From 89b7b67a13ebb7965cc7f13ad0595e2194a2d34c Mon Sep 17 00:00:00 2001 From: Jannis Hoffmann Date: Wed, 3 Jul 2024 15:48:04 +0200 Subject: add sqmail-4.2.29a --- man/Makefile | 512 ++++++++++++++++++++++ man/Makefile.mandoc | 512 ++++++++++++++++++++++ man/TARGETS | 105 +++++ man/addresses.5 | 260 ++++++++++++ man/bouncesaying.1 | 71 ++++ man/columnt.1 | 29 ++ man/condredirect.1 | 63 +++ man/datetime.3 | 73 ++++ man/dnscname.8 | 35 ++ man/dnsfq.8 | 34 ++ man/dnsip.8 | 31 ++ man/dnsmxip.8 | 42 ++ man/dnsptr.8 | 27 ++ man/dnstlsa.8 | 51 +++ man/dnstxt.8 | 29 ++ man/dot-qmail.9 | 396 +++++++++++++++++ man/envelopes.5 | 231 ++++++++++ man/except.1 | 33 ++ man/fastforward.1 | 123 ++++++ man/forgeries.7 | 104 +++++ man/forward.1 | 24 ++ man/hostname.8 | 14 + man/ipmeprint.8 | 15 + man/maildir.5 | 239 +++++++++++ man/maildir2mbox.1 | 53 +++ man/maildirmake.1 | 15 + man/maildirwatch.1 | 23 + man/mailsubj.1 | 38 ++ man/matchup.1 | 111 +++++ man/mbox.5 | 235 ++++++++++ man/newaliases.1 | 366 ++++++++++++++++ man/newinclude.1 | 88 ++++ man/preline.1 | 57 +++ man/printforward.1 | 16 + man/printmaillist.1 | 15 + man/qbiff.1 | 31 ++ man/qmail-authuser.9 | 433 +++++++++++++++++++ man/qmail-badloadertypes.9 | 48 +++ man/qmail-badmimetypes.9 | 46 ++ man/qmail-clean.8 | 13 + man/qmail-command.8 | 149 +++++++ man/qmail-control.9 | 110 +++++ man/qmail-dkim.8 | 217 ++++++++++ man/qmail-dksign.9 | 336 +++++++++++++++ man/qmail-dkverify.8 | 137 ++++++ man/qmail-getpw.9 | 114 +++++ man/qmail-header.5 | 332 +++++++++++++++ man/qmail-inject.8 | 309 ++++++++++++++ man/qmail-limits.9 | 33 ++ man/qmail-local.8 | 99 +++++ man/qmail-log.5 | 448 ++++++++++++++++++++ man/qmail-lspawn.8 | 46 ++ man/qmail-mfrules.9 | 108 +++++ man/qmail-mrtg.8 | 141 ++++++ man/qmail-newmrh.9 | 41 ++ man/qmail-newu.9 | 43 ++ man/qmail-pop3d.8 | 46 ++ man/qmail-popup.8 | 131 ++++++ man/qmail-postgrey.8 | 90 ++++ man/qmail-pw2u.9 | 241 +++++++++++ man/qmail-qmaint.8 | 65 +++ man/qmail-qmqpc.8 | 37 ++ man/qmail-qmqpd.8 | 25 ++ man/qmail-qmtpd.8 | 36 ++ man/qmail-qread.8 | 25 ++ man/qmail-qstat.8 | 18 + man/qmail-queue.8 | 199 +++++++++ man/qmail-recipients.9 | 48 +++ man/qmail-remote.8 | 795 ++++++++++++++++++++++++++++++++++ man/qmail-rspawn.8 | 21 + man/qmail-send.9 | 265 ++++++++++++ man/qmail-showctl.8 | 12 + man/qmail-smtpam.8 | 110 +++++ man/qmail-smtpd.8 | 1013 ++++++++++++++++++++++++++++++++++++++++++++ man/qmail-start.9 | 94 ++++ man/qmail-tcpok.8 | 24 ++ man/qmail-tcpto.8 | 30 ++ man/qmail-todo.8 | 128 ++++++ man/qmail-users.9 | 117 +++++ man/qmail-vmailuser.9 | 108 +++++ man/qreceipt.1 | 33 ++ man/setforward.1 | 204 +++++++++ man/setmaillist.1 | 72 ++++ man/spfquery.8 | 147 +++++++ man/splogger.8 | 60 +++ man/sqmail.9 | 130 ++++++ man/srsforward.1 | 96 +++++ man/srsreverse.9 | 87 ++++ man/tai64nfrac.5 | 18 + man/tcp-environ.5 | 86 ++++ man/xqp.1 | 18 + man/xrecipient.1 | 14 + man/xsender.1 | 14 + 93 files changed, 11961 insertions(+) create mode 100644 man/Makefile create mode 100644 man/Makefile.mandoc create mode 100644 man/TARGETS create mode 100644 man/addresses.5 create mode 100644 man/bouncesaying.1 create mode 100644 man/columnt.1 create mode 100644 man/condredirect.1 create mode 100644 man/datetime.3 create mode 100644 man/dnscname.8 create mode 100644 man/dnsfq.8 create mode 100644 man/dnsip.8 create mode 100644 man/dnsmxip.8 create mode 100644 man/dnsptr.8 create mode 100644 man/dnstlsa.8 create mode 100644 man/dnstxt.8 create mode 100644 man/dot-qmail.9 create mode 100644 man/envelopes.5 create mode 100644 man/except.1 create mode 100644 man/fastforward.1 create mode 100644 man/forgeries.7 create mode 100644 man/forward.1 create mode 100644 man/hostname.8 create mode 100644 man/ipmeprint.8 create mode 100644 man/maildir.5 create mode 100644 man/maildir2mbox.1 create mode 100644 man/maildirmake.1 create mode 100644 man/maildirwatch.1 create mode 100644 man/mailsubj.1 create mode 100644 man/matchup.1 create mode 100644 man/mbox.5 create mode 100644 man/newaliases.1 create mode 100644 man/newinclude.1 create mode 100644 man/preline.1 create mode 100644 man/printforward.1 create mode 100644 man/printmaillist.1 create mode 100644 man/qbiff.1 create mode 100644 man/qmail-authuser.9 create mode 100644 man/qmail-badloadertypes.9 create mode 100644 man/qmail-badmimetypes.9 create mode 100644 man/qmail-clean.8 create mode 100644 man/qmail-command.8 create mode 100644 man/qmail-control.9 create mode 100644 man/qmail-dkim.8 create mode 100644 man/qmail-dksign.9 create mode 100644 man/qmail-dkverify.8 create mode 100644 man/qmail-getpw.9 create mode 100644 man/qmail-header.5 create mode 100644 man/qmail-inject.8 create mode 100644 man/qmail-limits.9 create mode 100644 man/qmail-local.8 create mode 100644 man/qmail-log.5 create mode 100644 man/qmail-lspawn.8 create mode 100644 man/qmail-mfrules.9 create mode 100644 man/qmail-mrtg.8 create mode 100644 man/qmail-newmrh.9 create mode 100644 man/qmail-newu.9 create mode 100644 man/qmail-pop3d.8 create mode 100644 man/qmail-popup.8 create mode 100644 man/qmail-postgrey.8 create mode 100644 man/qmail-pw2u.9 create mode 100644 man/qmail-qmaint.8 create mode 100644 man/qmail-qmqpc.8 create mode 100644 man/qmail-qmqpd.8 create mode 100644 man/qmail-qmtpd.8 create mode 100644 man/qmail-qread.8 create mode 100644 man/qmail-qstat.8 create mode 100644 man/qmail-queue.8 create mode 100644 man/qmail-recipients.9 create mode 100644 man/qmail-remote.8 create mode 100644 man/qmail-rspawn.8 create mode 100644 man/qmail-send.9 create mode 100644 man/qmail-showctl.8 create mode 100644 man/qmail-smtpam.8 create mode 100644 man/qmail-smtpd.8 create mode 100644 man/qmail-start.9 create mode 100644 man/qmail-tcpok.8 create mode 100644 man/qmail-tcpto.8 create mode 100644 man/qmail-todo.8 create mode 100644 man/qmail-users.9 create mode 100644 man/qmail-vmailuser.9 create mode 100644 man/qreceipt.1 create mode 100644 man/setforward.1 create mode 100644 man/setmaillist.1 create mode 100644 man/spfquery.8 create mode 100644 man/splogger.8 create mode 100644 man/sqmail.9 create mode 100644 man/srsforward.1 create mode 100644 man/srsreverse.9 create mode 100644 man/tai64nfrac.5 create mode 100644 man/tcp-environ.5 create mode 100644 man/xqp.1 create mode 100644 man/xrecipient.1 create mode 100644 man/xsender.1 (limited to 'man') diff --git a/man/Makefile b/man/Makefile new file mode 100644 index 0000000..52b85ee --- /dev/null +++ b/man/Makefile @@ -0,0 +1,512 @@ +# Don't edit Makefile! Use ../conf-* for configuration. + +SHELL=/bin/sh + +default: modules docs dns + +addresses.0: \ +addresses.5 + nroff -man addresses.5 > addresses.0 + +bouncesaying.0: \ +bouncesaying.1 + nroff -man bouncesaying.1 > bouncesaying.0 + +columnt.0: \ +columnt.1 + nroff -man columnt.1 > columnt.0 + +condredirect.0: \ +condredirect.1 + nroff -man condredirect.1 > condredirect.0 + +dns:\ +dnscname.0 dnsfq.0 dnsip.0 dnsmxip.0 dnsptr.0 dnstxt.0 \ +hostname.0 ipmeprint.0 + +dnscname.0: \ +dnscname.8 + nroff -man dnscname.8 > dnscname.0 + +dnsfq.0: \ +dnsfq.8 + nroff -man dnsfq.8 > dnsfq.0 + +dnsip.0: \ +dnsip.8 + nroff -man dnsip.8 > dnsip.0 + +dnsmxip.0: \ +dnsmxip.8 + nroff -man dnsmxip.8 > dnsmxip.0 + +dnsptr.0: \ +dnsptr.8 + nroff -man dnsptr.8 > dnsptr.0 + +dnstxt.0: \ +dnstxt.8 + nroff -man dnstxt.8 > dnstxt.0 + +datetime.0: \ +datetime.3 + nroff -man datetime.3 > datetime.0 + +docs:\ +addresses.0 dot-qmail.0 envelopes.0 forgeries.0 mbox.0 maildir.0 \ +qmail-command.0 qmail-control.0 qmail-header.0 qmail-limits.0 \ +tcp-environ.0 + +dot-qmail.0: \ +dot-qmail.5 + nroff -man dot-qmail.5 > dot-qmail.0 + +dot-qmail.5: \ +dot-qmail.9 ../conf-home ../conf-break ../conf-spawn + cat dot-qmail.9 \ + | sed s}SQMAIL}"`head -1 ../conf-home`"}g \ + | sed s}BREAK}"`head -1 ../conf-break`"}g \ + | sed s}SPAWN}"`head -1 ../conf-spawn`"}g \ + > dot-qmail.5 + +envelopes.0: \ +envelopes.5 + nroff -man envelopes.5 > envelopes.0 + +except.0: \ +except.1 + nroff -man except.1 > except.0 + +fastforward.0: \ +fastforward.1 + nroff -man fastforward.1 > fastforward.0 + +forgeries.0: \ +forgeries.7 + nroff -man forgeries.7 > forgeries.0 + +forward.0: \ +forward.1 + nroff -man forward.1 > forward.0 + +hostname.0: \ +hostname.8 + nroff -man hostname.8 > hostname.0 + +ipmeprint.0: \ +ipmeprint.8 + nroff -man ipmeprint.8 > ipmeprint.0 + +maildir.0: \ +maildir.5 + nroff -man maildir.5 > maildir.0 + +maildir2mbox.0: \ +maildir2mbox.1 + nroff -man maildir2mbox.1 > maildir2mbox.0 + +maildirmake.0: \ +maildirmake.1 + nroff -man maildirmake.1 > maildirmake.0 + +maildirwatch.0: \ +maildirwatch.1 + nroff -man maildirwatch.1 > maildirwatch.0 + +mailsubj.0: \ +mailsubj.1 + nroff -man mailsubj.1 > mailsubj.0 + +matchup.0: \ +matchup.1 + nroff -man matchup.1 > matchup.0 + +mbox.0: \ +mbox.5 + nroff -man mbox.5 > mbox.0 + +modules: \ +qmail-local.0 qmail-lspawn.0 qmail-getpw.0 qmail-remote.0 qmail-smtpam.0 \ +qmail-todo.0 qmail-vmailuser.0 qmail-authuser.0 qmail-postgrey.0 \ +qmail-rspawn.0 qmail-clean.0 qmail-send.0 qmail-start.0 splogger.0 spfquery.0 \ +qmail-queue.0 qmail-inject.0 mailsubj.0 qmail-showctl.0 qmail-newu.0 qmail-qmaint.0 \ +qmail-badmimetypes.0 qmail-badloadertypes.0 qmail-recipients.0 qmail-mfrules.0 \ +qmail-pw2u.0 qmail-qread.0 qmail-qstat.0 qmail-tcpto.0 qmail-tcpok.0 \ +qmail-pop3d.0 qmail-popup.0 qmail-qmqpc.0 qmail-qmqpd.0 qmail-qmtpd.0 \ +qmail-smtpd.0 qmail-newmrh.0 qmail-mrtg.0 qmail-users.0 qreceipt.0 qbiff.0 \ +forward.0 preline.0 condredirect.0 bouncesaying.0 except.0 maildirmake.0 \ +maildir2mbox.0 maildirwatch.0 sqmail.0 tai64nfrac.0 \ +columnt.0 matchup.0 xqp.0 xrecipient.0 xsender.0 newaliases.0 newinclude.0 \ +fastforward.0 printforward.0 printmaillist.0 setforward.0 setmaillist.0 \ +srsforward.0 srsreverse.0 \ +qmail-dkim.0 qmail-dksign.0 qmail-dkverify.0 \ + +newaliases.0: \ +newaliases.1 + nroff -man newaliases.1 > newaliases.0 + +newinclude.0: \ +newinclude.1 + nroff -man newinclude.1 > newinclude.0 + +preline.0: \ +preline.1 + nroff -man preline.1 > preline.0 + +printforward.0: \ +printforward.1 + nroff -man printforward.1 > printforward.0 + +printmaillist.0: \ +printmaillist.1 + nroff -man printmaillist.1 > printmaillist.0 + +qbiff.0: \ +qbiff.1 + nroff -man qbiff.1 > qbiff.0 + +qmail-clean.0: \ +qmail-clean.8 + nroff -man qmail-clean.8 > qmail-clean.0 + +qmail-authuser.0: \ +qmail-authuser.8 + nroff -man qmail-authuser.8 > qmail-authuser.0 + +qmail-authuser.8: \ +qmail-authuser.9 ../conf-home + cat qmail-authuser.9 \ + | sed s}SQMAIL}"`head -1 ../conf-home`"}g \ + > qmail-authuser.8 + +qmail-badmimetypes.0: \ +qmail-badmimetypes.8 + nroff -man qmail-badmimetypes.8 > qmail-badmimetypes.0 + +qmail-badmimetypes.8: \ +qmail-badmimetypes.9 ../conf-home + cat qmail-badmimetypes.9 \ + | sed s}SQMAIL}"`head -1 ../conf-home`"}g \ + > qmail-badmimetypes.8 + +qmail-badloadertypes.0: \ +qmail-badloadertypes.8 + nroff -man qmail-badloadertypes.8 > qmail-badloadertypes.0 + +qmail-badloadertypes.8: \ +qmail-badloadertypes.9 ../conf-home + cat qmail-badloadertypes.9 \ + | sed s}SQMAIL}"`head -1 ../conf-home`"}g \ + > qmail-badloadertypes.8 + +qmail-command.0: \ +qmail-command.8 + nroff -man qmail-command.8 > qmail-command.0 + +qmail-control.0: \ +qmail-control.5 + nroff -man qmail-control.5 > qmail-control.0 + +qmail-control.5: \ +qmail-control.9 ../conf-home + cat qmail-control.9 \ + | sed s}SQMAIL}"`head -1 ../conf-home`"}g \ + > qmail-control.5 + +qmail-dkim.0: \ +qmail-dkim.8 + nroff -man qmail-dkim.8 > qmail-dkim.0 + +qmail-dksign.0: \ +qmail-dksign.8 + nroff -man qmail-dksign.8 > qmail-dksign.0 + +qmail-dksign.8: \ +qmail-dksign.9 ../conf-home + cat qmail-dksign.9 \ + | sed s}SQMAIL}"`head -1 ../conf-home`"}g \ + > qmail-dksign.8 + +qmail-dkverify.0: \ +qmail-dkverify.8 + nroff -man qmail-dkverify.8 > qmail-dkverify.0 + +qmail-getpw.0: \ +qmail-getpw.8 + nroff -man qmail-getpw.8 > qmail-getpw.0 + +qmail-getpw.8: \ +qmail-getpw.9 ../conf-home + cat qmail-getpw.9 \ + | sed s}SQMAIL}"`head -1 ../conf-home`"}g \ + > qmail-getpw.8 + +qmail-header.0: \ +qmail-header.5 + nroff -man qmail-header.5 > qmail-header.0 + +qmail-inject.0: \ +qmail-inject.8 + nroff -man qmail-inject.8 > qmail-inject.0 + +qmail-limits.0: \ +qmail-limits.7 + nroff -man qmail-limits.7 > qmail-limits.0 + +qmail-limits.7: \ +qmail-limits.9 ../conf-home ../conf-break ../conf-spawn + cat qmail-limits.9 \ + | sed s}SQMAIL}"`head -1 ../conf-home`"}g \ + | sed s}BREAK}"`head -1 ../conf-break`"}g \ + | sed s}SPAWN}"`head -1 ../conf-spawn`"}g \ + > qmail-limits.7 + +qmail-local.0: \ +qmail-local.8 + nroff -man qmail-local.8 > qmail-local.0 + +qmail-log.0: \ +qmail-log.5 + nroff -man qmail-log.5 > qmail-log.0 + +qmail-lspawn.0: \ +qmail-lspawn.8 + nroff -man qmail-lspawn.8 > qmail-lspawn.0 + +qmail-mfrules.0: \ +qmail-mfrules.8 + nroff -man qmail-mfrules.8 > qmail-mfrules.0 + +qmail-mfrules.8: \ +qmail-mfrules.9 ../conf-home + cat qmail-mfrules.9 \ + | sed s}SQMAIL}"`head -1 ../conf-home`"}g \ + > qmail-mfrules.8 + +qmail-mrtg.0: \ +qmail-mrtg.8 + nroff -man qmail-mrtg.8 > qmail-mrtg.0 + +qmail-newmrh.0: \ +qmail-newmrh.8 + nroff -man qmail-newmrh.8 > qmail-newmrh.0 + +qmail-newmrh.8: \ +qmail-newmrh.9 ../conf-home + cat qmail-newmrh.9 \ + | sed s}SQMAIL}"`head -1 ../conf-home`"}g \ + > qmail-newmrh.8 + +qmail-newu.0: \ +qmail-newu.8 + nroff -man qmail-newu.8 > qmail-newu.0 + +qmail-newu.8: \ +qmail-newu.9 ../conf-home + cat qmail-newu.9 \ + | sed s}SQMAIL}"`head -1 ../conf-home`"}g \ + > qmail-newu.8 + +qmail-pop3d.0: \ +qmail-pop3d.8 + nroff -man qmail-pop3d.8 > qmail-pop3d.0 + +qmail-popup.0: \ +qmail-popup.8 + nroff -man qmail-popup.8 > qmail-popup.0 + +qmail-postgrey.0: \ +qmail-postgrey.8 + nroff -man qmail-postgrey.8 > qmail-postgrey.0 + +qmail-pw2u.0: \ +qmail-pw2u.8 + nroff -man qmail-pw2u.8 > qmail-pw2u.0 + +qmail-pw2u.8: \ +qmail-pw2u.9 ../conf-home + cat qmail-pw2u.9 \ + | sed s}SQMAIL}"`head -1 ../conf-home`"}g \ + > qmail-pw2u.8 + +qmail-qmqpc.0: \ +qmail-qmqpc.8 + nroff -man qmail-qmqpc.8 > qmail-qmqpc.0 + +qmail-qmqpd.0: \ +qmail-qmqpd.8 + nroff -man qmail-qmqpd.8 > qmail-qmqpd.0 + +qmail-qmtpd.0: \ +qmail-qmtpd.8 + nroff -man qmail-qmtpd.8 > qmail-qmtpd.0 + +qmail-qread.0: \ +qmail-qread.8 + nroff -man qmail-qread.8 > qmail-qread.0 + +qmail-qstat.0: \ +qmail-qstat.8 + nroff -man qmail-qstat.8 > qmail-qstat.0 + +qmail-qmaint.0: \ +qmail-qmaint.8 + nroff -man qmail-qmaint.8 > qmail-qmaint.0 + +qmail-queue.0: \ +qmail-queue.8 + nroff -man qmail-queue.8 > qmail-queue.0 + +qmail-recipients.0: \ +qmail-recipients.8 + nroff -man qmail-recipients.8 > qmail-recipients.0 + +qmail-recipients.8: \ +qmail-recipients.9 ../conf-home + cat qmail-recipients.9 \ + | sed s}SQMAIL}"`head -1 ../conf-home`"}g \ + > qmail-recipients.8 + +qmail-remote.0: \ +qmail-remote.8 + nroff -man qmail-remote.8 > qmail-remote.0 + +qmail-rspawn.0: \ +qmail-rspawn.8 + nroff -man qmail-rspawn.8 > qmail-rspawn.0 + +qmail-send.0: \ +qmail-send.8 + nroff -man qmail-send.8 > qmail-send.0 + +qmail-send.8: \ +qmail-send.9 ../conf-home + cat qmail-send.9 \ + | sed s}SQMAIL}"`head -1 ../conf-home`"}g \ + > qmail-send.8 + +qmail-showctl.0: \ +qmail-showctl.8 + nroff -man qmail-showctl.8 > qmail-showctl.0 + +qmail-smtpam.0: \ +qmail-smtpam.8 + nroff -man qmail-smtpam.8 > qmail-smtpam.0 + +qmail-smtpd.0: \ +qmail-smtpd.8 + nroff -man qmail-smtpd.8 > qmail-smtpd.0 + +qmail-start.0: \ +qmail-start.8 + nroff -man qmail-start.8 > qmail-start.0 + +qmail-start.8: \ +qmail-start.9 ../conf-home ../conf-break ../conf-spawn + cat qmail-start.9 \ + | sed s}SQMAIL}"`head -1 ../conf-home`"}g \ + | sed s}BREAK}"`head -1 ../conf-break`"}g \ + | sed s}SPAWN}"`head -1 ../conf-spawn`"}g \ + > qmail-start.8 + +qmail-tcpok.0: \ +qmail-tcpok.8 + nroff -man qmail-tcpok.8 > qmail-tcpok.0 + +qmail-tcpto.0: \ +qmail-tcpto.8 + nroff -man qmail-tcpto.8 > qmail-tcpto.0 + +qmail-todo.0: \ +qmail-todo.8 + nroff -man qmail-todo.8 > qmail-todo.0 + +qmail-users.0: \ +qmail-users.5 + nroff -man qmail-users.5 > qmail-users.0 + +qmail-users.5: \ +qmail-users.9 ../conf-home + cat qmail-users.9 \ + | sed s}SQMAIL}"`head -1 ../conf-home`"}g \ + > qmail-users.5 + +qmail-vmailuser.0: \ +qmail-vmailuser.8 + nroff -man qmail-vmailuser.8 > qmail-vmailuser.0 + +qmail-vmailuser.8: \ +qmail-vmailuser.9 ../conf-home + cat qmail-vmailuser.9 \ + | sed s}SQMAIL}"`head -1 ../conf-home`"}g \ + > qmail-vmailuser.8 + +qreceipt.0: \ +qreceipt.1 + nroff -man qreceipt.1 > qreceipt.0 + +setforward.0: \ +setforward.1 + nroff -man setforward.1 > setforward.0 + +setmaillist.0: \ +setmaillist.1 + nroff -man setmaillist.1 > setmaillist.0 + +spfquery.0: \ +spfquery.8 + nroff -man spfquery.8 > spfquery.0 + +splogger.0: \ +splogger.8 + nroff -man splogger.8 > splogger.0 + +sqmail.0: \ +sqmail.7 + nroff -man sqmail.7 > sqmail.0 + +sqmail.7: \ +sqmail.9 ../package/version + cat sqmail.9 \ + | sed s}VERSION}"`head -1 ../package/version`"}g \ + > sqmail.7 + +srsforward.0: \ +srsforward.1 + nroff -man srsforward.1 > srsforward.0 + +srsreverse.0: \ +srsreverse.8 + nroff -man srsreverse.8 > srsreverse.0 + +srsreverse.8: \ +srsreverse.9 ../conf-home + cat srsreverse.9 \ + | sed s}SQMAIL}"`head -1 ../conf-home`"}g \ + > srsreverse.8 + +tai64nfrac.0: \ +tai64nfrac.5 + nroff -man tai64nfrac.5 > tai64nfrac.0 + +tcp-environ.0: \ +tcp-environ.5 + nroff -man tcp-environ.5 > tcp-environ.0 + +xqp.0: \ +xqp.1 + nroff -man xqp.1 > xqp.0 + +xrecipient.0: \ +xrecipient.1 + nroff -man xrecipient.1 > xrecipient.0 + +xsender.0: \ +xsender.1 + nroff -man xsender.1 > xsender.0 + +clean: \ +TARGETS + rm -f `cat TARGETS` +# gzip -q -d *.gz + diff --git a/man/Makefile.mandoc b/man/Makefile.mandoc new file mode 100644 index 0000000..3369cbb --- /dev/null +++ b/man/Makefile.mandoc @@ -0,0 +1,512 @@ +# Don't edit Makefile! Use ../conf-* for configuration. + +SHELL=/bin/sh + +default: modules docs dns + +addresses.0: \ +addresses.5 + mandoc -man addresses.5 > addresses.0 + +bouncesaying.0: \ +bouncesaying.1 + mandoc -man bouncesaying.1 > bouncesaying.0 + +columnt.0: \ +columnt.1 + mandoc -man columnt.1 > columnt.0 + +condredirect.0: \ +condredirect.1 + mandoc -man condredirect.1 > condredirect.0 + +dns:\ +dnscname.0 dnsfq.0 dnsip.0 dnsmxip.0 dnsptr.0 dnstxt.0 \ +hostname.0 ipmeprint.0 + +dnscname.0: \ +dnscname.8 + mandoc -man dnscname.8 > dnscname.0 + +dnsfq.0: \ +dnsfq.8 + mandoc -man dnsfq.8 > dnsfq.0 + +dnsip.0: \ +dnsip.8 + mandoc -man dnsip.8 > dnsip.0 + +dnsmxip.0: \ +dnsmxip.8 + mandoc -man dnsmxip.8 > dnsmxip.0 + +dnsptr.0: \ +dnsptr.8 + mandoc -man dnsptr.8 > dnsptr.0 + +dnstxt.0: \ +dnstxt.8 + mandoc -man dnstxt.8 > dnstxt.0 + +datetime.0: \ +datetime.3 + mandoc -man datetime.3 > datetime.0 + +docs:\ +addresses.0 dot-qmail.0 envelopes.0 forgeries.0 mbox.0 maildir.0 \ +qmail-command.0 qmail-control.0 qmail-header.0 qmail-limits.0 \ +tcp-environ.0 + +dot-qmail.0: \ +dot-qmail.5 + mandoc -man dot-qmail.5 > dot-qmail.0 + +dot-qmail.5: \ +dot-qmail.9 ../conf-home ../conf-break ../conf-spawn + cat dot-qmail.9 \ + | sed s}SQMAIL}"`head -1 ../conf-home`"}g \ + | sed s}BREAK}"`head -1 ../conf-break`"}g \ + | sed s}SPAWN}"`head -1 ../conf-spawn`"}g \ + > dot-qmail.5 + +envelopes.0: \ +envelopes.5 + mandoc -man envelopes.5 > envelopes.0 + +except.0: \ +except.1 + mandoc -man except.1 > except.0 + +fastforward.0: \ +fastforward.1 + mandoc -man fastforward.1 > fastforward.0 + +forgeries.0: \ +forgeries.7 + mandoc -man forgeries.7 > forgeries.0 + +forward.0: \ +forward.1 + mandoc -man forward.1 > forward.0 + +hostname.0: \ +hostname.8 + mandoc -man hostname.8 > hostname.0 + +ipmeprint.0: \ +ipmeprint.8 + mandoc -man ipmeprint.8 > ipmeprint.0 + +maildir.0: \ +maildir.5 + mandoc -man maildir.5 > maildir.0 + +maildir2mbox.0: \ +maildir2mbox.1 + mandoc -man maildir2mbox.1 > maildir2mbox.0 + +maildirmake.0: \ +maildirmake.1 + mandoc -man maildirmake.1 > maildirmake.0 + +maildirwatch.0: \ +maildirwatch.1 + mandoc -man maildirwatch.1 > maildirwatch.0 + +mailsubj.0: \ +mailsubj.1 + mandoc -man mailsubj.1 > mailsubj.0 + +matchup.0: \ +matchup.1 + mandoc -man matchup.1 > matchup.0 + +mbox.0: \ +mbox.5 + mandoc -man mbox.5 > mbox.0 + +modules: \ +qmail-local.0 qmail-lspawn.0 qmail-getpw.0 qmail-remote.0 qmail-smtpam.0 \ +qmail-todo.0 qmail-vmailuser.0 qmail-authuser.0 qmail-postgrey.0 \ +qmail-rspawn.0 qmail-clean.0 qmail-send.0 qmail-start.0 splogger.0 spfquery.0 \ +qmail-queue.0 qmail-inject.0 mailsubj.0 qmail-showctl.0 qmail-newu.0 qmail-qmaint.0 \ +qmail-badmimetypes.0 qmail-badloadertypes.0 qmail-recipients.0 qmail-mfrules.0 \ +qmail-pw2u.0 qmail-qread.0 qmail-qstat.0 qmail-tcpto.0 qmail-tcpok.0 \ +qmail-pop3d.0 qmail-popup.0 qmail-qmqpc.0 qmail-qmqpd.0 qmail-qmtpd.0 \ +qmail-smtpd.0 qmail-newmrh.0 qmail-mrtg.0 qmail-users.0 qreceipt.0 qbiff.0 \ +forward.0 preline.0 condredirect.0 bouncesaying.0 except.0 maildirmake.0 \ +maildir2mbox.0 maildirwatch.0 sqmail.0 tai64nfrac.0 \ +columnt.0 matchup.0 xqp.0 xrecipient.0 xsender.0 newaliases.0 newinclude.0 \ +fastforward.0 printforward.0 printmaillist.0 setforward.0 setmaillist.0 \ +srsforward.0 srsreverse.0 \ +qmail-dkim.0 qmail-dksign.0 qmail-dkverify.0 \ + +newaliases.0: \ +newaliases.1 + mandoc -man newaliases.1 > newaliases.0 + +newinclude.0: \ +newinclude.1 + mandoc -man newinclude.1 > newinclude.0 + +preline.0: \ +preline.1 + mandoc -man preline.1 > preline.0 + +printforward.0: \ +printforward.1 + mandoc -man printforward.1 > printforward.0 + +printmaillist.0: \ +printmaillist.1 + mandoc -man printmaillist.1 > printmaillist.0 + +qbiff.0: \ +qbiff.1 + mandoc -man qbiff.1 > qbiff.0 + +qmail-clean.0: \ +qmail-clean.8 + mandoc -man qmail-clean.8 > qmail-clean.0 + +qmail-authuser.0: \ +qmail-authuser.8 + mandoc -man qmail-authuser.8 > qmail-authuser.0 + +qmail-authuser.8: \ +qmail-authuser.9 ../conf-home + cat qmail-authuser.9 \ + | sed s}SQMAIL}"`head -1 ../conf-home`"}g \ + > qmail-authuser.8 + +qmail-badmimetypes.0: \ +qmail-badmimetypes.8 + mandoc -man qmail-badmimetypes.8 > qmail-badmimetypes.0 + +qmail-badmimetypes.8: \ +qmail-badmimetypes.9 ../conf-home + cat qmail-badmimetypes.9 \ + | sed s}SQMAIL}"`head -1 ../conf-home`"}g \ + > qmail-badmimetypes.8 + +qmail-badloadertypes.0: \ +qmail-badloadertypes.8 + mandoc -man qmail-badloadertypes.8 > qmail-badloadertypes.0 + +qmail-badloadertypes.8: \ +qmail-badloadertypes.9 ../conf-home + cat qmail-badloadertypes.9 \ + | sed s}SQMAIL}"`head -1 ../conf-home`"}g \ + > qmail-badloadertypes.8 + +qmail-command.0: \ +qmail-command.8 + mandoc -man qmail-command.8 > qmail-command.0 + +qmail-control.0: \ +qmail-control.5 + mandoc -man qmail-control.5 > qmail-control.0 + +qmail-control.5: \ +qmail-control.9 ../conf-home + cat qmail-control.9 \ + | sed s}SQMAIL}"`head -1 ../conf-home`"}g \ + > qmail-control.5 + +qmail-dkim.0: \ +qmail-dkim.8 + mandoc -man qmail-dkim.8 > qmail-dkim.0 + +qmail-dksign.0: \ +qmail-dksign.8 + mandoc -man qmail-dksign.8 > qmail-dksign.0 + +qmail-dksign.8: \ +qmail-dksign.9 ../conf-home + cat qmail-dksign.9 \ + | sed s}SQMAIL}"`head -1 ../conf-home`"}g \ + > qmail-dksign.8 + +qmail-dkverify.0: \ +qmail-dkverify.8 + mandoc -man qmail-dkverify.8 > qmail-dkverify.0 + +qmail-getpw.0: \ +qmail-getpw.8 + mandoc -man qmail-getpw.8 > qmail-getpw.0 + +qmail-getpw.8: \ +qmail-getpw.9 ../conf-home + cat qmail-getpw.9 \ + | sed s}SQMAIL}"`head -1 ../conf-home`"}g \ + > qmail-getpw.8 + +qmail-header.0: \ +qmail-header.5 + mandoc -man qmail-header.5 > qmail-header.0 + +qmail-inject.0: \ +qmail-inject.8 + mandoc -man qmail-inject.8 > qmail-inject.0 + +qmail-limits.0: \ +qmail-limits.7 + mandoc -man qmail-limits.7 > qmail-limits.0 + +qmail-limits.7: \ +qmail-limits.9 ../conf-home ../conf-break ../conf-spawn + cat qmail-limits.9 \ + | sed s}SQMAIL}"`head -1 ../conf-home`"}g \ + | sed s}BREAK}"`head -1 ../conf-break`"}g \ + | sed s}SPAWN}"`head -1 ../conf-spawn`"}g \ + > qmail-limits.7 + +qmail-local.0: \ +qmail-local.8 + mandoc -man qmail-local.8 > qmail-local.0 + +qmail-log.0: \ +qmail-log.5 + mandoc -man qmail-log.5 > qmail-log.0 + +qmail-lspawn.0: \ +qmail-lspawn.8 + mandoc -man qmail-lspawn.8 > qmail-lspawn.0 + +qmail-mfrules.0: \ +qmail-mfrules.8 + mandoc -man qmail-mfrules.8 > qmail-mfrules.0 + +qmail-mfrules.8: \ +qmail-mfrules.9 ../conf-home + cat qmail-mfrules.9 \ + | sed s}SQMAIL}"`head -1 ../conf-home`"}g \ + > qmail-mfrules.8 + +qmail-mrtg.0: \ +qmail-mrtg.8 + mandoc -man qmail-mrtg.8 > qmail-mrtg.0 + +qmail-newmrh.0: \ +qmail-newmrh.8 + mandoc -man qmail-newmrh.8 > qmail-newmrh.0 + +qmail-newmrh.8: \ +qmail-newmrh.9 ../conf-home + cat qmail-newmrh.9 \ + | sed s}SQMAIL}"`head -1 ../conf-home`"}g \ + > qmail-newmrh.8 + +qmail-newu.0: \ +qmail-newu.8 + mandoc -man qmail-newu.8 > qmail-newu.0 + +qmail-newu.8: \ +qmail-newu.9 ../conf-home + cat qmail-newu.9 \ + | sed s}SQMAIL}"`head -1 ../conf-home`"}g \ + > qmail-newu.8 + +qmail-pop3d.0: \ +qmail-pop3d.8 + mandoc -man qmail-pop3d.8 > qmail-pop3d.0 + +qmail-popup.0: \ +qmail-popup.8 + mandoc -man qmail-popup.8 > qmail-popup.0 + +qmail-postgrey.0: \ +qmail-postgrey.8 + mandoc -man qmail-postgrey.8 > qmail-postgrey.0 + +qmail-pw2u.0: \ +qmail-pw2u.8 + mandoc -man qmail-pw2u.8 > qmail-pw2u.0 + +qmail-pw2u.8: \ +qmail-pw2u.9 ../conf-home + cat qmail-pw2u.9 \ + | sed s}SQMAIL}"`head -1 ../conf-home`"}g \ + > qmail-pw2u.8 + +qmail-qmqpc.0: \ +qmail-qmqpc.8 + mandoc -man qmail-qmqpc.8 > qmail-qmqpc.0 + +qmail-qmqpd.0: \ +qmail-qmqpd.8 + mandoc -man qmail-qmqpd.8 > qmail-qmqpd.0 + +qmail-qmtpd.0: \ +qmail-qmtpd.8 + mandoc -man qmail-qmtpd.8 > qmail-qmtpd.0 + +qmail-qread.0: \ +qmail-qread.8 + mandoc -man qmail-qread.8 > qmail-qread.0 + +qmail-qstat.0: \ +qmail-qstat.8 + mandoc -man qmail-qstat.8 > qmail-qstat.0 + +qmail-qmaint.0: \ +qmail-qmaint.8 + mandoc -man qmail-qmaint.8 > qmail-qmaint.0 + +qmail-queue.0: \ +qmail-queue.8 + mandoc -man qmail-queue.8 > qmail-queue.0 + +qmail-recipients.0: \ +qmail-recipients.8 + mandoc -man qmail-recipients.8 > qmail-recipients.0 + +qmail-recipients.8: \ +qmail-recipients.9 ../conf-home + cat qmail-recipients.9 \ + | sed s}SQMAIL}"`head -1 ../conf-home`"}g \ + > qmail-recipients.8 + +qmail-remote.0: \ +qmail-remote.8 + mandoc -man qmail-remote.8 > qmail-remote.0 + +qmail-rspawn.0: \ +qmail-rspawn.8 + mandoc -man qmail-rspawn.8 > qmail-rspawn.0 + +qmail-send.0: \ +qmail-send.8 + mandoc -man qmail-send.8 > qmail-send.0 + +qmail-send.8: \ +qmail-send.9 ../conf-home + cat qmail-send.9 \ + | sed s}SQMAIL}"`head -1 ../conf-home`"}g \ + > qmail-send.8 + +qmail-showctl.0: \ +qmail-showctl.8 + mandoc -man qmail-showctl.8 > qmail-showctl.0 + +qmail-smtpam.0: \ +qmail-smtpam.8 + mandoc -man qmail-smtpam.8 > qmail-smtpam.0 + +qmail-smtpd.0: \ +qmail-smtpd.8 + mandoc -man qmail-smtpd.8 > qmail-smtpd.0 + +qmail-start.0: \ +qmail-start.8 + mandoc -man qmail-start.8 > qmail-start.0 + +qmail-start.8: \ +qmail-start.9 ../conf-home ../conf-break ../conf-spawn + cat qmail-start.9 \ + | sed s}SQMAIL}"`head -1 ../conf-home`"}g \ + | sed s}BREAK}"`head -1 ../conf-break`"}g \ + | sed s}SPAWN}"`head -1 ../conf-spawn`"}g \ + > qmail-start.8 + +qmail-tcpok.0: \ +qmail-tcpok.8 + mandoc -man qmail-tcpok.8 > qmail-tcpok.0 + +qmail-tcpto.0: \ +qmail-tcpto.8 + mandoc -man qmail-tcpto.8 > qmail-tcpto.0 + +qmail-todo.0: \ +qmail-todo.8 + mandoc -man qmail-todo.8 > qmail-todo.0 + +qmail-users.0: \ +qmail-users.5 + mandoc -man qmail-users.5 > qmail-users.0 + +qmail-users.5: \ +qmail-users.9 ../conf-home + cat qmail-users.9 \ + | sed s}SQMAIL}"`head -1 ../conf-home`"}g \ + > qmail-users.5 + +qmail-vmailuser.0: \ +qmail-vmailuser.8 + mandoc -man qmail-vmailuser.8 > qmail-vmailuser.0 + +qmail-vmailuser.8: \ +qmail-vmailuser.9 ../conf-home + cat qmail-vmailuser.9 \ + | sed s}SQMAIL}"`head -1 ../conf-home`"}g \ + > qmail-vmailuser.8 + +qreceipt.0: \ +qreceipt.1 + mandoc -man qreceipt.1 > qreceipt.0 + +setforward.0: \ +setforward.1 + mandoc -man setforward.1 > setforward.0 + +setmaillist.0: \ +setmaillist.1 + mandoc -man setmaillist.1 > setmaillist.0 + +spfquery.0: \ +spfquery.8 + mandoc -man spfquery.8 > spfquery.0 + +splogger.0: \ +splogger.8 + mandoc -man splogger.8 > splogger.0 + +sqmail.0: \ +sqmail.7 + mandoc -man sqmail.7 > sqmail.0 + +sqmail.7: \ +sqmail.9 ../package/version + cat sqmail.9 \ + | sed s}VERSION}"`head -1 ../package/version`"}g \ + > sqmail.7 + +srsforward.0: \ +srsforward.1 + mandoc -man srsforward.1 > srsforward.0 + +srsreverse.0: \ +srsreverse.8 + mandoc -man srsreverse.8 > srsreverse.0 + +srsreverse.8: \ +srsreverse.9 ../conf-home + cat srsreverse.9 \ + | sed s}SQMAIL}"`head -1 ../conf-home`"}g \ + > srsreverse.8 + +tai64nfrac.0: \ +tai64nfrac.5 + mandoc -man tai64nfrac.5 > tai64nfrac.0 + +tcp-environ.0: \ +tcp-environ.5 + mandoc -man tcp-environ.5 > tcp-environ.0 + +xqp.0: \ +xqp.1 + mandoc -man xqp.1 > xqp.0 + +xrecipient.0: \ +xrecipient.1 + mandoc -man xrecipient.1 > xrecipient.0 + +xsender.0: \ +xsender.1 + mandoc -man xsender.1 > xsender.0 + +clean: \ +TARGETS + rm -f `cat TARGETS` +# gzip -q -d *.gz + diff --git a/man/TARGETS b/man/TARGETS new file mode 100644 index 0000000..89773bb --- /dev/null +++ b/man/TARGETS @@ -0,0 +1,105 @@ +addresses.0 +bouncesaying.0 +columnt.0 +condredirect.0 +datetime.0 +dot-qmail.0 +dot-qmail.5 +dnscname.0 +dnsfq.0 +dnsip.0 +dnsptr.0 +dnsmxip.0 +dnstxt.0 +envelopes.0 +except.0 +fastforward.0 +forgeries.0 +forward.0 +hostname.0 +ipmeprint.0 +maildir.0 +maildir2mbox.0 +maildirmake.0 +maildirwatch.0 +mailsubj.0 +matchup.0 +mbox.0 +newaliases.0 +newinclude.0 +preline.0 +printforward.0 +printmaillist.0 +qbiff.0 +qmail-authuser.0 +qmail-authuser.8 +qmail-badloadertypes.0 +qmail-badloadertypes.8 +qmail-badmimetypes.0 +qmail-badmimetypes.8 +qmail-clean.0 +qmail-command.0 +qmail-dksign.0 +qmail-dksign.8 +qmail-dkim.0 +qmail-dkverify.0 +qmail-getpw.0 +qmail-getpw.8 +qmail-header.0 +qmail-inject.0 +qmail-limits.0 +qmail-limits.7 +qmail-local.0 +qmail-lspawn.0 +qmail-mfrules.0 +qmail-mfrules.8 +qmail-mrtg.0 +qmail-newmrh.0 +qmail-newmrh.8 +qmail-newu.0 +qmail-newu.8 +qmail-pop3d.0 +qmail-popup.0 +qmail-postgrey.0 +qmail-pw2u.0 +qmail-pw2u.8 +qmail-qmqpc.0 +qmail-qmqpd.0 +qmail-qmtpd.0 +qmail-qread.0 +qmail-qstat.0 +qmail-qmaint.0 +qmail-queue.0 +qmail-recipients.0 +qmail-recipients.8 +qmail-remote.0 +qmail-rspawn.0 +qmail-send.0 +qmail-send.8 +qmail-showctl.0 +qmail-smtpam.0 +qmail-smtpd.0 +qmail-start.0 +qmail-start.8 +qmail-tcpok.0 +qmail-tcpto.0 +qmail-todo.0 +qmail-users.0 +qmail-users.5 +qmail-vmailuser.0 +qmail-vmailuser.8 +qreceipt.0 +setforward.0 +setmaillist.0 +spfquery.0 +splogger.0 +sqmail.0 +sqmail.7 +srsforward.0 +srsreverse.0 +srsreverse.8 +tai64nfrac.0 +tcp-environ.0 +xqp.0 +xrecipient.0 +xsender.0 diff --git a/man/addresses.5 b/man/addresses.5 new file mode 100644 index 0000000..72a234f --- /dev/null +++ b/man/addresses.5 @@ -0,0 +1,260 @@ +.TH s/qmail: addresses 5 +.SH "NAME" +addresses \- formats for Internet mail addresses +.SH "INTRODUCTION" +A +.B mail address +is a string of characters containing @. + +Every mail address has a +.B local part +and a +.B domain part\fR. +The domain part is everything after the final @. +The local part is everything before. + +For example, the mail addresses + +.EX + God@heaven.af.mil + @heaven.af.mil + @at@@heaven.af.mil +.EE + +all have domain part +.BR heaven.af.mil . +The local parts are +.BR God , +empty, +and +.BR @at@ . + +Some domains have owners. +It is up to the owner of +.B heaven.af.mil +to say how mail messages will be delivered to addresses with domain part +.BR heaven.af.mil . + +The domain part of an address is interpreted without regard to case, so + +.EX + God@heaven.af.mil +.br + God@HEAVEN.AF.MIL +.br + God@Heaven.AF.Mil +.EE + +all refer to the same domain. + +There is one exceptional address that does not contain an @: +namely, the empty string. +The empty string cannot be used as a recipient address. +It can be used as a sender address so that +the real sender doesn't receive bounces. +.SH "QMAIL EXTENSIONS" +The +.B qmail +system allows several further types of addresses in mail envelopes. + +First, an envelope recipient address without an @ is interpreted as being at +.IR envnoathost . +For example, if +.I envnoathost +is +.BR heaven.af.mil , +the address +.B God +will be rewritten as +.BR God@heaven.af.mil . + +Second, the address +.B #@[] +is used as an envelope sender address for double bounces. + +Third, envelope sender addresses of the form +.I pre\fB@\fIhost\fB-@[] +are used to support variable envelope return paths (VERPs). +.B qmail-send +will rewrite +.I pre\fB@\fIhost\fB-@[] +as +.I prerecip\fB=\fIdomain\fB@\fIhost +for deliveries to +.IR recip\fB@\fIdomain . +Bounces directly from +.B qmail-send +will come back to +.IR pre\fB@\fIhost . +.SH "CHOOSING MAIL ADDRESSES" +Here are some suggestions on choosing mail addresses for the Internet. + +Do not use non-ASCII characters. +Under RFC 822 and RFC 821, +these characters cannot be used in mail headers or in SMTP commands. +In practice, they are regularly corrupted. + +Do not use ASCII control characters. +NUL is regularly corrupted. +CR and LF cannot be used in some combinations +and are corrupted in all. +None of these characters are usable on business cards. + +Avoid spaces and the characters + +.EX + \\"<>()[],;: +.EE + +These all require quoting in mail headers and in SMTP. +Many existing mail programs do not handle quoting properly. + +Do not use @ in a local part. +@ requires quoting in mail headers and in SMTP. +Many programs incorrectly look for the first @, +rather than the last @, +to find the domain part of an address. + +In a local part, +do not use two consecutive dots, a dot at the beginning, or a dot at the end. +Any of these would require quoting in mail headers. + +Do not use an empty local part; it cannot appear in SMTP commands. + +Avoid local parts longer than 64 characters. + +Be wary of uppercase letters in local parts. +Some mail programs (and users!) will incorrectly convert +.B God@heaven.af.mil +to +.BR god@heaven.af.mil . + +Be wary of the following characters: + +.EX + $&!