s/qmail BLURB ============= s/sqmail inherits all features of qmail, since it includes its concept and its code. Confidentially: s/qmail adds transmission confidentially by means of TLS encryption. TLS encryption is provdided by for all protocols except for QMTP while requiring UCSPI-SSL. Privacy: s/qmail does currently not provide email privacy. The persistance storage (Queue) is unencrypted and shared. This might be changed in forthcoming releases. Authentication: s/sqmail supports user authentication for sending and receiving mails by means of SMTP(S). QMTP and QMQP however, are solely host-to-host mail transfer protocols. Distribution: s/qmail uses the concept of distributed queues to be fed either by SMTP or QMTP/QMQP. Multi-domain capability: s/qmails allows to set up differently parametrized transport/distribution pathes based on the domains under control of the MTA. This concept is close to a multi-tenant behavior; regarding the domain, not the individual recipient/sender. Authenticated Email Senders =========================== Within s/qmail both * qmail-smtpd for receiving emails and * qmail-remote for sending emails support authentication regarding the methods - PLAIN, - LOGIN, and - CRAM-MD5. Additionally, * qmail-smtpd accepts authentication based on - X.509 client certs. * qmail-popup together with * qmail-pop3d provide authentication by means of the methods - USER and - APOP. The authentication module * qmail-authuser replaces the old * checkpassword and perhaps * cmd5checkpw programs with much more flexibility. Given a LDAP infrastucture, * qmail-ldapam can be used to call the user data from here. Validation receiving Mails ========================== Within s/sqmail * qmail-smtpd, * qmail-qmtpd, and * qmail-qmqpd are able to receive email from the Internet. While * qmail-qmtpd and * qmail-qmqpd use QMTP/QMQP transmitting emails and are currently only supported by Postfix, Qmail, and s/qmail in a dedicated environment, * qmail-smtpd supports both SMTP and ESMTP and is a potential target for spam, virii, and other unsolicited email. Thus * qmail-smtpd supports greylisting and provides filters for the - SMTP envelope information, - the email content (with different mechanisms) and in particular to check/validate the existance of a potenial - email recipient. For this purpose, the modules * qmail-smtpam, * qmail-vmailuser, * ldapam, and * qmail-authuser together with * qmail-ldapam are available. The RECIPIENTS mechanism supports a domain dependent validation based on a PAM mechanism or perhaps a cdb. Domain based SPF lookups are provided for * qmail-smtpd. Anti-Spam Mechanisms ==================== * rblsmtpd (out of the package ucspi-tcp6) supports - Relay Black Lists (RBL) and - Greetdelay prior of receiving mail by * qmail-smtpd. In adddition, * qmail-smtpd provides by means of the - QMAILQUEUE hook an interface to SpamAssassin and other tools. A wrapper script is included. Further, the well known - postgrey server can be used by * qmail-postgrey as an add-on to be called by * qmail-smtpd. Anti-Virus Mechanism ==================== * qmail-smtpd uses - MIME and - LOADER type filters to allow an on-the-fly recognition of executable. Anti-Virus tools are supported either by - QHPSI or by the - QMAILQUEUE hook. A (combined) wrapper script for * qmail-queue is provided. Bounce Control ============== Within s/qmail * qmail-send is responsible to generated bounces, ie. None Deliverable Reports (NDR). s/qmail uses qmail's concept to generate the NDRs in the QSMBF (qmail-send Message Bounce Format) unaltered (http://cr.yp.to/proto/qsbmf.txt). To control NDR, s/qmail provides two means: * qmail-send can be adviced -- while generating a NDR -- to limit it to N bytes. Effectively this means the orgininal message is truncated and not completely bounced. Upon transmitting bounce messages to third-party MTAs * qmail-remote can be set-up to use a particular - bounce queue (s/qmail instance) to take care of this delivery. Thus generic message transmission is decoupled from bounce processing and does not inflict with it. Logging, Monitoring, and Housekeeping ===================================== s/qmail writes log information for - qmail-send (qmail-local & qmail-remote/qmail-smtpam) on FD 2 - qmail-popup (authentication information only) on FD 5 - qmail-smtpd (see 'LOGGING') on FD 2 Either the log information is fed by means of 'splogger' into the Syslog, or treated by daemontool's 'multilog' which automatically does the housekeeping and provides a TAI64N timestamp for each line (event). Using 'multilog', the log information can be picked up by 'qmail-mrtg' and graphically displayed using 'MRTG' or 'RRDtool'. The log information can be analysed using the 'qmailanalog' facility and for convenience the program 'tai64nfrac' is included. The separate package 'newanalyse' provides an easy customizable umbrella script for analysis and long-haule housekeeping together with the capability to track each incoming and outgoing mail. E. Hoffmann -- 2021/01/01.