.TH s/qmail: qmail-smtpd 8 .SH "NAME" qmail-smtpd \- receive mail via SMTP .SH "SYNOPSIS" .B qmail-smtpd [ .I checkprogram .I subprogram ] .SH "DESCRIPTION" .B qmail-smtpd receives mail messages via the Simple Mail Transfer Protocol (SMTP) and invokes .B qmail-queue to deposit them into the outgoing queue. .B qmail-smtpd must be supplied with several environment variables; see .BR tcp-environ(5) . .B qmail-smtpd is responsible for counting hops. It rejects any message with 100 or more .B Received or .B Delivered-To header fields. .B qmail-smtpd supports ESMTP and offers 8BITMIME, DATA, PIPELINING, SIZE, AUTH, STARTTLS, and SMTPUTF8 options. .B qmail-smtpd includes a 'Mail From:' parameter parser and obeys 'Auth', 'Size', and 'SMTPUTF8' advertisements. .B qmail-smtpd supports SMTPUTF8 SMTP envelope addresses and provides 8 bit clean message transmission. .B qmail-smtpd STARTTLS and SMTPS implementation requires the use of .B sslserver from ucspi-ssl. Authentication is facilitated in case the environment variable SMTPAUTH is set which tells .B qmail-smtpd to accept LOGIN, PLAIN, and eventually CRAM-MD5 Auth types and if additionally a PAM .I checkprogram is available which reads on file descriptor 3 the username, a 0 byte, the password or CRAM-MD5 digest/response derived from the SMTP client, another 0 byte, a CRAM-MD5 challenge (if applicable to the Auth type), and a final 0 byte. .I checkprogram invokes .I subprogram upon successful authentication, which should return 0 to .BR qmail-smtpd , effectively setting the environment variables RELAYCLIENT and TCPREMOTEINFO or TCP6REMOTEINFO (any supplied value replaced with the authenticated username). .B qmail-smtpd will reject the authentication attempt if it receives a nonzero return value from .I checkprogram or .IR subprogram . STARTTLS support is enabled setting the environment variable UCSPITLS. In this case, .B qmail-smtpd communicates with the .B sslserver program interface through a control socket, a reading and a writing pipe, dynamically defined during the session start to be used for transport layer encryption. .B qmail-smtpd provides mutual authentication based on X.509 client certs and relaying with additional SMTP Return-Path validation. .B qmail-smtpd may employ additional DNS look-ups for the 'Mail From:' envelope sender address and/or the HELO/EHLO greeting string from the MTA client. .B qmail-smtpd implements a SPF record check for the domain part of the received .I Mail-From:\ address or the .I HELO/EHLO statement in case the domain information is missing. This behavior is triggered by the environment variable .BR SPF . .B qmail-smtpd can be advised to communicate with a Greylisting server prior of acceptance, like .BR postgrey , submitting the connection information .IR Mail\ From: , .IR Rcpt\ To: , .IR TCPREMOTEIP and .I TCPREMOTEHOST given its IPv4/IPv6 address as environment variable .IR POSTGREY and potentially including the port number (60000 is default) following the IP address separated by a semi-colon. For IPv6 LLU addresses the interface name followwing a percent sign can be included: .IR fe80::1%eth0;60000 . A return value of .I 10 will advise .B qmail-smtpd to defer the SMTP connection providing a .I 450\ greylisted\ (#4.3.0) response to the connecting MTA, which can be tailored (see below). This mechanism shall not be used for SMTP connections on the .I Submission port. Setting .I POSTGREY='-' disables the lookup. .SH "TRANSPARENCY" .B qmail-smtpd converts the SMTP newline convention into the UNIX newline convention by converting CR LF into LF. Usually, it returns a temporary error and drops the connection on bare LFs. .B qmail-smtpd accepts messages that contain long lines or non-ASCII characters and thus is initially capable for SMTPUTF8 support. .SH "CONTROL FILES" .TP 5 .IR badhelo Unacceptable HELO/EHLO greeting strings. .B qmail-smtpd will reject every connection attempt if the client MTA's HELO/EHLO greeting compares with a wildmat pattern