#~`'^*|{} +.EE + +Some users will not know +how to feed these characters safely to their mail programs. + +In domain names, stick to letters, digits, dash, and dot. +One popular DNS resolver has, +under the banner of security, +recently begun destroying domain names +that contain certain other characters, +including underscore. +Exception: A dotted-decimal IP address in brackets, +such as +.BR [127.0.0.1] , +identifies a domain owned by whoever owns the host at that IP address, +and can be used safely. + +In a domain name, +do not use two consecutive dots, +a dot at the beginning, +or a dot at the end. +This means that, +when a domain name is broken down into components separated by dots, +there are no empty components. + +Always use at least one dot in a domain name. +If you own the +.B mil +domain, +don't bother using the address +.BR root@mil ; +most users will be unable to send messages to that address. +Same for the root domain. + +Avoid domain names longer than 64 characters. +.SH "ENCODED ADDRESSES IN SMTP COMMANDS" +RFC 821 defines an encoding of mail addresses in SMTP. +For example, the addresses + +.EX + God@heaven.af.mil +.br + a"quote@heaven.af.mil +.br + The Almighty.One@heaven.af.mil +.EE + +could be encoded in RCPT commands as + +.EX + RCPT TO: +.br + RCPT TO: +.br + RCPT TO: +.EE + +There are several restrictions in RFC 821 +on the mail addresses that can be used over SMTP. +Non-ASCII characters are prohibited. +The local part must not be empty. +The domain part must be a sequence of elements separated by dots, +where each element is either a component, +a sequence of digits preceded by #, +or a dotted-decimal IP address surrounded by brackets. +The only allowable characters in components are +letters, digits, and dashes. +Every component must (believe it or not) +have at least three characters; +the first character must be a letter; +the last character must not be a hyphen. +.SH "ENCODED ADDRESSES IN MAIL HEADERS" +RFC 822 defines an encoding of mail addresses +in certain header fields in a mail message. +For example, the addresses + +.EX + God@heaven.af.mil +.br + a"quote@heaven.af.mil +.br + The Almighty.One@heaven.af.mil +.EE + +could be encoded in a +.B To +field as + +.EX + To: God@heaven.af.mil, +.br + <@brl.mil:"a\\"quote"@heaven.af.mil>, +.br + "The Almighty".One@heaven.af.mil +.EE + +or perhaps + +.EX + To: < "God"@heaven .af.mil>, +.br + "a\\"quote" (Who?) @ heaven . af. mil +.br + , God<"The Almighty.One"@heaven.af.mil> +.EE + +There are several restrictions on the mail addresses that can +be used in these header fields. +Non-ASCII characters are prohibited. +The domain part must be a sequence of elements separated by dots, +where each element either (1) begins with [ and ends with ] +or (2) is a nonempty string of printable ASCII characters +not including any of + +.EX + \\".<>()[],;: +.EE + +and not including space. +.SH "SEE ALSO" +envelopes(5), +qmail-header(5), +qmail-inject(8), +qmail-remote(8), +qmail-smtpd(8) diff --git a/man/bouncesaying.1 b/man/bouncesaying.1 new file mode 100644 index 0000000..9f46b67 --- /dev/null +++ b/man/bouncesaying.1 @@ -0,0 +1,71 @@ +.TH s/qmail: bouncesaying 1 +.SH NAME +bouncesaying \- perhaps bounce each incoming message +.SH SYNOPSIS +in +.BR .qmail : +.B |bouncesaying +.I error +[ +.I program +[ +.I arg ... +] +] +.SH DESCRIPTION +.B bouncesaying +feeds each new mail message to +.I program +with the given arguments. +If +.I program +exits 0, +.B bouncesaying +prints +.I error +and bounces the message. + +If +.I program +exits 111, +.B bouncesaying +exits 111, +so delivery will be retried later. + +If +.I program +exits anything else +(or does not exist), +.B bouncesaying +exits 0, +so the rest of +.B .qmail +will be processed as usual. + +Note that +it is not safe for +.I program +to fork a child that +reads the message in the background. + +If +.I program +is not supplied, +.B bouncesaying +always bounces the message: + +.EX + |bouncesaying 'This address no longer accepts mail.' +.EE + +.B WARNING: +If you create a +.B .qmail +file to enable +.BR bouncesaying , +make sure to also add a line specifying delivery to your normal mailbox. +.SH "SEE ALSO" +condredirect(1), +except(1), +dot-qmail(5), +qmail-command(8) diff --git a/man/columnt.1 b/man/columnt.1 new file mode 100644 index 0000000..24eeeef --- /dev/null +++ b/man/columnt.1 @@ -0,0 +1,29 @@ +.TH s/qmail: columnt 1 +.SH NAME +columnt \- align columns in a table +.SH SYNTAX +.B columnt +.SH DESCRIPTION +.B columnt +reads a table of whitespace-separated lines. + +.B columnt +then prints the table, +changing the spacing so that +the first column takes the same amount of space in every line, +the second column takes the same amount of space in every line, +etc. + +In the +.B columnt +output, +all columns except the last are right-justified; +the last column is left-justified. +There are two spaces between adjacent columns. + +.B columnt +needs enough memory to read the entire input. +Other than this, +it has no limits on line length or on the number of columns. +.SH "SEE ALSO" +column(1) diff --git a/man/condredirect.1 b/man/condredirect.1 new file mode 100644 index 0000000..b9418db --- /dev/null +++ b/man/condredirect.1 @@ -0,0 +1,63 @@ +.TH s/qmail: condredirect 1 +.SH NAME +condredirect \- perhaps redirect mail to another address +.SH SYNOPSIS +in +.BR .qmail : +.B |condredirect +.I newaddress +.I program +[ +.I arg ... +] +.SH DESCRIPTION +.B condredirect +feeds each new mail message to +.I program +with the given arguments. +If +.I program +exits 0, +.B condredirect +forwards the mail message to +.IR newaddress , +and then exits 99, +so further commands in +.B .qmail +are ignored. + +If +.I program +exits 111, +.B condredirect +exits 111, +so delivery will be retried later. + +If +.I program +exits anything else +(or does not exist), +.B condredirect +exits 0, +so the rest of +.B .qmail +will be processed as usual. + +Note that +it is not safe for +.I program +to fork a child that +reads the message in the background. + +.B WARNING: +If you create a +.B .qmail +file to enable +.BR condredirect , +make sure to also add a line specifying delivery to your normal mailbox. +.SH "SEE ALSO" +bouncesaying(1), +except(1), +dot-qmail(5), +qmail-command(8), +qmail-queue(8) diff --git a/man/datetime.3 b/man/datetime.3 new file mode 100644 index 0000000..f62c02d --- /dev/null +++ b/man/datetime.3 @@ -0,0 +1,73 @@ +.TH s/qmail: datetime 3 +.SH NAME +datetime \- convert between TAI labels and seconds +.SH SYNTAX +.B #include + +void \fBdatetime_tai\fP(&\fIdt\fR,\fIt\fR); + +datetime_sec \fBdatetime_untai\fP(&\fIdt\fR); + +struct datetime \fIdt\fR; +.br +datetime_sec \fIt\fR; +.SH DESCRIPTION +International Atomic Time, TAI, +is the fundamental unit for time measurements. +TAI has one label for every second of real time, +without complications such as leap seconds. + +A +struct datetime +variable, +such as +.IR dt , +stores a TAI label. +.I dt\fB.year +is the year number minus 1900; +.I dt\fB.mon +is the month number, from 0 (January) through 11 (December); +.I dt\fB.mday +is the day of the month, from 1 through 31; +.I dt\fB.hour +is the hour, from 0 through 23; +.I dt\fB.min +is the minute, from 0 through 59; +.I dt\fB.sec +is the second, from 0 through 59; +.I dt\fB.wday +is the day of the week, from 0 (Sunday) through 6 (Saturday); +.I dt\fB.yday +is the day of the year, from 0 through 365. + +The +.B datetime +library supports more convenient TAI manipulation with +the datetime_sec type. +A datetime_sec value, such as +.IR t , +is an integer referring to the +.IR t th +second after the beginning of 1970 TAI. +The first second of 1970 TAI was 0; +the next second was 1; +the last second of 1969 TAI was -1. +The difference between two datetime_sec values is a number +of real-time seconds. + +.B datetime_tai +converts a datetime_sec to a TAI label. + +.B datetime_untai +reads a TAI label +(specifically +.IR dt\fB.year , +.IR dt\fB.mon , +.IR dt\fB.mday , +.IR dt\fB.hour , +.IR dt\fB.min , +and +.IR dt\fB.sec ) +and returns a datetime_sec. +.SH "SEE ALSO" +now(3) diff --git a/man/dnscname.8 b/man/dnscname.8 new file mode 100644 index 0000000..7fd3889 --- /dev/null +++ b/man/dnscname.8 @@ -0,0 +1,35 @@ +.TH s/qmail: dnscname 8 +.SH NAME +dnscname +.SH SYNOPSIS +.B dnscname +.I fqdn +.SH DESCRIPTION +.B dnscame +takes the given +.I fqdn +for a host and employs an one-stage +.I CNAME +DNS lookup for +.IR fqdn . +The retrieved DNS name could instead be an alias, +rather than a \fIcanonical name\fR. +Use +.B dnsfq +to evaluate the entire +.I CNAME +chain. +.SH "EXIT CODES" +.B dnscname +return +.I 0 +on success, +.I 1 +in case no CNAME was found, and +.I 111 +in case of memory errors. +.SH "SEE ALSO" +dnsfq(8), +dnsmxip(8), +dnsptr(8), +dnstxt(8). diff --git a/man/dnsfq.8 b/man/dnsfq.8 new file mode 100644 index 0000000..4773fcb --- /dev/null +++ b/man/dnsfq.8 @@ -0,0 +1,34 @@ +.TH s/qmail: dnsfq 8 +.SH NAME +dnsfq +.SH SYNOPSIS +.B dnsfq +.I fqdn +.SH DESCRIPTION +.B fqdns +takes the given +.I fqdn +for a host and employs a +.I CNAME +DNS lookup while finally retrieving the +.I AAAA +and +.I A +record following the chain of potential alias names. +On output, the entire chain of nested DNS information +is displayed together with the retrieved IP(v4|v6) +addresses. +.SH "EXIT CODES" +.B dnsfq +returns +.I 0 +on success, +.I 1 +if DNS query errors did occure, and +.I 111 +in case of memory errors. +.SH "SEE ALSO" +dnscname(8), +dnsmxip(8), +dnsptr(8), +dnstxt(8). diff --git a/man/dnsip.8 b/man/dnsip.8 new file mode 100644 index 0000000..eaa9930 --- /dev/null +++ b/man/dnsip.8 @@ -0,0 +1,31 @@ +.TH s/qmail: dnsip 8 +.SH NAME +dnsip +.SH SYNOPSIS +.B dnsip +.I fqdn . +.SH DESCRIPTION +.B dnsip +does a DNS +.I AAAA +and +.I A +lookup and displays the retrieved +.I IPv6 +and +.I IPv4 +addresses on one line for the given +.IR fqdn . +.SH "EXIT CODES" +.B dnsip +always returns +.I 0 +except of +.I 111 +in case of memory errors. +.SH "SEE ALSO" +dnscname(8), +dnsmxip(8), +dnsfq(8), +dnsptr(8), +dnstxt(8). diff --git a/man/dnsmxip.8 b/man/dnsmxip.8 new file mode 100644 index 0000000..cc3250d --- /dev/null +++ b/man/dnsmxip.8 @@ -0,0 +1,42 @@ +.TH s/qmail: dnsmxip 8 +.SH NAME +dnsmxip +.SH SYNOPSIS +.B dnsmxip +.I fqdn +.SH DESCRIPTION +.B dnsmxip +takes the given +.I fqdn +as domain name and employs a +.I MX +lookup for +.I fqdn +while evaluating for the retrieved MX host(s) the respective +.I AAAA +and +.I A +address(es). + +On output, for each MX +.I host +its provided +.I weight +and the respective +.I AAAA +and +.I A +addresses (in perenthesis) are displayed on separate lines. +.SH "EXIT CODES" +.B dnsmxip +returns +.I 0 +and eventually +.I 1 +in case of DNS query errors. +.SH "SEE ALSO" +dnscname(8), +dnsip(8), +dnsfq(8), +dnsptr(8), +dnstxt(8). diff --git a/man/dnsptr.8 b/man/dnsptr.8 new file mode 100644 index 0000000..c3df614 --- /dev/null +++ b/man/dnsptr.8 @@ -0,0 +1,27 @@ +.TH s/qmail: dnsptr 8 +.SH NAME +dnsptr +.SH SYNOPSIS +.B dnsptr +.I IPv4 +or +.IR IPv6 . +.SH DESCRIPTION +.B dnsptr +does a DNS +.I PTR +lookup and displays the retrieved +.IR fqdn . +.SH "EXIT CODES" +.B dnsptr +always returns +.I 0 +except for wrong IP address +formats while returning +.IR 100 . +.SH "SEE ALSO" +dnscname(8), +dnsmxip(8), +dnsfq(8), +dnsip(8), +dnstxt(8). diff --git a/man/dnstlsa.8 b/man/dnstlsa.8 new file mode 100644 index 0000000..879ed39 --- /dev/null +++ b/man/dnstlsa.8 @@ -0,0 +1,51 @@ +.TH s/qmail: dnstlsa 8 +.SH NAME +dnstlsa +.SH SYNOPSIS +.B dnstlsa +.I [-v] [-p port] [-u(dp)|-t(cp)] fqdn +.SH DESCRIPTION +.B dnstlsa +uses the +.I fqdn +for a host employing a +DNS query for a synthesized hostname given as +.I _port._[tcp|udp].fqdn +while doing an initial CNAME resolution +followed by a TLSA query +and displays the result(s). +If +.I -p\ port +is missing +.I port\ 25 +is assumed. +If either +.I -u +or +.I -t +is omitted, +.I tcp +is used. +Each entry is shown on one line, telling +.IR Usage , +.IR Selector , +.IR Matching\ Type +together with the hex-encoded fingerprint or certificate. + +In verbose mode +.I -v +the synthezised record is displayed as well. +.SH "EXIT CODES" +.B dnstlsa +returns +.I 0 +on success, +.I 1 +for DNS query errors, and +.I 111 +in case of memory errors. +.SH "SEE ALSO" +dnstxt(8), +dnsfq(8), +dnsmxip(8), +dnsptr(8). diff --git a/man/dnstxt.8 b/man/dnstxt.8 new file mode 100644 index 0000000..933f06f --- /dev/null +++ b/man/dnstxt.8 @@ -0,0 +1,29 @@ +.TH s/qmail: dnstxt 8 +.SH NAME +dnstxt +.SH SYNOPSIS +.B dnstxt +.I fqdn +.SH DESCRIPTION +.B dnstxt +takes the given +.I fqdn +for a host employing a +.I TXT +DNS lookup for +.I fqdn +and displays the result(s). +.SH "EXIT CODES" +.B dnstxt +returns +.I 0 +on success, +.I 1 +for DNS query errors, and +.I 111 +in case of memory errors. +.SH "SEE ALSO" +dnscname(8), +dnsfq(8), +dnsmxip(8), +dnsptr(8). diff --git a/man/dot-qmail.9 b/man/dot-qmail.9 new file mode 100644 index 0000000..f01f24e --- /dev/null +++ b/man/dot-qmail.9 @@ -0,0 +1,396 @@ +.TH s/qmail: dot-qmail 5 +.SH NAME +dot-qmail \- control the delivery of mail messages +.SH DESCRIPTION +Normally the +.B qmail-local +program delivers each incoming message to your system mailbox, +.IR homedir\fB/Mailbox , +where +.I homedir +is your home directory. + +It can instead +write the mail to a different file or directory, +forward it to another address, +distribute it to a mailing list, +or even execute programs, +all under your control. +.SH "THE QMAIL FILE" +To change +.BR qmail-local 's +behavior, set up a +.B .qmail +file in your home directory. + +.B .qmail +contains one or more lines. +Each line is a delivery instruction. +.B qmail-local +follows each instruction in turn. +There are five types of delivery instructions: +(1) comment; (2) program; (3) forward; (4) mbox; (5) maildir. +.TP 5 +(1) +A comment line begins with a number sign: + +.EX + # this is a comment +.EE + +.B qmail-local +ignores the line. +.TP 5 +(2) +A program line begins with a vertical bar: + +.EX + |preline /usr/ucb/vacation djb +.EE + +.B qmail-local +takes the rest of the line as a command to supply to +.BR sh . +See +.B qmail-command(8) +for further information. +.TP 5 +(3) +A forward line begins with an ampersand: + +.EX + &me@new.job.com +.EE + +.B qmail-local +takes the rest of the line as a mail address; +it uses +.B qmail-queue +to forward the message to that address. +The address must contain a fully qualified domain name; +it must not contain extra spaces, angle brackets, or comments: + +.EX + # the following examples are WRONG +.br + &me@new +.br + & +.br + & me@new.job.com +.br + &me@new.job.com (New Address) +.EE + +If the address begins with a letter or number, +you may leave out the ampersand: + +.EX + me@new.job.com +.EE + +Note that +.B qmail-local +omits its new +.B Return-Path +line when forwarding messages. +.TP 5 +(4) +An +.I mbox +line begins with a slash or dot, +and does not end with a slash: + +.EX + /home/djb/Mailbox.sos +.EE + +.B qmail-local +takes the entire line as a filename. +It appends the mail message to that file, +using +.BR flock -style +file locking if possible. +.B qmail-local +stores the mail message in +.I mbox +format, as described in +.BR mbox(5) . + +.B WARNING: +On many systems, +anyone who can read a file can +.B flock +it, and thus hold up +.BR qmail-local 's +delivery forever. +Do not deliver mail to a publicly accessible file! + +If +.B qmail-local +is able to lock the file, but has trouble writing to it +(because, for example, the disk is full), +it will truncate the file back to its original length. +However, it cannot prevent mailbox corruption if the system +crashes during delivery. +.TP 5 +(5) +A +.I maildir +line begins with a slash or dot, +and ends with a slash: + +.EX + /home/djb/Maildir/ +.EE + +.B qmail-local +takes the entire line as the name of a directory in +.I maildir +format. +It reliably stores the incoming message in that directory. +See +.B maildir(5) +for more details. +.PP +If +.B .qmail +has the execute bit set, +it must not contain any +program lines, +.I mbox +lines, +or +.I maildir +lines. +If +.B qmail-local +sees any such lines, +it will stop and indicate a temporary failure. + +If +.B .qmail +is completely empty (0 bytes long), or does not exist, +.B qmail-local +follows the +.I defaultdelivery +instructions set by your system administrator; +normally +.I defaultdelivery +is +.BR ./Mailbox , +so +.B qmail-local +appends the mail message to +.B Mailbox +in +.I mbox +format. + +.B .qmail +may contain extra spaces and tabs at the end of a line. +Blank lines are allowed, but not for the first line of +.BR .qmail . + +If +.B .qmail +is world-writable or group-writable, +.B qmail-local +stops and indicates a temporary failure. +.SH "SAFE QMAIL EDITING" +Incoming messages can arrive at any moment. +If you want to safely edit your +.B .qmail +file, first set the sticky bit on your home directory: + +.EX + chmod +t $HOME +.EE + +.B qmail-local +will temporarily defer delivery of any message to you +if your home directory is sticky +(or group-writable or other-writable, +which should never happen). +Make sure to + +.EX + chmod -t $HOME +.EE + +when you are done! +It's a good idea to test your new +.B .qmail +file as follows: + +.EX + qmail-local -n $USER ~ $USER '' '' '' '' ./Mailbox +.EE + +.SH "EXTENSION ADDRESSES" +In the +.B qmail +system, +you control all local addresses of the form +.IR user\fBBREAK\fIanything , +as well as the address +.I user +itself, +where +.I user +is your account name. +Delivery to +.I user\fBBREAK\fIanything +is controlled by the file +.IR homedir/\fB.qmail\-\fIanything . +(These rules may be changed by the system administrator; +see +.BR qmail-users (5).) + +The +.B alias +user controls all other addresses. +Delivery to +.I local +is controlled by the file +.IR homedir/\fB.qmail\-\fIlocal , +where +.I homedir +is +.BR alias 's +home directory. + +In the following description, +.B qmail-local +is handling a message addressed to +.IR local@domain , +where +.I local +is controlled by +.BR .qmail\-\fIext . +Here is what it does. + +If +.B .qmail\-\fIext +is completely empty, +.B qmail-local +follows the +.I defaultdelivery +instructions set by your system administrator. + +If +.B .qmail\-\fIext +doesn't exist, +.B qmail-local +will try some default +.B .qmail +files. +For example, +if +.I ext +is +.BR foo-bar , +.B qmail-local +will try first +.BR .qmail-foo-bar , +then +.BR .qmail-foo-default , +and finally +.BR .qmail-default . +If none of these exist, +.B qmail-local +will bounce the message. +(Exception: for the basic +.I user +address, +.B qmail-local +treats a nonexistent +.B .qmail +the same as an empty +.BR .qmail .) + +.B WARNING: +For security, +.B qmail-local +replaces any dots in +.I ext +with colons before checking +.BR .qmail\-\fIext . +For convenience, +.B qmail-local +converts any uppercase letters in +.I ext +to lowercase. + +When +.B qmail-local +forwards a message as instructed in +.B .qmail\-\fIext +(or +.BR .qmail-default ), +it checks whether +.B .qmail\-\fIext\fB-owner\fP +exists. +If so, +it uses +.I local\fB-owner@\fIdomain +as the envelope sender for the forwarded message. +Otherwise it retains the envelope sender of the original message. +Exception: +.B qmail-local +always retains the original envelope sender +if it is the empty address or +.BR #@[] , +i.e., if this is a bounce message. + +.B qmail-local +also supports +.B variable envelope return paths +(VERPs): +if +.B .qmail\-\fIext\fB-owner\fP +and +.B .qmail\-\fIext\fB-owner-default\fP +both exist, it uses +.I local\fB\-owner\-@\fIdomain\fB-@[] +as the envelope sender. +This will cause a recipient +.I recip\fB@\fIreciphost +to see an envelope sender of +.IR local\fB\-owner\-\fIrecip\fB=\fIreciphost\fB@\fIdomain . +.SH "ERROR HANDLING" +If a delivery instruction fails, +.B qmail-local +stops immediately and reports failure. +.B qmail-local +handles forwarding after all other instructions, +so any error in another type of delivery will prevent all forwarding. + +If a program returns exit code 99, +.B qmail-local +ignores all succeeding lines in +.BR .qmail , +but it still pays attention to previous forward lines. + +To set up independent instructions, +where a temporary or permanent failure in one instruction +does not affect the others, +move each instruction into a separate +.B .qmail\-\fIext +file, and set up a central +.B .qmail +file that forwards to all of the +.BR .qmail\-\fIext s. +Note that +.B qmail-local +can handle any number of forward lines simultaneously. + +.SH "SEE ALSO" +envelopes(5), +maildir(5), +mbox(5), +qmail-users(5), +qmail-local(8), +qmail-command(8), +qmail-queue(8), +qmail-lspawn(8) diff --git a/man/envelopes.5 b/man/envelopes.5 new file mode 100644 index 0000000..9f06ed7 --- /dev/null +++ b/man/envelopes.5 @@ -0,0 +1,231 @@ +.TH s/qmail: envelopes 5 +.SH "NAME" +envelopes \- sender/recipient lists attached to messages +.SH "INTRODUCTION" +Electronic mail messages are delivered in +.IR envelopes . + +An envelope lists a +.I sender +and one or more +.IR recipients . +Usually these +envelope addresses are the same +as the addresses listed in the message header: + +.EX + (envelope) from djb to root +.br + From: djb +.br + To: root +.EE + +In more complicated situations, though, +the envelope addresses may differ from the header addresses. +.SH "ENVELOPE EXAMPLES" +When a message is delivered to +several people at different locations, +it is first photocopied +and placed into several envelopes: + +.EX + (envelope) from djb to root +.br + From: djb Copy #1 of message +.br + To: root, god@brl.mil +.EE + +.EX + (envelope) from djb to god@brl.mil +.br + From: djb Copy #2 of message +.br + To: root, god@brl.mil +.EE + +When a message is delivered +to several people at the same location, +the sender doesn't have to photocopy it. +He can instead stuff it into +one envelope with several addresses; +the recipients will make the photocopy: + +.EX + (envelope) from djb to god@brl.mil, angel@brl.mil +.br + From: djb +.br + To: god@brl.mil, angel@brl.mil, joe, frde +.EE + +Bounced mail is sent back to the envelope sender address. +The bounced mail doesn't list an envelope sender, +so bounce loops are impossible: + +.EX + (envelope) from <> to djb +.br + From: MAILER-DAEMON +.br + To: djb +.br + Subject: unknown user frde +.EE + +The recipient of a message may make another copy +and forward it in a new envelope: + +.EX + (envelope) from djb to joe +.br + From: djb Original message +.br + To: joe +.EE + +.EX + (envelope) from joe to fred +.br + From: djb Forwarded message +.br + To: joe +.EE + +A mailing list works almost the same way: + +.EX + (envelope) from djb to sos-list +.br + From: djb Original message +.br + To: sos-list +.EE + +.EX + (envelope) from sos-owner to god@brl.mil +.br + From: djb Forwarded message +.br + To: sos-list to recipient #1 +.EE + +.EX + (envelope) from sos-owner to frde +.br + From: djb Forwarded message +.br + To: sos-list to recipient #2 +.EE + +Notice that the mailing list is set up +to replace the envelope sender with something new, +.BR sos-owner . +So bounces will come back to +.BR sos-owner : + +.EX + (envelope) from <> to sos-owner +.br + From: MAILER-DAEMON +.br + To: sos-owner +.br + Subject: unknown user frde +.EE + +It's a good idea to set up an extra address, +.BR sos-owner , +like this: +the original envelope sender (\fBdjb\fP) +has no way to fix bad +.B sos-list +addresses, +and of course bounces must not be sent to +.B sos-list +itself. +.SH "HOW ENVELOPE ADDRESSES ARE STORED" +Envelope sender and envelope recipient addresses +are transmitted and recorded in several ways. + +When a user injects mail through +.BR qmail-inject , +he can supply a +.B Return-Path +line or a +.B \-f +option for the envelope sender; +by default the envelope sender is his login name. +The envelope recipient addresses can be taken +from the command line or from various header fields, +depending on the options to +.BR qmail-inject . +Similar comments apply to +.BR sendmail . + +When a message is transferred from one machine to another through SMTP, +the envelope sender is given in a +.B MAIL FROM +command, +the envelope recipients are given in +.B RCPT TO +commands, +and the message is supplied separately by a +.B DATA +command. + +When a message is delivered by +.B qmail +to a single local recipient, +.B qmail-local +records the recipient in +.B Delivered-To +and the envelope sender in +.BR Return-Path . +It uses +.B Delivered-To +to detect mail forwarding loops. + +.B sendmail +normally records the envelope sender in +.BR Return-Path . +It does not record envelope recipient addresses, +on the theory that they are redundant: +you received the mail, +so you must have been one of the envelope recipients. + +Note that, +if the header doesn't have any recipient addresses, +.B sendmail +will move envelope recipient addresses back into the header. +This situation occurs if all addresses were originally listed as +.BR Bcc , +since +.B Bcc +is automatically removed. +When +.B sendmail +sees this, it creates a new +.B Apparently-To +header field with the envelope recipient addresses. +This has the strange effect that each blind-carbon-copy recipient will see +a list of all recipients on the same machine. + +When a message is stored in +.B mbox +format, +the envelope sender is recorded at the top of the message +as a UUCP-style +.B From +(no colon) line. +Note that this line is less reliable than the +.B Return-Path +line added by +.B qmail-local +or +.B sendmail\fP. +.SH "SEE ALSO" +qmail-header(5), +qmail-local(8), +qmail-inject(8) diff --git a/man/except.1 b/man/except.1 new file mode 100644 index 0000000..336bc1a --- /dev/null +++ b/man/except.1 @@ -0,0 +1,33 @@ +.TH s/qmail: except 1 +.SH NAME +except \- reverse the exit code of a program +.SH SYNOPSIS +.B except +.I program +[ +.I arg ... +] +.SH DESCRIPTION +.B except +runs +.I program +with the given arguments. + +If +.I program +exits 0, +.B except +exits 100. +If +.I program +exits 111, +.B except +exits 111. +If +.I program +exits anything else, +.B except +exits 0. +.SH "SEE ALSO" +bouncesaying(1), +condredirect(1) diff --git a/man/fastforward.1 b/man/fastforward.1 new file mode 100644 index 0000000..d56e7dc --- /dev/null +++ b/man/fastforward.1 @@ -0,0 +1,123 @@ +.TH s/qmail: fastforward 1 +.SH NAME +fastforward \- forward mail according to a cdb database +.SH SYNOPSIS +in +.BR .qmail-default : +.B | fastforward +[ +.B \-nNpPdD +] +.I cdb +.SH DESCRIPTION +.B fastforward +forwards each incoming message +according to instructions in +.I cdb +created by +.BR setforward . + +If there is no forwarding instruction in +.I cdb +for the incoming recipient address, +.B fastforward +will bounce the message. + +You can override +.B .qmail-default +with a specific +.BR .qmail-\fIrecipient ; +see +.BR dot-qmail (5). + +Warning to system administrators: +Messages do not reach +.B ~alias/.qmail-default +unless they are controlled by the +.B alias +user. +See +.BR qmail-getpw (8). + +.B SECURITY WARNING: +If +.I cdb +includes instructions pointing to a mailing list owned by another user, +that user gains some amount of control over +.BR fastforward 's +behavior. +In particular, he can force +.B fastforward +to open any file that you can access, +and to read any world-readable file that you own, +even if the file is in a world-inaccessible directory. +.SH "OPTIONS" +.TP 5 +.B \-n +No delivery. +.B fastforward +will print a description of its actions, +but will not actually read or forward a message. +.TP +.B \-N +(Default.) +Forward a message as usual. +.TP +.B \-p +Pass through. +If +.B fastforward +does not find the recipient in +.IR cdb , +it exits 0, +giving the message to further commands in +.BR .qmail-default . +If +.B fastforward +finds the recipient, +it forwards the message and exits 99, +so that further commands are skipped. +.TP +.B \-P +(Default.) +Do not pass through. +If +.B fastforward +finds the recipient, +it forwards the message and exits 0. +Otherwise it bounces the message. +.TP +.B \-d +Use +.B $DEFAULT@$HOST +as the recipient address, or +.B $EXT@$HOST +if +.B $DEFAULT +is not set. +.TP +.B \-D +(Default.) +Use +.B $RECIPIENT +as the recipient address. +.SH VERSION +The original +.B fastforward +verion is 0.51, and the respective +.B fastforward +home page is +.BR http://pobox.com/~djb/fastforward.html . +However, this version is tightly integrated into +.BR s/qmail . + +.SH "SEE ALSO" +newaliases(1), +printforward(1), +setforward(1), +dot-qmail(5), +qmail-command(8), +qmail-local(8), +qmail-recpients(8), +qmail-authuser(8), +qmail-getpw(8) diff --git a/man/forgeries.7 b/man/forgeries.7 new file mode 100644 index 0000000..85cc947 --- /dev/null +++ b/man/forgeries.7 @@ -0,0 +1,104 @@ +.TH s/qmail: forgeries 7 +.SH "NAME" +forgeries \- how easy it is to forge mail +.SH "SUMMARY" +An electronic mail message can easily be forged. +Almost everything in it, +including the return address, +is completely under the control of the sender. + +An electronic mail message can be manually traced to its origin +if (1) all system administrators of intermediate machines +are both cooperative and competent, +(2) the sender did not break low-level TCP/IP security, +and +(3) all intermediate machines are secure. + +Users of +.I cryptography +can automatically ensure the integrity and secrecy +of their mail messages, as long as +the sending and receiving machines are secure. +.SH "FORGERIES" +Like postal mail, +electronic mail can be created entirely at the whim of the sender. +.BR From , +.BR Sender , +.BR Return-Path , +and +.BR Message-ID +can all contain whatever information the sender wants. + +For example, if you inject a message through +.B sendmail +or +.B qmail-inject +or +.BR SMTP , +you can simply type in a +.B From +field. +In fact, +.B qmail-inject +lets you set up +.BR MAILUSER , +.BR MAILHOST , +and +.B MAILNAME +environment variables +to produce your desired +.B From +field on every message. +.SH "TRACING FORGERIES" +Like postal mail, +electronic mail is postmarked when it is sent. +Each machine that receives an electronic mail message +adds a +.B Received +line to the top. + +A modern +.B Received +line contains quite a bit of information. +In conjunction with the machine's logs, +it lets a competent system administrator +determine where the machine received the message from, +as long as the sender did not break low-level TCP/IP security +or security on that machine. + +Large multi-user machines often come with inadequate logging software. +Fortunately, a system administrator can easily obtain a copy of a +931/1413/Ident/TAP server, such as +.BR pidentd . +Unfortunately, +some system administrators fail to do this, +and are thus unable to figure out which local user +was responsible for generating a message. + +If all intermediate system administrators are competent, +and the sender did not break machine security or low-level TCP/IP security, +it is possible to trace a message backwards. +Unfortunately, some traces are stymied by intermediate system +administrators who are uncooperative or untrustworthy. +.SH "CRYPTOGRAPHY" +The sender of a mail message may place his message into a +.I cryptographic +envelope stamped with his seal. +Strong cryptography guarantees that any two messages with the same seal +were sent by the same cryptographic entity: +perhaps a single person, perhaps a group of cooperating people, +but in any case somebody who knows a secret originally held +only by the creator of the seal. +The seal is called a +.I public key\fR. + +Unfortunately, the creator of the seal is often an insecure machine, +or an untrustworthy central agency, +but most of the time seals are kept secure. + +One popular cryptographic program is +.BR pgp . +.SH "SEE ALSO" +pgp(1), +identd(8), +qmail-header(8) diff --git a/man/forward.1 b/man/forward.1 new file mode 100644 index 0000000..76d56e7 --- /dev/null +++ b/man/forward.1 @@ -0,0 +1,24 @@ +.TH s/qmail: forward 1 +.SH NAME +forward \- forward new mail to one or more addresses +.SH SYNOPSIS +in +.BR .qmail : +.B |forward +.I address ... +.SH DESCRIPTION +.B forward +forwards each new mail message to the specified list of addresses. +It is a simple wrapper around +.BR qmail-queue . +It achieves the same results as listing each +.I address +separately in +.BR .qmail , +but it is more programmable since +.I address +can be constructed on the fly. +.SH "SEE ALSO" +dot-qmail(5), +qmail-command(8), +qmail-queue(8) diff --git a/man/hostname.8 b/man/hostname.8 new file mode 100644 index 0000000..9276f1e --- /dev/null +++ b/man/hostname.8 @@ -0,0 +1,14 @@ +.TH s/qmail: hostname 8 + +.SH NAME +hostname +.SH SYNOPSIS +.B hostname +.SH DESCRIPTION +.B hostname +evaluates from the system its +.I hostname +employing a DNS lookup while erhaps including the domain +and displays it as \fIFull Qualified Domain Name\fR (\fBFQDN\fR). +.SH "SEE ALSO" +ipmeprint(8). diff --git a/man/ipmeprint.8 b/man/ipmeprint.8 new file mode 100644 index 0000000..473d83e --- /dev/null +++ b/man/ipmeprint.8 @@ -0,0 +1,15 @@ +.TH s/qmail: ipmeprint 8 + +.SH NAME +ipmeprint +.SH SYNOPSIS +.B ipmeprint +.SH DESCRIPTION +.B ipmeprints +reads the kernel's bindings to +.I IPv4 +and +.IP IPv6 +addresses and displays those one per line. +.SH "SEE ALSO" +hostname(9). diff --git a/man/maildir.5 b/man/maildir.5 new file mode 100644 index 0000000..49b2b23 --- /dev/null +++ b/man/maildir.5 @@ -0,0 +1,239 @@ +.TH s/qmail: maildir 5 +.SH "NAME" +maildir \- directory for incoming mail messages +.SH "INTRODUCTION" +.I maildir +is a structure for +directories of incoming mail messages. +It solves the reliability problems that plague +.I mbox +files and +.I mh +folders. +.SH "RELIABILITY ISSUES" +A machine may crash while it is delivering a message. +For both +.I mbox +files and +.I mh +folders this means that the message will be silently truncated. +Even worse: for +.I mbox +format, if the message is truncated in the middle of a line, +it will be silently joined to the next message. +The mail transport agent will try again later to deliver the message, +but it is unacceptable that a corrupted message should show up at all. +In +.IR maildir , +every message is guaranteed complete upon delivery. + +A machine may have two programs simultaneously delivering mail +to the same user. +The +.I mbox +and +.I mh +formats require the programs to update a single central file. +If the programs do not use some locking mechanism, +the central file will be corrupted. +There are several +.I mbox +and +.I mh +locking mechanisms, +none of which work portably and reliably. +In contrast, in +.IR maildir , +no locks are ever necessary. +Different delivery processes never touch the same file. + +A user may try to delete messages from his mailbox at the same +moment that the machine delivers a new message. +For +.I mbox +and +.I mh +formats, the user's mail-reading program must know +what locking mechanism the mail-delivery programs use. +In contrast, in +.IR maildir , +any delivered message +can be safely updated or deleted by a mail-reading program. + +Many sites use Sun's +.B Network F\fPa\fBil\fPur\fBe System +(NFS), +presumably because the operating system vendor does not offer +anything else. +NFS exacerbates all of the above problems. +Some NFS implementations