smtpd 8.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309
  1. .TH SMTPD 6
  2. .SH NAME
  3. smtpd \- SMTP listener configuration
  4. .SH DESCRIPTION
  5. The
  6. SMTP
  7. daemon
  8. of
  9. .IR mail (1)
  10. implements the slave side of the SMTP protocol
  11. to accept incoming mail on TCP port 25.
  12. In general,
  13. .IR smtpd 's
  14. default parameters
  15. are sufficient for internal systems
  16. on protected networks, but external or
  17. gateway systems require additional
  18. security mechanisms.
  19. The files
  20. .BR /mail/lib/smtpd.conf ,
  21. containing configuration parameters,
  22. and
  23. .BR /mail/lib/blocked ,
  24. containing
  25. banished addresses, provide the means to
  26. exercise these facilities.
  27. .SS Input Format
  28. In both files input lines
  29. consist of a verb followed by one or more
  30. parameters. These tokens are separated by white space or
  31. commas and all characters following a
  32. .B #
  33. are comments. A
  34. .B #
  35. cannot be escaped. Continuation lines are
  36. not supported, but verbs that take multiple parameters
  37. can be restated on many lines and the associated
  38. parameters accumulate into a single set.
  39. All token processing is case-insensitive.
  40. .PP
  41. Many parameters are
  42. .IR addresses ,
  43. either numeric IP addresses in CIDR notation
  44. or a
  45. .I "sender address"
  46. in UUCP-style format.
  47. .PP
  48. An IP address in CIDR notation has the form
  49. .PP
  50. .EX
  51. aaa.bbb.ccc.ddd/mask
  52. .EE
  53. .PP
  54. consisting of a four octet IP address, a slash,
  55. and a
  56. .I mask length
  57. specifying the number of significant high-order bits.
  58. The lower the mask length, the larger the
  59. range of addresses covered by the CIDR address;
  60. see RFC 1878 for a discussion of mask lengths.
  61. Missing low-order octets are assumed to be zero.
  62. If a mask length is not given, a mask length of
  63. 16, 24, or 32 is assumed for addresses containing
  64. two, three, or four octets, respectively. These
  65. mask lengths select a class B, class C or Class D
  66. address block. Notice that this convention differs
  67. from the standard treatment, where the default mask length
  68. depends on the allocation class of the network
  69. block containing the address.
  70. .PP
  71. .I "Sender addresses"
  72. are specified in UUCP notation as
  73. follows:
  74. .PP
  75. .EX
  76. [domain!]...domain!user
  77. .EE
  78. .PP
  79. It is seldom necessary to specify more than one domain.
  80. When
  81. .I domain
  82. is missing or
  83. .BR * ,
  84. the address selects the specified user in all domains.
  85. A
  86. .I domain
  87. of the form
  88. .BI *. domain
  89. selects the domain and all of its sub-domains.
  90. For example,
  91. .B example.com!user
  92. only matches the account
  93. .I user
  94. in domain
  95. .BR example.com ,
  96. while
  97. .B *.example.com!user
  98. selects that account in
  99. .B example.com
  100. and all of its sub-domains.
  101. When
  102. .I user
  103. is omitted or
  104. .BR * ,
  105. the address selects all users in the specified domain.
  106. Finally, when
  107. .B *
  108. is the last character of the user name it is a wild-card
  109. matching all user names beginning with
  110. .IR user .
  111. This limited pattern matching capability should be used with care.
  112. For safety, the sender addresses
  113. .BR * ,
  114. .BR ! ,
  115. .BR *! ,
  116. .B !*
  117. and
  118. .B *!*
  119. are ignored.
  120. .SS /mail/lib/smtpd.conf
  121. This file contains configuration options
  122. and parameters describing the local domain.
  123. Many of the options can also be specified on the command
  124. line; command line options always override the values in
  125. this file.
  126. Configuration options are:
  127. .PD0
  128. .TP 10
  129. .BI defaultdomain " domain"
  130. The name of the local domain; it is appended to addresses
  131. lacking a domain qualification.
  132. This is identical to the
  133. .B -h
  134. command line option.
  135. .TP 10
  136. .BR norelay \ [ on\f1|\fPoff ]
  137. If
  138. .I on
  139. is specified, relaying is prohibited
  140. from unauthorized networks to external domains.
  141. Authorized networks and domains must be specified
  142. by the
  143. .B ournets
  144. and
  145. .B ourdomains
  146. verbs described below. Setting this option on is equivalent to specifying the
  147. .B -f
  148. command line flag, but the list of
  149. networks and domains can only be specified in
  150. this file.
  151. .TP 10
  152. .BR verifysenderdom \ [ on\f1|\fPoff ]
  153. When
  154. .IR on ,
  155. .I smtpd
  156. verifies that the first domain of the sender's address
  157. exists. The test is cursory; it checks only that
  158. there is a DNS delegation for the domain.
  159. Setting the option on is equivalent to specifying the
  160. .B -r
  161. command line option and
  162. is useful for detecting some unreturnable
  163. messages as well as messages with randomly
  164. generated domain names.