provided in .IR badhelo in case the environment variable .B HELOCHECK is set. .IR badhelo checks have precedence over DNS lookups. DNS lookups can be avoided, if the announced HELO/EHLO greeting string is concatinated with a trailing '!' and included in .IR badhelo : .EX localhost localhost.localdomain 127.0.0.1 mygreetingstring [192.168.1.2]! .EE .TP 5 .I badmailfrom Unacceptable envelope sender addresses. .B qmail-smtpd will reject every recipient address for a message if the envelope sender address is listed in .IR badmailfrom . A line in .I badmailfrom may be of the form .BR @\fIhost , meaning every address at .IR host . Additionally, any envelope sender address can be filtered with a wildmat check: .EX *@earthlink.net !fred@earthlink.net [0-9][0-9][0-9][0-9][0-9]@[0-9][0-9][0-9].com answerme@save* *%* @yahoo.com- @hotmail.com= @mydomain.tld+ ~yahoo.com ?nobody@example.com .EE A .I badmailfrom file with this contents reject all mail from Earthlink except from fred@earthlink.net. It also rejects all mail with addresses like: 12345@123.com and answerme@savetrees.com. Further, any mail with a sender address containing a percent sign (%) is rejected. This implementation recognises 'extended' addresss in .I badmailfrom allowing to reject mails with particluar spoofed domain addresses: (1) The address is appended with a '-'. Now, if .I TCP(6)REMOTEHOST equals 'unknown', mails with the corresponding address are rejected (badmailfromunknown). (2) The address is appended with a '='. In case .I TCP(6)REMEOTEHOST is set mails, whose domain part of the envelope addresses .B not matching the corresponding entry are rejected (badmailfromwellknown). (3) The address is appended with a '+'. If .I RELAYCLIENT is not set and the sender address matches a corresponding entry (anti-spoofing for internal addresses). (4) The address is enhanced with a leading '~'. This requires a (left to right partial) matching of .I TCP(6)REMOTEHOST with the domain part of the envelope address. Thus, this specific entry in .I badmailfrom uses .I TCP(6)REMOTEHOST in the first place (badmailfrommismachteddomains). (5) The address is enhanced with a leading '?'. Emails with the corresponding sender address pass by all further .I badmailfrom tests including the .I MFDNSCHECK check. Note: The 'enhanced' addresses are not subject of the wildmat check and are evaluated in lower-case. The wildmat check is done in the order: Least significant to most significant. Example: .EX * ! !*@*.* *viagra* .EE .TP 5 .I badloadertypes.cdb Unacceptable base64 loader types in the message. .B qmail-smtpd will reject every message if 5 significant characters (eg. .BR Mi5kb) anyware in the base64 encoded attachment is identical to those compiled into .IR badloadertypes.cdb . Use .B qmail-badloadertypes to derive .I badloadertypes.cdb from .IR badloadertypes . In order to make the search efficient, all bad loader types have to start with the same character (eg. 'M'). The control file .I badloadertypes.cdb is evaluated if the environment variable BADLOADERTYPE is set to the first character according to the contents of .IR badloadertypes . .TP .I badmimetypes.cdb Unacceptable base64 encoded MIME types in message. .B qmail-smtpd will reject every message if the first 9 significant characters (eg. .BR TVqQAAMAA ) of any of it's embedded MIME types is identical with one compiled into .IR badmimetypes.cdb . Use .B qmail-badmimetypes to derive .I badmimetypes.cdb from .IR badmimetypes . The control file .I badmimetypes.cdb is evaluated if the environment variable .I BADMIMETYPE is set. In addition, irregular BASE64 attachments carrying whitespaces can be rejected defining .IR BADMIMETYPE='!' . .TP 5 .I badrcptto Unacceptable envelope recipient addresses. .B qmail-smtpd will reject every incoming message if the envelope recipient address is listed in .IR badrcptto . This control file is complementary to .IR badmailfrom . A line in .I badrcptto may be of the form .BR @\fIhost , meaning every address at .IR host . .I badrcptto employes the same filtering logic for the envelope recipient as .IR badmailfrom . Effectively, .IR badrcptto allows a 'whitelisting' of envelope recipient addresses: .EX * !user1@mydomain.com !user2@mydomain.com !