don't provide +.B any +reliable locking mechanism. +With +.I mbox +and +.I mh +formats, +if two machines deliver mail to the same user, +or if a user reads mail anywhere except the delivery machine, +the user's mail is at risk. +.I maildir +works without trouble over NFS. +.SH "THE MAILDIR STRUCTURE" +A directory in +.I maildir +format has three subdirectories, +all on the same filesystem: +.BR tmp , +.BR new , +and +.BR cur . + +Each file in +.B new +is a newly delivered mail message. +The modification time of the file is the delivery date of the message. +The message is delivered +.I without +an extra UUCP-style +.B From_ +line, +.I without +any +.B >From +quoting, +and +.I without +an extra blank line at the end. +The message is normally in RFC 822 format, +starting with a +.B Return-Path +line and a +.B Delivered-To +line, +but it could contain arbitrary binary data. +It might not even end with a newline. + +Files in +.B cur +are just like files in +.BR new . +The big difference is that files in +.B cur +are no longer new mail: +they have been seen by the user's mail-reading program. +.SH "HOW A MESSAGE IS DELIVERED" +The +.B tmp +directory is used to ensure reliable delivery, +as discussed here. + +A program delivers a mail message in six steps. +First, it +.B chdir()\fPs +to the +.I maildir +directory. +Second, it +.B stat()s +the name +.BR tmp/\fItime.pid.host , +where +.I time +is the number of seconds since the beginning of 1970 GMT, +.I pid +is the program's process ID, +and +.I host +is the host name. +Third, if +.B stat() +returned anything other than ENOENT, +the program sleeps for two seconds, updates +.IR time , +and tries the +.B stat() +again, a limited number of times. +Fourth, the program +creates +.BR tmp/\fItime.pid.host . +Fifth, the program +.I NFS-writes +the message to the file. +Sixth, the program +.BR link() s +the file to +.BR new/\fItime.pid.host . +At that instant the message has been successfully delivered. + +The delivery program is required to start a 24-hour timer before +creating +.BR tmp/\fItime.pid.host , +and to abort the delivery +if the timer expires. +Upon error, timeout, or normal completion, +the delivery program may attempt to +.B unlink() +.BR tmp/\fItime.pid.host . + +.I NFS-writing +means +(1) as usual, checking the number of bytes returned from each +.B write() +call; +(2) calling +.B fsync() +and checking its return value; +(3) calling +.B close() +and checking its return value. +(Standard NFS implementations handle +.B fsync() +incorrectly +but make up for it by abusing +.BR close() .) +.SH "HOW A MESSAGE IS READ" +A mail reader operates as follows. + +It looks through the +.B new +directory for new messages. +Say there is a new message, +.BR new/\fIunique . +The reader may freely display the contents of +.BR new/\fIunique , +delete +.BR new/\fIunique , +or rename +.B new/\fIunique +as +.BR cur/\fIunique:info . +See +.B http://pobox.com/~djb/proto/maildir.html +for the meaning of +.IR info . + +The reader is also expected to look through the +.B tmp +directory and to clean up any old files found there. +A file in +.B tmp +may be safely removed if it +has not been accessed in 36 hours. + +It is a good idea for readers to skip all filenames in +.B new +and +.B cur +starting with a dot. +Other than this, readers should not attempt to parse filenames. +.SH "ENVIRONMENT VARIABLES" +Mail readers supporting +.I maildir +use the +.B MAILDIR +environment variable +as the name of the user's primary mail directory. +.SH "SEE ALSO" +mbox(5), +qmail-local(8) diff --git a/man/maildir2mbox.1 b/man/maildir2mbox.1 new file mode 100644 index 0000000..c63a6a8 --- /dev/null +++ b/man/maildir2mbox.1 @@ -0,0 +1,53 @@ +.TH s/qmail: maildir2mbox 1 +.SH NAME +maildir2mbox \- move mail from a maildir to an mbox +.SH SYNOPSIS +.B maildir2mbox +.SH DESCRIPTION +.B maildir2mbox +moves mail from a +.IR maildir -format +directory to an +.IR mbox -format +file. + +You must supply three environment variables to +.BR maildir2mbox : +.B MAILDIR +is the name of your +.I maildir +directory; +.B MAIL +is the name of your +.I mbox +file; +and +.B MAILTMP +is a temporary file that +.B maildir2mbox +can overwrite. +.B MAILTMP +and +.B MAIL +must be on the same filesystem. + +.B maildir2mbox +is reliable: +it will not remove messages +from +.B MAILDIR +until the messages have been successfully appended to +.BR MAIL . + +.B maildir2mbox +locks +.B MAIL +to protect against simultaneous access by a mail reader. +This locking system does not protect against simultaneous access +by another +.BR maildir2mbox ; +you should run only one +.B maildir2mbox +at a time. +.SH "SEE ALSO" +maildir(5) diff --git a/man/maildirmake.1 b/man/maildirmake.1 new file mode 100644 index 0000000..875ab50 --- /dev/null +++ b/man/maildirmake.1 @@ -0,0 +1,15 @@ +.TH s/qmail: maildirmake 1 +.SH NAME +maildirmake \- create a maildir for incoming mail +.SH SYNOPSIS +.B maildirmake +.I dir +.SH DESCRIPTION +.B maildirmake +makes a new directory, +.IR dir , +in +.B maildir +format. +.SH "SEE ALSO" +maildir(5) diff --git a/man/maildirwatch.1 b/man/maildirwatch.1 new file mode 100644 index 0000000..c33b17e --- /dev/null +++ b/man/maildirwatch.1 @@ -0,0 +1,23 @@ +.TH s/qmail: maildirwatch 1 +.SH NAME +maildirwatch \- look for new mail in a maildir +.SH SYNOPSIS +.B maildirwatch +.SH DESCRIPTION +.B maildirwatch +watches your +.I maildir +for new mail. +You must supply a +.B MAILDIR +environment variable +with the name of your +.I maildir +directory. + +.B maildirwatch +prints a new mail summary twice per minute. +It is designed to run inside a (VT100-compatible) window; +it clears the window before each summary. +.SH "SEE ALSO" +maildir(5) diff --git a/man/mailsubj.1 b/man/mailsubj.1 new file mode 100644 index 0000000..ed4772d --- /dev/null +++ b/man/mailsubj.1 @@ -0,0 +1,38 @@ +.TH s/qmail: mailsubj 1 +.SH NAME +mailsubj \- send a mail message with a subject line +.SH SYNOPSIS +.B mailsubj +.I subject +.I recip ... +.SH DESCRIPTION +.B mailsubj +inserts +.I subject +and the list of +.IR recip s +into a mail message: + +.EX + Subject: subject +.br + To: recip ... +.br + +.br + body +.EE + +.B mailsubj +reads the body of the message from its standard input. +Then it sends the message. + +Note that +.I subject +and +.I recip +must be quoted properly for the message header. +.SH "SEE ALSO" +addresses(5), +qmail-header(8), +qmail-inject(8) diff --git a/man/matchup.1 b/man/matchup.1 new file mode 100644 index 0000000..1a3fbf0 --- /dev/null +++ b/man/matchup.1 @@ -0,0 +1,111 @@ +.TH s/qmail: matchup 1 +.SH NAME +matchup \- collect information on messages and deliveries +.SH SYNTAX +.B matchup +.SH DESCRIPTION +.B matchup +reads a series of lines from +.BR qmail-send , +with a numeric timestamp in front of each line. +.B matchup +matches the end of each delivery attempt with the start of the delivery attempt +and with the relevant message information; +it replaces +.BR qmail-send 's +message reports and delivery reports +with message lines and delivery lines in the format described below. + +.B matchup +exits after it sees end of file. +It prints pending messages and deliveries on descriptor 5, +in a format suitable for input to a future invocation of +.BR matchup : + +.EX + out.1 5>pending.2 +.br + cat pending.2 log.2 | matchup >out.2 5>pending.3 +.br + cat pending.3 log.3 | matchup >out.3 5>pending.4 +.EE + +Note that the 5> notation does not work with csh. +.SH "MESSAGE LINES" +A message line summarizes the delivery results for a message +that has left the queue: + +.EX + m \fIbirth\fR \fIdone\fR \fIbytes\fR \fInk\fR \fInz\fR \fInd\fR <\fIsender\fR> \fIqp\fR \fIuid\fR +.EE + +Here +.I birth +and +.I done +are timestamps, +.I bytes +is the number of bytes in the message, +.I nk +is the number of successful deliveries, +.I nz +is the number of deferred delivery attempts, +.I nd +is the number of failed delivery attempts, +.I sender +is the message's return path, +.I qp +is the message's long-term queue identifier, +and +.I uid +is the userid of the user that queued the message. + +Note that +.B matchup +converts +.I sender +to lowercase. +This can lose information, +since a few hosts pay attention to the case in the box part of an address. +.SH "DELIVERY LINES" +A delivery line shows the result of a single delivery attempt: + +.EX + d \fIresult\fR \fIbirth\fR \fIdstart\fR \fIddone\fR \fIbytes\fR +.br + <\fIsender\fR> \fIchan\fR.\fIrecip\fR \fIqp\fR \fIuid\fR \fIreason\fR +.EE + +Here +.IR birth , +.IR bytes , +.IR sender , +.IR qp , +and +.I uid +are message information as above; +.I chan +is the channel for this delivery; +.I recip +is the recipient address for this delivery; +.I dstart +and +.I ddone +are timestamps; +.I result +is the letter k for success, z for deferral, d for failure; +and +.I reason +is a more detailed explanation of the delivery result. + +.B matchup +converts +.I recip +to lowercase. +.SH "SEE ALSO" +xqp(1), +xrecipient(1), +xsender(1), +accustamp(1), +qmail-log(5), +splogger(8) diff --git a/man/mbox.5 b/man/mbox.5 new file mode 100644 index 0000000..e9860e4 --- /dev/null +++ b/man/mbox.5 @@ -0,0 +1,235 @@ +.TH s/qmail: mbox 5 +.SH "NAME" +mbox \- file containing mail messages +.SH "INTRODUCTION" +The most common format for storage of mail messages is +.I mbox +format. +An +.I mbox +is a single file containing zero or more mail messages. +.SH "MESSAGE FORMAT" +A message encoded in +.I mbox +format begins with a +.B From_ +line, continues with a series of +.B \fRnon-\fBFrom_ +lines, +and ends with a blank line. +A +.B From_ +line means any line that begins with the characters +F, r, o, m, space: + +.EX + From god@heaven.af.mil Sat Jan 3 01:05:34 1996 +.br + Return-Path: +.br + Delivered-To: djb@silverton.berkeley.edu +.br + Date: 3 Jan 1996 01:05:34 -0000 +.br + From: God +.br + To: djb@silverton.berkeley.edu (D. J. Bernstein) +.br + +.br + How's that mail system project coming along? +.br + +.EE + +The final line is a completely blank line (no spaces or tabs). +Notice that blank lines may also appear elsewhere in the message. + +The +.B From_ +line always looks like +.B From +.I envsender +.I date +.IR moreinfo . +.I envsender +is one word, without spaces or tabs; +it is usually the envelope sender of the message. +.I date +is the delivery date of the message. +It always contains exactly 24 characters in +.B asctime +format. +.I moreinfo +is optional; it may contain arbitrary information. + +Between the +.B From_ +line and the blank line is a message in RFC 822 format, +as described in +.BR qmail-header(5) , +subject to +.B >From quoting +as described below. +.SH "HOW A MESSAGE IS DELIVERED" +Here is how a program appends a message to an +.I mbox +file. + +It first creates a +.B From_ +line given the message's envelope sender and the current date. +If the envelope sender is empty (i.e., if this is a bounce message), +the program uses +.B MAILER-DAEMON +instead. +If the envelope sender contains spaces, tabs, or newlines, +the program replaces them with hyphens. + +The program then copies the message, applying +.B >From quoting +to each line. +.B >From quoting +ensures that the resulting lines are not +.B From_ +lines: +the program prepends a +.B > +to any +.B From_ +line, +.B >From_ +line, +.B >>From_ +line, +.B >>>From_ +line, +etc. + +Finally the program appends a blank line to the message. +If the last line of the message was a partial line, +it writes two newlines; +otherwise it writes one. +.SH "HOW A MESSAGE IS READ" +A reader scans through an +.I mbox +file looking for +.B From_ +lines. +Any +.B From_ +line marks the beginning of a message. +The reader should not attempt to take advantage of the fact that every +.B From_ +line (past the beginning of the file) +is preceded by a blank line. + +Once the reader finds a message, +it extracts a (possibly corrupted) envelope sender +and delivery date out of the +.B From_ +line. +It then reads until the next +.B From_ +line or end of file, whichever comes first. +It strips off the final blank line +and +deletes the +quoting of +.B >From_ +lines and +.B >>From_ +lines and so on. +The result is an RFC 822 message. +.SH "COMMON MBOX VARIANTS" +There are many variants of +.I mbox +format. +The variant described above is +.I mboxrd +format, popularized by Rahul Dhesi in June 1995. + +The original +.I mboxo +format quotes only +.B From_ +lines, not +.B >From_ +lines. +As a result it is impossible to tell whether + +.EX + From: djb@silverton.berkeley.edu (D. J. Bernstein) +.br + To: god@heaven.af.mil +.br + +.br + >From now through August I'll be doing beta testing. +.br + Thanks for your interest. +.EE + +was quoted in the original message. +An +.I mboxrd +reader will always strip off the quoting. + +.I mboxcl +format is like +.I mboxo +format, but includes a Content-Length field with the +number of bytes in the message. +.I mboxcl2 +format is like +.I mboxcl +but has no +.B >From +quoting. +These formats are used by SVR4 mailers. +.I mboxcl2 +cannot be read safely by +.I mboxrd +readers. +.SH "UNSPECIFIED DETAILS" +There are many locking mechanisms for +.I mbox +files. +.B qmail-local +always uses +.B flock +on systems that have it, otherwise +.BR lockf . + +The delivery date in a +.B From_ +line does not specify a time zone. +.B qmail-local +always creates the delivery date in GMT +so that +.I mbox +files can be safely transported from one time zone to another. + +If the mtime on a nonempty +.I mbox +file is greater than the atime, +the file has new mail. +If the mtime is smaller than the atime, +the new mail has been read. +If the atime equals the mtime, +there is no way to tell whether the file has new mail, +since +.B qmail-local +takes much less than a second to run. +One solution is for a mail reader to artificially set the +atime to the mtime plus 1. +Then the file has new mail if and only if the atime is +less than or equal to the mtime. + +Some mail readers place +.B Status +fields in each message to indicate which messages have been read. +.SH "SEE ALSO" +maildir(5), +qmail-header(5), +qmail-local(8) diff --git a/man/newaliases.1 b/man/newaliases.1 new file mode 100644 index 0000000..a51ff64 --- /dev/null +++ b/man/newaliases.1 @@ -0,0 +1,366 @@ +.TH s/qmail: newaliases 1 +.SH NAME +newaliases \- create a forwarding database from /etc/aliases +.SH SYNOPSIS +.B newaliases +.SH DESCRIPTION +.B newaliases +reads a table of +sendmail-style +forwarding instructions from +.B /etc/aliases +and converts them into a forwarding database in +.BR /etc/aliases.cdb . +The forwarding database can be used by +.BR fastforward . + +For safety, +.B newaliases +writes the forwarding database to +.B /etc/aliases.tmp +and then moves +.B /etc/aliases.tmp +to +.BR /etc/aliases.cdb . +If there is a problem creating +.BR /etc/aliases.tmp , +.B newaliases +complains and leaves +.B /etc/aliases.cdb +alone. +Deliveries can continue using +.B /etc/aliases.cdb +in the meantime. + +.B newaliases +always creates +.B /etc/aliases.cdb +world-readable. + +.B newaliases +makes no attempt to protect against +simultaneous updates of +.BR /etc/aliases.cdb . +.SH "INSTRUCTION FORMAT" +.B newaliases +imitates +sendmail's +handling of +.BR /etc/aliases . +For example, + +.EX + root: alice, bill +.EE + +says that mail for +.B root +should be forwarded to +.B alice +and +.BR bill . + +.B COMPATIBILITY WARNING: +.B newaliases +does not support file deliveries. +You can use the file delivery mechanism described in +.B dot-qmail(5) +instead. +.SH "SIMPLE ALIASES" +The simplest type of forwarding instruction +is a line of the form + +.EX + alias: recip +.EE + +Any message sent to +.I alias +will be forwarded to the recipient address +.IR recip . +Addresses are compared to +.I alias +without regard to case. + +Forwarding instructions are cumulative. +If +.I recip +is itself an alias, +messages to +.I alias +will be forwarded the same way as +messages to +.IR recip . +For example, with the following instructions, +messages to +.B postmaster@heaven.af.mil +or +.B root@heaven.af.mil +will be delivered to Bob: + +.EX + postmaster@heaven.af.mil: bob@heaven.af.mil +.EE +.br +.EX + root@heaven.af.mil: postmaster@heaven.af.mil +.EE + +.B COMPATIBILITY WARNING: +With +sendmail, +entries in +.B /etc/aliases +can override usernames. +With +.BR s/qmail , +if you install +.B fastforward +in +.BR ~alias/.qmail-default , +it will not see addresses that are controlled by other users. +See +.BR qmail-getpw (8). +To change this, see +.BR qmail-users (5). + +.B COMPATIBILITY WARNING: +Various versions of +sendmail +do various strange things with circular alias definitions. +See +.BR setforward (1) +for details on +.BR fastforward 's +behavior. + +.B COMPATIBILITY WARNING: +If there are several forwarding instructions for a single +.IR alias , +sendmail +will complain; +.B fastforward +will silently use the first instruction. +.SH "WILDCARDS" +.I alias +can have the form +.I user@host.dom +for one user at one host, +.I @host.dom +for all users at one host, or +.I user +for one user at all hosts. + +.B COMPATIBILITY WARNING: +sendmail +supports only +.IR user ; +it does not support per-host aliases. +It accepts +.I user@host.dom +if +.I host.dom +is a local host, +but it then treats it the same way as +.IR user , +applying to all local hosts and virtual domains. +.SH "ADDRESS FORMATS" +Addresses in +.B /etc/aliases +are parsed the same way as addresses in RFC 822 message headers. +Parenthesized comments and bracketed addresses are permitted: + +.EX + root: bob (Bob, the postmaster) + joe: Joe Shmoe +.EE + +Addresses with special characters must be quoted: + +.EX + fred: "spaced out mailbox"@heaven.af.mil +.EE + +Address groups are not permitted, +since colons have a different use in +.BR /etc/aliases . + +Any recipient address without a fully qualified domain name is +fed through the +.BR defaulthost , +.BR defaultdomain , +and +.B plusdomain +mechanisms described in +.BR qmail-header (5). + +.B COMPATIBILITY WARNING: +sendmail's +handling of quotes and backslashes violates RFC 821 and RFC 822, +and is not supported by +.BR newaliases . +The +.B qmail-local +delivery mechanism +lets each user manage several addresses, +so there is no need for a special syntax to get around forwarding. +.SH "MULTIPLE RECIPIENTS" +An instruction may list more than one recipient address: + +.EX + alias: recip1, recip2, recip3 +.EE + +Any message sent to +.I alias +will be forwarded to all of the addresses. + +A forwarding instruction may be split across several lines. +Each line past the first must either (1) begin with space or tab +or (2) be empty: + +.EX + hostmaster: +.EE +.br +.EX + fred, +.EE +.br +.EX + joe +.EE + +.B COMPATIBILITY WARNING: +sendmail +requires the colon to be on the first line +of a multi-line forwarding instruction. +.B newaliases +doesn't care whether the colon is present at all. + +.B COMPATIBILITY WARNING: +sendmail +does not permit blank lines in the middle of continuations. +This has the undesirable effect that a blank line behaves differently +from a line containing a single space. +.SH "COMMENTS" +Any line in +.B /etc/aliases +that begins with # is ignored: + +.EX + # this is a comment +.EE + +A comment may be split across several lines. +Each line past the first must either (1) begin with space or tab +or (2) be empty. + +.B COMPATIBILITY WARNING: +sendmail +does not permit continuations of comment lines. +.SH "PROGRAMS" +If a recipient address does not contain a domain name, +and begins with a vertical bar, +.B newaliases +takes the rest of the address as a program to run: + +.EX + weather: "|weather-server" +.EE + +.B fastforward +will run +.B weather-server +when a message arrives for +.BR weather . + +.B COMPATIBILITY WARNING: +Internet addresses can legitimately start with +a slash or vertical bar. +.B newaliases +treats anything with an unquoted @ as an address. +sendmail appears to have various problems +coping with these addresses, +and with commands that contain @ signs. + +.B COMPATIBILITY WARNING: +.B newaliases +does not allow a vertical bar before double quotes. +.SH "INCLUDE FILES" +A recipient address of the form +.B :include:\fIfile +means ``every address listed in +.IR file .'' +(Actually +.B fastforward +reads +.IR file\fB.bin ; +see +.BR newinclude (1) +for further details.) + +Note that +.I file +is read by +.BR fastforward , +not +.BR newaliases , +so the system administrator does not have to run +.B newaliases +every time +.I file +changes. +.I file +must be world-readable +and accessible to +.BR fastforward . + +.B COMPATIBILITY WARNING: +If an +.B :include: +file is unreadable or nonexistent, +sendmail +skips it; +.B fastforward +defers delivery of the message. + +.B COMPATIBILITY WARNING: +sendmail +does not permit spaces inside the literal text +.BR :include: . +.B newaliases +does. + +.B COMPATIBILITY WARNING: +Versions of +sendmail +before V8 did not strip quotes from +.B :include: +filenames. +.SH "ALIAS OWNERS" +If there is an alias for +.BR owner-\fIlist , +any message forwarded through +.I list +will have its envelope sender set to +.BR owner-\fIlist , +so that bounces go back to +.BR owner-\fIlist . + +.B COMPATIBILITY WARNING: +When an alias includes the same recipient both inside and outside +a mailing list, +.B fastforward +sends the message twice, +once with each envelope sender. +sendmail +sends the message only once; +its choice of envelope sender for that recipient +depends on the phase of the moon. +.SH "SEE ALSO" +fastforward(1), +setforward(1), +newinclude(1), +printforward(1), +dot-qmail(5) diff --git a/man/newinclude.1 b/man/newinclude.1 new file mode 100644 index 0000000..44edb9d --- /dev/null +++ b/man/newinclude.1 @@ -0,0 +1,88 @@ +.TH s/qmail: newinclude 1 +.SH NAME +newinclude \- create a binary mailing list from an :include: file +.SH SYNOPSIS +.B newinclude +.I list +.SH DESCRIPTION +.B newinclude +reads a +sendmail-style +.B :include: +file, +.IR list , +and converts it into a binary format in +.I list\fB.bin +for use by +.BR fastforward . + +.B newinclude +first writes the mailing list to +.IR list\fB.tmp , +and then moves it to +.IR list\fB.bin . +If there is any problem creating +.IR list\fB.tmp , +.B newinclude +leaves +.I list\fB.bin +alone. + +.B newinclude +always creates +.I list\fB.bin +world-readable. + +.B COMPATIBILITY WARNING: +sendmail +reads +.I list +directly; +.B fastforward +needs +.IR list\fB.bin . +sendmail's strategy is a disaster if you save +.I list +to disk at the same moment that +sendmail +reads it; +the list will be truncated at a random spot, +perhaps in the middle of an address. +Furthermore, if the system crashes while you are writing +.IR list , +.I list +could be filled with all sorts of garbage. +.SH "LIST FORMAT" +.I list +may contain any number of lines; +each line may contain any number of addresses +or further +.B :include: +files. +See +.BR newaliases (1) +for details on the address format. +Any line in +.I file +beginning with # is ignored. + +.B COMPATIBILITY WARNING: +.B newinclude +does not support file or program deliveries in +.B :include: +files. +You can use the secure delivery mechanisms described in +.B dot-qmail(5) +instead. + +.B COMPATIBILITY WARNING: +Versions of +sendmail +before V8 did not allow comments in +.B :include: +files. +.SH "SEE ALSO" +fastforward(1), +newaliases(1), +setmaillist(1), +dot-qmail(5) diff --git a/man/preline.1 b/man/preline.1 new file mode 100644 index 0000000..d324ff8 --- /dev/null +++ b/man/preline.1 @@ -0,0 +1,57 @@ +.TH s/qmail: preline 1 +.SH NAME +preline \- prepend lines to message +.SH SYNOPSIS +in +.BR .qmail\fIext : +.B | preline \fIcommand +.SH DESCRIPTION +.B preline +feeds each incoming mail message through +.IR command . +At the top of each message it inserts +a UUCP-style +.B From_ +line, a +.B Return-Path +line, and a +.B Delivered-To +line. + +.B preline +is useful for +.B procmail +and +ELM's +.BR filter , +which +do not understand the +.B qmail-command +environment variables. +.SH OPTIONS +.TP +.B \-d +Do not include the +.B Delivered-To +line. You should use this option when the +recipient of the incoming mail message is actually under remote control, +but was sent here through +.B control/virtualdomains +for manual routing. +.TP +.B \-f +Do not include the +.B From_ +line. You should use this option except for +.IR command s +that create +.I mbox +files. +.TP +.B \-r +Do not include the +.B Return-Path +line. +.SH "SEE ALSO" +mbox(5), +qmail-command(8) diff --git a/man/printforward.1 b/man/printforward.1 new file mode 100644 index 0000000..f4beaa0 --- /dev/null +++ b/man/printforward.1 @@ -0,0 +1,16 @@ +.TH s/qmail: printforward 1 +.SH NAME +printforward \- print the instructions in a forwarding database +.SH SYNOPSIS +.B printforward +.SH DESCRIPTION +.B printforward +reads a forwarding database from its standard input +and prints all the forwarding instructions +in a format accepted by +.BR setforward . +.SH "SEE ALSO" +fastforward(1), +newaliases(1), +printmaillist(1), +setforward(1) diff --git a/man/printmaillist.1 b/man/printmaillist.1 new file mode 100644 index 0000000..803cdab --- /dev/null +++ b/man/printmaillist.1 @@ -0,0 +1,15 @@ +.TH s/qmail: printmaillist 1 +.SH NAME +printmaillist \- print the contents of a binary mailing list +.SH SYNOPSIS +.B printmaillist +.SH DESCRIPTION +.B printmaillist +reads a binary mailing list from its standard input +and prints all the forwarding instructions +in a format accepted by +.BR setmaillist . +.SH "SEE ALSO" +newinclude(1), +printforward(1), +setmaillist(1) diff --git a/man/qbiff.1 b/man/qbiff.1 new file mode 100644 index 0000000..085d97e --- /dev/null +++ b/man/qbiff.1 @@ -0,0 +1,31 @@ +.TH s/qmail: qbiff 1 +.SH NAME +qbiff \- announce new mail the moment it arrives +.SH SYNOPSIS +in +.BR .qmail : +.B |qbiff +.SH DESCRIPTION +.B qbiff +writes a message to your screen +whenever a new mail message is delivered, +if you ran +.B biff y +after logging in. + +.B WARNING: +If you create a +.B .qmail +file to enable +.BR qbiff , +make sure to also add a line specifying delivery to your normal mailbox. +For example: + +.EX + /home/joe/Mailbox +.br + |qbiff +.EE +.SH "SEE ALSO" +biff(1), +dot-qmail(5) diff --git a/man/qmail-authuser.9 b/man/qmail-authuser.9 new file mode 100644 index 0000000..affb9fa --- /dev/null +++ b/man/qmail-authuser.9 @@ -0,0 +1,433 @@ +.TH s/qmail: qmail-authuser 8 + +.SH "NAME" +qmail-authuser \- user authentication +.SH "SYNOPSIS" +.B qmail-authuser +[ +.I qmail-pop3d maildirname +| +.I -s authsocket [-x service=authmethod] +] +.I subprogram [ args ] +.SH "DESCRIPTION" +.B qmail-authuser +is a versatile authentication PAM for SMTP and/or POP3 services +providing four different operation modes depending on the input +of the configuration file +.I SQMAIL/users/authuser +and the given arguments. +It can be used as substitude for the programs +.IR checkpassword , +.IR cmd5checkpw , +.IR checkvpw , +and +.I vchkpw +supporting the same arguments on call. +.TP 5 +Native mode: +.B qmail-authuser +reads +.I SQMAIL/users/authuser +and uses the information as local authentication database. +.TP 5 +System mode: +.B qmail-authuser +accesses the Unix +.I /etc/password +file (or it's shadow companion) as authentication source. +.TP 5 +Virtual user mode: +.B qmail-authuser +calls either the virtual domain auth handler +.B vchkpw +or +.BR checkvpw . +.TP 5 +Dovecot mode: +.B qmail-authuser +queries +.B dovecot +as authentication provider. +.SH "USAGE" +.B qmail-authuser +can be called by +.B qmail-smtpd +and/or +.B qmail-popup +while following the +.BR checkpassword 's +interface specification and enabling +LOGIN, PLAIN, and CRAM-MD5 authentication for SMTP +as well as USER and APOP for POP3. + +The information supplied on descriptor 3 +is an \fIauthuser\fR name terminated by \e0, +a \fIpassword\fR or \fIresponse\fR terminated by \e0, +and a \fIchallenge\fR for CRAM-MD5 or APOP +authentication terminated by \e0. +There must be at most 512 bytes of data before end of file. + +In case +.I authuser +and +.I password +match, +.B qmail-authuser +calls +.B pathexec +to run +.B subprogram +with the given arguments and perhaps setting up the user environment. +The use of +.B subprogram +is required and can be expressed as +.B /bin/true +or +.B /usr/bin/true +for compliance reasons. +.SH "FILES" +.I SQMAIL/users/authuser +contains pairs of +.I authuser +and +.I password +tokens separated by a colon (":"). +Both tokens may include white spaces (if supported by the OS) and may +use special characters for certain actions. The provided +.I password +token should have a significant length (> 2 characters). + +Lines starting with the \'#\' sign are regarded as comment. +Trailing empty spaces in lines are removed prior of evaluation. +.SH "AUTHUSER" +The +.I authuser +token is the public part of the identity and +may include a composit information, typically the +.I userid +and the +.I domain +respectively, described as +.IR userid@domain . +.B qmail-authuser +may treat both parts independently. +Domain specific authentication may be considered using the +.I @domain +part within the +.I authuser +token. However, as an abbreviation, +this may be provided simply as +.IR @ , +telling +.B qmail-authuser +to consider all unspecified authusers solely and transparently +as \'virtual users\'. +On the other hand, the +.I authuser +token may be wildcarded as +.IR * . +Now, +.B qmail-authuser +is instructed to query the local Unix system as identity provider. + +More specific +.I authuser +tokens have precedence over less specific, irrespectively of their order. +System mode has precedence over virtual user mode. +Particular users and domains can be disabled from authentication +prepending the name with a \'!