1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
|
.TH s/qmail: qmail-smtpam 8
.SH NAME
qmail-smtpam \- SMTP client PAM
.SH SYNOPSIS
.B qmail-smtpam
.I host
.I [s]port
.SH DESCRIPTION
.B qmail-smtpam
reads an email address from FD 3
and tries to verify this
connecting to the remote
.IR host
on
.IR port .
If
.I port
starts is
.I s
\'implicit TLS\' ist used on that port.
In a standard SMTP dialog,
.B qmail-smtpam
supplies the HELO greeting,
a MAIL FROM: <> address, and
the purported RCPT TO: <address>.
.SH "CONTROL FILES"
.TP 5
.I domainips
IP addresses to be used on outgoing connections.
Each line has the form
.IR domain\fB:\fIlocalip(%ifname)\fB|\fIhelohost ,
without any extra spaces.
If
.I domain
matches the domain part in
.IR sender ,
.B qmail-smtpam
will bind to
.IR localip
when connecting to
.IR host .
LLU IPv6 addresses need to be appended with the binding
.IR ifname
following
.IR localip
with a '%'.
If it matches, it will set the provided HELO string as greeting;
otherwise, it will use the default.
.TP 5
.I helohost
Current host name,
for use solely in saying hello to the remote SMTP server.
Default:
.IR me ,
if that is supplied;
otherwise
.B qmail-smtpam
refuses to run.
.TP 5
.I timeoutconnect
Number of seconds
.B qmail-smtpam
will wait for the remote SMTP server to accept a connection.
Default: 60.
The kernel normally imposes a 75-second upper limit.
.TP 5
.I timeoutremote
Number of seconds
.B qmail-smtpam
will wait for each response from the remote SMTP server.
Default: 1200.
.TP 5
.I tlsdestinations
If present, this file advices
.B qmail-smtpam
to use TLS encryption for specific destination domains
as provided by the forward-path and perhaps to validate/verify
the domain's server certificate:
.IR destination:cafile|verifydepth;[s]port|ciphers|domain .
If
.I port
is give as or prepended with
.I s
\'implict TLS\' is used; omitting StartTLS.
Unless explicitely configured,
.B qmail-smtpam
accepts any or no certificate provided by the server,
thus uses TLS for encryption only.
.B qmail-smtpam
uses the same certificate validation/verification
mechanism as
.B qmail-remote
except for distinguishing among the sender's domain information.
.SH "RETURN CODES"
.B qmail-smtpam
exits
.I 0
if the remote server
replies with '250', otherwise
.IR 1 .
In case the control files can not
be read or a communication problem has
occured, it exits
.IR 111 .
.SH "SEE ALSO"
addresses(5),
envelopes(5),
qmail-control(5),
qmail-remote(8),
qmail-smtpd(8)
|