*@anotherdomain.com .EE .IR badrcptto allows to tag recipient addresses to be reachable from authorized clients only (aka relayclients), prepending it in .IR badrcptto with .IR + . .EX +localaddress@mydomain.com .EE .TP 5 .I databytes Maximum number of bytes allowed in a message, or 0 for no limit. Default: 0. If a message exceeds this limit, .B qmail-smtpd returns a permanent error code to the client; in contrast, if the disk is full or .B qmail-smtpd hits a resource limit, .B qmail-smtpd returns a temporary error code. .I databytes counts bytes as stored on disk, not as transmitted through the network. It does not count the .B qmail-smtpd Received line, the .B qmail-queue Received line, or the envelope. If the environment variable DATABYTES is set, it overrides .IR databytes . .TP 5 .I localiphost Replacement host name for local IP addresses. Default: .IR me , if that is supplied. .B qmail-smtpd is responsible for recognizing native IPv4/IPv6 addresses for the current host. When it sees a recipient address of the form .I box@[d.d.d.d] or .IR box@[a:b:c:d:e:f:g:h] , where .I d.d.d.d or .IR a:b:c:d:e:f:g:h is a local IPv4/IPv6 address, it replaces .I [d.d.d.d] or .IR [a:b:c:d:e:f:g:h] with .IR localiphost . This is done before .IR rcpthosts . .TP 5 .I morercpthosts Extra allowed RCPT domains. If .I rcpthosts and .I morercpthosts both exist, .I morercpthosts is effectively appended to .IR rcpthosts . You must run .B qmail-newmrh whenever .I morercpthosts changes. Rule of thumb for large sites: Put your 50 most commonly used domains into .IR rcpthosts , and the rest into .IR morercpthosts . .TP 5 .I mailfromrules Acceptable 'Mail From:' addresses for RELAYCLIENTs are included here. Use .B qmail-mfrules to derive .TP 5 .I mailfromrules.cdb from .IR mailfromrules . .TP 5 .I rcpthosts Allowed RCPT domains. If .I rcpthosts is supplied, .B qmail-smtpd will reject any envelope recipient address with a domain not listed in .IR rcpthosts . Exception: If the environment variable RELAYCLIENT is set, .B qmail-smtpd will ignore .IR rcpthosts , and will append the value of RELAYCLIENT to each incoming recipient address. .I rcpthosts may include wildcards: .EX heaven.af.mil .heaven.af.mil .EE Envelope recipient addresses without @ signs are always allowed through. .TP 5 .I recipients List of external resources providing acceptable, full-qualified envelope addresses (\'RCPT to: \') to be used for recipient verification during the SMTP session. The external sources can be either .B fastforward compliant cdbs including the envelope addresses, where the path to a cdb has to be referenced relative to Qmail's home directory, or a .B qmail-users build cdb available as .IR users/assign.cdb , or a .B checkpassword compatible Plugable Authentication Modules (PAM), receiving the envelope address on FD 3 as 'recip@domain\\0\\0\\0' and returning '0' in a case of success and '1' in case of failure. The use of a PAM is indicated with a delimiting '|' and it will be called with up to five additional parameters; while a cdb follows a ':', which can be omitted. The list of external sources is consulted line-by-line for each recipient envelope address until the first positive answer, or a final negative response is encountered. Which external source to be queried, depends on the domain part of the recipient envelope address specified on the left side of the .I recipients file, while the external resource is provided right from the delimitor. The addresses' domain part is evaluated in lower-case. An exact domain match can be encompassed by means of a leading '@'. The '*' is a generic wildcard for all domains. Specific domains can be excluded from the lookup by means of a leading '!'; thus all recipient addresses are accepted for this domain. Additionally, a '!