\' overruling acceptance: +.IR !authuser . + +Note: Virtual Domain Managers require to include the domain within +.I authuser +in order to identify the domain the user belongs to. +.SH "NATIVE MODE" +.B qmail-authuser +recalculates the digest using the provided challenge +and the passwords from +.IR SQMAIL/users/authuser +and compares it with response (2nd parameter). + +If no challenge is provided, +.B qmail-authuser +compares the supplied password with the stored +.I password +token in +.IR SQMAIL/users/authuser . +Thus, +.B qmail-authuser +can be used as PAM identity provider for +PLAIN, LOGIN, CRAM-MD5 and APOP auth methods. +.SH "SYSTEM MODE" +.B qmail-authuser +may also been used as a replacement for the +.B checkpassword +PAM, allowing to evaluate the +.I /etc/passwd +and +.I shadow +files for the auth methods USER, PLAIN & LOGIN +while only considerung the user part in +.IR authuser . +In this case, +.B qmail-authuser +has to be \'sticky\' and running as +.IR root . +.SH "VIRTUAL USER MODE" +.B qmail-authuser +includes the call of both +.IR vpopmail 's +.B vchkpw +and +.IR vmailmgr 's +.B checkvpw +(which need to be in the path) +and transfers the received authentication information transparently to those. +.SH "DOVECOT MODE" +.B qmail-authuser +is also capabable to connect to a Unix socket created for authentication by +.IR Dovecot . +.SH "POP3 AND APOP" +Calling +.B qmail-authuser +for POP3 authentication with the option +.I qmail-pop3d +together with the format of the mailbox given as +.IR maildirname , +which is typically +.I Maildir +or +.IR mbox . +The required environment variables +\fIUSER\fR, \fIHOME\fR, and \fISHELL\fR +for the respective user are evaluated from +.IR /etc/passwd . +APOP authentication is possible for a given user, if +.I authuser +and the +.I password +is included in +.IR SQMAIL/users/authuser . +Upon successful authentication +.B qmail-authuser +changes to $\fIHOME\fR. +.SH "QUERY AND STORAGE MODES" +The first character +.I X +of the +.I password +token is used to indicate the password's query and storage method. +The following cases may be considered: + +.EX + (1a) authuser:clearpwd + (1b) authuser:%pwdhash + (2a) authuser:? + (2b) *:? + (3a) authuser:+ + (3b) @domain:+ + (3c) @:+ + (3d) authuser:& + (3e) @domain:& + (3f) @:& + (4a) authuser:= + (4b) @domain:= + (4c) @:= +.EE + +(1) Local query/storage: +Here, together with the +.I authuser +plaintext (1a) or hashed passwords (1b) +may be provisioned in the +.I SQMAIL/users/authuser +control file. +In case of +.IR %pwdhash , +the password is stored as MD5, SHA1, or SHA256 hash prepended with the \'%\'. +If the plaintext password is given as +.I password +this means that the following password is taken literally +though allwowing a leading \'%\'. + +(2) Unix system query/storage: +In case the +.I password +token consists of +.IR '?' , +the received authentication information is used to emulate a +standard Unix user login taking the +.I userid +information as system user account. Therefore, no particular +.I password +token is required here. +The inclusion of any specific +.I authuser +information can be avoided in case +.I '*' +is used as shortcut within +.I SQMAIL/users/authuser +followed by +.I '?' +as +.I password +token. Now, the received +.I userid +and password is taken from the Unix system for authentication (crypt). + +(3) Virtual domain query/storage: +Alternatively, +.B qmail-authuser +may call either +.B checkvpw +once a +.I '+' +or +.B vchkpw +in case +.I '&' +is given as +.I password +token. + +(4) Dovecot as Identity Provider: +.B Dovecot +can be used as authentication backend in case a +.I '=' +is included as +.I password +token. Assuming +.B doveadm +is in the path, a particular +.B auth-qmail +listener (socket) is tested by +.I doveadm +with the arguments +.I \'auth test -a\' +provided the socket is available via +.IR \'-s\ authsocket\' . + + +The definition of the auth socket +needs to be included in +.BR Dovecot 's +control file in the following way: + +.EX +service auth { + unix_listener /var/run/dovecot/auth-qmail { + mode = 0600 + user = qmaild + group = nofiles + } +} +.EE + +Reversely, this socket has to be +specified as calling argument for +.I qmail-authuser +providing +.I -s /var/run/dovecot/auth-sqmail +together with an additional executable (true). +The name of the auth socket can +be freely chosen. + +A particular authentication method +can be specified by means of +.I -x service=authmethod +in the call of +.BR qmail-authuser . +Check the +.b doveadmn +documentation for particular authentication methods, +typically available as \fIsmtp\fR and \fIpop3\fR. + +Note: All authentication storage and query mechanism +can be used concurrently, depending on the settings +of the +.I authuser +and +.I password +token in +.IR SQMAIL/users/authuser . +.SH "SECURITY" +.B qmail-authuser +is invoked in the environment of +.B qmail-smtpd +or +.B qmail-popup +which is typically run as user +.IR qmaild . +The file +.I SQMAIL/users/authuser +shall be +.I qmaild +owned and belonging to the group +.I sqmail +and SHOULD NOT be readble by the \fIworld\fR. + +Since the given +.I authuser +token is visible in the email, it could be typically chosen as +.I user@domain +making it usable for virtual domain managers and allowing +a common +.I password +for ESMTP/IMAP4/POP3 services. + +The included +.I password +token shall solely be used for ESMTP/IMAP4/POP3 authentication +and should possess enough entropy. + +A sticky and root-owned +.B qmail-authuser +is a potential security risk. +.SH "PASSWORD HASHES" +Instead of plaintext passwords, additionally +MD5, SHA1, or SHA256 hashes of the passwords may be used. However, +in spite of rainbow tables this requires none-trivial passwords. +.SH "AUTH METHODS" +In case hashed passwords or the UNIX passwords are used, +only the auth methods USER, PLAIN, and LOGIN are working. +Those methods are only secure on encrypted +connections and otherwise are easy victim of an eavesdropper. +Challenge/Response methods - like CRAM-MD5 and APOP - +require having access to the plain-text passwords. For +.B vchkpw +C/R is possible querying the local \'vpopmail\' database. +.SH "EXIT CODES" +In case the provided +.I authuser +or +.I userid +does not exist, or the digest and the response, +or the passwords +differ, +.B qmail-authuser +exits 1. +If +.B qmail-authuser +is misused, it may instead exit 2. +In case +.I SQMAIL/users/authuser +is not readeable, +.B qmail-authuser +exits 110. +If there is a temporary problem checking the password, +.B qmail-authuser +exits 111. +.SH "CREDITS" +The MD5 implmentation originates from RSA though now supporting a +64 bit OS. SHA1 has been created by Steve Reid, and +SHA256 was done by Brad Conte, all released in the Public Domain. +Drew Wells receives credits for putting me into the current direction. +.SH "SEE ALSO" +qmail-popup(8), +qmail-smtpd(8), +checkpassword(8), +vchkpw(8), +checkvpw(8), +doveadm(1), +doveadm-auth(1). diff --git a/man/qmail-badloadertypes.9 b/man/qmail-badloadertypes.9 new file mode 100644 index 0000000..daf07cf --- /dev/null +++ b/man/qmail-badloadertypes.9 @@ -0,0 +1,48 @@ +.TH s/qmail: qmail-badloadertypes 8 + +.SH "NAME" +qmail-badloadertypes \- prepare badloadertypes for qmail-smtpd +.SH SYNOPSIS +.B qmail-badloadertypes + +.SH "DESCRIPTION" +.B qmail-badloadertypes +reads the instructions in +.B SQMAIL/control/badloadertypes +and writes them into +.B SQMAIL/control/badloadertypes.cdb +in a binary format suited +for quick access by +.BR qmail-smtpd . + +If there is a problem with +.BR control/badloadertypes , +.B qmail-badloadertypes +complains and leaves +.B control/badloadertypes.cdb +alone. + +.B qmail-badloadertypes +ensures that +.B SQMAIL/control/badloadertypes.cdb +is updated atomically, +so +.B qmail-smtpd +never has to wait for +.B qmail-badloadertypes +to finish. +However, +.B qmail-badloadertypes +makes no attempt to protect against two simultaneous updates of +.BR control/badloadertypes.cdb . +For convenience, +.B qmail-badloadertypes +allows comments (lines starting with '#') and +copies only the significant leading characters to +.BR control/badloadertypes.cdb . + +The binary +.B control/badloadertypes.cdb +format is portable across machines. +.SH "SEE ALSO" +qmail-smtpd(8) diff --git a/man/qmail-badmimetypes.9 b/man/qmail-badmimetypes.9 new file mode 100644 index 0000000..b9dab16 --- /dev/null +++ b/man/qmail-badmimetypes.9 @@ -0,0 +1,46 @@ +.TH s/qmail: qmail-badmimetype 8 +.SH NAME +qmail-badmimetypes \- prepare badmimetypes for qmail-smtpd +.SH SYNOPSIS +.B qmail-badmimetype +.SH DESCRIPTION +.B qmail-badmimetypes +reads the instructions in +.B SQMAIL/control/badmimetypes +and writes them into +.B SQMAIL/control/badmimetypes.cdb +in a binary format suited +for quick access by +.BR qmail-smtpd . + +If there is a problem with +.BR control/badmimetypes , +.B qmail-badmimetypes +complains and leaves +.B control/badmimetypes.cdb +alone. + +.B qmail-badmimetypes +ensures that +.B control/badmimetypes.cdb +is updated atomically, +so +.B qmail-smtpd +never has to wait for +.B qmail-badmimetypes +to finish. +However, +.B qmail-badmimetypes +makes no attempt to protect against two simultaneous updates of +.BR control/badmimetypes.cdb . +For convenience, +.B qmail-badmimetypes +allows comments (lines starting with '#') and +copies only the significant leading characters to +.BR control/badmimetypes.cdb . + +The binary +.B control/badmimetypes.cdb +format is portable across machines. +.SH "SEE ALSO" +qmail-smtpd(8) diff --git a/man/qmail-clean.8 b/man/qmail-clean.8 new file mode 100644 index 0000000..b4cbc1d --- /dev/null +++ b/man/qmail-clean.8 @@ -0,0 +1,13 @@ +.TH s/qmail: qmail-clean 8 +.SH NAME +qmail-clean \- clean up the queue directory +.SH SYNOPSIS +.B qmail-clean +.SH DESCRIPTION +.B qmail-clean +reads a cleanup command from descriptor 0, +performs the cleanup, +prints the results to descriptor 1, +and repeats. +.SH "SEE ALSO" +qmail-send(8) diff --git a/man/qmail-command.8 b/man/qmail-command.8 new file mode 100644 index 0000000..33f28d7 --- /dev/null +++ b/man/qmail-command.8 @@ -0,0 +1,149 @@ +.TH s/qmail: qmail-command 8 +.SH NAME +qmail-command \- user-specified mail delivery program +.SH SYNOPSIS +in +.BR .qmail\fIext : +.B |\fIcommand +.SH DESCRIPTION +.B qmail-local +will, upon your request, +feed each incoming mail message through a program of your choice. + +When a mail message arrives, +.B qmail-local +runs +.B sh -c \fIcommand +in your home directory. +It makes the message available on +.IR command 's +standard input. + +.B WARNING: +The mail message does not begin with +.BR qmail-local 's +usual +.B Return-Path +and +.B Delivered-To +lines. + +Note that +.B qmail-local +uses the same file descriptor for every delivery +in your +.B .qmail +file, so it is not safe for +.I command +to fork a child that +reads the message in the background while the parent exits. +.SH "EXIT CODES" +.IR command 's +exit codes are interpreted as follows: +0 means that the delivery was successful; +99 means that the delivery was successful, +but that +.B qmail-local +should ignore all further delivery instructions; +100 means that the delivery failed permanently (hard error); +111 means that the delivery failed but should be tried again +in a little while (soft error). + +Currently 64, 65, 70, 76, 77, 78, and 112 are considered hard errors, +and all other codes are considered soft errors, +but +.I command +should avoid relying on this. +.SH "ENVIRONMENT VARIABLES" +.B qmail-local +supplies several useful environment variables to +.IR command . +.B WARNING: +These environment variables are not quoted. +They may contain special characters. +They are under the control of a possibly malicious remote user. + +.B SENDER +is the envelope sender address. +.B NEWSENDER +is the forwarding envelope sender address, +as setup in +.BR dot-qmail(5) . +.B RECIPIENT +is the envelope recipient address, +.IR local@domain . +.B USER +is +.IR user . +.B HOME +is your home directory, +.IR homedir . +.B HOST +is the +.I domain +part of the recipient address. +.B LOCAL +is the +.I local +part. +.B EXT +is the +address extension, +.IR ext . + +.B HOST2 +is the portion of +.B HOST +preceding the last dot; +.B HOST3 +is the portion of +.B HOST +preceding the second-to-last dot; +.B HOST4 +is the portion of +.B HOST +preceding the third-to-last dot. + +.B EXT2 +is the portion of +.B EXT +following the first dash; +.B EXT3 +is the portion +following the second dash; +.B EXT4 +is the portion +following the third dash. +.B DEFAULT +is the portion +corresponding to the +.B default +part of the +.BR .qmail\- ... +file name; +.B DEFAULT +is not set if +the file name does not end with +.BR default . + +.B DTLINE +and +.B RPLINE +are the usual +.B Delivered-To +and +.B Return-Path +lines, +including newlines. +.B UFLINE +is the UUCP-style +.B From_ +line that +.B qmail-local +adds to +.IR mbox -format +files. +.SH "SEE ALSO" +dot-qmail(5), +envelopes(5), +qmail-local(8) diff --git a/man/qmail-control.9 b/man/qmail-control.9 new file mode 100644 index 0000000..5aa1de6 --- /dev/null +++ b/man/qmail-control.9 @@ -0,0 +1,110 @@ +.TH s/qmail: qmail-control 5 +.SH "NAME" +qmail-control \- qmail configuration files +.SH "INTRODUCTION" +You can change the behavior of the +.B qmail +system by modifying +.BR s/qmail 's +.I control files +in +.BR SQMAIL/control . + +.B s/qmail +can survive with just one control file, +.IR me , +containing the +fully-qualified name of the current host. +This file is used as the default for +other hostname-related control files. + +Comments (\'# comment\') are allowed +in +.IR badmailfrom , +.IR badmimetypes , +.IR badloadertypes , +.IR dkimdomains , +.IR locals , +.IR percenthack , +.IR qmqpservers , +.IR rcpthosts , +.IR smtproutes , +.IR srsdomains , +.IR tlsdestinations , +and +.IR virtualdomains . +Trailing spaces and tabs are allowed in any control. + +The following table lists all control files +other than +.IR me . +See the corresponding man pages for further details. + +.RS +.nf +.ta 5c 10c +control default used by + +.I authsenders \fR(none) \fRqmail-remote +.I badhelo \fR(none) \fRqmail-smtpd +.I badmailfrom \fR(none) \fRqmail-smtpd +.I badmimetypes \fR$BADMIMETYPE \fRqmail-smtpd +.I badloadertypes \fR$BADLOADERTYPE \fRqmail-smtpd +.I badrcptto \fR(none) \fRqmail-smtpd +.I bouncefrom \fRMAILER-DAEMON \fRqmail-send +.I bouncehost \fIme \fRqmail-send +.I bouncemaxbytes \fI0 \fRqmail-send +.I concurrencylocal \fR10 \fRqmail-send +.I concurrencyremote \fR20 \fRqmail-send +.I dkimdomains \fR(none) \fRqmail-dksign +.I domaincerts \fR(none) \fRqmail-remote +.I domainips \fR(none) \fRqmail-remote, \frqmail-smtpam +.I defaultdomain \fIme \fRqmail-inject +.I defaulthost \fIme \fRqmail-inject +.I databytes \fR$DATABYTES \fRqmail-smtpd +.I doublebouncehost \fIme \fRqmail-send +.I doublebounceto \fRpostmaster \fRqmail-send +.I envnoathost \fIme \fRqmail-send +.I helohost \fIme \fRqmail-remote +.I idhost \fIme \fRqmail-inject +.I localiphost \fIme \fRqmail-smtpd +.I locals \fIme \fRqmail-send +.I morercpthosts \fR(none) \fRqmail-smtpd +.I mailfromrules \fR(none) \fRqmail-smtpd +.I percenthack \fR(none) \fRqmail-send +.I plusdomain \fIme \fRqmail-inject +.I qmqpservers \fR(none) \fRqmail-qmqpc +.I qmtproutes \fR(none) \fRqmail-remote +.I queuelifetime \fR604800 \fRqmail-send +.I rcpthosts \fR(none) \fRqmail-smtpd +.I recipients \fR(none) \fRqmail-smtpd +.I spfexplain \fRSPF_DEFEXP \fRqmail-smtpd +.I spflocalrules \fR(none) \fRqmail-smtpd +.I srsdomains \fR(none) \fRsrsforward, \fRsrsreverse +.I smtpgreeting \fIme \fRqmail-smtpd +.I smtproutes \fR(none) \fRqmail-remote +.I timeoutconnect \fR60 \fRqmail-remote, \fRqmail-smtpam +.I timeoutremote \fR1200 \fRqmail-remote, \fRqmail-smtpam +.I timeoutsmtpd \fR1200 \fRqmail-smtpd +.I tlsdestinations \fR(none) \fRqmail-remote, \fRqmail-smtpam +.I virtualdomains \fR(none) \fRqmail-send +.fi + +.RE +.IR Defaultvalues +following a $ sign (ie. $RELAYCLIENT) depend on the +corresponding environment variable. + +.IR Use +.BR qmail-showctl +to display actual settings. + +.SH "SEE ALSO" +srsforward(1), +qmail-dksgin(8), +qmail-inject(8), +qmail-qmqpc(8), +qmail-remote(8), +qmail-send(8), +qmail-showctl(8), +qmail-smtpd(8). diff --git a/man/qmail-dkim.8 b/man/qmail-dkim.8 new file mode 100644 index 0000000..53463e9 --- /dev/null +++ b/man/qmail-dkim.8 @@ -0,0 +1,217 @@ +.TH s/qmail: qmail-dkim 8 +.SH "NAME" +qmail-dkim \- libdkim implementation for s/qmail +.SH "SYNOPSIS" +.B qmail-dkim +[ +.I -h +.I -v +.I -V +.I -s[ecckey] +.I -b[1|2|3] +.I -c[s|t|u] +.I -d domain +.I -i identity +.I -l +.I -q +.I -t +.I -x expire_time +.I -y selector +.I -Y selector2 +.I -z[1|2|3|4|5] +] +.I in_message +.I RSA_private_key +.I out_message +.I Ed25519_private_key +.SH "DESCRIPTION" +.B qmail-dkim +is the implementation of +.B libdkim +for s/qmail providing API compatibility +and supporting RSA and Ed25519 DKIM signatures +in single or hybrid mode. +In hybrid mode, two +.I private keys +and two +.I selectors +need to be provided. +.B qmail-dkim +supports distinct operations: +.TP 5 +.B qmail-dkim \fI-s in_message RSA_private_key out_message\fR +DKIM signes +.I in_message +with the given +.I private_key +and returns +.IR out_message . +.TP 5 +.B qmail-dkim \fI-s in_message RSA_private_key out_message Ed255_private_key\fR +signs +.I in_message +with both a RSA +.I RSA_private_key +and a +.IR Ed25519_private_key. +Here, the RSA default selector is \fIdefault\fR and the +Ed25519 default selector is \fIeddy\fR; both subject of change. +.TP 5 +.B qmail-dkim \fI-v in_message\fR +verifies the +.IR in_message . +.SH "DKIM FORMATS" +DKIM needs a common understanding of the attributes +subject for signing and verification. +The following attributes can be set: +.TP 5 +-c +is the 'canonicalization', thus how a validiation client +should deal with signature verification of the +message headers and/or body. Here, the choices are given +via an appended character: +.I r +relax on header, +.I s +simple (strict) on message body, +.I t +relax/simple, or eventually +.I u +simple relaxed. +Finally, the hash function to be used in the signature +can be given as +.TP 5 +-z +following either with +.I 1 +using sha1, or +.I 2 +using sha256, or finally as default +.I 3 +providing both signature values in the mail header. +.I 4 +telling +.B qmail-dkim +to use the Ed25519 signature scheme. +.I 5 +allows +.B qmail-dkim +to attach both a +.I RSA-SHA256 +as well as a +.I Ed25519 +signature to the message, which considered to be a +.I hybrid +mode. + +.SH "DKIM SIGNING" +.B qmail-dkim +will include (several) message headers detailing the +.B DKIM signature +with at least the following fields: +.TP 3 +a += +.TP 3 +c += +.TP 3 +s += +.TP 3 +d += +.TP 3 +i += +.TP 3 +h += +.TP 3 +bh += +.TP 3 +b += +.P +Additional settings can be achieved using the following options: +.TP 5 +.I -d domain +is the signer's domain name and together with the prepended +.TP 5 +.I -y selector +it is used for the DNS TXT lookup of the public key; supporting +mainly key roll-over. The first selector is used for RSA signatures. +.TP 5 +.I -Y selector2 +Same as \fI-y\fR but now for Ed25519 signatures. +.TP 5 +.I -I identifier +giving an additional hint about the agent or identifier +responsible for the signing like 'postmaster@domain'; defaults to +.IR domain . +.TP 5 +.I -t expire_time +given in seconds, tells how log the signature is valid. +It defaults to +.I 604800 +secconds (seven days). +.P +Further, some more option fields can be displayed in the header: +.TP 5 +.I -l +include a body length tag. +.TP 5 +.I -q +include the query method tag. + +.SH "DKIM VERIFICATION" +.B qmail-dkim +as invoked by +.B qmail-dkverify +extracting the received DKIM header fields, +and following the signature verification procedure +as given here, while fetching the signer's +.I public key +using a DNS TXT lookup. +Now, the respective header lines, and/or +the message body will be hashed and compared +against the values taken from the signatures. + +The results will be indicated by either return code +.I 0 +in case of success, +.I 1 +in case of mismatch, or +.I -1 +if other failures were encountered. + +Given the call argument +.TP 3 +-v +.B qmail-dkim +will provide the DKIM results +.I pass +or +.I fail +including verbose reasons on the commmand line. +This is the legacy mode. + +.RE +Rather, invoking +.B qmail-dkim +with argument +.TP 3 +-V +it communicates the results over a file interface +to be picked up by +.IR qmail-dkverify . + +.SH "SEE ALSO" +qmail-queue(8), +qmail-remote(8), +qmail-dksign(8), +qmail-dkverify(8), +qmail-send(8), +qmail-log(8). + diff --git a/man/qmail-dksign.9 b/man/qmail-dksign.9 new file mode 100644 index 0000000..08d310e --- /dev/null +++ b/man/qmail-dksign.9 @@ -0,0 +1,336 @@ +.TH s/qmail: qmail-dksign 8 +.SH "NAME" +qmail-dksign \- DKIM sign outgoing messages +.SH "SYNOPSIS" +.B qmail-dksign +.I host +.I sender +.I recip +[ +.I recip ... +] +.SH "DESCRIPTION" +.B qmail-dksign +is a stub routine to be invoked by +.B qmail-spawn +in place of +.B qmail-remote +and is required to customize the signing policy +for outgoing emails according to RFC 6893/8463 by means of +.B qmail-dkim +and finally to invoke +.B qmail-remote +for subsequent message delivery. + +.B qmail-dksign +is also an extension to +.B qmail-queue +(with comparable permissions) using +.I queue/dkim// +to provide a temporary but persistent staging +area for outgoing messages to be DKIM signed. +.SH "CONTROL FILE" +.B qmail-dksign +will be only called by +.B qmail-rspawn +if +.I SQMAIL/control/dkimdomains +is present. + +.IR dkimdomains : +\'domain:selector[,selector2]|sdid|[auid|~]|expire|c:z:l\' +allows multitenant and hybrid DKIM signing settings per sending +.IR domain . + +.I domain +is the sender's envelope domain in order to fetch the +individually tailored DKIM signing paramaters for these. + +The following DKIM parameters can be specified: +.TP 5 +.I selector +is used as prepending name label for +.IR domain : +.IR selector._domainkey.domain . +If not explicitely given, it defaults to +.I default +and is mostly used to support the key roll-over. +.TP 5 +.I selector,selector2 +defines a hybrid selector and allows to provide +two different selectors together +with their private keys for concurrently signing of messages +according to both the RSA-SHA256 and the Ed25519 algorithm. +.TP 5 +.I sdid +Here, you can overwrite the 'Signing Domain Identifier' (SDID), +thus decouple the information given in the DKIM header from +the envelope domain sender. This allows to setup common DNS +public keys for several domains irrespectively of the sending +.IR domain . +.TP 5 +.I auid +is the 'Agent/User Identifier' of the signer, +in case it is not the sending +.IR domain . +In most cases it can be neglected and is obsolete. +Rather, you can specifiy that the +.I auid +is always included as +.I originator +of the mail while providing the tilde symbol +.I ~ +here as generic substitude. +.TP 5 +.I expire +determins the validity period of the signature in DKIM signed +message. Due to the assumed key-rollover, it is limited +and defaults to +.I 604800 +secs since the email was signed. +.TP 5 +.I c +is the 'canonicalization'; thus how a validation client +should deal with signature verification of the received +message header and/or body. Here, the choices are +.I r +relax (allow mangling of whitespaces and cases; default) +.I s +simple (=strict) +.I t +relax on header, simple on body, +.I u +simple on header, relax on body. +.TP 5 +.I z +The signature algorithm can be specified as +.I 1 +RSA with sha1, +.I 2 +RSA with sha256 (as default), or +.I 3 +providing both signature values in the mail header; +.I 4 +Ed25519 ECC signatures. +.I 5 +tells +.B qmail-dksign +to include both +.I RSA-SHA256 +and +.I Ed25519 +signatures in the mail header. +Here, you need two different +.I selectors +and +.IR private\ keys. +Finally, setting +.TP 5 +.I l +(literal) advices +.I qmail-dkim +to include the body hash length (after canonicalization) +to the DKIM header. This might be useful to cope with programs +like mailing list servers adding a 'footer' to the mail +after the signing operation has been completed. + +.RE +RSA and Ed25519 signatures can now be used simultaneously +while providing different keys available as distinct selectors. +Those settings are handed-over to +.B qmail-dkim +to provide the signing of emails. +.B qmail-dksign +calls +.B qmail-dkim +to automatically include the query method +.I q=dns/txt +in the DKIM header. +.SH "SELECTING DOMAINS FOR SIGNING" +.B qmail-dksign +can be instructed to sign all outgoing mails with the +MTA's private key. This is achieved by simply using +.I *: +in +.IR control/dkimdomains . +Rather, the signing operation can be restricted for domains +.B s/qmail +has responsibility for, as given in +.IR rcpthosts . +This is commanded via +.IR =: . +Alternatively, in multitenant mode +.B qmail-dksign +may use domain specific DKIM settings and private keys +for the sending domains and permitting parenting. +Particular domains for which outgoing emails shall +not be DKIM signed can be given as: +.IR !nodkim.org . + +.EE + *: + =:default,eddy||~||:5 + .heaven.com:||me@devil.com|500000|r:3 + cloud1.com:january|postmaster@cloud.com|||t::l + cloud7.com:february|postmaster@cloud.com|||u:1 + mybuddy.org:eddy||||:4 + !nodkim.org: +.EX + +Note: The owner of the crypto material (public and private keys) is +.IR qmailq . +.SH "CRYPTO MATERIAL" +.B qmail-dksign +follows the conventions from +.B qmail-remote +to use the directory +.I SQMAIL/ssl/domainkeys +to store public and private keys. + +Each +.I domain +may have its own key material resulting in a structure +.IR SQMAIL/ssl/domainkeys// , +where the following keyfiles are expected: +.TP 5 +.IR \ (default:\ 'default') +is a mandatory symbolic link to +.I [rsa|ed25519].private_ +used for signing. +.TP 5 +.I rsa.public_ +is the DER-header enriched and base64 encoded RSA public key. +.TP 5 +.I ed25519.public_ +is the 'naked' base64 encoded Ed25519 public key. + +.RE +Here, +.I +is the name of the current +.IR selector . +After having generated keys and providing a new +.IR selector , +this name has to be included as +.I selector +for the given domain in +.I SQMAIL/control/dkimdomains +in order to become active for signing. + +In case of +.I hybrid\ signatures +different selectors need to be given for the +RSA and the Ed25519 keys each. +They have to be provided concatinated by a colon in +.IR dkimdomains . +White spaces are not allowed. If the RSA selector is +.IR default , +it can be omitted while followed by the colon and the +Ed25519 selector name. + +.SH "SHARING KEYS FOR DIFFERENT DOMAINS" +Different +.I domains +may however share common keys for signing and verification. +In order to allow a common private key for signing, simply +create symlinks for the others domains under +.I SQMAIL/ssl/domainkeys/ +to the master one. +.B qmail-dksign +will now pick up those and use the provided key for signing. + +However, in general this reqires to deploy DKIM records +for those domains sharing the same public key but require +different domain names as distinguished DNS TXT records. + +Rather, you may want to publish just one +DKIM DNS TXT record which is commonly shared for all +concerning domains. Since the +.I sending\ domain +is used as default for the +.IR SDID , +you need now to provide the same +.I SDID +explicitely for each domain of concern in +.IR control/dkimdomains . + +The '' - and not the SDID - +together with the literal +.I ._domainkey. +and the domain name defines the binding of the +private key with the DKIM TXT record: +.IR ._domainkey. . + +.SH "GNERATING CRYPTO MATERIAL" +Public/private keys can be generated by +.I OpenSSL +or +.I LibreSSL +or compatible TLS implementations and +shall be provided in canonical format. +The directory +.I SQMAIL/ssl/domainkeys/ +and the resulting key needs to be readable by +.IR qmailq , +the user +.B qmail-dksign +and +.B qmail-dkim +runs under. The private key shall +.B NEVER +exposed to the public. + +The script +.B mkdkimkey +is enabled to generate +.I RSA +or +.I Ed25519 +private and public keys in the required format +together with a +.I BIND +compliant DKIM DNS TXT record. +.SH "RESPONSES" +.B qmail-dksign +may provide the following responses indicating an error: +.TP 5 +Z +Unable to switch to target directory. +.TP 5 +Z +Unable to create DKIM stage file: +.TP 5 +Z +Unable to unlink DKIM stage file. +.TP 5 +Z +Unable to read control files. +.TP 5 +Z +Unable to read message. +.TP 5 +D +SMTP cannot transfer messages with partial final lines. +.TP 5 +K +can't read private file: continue without signing. +.TP 5 +Z +unable to run qmail-remote. (=> configuration/permission error) +.SH "SYSTEM IMPACT" +.B qmail-dksign +makes heavy use of system file descriptors. +Given a high +.I concurrencyremote +you may run out of file descriptors which thus need to be enhanced +either system-wide or for the specific users +.I qmailr +and +.IR qmails . +.SH "SEE ALSO" +qmail-queue(8), +qmail-remote(8), +qmail-dkim(8), +qmail-dkverify(8), +qmail-log(8). + diff --git a/man/qmail-dkverify.8 b/man/qmail-dkverify.8 new file mode 100644 index 0000000..eb56952 --- /dev/null +++ b/man/qmail-dkverify.8 @@ -0,0 +1,137 @@ +.TH s/qmail: qmail-dkverify 8 +.SH "NAME" +qmail-dkverify \- verification of DKIM signatures in messages upon receipt +.SH "SYNOPSIS" +.B qmail-dkverify +.SH "DESCRIPTION" +.B qmail-dkverify +is invoked faciliting the +.I QMAILQUEUE(_EXTRA) +mechanism. + +.SH "CALLING CHAIN" +Verifying DKIM signatures upon receipt involves the +following calling chain: + +1. +.B qmail-smtpd +called from +.B sslserver +/ +.BR tcpserver. + +2. +.B qmail-dkverify +called by the +.I QMAILQUEUE(_EXTRA) +mechanism as (first) replacement for +.B qmail-queue +as a stub. +The incoming message is enhanced by the required CR +characters line-by-line and stored in +.IR queue/dkim/[split]/xyz . + +3. +.B qmail-dkim +is called by +.B qmail-dkverify +as a child performing the actual verification on +.I queue/dkim/[split]/xyz +while using a DNS TXT lookup for the sender's public key +given in the DKIM message header and +calling the fehQlibs DNS routines. +The verification results are persisted at +.IR queue/dkim/[split]/zyx . + +4. +.B qmail-dkverify +(as parent) reading the evaluated DKIM information from +.B qmail-dkim +and assembling a DKIM header line with the results +prepended to the message. + +5. +.B qmail-queue +is finally called to queue the message for delivery. + +.SH "INVOCATION AND USAGE" +In order to invoke +.B qmail-dkverify +the environment variable +.I QMAILQUEUE="bin/qmail-dkverify" +has to be populated in the context of +.BR qmail-smtpd . + +Since +.B qmail-smtpd +is typically called by means of +.B sslserver +or +.BR tcpserver , +the +.I tcpd.smtp.cdb +database as compiled by +.B tcprules +can be enhanced to include a line like +.I :alllow:QMAILQUEUE="bin/qmail-dkverify" +making use of the QMAILQUEUE_EXTRA mechanism. + +Alternatively, this environment variable could be +defined as part of +.BR qmail-smtpd 's +start script which would now enable to +provide DKIM signature checking for all +SMTP sessions irrespectively of their origin. + +Usually, +.B qmail-dkverify +works in annotation mode only. + +However, setting additionally the environment variable +.I DKIM="+" +would command +.B qmail-dkverify +to reject mails failing the +DKIM signature verification. +In case of a rejection, the +.B qmail-smtpd +log shows the following message: +.IR Reject::DKIM::Signature . + +Note: +.B qmail-dkverify +shall not be used for authenticated +SMTP sessions, typically provided on the +.I Submission +port. + +.SH "LOGGING" +No particular logging is currently forseen. +Rather, each individual RFC 822 message is enhanced by +the following header line in case a DKIM signature +is recognized: + +.I X-Authentication-Results: sender dkim=[pass|fail (verbose error message)] MTA +including the +.I sender +and the evaluating +.I MTA +as given in +.IR control/me . +In case of a \fIfail\fR, the verbose reason +follows in parenthesis. + +.SH "SYSTEM IMPACT" +.B qmail-dkverify +does several reads and writes on the +received messages. Apart from the cryptographic +operations, this will slow down message exchange +and increase the load on the system. + +.SH "SEE ALSO" +qmail-queue(8), +qmail-remote(8), +qmail-dkim(8), +qmail-dksign(8), +qmail-log(8). + diff --git a/man/qmail-getpw.9 b/man/qmail-getpw.9 new file mode 100644 index 0000000..c246b0e --- /dev/null +++ b/man/qmail-getpw.9 @@ -0,0 +1,114 @@ +.TH s/qmail: qmail-getpw 8 +.SH NAME +qmail-getpw \- give addresses to users +.SH SYNOPSIS +.B qmail-getpw +.I local +.SH DESCRIPTION +In +.BR s/qmail , +each user controls a vast array of local addresses. +.B qmail-getpw +finds the user that controls a particular address, +.IR local . +It prints six pieces of information, +each terminated by NUL: +.IR user ; +.IR uid ; +.IR gid ; +.IR homedir ; +.IR dash ; +and +.IR ext . +The user's account name is +.IR user ; +the user's uid and gid in decimal are +.I uid +and +.IR gid ; +the user's home directory is +.IR homedir ; +and messages to +.I local +will be handled by +.IR homedir\fB/.qmail\fIdashext . + +In case of trouble, +.B qmail-getpw +exits nonzero without printing anything. + +.B WARNING: +The operating system's +.B getpwnam +function, which is at the heart of +.BR qmail-getpw , +is inherently unreliable: +it fails to distinguish between temporary errors and nonexistent users. +Future versions of +.B getpwnam +should return ETXTBSY to indicate temporary errors +and ESRCH to indicate nonexistent users. +.SH "RULES" +.B qmail-getpw +considers an account in +.B /etc/passwd +to be a user if +(1) the account has a nonzero uid, +(2) the account's home directory exists (and is visible to +.BR qmail-getpw ), +and +(3) the account owns its home directory. +.B qmail-getpw +ignores account names containing uppercase letters. +.B qmail-getpw +also assumes that all account names are shorter than 32 characters. + +.B qmail-getpw +gives each user +control over the basic +.I user +address and +all addresses of the form +.IR user\fBBREAK\fIanything . +When +.I local +is +.IR user , +.I dash +and +.I ext +are both empty. +When +.I local +is +.IR user\fBBREAK\fIanything , +.I dash +is a hyphen and +.I ext +is +.IR anything . +.I user +may appear in any combination of uppercase and lowercase letters +at the front of +.IR local . + +A catch-all user, +.BR alias , +controls all other addresses. +In this case +.I ext +is +.I local +and +.I dash +is a hyphen. + +You can override all of +.BR qmail-getpw 's +decisions with the +.B qmail-users +mechanism, which is reliable, highly configurable, and much faster than +.BR qmail-getpw . +.SH "SEE ALSO" +qmail-users(5), +qmail-lspawn(8) diff --git a/man/qmail-header.5 b/man/qmail-header.5 new file mode 100644 index 0000000..7142364 --- /dev/null +++ b/man/qmail-header.5 @@ -0,0 +1,332 @@ +.TH s/qmail: qmail-header 5 +.SH NAME +qmail-header \- format of a mail message +.SH OVERVIEW +At the top of every mail message is a +highly structured +.BR header . +Many programs expect the header to carry certain information, +as described below. +The main function of +.B qmail-inject +is to make sure that each outgoing message has an appropriate header. + +For more detailed information, see +.BR http://pobox.com/~djb/proto/immhf.html . +.SH "MESSAGE STRUCTURE" +A message contains a series of +.I header fields\fR, +a blank line, +and a +.IR body : + +.EX + Received: (qmail-queue invoked by uid 666); +.br + 30 Jul 1996 11:54:54 -0000 +.br + From: djb@silverton.berkeley.edu (D. J. Bernstein) +.br + To: fred@silverton.berkeley.edu +.br + Date: 30 Jul 1996 11:54:54 -0000 +.br + Subject: Go, Bears! +.br + +.br + I've got money on this one. How about you? +.br + +.br + ---Dan (this is the third line of the body) +.EE + +Each header field has a +.IR name , +a colon, +some +.IR contents , +and a newline: + +.EX + Subject: Go, Bears! +.EE + +The field contents may be folded across several lines. +Each line past the first must begin with a space or tab: + +.EX + Received: (qmail-queue invoked by uid 666); +.br + 30 Jul 1996 11:54:54 -0000 +.EE + +The field name must not contain spaces, tabs, or colons. +Also, an empty field name is illegal. +.B qmail-inject +does not allow field names with unprintable characters. + +Case is irrelevant in field names: +.B subject +and +.B SUBJECT +and +.B SuBjEcT +have the same meaning. +.SH "ADDRESS LISTS" +Certain fields, such as +.BR To , +contain +.I address lists\fR. + +An address list contains some number of +.I addresses +or +.I address groups\fR, +separated by commas: + +.EX + a@b, c@d (Somebody), A Person , +.br + random group: g@h, i@j;, k@l +.EE + +An +.I address group +has some text, a colon, a list of addresses, +and a semicolon: + +.EX + random group: g@h, i@j; +.EE + +An address can appear in several forms. +The most common form is +.IR box@host . + +Every address must include a host name. +If +.B qmail-inject +sees a lone box name +it adds the +.I default host name\fR. + +All host names should be fully qualified. +.B qmail-inject +appends the +.I default domain name +to any name without dots: + +.EX + djb@silverton -> djb@silverton.berkeley.edu +.EE + +It appends the +.I plus domain name +to any name +that ends with a plus sign: + +.EX + eric@mammoth.cs+ -> eric@mammoth.cs.berkeley.edu +.EE + +A host name may be a dotted-decimal address: + +.EX + djb@[128.32.183.163] +.EE + +RFC 822 allows mailbox names inside angle brackets +to include +.I source routes\fR, +but +.B qmail-inject +strips all source routes out of addresses. +.SH "SENDER ADDRESSES" +.B qmail-inject +looks for sender address lists in the following fields: +.BR Sender , +.BR From , +.BR Reply-To , +.BR Return-Path , +.BR Return-Receipt-To , +.BR Errors-To , +.BR Resent-Sender , +.BR Resent-From , +.BR Resent-Reply-To . + +If there is no +.B From +field, +.B qmail-inject +adds a new +.B From +field with the name of the user invoking +.B qmail-inject. + +RFC 822 requires that certain sender fields contain +only a single address, but +.B qmail-inject +does not enforce this restriction. +.SH "RECIPIENT ADDRESSES" +.B qmail-inject +looks for recipient address lists in the following fields: +.BR To , +.BR Cc , +.BR Bcc , +.BR Apparently-To , +.BR Resent-To , +.BR Resent-Cc , +.BR Resent-Bcc . + +Every message must contain at least one +.B To +or +.B Cc +or +.BR Bcc . +.B qmail-inject +deletes any +.B Bcc +field. +If there is no +.B To +or +.B Cc +field, +.B qmail-inject +adds a line + +.EX + Cc: recipient list not shown: ; +.EE + +This complies with RFC 822; +it also works around some strange +.B sendmail +behavior, in case the message is passed through +.B sendmail +on another machine. +.SH STAMPS +Every message must contain a +.B Date +field, with the date in a strict format defined by RFC 822. +If necessary +.B qmail-inject +creates a new +.B Date +field with the current date (in GMT). + +Every message should contain a +.B Message-Id +field. +The field contents are a unique worldwide identifier for this message. +If necessary +.B qmail-inject +creates a new +.B Message-Id +field. + +Another important field is +.BR Received . +Every time the message is sent from one system to another, +a