1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
|
s/qmail BLURB
=============
s/sqmail inherits all features of qmail, since it includes its
concept and its code.
Confidentially: s/qmail adds transmission confidentially by means
of TLS encryption. TLS encryption is provdided by for all protocols
except for QMTP while requiring UCSPI-SSL.
Privacy: s/qmail does currently not provide email privacy.
The persistance storage (Queue) is unencrypted and shared.
This might be changed in forthcoming releases.
Authentication: s/sqmail supports user authentication for sending
and receiving mails by means of SMTP(S). QMTP and QMQP however, are
solely host-to-host mail transfer protocols.
Distribution: s/qmail uses the concept of distributed queues to be
fed either by SMTP or QMTP/QMQP.
Multi-domain capability: s/qmails allows to set up differently
parametrized transport/distribution pathes based on the domains
under control of the MTA. This concept is close to a multi-tenant
behavior; regarding the domain, not the individual recipient/sender.
Authenticated Email Senders
===========================
Within s/qmail both
* qmail-smtpd for receiving emails and
* qmail-remote for sending emails
support authentication regarding the methods
- PLAIN,
- LOGIN, and
- CRAM-MD5.
Additionally,
* qmail-smtpd accepts authentication based on
- X.509 client certs.
* qmail-popup together with
* qmail-pop3d
provide authentication by means of the methods
- USER and
- APOP.
The authentication module
* qmail-authuser
replaces the old
* checkpassword and perhaps
* cmd5checkpw
programs with much more flexibility.
Given a LDAP infrastucture,
* qmail-ldapam
can be used to call the user data from here.
Validation receiving Mails
==========================
Within s/sqmail
* qmail-smtpd,
* qmail-qmtpd, and
* qmail-qmqpd
are able to receive email from the Internet.
While
* qmail-qmtpd and
* qmail-qmqpd
use QMTP/QMQP transmitting emails and are currently
only supported by Postfix, Qmail, and s/qmail in a
dedicated environment,
* qmail-smtpd
supports both SMTP and ESMTP and is a potential
target for spam, virii, and other unsolicited email.
Thus
* qmail-smtpd
supports greylisting and provides filters for the
- SMTP envelope information,
- the email content (with different mechanisms) and in
particular to check/validate the existance of a potenial
- email recipient.
For this purpose, the modules
* qmail-smtpam,
* qmail-vmailuser,
* ldapam, and
* qmail-authuser together with
* qmail-ldapam
are available. The RECIPIENTS mechanism supports a
domain dependent validation based on a PAM mechanism
or perhaps a cdb.
Domain based SPF lookups are provided for
* qmail-smtpd.
Anti-Spam Mechanisms
====================
* rblsmtpd (out of the package ucspi-tcp6)
supports
- Relay Black Lists (RBL) and
- Greetdelay
prior of receiving mail by
* qmail-smtpd.
In adddition,
* qmail-smtpd
provides by means of the
- QMAILQUEUE hook
an interface to SpamAssassin and other tools.
A wrapper script is included.
Further, the well known
- postgrey
server can be used by
* qmail-postgrey
as an add-on to be called by
* qmail-smtpd.
Anti-Virus Mechanism
====================
* qmail-smtpd
uses
- MIME and
- LOADER type
filters to allow an on-the-fly recognition of executable.
Anti-Virus tools are supported either by
- QHPSI or by the
- QMAILQUEUE hook.
A (combined) wrapper script for
* qmail-queue
is provided.
Bounce Control
==============
Within s/qmail
* qmail-send
is responsible to generated bounces, ie. None Deliverable Reports (NDR).
s/qmail uses qmail's concept to generate the NDRs in the QSMBF (qmail-send
Message Bounce Format) unaltered (http://cr.yp.to/proto/qsbmf.txt).
To control NDR, s/qmail provides two means:
* qmail-send
can be adviced -- while generating a NDR -- to limit it to N bytes.
Effectively this means the orgininal message is truncated and not
completely bounced.
Upon transmitting bounce messages to third-party MTAs
* qmail-remote
can be set-up to use a particular
- bounce queue (s/qmail instance)
to take care of this delivery. Thus generic message transmission
is decoupled from bounce processing and does not inflict with it.
Logging, Monitoring, and Housekeeping
=====================================
s/qmail writes log information for
- qmail-send (qmail-local & qmail-remote/qmail-smtpam) on FD 2
- qmail-popup (authentication information only) on FD 5
- qmail-smtpd (see 'LOGGING') on FD 2
Either the log information is fed by means of 'splogger'
into the Syslog, or treated by daemontool's 'multilog'
which automatically does the housekeeping and provides
a TAI64N timestamp for each line (event).
Using 'multilog', the log information can be
picked up by 'qmail-mrtg' and graphically
displayed using 'MRTG' or 'RRDtool'.
The log information can be analysed using
the 'qmailanalog' facility and for convenience
the program 'tai64nfrac' is included.
The separate package 'newanalyse' provides
an easy customizable umbrella script for analysis
and long-haule housekeeping together with the
capability to track each incoming and outgoing
mail.
E. Hoffmann -- 2021/01/01.
|