*' can be used as wildcard for all domains not encountered before in .I recipients (pass-thru). A .I recipients file is always constructed like 'domain:cdb','domain|pam', or simply 'cdb': .EX !nocheck.com mydomain.com:users/recipients.cdb @mx.mydomain.com:= example.com|bin/qmail-smtpam mx.example.com *:etc/fastforward.cdb *|PATH/ldapam ldapserver host port DN passwd !* .EE .B qmail-smtpd will semi-automatically consult .I users/assign.cdb generated by .B qmail-newu in case the domain name is followed by a colon and the equal sign '='. Now, the received \'Rcpt to:\' address is compared against each local part address (starting with a '=') in .IR users/assign.cdb . However, no VERP addresses are considered, which are indicated therein via a '+'. Lagacy format: .EX users/recipients.cdb etc/fastforward.cdb .EE Note: Excluded domains starting with a '!' should be placed in the beginning of the .I recipients file for performance reasons, while the pass-thru statement '!*' has to be on the last line. The recipients check is applied after the .I rcpthosts evaluation. .B qmail-recipients may be used to construct a .I users/recipients.cdb from .IR users/recipients . The .B qmail-smtpd recipients mechanism supports Qmail's address extension (VERP). Unqualified envelope recipients are appended with \'@localhost\'. .TP 5 .I smtpgreeting SMTP greeting message. Default: .IR me , if that is supplied; otherwise .B qmail-smtpd will refuse to run. The first word of .I smtpgreeting should be the current host's name. .TP 5 .I spfexplain An additional SPF explanation can be given here to provide more specific information for the sender in case of a reject. SPF macro expansion is possible. It will override the default one, e.g.: .EE See https://example.com/spfrules.html (#5.7.1) .EX .TP 5 .I spflocalrules As 'last resort', it is possible to include SPF local rules here (on one line), that will be applied before other SPF rules would fail. This can be used to allow certain MX to send mails anyway. Example: .EE include:spf.trusted-forwarder.org .EX .TP 5 .I timeoutsmtpd Number of seconds .B qmail-smtpd will wait for each new buffer of data from the remote SMTP client. Default: 1200. .SH "CONDITIONAL CONTROL FILES" The control files \fIrcpthosts\fR, \fImorecpthosts\fR, \fIrecipients\fR, \fIbadhelo\fR are 'conditional' control files and evaluated only if the environment variable RELAYCLIENT is not set. On the other hand, \fImailfromrules.cdb\fR is only taken into account, if RELAYCLIENT is set. This allows .B qmail-smtpd to relay mail messages from local clients and to filter mails with certain SMTP envelope conditions originating from particular clients ('Split Horizon'). Other conditional control files are \fIbadloadertypes\fR, \fIbadmimetypes\fR which depend on the setting of the corresponding environment variables. Further, the control files \fIspfexplain\fR and \fIspflocalrules\fR are only evaluated if the environment variable .I SPF is defined and greater than 0 and .I RELAYCLIENT is not set. .SH "ENVIRONMENT VARIABLES READ" Environment variables may be defined globally in the .B qmail-smtpd startup script and/or individually as part of the .BR sslserver 's cdb database. The environment variables may be quoted ("variable", or 'variable') and in case of global use, have to be exported. .B qmail-smtpd supports the following legacy environment variables, typically provided by .B sslserver or .B tcpserver: .IR TCP(6)REMOTEIP , .IR TCP(6)REMOTEHOST .IR TCP(6)REMOTEINFO and .IR TCPLOCALPORT as well as .IR RELAYCLIENT . Additionally, .B qmail-smtpd may use several environment variables for different purposes. .P Controlling the SMTP HELO/EHLO: .IP .TP 5 .I HELOCHECK='' enables a check of the provided HELO/EHLO greeting against the content of the control file .IR badhelo . In case no HELO/EHLO greeting is given, SMTP connections can be rejected, if .I HELOCHECK='!' is set. Checks on the presence and the content of the