new +.B Received +field is added to the top of the message. +.B qmail-inject +does not create any +.B Received +fields. +.SH "RESENT MESSAGES" +A message is +.I resent +if it contains any of the following fields: +.BR Resent-Sender , +.BR Resent-From , +.BR Resent-Reply-To , +.BR Resent-To , +.BR Resent-Cc , +.BR Resent-Bcc , +.BR Resent-Date , +.BR Resent-Message-ID . + +If a message is resent, +.B qmail-inject +changes its behavior as follows. + +It deletes any +.B Resent-Bcc +field (as well as any +.B Bcc +field); +if there are no +.B Resent-To +or +.B Resent-Cc +fields, +.B qmail-inject +adds an appropriate +.B Resent-Cc +line. +It does +.I not +add a +.B Cc +line, +even if neither +.B To +nor +.B Cc +is present. + +If there is no +.B Resent-From +field, +.B qmail-inject +adds a new +.B Resent-From +field. +It does +.I not +add a new +.B From +field. + +.B qmail-inject +adds +.B Resent-Date +if one is not already present; +same for +.BR Resent-Message-Id . +It does +.I not +add new +.B Date +or +.B Message-Id +fields. +.SH "OTHER FEATURES" +Addresses are separated by commas, not spaces. +When +.B qmail-inject +sees an illegal space, +it inserts a comma: + +.EX + djb fred -> djb, fred +.EE + +.B qmail-inject +removes all +.B Return-Path +header fields. + +.B qmail-inject +also removes any +.B Content-Length +fields. +.SH "SEE ALSO" +addresses(5), +envelopes(5), +qmail-inject(8) diff --git a/man/qmail-inject.8 b/man/qmail-inject.8 new file mode 100644 index 0000000..33d37e2 --- /dev/null +++ b/man/qmail-inject.8 @@ -0,0 +1,309 @@ +.TH s/qmail: qmail-inject 8 +.SH NAME +qmail-inject \- preprocess and send a mail message +.SH SYNOPSIS +.B qmail-inject +[ +.B \-nNaAhH +] [ +.B \-f\fIsender +] [ +.I recip ... +] +.SH DESCRIPTION +.B qmail-inject +reads a mail message from its standard input, +adds appropriate information to the message header, +and invokes +.B qmail-queue +to send the message +to one or more recipients. + +See +.B qmail-header(5) +for information on how +.B qmail-inject +rewrites header fields. + +.B qmail-inject +normally exits 0. +It exits 100 if it was invoked improperly +or if there is a severe syntax error in the message. +It exits 111 for temporary errors. +.SH "ENVIRONMENT VARIABLES" +For the convenience of users who do not run +.B qmail-inject +directly, +.B qmail-inject +takes many options through environment variables. + +The user name in the +.B From +header field is set by +.BR QMAILUSER , +.BR MAILUSER , +.BR USER , +or +.BR LOGNAME , +whichever comes first. + +The host name is normally set by the +.I defaulthost +control +but can be overridden with +.B QMAILHOST +or +.BR MAILHOST . + +The personal name is +.BR QMAILNAME , +.BR MAILNAME , +or +.BR NAME . + +The default envelope sender address is the same as the +default +.B From +address, +but it can be overridden with +.B QMAILSUSER +and +.BR QMAILSHOST . +It may also be modified by the +.B r +and +.B m +letters described below. +Bounces will be sent to this address. + +If +.B QMAILMFTFILE +is set, +.B qmail-inject +reads a list of mailing list addresses, +one per line, +from that file. +If To+Cc includes one of those addresses (without regard to case), +.B qmail-inject +adds a Mail-Followup-To field +with all the To+Cc addresses. +.B qmail-inject +does not add Mail-Followup-To +to a message that already has one. + +The +.B QMAILINJECT +environment variable +can contain any of the following letters: +.TP +.B c +Use address-comment style for the +.B From +field. +Normally +.B qmail-inject +uses name-address style. +.TP +.B s +Do not look at any incoming +.B Return-Path +field. +Normally, if +.B Return-Path +is supplied, it sets the envelope sender address, +overriding all environment variables. +.B Return-Path +is deleted in any case. +.TP +.B f +Delete any incoming +.B From +field. +Normally, if +.B From +is supplied, it overrides the usual +.B From +field created by +.BR qmail-inject . +.TP +.B i +Delete any incoming +.B Message-ID +field. +Normally, if +.B Message-ID +is supplied, it overrides the usual +.B Message-ID +field created by +.BR qmail-inject . +.TP +.B r +Use a per-recipient VERP. +.B qmail-inject +will append each recipient address to the envelope sender +of the copy going to that recipient. +.TP +.B m +Use a per-message VERP. +.B qmail-inject +will append the current date and process ID to the envelope sender. +.SH OPTIONS +.TP +.B \-a +Send the message to all addresses given as +.I recip +arguments; +do not use header recipient addresses. +.TP +.B \-h +Send the message to all header recipient addresses. +For non-forwarded messages, this means +the addresses listed under +.BR To , +.BR Cc , +.BR Bcc , +.BR Apparently-To . +For forwarded messages, this means +the addresses listed under +.BR Resent-To , +.BR Resent-Cc , +.BR Resent-Bcc . +Do not use any +.I recip +arguments. +.TP +.B \-A +(Default.) +Send the message to all addresses given as +.I recip +arguments. +If no +.I recip +arguments are supplied, +send the message to all header recipient addresses. +.TP +.B \-H +Send the message to all header recipient addresses, +and to all addresses given as +.I recip +arguments. +.TP +.B \-f\fIsender +Pass +.I sender +to +.B qmail-queue +as the envelope sender address. +This overrides +.B Return-Path +and all environment variables. +.TP +.B \-N +(Default.) +Feed the resulting message to +.BR qmail-queue . +.TP +.B \-n +Print the message rather than feeding it to +.BR qmail-queue . +.SH "CONTROL FILES" +.TP 5 +.I defaultdomain +Default domain name. +Default: +.IR me , +if that is supplied; +otherwise the literal name +.BR defaultdomain , +which is probably not what you want. +.B qmail-inject +adds this name to any host name without dots, +including +.I defaulthost +if +.I defaulthost +does not have dots. +(Exception: see +.IR plusdomain .) + +The +.B QMAILDEFAULTDOMAIN +environment variable +overrides +.IR defaultdomain . +.TP 5 +.I defaulthost +Default host name. +Default: +.IR me , +if that is supplied; +otherwise the literal name +.BR defaulthost , +which is probably not what you want. +.B qmail-inject +adds this name to any address without a host name. +.I defaulthost +need not be the current host's name. +For example, +you may prefer that outgoing mail show +just your domain name. + +The +.B QMAILDEFAULTHOST +environment variable overrides +.IR defaulthost . +.TP 5 +.I idhost +Host name for Message-IDs. +Default: +.IR me , +if that is supplied; +otherwise the literal name +.BR idhost , +which is certainly not what you want. +.I idhost +need not be the current host's name. +For example, you may prefer to use fake +host names in Message-IDs. +However, +.I idhost +must be a fully-qualified name within your domain, +and each host in your domain should use a different +.IR idhost . + +The +.B QMAILIDHOST +environment variable overrides +.IR idhost . +.TP 5 +.I plusdomain +Plus domain name. +Default: +.IR me , +if that is supplied; +otherwise the literal name +.BR plusdomain , +which is probably not what you want. +.B qmail-inject +adds this name to any host name that ends with a plus sign, +including +.I defaulthost +if +.I defaulthost +ends with a plus sign. +If a host name does not have dots but ends with a plus sign, +.B qmail-inject +uses +.IR plusdomain , +not +.IR defaultdomain . + +The +.B QMAILPLUSDOMAIN +environment variable overrides +.IR plusdomain . +.SH "SEE ALSO" +addresses(5), +qmail-control(5), +qmail-header(5), +qmail-queue(8) diff --git a/man/qmail-limits.9 b/man/qmail-limits.9 new file mode 100644 index 0000000..47f81f4 --- /dev/null +++ b/man/qmail-limits.9 @@ -0,0 +1,33 @@ +.TH s/qmail: qmail-limits 7 +.SH "NAME" +qmail-limits \- artificial limits in the qmail system + +.SH "DESCRIPTION" +The +.B qmail +system is able to handle messages of any size, +addresses of any size, mailing lists of any size, and so on, +except as limited by the available memory and disk space. + +However, it imposes certain artificial limits: +.TP 5 +1. +.B qmail-lspawn +silently limits the number of simultaneous local deliveries to SPAWN. +.B qmail-rspawn +silently limits the number of simultaneous remote deliveries to SPAWN. +.TP 5 +2. +.B qmail-queue +rejects any message with an envelope address longer than 1000 characters. +.TP 5 +3. +.B qmail-lspawn +truncates any overly long error report from a delivery program. +It appends a note saying that it did so. + +.SH "SEE ALSO" +qmail-lspawn(8), +qmail-queue(8), +qmail-rspawn(8), +ulimit(3). diff --git a/man/qmail-local.8 b/man/qmail-local.8 new file mode 100644 index 0000000..9074d4e --- /dev/null +++ b/man/qmail-local.8 @@ -0,0 +1,99 @@ +.TH s/qmail: qmail-local 8 +.SH NAME +qmail-local \- deliver or forward a mail message +.SH SYNOPSIS +.B qmail-local +[ +.B \-nN +] +.I user +.I homedir +.I local +.I dash +.I ext +.I domain +.I sender +.I defaultdelivery +.SH DESCRIPTION +.B qmail-local +reads a mail message +and delivers it to +.I user +by the procedure described in +.BR dot-qmail(5) . + +The message's envelope recipient is +.IR local@domain . +.B qmail-local +records +.I local@domain +in a new +.B Delivered-To +header field without the virtual user name extension. +If exactly the same +.B Delivered-To: \fIlocal@domain +already appears in the header, +.B qmail-local +bounces the message, +to prevent mail forwarding loops. + +The message's envelope sender is +.IR sender . +.B qmail-local +records +.I sender +in a new +.B Return-Path +header field. + +.I homedir +is the user's home directory. +It must be an absolute directory name. + +.I dash +and +.I ext +identify the +.B .qmail\fIdashext +file used by +.BR qmail-local ; +see +.BR dot-qmail(5) . +Normally +.I dash +is either empty or a lone hyphen. +If it is empty, +.B qmail-local +treats a nonexistent +.B .qmail\fIext +the same way as an empty +.BR .qmail\fIext : +namely, following the delivery instructions in +.IR defaultdelivery . + +The standard input for +.B qmail-local +must be a seekable file, +so that +.B qmail-local +can read it more than once. +.SH "OPTIONS" +.TP +.B \-n +Instead of reading and delivering the message, +print a description of the delivery instructions. +.TP +.B \-N +(Default.) Read and deliver the message. +.SH "EXIT CODES" +0 if the delivery is completely successful; +nonzero if any delivery instruction failed. +Exit code 111 +indicates temporary failure. +.SH "SEE ALSO" +dot-qmail(5), +envelopes(5), +qmail-command(8), +qmail-queue(8), +qmail-send(8), +qmail-lspawn(8) diff --git a/man/qmail-log.5 b/man/qmail-log.5 new file mode 100644 index 0000000..a7584e1 --- /dev/null +++ b/man/qmail-log.5 @@ -0,0 +1,448 @@ +.TH s/qmail: qmail-log 5 +.SH NAME +qmail-log \- s/qmail activity record +.SH DESCRIPTION +.B qmail-send +prints a series of lines describing its activities. +Each possible line is described below. +.SH "STATUS" +.TP +.B status: local \fIl\fR/\fIL\fR remote \fIr\fR/\fIR\fR ... +.B qmail-send +is waiting for +.I l +local deliveries +and +.I r +remote deliveries. +The concurrency limits are +.I L +and +.IR R . +.TP +.B status: exiting +.B qmail-send +is done. +.SH "FATAL PROBLEMS" +.TP +.B alert: cannot start: ... +.B qmail-send +is unable to prepare itself for delivering messages; +it is giving up. +This normally indicates a serious configuration error, +but it can be caused by a temporary lack of resources. +.TP +.B alert: oh no! lost ... +One of the other daemons has died. +.B qmail-send +will exit as soon as possible. +.SH "SERIOUS PROBLEMS" +.TP +.B alert: unable to append to bounce message... +.B qmail-send +is unable to record a permanent failure, +usually because the disk is full. +This is a very serious problem; +.B qmail-send +cannot proceed without recording the results. +It will try again in ten seconds. +.TP +.B alert: out of memory... +.B qmail-send +tried to allocate more memory and failed. +It will try again in ten seconds. +.TP +.B alert: unable to opendir... +.B qmail-send +is having trouble reading a file list from disk, +usually because the system's file descriptor table is full, +but possibly because permissions are set incorrectly. +It will try again in ten seconds. +.TP +.B alert: unable to switch back... +.B qmail-send +was sent SIGHUP, +and it is unable to reenter the queue directory. +This is a very serious problem; +.B qmail-send +cannot proceed outside the queue directory. +It will try again in ten seconds. +.TP +.B alert: unable to reread... +.B qmail-send +was sent SIGHUP, +but it is unable to read the new controls. +It will continue operating with the original controls. +.SH "MESSAGES" +.TP +.B new msg \fIm\fR +.B qmail-send +is going to preprocess a queued message. +The message number, +.IR m , +is its disk inode number. +After a message is removed from the queue, +its number can be reused immediately. +.TP +.B info msg \fIm\fR: bytes \fIb\fR from <\fIs\fR> qp \fIq\fR uid \fIu\fR +Message +.I m +contains +.I b +bytes; +its envelope sender is +.IR s ; +it was queued by a user with user ID +.IR u . +.I q +is a long-term queue identifier, +the process ID of the +.B qmail-queue +that queued the message. +.TP +.B bounce msg \fIm\fR qp \fIq\fR +Message +.I m +had some delivery failures. +The long-term queue identifier of the bounce (or double-bounce) message +is +.IR q . +.TP +.B double bounce: discarding ... +Message +.I m +was discarded due to an \'empty\' recipient in +. +.IR doublebounceto . +.TP +.B triple bounce: discarding ... +Message +.I m +had some delivery failures, +but it is already a double-bounce message, +so it must be thrown away. +Triple-bounce messages do not exist. +.TP +.B end msg \fIm\fR +.B qmail-send +is about to remove +message +.I m +from the queue. +.SH "DELIVERIES" +.TP +.B starting delivery \fId\fR: msg \fIm\fR to ... +.B qmail-send +is telling +.B qmail-lspawn +or +.B qmail-rspawn +to deliver message +.I m +to one recipient. +The delivery number, +.IR d , +starts at 1 and increases by 1 for each new delivery. +.TP +.B delivery \fId\fR: success: ... +Delivery +.I d +was successful. +.TP +.B delivery \fId\fR: failure: ... +Delivery +.I d +failed permanently. +The message will bounce. +.TP +.B delivery \fId\fR: deferral: ... +Delivery +.I d +failed temporarily. +This recipient will be retried later. +.TP +.B delivery \fId\fR: report mangled, will defer +There is a serious bug in +.B qmail-lspawn +or +.BR qmail-rspawn . +This recipient will be retried later. +.SH "WARNINGS" +.TP +.B internal error: delivery report out of range +.B qmail-lspawn +or +.B qmail-rspawn +has supplied a report on a nonexistent delivery. +This is a serious bug. +.TP +.B qmail-clean unable to clean up ... +For some reason +.B qmail-clean +is unable to remove the indicated file. +It will try again later. +.TP +.B trouble fsyncing ... +.B qmail-send +was unable to write to disk the results of preprocessing a queued message. +It will try again later. +.TP +.B trouble in select +There is an operating system bug. +.TP +.B trouble injecting bounce message... +.B qmail-send +was unable to queue a bounce message, +usually because the disk is full. +It will try again later. +.TP +.B trouble marking ... +.B qmail-send +was unable to record the result of a successful or permanently +unsuccessful delivery. +This means that the delivery will be tried again later. +.TP +.B trouble opening ... +.B qmail-send +was unable to open the list of local or remote recipients +for a message. +It will try again later. +.TP +.B trouble reading ... +Either +.B qmail-send +is unable to read a recipient list, +or it is unable to read the envelope of a queued +message, or it is out of memory. +Whatever it was doing, it will try again later. +.TP +.B trouble writing to ... +.B qmail-send +was unable to preprocess a queued message, +usually because the disk is full. +It will try again later. +.TP +.B unable to create ... +.B qmail-send +was unable to preprocess a queued message, +usually because the disk is out of inodes. +It will try again later. +.TP unable to create .... [info,delivery] +.B qmail-send +could not setup a valid file descriptor. +This is a fatal error. +.TP +.B unable to open ... +.B qmail-send +is unable to read the envelope of a queued message +for preprocessing. +It will try again later. +.TP +.B unable to start qmail-queue... +.B qmail-send +is unable to queue a bounce message, +usually because the machine is almost out of memory. +It will try again later. +This can also be caused by incorrect settings of +.B $QMAILQUEUE +or errors in a program or script which +.B $QMAILQUEUE ++points to. +.TP +.B unable to stat ... +.B qmail-send +is unable to obtain information about a file that should exist. +It will try again later. +.TP +.B unable to unlink ... +.B qmail-send +is unable to remove a file. +It will try again later. +.TP +.B unable to utime ... +.B qmail-send +is about to exit, +and it is unable to record on disk +the next scheduled delivery time for a message. +The message will be retried as soon as +.B qmail-send +is restarted. +.TP +.B unknown record type in ... +There is a serious bug in either +.B qmail-queue +or +.BR qmail-send . + +.SH "UNIFIED SMTPD/POP3D LOGGING" +.B qmail-smtpd +and +.B qmail-popup +log additional information in a unified extensible format +\fIAction::Type::Condition\fR \fIInformation\fR. + +.B Action +is either +.IR Reject , +.IR Accept , +or additionally +.IR Info . + +The +.B Type +belongs to the following information: +.TP +.I SNDR +the client's hostname, +.TP +.I SPF +indicating SPF validation, +.TP +.I TLS +labeling TLS connections, +.TP +.I AUTH +for Authenticated sessions. Further +.TP +.I ORIG +relates to the return path \fIF:\fR, and +.TP +.I RCTP +to the forwarding path \fIT:\fR, and finally +.TP +.I DATA +to the message. + +.TP 0 +The following \fBConditions\fR are provided: +.TP 4 +.I Bad_Helo +the client's HELO/EHLO greeting string was found in +.IR badhelo +or rejected because of one of the following conditions indicated +in the information section: '!' (HELO/EHLO not provided/empty) +, '\.'/'*' (HELO/EHLO rejected due to a direct/wildmat match with entries in +.IR badhelo ). +.TP +.I Bad_Loader +the content of a base64 encoded MIME part matched an +entry in +.IR badloadertypes.cdb . +.TP +.I Bad_MIME +a base64 encoded MIME part matched an entry n +.IR badmimetypes.cdb . +.TP +.I Bad_Mailfrom +the provided matched an entry in +.I badmailfrom +additionally with the rejection conditions: '@' (address), '*' +(wildmat), '-' (badmailfromunknown), and '+' (spoofing). +.TP +.I Bad_Rcptto +the provided matched an entry in +.IR badrcptto . +.TP +.I DNS_Helo +the client's HELO/EHLO greeting did not match it's +FQDN or no DNS A/MX RR was found as indicated with the +following symbols: '=' (HELO/EHLO does not match +.BR TCPREMOTEHOST ) +, 'A' (DNS A-Name lookup failed for HELO/EHLO) +, 'M' (DNS MX lookup failed for HELO/EHLO). +.TP +.I DNS_MF +no DNS MX RR was found for the . +.TP +.I Failed_Rcptto +the did not match entry in the provdided +cdbs as per +.IR recipients . +.TP +.I Invalid_Relay +the none-RELAYCLIENT provided a not +allowed as per +.I rcpthosts +or +.IR morercpthosts.cdb . +.TP +.I Invalid_Sender +the of a RELAYCLIENT did not match the +provided value of LOCALMFCHECK or did not match against +.I mailfromrules.cdb +or was not found in +.I rcpthosts +or +.IR morercpthosts.cdb . +.TP +.I Invalid_Size +the message size exceeded the maximum as provided by +DATEBYTES or +.IR databytes . +.TP +.I Toomany_Rcptto +the number of Recipients ('RCPT TO:') exaggerated the +value provided as MAXRECPIENTS. +.TP +.I Cipher +TLS session used this cipher. +.TP +.I Missing +depending on the context, either the required +Start-TLS or AUTH s/qmail: is not granted. +.TP +.I Pam +SMTP authentication was granted by pam. +.TP +.I Recipients_Rcptto +the matched an entry in the cdbs available per +.IR reccients . +.TP +.I Recipients_Verp +the Forwarding-Path was recogized as VERP and matched an entry +in the cdbs available per +.IR recipients . +.TP +.I Recipients_Domain +the Forwarding-Path matched a wildcard domain entry in the cdbs +available per +.IR recipients . +.TP +.I Rcpthosts_Rcptto +the domain part of the matched an entry in +.I rcpthosts +or +.IR morercpthosts.cdb . + +.TP 0 +The displayed \fBInformation\fR: + +.TP 4 +.I P:protocol +the effective SMTP or POP3 protocol in use. +.TP +.I S:IP:FQDN +the sender's IP and FQDN address available via +TCPREMOTEIP(6) and TCPREMOTEHOST. +.TP +.I H:string +the client's HELO/EHLO greeting string. +.TP +.I F:Return-Path +the provided 'MAIL FROM:' address (if any). +.TP +.I T:Forwarding-Path +the given 'RCPT TO:' address. +.TP +.I ?~ 'userid' +in case of authentication the provided userid. +.TP +.I != 'DN' +in case of a TLS session, the presented client's +\'Subject\' Distinguished Name (DN) - if available +(otherwise \'unknown\'). + +.SH "SEE ALSO" +qmail-send(8), +qmail-smtpd(8), +qmail-control(9) diff --git a/man/qmail-lspawn.8 b/man/qmail-lspawn.8 new file mode 100644 index 0000000..e97a93d --- /dev/null +++ b/man/qmail-lspawn.8 @@ -0,0 +1,46 @@ +.TH s/qmail: qmail-lspawn 8 +.SH NAME +qmail-lspawn \- schedule local deliveries +.SH SYNOPSIS +.B qmail-lspawn +.I defaultdelivery +.SH DESCRIPTION +.B qmail-lspawn +reads a series of local delivery commands from descriptor 0, +invokes +.B qmail-local +to perform the deliveries, +and prints the results to descriptor 1. +It passes +.I defaultdelivery +to +.B qmail-local +as the default delivery instruction. + +.B qmail-lspawn +invokes +.B qmail-local +asynchronously, +so the results may not be in the same order as the commands. + +For each recipient address, +.B qmail-lspawn +finds out which local user controls that address. +It first checks the +.B qmail-users +mechanism; if the address is not listed there, it invokes +.BR qmail-getpw . +.B qmail-lspawn +then runs +.B qmail-local +under the user's uid and gid. +It does not set up any supplementary groups. + +.B qmail-lspawn +treats an empty mailbox name as a trash address. +.SH "SEE ALSO" +envelopes(5), +qmail-users(5), +qmail-getpw(8), +qmail-send(8), +qmail-local(8) diff --git a/man/qmail-mfrules.9 b/man/qmail-mfrules.9 new file mode 100644 index 0000000..17d575f --- /dev/null +++ b/man/qmail-mfrules.9 @@ -0,0 +1,108 @@ +.TH s/qmail: qmail-mfrules 8 +.SH "NAME" +qmail-mfrules \- prepare mfrules for qmail-smtpd +.SH SYNOPSIS +.B qmail-mfrules + +.SH "DESCRIPTION" +.B qmail-mfrules +reads the addresses provided in +.BR SQMAIL/control/mailfromrules , +converts them into lowercase, and writes them into +.B SQMAIL/control/mailfromrules.cdb +in a binary format suited +for quick access by +.BR qmail-smtpd . + +If there is a problem with +.BR control/mailfromrules , +.B qmail-mfrules +complains and leaves +.B control/mailfromrules.cdb +alone. + +.B qmail-mfrules +ensures that +.B control/mailfromrules.cdb +is updated atomically, +so +.B qmail-smtpd +never has to wait for +.B qmail-mfrules +to finish. +However, +.B qmail-mfrules +makes no attempt to protect against two simultaneous updates of +.BR control/mailfromrules.cdb . + +The binary +.B control/mailfromrules.cdb +format is portable across machines. + +.SH "RULE FORMAT" +A rule is one line. A file containing rules may also contain comments: lines +beginning with # are ignored. All addresses are evaluated case-insensitive. + +Each rule contains an address, an ampersend sign '&', and a list of strings separated by +commas to be used for 'Mail From: Address Verification' (MAV). When +.BR qmail-smtpd (8) +receives a connection from that address, it checks whether the received +envelope sender address correspondes with a MAV string (from the right +to the left). +The MAV string for an address may be NULL in order to allow any envelope +sender address. NULLSENDER envelope addresses are not subject of the MAV. + +.SH "RULE BASE" +.BR qmail-smtpd (8) +looks for rules with various addresses in the following order: +.IP 1 +$TCPREMOTEINFO, if $TCPREMOTEINFO is set (e.g. by SMTP Authentication); +.IP 2. +$TCPREMOTEINFO@$TCPREMOTEIP, if $TCPREMOTEINFO is set; +.IP 3. +$TCPREMOTEINFO@=$TCPREMOTEHOST, if $TCPREMOTEINFO is set and $TCPREMOTEHOST is +set; +.IP 4. +the dotted decimal $TCPREMOTEIP address; +.IP 5. +the compactified $TCPREMOTEIP6 address; +.IP 6. +=$TCPREMOTEHOST, if $TCPREMOTEHOST is set; +.IP 7. +shorter and shorter prefixes of $TCPREMOTEIP ending with a dot; +.IP 8. +shorter and shorter values of $TCPREMOTEIP6 ending with a colon; +.IP 9. +shorter and shorter suffixes of $TCPREMOTEHOST starting with a dot, preceded +by =, if $TCPREMOTEHOST is set; and finally +.IP 10. +=, if $TCPREMOTEHOST is set. +.P +.B qmail-smtpd +employes the first matching rule for the MAV check. You should use the +.B -p +option to +.BR sslserver +if you rely on $TCPREMOTEHOST here. + +For example, here are some rules: + +.EX + jsmith@virtualdomain.com&john.smith@virtualdomain.com + joe@18.23.0.32&joe@example.com + 18.23&@example.com + =.heaven.mil&God@heaven.mil,st.peter@heaven.mil,-angles@heaven.mil + fe80:&user@myhost.local + 2001::feh:abc9:&me@fehnet.com +.EE + +.SH "IP-ADDRESSES" +.B qmail-mfrules +recognizes the dotted-decimal IPv4 and the compactified +IPv6 addresses tokenized by the 'dot' or the 'colon' character +and compares the respective parts from right to left. +However, the CIDR address format is not supported (yet). + + +.SH "SEE ALSO" +qmail-smtpd(8) diff --git a/man/qmail-mrtg.8 b/man/qmail-mrtg.8 new file mode 100644 index 0000000..5cbef21 --- /dev/null +++ b/man/qmail-mrtg.8 @@ -0,0 +1,141 @@ +.TH s/qmail: qmail-mrtg 8 + +.SH NAME +qmail-mrtg \- prepare s/qmail logs for MRTG analysis +.SH SYNOPSIS +.B qmail-mrtg [ -1 | -2 | -3 | -4 | -5 | -6 | -a | -b | -c | -d | -e | -f | -g | -h | -i | -j | k | -z | -A | -B ] [time] + +.SH DESCRIPTION +.B qmail-mrtg +reads the +.B multilog +tagged +.B s/qmail +logs with TAI64N timestamps on standard input +to produce a counter for specifc +.B s/qmail +events and display them on standard output +suitable for MRTG processing. + +.SH USAGE +.B qmail-mrtg +can be used to analyse +.BR qmail-send , +.BR qmail-smtpd , +and +.B qmail-pop3d +logs in order to feed the results into MRTG. + +Typically, +.B qmail-mrtg +is called by the +.B crontab +facility together with a configuration files telling +.B qmail-mrtg +what to analyse. + +.SH ARGUMENTS +.B qmail-mrtg +posses three different sets of commands. +Reading +.B qmail-send +logs: +.I -1 +Deliveries/TLS transmitted, +.I -2 +Message KBytes enqueued, +.I -3 +Local/Remote Concurrency, +.I -4 +Failure/Deferred Messages, +.I -5 +Bounces/Triple bounces, +.I -6 +qmtp/qmtps Messages. + +.B qmail-smtpd +logs: +.I -a +total sessions, +.I -b +accepted/rejected sessions, +.I -c +rejected sessions (MTA), +.I -d +rejected originator, +.I -e +rejected recipient, +.I -f +rejected data (Mime + Loader), +.I -g +rejected data (Virus + Spam), +.I -h +authenticated sessions, +.I -i +accepted/rejected TLS sessions, +.I -j +recognized/rejected SPF sessions. +.I -k +deferred SMTP sessions (greylisted). +Summaries are provided by +.I -z +total sessions, including +.B qmail-smtpd +and +.BR tcpserver / +.BR sslserver / +.BR rblsmtpd . + +.BR qmail-pop3d / +.B qmail-popup +logs: +.I -A +accepted/rejected POP3 user, +.I -B +.BR qmail-pop3d / +.BR tcpserver / +.B sslserver +connections. + +The intervals to evaluate the information given on STDIN +defaults to +.IR 305\ secs +and can be changed by the second argument for +.BR qmail-mrtg . + +.SH "CONFIGURATION FILES" +.B qmail-mrtg +depends on a configuration file for each service. +Sample configuration files are provided. + +.SH "CRON INVOCATION" +Since +.B qmail-mrtg +typically is invoked by the +.B cron +facility, additional information neeeds to be supplied: + +.EX + */5 * * * * env LANG=C mrtg /etc/qmail-mrtg.send.cfg &>/dev/null + */5 * * * * env LANG=C mrtg /etc/qmail-mrtg.smtpd.cfg &>/dev/null + */5 * * * * env LANG=C mrtg /etc/qmail-mrtg.pop3d.cfg &>/dev/null +.EE + +Note: The default interval of +.IR 305\ secs +allows a certain overlap for cron not to loose events at the very +edge. + +.SH "CREDITS" +.B MRTG +is a program created by Tobias Oetiker and Dave Rand +(http://oss.oetiker.ch/mrtg/). + +.SH "SEE ALSO" +mrtg(1), +crontab(5), +cron(8), +qmail-log(8), +qmail-send(8), +qmail-smtpd(8), +qmail-popup(8). diff --git a/man/qmail-newmrh.9 b/man/qmail-newmrh.9 new file mode 100644 index 0000000..941dc03 --- /dev/null +++ b/man/qmail-newmrh.9 @@ -0,0 +1,41 @@ +.TH s/qmail: qmail-newmrh 8 +.SH NAME +qmail-newmrh \- prepare morercpthosts for qmail-smtpd +.SH SYNOPSIS +.B qmail-newmrh +.SH DESCRIPTION +.B qmail-newmrh +reads the instructions in +.B SQMAIL/control/morercpthosts +and writes them into +.B SQMAIL/control/morercpthosts.cdb +in a binary format suited +for quick access by +.BR qmail-smtpd . + +If there is a problem with +.BR control/morercpthosts , +.B qmail-newmrh +complains and leaves +.B control/morercpthosts.cdb +alone. + +.B qmail-newmrh +ensures that +.B control/morercpthosts.cdb +is updated atomically, +so +.B qmail-smtpd +never has to wait for +.B qmail-newmrh +to finish. +However, +.B qmail-newmrh +makes no attempt to protect against two simultaneous updates of +.BR control/morercpthosts.cdb . + +The binary +.B control/morercpthosts.cdb +format is portable across machines. +.SH "SEE ALSO" +qmail-smtpd(8) diff --git a/man/qmail-newu.9 b/man/qmail-newu.9 new file mode 100644 index 0000000..a030794 --- /dev/null +++ b/man/qmail-newu.9 @@ -0,0 +1,43 @@ +.TH s/qmail: qmail-newu 8 +.SH NAME +qmail-newu \- prepare address assignments for qmail-lspawn +.SH SYNOPSIS +.B qmail-newu +.SH DESCRIPTION +.B qmail-newu +reads the assignments in +.B SQMAIL/users/assign +and writes them into +.B SQMAIL/users/assign.cdb +in a binary format suited +for quick access by +.BR qmail-lspawn . + +If there is a problem with +.BR users/assign , +.B qmail-newu +complains and leaves +.B users/assign.cdb +alone. + +.B qmail-newu +ensures that +.B users/assign.cdb +is updated atomically, +so +.B qmail-lspawn +never has to wait for +.B qmail-newu +to finish. +However, +.B qmail-newu +makes no attempt to protect against two simultaneous updates of +.BR users/assign.cdb . + +The binary +.B users/assign.cdb +format is portable across machines. +.SH "SEE ALSO" +qmail-users(5), +qmail-lspawn(8), +qmail-pw2u(8) diff --git a/man/qmail-pop3d.8 b/man/qmail-pop3d.8 new file mode 100644 index 0000000..14afa93 --- /dev/null +++ b/man/qmail-pop3d.8 @@ -0,0 +1,46 @@ +.TH s/qmail: qmail-pop3d 8 +.SH NAME +qmail-pop3d \- provide mail via POP3 +.SH SYNOPSIS +.B qmail-pop3d +.I maildirname +.SH DESCRIPTION +.B qmail-pop3d +lets a user read and delete his mail through the network. + +Mail is stored in a +.B maildir +called +.IR maildirname , +normally +.BR Maildir , +in the user's home directory. + +.B qmail-pop3d +is normally invoked +under +.BR qmail-popup , +which reads a username and password, +and +.BR qmail-authuser , +which checks the password and sets up environment variables. + +.B qmail-pop3d +has a 20-minute idle timeout. + +.B qmail-pop3d +supports TOP, USER, UIDL, STLS, and LAST. + +.B qmail-pop3d +appends an extra blank line to every message +to work around serious bugs in certain clients. + +.B qmail-pop3d +is based on a program contributed by Russ Nelson. + +.SH "SEE ALSO" +maildir(5), +qmail-authuser(8), +qmail-local(8), +qmail-popup(8), +qmail-log(8). diff --git a/man/qmail-popup.8 b/man/qmail-popup.8 new file mode 100644 index 0000000..bc4aeef --- /dev/null +++ b/man/qmail-popup.8 @@ -0,0 +1,131 @@ +.TH s/qmail: qmail-popup 8 +.SH NAME +qmail-popup \- read a POP username and password +.SH SYNOPSIS +.B qmail-popup +.I hostname +.I subprogram +.SH DESCRIPTION +.B qmail-popup +reads a POP username and password from the network. +It then runs +.IR subprogram . + +.B qmail-popup +expects descriptor 0 to read from the network +and descriptor 1 to write to the network. +It reads a username and password from descriptor 0 +in POP's USER-PASS style or APOP style. +File descriptor 5 is used to provide additional logging. +It invokes +.IR subprogram , +with the same descriptors 0 and 1; +descriptor 2 writing to the network; +and descriptor 3 reading the username, a 0 byte, the password, +another 0 byte, +an APOP timestamp derived from +.IR hostname , +and a final 0 byte. +.B qmail-popup +then waits for +.I subprogram +to finish. +It prints an error message if +.I subprogram +crashes or exits nonzero. + +.B qmail-popup +has a 20-minute idle timeout. + +.SH "AUTHENTICATION" +.B qmail-popup +supports both username/password and APOP authentication. +This latter is invoked, once the +environment variable +.I POP3AUTH='apop' +or +.I POP3AUTH='+apop' +is set. +In this case, you need to provide a +APOP-capable PAM, eg. +.BR qmail-authuser . + +.B qmail-popup +should be used only within a secure network. +Otherwise an eavesdropper can steal passwords. +Even if you use APOP, +an active attacker can still take over the connection +and wreak havoc. + +.SH "STLS/POP3S SUPPORT" +.B qmail-popup +can be adviced to work on a TLS encrypted connection. + +At first, using +.B sslserver +and binding +.BR qmail-popup , +.B qmail-pop3d +on (in particular) the POP3S port +.I 995 +provides mandatory TLS encryption. + +Second, in case you provide +the environment variable +.I UCSPITLS='' +together with +.BR sslserver , +.B qmail-popup +communicates with the +.B sslserver +program interface through a control socket, +a reading and a writing pipe created dynamically +during the session start after announcing +.I STLS +to the client, thus allowing TLS encryption on request. +In case +.IR UCSPITLS='!' +is set, STLS is required; while setting +.IR UCSPITLS='-' +disables STLS. + +.SH "LOGGING" +.B qmail-popup +provides logging of accepted and rejected POP3 sessions +using about the same format as +.BR qmail-smtpd . +The authentication mechanism is indicated via +.I User +in case the userid/password method was used, and +.I Apop +if APOP challenge/response was applicable. +The communication protocol may be either +.I POP3 +or +.I POP3S +for of a STLS/POP3S secured connection. +The +.I username +provided for authentication is displayed after the +sequence +.IR '?