPE
-see control file
-.IR badmimetypes.cdb .
-In case
-.I BADMIMETYPE='-'
-is set;
-.I badmimetypes.cdb
-is not considered; thus the check is disabled.
-Setting
-.I BADMIMTETYPE='!'
-the mime type is rejected if it includes whitespaces;
-even without the control file
-.IR badmimetypes.cdb .
-Providing
-.I BADMIMTETYPE='+'
-the check is disabled if in addition
-.IR RELAYCLIENTS
-are recognized.
-
-.TP 5
-.I BASE64
-tells QHPSI to enable virus checking only if a base64 encoded
-attachment was identified.
-.TP 5
-.I DATABYTES
-see control file
-.IR databytes .
-.TP 5
-.I QHPSI
-is used by
-.B qmail-smtpd
-to supply the name of the virus scanner and it's path.
-.P
-Environment variables for SMTP authentication:
-.IP
-.TP 5
-.I SMTPAUTH
-is used to enable SMTP Authentication for the
-Auth types
-LOGIN and PLAIN.
-In case
-.TP 5
-.I SMTPAUTH='+cram'
-is defined,
-.B qmail-smtpd
-honors LOGIN, PLAIN, and additionally CRAM-MD5 authentication.
-Simply
-.TP 5
-.I SMTPAUTH='cram'
-restricts authentication just to CRAM-MD5.
-If however
-.TP 5
-.I SMTPAUTH='!'
-starts with an exclamation mark, Auth is required.
-You can enforce 'Submission' using this option
-and binding
-.B qmail-smtpd
-to the SUBMISSION port \'587'\.
-In particular,
-.TP 5
-.I SMTPAUTH='!cram'
-may be useful.
-In opposite, if
-.TP 5
-.I SMTPAUTH='-'
-starts with a dash, Auth disabled for particular
-connections.
-Note: The use of 'cram' requires a CRAM-MD5 enabled PAM.
-.P
-Setting up the TLS/STARTTLS environment:
-.IP
-.TP 5
-.I UCSPITLS
-enables encrypted SMTP communication
-via STARTTLS in case
-.B sslserver
-is provided.
-If
-.I UCSPITLS='!'
-is set, STARTTLS is required; while setting
-.I UCSPITLS='-'
-disables STARTTLS.
-Further,
-.I UCSPITLS='?'
-may be used to force the client to present a X.509 cert
-for authentication purpose which may be refined
-requesting
-.I UCSPITLS='@'
-to additionally fetch the email address
-from the client's cert to be perhaps subject of
-.IR LOCALMFCHECK .
-.P
-Other environment variables used:
-.IP
-.TP 5
-.I DELIVERTO
-mail address for special recipients.
-.TP 5
-.I RBLSMTPD
-feed from
-.B rblsmtpd
-including the information received from the
-inquired RBL hosts and displayed as
-.I X-RBL-Info:
-message header.
-.TP 5
-.I POSTGREY
-triggering the call of
-.B qmail-postgrey
-and feeding it with the IP address and port of the
-.I greylisting
-server. If
-.I POSTGREY
-is set to
-.I -
-no lookup is performed.
-
-.SH "CUSTOMIZABLE RETURN MESSAGES"
-In case of rejected or defered SMTP connections
-.B qmail-smtpd
-can provide additional informations in the SMTP reply message
-which are sandwiched between the reply code and the EMMSC.
-.B qmail-smtpd
-recognizes these environment variables:
-.TP 5
-.I REPLY_GREYLISTED
-following 450 greylisting
-.TP 5
-.I REPLY_HELO
-following 550 Bad Helo
-.TP 5
-.I REPLY_MAILBOX
-following 550 mailbox not existing
-.TP 5
-.I REPLY_MAXSIZE
-following 552 message size to large
-.TP 5
-.I REPLY_BADMAILFROM
-following 553 badmail from
-.TP 5
-.I REPLY_BADRCPTTO
-following 553 badrcpt to
-.TP 5
-.I REPLY_SENDEREXIST
-following 553 SMTP sender DNS
-.TP 5
-.I REPLY_NOGATEWAY
-following 553 No gateway
-.TP 5
-.I REPLY_SENDERINVALID
-following 553 SMTP sender invalid
-.TP 5
-.I REPLY_CONTENT
-following 554 Message content invalid
-
-.SH "ENVIRONMENT VARIABLES SET"
-By means of the following environment variables,
-the SMTP session can be interrogated:
-.TP 5
-.I HELOHOST
-the HELO/EHLO greeting of the SMTP client.
-.TP 5
-.I AUTHPROTOCOL
-the ESMTPA protocol used for authentication.
-.TP 5
-.I AUTHUSER
-the supplied username for authentication.
-.TP 5
-.I MAILFROM
-containes the received 'Mail From:' address.
-.TP 5
-.I RCPTTO
-containes all received 'Rcpt To:' addresses separated by blanks.
-.TP 5
-.I TCP(6)REMOTEINFO
-in authentication mode set to the accepted username.
-.TP 5
-.I SSL_*
-information from
-.BR sslserver ,
-if applicable.
-
-.SH "SEE ALSO"
-tcp-environ(5),
-qmail-control(5),
-qmail-inject(8),
-qmail-newmrh(8),
-qmail-newbmt(8),
-qmail-authuser(8),
-qmail-recipients(8),
-qmail-postgrey(8),
-qmail-smtpam(8),
-qmail-mfrules(8),
-qmail-queue(8),
-qmail-remote(8),
-qmail-send(8),
-qmail-log(8),
-tcpserver(8),
-sslserver(8).
-