HELO/EHLO greeting string is facilitated, setting .IR HELOCHECK='.' . To enforce the match of the HELO/EHLO greeting with the remote host's FQDN ( .IR TCP(6)REMOTEHOST ), use .IR HELOCHECK='=' . .TP 5 .I HELOCHECK='A' | HELOCHECK='M' enable DNS A/MX lookup for the HELO/EHLO greeting string. In addition, the HELO/EHLO string is checked against the content of .IR badhelo . .TP 5 .I UTF8 display the .I SMTPUTF8 greeting string. This is off by default. .p Since .B qmail-smtpd is 8 bit clean, setting of .I UTF8 has no real consequences except for displaying this setting in the log as .IR ESMTP[SA]UTF8 . .P Controlling the SMTP Mail From: .IP .TP 5 .I LOCALMFCHECK is used to enable a 'Mail From:' address Verification (MAV) for RELAYCLIENTs. Thus, the domain part of the 'Mail From:' envelope sender address has to match an entry in .IR rcpthosts or .IR morercpthosts control files, if not explicitly defined otherwise. If LOCALMFCHECK='!' is set, the control file .I mailfromrules.cdb is evaluated and the MAV is facilitated employing the environment variables .IR TCP(6)REMOTEINFO , .IR TCP(6)REMOTIP , or .I TCP(6)REMOTEHOST as a key. However, if LOCALMFCHECK='=' is provided, .IR TCP(6)REMOTEINFO (i.e. set by Auth) has to match the 'Mail From:' envelope address (case insensitive). Alternativley, using LOCALMFCHECK='?' the email address embedded in the DN of a X.509 client is used and compared against the 'Mail From:' envelope address. Of course, this requires .B sslserver to request a client cert for mutual authentication. Note: Adding a qualifier to LOCALMFCHCEK, the domain part of the 'Mail From:' address is compared against the provided string. .TP 5 .IR MFDNSCHECK enable DNS MX lookup for the domain part of the 'Mail From:' envelope sender address. .TP 5 .I SPF='0'|'1'|'2'|'3'|'4'|'5'|'6' SPF Records will be evaluated for the current SMTP session in case .B SPF is defined. The value of .B SPF may be given between 1 and 6 to enable SPF checks. .I 1 selects 'annotate-only' mode, where .B qmail-smtpd will annotate incoming email with a .B Received-SPF header, but will not reject any messages. .I 2 will produce temporary failures on DNS lookup problems so you can be sure always to have a meaningful Received-SPF header. .I 3 selects 'reject' mode, where incoming mail will be rejected if the SPF record says 'fail'. .I 4 selects a more stricter rejection mode, which is like 'reject' mode, except that incoming mail will also be rejected, when the SPF record says 'softfail'. Further, .I 5 will reject when the SPF record says 'neutral', and .I 6 rejects, if no SPF records are available at all (or a syntax error was encountered). If .B SPF is given as .IR 0 , SPF checks are disabled. Note: Additional control files are .I spfexplain and .IR spflocalrules . .P Controlling the SMTP RCPT TO: .IP .TP 5 .I MAXRECIPIENTS is the number of Rcpt To:'s .B qmail-smtpd will accept in a SMTP session. If MAXRECIPIENTS ist not set, any number is allowed. .TP 5 .IR TARPITCOUNT is the number of Rcpt To: .B qmail-smtpd accepts before it starts tarpitting. Default: 0 which means no tarpitting. .TP 5 .IR TARPITDELAY tarpitdelay is the time in seconds of delay to be introduced after each subsequent Rcpt To:. Smart Rejection Notes: If .IR TARPITCOUNT is set and .IR TARPITDELAY = 0 (default) .B qmail-smtpd will issue after recognising .IR TARPITCOUNT invalid Rcpt To: a Recipient failure; thus additional Rcpt Tos will not be accepted. If, however .IR TARPITCOUNT is set and .IR TARPITDELAY = 999 .B qmail-smtpd will issue after .IR TARPITCOUNT invalid Rcpt To: a Recipient failure .TP 5 .I RECIPIENTS450 tells .b qmail-smtpd to issue a SMTP reply '450' (temporary rejection) instead the default '550' in case the recipient was not listed in any .I recipients cdb. .P Controlling the email body: .IP .TP 5 .I BADLOADERTYPE='c' tells .B qmail-smtpd to evaluate the control file .I badloadertypes.cdb with the starting string 'c'. If .I BADLOADERTYPE='-' is set, the check is