~' . +In case +.B qmail-popup +is setup requiring STLS by means of +.IR UCSPITLS='!' , +the log displays 'Any' as auth method +and 'unknown' as username. + + +The log is available on file descriptor 5. +In order to display the result use the redirection '5>&1'. + +.B qmail-popup +is based on a program contributed by Russ Nelson. + +.SH "SEE ALSO" +maildir(5), +qmail-authuser(8), +qmail-pop3d(8), +qmail-log(8). + diff --git a/man/qmail-postgrey.8 b/man/qmail-postgrey.8 new file mode 100644 index 0000000..b2532ce --- /dev/null +++ b/man/qmail-postgrey.8 @@ -0,0 +1,90 @@ +.TH s/qmail: qmail-postgrey 8 +.SH NAME +qmail-postgrey \- send SMTP connection data to greylisting server +.SH SYNOPSIS +.B qmail-postgrey ip%netid;port Mail From: Rcpt To: TCPREMOTEIP TCPREMOTEHOST +.SH DESCRIPTION +.B qmail-postgrey +is usually invoked by +.B qmail-smtpd +automatically provissioning the SMTP connection information +.IR Mail\ From: , +.IR Rcpt\ To: , +.IR TCPREMOTEIP +and +.I TCPREMOTEHOST +to a greylising server given by +.IR IPv4|IPv6%netid;port . +.I port +defaults to +.I 60000 +and thus can be omitted. +IPv6 LLU addresses can be specified +adding the +.I netid +name following the percentage sign. +.SH "GREYLISTING SERVER" +Since there is neither a formal API defined for the +greylisting lookup nor for the behavior and return +codes of the greylisting server, +.B qmail-postgrey +only works well with +.I David\ Schweikert's +.B postgrey +implementation. + +Here, the server's response upon recognizing the triple +.RI CLIENT_IP , +.I (SMTP\ envelope)\ SENDER +and +.I (SMTP\ envelope)\ RECIPIENT +is either +.IR action=DUNNO , +.I action=PREPEND +or +.I action=DEFER_IF_PERMIT +and in case of the last, +.B qmail-postgrey +returns with +.I 10 +telling +.B qmail-smtpd +to respond to the client with a SMTP +.I 450\ greylisted +reply code. Otherwise +.B qmail-postgrey +returns +.IR 0 . +.SH "INVOCATION" +Unlike for testing reasons, +.B qmail-postgrey +is called directly from +.B qmail-smtpd +in case the environment variable +.I POSTGREY +is defined and provissioned with the greylisting +server's IP address (and perhaps netid and port) +listening there. + +The environment variable +.I POSTGREY +is typically defined within +.B sslserver\'s +.IR cdb . +Additionally, +.I REPLY_GREYLISTED +can be used as environment variable +to provide some more descriptive +information to the sending MTA which will eventually +be visible in a bounce message. +.SH "CREDITS" +.B qmail-postgrey +and its integration into +.B qmail-smtpd +is based on +.I Jan\ Mojzis +implementation and used by permission. +.SH "SEE ALSO" +qmail-control(5), +qmail-smtpd(8), +https://postgrey.schweikert.ch diff --git a/man/qmail-pw2u.9 b/man/qmail-pw2u.9 new file mode 100644 index 0000000..269d1f4 --- /dev/null +++ b/man/qmail-pw2u.9 @@ -0,0 +1,241 @@ +.TH s/qmail: qmail-pw2u 8 +.SH NAME +qmail-pw2u \- build address assignments from a passwd file +.SH SYNOPSIS +.B qmail-pw2u +[ +.B \-/ohHuUC +] +[ +.B \-c\fIchar +] +.SH DESCRIPTION +.B qmail-pw2u +reads a V7-format passwd file from standard input +and prints a +.BR qmail-users -format +assignment file. + +A V7-format passwd file is a series of lines. +Each line has the format + +.EX + user:password:uid:gid:gecos:home:shell +.EE + +where +.I user +is an account name, +.I uid +and +.I gid +are the user id and group id of that account, +and +.I home +is the account's home directory. +.IR password , +.IR gecos , +and +.I shell +are ignored by +.BR qmail-pw2u . + +If you put the output of +.B qmail-pw2u +into +.BR SQMAIL/users/assign , +and then run +.BR qmail-newu , +.B qmail-lspawn +will obey the assignments printed by +.BR qmail-pw2u . +.B WARNING: +After changing any users, uids, gids, or home directories +in your passwd file, +you must run +.B qmail-pw2u +and +.B qmail-newu +again if you want +.B qmail-lspawn +to see the changes. +.SH RULES +By default, +.B qmail-pw2u +follows the same rules as +.BR qmail-getpw . +It skips +.I user +if (1) +.I uid +is zero, +(2) +.I home +does not exist, +(3) +.I user +does not own +.IR home , +or +(4) +.I user +contains uppercase letters. +It then gives each remaining +.I user +control over the basic +.I user +address and +all addresses of the form +.IR user\fBBREAK\fIanything . +A catch-all user, +.BR alias , +controls all other addresses. + +You may change these rules by setting up files in +.BR SQMAIL/users : +.TP +.B include +Allowed users, one per line. +If +.B include +exists, and +.I user +is not listed in +.BR include , +.I user +is ignored. +.TP +.B exclude +Ignored users, one per line. +If +.B exclude +exists, and +.I user +is listed in +.BR exclude , +.I user +is ignored. +.TP +.B mailnames +Replacement names for users. +Each line has the form + +.EX + user:mailname1:mailname2:... +.EE + +The addresses +.I mailname1 +and +.I mailname1\fBBREAK\fIext +and +.I mailname2 +and so on will be delivered +to +.IR user . + +.B WARNING: +The addresses +.I user +and +.I user\fBBREAK\fIext +will not be delivered to +.I user +unless +.I user +is listed as one of the +.IR mailname s. + +A line in +.B mailnames +is silently ignored if the user does not exist. +.TP +.B subusers +Extra addresses. +Each line has the form + +.EX + sub:user:pre: +.EE + +.I sub +will be handled by +.IR home\fB/.qmail\-\fIpre , +where +.I home +is +.IR user 's +home directory; +.I sub\fBBREAK\fIext +will be handled by +.IR home\fB/.qmail\-\fIpre\fB\-\fIext . +.TP +.B append +Extra assignments, +printed at the end of +.BR qmail-pw2u 's +output. +.SH OPTIONS +.TP +.B \-o +(Default.) +Skip +.I user +if +.I home +does not exist (or is not visible to +.BR qmail-pw2u ). +Skip +.I user +if +.I home +is not owned by +.IR user . +.TP +.B \-h +Stop if +.I home +does not exist. +This is appropriate if every user is supposed to have a home directory. +Skip +.I user +if +.I home +is not owned by +.IR user . +.TP +.B \-H +Do not check the existence or ownership of +.IR home . +.TP +.B \-U +(Default.) +Skip +.I user +if there are any uppercase letters in +.IR user . +.TP +.B \-u +Allow uppercase letters in +.IR user . +.TP +.B \-c\fIchar +Use +.I char +as the user-extension delimiter +in place of +.BR BREAK . +.TP +.B \-C +Disable the user-extension mechanism. +.TP +.B \-/ +Use +.IR home\fB/.qmail\-/ ... +instead of +.IR home\fB/.qmail\- ... +.SH "SEE ALSO" +qmail-users(5), +qmail-lspawn(8), +qmail-newu(8), +qmail-getpw(8) diff --git a/man/qmail-qmaint.8 b/man/qmail-qmaint.8 new file mode 100644 index 0000000..54342b4 --- /dev/null +++ b/man/qmail-qmaint.8 @@ -0,0 +1,65 @@ +.TH s/qmail: qmail-qmaint 8 +.SH NAME +qmail-qmaint \- queue maintenance +.SH SYNOPSIS +.B qmail-qmaint +[ +.I -i +] +| +[ +.I -d messid +] +.SH DESCRIPTION +.B qmail-qmaint +inspects +.B s/qmail's +queue and validates its consistancy. +In +.I -i +interactive mode, individual fixes +can be commanded. +Queue maintanence also allows to remove +particular messages from the queue referencing their +.I messid +as given by +.B qmail-qread +(without the leading pound sign '#') by means of +.IR -d\ messid . +Here, only pre-processed and bounce messages are taken +into consideration. + +.B qmail-qmaint +must be run either as root or with user id +.I qmails +and group id +.IR sqmail . +.SH "WARNING" +It is strongly advised to use +.B qmail-qmaint +only in case +.B qmail-send +was shut down before. Queue inspection on a `sane` queue +is however none-destructive. +.SH "EXIT CODES" +.B qmail-qmaint +unlike +.B qmail-queue +prints diagnostics messages. +It exits +0 if +it has successfully inspected the queue +or the message has been deleted. +It may exit +99 in case of a warning, or +100 if an operation can not be completed, or +110 if a directory can not be accessed. +.SH "SEE ALSO" +qmail-qstat(8), +qmail-qread(8), +qmail-send(8), +qmail-queue(9) +.SH "CREDITS" +.B qmail-qmaint +is based on the program 'queue-fix' +written be Eric Huss. diff --git a/man/qmail-qmqpc.8 b/man/qmail-qmqpc.8 new file mode 100644 index 0000000..5a04e38 --- /dev/null +++ b/man/qmail-qmqpc.8 @@ -0,0 +1,37 @@ +.TH s/qmail: qmail-qmqpc 8 +.SH NAME +qmail-qmqpc \- queue a mail message via QMQP +.SH SYNOPSIS +.B qmail-qmqpc +.SH DESCRIPTION +.B qmail-qmqpc +offers the same interface as +.BR qmail-queue , +but it gives the message to a QMQP server +instead of storing it locally. + +In a +.B mini-qmail +installation, +.B qmail-queue +is replaced with a symbolic link to +.BR qmail-qmqpc . +.SH "CONTROL FILES" +.TP 5 +.I qmqpservers +IP addresses of QMQP servers, one address per line and eventually +include the name of the interface to bind to for IPv6 LLUs: + +.EX + 192.168.1.1 + 2001:fefe::31 + fe80::fefe:1%eth0 +.EE + +.B qmail-qmqpc +will try each address in turn until it establishes a QMQP connection +or runs out of addresses. +.SH "SEE ALSO" +qmail-control(5), +qmail-queue(8), +qmail-qmqpd(8) diff --git a/man/qmail-qmqpd.8 b/man/qmail-qmqpd.8 new file mode 100644 index 0000000..1913a7e --- /dev/null +++ b/man/qmail-qmqpd.8 @@ -0,0 +1,25 @@ +.TH s/qmail: qmail-qmqpd 8 +.SH NAME +qmail-qmqpd \- receive mail via QMQP +.SH SYNOPSIS +.B qmail-qmqpd +.SH DESCRIPTION +.B qmail-qmqpd +receives mail messages via the Quick Mail Queueing Protocol (QMQP) +and invokes +.B qmail-queue +to deposit them into the outgoing queue. +.B qmail-qmqpd +must be supplied several environment variables; +see +.BR tcp-environ(5) . + +.B qmail-qmqpd +will relay messages to any destination. +It should be invoked only for connections from preauthorized users. +.SH "SEE ALSO" +tcpserver(1), +sslserver(1), +tcp-environ(5), +qmail-qmqpc(8), +qmail-queue(8) diff --git a/man/qmail-qmtpd.8 b/man/qmail-qmtpd.8 new file mode 100644 index 0000000..545ea8c --- /dev/null +++ b/man/qmail-qmtpd.8 @@ -0,0 +1,36 @@ +.TH s/qmail: qmail-qmtpd 8 +.SH NAME +qmail-qmtpd \- receive mail via QMTP/QMTPS +.SH SYNOPSIS +.B qmail-qmtpd +.SH DESCRIPTION +.B qmail-qmtpd +receives mail messages via the Quick Mail Transfer Protocol (QMTP) +or the TLS secured QMTP (QMTPS) version +and invokes +.B qmail-queue +to deposit them into the outgoing queue. +.B qmail-qmtpd +must be supplied several environment variables; +see +.BR tcp-environ(5) . +In case a valid X.509 client certificate is recognized, +QMTPS enables +.I relaying +of mail messages. + +.B qmail-qmtpd +supports the +.IR rcpthosts , +.IR morercpthosts , +.BR RELAYCLIENT , +.IR databytes , +and +.B DATABYTES +mechanisms described in +.BR qmail-smtpd(8) . +.SH "SEE ALSO" +tcp-environ(5), +qmail-control(5), +qmail-queue(8), +qmail-smtpd(8) diff --git a/man/qmail-qread.8 b/man/qmail-qread.8 new file mode 100644 index 0000000..5774f6b --- /dev/null +++ b/man/qmail-qread.8 @@ -0,0 +1,25 @@ +.TH s/qmail: qmail-qread 8 +.SH NAME +qmail-qread \- list outgoing messages and recipients +.SH SYNOPSIS +.B qmail-qread +.SH DESCRIPTION +.B qmail-qread +scans the outgoing queue of messages. +For each message it prints various human-readable information, +including the date the message entered the queue, +the number of bytes in the message, +the message sender, +and all the recipients still under consideration. + +.B qmail-qread +must be run either as +.B root +or with user id +.B qmails +and group id +.BR sqmail . +.SH "SEE ALSO" +qmail-qstat(8), +qmail-qmaint(8), +qmail-send(8) diff --git a/man/qmail-qstat.8 b/man/qmail-qstat.8 new file mode 100644 index 0000000..e21068a --- /dev/null +++ b/man/qmail-qstat.8 @@ -0,0 +1,18 @@ +.TH s/qmail: qmail-qstat 8 +.SH NAME +qmail-qstat \- summarize status of mail queue +.SH SYNOPSIS +.B qmail-qstat +.SH DESCRIPTION +.B qmail-qstat +gives a human-readable breakdown +of the number of messages at various spots in the mail queue. + +.B qmail-qstat +must be run either as +.B root +or with group id +.BR sqmail . +.SH "SEE ALSO" +qmail-qread(8), +qmail-send(8) diff --git a/man/qmail-queue.8 b/man/qmail-queue.8 new file mode 100644 index 0000000..b025c95 --- /dev/null +++ b/man/qmail-queue.8 @@ -0,0 +1,199 @@ +.TH s/qmail: qmail-queue 8 +.SH NAME +qmail-queue \- queue a mail message for delivery +.SH SYNOPSIS +.B qmail-queue +.SH DESCRIPTION +.B qmail-queue +reads a mail message from descriptor 0. +It then reads envelope information from descriptor 1. +It places the message into the outgoing queue +for future delivery by +.BR qmail-send . + +The envelope information is +an envelope sender address +followed by a list of envelope recipient addresses. +The sender address is preceded by the letter F +and terminated by a 0 byte. +Each recipient address is preceded by the letter T +and terminated by a 0 byte. +The list of recipient addresses is terminated by an extra 0 byte. +If +.B qmail-queue +sees end-of-file before the extra 0 byte, +it aborts without placing the message into the queue. + +Every envelope recipient address +should contain a username, +an @ sign, +and a fully qualified domain name. + +.B qmail-queue +always adds a +.B Received +line to the top of the message. +Other than this, +.B qmail-queue +does not inspect the message +and does not enforce any restrictions on its contents. +However, the recipients probably expect to see a proper header, +as described in +.BR qmail-header(5) . + +Programs included with qmail which invoke +.B qmail-queue +will invoke the contents of +.B QMAILQUEUE +instead, if that environment variable is set. +.SH "FILESYSTEM RESTRICTIONS" +.B qmail-queue +imposes two constraints on the queue structure: +each +.B mess +subdirectory must be in the same filesystem as the +.B pid +directory; and each +.B todo +subdirectory must be in the same filesystem as the +.B intd +directory. +.SH "EXIT CODES" +.B qmail-queue +does not print diagnostics. +It exits +0 if +it has successfully queued the message. +It exits between 1 and 99 if +it has failed to queue the message. + +All +.B qmail-queue +error codes between 11 and 40 +indicate permanent errors: +.TP 5 +.B 11 +Address too long. +.TP +.B 31 +Mail server permanently refuses to send the message to any recipients. +(Not used by +.BR qmail-queue), +.TP +.B 32 +Mail server does not accept the message. +(The message includes an identified virus.) +.TP +.B 33 +Mail server does not accept the message. +(The message is identified as spam.) +.TP +.B 34 +Mail server does not accept the message. +(The message carries an invalid MIME attachment.) +.PP +All other +.B qmail-queue +error codes indicate temporary errors: +.TP 5 +.B 51 +Out of memory. +.TP +.B 52 +Timeout. +.TP +.B 53 +Write error; e.g., disk full. +.TP +.B 54 +Unable to read the message or envelope. +.TP +.B 55 +Unable to read a configuration file. +The virus scanner called via the +.BR QHPSI +returned with return code other then +0 or QHPSIRC. +.TP +.B 56 +Problem making a network connection from this host. +(Not used by +.BR qmail-queue .) +.TP +.B 61 +Problem with the qmail home directory. +.TP +.B 62 +Problem with the queue directory. +.TP +.B 63 +Problem with queue/pid. +.TP +.B 64 +Problem with queue/mess. +.TP +.B 65 +Problem with queue/intd. +.TP +.B 66 +Problem with queue/todo. +.TP +.B 71 +Mail server temporarily refuses to send the message to any recipients. +(Not used by +.BR qmail-queue .) +.TP +.B 72 +Connection to mail server timed out. +(Not used by +.BR qmail-queue .) +.TP +.B 73 +Connection to mail server rejected. +(Not used by +.BR qmail-queue .) +.TP +.B 74 +Connection to mail server succeeded, +but communication failed. +(Not used by +.BR qmail-queue .) +.TP +.B 81 +Internal bug; e.g., segmentation fault. +.TP +.B 91 +Envelope format error. +.SH "QHPSI ARGUMENTS" +The Qmail High Performance Scanner interface QHPSI allows +.B qmail-queue +to read up to seven arguments taken from the environment to be used +as a call-interface for an external virus scanner: +.TP 5 +.B QHPSI +is set to the file name of the virus scanner, ie. QHPSI='/usr/local/bin/clamscan'. +The path can be omitted, if the virus scanner is in the default path. +.TP +.B QHPSIARG1...3 +Optional additional arguments can be included here, ie. QHPSIARG1="--verbose". +Useful to suppress output in case an email is +clean and to enable mailbox support for the virus scanner. +.TP +.B QHPSIRC +To specify the return code of the virus scanner in case of an infection; default is 1. +.TP +.B QHPSIMINSIZE +The minimal size of the message to invoke the virus scanner; default is 0. +A typical choice would be QHPSIMINSIZE=10000 (~10k). +.TP +.B QHPSIMAXSIZE +The maximal size of the message to invoke the virus scanner; default is unrestricted. +A typical choice would be QHPSIMAXSIZE=1000000 (~1M). +.SH "SEE ALSO" +addresses(5), +envelopes(5), +qmail-header(5), +qmail-inject(8), +qmail-qmqpc(8), +qmail-send(8), +qmail-smtpd(8) diff --git a/man/qmail-recipients.9 b/man/qmail-recipients.9 new file mode 100644 index 0000000..04974fe --- /dev/null +++ b/man/qmail-recipients.9 @@ -0,0 +1,48 @@ +.TH s/qmail: qmail-recipients 8 +.SH NAME +qmail-recipients \- prepare recipients for qmail-smtpd +.SH SYNOPSIS +.B qmail-recipients +.SH DESCRIPTION +.B qmail-recipients +reads the addresses provided in +.BR SQMAIL/users/recipients , +converting into lowercase, and writes them into +.B SQMAIL/users/recipients.cdb +in a binary format suited +for quick access by +.BR qmail-smtpd . + +If there is a problem with +.BR users/recipients , +.B qmail-recipients +complains and leaves +.B users/recipients.cdb +alone. + +.B qmail-recipients +ensures that +.B users/recipients.cdb +is updated atomically, +so +.B qmail-smtpd +never has to wait for +.B qmail-recipients +to finish. +However, +.B qmail-recipients +makes no attempt to protect against two simultaneous updates of +.BR users/recipients.cdb . + +The binary +.B users/recipients.cdb +is compatible with +.B setforward +generated \'fastforward\' cdbs and it's +format is portable across machines. + +.SH "SEE ALSO" +qmail-smtpd(8), +qmail-vmailusr(8), +setforward(8), +fastforward(8). diff --git a/man/qmail-remote.8 b/man/qmail-remote.8 new file mode 100644 index 0000000..8f94e8a --- /dev/null +++ b/man/qmail-remote.8 @@ -0,0 +1,795 @@ +.TH s/qmail: qmail-remote 8 +.SH NAME +qmail-remote \- send mail via SMTP(S) or QMTP(S) +.SH SYNOPSIS +.B qmail-remote +.I host +.I sender +.I recip +[ +.I recip ... +] +.SH DESCRIPTION +.B qmail-remote +reads a mail message from its input +and sends the message +to one or more recipients +at a remote host. + +The remote host is +.BR qmail-remote 's +first argument, +.IR host . +.B qmail-remote +sends the message to +.IR host , +or to a mail exchanger for +.I host +listed in the Domain Name System, +via the Simple Mail Transfer Protocol (SMTP/ESMTP) +perhaps encrypted via STARTTLS/TLS +or the Quick Mail Transfer Protocol (QMTP/QMTPS). +Prior of setting up a TLS connection, +.B qmail-remote +will lookup automatically the corresponding TLSA +record in the DNS and uses this for X.509 certificate +validation. +.I host +can be either a fully-qualified domain name: + +.EX + silverton.berkeley.edu +.EE + +or an IPv4 or IPv6 address enclosed in brackets: + +.EX + [128.32.183.163] + [2001::163] +.EE + +In case the primary mail exchanger for that Domain +will issue a 5xy reply message during the connection, +.B qmail-remote +will contact all responsible mail exchangers in turn +in order to deliver the message anyway. + +The envelope recipient addresses are listed as +.I recip +arguments to +.BR qmail-remote . +The envelope sender address is listed as +.I sender\fP. + +In case the remote host issues the EHLO SIZE extension, +.I qmail-remote +will handover the size of the message (in byte) +prior of transmission and respects the remote host's reply code. + +Note that +.B qmail-remote +does not take options +and does not follow the +.B getopt +standard. +.SH "TRANSPARENCY" +End-of-file in SMTP is encoded as dot CR LF. +A dot at the beginning of a line is encoded as dot dot. +It is impossible in SMTP to send a message that does not end with a newline. +.B qmail-remote +respects SMTPUTF8 and EAI addresses +and converts the UNIX newline convention into the +SMTP newline convention by inserting CR before each LF. + +.SH "RESULTS" +.B qmail-remote +prints some number of +.I recipient reports\fP, +followed by a +.I message report\fR. +Each report is terminated by a 0 byte. +Each report begins with a single letter: +.TP 5 +r +Recipient report: acceptance. +.TP 5 +h +Recipient report: permanent rejection. +.TP 5 +s +Recipient report: temporary rejection. +.TP 5 +K +Message report: success. +.I host +has taken responsibility for delivering the message to each +acceptable recipient. +.TP 5 +Z +Message report: greylisted or temporary failure. +.TP 5 +D +Message report: permanent failure. +.PP +After this letter comes a human-readable description of +what happened. + +.B qmail-remote +may use SMTP Authenticaton to connect to remote hosts. +The following reports are provided: +.TP 5 +K +no supported AUTH s/qmail: method found, continuing without authentication. +.TP 5 +Z +Connected to +.I host +but authentication was rejected (AUTH s/qmail: PLAIN). +.TP 5 +Z +Connected to +.I host +but unable to base64encode (plain). +.TP 5 +Z +Connected to +.I host +but authentication was rejected (plain). +.TP 5 +Z +Connected to +.I host +but authentication was rejected (AUTH s/qmail: LOGIN). +.TP 5 +Z +Connected to +.I host +but unable to base64encode user. +.TP 5 +Z +Connected to +.I host +but authentication was rejected (username). +.TP 5 +Z +Connected to +.I host +but unable to base64encode pass. +.TP 5 +Z +Connected to +.I host +but authentication was rejected (AUTH s/qmail: CRAM-MD5). +.TP 5 +Z +Connected to +.I host +but unable to base64decode challenge. +.TP 5 +Z +Connected to +.I host +but unable to base64encode username+digest. +.TP 5 +Z +Connected to +.I host +but authentication was rejected (username+digest). +.PP +The recipient reports will always be printed in the same order as +.BR qmail-remote 's +.I recip +arguments. +Note that in failure cases there may be fewer +recipient reports +than +.I recip +arguments. +.PP +In case a CNAME can not be resovled +.B qmail-remote +issues the following message: +.TP 5 +Z +CNAME lookup failed temporarily for: +.IR host . +.PP +If a SMTP connection is bound to a none-existing IP address +.B qmail-remote +will complain with the message: +.TP 5 +Z +System resources temporarily unavailable. +.TP 5 +Z +System can't bind to local ip address: +.IR ip . +.PP +In case a QMTP connection can not be established +.B qmail-remote +will issue the error message: +.TP 5 +Z +recipient +.I host +did not talk proper QMTP. +.PP +On demand +.B qmail-remote +supports TLS/STARTTLS and will log the following notifications: +.TP 5 +K +TLS transmitted message accepted +.TP 5 +K +TLS (verfied CA) transmitted message accepted +.TP 5 +K +TLS (verified CA+DN*) transmitted message accepted +.TP 5 +K +TLS (verified CA+DN) transmitted message accepted +.TP 5 +K +TLS (CERT pinning) transmitted message accepted +.TP 5 +K +TLS (TLSA validated) transmitted message accepted +.PP +.B qmail-remote +needs to read some X.509 certificates and key files +prior of setting up a TLS connection. Failures are indicated as: +.TP 5 +Z +Can't load X.509 certificate: +.IR certfile . +.TP 5 +Z +Can't load X.509 private key: +.IR keyfile . +.TP 5 +Z +Keyfile does not match X.509 certificate: +.IR password . +.TP 5 +Z +I wasn't able to process the TLS ciphers: +.IR ciphers . +.TP 5 +Z +I wasn't able to setup CAFILE: +.I cafile +or CADIR: +.I cadir +for TLS. +.PP +Connection problems for TLS are not uncommon. +Here, +.I host +is the domain or host to connect with and +.I remotehost +is the corresponding MX. +.B +qmail-remote +provides the following diagnostic messages: +.TP 5 +Z +I wasn't able to create TLS context for: +.I host +at +.IR remotehost . +.TP 5 +Z +I wasn't able to establish a TLS connection with: +.I remotehost +for +.IR host . +.TP 5 +Z +TLS connection/protocol error with host: +.I remotehost +for +.IR host . +.TP 5 +Z +I wasn't able to negotiate a StartTLS connection with: +.I remotehost +for +.IR host . +.PP +For each MX to reach via TLS, +.B qmail-remote +performs an automatic TLSA lookup comparing the received +X.509 fingerprints with the issued cert during the TLS handshake. +X.509 certificate checks can also been performed. Failures here +are given as: +.TP 5 +Z +Unable to obtain X.500 certificate from: +.I remotehost +for +.IR host . +.TP 5 +Z +Unable to validate X.500 certificate Subject for: +.I host +at +.IR remotehost . +.TP 5 +Z +TLSA X.509 cert required but missing from: +.I remotehost +for +.IR host . +.TP 5 +Z +Received X.500 certificate from: +.I remotehost +for +.I host +does not match provided fingerprint: +.IR hashvalue . +.TP 5 +Z +Received X.500 certificate from: +.I remotehost +for +.I host +posses an unknown digest method. +.PP +.SH "CONTROL FILES" +.TP 5 +.I authsenders +Authenticated sender. +For each +.I sender +included in +.IR authsenders : +.I sender\fB:\fIrelay\fB;\fI[s]port\fB|\fIuser\fB|\fIpassword +.B qmail-remote +will try SMTP Authentication +of type CRAM-MD5, LOGIN, or PLAIN +with the provided user name +.I user +and password +.I password +(the authentication information) +and eventually relay the +mail through +.I relay +on port +.IR port . +If +.I port +is given als or prepended with +.I s +like +.I s587 +\'implicit TLS\' is used omitting StartTLS upon connection. +The use of +.I relay +and +.I port +follows the same rules as for +.IR smtproutes +Note: In case +.I sender +is empty, +.B qmail-remote +will try to deliver each outgoing mail +SMTP authenticated. If the authentication +information is missing, the mail is +delivered none-authenticated. +.I authsenders +can be constructed as follows: + +.EX + @example.com:relay.example.com|user|passwd + info@example.com:relay.example.com;26|infouser|infopasswd + :mailrelay.example.com|e=mc2|testpass +.EE +.TP 5 +.I domaincerts +In case +.B qmail-remote +needs to present a client certificate to the server +(for authentication purposes) the PEM encoded +X.509 certificate can be provided per sending domain: +.IR domain\fB:\fIcertificate\fB|\fIkeyfile\fB|\fIpassword . +If +.I domain +equals '*' this +.I certificate +is used as default. +The file +.I certificate +may include the private key, thus +.I keyfile +can be omitted. Additionally, the private key can be protected with a +.IR password . + +.TP 5 +.I domainips +IP addresses to be used for outgoing connections. +Each line has the form +.IR domain\fB:\fIlocalip(%ifname)\fB|\fIhelohost , +without any extra spaces. +If +.I domain +matches the domain part in +.IR sender , +.B qmail-remote +will bind to +.IR localip +when connecting to +.IR host . +LLU IPv6 addresses need to be appended with the binding +.IR ifname +following +.IR localip +with a '%'. +If it matches, it will set the provided HELO string as greeting; +otherwise, it will use the default. +.I domain +can be the wildcard +.I * +in which case +.B qmail-remote +binds to the provided address for any sender domain name. +.TP 5 +.I helohost +Current host name, +for use solely in saying ehlo/hello to the remote SMTP server. +Default: +.IR me , +if that is supplied; +otherwise +.B qmail-remote +refuses to run. +.TP 5 +.I qmtproutes +Additional QMTP routes which have precedence over +.IR smtproutes . +QMTP routes should obey the form +.IR domain\fB:\fIrelay\fB;\fIport , +without any extra spaces. +.I qmtproutes +follows the same syntax as +.IR smtproutes . +By default, +.B qmail-remote +connects to QMTP service port 209. However +you can chose a dedicated high-port for QMTP communication +as defined in +.IR qmtproutes . +In case the QMTP port is chosen to be +.I 6209 +the TLS secured QMTPS protocol will be used, +irrespectively of the settings in +.IR tlsdestinations . +.TP 5 +.I smtproutes +Artificial SMTP routes. +Each route has the well-known form +.I domain\fB:\fIrelay +or the enhanced syntax +.I domain\fB:\fIrelay;\fI[s]port\fB|\fIuser\fB|\fIpassword|localip +without any extra spaces. +If +.I domain +matches +.IR host , +.B qmail-remote +will connect to +.IR relay , +as if +.I host +had +.I relay +as its only MX. +(It will also avoid doing any CNAME lookups on +.IR recip .) +.I host +may include a semi-colon and a port number to use instead of the +normal SMTP port, 25. +If +.I port +is given as or prepended with +.I s +\'implicit TLS\' is assumed. +In case, a userid and password is +present, +.B qmail-remote +will try a SMTP authenticated session: + +.EX + inside.af.mil:firewall.af.mil;26 + :submission.myrelay.com;s587|myuserid|mypasswd +.EE + +However, +.I authsenders +routes have precedence. + +.I relay +may be empty; +this tells +.B qmail-remote +to look up MX records as usual. +.I smtproutes +may include wildcards: + +.EX + .af.mil: + :heaven.af.mil +.EE + +Here +any address ending with +.B .af.mil +(but not +.B af.mil +itself) +is routed by its MX records; +any other address is artificially routed to +.BR heaven.af.mil . + +The outgoing IP address used by +.B qmail-remote +can be specified: + +.EX + :bouncehost.org||10.1.1.0 + :partnermx.net;42||2001::fefe +.EE + +Note: +.I localip +can be private IP address subject of NAT'ing. + +Additionally, +.I smtproutes +allows to forward bounces (with a 'Nullsender' MAIL FROM: <>) +literally expressed as '!@' +to a particular bounce host: + +.EX + !@:bouncehost.af.mil;27 +.EE + +The +.B qmail +system does not protect you if you create an artificial +mail loop between machines. +However, +you are always safe using +.I smtproutes +if you do not accept mail from the network. +.TP 5 +.I timeoutconnect +Number of seconds +.B qmail-remote +will wait for the remote SMTP server to accept a connection. +Default: 60. +The kernel normally imposes a 75-second upper limit. +.TP 5 +.I timeoutremote +Number of seconds +.B qmail-remote +will wait for each response from the remote SMTP server. +Default: 1200. +.TP 5 +.I tlsdestinations +If present, this file advices +.B qmail-remote +to use TLS (optionally or mandatory) encryption for specific destination domains +as provided by the forward-path and to validate/verify +the server certificate perhaps for a particular sender's domain: +.I destination:cafile|ciphers|verifydepth;[s]port|domain +or +.IR destination:=fingerprint|ciphers|verifydepth;[s]port|domain . +Unless explicitely configured, +.B qmail-remote +accepts any or no certificate provided by the server (opportunistic encryption) +using the following (single character) rules: + +.EX + (0) *: # Enable TLS but fallback to NOTLS (default); + server authentication is optional, given further settings +.EE + +Special settings: + +.EX + (1) ?: # fallthru to no TLS in case of TLS protocol errors (exceptional) + (2) -: # allow anonymous connections + (3) /: # disable TLSA lookup and verification +.EE + +Double character rules instruct +.B qmail-remote +to require a STARTTLS or SMTPS connection (mandatory TLS): + +.EX + (4) -*: # at least anonymous connections + (5) +*: # require and validate X.509 certs + (6) ~*: # cert + validate SAN/DN, however accept wildcard certs and partial matching + (7) =*: # cert + validate SAN/DN against FQDN + (8) /*: # don't do TSLA lookup and X.509 matching +.EE + +Additionally, +.B qmail-remote +can be told to use per-domain connection settings: + +.EX + (9) example.com: + (10) securityfirst.com:/etc/ssl/cafile|!SSLv2:HIGH + (11) remote.com:/etc/ssl/certdir/||3;465 + (12) mx.partner.com:/etc/ssl/partnerca||2|mydomain.net + (13) =mx.myfriend.com:/etc/ssl/cacert||4 + (14) ~wildneighbor.net: + (15) -adhonlydomain.com:||aNULL:!kRSA + (16) %peer.partner.com:=E44194C56EF..... + (17) !nosslhost.example.com: + (18) hiddenpartner.org:;35 + (19) ?tlsold.net: + (20) /nodane.org: +.EE + +The ninth line requires from +.B qmail-remote +to demand a STARTTLS connection for any destination +address targeting domain +.IR example.com . + +The tenth line accepts STARTTLS connections +for +.I securityfirst.com +only, if the X.509 certificate can be verified against +the CA cert as provided via +.I /etc/ssl/cafile +and with the acceptable ciphers +.IR SSLv2:HIGH . + +Line number eleven tells +.B qmail-remote +to use a +.I SMTPS +connection on port +.I 465 +to any host at +.I remote.com +and accept this host only, if the peer's cert +can be validated against the CA certs available +in +.I /etc/ssl/certdir/ +and does not exceed a verification depth of +.IR 3 . + +Line twelve shows an example, how +.I tlsdestinations +can be bound exclusively to a sender domain. In the shown case, +only if +.I mx.mydomain.net +is used as sender domain, +a connection for the destination address +.I mx.partner.com +is mandatory secured by TLS with a CA cert available as +.I /etc/ssl/partnerca +with a verification depth of +.IR 2 . + +Furthermore, the sample on line thirteen demonstrates the case where +.B qmail-remote +sees a destination address concatinated with +.IR = . +Now it will only accept the certificate, +if the X.509's DN can be validated +against the FQDN of the server (by means of a DNS lookup) +and it verifies against the +.IR cacert +CA certificate and does not exceed a verification depth of +.IR 1 . + +In case a certain +.I destination +may use 'wildcard' domain names in the SAN/DN, +.B qmail-remote +can cope with this (line fourteeen) +prepending the destination with a '~': +.IR ~wildneighor.net . +This mechanism also supports partial matching +of SAN/DN and domain name. + +In the same sense (line fiveteen), +.B qmail-remote +may accept TLS connections based on Anonymous DH (ADH) +- where the server does not provide a cert for authentication - +once the domain name is prepended with a +.I - +as key encryption cipher and discards +.I !RSA +for authentication if told so. + +Certificate pinning for a particular +.I %host +indicated by the leading character '%' is shown on line sixteen. +Instead of the CA file, now the +.I =fingerprint +of the peer host certificate needs to be provided. +The X.509 fingerprint +should prepended with an equal sign ('=') and to +be stripped from additional colons (':'). The fingerprint +string is evaluated case-insensitive. +.BR qmail-remote 's +certificate pinning supports SHA1, SHA224, SHA256, and SHA512 +digests, determined by the length of the fingerprint given. + +Note, that in this case, no TLSA validation is performed; +it is thus a 'silent' verification'. +.B qmail-remote +can be instructed to omit the STARTTLS command for the recipient address +.I nosslhost.example.com +as indicated with a leading +.I ! +as shown on line seventeen. This behavior can be relaxed (line nineteen) using +.I ? +followed by a colon, a host, or domain name. Now +.B qmail-remote +will initally try a TLS connection by however is alllowed to switch back +to none-encryption mode, in case this is not possible due +protocol reasons. + +.B qmail-remote +allows an \'implicit TLS\' connection on any port, if +.I port +is prended with an +.I s +even without providing the port. + +In case, no particular ciphers or CA certs are +required, a colon/semi-colon ':;' can be used as shortcut (line eighteen). +Generally, any port can be provided after the semi-colon. +If however, +.I port +equals +.IR 465 , +SMTPS will be used instead of STARTTLS and if +.I port +equals +.IR 