  165. .TP 10
  166. .BR saveblockedmsg \ [ on\f1|\fPoff ]
  167. When
  168. .IR on ,
  169. causes copies of blocked messages to be saved
  170. in subdirectories of
  171. .BR /mail/queue.dump .
  172. Directories are named with the date and file names
  173. are random numbers.
  174. If this option is
  175. .I off
  176. blocked messages are discarded.
  177. Setting this option on is equivalent to specifying the
  178. .B -s
  179. command line option.
  180. .TP 10
  181. .BR ournets " \fIIP address\fP [, \fIIP address\fP, ..., \fIIP address\fP]"
  182. This option specifies trusted
  183. source networks that are allowed to relay mail to external domains.
  184. These are usually the internal networks of the local domain, but they
  185. can also include friendly
  186. external networks. Addresses
  187. are in CIDR notation.
  188. .TP 10
  189. .BR ourdomains " \fIdomain\fP [, \fIdomain\fP, ..., \fIdomain\fP]"
  190. This option specifies destination domains that are allowed
  191. to receive relayed mail. These are usually the domains
  192. served by a gateway system.
  193. Domain specifications conform to the format
  194. for sender addresses given above.
  195. .PD
  196. .PP
  197. When the
  198. .B norelay
  199. option is enabled or the
  200. .B -f
  201. command line option given,
  202. relaying is allowed only if the source IP address is in
  203. .B ournets
  204. or the destination domain is specified in
  205. .BR ourdomains .
  206. .SS Blocked Addresses
  207. .I Smtpd
  208. consults
  209. .B /mail/ratify
  210. (see
  211. .IR ratfs (4))
  212. for a list of banned addresses.
  213. Messages received from these addresses are
  214. rejected with a 5\fIxx\fP-series SMTP error code.
  215. There is no option
  216. to turn blocking on or off; if
  217. .B /mail/ratify
  218. is mounted,
  219. .I smtpd
  220. will use it, even for connections from trusted networks.
  221. .PP
  222. The command line format and address specifications
  223. conform to the notation described above. If the parameters
  224. of the verb is sender addresses in UUCP format, the line
  225. must begin with an
  226. .B *
  227. character; if the parameters are one or more IP addresses,
  228. the
  229. .B *
  230. must precede the verb. Most
  231. verbs cause messages to be rejected; verbs
  232. of this class generally select different error
  233. messages. The remaining verbs specify addresses that
  234. are always accepted, in effect overriding blocked addresses.
  235. The file is processed in order, so an override must
  236. precede its associated blocked address.
  237. Supported verbs are:
  238. .PD0
  239. .TP 10
  240. .BR dial " \fIIP address\fP [,..., \fIIP address\fP]"
  241. The parameters are IP addresses associated with
  242. dial-up ports. The rejection message states
  243. that connections from dial-up ports are not accepted. Copies
  244. of messages are never saved.
  245. .TP 10
  246. .BR block " \fIaddress\fP [, ... \fIaddress\fP]"
  247. Messages from addresses
  248. matching the parameters
  249. are rejected with an error message saying
  250. that spam is not accepted. The message is saved if
  251. the option is enabled.
  252. .TP 10
  253. .BR relay " \fIaddress\fP [, ... \fIaddress\fP]"
  254. This verb is identical to
  255. .BR block ,
  256. but the error message states that
  257. the message is rejected because the sending
  258. system is being used as a spam relay.
  259. .TP
  260. .BR deny " \fIaddress\fP [, ... \fIaddress\fP]"
  261. The
  262. .B deny
  263. command rejects a message when the
  264. sender address matches one of its parameters.
  265. The rejection message asks the sender to
  266. contact
  267. .BR postmaster @
  268. .I hostdomain
  269. for further information.
  270. This verb is usually used to block
  271. inadvertently abusive traffic, for example,
  272. mail loops and stuck senders. Messages are
  273. never saved.
  274. .TP
  275. .BR allow " \fIaddress\fP [, ... \fIaddress\fP]"
  276. The
  277. .B allow
  278. verb negates the effect of subsequent blocking commands.
  279. It is useful when a large range of addresses contains
  280. a few legitimate addresses, for example, when
  281. a mail server is in a Class C network block
  282. of modem ports. Rather than enumerate the dial ports, it is
  283. easier to block the entire Class C with a
  284. .B dial
  285. command, and precede it with an override for
  286. the address of the mail server. Similarly,
  287. it is possible to block mail from an entire
  288. domain while accepting mail from a few friendly
  289. senders in the domain.
  290. The verb
  291. .B accept
  292. is a synonym for
  293. .BR allow .
  294. .PD
  295. .PP
  296. .IR Scanmail (8)
  297. describes spam detection
  298. software that works well with
  299. the capabilities described here
  300. and
  301. .IR mail (1)
  302. defines additional
  303. .I smtpd
  304. command line arguments applicable
  305. to exposed systems.
  306. .SH "SEE ALSO"
  307. .IR mail (1),
  308. .IR ratfs (4),
  309. .IR scanmail (8)