disabled. In case .I BADLOADERTYPE='+' is defined, the check is disabled for .IR RELAYCLIENTS . .TP 5 .I BADMIMETYPE see control file .IR badmimetypes.cdb . In case .I BADMIMETYPE='-' is set; .I badmimetypes.cdb is not considered; thus the check is disabled. Providing .I BADMIMTETYPE='+' the check is disabled if in addition .IR RELAYCLIENTS are recognized. .TP 5 .I BASE64 tells QHPSI to enable virus checking only if a base64 encoded attachment was identified. .TP 5 .I DATABYTES see control file .IR databytes . .TP 5 .I QHPSI is used by .B qmail-smtpd to supply the name of the virus scanner and it's path. .P Environment variables for SMTP authentication: .IP .TP 5 .I SMTPAUTH is used to enable SMTP Authentication for the Auth types LOGIN and PLAIN. In case .TP 5 .I SMTPAUTH='+cram' is defined, .B qmail-smtpd honors LOGIN, PLAIN, and additionally CRAM-MD5 authentication. Simply .TP 5 .I SMTPAUTH='cram' restricts authentication just to CRAM-MD5. If however .TP 5 .I SMTPAUTH='!' starts with an exclamation mark, Auth is required. You can enforce 'Submission' using this option and binding .B qmail-smtpd to the SUBMISSION port \'587'\. In particular, .TP 5 .I SMTPAUTH='!cram' may be useful. In opposite, if .TP 5 .I SMTPAUTH='-' starts with a dash, Auth disabled for particular connections. Note: The use of 'cram' requires a CRAM-MD5 enabled PAM. .P Setting up the TLS/STARTTLS environment: .IP .TP 5 .I UCSPITLS enables encrypted SMTP communication via STARTTLS in case .B sslserver is provided. If .I UCSPITLS='!' is set, STARTTLS is required; while setting .I UCSPITLS='-' disables STARTTLS. Further, .I UCSPITLS='?' may be used to force the client to present a X.509 cert for authentication purpose which may be refined requesting .I UCSPITLS='@' to additionally fetch the email address from the client's cert to be perhaps subject of .IR LOCALMFCHECK . .P Other environment variables used: .IP .TP 5 .I DELIVERTO mail address for special recipients. .TP 5 .I RBLSMTPD feed from .B rblsmtpd including the information received from the inquired RBL hosts and displayed as .I X-RBL-Info: message header. .TP 5 .I POSTGREY triggering the call of .B qmail-postgrey and feeding it with the IP address and port of the .I greylisting server. If .I POSTGREY is set to .I - no lookup is performed. .SH "CUSTOMIZABLE RETURN MESSAGES" In case of rejected or defered SMTP connections .B qmail-smtpd can provide additional informations in the SMTP reply message which are sandwiched between the reply code and the EMMSC. .B qmail-smtpd recognizes these environment variables: .TP 5 .I REPLY_GREYLISTED following 450 greylisting .TP 5 .I REPLY_HELO following 550 Bad Helo .TP 5 .I REPLY_MAILBOX following 550 mailbox not existing .TP 5 .I REPLY_MAXSIZE following 552 message size to large .TP 5 .I REPLY_BADMAILFROM following 553 badmail from .TP 5 .I REPLY_BADRCPTTO following 553 badrcpt to .TP 5 .I REPLY_SENDEREXIST following 553 SMTP sender DNS .TP 5 .I REPLY_NOGATEWAY following 553 No gateway .TP 5 .I REPLY_SENDERINVALID following 553 SMTP sender invalid .TP 5 .I REPLY_CONTENT following 554 Message content invalid .SH "ENVIRONMENT VARIABLES SET" By means of the following environment variables, the SMTP session can be interrogated: .TP 5 .I HELOHOST the HELO/EHLO greeting of the SMTP client. .TP 5 .I AUTHPROTOCOL the ESMTPA protocol used for authentication. .TP 5 .I AUTHUSER the supplied username for authentication. .TP 5 .I MAILFROM containes the received 'Mail From:' address. .TP 5 .I RCPTTO containes all received 'Rcpt To:' addresses separated by blanks. .TP 5 .I TCP(6)REMOTEINFO in authentication mode set to the accepted username. .TP 5 .I SSL_* information from .BR sslserver , if applicable. .SH "SEE ALSO" tcp-environ(5), qmail-control(5), qmail-inject(8), qmail-newmrh(8), qmail-newbmt(8), qmail-authuser(8), qmail-recipients(8), qmail-postgrey(8), qmail-smtpam(8), qmail-mfrules(8), qmail-queue(8), qmail-remote(8), qmail-send(8), qmail-log(8), tcpserver(8), sslserver(8).