6209 , +QMTPS is the chosen transport protocol. +The settings here overrule previous instructions. + +Finally, TLSA lookups can be disabled, prepending a +domain name with +.I / +for the target domain as shown on line twenty. + +Note that 'destination' is subject of the +forwarding rules as provided by +.IR authsenders , +.IR qmtproutes , +and +.IR smtproutes . +.SH "RETURN CODES" +.B qmail-remote +always exits +.I 0 +for SMTP(S) delivery. +In case of QMTP(S) +.I 1 +is returned in case a buffer feed fails and +.I 0 +otherwise. +.SH "SEE ALSO" +addresses(5), +envelopes(5), +qmail-control(5), +qmail-send(8), +qmail-smtpd(8), +qmail-smtpam(8), +qmail-dksign(8), +qmail-dkim(8), +qmail-tcpto(8) diff --git a/man/qmail-rspawn.8 b/man/qmail-rspawn.8 new file mode 100644 index 0000000..71a43d7 --- /dev/null +++ b/man/qmail-rspawn.8 @@ -0,0 +1,21 @@ +.TH s/qmail: qmail-rspawn 8 +.SH NAME +qmail-rspawn \- schedule remote deliveries +.SH SYNOPSIS +.B qmail-rspawn +.SH DESCRIPTION +.B qmail-rspawn +reads a series of remote delivery commands from descriptor 0, +invokes +.B qmail-remote +to perform the deliveries, +and prints the results to descriptor 1. + +.B qmail-rspawn +invokes +.B qmail-remote +asynchronously, +so the results may not be in the same order as the commands. +.SH "SEE ALSO" +qmail-send(8), +qmail-remote(8) diff --git a/man/qmail-send.9 b/man/qmail-send.9 new file mode 100644 index 0000000..334bfa9 --- /dev/null +++ b/man/qmail-send.9 @@ -0,0 +1,265 @@ +.TH s/qmail: qmail-send 8 +.SH NAME +qmail-send \- deliver mail messages from the queue +.SH SYNOPSIS +.B qmail-send +.SH DESCRIPTION +.B qmail-send +handles messages placed into the outgoing queue by +.BR qmail-queue . +It uses +.B qmail-lspawn +to deliver messages to local recipients and +.B qmail-rspawn +to deliver messages to remote recipients. +If a message is temporarily undeliverable to one or more addresses, +.B qmail-send +leaves it in the queue and tries the addresses again later. + +.B qmail-send +prints a readable record of its activities to descriptor 0. +It writes commands to +.BR qmail-lspawn , +.BR qmail-rspawn , +and +.B qmail-clean +on descriptors 1, 3, and 5, +and reads responses from descriptors 2, 4, and 6. +Communication with +.B qmail-todo +is based on decriptors 7 and 8. +.B qmail-send +is responsible for avoiding deadlock. + +If +.B qmail-send +receives a TERM signal, +it will exit cleanly, after waiting +(possibly more than a minute) +for current delivery attempts to finish. + +If +.B qmail-send +receives an ALRM signal, +it will reschedule every message in the queue for immediate delivery. + +.SH "CONTROL FILES" +.B WARNING: +.B qmail-send +reads its control files only when it starts. +If you change the control files, +you must stop and restart +.BR qmail-send . +Exception: +If +.B qmail-send +receives a HUP signal, +it will reread +.IR locals , +.IR virtualdomains , +as well as +.IR concurrencylocal , +.IR concurrencyremote , +and in addition +.IR queuelifetime . +.TP 5 +.I bouncefrom +Bounce username. +Default: +.BR MAILER-DAEMON . +.TP 5 +.I bouncehost +Bounce host. +Default: +.IR me , +if that is supplied; +otherwise the literal name +.BR bouncehost , +which is probably not what you want. +If a message is permanently undeliverable, +.B qmail-send +sends a +.B single-bounce +notice back to the message's envelope sender. +The notice is +.B From: \fIbouncefrom\fB@\fIbouncehost\fR, +although its envelope sender is empty. +.TP 5 +.I bouncemaxbytes +Maximum size (in bytes) of bounce messages. +Bounce messages exceeding this limit will be truncated. +Default is 0; which means no limit. +.TP 5 +.I concurrencylocal +Maximum number of simultaneous local delivery attempts. +Default: 10. +If 0, local deliveries will be put on hold. +.I concurrencylocal +is limited at compile time to +SPAWN. +.TP 5 +.I concurrencyremote +Maximum number of simultaneous remote delivery attempts. +Default: 20. +If 0, remote deliveries will be put on hold. +.I concurrencyremote +is limited at compile time to +SPAWN. +.TP 5 +.I doublebouncehost +Double-bounce host. +Default: +.IR me , +if that is supplied; +otherwise the literal name +.BR doublebouncehost , +which is probably not what you want. +.TP 5 +.I doublebounceto +User to receive double-bounces. +Default: +.BR postmaster . +If a single-bounce notice is permanently undeliverable, +.B qmail-send +sends a +.B double-bounce +notice to +.IR doublebounceto\fB@\fIdoublebouncehost . +(If that bounces, +.B qmail-send +gives up.) +As a special case, if the first line of +.IR doublebounceto +contains a '@' or an empty line +.B qmail-send +will discard all double-bounces. +.TP 5 +.I envnoathost +Presumed domain name for addresses without @ signs. +Default: +.IR me , +if that is supplied; +otherwise the literal name +.BR envnoathost , +which is probably not what you want. +If +.B qmail-send +sees an envelope recipient address without an @ sign, +it appends +.B @\fIenvnoathost\fR. +.TP 5 +.I locals +List of domain names that the current host +receives mail for, +one per line. +Default: +.IR me , +if that is supplied; +otherwise +.B qmail-send +refuses to run. +An address +.I user@domain +is considered local if +.I domain +is listed in +.IR locals . +.TP 5 +.I percenthack +List of domain names where the percent hack is applied. +If +.I domain +is listed in +.IR percenthack , +any address of the form +.I user%fqdn@domain +is rewritten as +.IR user@fqdn . +.I user +may contain %, +so the percent hack may be applied repeatedly. +.B qmail-send +handles +.I percenthack +before +.IR locals . +.TP 5 +.I queuelifetime +Number of seconds +a message can stay in the queue. +Default: 604800 (one week). +After this time expires, +.B qmail-send +will try the message once more, +but it will treat any temporary delivery failures as +permanent failures. +.TP 5 +.I virtualdomains +List of virtual users or domains, one per line. +A virtual user has the form +.IR user\fB@\fIdomain\fB:\fIprepend , +without any extra spaces. +When +.B qmail-send +sees the recipient address +.IR user\fB@\fIdomain , +it converts it to +.I prepend\fB-\fIuser\fB@\fIdomain +and treats it as local. + +A virtual domain has the form +.IR domain\fB:\fIprepend . +It applies to any recipient address at +.IR domain . +For example, if + +.EX + nowhere.mil:joeBREAKfoo +.EE + +is in +.IR virtualdomains , +and a message arrives for +.BR info@nowhere.mil , +.B qmail-send +will rewrite the recipient address as +.B joeBREAKfoo-info@nowhere.mil +and deliver the message locally. + +.I virtualdomains +may contain wildcards: + +.EX + .fax:uucpBREAKfax + :aliasBREAKcatchall + .nowhere.mil:joeBREAKfoo-host +.EE + +.I virtualdomains +may also contain exceptions: +an empty +.I prepend +means that +.I domain +is not a virtual domain. + +.B qmail-send +handles +.I virtualdomains +after +.IR locals : +if a domain is listed in +.IR locals , +.I virtualdomains +does not apply. +.SH "SEE ALSO" +nice(1), +addresses(5), +envelopes(5), +qmail-control(5), +qmail-log(5), +qmail-todo(8), +qmail-queue(8), +qmail-clean(8), +qmail-lspawn(8), +qmail-rspawn(8) diff --git a/man/qmail-showctl.8 b/man/qmail-showctl.8 new file mode 100644 index 0000000..ddd90d7 --- /dev/null +++ b/man/qmail-showctl.8 @@ -0,0 +1,12 @@ +.TH s/qmail: qmail-showctl 8 +.SH NAME +qmail-showctl \- analyze the qmail configuration files +.SH SYNOPSIS +.B qmail-showctl +.SH DESCRIPTION +.B qmail-showctl +explains the current +.B s/qmail +configuration. +.SH "SEE ALSO" +qmail-control(8) diff --git a/man/qmail-smtpam.8 b/man/qmail-smtpam.8 new file mode 100644 index 0000000..9fe8e90 --- /dev/null +++ b/man/qmail-smtpam.8 @@ -0,0 +1,110 @@ +.TH s/qmail: qmail-smtpam 8 +.SH NAME +qmail-smtpam \- SMTP client PAM +.SH SYNOPSIS +.B qmail-smtpam +.I host +.I [s]port +.SH DESCRIPTION +.B qmail-smtpam +reads an email address from FD 3 +and tries to verify this +connecting to the remote +.IR host +on +.IR port . +If +.I port +starts is +.I s +\'implicit TLS\' ist used on that port. +In a standard SMTP dialog, +.B qmail-smtpam +supplies the HELO greeting, +a MAIL FROM: <> address, and +the purported RCPT TO:
. +.SH "CONTROL FILES" +.TP 5 +.I domainips +IP addresses to be used on outgoing connections. +Each line has the form +.IR domain\fB:\fIlocalip(%ifname)\fB|\fIhelohost , +without any extra spaces. +If +.I domain +matches the domain part in +.IR sender , +.B qmail-smtpam +will bind to +.IR localip +when connecting to +.IR host . +LLU IPv6 addresses need to be appended with the binding +.IR ifname +following +.IR localip +with a '%'. +If it matches, it will set the provided HELO string as greeting; +otherwise, it will use the default. +.TP 5 +.I helohost +Current host name, +for use solely in saying hello to the remote SMTP server. +Default: +.IR me , +if that is supplied; +otherwise +.B qmail-smtpam +refuses to run. +.TP 5 +.I timeoutconnect +Number of seconds +.B qmail-smtpam +will wait for the remote SMTP server to accept a connection. +Default: 60. +The kernel normally imposes a 75-second upper limit. +.TP 5 +.I timeoutremote +Number of seconds +.B qmail-smtpam +will wait for each response from the remote SMTP server. +Default: 1200. +.TP 5 +.I tlsdestinations +If present, this file advices +.B qmail-smtpam +to use TLS encryption for specific destination domains +as provided by the forward-path and perhaps to validate/verify +the domain's server certificate: +.IR destination:cafile|verifydepth;[s]port|ciphers|domain . +If +.I port +is give as or prepended with +.I s +\'implict TLS\' is used; omitting StartTLS. +Unless explicitely configured, +.B qmail-smtpam +accepts any or no certificate provided by the server, +thus uses TLS for encryption only. +.B qmail-smtpam +uses the same certificate validation/verification +mechanism as +.B qmail-remote +except for distinguishing among the sender's domain information. +.SH "RETURN CODES" +.B qmail-smtpam +exits +.I 0 +if the remote server +replies with '250', otherwise +.IR 1 . +In case the control files can not +be read or a communication problem has +occured, it exits +.IR 111 . +.SH "SEE ALSO" +addresses(5), +envelopes(5), +qmail-control(5), +qmail-remote(8), +qmail-smtpd(8) diff --git a/man/qmail-smtpd.8 b/man/qmail-smtpd.8 new file mode 100644 index 0000000..951b0a7 --- /dev/null +++ b/man/qmail-smtpd.8 @@ -0,0 +1,1013 @@ +.TH s/qmail: qmail-smtpd 8 +.SH "NAME" +qmail-smtpd \- receive mail via SMTP +.SH "SYNOPSIS" +.B qmail-smtpd +[ +.I checkprogram +.I subprogram +] +.SH "DESCRIPTION" +.B qmail-smtpd +receives mail messages via the Simple Mail Transfer Protocol (SMTP) +and invokes +.B qmail-queue +to deposit them into the outgoing queue. +.B qmail-smtpd +must be supplied with several environment variables; +see +.BR tcp-environ(5) . + +.B qmail-smtpd +is responsible for counting hops. +It rejects any message with 100 or more +.B Received +or +.B Delivered-To +header fields. + +.B qmail-smtpd +supports ESMTP and offers 8BITMIME, DATA, PIPELINING, SIZE, AUTH, STARTTLS, and SMTPUTF8 options. +.B qmail-smtpd +includes a 'Mail From:' parameter parser and obeys 'Auth', 'Size', and 'SMTPUTF8' advertisements. +.B qmail-smtpd +supports SMTPUTF8 SMTP envelope addresses and provides 8 bit clean message transmission. +.B qmail-smtpd +STARTTLS and SMTPS implementation requires the use of +.B sslserver +from ucspi-ssl. + +Authentication is facilitated in case the environment variable +SMTPAUTH is set which tells +.B qmail-smtpd +to accept LOGIN, PLAIN, and eventually CRAM-MD5 Auth types +and if additionally a PAM +.I checkprogram +is available which reads on file descriptor 3 the username, a 0 byte, +the password or CRAM-MD5 digest/response derived from the SMTP client, +another 0 byte, a CRAM-MD5 challenge (if applicable to the Auth type), +and a final 0 byte. +.I checkprogram +invokes +.I subprogram +upon successful authentication, which should return 0 to +.BR qmail-smtpd , +effectively setting the environment variables RELAYCLIENT and +TCPREMOTEINFO or TCP6REMOTEINFO +(any supplied value replaced with the authenticated username). +.B qmail-smtpd +will reject the authentication attempt if it receives a nonzero return +value from +.I checkprogram +or +.IR subprogram . + +STARTTLS support is enabled setting the environment variable UCSPITLS. +In this case, +.B qmail-smtpd +communicates with the +.B sslserver +program interface through a control socket, a reading and a writing pipe, dynamically +defined during the session start to be used for transport layer encryption. +.B qmail-smtpd +provides mutual authentication based on X.509 client certs and relaying +with additional SMTP Return-Path validation. + +.B qmail-smtpd +may employ additional DNS look-ups for the 'Mail From:' envelope sender +address and/or the HELO/EHLO greeting string from the MTA client. + +.B qmail-smtpd +implements a SPF record check for the domain part of the received +.I Mail-From:\ +address or +the +.I HELO/EHLO +statement in case the domain information is missing. +This behavior is triggered by the environment variable +.BR SPF . + +.B qmail-smtpd +can be advised to communicate with a Greylisting server prior of acceptance, like +.BR postgrey , +submitting the connection information +.IR Mail\ From: , +.IR Rcpt\ To: , +.IR TCPREMOTEIP +and +.I TCPREMOTEHOST +given its IPv4/IPv6 address as environment variable +.IR POSTGREY +and potentially including the port number (60000 is default) +following the IP address separated by a semi-colon. +For IPv6 LLU addresses the interface name followwing a percent sign can be included: +.IR fe80::1%eth0;60000 . +A return value of +.I 10 +will advise +.B qmail-smtpd +to defer the SMTP connection providing a +.I 450\ greylisted\ (#4.3.0) +response to the connecting MTA, which can be tailored (see below). +This mechanism shall not be used for SMTP connections on the +.I Submission +port. +Setting +.I POSTGREY='-' +disables the lookup. + +.SH "TRANSPARENCY" +.B qmail-smtpd +converts the SMTP newline convention into the UNIX newline convention +by converting CR LF into LF. +Usually, it returns a temporary error and drops the connection on bare LFs. + +.B qmail-smtpd +accepts messages that contain long lines or non-ASCII characters +and thus is initially capable for SMTPUTF8 support. + +.SH "CONTROL FILES" +.TP 5 +.IR badhelo +Unacceptable HELO/EHLO greeting strings. +.B qmail-smtpd +will reject every connection attempt +if the client MTA's HELO/EHLO greeting compares with +a wildmat pattern provided in +.IR badhelo +in case the environment variable +.B HELOCHECK +is set. +.IR badhelo +checks have precedence over DNS lookups. +DNS lookups can be avoided, if the announced +HELO/EHLO greeting string is concatinated +with a trailing '!' and included in +.IR badhelo : + +.EX + localhost + localhost.localdomain + 127.0.0.1 + mygreetingstring + [192.168.1.2]! +.EE + +.TP 5 +.I badmailfrom +Unacceptable envelope sender addresses. +.B qmail-smtpd +will reject every recipient address for a message +if the envelope sender address is listed in +.IR badmailfrom . +A line in +.I badmailfrom +may be of the form +.BR @\fIhost , +meaning every address at +.IR host . +Additionally, any envelope sender address can be filtered +with a wildmat check: + +.EX + *@earthlink.net + !fred@earthlink.net + [0-9][0-9][0-9][0-9][0-9]@[0-9][0-9][0-9].com + answerme@save* + *%* + @yahoo.com- + @hotmail.com= + @mydomain.tld+ + ~yahoo.com + ?nobody@example.com +.EE + +A +.I badmailfrom +file with this contents reject all mail from Earthlink except from +fred@earthlink.net. It also rejects all mail with addresses like: +12345@123.com and answerme@savetrees.com. Further, any mail with +a sender address containing a percent sign (%) is rejected. + +This implementation recognises 'extended' addresss in +.I badmailfrom +allowing to reject mails with particluar spoofed domain addresses: + +(1) The address is appended with a '-'. +Now, if +.I TCP(6)REMOTEHOST +equals 'unknown', mails with the corresponding address are rejected +(badmailfromunknown). + +(2) The address is appended with a '='. +In case +.I TCP(6)REMEOTEHOST +is set mails, whose domain part of the envelope addresses +.B not +matching +the corresponding entry are rejected (badmailfromwellknown). + +(3) The address is appended with a '+'. +If +.I RELAYCLIENT +is not set and the sender address matches a corresponding entry +(anti-spoofing for internal addresses). + +(4) The address is enhanced with a leading '~'. +This requires a (left to right partial) matching of +.I TCP(6)REMOTEHOST +with the domain part of the envelope address. +Thus, this specific entry in +.I badmailfrom +uses +.I TCP(6)REMOTEHOST +in the first place (badmailfrommismachteddomains). + +(5) The address is enhanced with a leading '?'. +Emails with the corresponding sender address pass by all further +.I badmailfrom +tests including the +.I MFDNSCHECK +check. + +Note: The 'enhanced' addresses are not subject of the wildmat check +and are evaluated in lower-case. + +The wildmat check is done in the order: +Least significant to most significant. +Example: + +.EX + * + ! + !*@*.* + *viagra* +.EE + +.TP 5 +.I badloadertypes.cdb +Unacceptable base64 loader types in the message. +.B qmail-smtpd +will reject every message if 5 significant +characters (eg. +.BR Mi5kb) +anyware in the base64 encoded attachment is identical +to those compiled into +.IR badloadertypes.cdb . +Use +.B qmail-badloadertypes +to derive +.I badloadertypes.cdb +from +.IR badloadertypes . +In order to make the search efficient, all bad loader +types have to start with the same character (eg. 'M'). +The control file +.I badloadertypes.cdb +is evaluated if the environment variable BADLOADERTYPE +is set to the first character according to the contents of +.IR badloadertypes . +.TP +.I badmimetypes.cdb +Unacceptable base64 encoded MIME types in message. +.B qmail-smtpd +will reject every message if the first 9 significant +characters (eg. +.BR TVqQAAMAA ) +of any of it's embedded MIME types is identical with one +compiled into +.IR badmimetypes.cdb . +Use +.B qmail-badmimetypes +to derive +.I badmimetypes.cdb +from +.IR badmimetypes . +The control file +.I badmimetypes.cdb +is evaluated if the environment variable +.I BADMIMETYPE +is set. +In addition, irregular BASE64 attachments carrying whitespaces can +be rejected defining +.IR BADMIMETYPE='!' . +.TP 5 +.I badrcptto +Unacceptable envelope recipient addresses. +.B qmail-smtpd +will reject every incoming message +if the envelope recipient address is listed in +.IR badrcptto . +This control file is complementary to +.IR badmailfrom . +A line in +.I badrcptto +may be of the form +.BR @\fIhost , +meaning every address at +.IR host . +.I badrcptto +employes the same filtering logic for the envelope recipient as +.IR badmailfrom . +Effectively, +.IR badrcptto +allows a 'whitelisting' of envelope recipient addresses: + +.EX + * + !user1@mydomain.com + !user2@mydomain.com + !*@anotherdomain.com +.EE + +.IR badrcptto +allows to tag recipient addresses to be reachable from +authorized clients only (aka relayclients), prepending it +in +.IR badrcptto +with +.IR + . + +.EX + +localaddress@mydomain.com +.EE + +.TP 5 +.I databytes +Maximum number of bytes allowed in a message, +or 0 for no limit. +Default: 0. +If a message exceeds this limit, +.B qmail-smtpd +returns a permanent error code to the client; +in contrast, if +the disk is full or +.B qmail-smtpd +hits a resource limit, +.B qmail-smtpd +returns a temporary error code. + +.I databytes +counts bytes as stored on disk, not as transmitted through the network. +It does not count the +.B qmail-smtpd +Received line, the +.B qmail-queue +Received line, or the envelope. + +If the environment variable DATABYTES +is set, it overrides +.IR databytes . +.TP 5 +.I localiphost +Replacement host name for local IP addresses. +Default: +.IR me , +if that is supplied. +.B qmail-smtpd +is responsible for recognizing native IPv4/IPv6 addresses for the +current host. +When it sees a recipient address of the form +.I box@[d.d.d.d] +or +.IR box@[a:b:c:d:e:f:g:h] , +where +.I d.d.d.d +or +.IR a:b:c:d:e:f:g:h +is a local IPv4/IPv6 address, +it replaces +.I [d.d.d.d] +or +.IR [a:b:c:d:e:f:g:h] +with +.IR localiphost . +This is done before +.IR rcpthosts . +.TP 5 +.I morercpthosts +Extra allowed RCPT domains. +If +.I rcpthosts +and +.I morercpthosts +both exist, +.I morercpthosts +is effectively appended to +.IR rcpthosts . + +You must run +.B qmail-newmrh +whenever +.I morercpthosts +changes. + +Rule of thumb for large sites: +Put your 50 most commonly used domains into +.IR rcpthosts , +and the rest into +.IR morercpthosts . +.TP 5 +.I mailfromrules +Acceptable 'Mail From:' addresses for +RELAYCLIENTs are included here. Use +.B qmail-mfrules +to derive +.TP 5 +.I mailfromrules.cdb +from +.IR mailfromrules . +.TP 5 +.I rcpthosts +Allowed RCPT domains. +If +.I rcpthosts +is supplied, +.B qmail-smtpd +will reject +any envelope recipient address with a domain not listed in +.IR rcpthosts . + +Exception: +If the environment variable RELAYCLIENT is set, +.B qmail-smtpd +will ignore +.IR rcpthosts , +and will append the value of RELAYCLIENT +to each incoming recipient address. + +.I rcpthosts +may include wildcards: + +.EX + heaven.af.mil + .heaven.af.mil +.EE + +Envelope recipient addresses without @ signs are +always allowed through. +.TP 5 +.I recipients +List of external resources providing acceptable, +full-qualified envelope addresses +(\'RCPT to: \') +to be used for recipient verification +during the SMTP session. + +The external sources can be either +.B fastforward +compliant cdbs including the envelope addresses, +where the path to a cdb has to be referenced +relative to Qmail's home directory, or a +.B qmail-users +build cdb available as +.IR users/assign.cdb , +or a +.B checkpassword +compatible Plugable Authentication Modules +(PAM), receiving the envelope address on FD 3 +as 'recip@domain\\0\\0\\0' and returning '0' +in a case of success and '1' in case of failure. +The use of a PAM is indicated with a delimiting '|' and +it will be called with up to five additional parameters; +while a cdb follows a ':', which can be omitted. + +The list of external sources is consulted line-by-line for each +recipient envelope address until the first positive answer, +or a final negative response is encountered. +Which external source to be queried, depends on the domain part of the +recipient envelope address specified on the left side of the +.I recipients +file, while the external resource is provided right from the delimitor. + +The addresses' domain part is evaluated in lower-case. +An exact domain match can be encompassed by means of a leading '@'. +The '*' is a generic wildcard for all domains. +Specific domains can be excluded from the lookup by means of a +leading '!'; thus all recipient addresses are accepted for this domain. +Additionally, a '!*' can be used as wildcard for all domains not encountered +before in +.I recipients +(pass-thru). + +A +.I recipients +file is always constructed like 'domain:cdb','domain|pam', +or simply 'cdb': + +.EX + !nocheck.com + mydomain.com:users/recipients.cdb + @mx.mydomain.com:= + example.com|bin/qmail-smtpam mx.example.com + *:etc/fastforward.cdb + *|PATH/ldapam ldapserver host port DN passwd + !* +.EE + +.B qmail-smtpd +will semi-automatically consult +.I users/assign.cdb +generated by +.B qmail-newu +in case the domain name is +followed by a colon and the equal sign '='. +Now, the received \'Rcpt to:\' address +is compared against each local part address +(starting with a '=') in +.IR users/assign.cdb . +However, no VERP addresses are considered, +which are indicated therein via a '+'. + +Lagacy format: + +.EX + users/recipients.cdb + etc/fastforward.cdb +.EE + +Note: Excluded domains starting with a '!' +should be placed in the beginning of the +.I recipients +file for performance reasons, while the pass-thru +statement '!*' has to be on the last line. +The recipients check is applied after the +.I rcpthosts +evaluation. + +.B qmail-recipients +may be used to construct a +.I users/recipients.cdb +from +.IR users/recipients . + +The +.B qmail-smtpd +recipients mechanism supports Qmail's address extension (VERP). +Unqualified envelope recipients are appended with \'@localhost\'. +.TP 5 +.I smtpgreeting +SMTP greeting message. +Default: +.IR me , +if that is supplied; +otherwise +.B qmail-smtpd +will refuse to run. +The first word of +.I smtpgreeting +should be the current host's name. +.TP 5 +.I spfexplain +An additional SPF explanation can be given here to provide more +specific information for the sender in case of a reject. +SPF macro expansion is possible. It will override the default one, e.g.: + +.EE +See https://example.com/spfrules.html (#5.7.1) +.EX +.TP 5 +.I spflocalrules +As 'last resort', it is possible to include SPF local rules here +(on one line), that will be applied before other SPF rules would fail. +This can be used to allow certain MX to send mails anyway. Example: + +.EE +include:spf.trusted-forwarder.org +.EX +.TP 5 +.I timeoutsmtpd +Number of seconds +.B qmail-smtpd +will wait for each new buffer of data from the remote SMTP client. +Default: 1200. + +.SH "CONDITIONAL CONTROL FILES" +The control files \fIrcpthosts\fR, \fImorecpthosts\fR, +\fIrecipients\fR, \fIbadhelo\fR +are 'conditional' control files and evaluated +only if the environment variable RELAYCLIENT is not set. +On the other hand, +\fImailfromrules.cdb\fR is only taken into account, if +RELAYCLIENT is set. +This allows +.B qmail-smtpd +to relay mail messages from local clients and to filter +mails with certain SMTP envelope conditions +originating from particular clients ('Split Horizon'). +Other conditional control files are +\fIbadloadertypes\fR, +\fIbadmimetypes\fR +which depend on the setting of the corresponding +environment variables. + +Further, the control files \fIspfexplain\fR and +\fIspflocalrules\fR are only evaluated if the +environment variable +.I SPF +is defined and greater than 0 and +.I RELAYCLIENT +is not set. + +.SH "ENVIRONMENT VARIABLES READ" +Environment variables may be defined globally in the +.B qmail-smtpd +startup script and/or individually as part of the +.BR sslserver 's +cdb database. +The environment variables may be quoted ("variable", or 'variable') and +in case of global use, have to be exported. +.B qmail-smtpd +supports the following legacy environment variables, typically +provided by +.B sslserver +or +.B tcpserver: +.IR TCP(6)REMOTEIP , +.IR TCP(6)REMOTEHOST +.IR TCP(6)REMOTEINFO +and +.IR TCPLOCALPORT +as well as +.IR RELAYCLIENT . +Additionally, +.B qmail-smtpd +may use several environment variables for different purposes. +.P +Controlling the SMTP HELO/EHLO: +.IP +.TP 5 +.I HELOCHECK='' +enables a check of the provided HELO/EHLO greeting against +the content of the control file +.IR badhelo . +In case no HELO/EHLO greeting is given, SMTP +connections can be rejected, if +.I HELOCHECK='!' +is set. Checks on the presence and the content of +the HELO/EHLO greeting string is facilitated, setting +.IR HELOCHECK='.' . +To enforce the match of the HELO/EHLO greeting with +the remote host's FQDN ( +.IR TCP(6)REMOTEHOST ), +use +.IR HELOCHECK='=' . +.TP 5 +.I HELOCHECK='A' | HELOCHECK='M' +enable DNS A/MX lookup for the HELO/EHLO greeting string. +In addition, the HELO/EHLO string is checked against +the content of +.IR badhelo . +.TP 5 +.I UTF8 +display the +.I SMTPUTF8 +greeting string. This is off by default. +.p +Since +.B qmail-smtpd +is 8 bit clean, setting of +.I UTF8 +has no real consequences except for displaying this +setting in the log as +.IR ESMTP[SA]UTF8 . +.P +Controlling the SMTP Mail From: +.IP +.TP 5 +.I LOCALMFCHECK +is used to enable a 'Mail From:' address Verification (MAV) for RELAYCLIENTs. +Thus, the domain part of the 'Mail From:' envelope sender address +has to match an entry in +.IR rcpthosts +or +.IR morercpthosts +control files, if not explicitly defined otherwise. + +If LOCALMFCHECK='!' is set, the control file +.I mailfromrules.cdb +is evaluated and the MAV is facilitated employing the environment variables +.IR TCP(6)REMOTEINFO , +.IR TCP(6)REMOTIP , +or +.I TCP(6)REMOTEHOST +as a key. +However, if LOCALMFCHECK='=' is provided, +.IR TCP(6)REMOTEINFO +(i.e. set by Auth) has to match the 'Mail From:' +envelope address (case insensitive). +Alternativley, using LOCALMFCHECK='?' the email address +embedded in the DN of a X.509 client is used and compared +against the 'Mail From:' envelope address. +Of course, this requires +.B sslserver +to request a client cert for mutual authentication. + +Note: Adding a qualifier to LOCALMFCHCEK, +the domain part of the 'Mail From:' address is compared +against the provided string. +.TP 5 +.IR MFDNSCHECK +enable DNS MX lookup for the domain part of the 'Mail From:' envelope sender address. +.TP 5 +.I SPF='0'|'1'|'2'|'3'|'4'|'5'|'6' +SPF Records will be evaluated for the current SMTP session in case +.B SPF +is defined. The value of +.B SPF +may be given between 1 and 6 to enable SPF checks. +.I 1 +selects 'annotate-only' mode, where +.B qmail-smtpd +will annotate incoming email with a +.B Received-SPF +header, but will not reject any messages. +.I 2 +will produce temporary failures on DNS lookup problems +so you can be sure always to have a meaningful Received-SPF header. +.I 3 +selects 'reject' mode, where incoming mail will be rejected +if the SPF record says 'fail'. +.I 4 +selects a more stricter rejection mode, which is like 'reject' mode, +except that incoming mail will also be rejected, when the SPF record +says 'softfail'. Further, +.I 5 +will reject when the SPF record says 'neutral', and +.I 6 +rejects, if no SPF records are available at all +(or a syntax error was encountered). +If +.B SPF +is given as +.IR 0 , +SPF checks are disabled. + +Note: Additional control files are +.I spfexplain +and +.IR spflocalrules . + +.P +Controlling the SMTP RCPT TO: +.IP +.TP 5 +.I MAXRECIPIENTS +is the number of Rcpt To:'s +.B qmail-smtpd +will accept in a SMTP session. +If MAXRECIPIENTS ist not set, any number is allowed. +.TP 5 +.IR TARPITCOUNT +is the number of Rcpt To: +.B qmail-smtpd +accepts before it starts tarpitting. +Default: 0 which means no tarpitting. +.TP 5 +.IR TARPITDELAY +tarpitdelay is the time in seconds of delay +to be introduced after each subsequent Rcpt To:. + +Smart Rejection Notes: +If +.IR TARPITCOUNT +is set and +.IR TARPITDELAY += 0 (default) +.B qmail-smtpd +will issue after recognising +.IR TARPITCOUNT +invalid Rcpt To: a Recipient failure; +thus additional Rcpt Tos will not be accepted. +If, however +.IR TARPITCOUNT +is set and +.IR TARPITDELAY += 999 +.B qmail-smtpd +will issue after +.IR TARPITCOUNT +invalid Rcpt To: a Recipient failure +.TP 5 +.I RECIPIENTS450 +tells +.b qmail-smtpd +to issue a SMTP reply '450' (temporary rejection) +instead the default '550' +in case the recipient was not listed in any +.I recipients +cdb. + +.P +Controlling the email body: +.IP +.TP 5 +.I BADLOADERTYPE='c' +tells +.B qmail-smtpd +to evaluate the control file +.I badloadertypes.cdb +with the starting string 'c'. +If +.I BADLOADERTYPE='-' +is set, the check is disabled. +In case +.I BADLOADERTYPE='+' +is defined, the check is disabled for +.IR RELAYCLIENTS . +.TP 5 +.I BADMIMETYPE +see control file +.IR badmimetypes.cdb . +In case +.I BADMIMETYPE='-' +is set; +.I badmimetypes.cdb +is not considered; thus the check is disabled. +Providing +.I BADMIMTETYPE='+' +the check is disabled if in addition +.IR RELAYCLIENTS +are recognized. + +.TP 5 +.I BASE64 +tells QHPSI to enable virus checking only if a base64 encoded +attachment was identified. +.TP 5 +.I DATABYTES +see control file +.IR databytes . +.TP 5 +.I QHPSI +is used by +.B qmail-smtpd +to supply the name of the virus scanner and it's path. +.P +Environment variables for SMTP authentication: +.IP +.TP 5 +.I SMTPAUTH +is used to enable SMTP Authentication for the +Auth types +LOGIN and PLAIN. +In case +.TP 5 +.I SMTPAUTH='+cram' +is defined, +.B qmail-smtpd +honors LOGIN, PLAIN, and additionally CRAM-MD5 authentication. +Simply +.TP 5 +.I SMTPAUTH='cram' +restricts authentication just to CRAM-MD5. +If however +.TP 5 +.I SMTPAUTH='!' +starts with an exclamation mark, Auth is required. +You can enforce 'Submission' using this option +and binding +.B qmail-smtpd +to the SUBMISSION port \'587'\. +In particular, +.TP 5 +.I SMTPAUTH='!cram' +may be useful. +In opposite, if +.TP 5 +.I SMTPAUTH='-' +starts with a dash, Auth disabled for particular +connections. +Note: The use of 'cram' requires a CRAM-MD5 enabled PAM. +.P +Setting up the TLS/STARTTLS environment: +.IP +.TP 5 +.I UCSPITLS +enables encrypted SMTP communication +via STARTTLS in case +.B sslserver +is provided. +If +.I UCSPITLS='!' +is set, STARTTLS is required; while setting +.I UCSPITLS='-' +disables STARTTLS. +Further, +.I UCSPITLS='?' +may be used to force the client to present a X.509 cert +for authentication purpose which may be refined +requesting +.I UCSPITLS='@' +to additionally fetch the email address +from the client's cert to be perhaps subject of +.IR LOCALMFCHECK . +.P +Other environment variables used: +.IP +.TP 5 +.I DELIVERTO +mail address for special recipients. +.TP 5 +.I RBLSMTPD +feed from +.B rblsmtpd +including the information received from the +inquired RBL hosts and displayed as +.I X-RBL-Info: +message header. +.TP 5 +.I POSTGREY +triggering the call of +.B qmail-postgrey +and feeding it with the IP address and port of the +.I greylisting +server. If +.I POSTGREY +is set to +.I - +no lookup is performed. + +.SH "CUSTOMIZABLE RETURN MESSAGES" +In case of rejected or defered SMTP connections +.B qmail-smtpd +can provide additional informations in the SMTP reply message +which are sandwiched between the reply code and the EMMSC. +.B qmail-smtpd +recognizes these environment variables: +.TP 5 +.I REPLY_GREYLISTED +following 450 greylisting +.TP 5 +.I REPLY_HELO +following 550 Bad Helo +.TP 5 +.I REPLY_MAILBOX +following 550 mailbox not existing +.TP 5 +.I REPLY_MAXSIZE +following 552 message size to large +.TP 5 +.I REPLY_BADMAILFROM +following 553 badmail from +.TP 5 +.I REPLY_BADRCPTTO +following 553 badrcpt to +.TP 5 +.I REPLY_SENDEREXIST +following 553 SMTP sender DNS +.TP 5 +.I REPLY_NOGATEWAY +following 553 No gateway +.TP 5 +.I REPLY_SENDERINVALID +following 553 SMTP sender invalid +.TP 5 +.I REPLY_CONTENT +following 554 Message content invalid + +.SH "ENVIRONMENT VARIABLES SET" +By means of the following environment variables, +the SMTP session can be interrogated: +.TP 5 +.I HELOHOST +the HELO/EHLO greeting of the SMTP client. +.TP 5 +.I AUTHPROTOCOL +the ESMTPA protocol used for authentication. +.TP 5 +.I AUTHUSER +the supplied username for authentication. +.TP 5 +.I MAILFROM +containes the received 'Mail From:' address. +.TP 5 +.I RCPTTO +containes all received 'Rcpt To:' addresses separated by blanks. +.TP 5 +.I TCP(6)REMOTEINFO +in authentication mode set to the accepted username. +.TP 5 +.I SSL_* +information from +.BR sslserver , +if applicable. + +.SH "SEE ALSO" +tcp-environ(5), +qmail-control(5), +qmail-inject(8), +qmail-newmrh(8), +qmail-newbmt(8), +qmail-authuser(8), +qmail-recipients(8), +qmail-postgrey(8), +qmail-smtpam(8), +qmail-mfrules(8), +qmail-queue(8), +qmail-remote(8), +qmail-send(8), +qmail-log(8), +tcpserver(8), +sslserver(8). + diff --git a/man/qmail-start.9 b/man/qmail-start.9 new file mode 100644 index 0000000..b801ac2 --- /dev/null +++ b/man/qmail-start.9 @@ -0,0 +1,94 @@ +.TH s/qmail: qmail-start 8 +.SH NAME +qmail-start \- turn on mail delivery +.SH SYNOPSIS +.B qmail-start +[ +.I defaultdelivery +[ +.I logger arg ... +] +] +.SH DESCRIPTION +.B qmail-start +invokes +.BR qmail-send , +.BR qmail-lspawn , +.BR qmail-rspawn , +and +.BR qmail-clean , +under the proper uids and gids. +These four daemons cooperate to deliver messages from the queue. + +.B qmail-start +arranges for +.BR qmail-send 's +activity record to be sent to +.BR qmail-start 's +output. +See +.B qmail-log(5) +for the format of the activity record. +Other than this, +.B qmail-start +does not print anything, even on failure. + +If +.I defaultdelivery +is supplied, +.B qmail-start +passes it to +.BR qmail-lspawn . + +If +.I logger +is supplied, +.B qmail-start +invokes +.I logger +with the given arguments, +and feeds +.BR qmail-send 's +activity record through +.IR logger . + +Environment variables given to +.B qmail-start +will eventually be passed on to +.BR qmail-local , +so make sure to clean up the environment if you run +.B qmail-start +manually: + +.EX + # env - PATH="HOME/bin:$PATH" +.br + qmail-start ./Mailbox splogger qmail & +.br + (all on one line) +.EE + +Resource limits, controlling ttys, et al. are also passed from +.B qmail-start +to +.BR qmail-local . + +Note that +.B qmail-send +normally juggles several simultaneous deliveries. +To reduce +.BR qmail-send 's +impact on other programs, +you can run +.B qmail-start +with a low priority. +.SH "SEE ALSO" +logger(1), +splogger(1), +nice(1), +qmail-log(5), +qmail-local(8), +qmail-clean(8), +qmail-lspawn(8), +qmail-rspawn(8), +qmail-send(8) diff --git a/man/qmail-tcpok.8 b/man/qmail-tcpok.8 new file mode 100644 index 0000000..3052c96 --- /dev/null +++ b/man/qmail-tcpok.8 @@ -0,0 +1,24 @@ +.TH s/qmail: qmail-tcpok 8 +.SH NAME +qmail-tcpok \- clear TCP timeout table +.SH SYNOPSIS +.B qmail-tcpok +.SH DESCRIPTION +.B qmail-tcpok +erases +.BR qmail-remote 's +current list of timeouts, +so that +.B qmail-remote +does not make any assumptions about failing addresses. + +.B qmail-tcpok +must be run either as +.B root +or with user id +.B qmailr +and group id +.BR sqmail . +.SH "SEE ALSO" +qmail-remote(8), +qmail-tcpto(8) diff --git a/man/qmail-tcpto.8 b/man/qmail-tcpto.8 new file mode 100644 index 0000000..ed44617 --- /dev/null +++ b/man/qmail-tcpto.8 @@ -0,0 +1,30 @@ +.TH s/qmail: qmail-tcpto 8 +.SH NAME +qmail-tcpto \- print TCP timeout table +.SH SYNOPSIS +.B qmail-tcpto +.SH DESCRIPTION +After an SMTP connection attempt times out, +.B qmail-remote +records the relevant IP address. +If the same address fails again (after at least two minutes with +no intervening successful connections), +.B qmail-remote +assumes that further attempts will fail for at least another hour. + +.B qmail-tcpto +prints +.BR qmail-remote 's +current list of timeouts. + +.B qmail-tcpto +must be run either as +.B root +or with user id +.B qmailr +and group id +.BR sqmail . +.SH "SEE ALSO" +qmail-qread(8), +qmail-remote(8), +qmail-tcpok(8) diff --git a/man/qmail-todo.8 b/man/qmail-todo.8 new file mode 100644 index 0000000..740f5b3 --- /dev/null +++ b/man/qmail-todo.8 @@ -0,0 +1,128 @@ +.TH s/qmail: qmail-todo 8 +.SH NAME +qmail-todo \- schedule state change of message for delivery +.SH SYNOPSIS +.B qmail-todo +.SH DESCRIPTION +.B s/qmail +with a high local and remote concurrency number +is able to deliver a tremendous amount of messages (throughput). +Depending on the provided resources however, +often this can not be achieved since +.B qmail-send +becomes a bottleneck on delivery. + +.B qmail-send +preprocesses all new messages before deploying them for +.I local +or for +.I remote +delivering. In a particulur run, +.B qmail-send +does one 'todo' processing, but has the ability to close multiple jobs. +Due to this layout, potentially +.B qmail-send +can not feed all the new available (local/remote) delivery slots +and therefore, it is not possible to achieve the maximum throughput. + +This is a minor problem, given +.B qmail-send +is able to complete this in short time; but due to +many file system calls (fsync and (un)link) a 'todo' +run is expensive and throttles the throughput. + +.B qmail-todo +solves this 'silly qmail (queue) problem' +which is apparent only on system with high injection rates, +delegating the scheduling of 'todo' runs to a dedicated process. + +.SH "COMMUNICATION" +.B qmail-todo +interfaces with +.B qmail-send +on file descriptors \fI[1,8]\fR on sending +and \fI[7,0]\fR for receiving. +.B qmail-todo +communicates with +.B qmail-clean +on file descriptors \fI[2,0]\fR for sending +and \fI[3,1]\fR for receiving. + +.B qmail-todo +and +.B qmail-send +share an extended and peristent message exchange format: + +.EX +D[LRB]\0 + Start delivery for new message with id . + The character L, R or B defines the type + of delivery: Local, Remote, or Both, respectively. +.EE + +.EX +L\0 + Dump string to the logger without adding additional + '\\n' or similar. +.EE + +.B qmail-todo +sends "\\0" terminated messages, whereas +.B qmail-send +just sends one character to +.BR qmail-todo . + +.SH "BIG PICTURE" +.EX + +-------+ +-------+ + | clean | | clean | + +--0-1--+ +--0-1--+ +-----------+ + trigger ^ | ^ | +->0,1 lspawn | + | | v | v / +-----------+ + +-------+ v +--2-3--+ +--5-6--+ / + | | | | 0<--7 1,2<-+ + | queue |--+--| todo | | send | + | | | | 1-->8 3,4<-+ + +-------+ +-------+ +---0---+ \\ + | \\ +-----------+ + v +->0,1 rspwan | + +---0---+ +-----------+ + | logger| + +-------+ +.EE + +.SH "EXIT CODES" +.B qmail-todo +exits +.I 0 +if the messages have been processed successfully. +It exits +.I 1 +in case there is a communication problem with +.BR qmail-send . +The exit code +.I 111 +together with a diagnostic message is facilitated by +.B qmail-todo +in case it failes reading the required control files. + +.SH "DIAGNOSTICS" +.B qmail-todo +provides additional diagnostic messages to +.B qmail-send +to be displayed in the logs. In particular, in +case of problems creating and (un)linking files. + +.SH "CREDITS" +.B qmail-todo +included in +.B s/qmail +has been created by Andre Oppermann (http://www.nrg4u.com) +as part of this LDAP patch for +.BR qmail . +This man-page uses parts of his EXTERNAL discription. + + +.SH "SEE ALSO" +qmail-send(8), +qmail-queue(8). diff --git a/man/qmail-users.9 b/man/qmail-users.9 new file mode 100644 index 0000000..6ef5548 --- /dev/null +++ b/man/qmail-users.9 @@ -0,0 +1,117 @@ +.TH s/qmail: qmail-users 5 +.SH NAME +qmail-users \- assign mail addresses to users +.SH OVERVIEW +The file +.B SQMAIL/users/assign +assigns the local part of mail addresses to users. For example, + +.EX + =joe.shmoe:joe:503:78:/home/joe::: +.EE + +says that mail for +.B joe.shmoe +should be delivered to user +.BR joe , +with uid 503 and gid 78, +as specified by +.BR /home/joe/.qmail . + +Assignments fed to +.B qmail-newu +will be used by +.B qmail-lspawn +to control +.BR qmail-local 's +deliveries. +Use +.B qmail-newu (8) +to generate +.I users/assign.cdb +from +.IR users/assign . +A change to +.B SQMAIL/users/assign +will have no effect until +.B qmail-newu +is run. +.SH STRUCTURE +.B SQMAIL/users/assign +is a series of assignments, one per line. +It ends with a line containing a single dot. +Lines must not contain NUL. +.SH "SIMPLE ASSIGNMENTS" +A simple assignment is a line of the form + +.EX + =local:user:uid:gid:homedir:dash:ext: +.EE + +Here +.I local +is an address; +.IR user , +.IR uid , +and +.I gid +are the account name, uid, and gid +of the user in charge of +.IR local ; +and messages to +.I local +will be controlled by +.IR homedir\fB/.qmail\fIdashext . + +If there are several assignments for the same +.I local +address, +.B qmail-lspawn +will use the first one. + +.I local +is interpreted without regard to case. +.SH "WILDCARD ASSIGNMENTS" +A wildcard assignment is a line of the form + +.EX + +loc:user:uid:gid:homedir:dash:pre: +.EE + +This assignment applies to any address beginning with +.IR loc , +including +.I loc +itself. +It means the same as + +.EX + =locext:user:uid:gid:homedir:dash:preext: +.EE + +for every string +.IR ext . + +A more specific wildcard assignment overrides a less specific +assignment, and a simple assignment overrides any wildcard assignment. +For example: + +.EX + +:alias:7790:2108:SQMAIL/alias:-:: + +joe-:joe:507:100:/home/joe:-:: + =joe:joe:507:100:/home/joe::: +.EE + +The address +.B joe +is handled by the third line; +the address +.B joe-direct +is handled by the second line; +the address +.B bill +is handled by the first line. +.SH "SEE ALSO" +qmail-pw2u(8), +qmail-newu(8), +qmail-lspawn(8) diff --git a/man/qmail-vmailuser.9 b/man/qmail-vmailuser.9 new file mode 100644 index 0000000..e19898d --- /dev/null +++ b/man/qmail-vmailuser.9 @@ -0,0 +1,108 @@ +.TH s/qmail: qmail-vmailuser 8 + +.SH "NAME" +qmail-vmailuser \- recipient maildir validation + +.SH "SYNOPSIS" +.B qmail-vmailuser +.I [homedir] +.I [-C] +.SH "DESCRIPTION" +.B qmail-vmailuser +is a maildir verification PAM supporting +.I VMailMgr +and +.I Vpopmail +users for virtual domains. +Invoked via +.BR qmail-smtpd 's +recipient mechanism, it checks the +existence of the recipient directory +for the provisioned virtual users in +.IR SQMAIL/control/virtualusers . + +.B qmail-vmailuser +follows +.BR checkpassword 's +interface specification evaluating the +SMTP forwarding path (RCPT TO:) taken from +discriptor 3 with a length of max 128 bytes. + +The forwarding path +.I vuser@domain +is tokenized to determine the +virtual user in +.I SQMAIL/control/virtualusers +given by +.I domain +in the first step and then validating for +.I vuser +the existance of (v)user's mail directory +in lower case while substituting dots by colons. +.SH "USAGE" +.B qmail-vmailuser +is called as PAM from +.BR qmail-smtpd 's +control file +.IR SQMAIL/control/recipients : + +.EX + domain|bin/qmail-vmailuser + *|bin/qmail-vmailuser /homedir -C +.EE + +No specific settings are required to support +either +.I VMailMgr +or +.IR Vpopmail , +except for the +.I homedir +and perhaps the option +.I -C +evaluating +.I vuser +in case respect mode. +Since +.I homedir +defaults mostly to +.IR /home , +this argument can be omitted. +.SH "SECURITY" +For successfull operation +.B qmail-vmailuser +requires to stat +.IR vuser 's +directory though without reading +it's actual contents. Due to +restrictions given by +.IR Vpopmail , +.B qmail-vmailuser +needs to belong to +.I vpopmail:vchkpw +or gnerally to be +root-owned and 'sticky'. +.SH "RETURN CODES" +If for the provided +.I vuser@domain +the user directory does not exist +.B qmail-vmailuser +exits 1. +If +.B qmail-vmailuser +is misused, it may instead exit 2. +If there is a temporary problem, +.B qmail-vmailuser +exits 111. +In case +.B qmail-vmailuser +can't read +.I SQMAIL/control/recipients +it exits 110. +.SH "SEE ALSO" +addresses(5), +envelopes(5), +qmail-send(8), +qmail-smtpd(8), +qmail-recipients(8), +qmail-authuser(8). diff --git a/man/qreceipt.1 b/man/qreceipt.1 new file mode 100644 index 0000000..37b39ed --- /dev/null +++ b/man/qreceipt.1 @@ -0,0 +1,33 @@ +.TH s/qmail: qreceipt 1 +.SH NAME +qreceipt \- respond to delivery notice requests +.SH SYNOPSIS +in +.BR .qmail : +.B |qreceipt +.I youraddress +.SH DESCRIPTION +When a mail message arrives with +.I youraddress +listed in a +.B Notice-Requested-Upon-Delivery-To +header field, +.B qreceipt +sends a success notice back to the envelope sender. + +.B WARNING: +If you create a +.B .qmail +file to enable +.BR qreceipt , +make sure to also add a line specifying delivery to your normal mailbox. +For example: + +.EX + /home/joe/Mailbox +.br + |qreceipt joe@nowhere.mil +.EE +.SH "SEE ALSO" +dot-qmail(5), +envelopes(5) diff --git a/man/setforward.1 b/man/setforward.1 new file mode 100644 index 0000000..1c2925c --- /dev/null +++ b/man/setforward.1 @@ -0,0 +1,204 @@ +.TH s/qmail: setforward 1 +.SH NAME +setforward \- create a forwarding database +.SH SYNOPSIS +.B setforward +.I cdb +.I tmp +.SH DESCRIPTION +.B setforward +reads a table of forwarding instructions from its standard input. +It converts the table into a forwarding database. +The forwarding database can be used by +.BR fastforward . + +.B setforward +writes the forwarding database to +.IR tmp ; +it then moves +.I tmp +to +.IR cdb . +.I tmp +and +.I cdb +must be on the same filesystem. + +If there is a problem creating +.IR tmp , +.B setforward +complains and leaves +.I cdb +alone. + +The forwarding database format is portable across machines. +.SH "INSTRUCTION FORMAT" +A forwarding instruction contains a +.I target\fR, +a colon, a series of commands, and a semicolon. +Each command is a +.I recipient address\fR, +.I owner address\fR, +.I external mailing list\fR, +or +.I program\fR. +Commands are separated by commas. + +For example, + +.EX + root@yp.to: god@heaven.af.mil, staff@af.mil; +.EE + +says that mail for +.B root@yp.to +should be forwarded to the recipient addresses +.B god@heaven.af.mil +and +.BR staff@af.mil . + +When +.B setforward +sees # it ignores all text from # to the end of the line: + +.EX + # this is a comment +.EE + +.B setforward +ignores all other line endings, +so you can split a forwarding instruction across lines. +It also ignores spaces and tabs. +Exception: +you can put a space (or tab or comma or whatever) +into a target or command by putting a backslash in front of it. +(However, NUL bytes are not permitted anywhere.) +.SH "TARGETS" +When +.B fastforward +sees the incoming address +.IR user@host.dom , +it tries three targets: +.IR user@host.dom , +.IR @host.dom , +and +.IR user@ . +It obeys the commands for the first target that it finds. +Target names are interpreted without regard to case. + +All the commands for a single target must be listed in a single instruction. +Exception: an owner address can be listed in a separate instruction. +.SH "RECIPIENT ADDRESSES" +If a command begins with an ampersand, +.B setforward +takes the remaining bytes in the command as a recipient address: + +.EX + boss@yp.to: &god@heaven.af.mil; +.EE + +.B fastforward +sends each incoming mail message +to the recipient address. +The recipient address must include a fully qualified domain name. +It cannot be longer than 800 bytes. + +If a recipient address is itself a target in the forwarding table, +.B fastforward +will recursively handle the instructions for that target. +Note that +.I @host.dom +and +.I user@ +wildcards do not apply here; +they apply only to the incoming address. + +If a command begins with a letter or number, +.B setforward +takes the entire command as a recipient address: + +.EX + boss@yp.to: god@heaven.af.mil; +.EE +.SH "OWNER ADDRESSES" +If a command begins with a question mark, +.B setforward +takes the remaining bytes in the command as an owner address: + +.EX + sos@heaven.af.mil: ?owner-sos@heaven.af.mil; +.EE + +.B fastforward +uses that address as the envelope sender for forwarded mail, +so bounces will go back to that address. +(Normally, if a message is forwarded to a bad address, +it will bounce back to the original envelope sender.) +.SH "EXTERNAL MAILING LISTS" +If a command begins with a dot or slash, +.B setforward +takes the entire command as the name of a binary mailing list file created by +.BR setmaillist : + +.EX + sos@heaven.af.mil: /etc/lists/sos.bin; +.EE + +.B fastforward +will read and obey the commands in that file. +The file must be world-readable +and accessible to +.BR fastforward . +.SH "PROGRAMS" +If a command begins with a vertical bar or exclamation point, +.B setforward +takes the rest of the command as the name of a program to run: + +.EX + dew@: |dew-monitor; +.EE + +For a vertical bar, +.B fastforward +feeds the message +to that program. +An exclamation point works the same way except that +.B fastforward +inserts +.BR $UFLINE , +.BR $RPLINE , +and +.B $DTLINE +in front of the message. +.SH "DUPLICATES" +When +.B fastforward +is building the recipient list for a message, +it keeps track of the recipient addresses and external mailing lists +it has used. +If the same command shows up again, it skips it. +For example: + +.EX + everybody@yp.to: programmers@yp.to, testers@yp.to; + programmers@yp.to: joe@yp.to, bob@yp.to; + testers@yp.to: joe@yp.to, fred@yp.to; +.EE + +A message to +.B everybody@yp.to +will be sent to +.B joe@yp.to +only once. +(This also means that addresses in an internal forwarding loop +are discarded.) + +Exception: +If a target has an owner address, +commands for that target are considered different +from commands for ``outside'' targets. +.SH "SEE ALSO" +newaliases(1), +preline(1), +printforward(1), +setmaillist(1) diff --git a/man/setmaillist.1 b/man/setmaillist.1 new file mode 100644 index 0000000..59fbf7d --- /dev/null +++ b/man/setmaillist.1 @@ -0,0 +1,72 @@ +.TH s/qmail: setmaillist 1 +.SH NAME +setmaillist \- create a binary mailing list +.SH SYNOPSIS +.B setmaillist +.I bin +.I tmp +.SH DESCRIPTION +.B setmaillist +reads a mailing list from its standard input. + +.B setmaillist +writes the mailing list in a binary format to +.IR tmp ; +it then moves +.I tmp +to +.IR bin . +.I tmp +and +.I bin +must be on the same filesystem. + +If there is a problem creating +.IR tmp , +.B setmaillist +complains and leaves +.I bin +alone. + +The binary mailing list format is portable across machines. + +.B setmaillist +always creates +.I bin +world-readable. +.SH "MAILING LIST FORMAT" +The mailing list read by +.B setmaillist +is a series of lines. +NUL bytes are not allowed. + +If a line begins with a dot or slash, +.B setmaillist +takes the entire line as an include file name. + +If a line begins with an ampersand, +.B setmaillist +takes the rest of the line as a recipient address. +If a line begins with a letter or number, +.B setmaillist +takes the entire line as a recipient address. +Each recipient address must include a fully qualified domain name. +Recipient addresses longer than 800 bytes are not allowed. + +.B setmaillist +ignores blank lines +and lines beginning with #. +It also ignores spaces and tabs at the ends of lines. + +For example, + +.EX + god@heaven.af.mil + djb@silverton.berkeley.edu +.EE + +is a mailing list with two addresses. +.SH "SEE ALSO" +setforward(1), +newinclude(1), +printmaillist(1) diff --git a/man/spfquery.8 b/man/spfquery.8 new file mode 100644 index 0000000..4c26323 --- /dev/null +++ b/man/spfquery.8 @@ -0,0 +1,147 @@ +.TH s/qmail: spfquery 8 +.SH NAME +spfquery \- SPF test program +.SH SYNOPSIS +.B spfquery +.I sender-ip +.I sender-helo +.I envelope-from +.I [local rules] +.I [-v] +.SH DESCRIPTION +.B spfquery +is a test program to allow evaluation +of +.I SPF records +fetched on demand by means of +.BR qmail-smtpd . + +.SH "ARGUMENTS" +.B spfquery +uses the given arguments +.IR sender-ip , +.IR sender-helo , +and +.I envelope-from +to perform a DNS SPF TXT lookup +and evaluates the results. +In addition, \'local-rules\' might +be included as +.IR local-rules . +By means of the (last) option +.I -v +a verbose output is provided. + +.SH "RESPONSE" +The result of +.B spfquery +shows the SPF return codes of the retrieved +information after the DNS evaluation. +Additionally, the mechanisms and +results are displayed as chain +of resulting codes. In case the option +.I -v +is given, the received DNS SPF TXT records +for the analysed domain are shown in raw +format to allow further diagnostics. + +.SH "SPF MECHANISMS" +.B spfquery +and of course +.B qmail-smtpd +support all mechanisms defined in +.IR RFC\ 7208 , +in particular: +.IR A/AAAA , +.IR IPv4 , +.IR IPv6 , +.IR MX , +.IR PTR , +.IR Exists . +Nesting of SPF records - indicated by the commands +.I include: +and +.I redirect= +- is allowed and the chain is followed. +Further, +.I exp(lanation)= +is supported. + +.SH "SPF QUALIFIERS" +SPF makes uses of command and explanation qualifiers. +Command and explanation characters are: +.I + +pass (default), +.I - +fail, +.I ~ +softfail, +.I ? +neutral. + +.SH "EXPLANATION CHARACTERS" +This implementation uses the following +additional explanation characters: +.I o +none, +.I u +unknown, +.I d +DNS problem (not used). + +.SH "MACRO EXPANSION" +Macros (keyword) expansion is supported conforming to +.IR RFC\ 7208 . + + +.SH "SPF EVALUATION" +.B spfquery +provides a brief summary of results for the evaluation: +.I S +the sending IP, +.I O +the envelope-from address, +.I C +the requested domain for lookup, +.I H +the HELO/EHLO of the contacted MTA, +.I M +the SPF lookup mechanis as explained, +.I I +the included domanin for lookup, +.I D +the (re)direct to follow, +.I P +a potential problem observed. +These letters are followed by an equal sign '=' +and detail the information. +.I R +is the lookup result obtained, followed by a +colon ':'. + +.SH "DIAGNOSTICS" +Additional DNS diagnostic routines are available: +.B dnstxt +returns the DNS TXT for +.IR host . +.B dnsptr +returns the DNS PTR for +.IR IP . +.B dnsmxip +returns the MTA IPs for +.IR domain . + +.SH "CREDITS" +The +.B spfquery +program and the SPF integration into +.B s/qmail +follows mainly the implementation of +Jana Saout (http://www.saout.de/misc/spf/) +and is used by permission. + +.SH "SEE ALSO" +qmail-control(5), +qmail-smtpd(8) +dnsmxip(8), +dnstxt(8). diff --git a/man/splogger.8 b/man/splogger.8 new file mode 100644 index 0000000..c9137a3 --- /dev/null +++ b/man/splogger.8 @@ -0,0 +1,60 @@ +.TH s/qmail: splogger 8 +.SH NAME +splogger \- make entries in syslog +.SH SYNOPSIS +.B splogger +[ +.I tag +[ +.I fac +] +] +.SH DESCRIPTION +.B splogger +reads a series of messages and feeds them to +.BR syslog . +At the front of each message it puts +.I tag +(default: +.BR splogger ) +and a numerical timestamp. + +.B splogger +checks for +.B alert: +or +.B warning: +at the beginning of each message. +It selects a priority of +LOG_ALERT, LOG_WARNING, or LOG_INFO accordingly. + +.B splogger +logs messages with facility +.IR fac . +.I fac +(default: 2) +must be numeric. + +.B splogger +converts unprintable characters to question marks. + +.B splogger +does not log blank lines. + +.B splogger +folds messages after 800 characters, +since +.B syslog +can't handle long messages. +.B splogger +uses a + after the timestamp +to mark folded lines. + +Note that the +.B syslog +mechanism is inherently unreliable: +it does not guarantee that messages will be logged. +It is also very slow. +.SH "SEE ALSO" +syslog(3), +logger(8) diff --git a/man/sqmail.9 b/man/sqmail.9 new file mode 100644 index 0000000..921a95c --- /dev/null +++ b/man/sqmail.9 @@ -0,0 +1,130 @@ +.TH s/qmail: s/qmail 7 +.SH "NAME" +s/qmail \- overview of s/qmail documentation +.SH "INTRODUCTION" +.B s/qmail +is a secure, encrypting, authenticating, reliable, efficient, +yet simple IPv4/IPv6 message transfer agent based on +.B qmail +and ought to be plug-in compatible. +The +.B s/qmail +software includes Dan Bernstein's +.B fastforward +and +.B qmailanalog +package in addition with other enhancements taken mainly from the +.B Spamcontrol +patch. + +The current version of +.B s/qmail +depends on the +.B fehQlibs +and +.B OpenSSL +or +.BR LibreSSL . + +Users who want to control incoming messages +should read +.BR dot-qmail (5). +Available commands for the +.B .qmail +file include +.BR qbiff (1), +.BR qreceipt (1), +.BR forward (1), +.BR fastforward (1), +.BR bouncesaying (1), +and +.BR condredirect (1). +Other helpful commands include +.BR maildirmake (1), +.BR maildir2mbox (1), +and +.BR maildirwatch (1). + +System administrators who want to control the entire +.B s/qmail +system should start with +.BR qmail-control (5), +.BR qmail-mfrules (8), +and +.BR qmail-start (8). + +There are four queue-monitoring/mangement tools: +.BR qmail-qread (8), +.BR qmail-qstat (8), +.BR qmail-qmaint (8), +and +.BR qmail-tcpto (8). +.BR qmail-mrtg (8) +allows to feed the +.B s/qmail +logs to +.BR MRTG . +Incoming SMTP connections are handled by +.BR qmail-smtpd (8) +and +.BR qmail-recipients (8) +optionally together with +.BR qmail-smtpam (8), +.BR qmail-authuser (8) +and perhaps with +.BR qmail-vmailusers (8) +if virtual mail managers like +.B vpopmail +or +.B vmailmgr +are in use. + +SRS is availalable within +.B s/qmail +by means of the additional commands +.BR srsforward (1) +and +.BR srsreverse (1). +DKIM message signing and verification is achieved with +.B qmail-dksign (8) +and +.BR qmail-dkverify (8). + +.B s/qmail +offers two command-line message-sending interfaces: +.BR qmail-inject (8) +and +.BR mailsubj (1). +For background information on Internet mail messages, +see +.BR addresses (5), +.BR envelopes (5), +.BR qmail-header (5), +and +.BR forgeries (7). + +Miscellaneous documentation includes +.BR qmail-limits (7) +and +.BR qmail-pop3d (8). + +Apart from the Internet mail message transport protocols +.I ESMTP/ESMTPS +.B s/qmail +supports +.I QMTP/QMTPS +together with the Pop Office message protocols +.IR POP3/POP3S +depending on the +.B ucspi-ssl +package for TLS support. + +This documentation describes version +VERSION +of +.BR s/qmail . +See +.B https://www.fehcom.de/djbware.html +for other +.BR s/qmail -related +software. diff --git a/man/srsforward.1 b/man/srsforward.1 new file mode 100644 index 0000000..930c3df --- /dev/null +++ b/man/srsforward.1 @@ -0,0 +1,96 @@ +.TH s/qmail: srsforward 1 +.SH NAME +srsforward \- forward mail to one or more addresses including a SRS extension +.SH SYNOPSIS +in +.BR .qmail : +.B |srsforward +.I address ... +.SH DESCRIPTION +.B srsforward +forwards mails for dedicated recipient +.I srsdomains +to the specified list of addresses +while extending the SMTP 'RCPT TO:' envelope address with +SRS (Sender Rewriting Scheme) information. +It is a simple wrapper around +.B qmail-queue +rewriting the SMTP recipient address. The forwarded email +ought to be acceptable for SPF enabled recipient MTAs. +Additionally, it mitigates the forgery of addresses for bounces. +.SH "CONTROL FILE" +.B srsforward +reads the control file +.IR srsdomains . +Here, you can specify + +.I srsdomain:SRS_secret1 SRS_secret2 ...|[+,-,=]|[srsaddress(.)] + +.I srsdomain +is +.B s/qmail's +recipient domain; typically +.I defaultdomain +or any domain given in +.IR rcpthosts . +.I srsdomain +can be simply expressed as '*', thus the +following informations are +applicable for all +.B srsfoward +domains as default values, while +particular +.I srsdomain +settings have precedence. +Reversely, recipient +domains can be disable for SRS fowarding: +.IR !nosrsfoward.example.com: . + +.B srsforward +accepts several 'secrets' for each +.I srsdomain +separated by empty spaces. + +.BR srsfoward 's +.I delimiter +is a character chosen out of the set +.I +,-,= +with default +.I = +and thus is optional. + +.B srsforward +may include +.I srsaddress +to construct the domain part of the RCPT TO: +envelope address for SRS fowarded mails. If +.I srsaddress +ends with a dot '.', +this name is used to prepend the original +host name and typically is chosen as +.IR srs. . +Otherwise, the original host name is +used as default +.I srsaddress +for forwarding and also relevant for +potential bounces being subject of +.BR srsreverse . +.SH "ENVIRONMENT VARIABLES" +.B srsforward +reads the environment variables +.IR HOST , +which is used to determine the +.IR srsdomain , +.IR DTLINE , +and +.IR NEWSENDER . +.SH REFERENCE +.B srsforward +uses srs2.c from +.IR libsrs2 . +.SH "SEE ALSO" +srsreverse(1), +dot-qmail(5), +qmail-command(8), +qmail-queue(8), +qmail-send(8). diff --git a/man/srsreverse.9 b/man/srsreverse.9 new file mode 100644 index 0000000..5057330 --- /dev/null +++ b/man/srsreverse.9 @@ -0,0 +1,87 @@ +.TH s/qmail: srsreverse 1 +.SH NAME +srsreverse \- reconstruct the original address from its SRS extension +and forward bounce mail +.SH SYNOPSIS +in +.BR .qmail : +.B |srsreverse +.SH DESCRIPTION +Upon reception by +.BR qmail-smtpd , +.B qmail-local +may feed a locally delivered bounce email through +.B srsrevers +in order to reconstruct the original sender from +the received SRS address provided in the local part +and to forward the bounce mail to its original address. +.SH "SRS DOMAINS" +In order to accept emails for SRS modified +return addresses, you need to setup those in +.IR rcpthosts . +If your domain is +.I example.com +in +.I rcpthosts +you probably want to set up additionally +.IR srs.example.com . +However, +.I .example.com +would be fine as well. +.SH "VIRTUAL SRS USER" +SRS can facilitate a virtual user typically named +.I srs +and thus requires an entry like +.I srs.example.com:srs +in +.IR virtualdomains . +.SH "DOT QMAIL" +.B srsreverse +is called from a +.I dot-qmail +file which could be +.IR SQMAIL/alias/.qmail-srs-default . +.SH "CONTROL FILES" +.B srsreverse +reads the control file +.I virtualdomains +to exfiltrate the (virtual) SRS user name for the received domain, +if given. With the evaluated +.IR srsdomain , +.B srsrevers +fetches the +.I SRS secret +from +.I srsdomains +in order to validate the SRS bounce address. +.SH "ENVIRONMENT VARIABLES" +.B srsrverse +reads the environment variables +.IR DTLINE , +.IR HOST , +and +.IR RECIPIENTS . +.I HOST +is used to determine the +.IR srsdomain . +The forwarding bounce address is reconstructed from +the local part of +.IR RECIPIENTS . +.SH VERP +The Sender Rewriting Scheme SRS can be considered +as tailored form of VERP: Variable Envelope Return Path. +The chosen primary delimiter +.I = +is recognized by +.BR qmail-smtpd 's +recipient extension. +.SH REFERENCE +.B srsreverse +uses srs2.c from +.IR libsrs2 . +.SH "SEE ALSO" +srsforward(1), +dot-qmail(5), +qmail-command(8), +qmail-queue(8), +qmail-send(8). diff --git a/man/tai64nfrac.5 b/man/tai64nfrac.5 new file mode 100644 index 0000000..6a2cc5f --- /dev/null +++ b/man/tai64nfrac.5 @@ -0,0 +1,18 @@ +.TH s/qmail: tai64nfrac 5 +.SH NAME +tai64nfrac \- evaluate the TAI64 timestamp and write the fractional seconds +.SH SYNOPSIS +.B tai64nfrac + +.SH DESCRIPTION +Reads a TAI64N external format timestamp following the '@' +as first character from +.I stdin +and +writes the fractional seconds since epoch (TAI, not UTC) to +.IR stdout . +Returns the following characters after the timestamp unaltered. + +.SH "SEE ALSO" +tcpserver(1), +sslserver(1). diff --git a/man/tcp-environ.5 b/man/tcp-environ.5 new file mode 100644 index 0000000..244d32a --- /dev/null +++ b/man/tcp-environ.5 @@ -0,0 +1,86 @@ +.TH s/qmail: tcp-environ 5 +.SH NAME +tcp-environ \- TCP-related environment variables +.SH DESCRIPTION +The following environment variables +describe a TCP connection. +They are set up by +.B tcpclient +and +.B tcpserver +as well as +.BR sslclient +and +.BR sslserver . + +Note that +.BR TCPLOCALHOST , +.BR TCP6LOCALHOST , +.BR TCPREMOTEHOST , +.BR TCP6REMOTEHOST , +and +.BR TCPREMOTEINFO , +.BR TCP6REMOTEINFO , +can contain arbitrary characters. +.TP 5 +PROTO +The string +.BR TCP , +or +.BR TCP6 . +.TP 5 +TCPLOCALHOST/TCP6LOCALHOST +The domain name of the local host, +with uppercase letters converted to lowercase. +If there is no currently available domain name +for the local IP address, +.BR TCPLOCALHOST , +.B TCP6LOCALHOST +is not set. +.TP 5 +TCPLOCALIP +The IPv4 address of the local host, in dotted-decimal form. +.TP 5 +TCP6LOCALIP +The compactified IPv6 address of the local host. +.TP 5 +TCPLOCALPORT/TCP6LOCALPORT +The local TCP port number, in decimal. +.TP 5 +TCPREMOTEHOST/TCP6RMOTEHOST +The domain name of the remote host, +with uppercase letters converted to lowercase. +If there is no currently available domain name +for the remote IP address, +.B TCPREMOTEHOST +or +.B TCP6REMOTEHOST +is not set. +.TP 5 +TCPREMOTEINFO/TCP6REMOTEINFO +A connection-specific string, perhaps a username, +supplied by the remote host +via 931/1413/IDENT/TAP. +If the remote host did not supply connection information, +.BR TCPREMOTEINFO , +.B TCP6REMOTEINFO +is not set. +.TP 5 +TCPREMOTEIP +The IPv4 address of the remote host. +.TP 5 +TCP6REMOTEIP +The IPv6 address of the remote host. +.TP 5 +TCPREMOTEPORT/TCP6REMOTEPORT +The remote TCP port number. +.TP 5 +TCP6INTERFACE +contains the interface name for IPv6 connections. + +.SH "SEE ALSO" +tcpclient(1), +tcpserver(1), +sslclient(1), +sslserver(1), +tcp(4) diff --git a/man/xqp.1 b/man/xqp.1 new file mode 100644 index 0000000..14bf370 --- /dev/null +++ b/man/xqp.1 @@ -0,0 +1,18 @@ +.TH s/qmail: xqp 1 +.SH NAME +xqp \- locate a message given its qp +.SH SYNTAX +.B xqp +.I qp +.SH DESCRIPTION +.B xqp +reads message lines and delivery lines printed by +.BR matchup . +It prints the lines that involve messages with long-term queue identifier +.IR qp . + +Long-term queue identifiers are not permanent identifiers. +They are based on process IDs; +15-bit process IDs can easily wrap around in less than an hour on a busy system. +.SH "SEE ALSO" +matchup(1) diff --git a/man/xrecipient.1 b/man/xrecipient.1 new file mode 100644 index 0000000..ec58832 --- /dev/null +++ b/man/xrecipient.1 @@ -0,0 +1,14 @@ +.TH s/qmail: xrecipient 1 +.SH NAME +xrecipient \- locate all deliveries to one recipient +.SH SYNTAX +.B xrecipient +.I channel.recipient +.SH DESCRIPTION +.B xrecipient +reads message lines and delivery lines printed by +.BR matchup . +It prints the delivery lines that involve messages sent to +.IR channel.recipient . +.SH "SEE ALSO" +matchup(1) diff --git a/man/xsender.1 b/man/xsender.1 new file mode 100644 index 0000000..f919f8a --- /dev/null +++ b/man/xsender.1 @@ -0,0 +1,14 @@ +.TH s/qmail: xsender 1 +.SH NAME +xsender \- locate all messages from one sender +.SH SYNTAX +.B xsender +.I sender +.SH DESCRIPTION +.B xsender +reads message lines and delivery lines printed by +.BR matchup . +It prints the lines that involve messages with return path +.IR sender . +.SH "SEE ALSO" +matchup(1) -- cgit v1.2.3