qmail-smtpd(8) qmail-smtpd(8) NAME qmail-smtpd - receive mail via SMTP SYNOPSIS qmail-smtpd DESCRIPTION qmail-smtpd receives mail messages via the Simple Mail Transfer Protocol (SMTP) and invokes qmail-queue to deposit them into the outgoing queue. qmail-smtpd must be supplied several environment variables; see tcp- environ(5). If the environment variable SMTPS is non-empty, qmail- smtpd starts a TLS session (to support the deprecated SMTPS protocol, normally on port 465). Otherwise, qmail- smtpd offers the STARTTLS extension to ESMTP. qmail-smtpd is responsible for counting hops. It rejects any message with 100 or more Received or Delivered-To header fields. qmail-smtpd supports ESMTP, including the 8BITMIME and PIPELINING options. TRANSPARENCY qmail-smtpd converts the SMTP newline convention into the UNIX newline convention by converting CR LF into LF. It returns a temporary error and drops the connection on bare LFs; see http://pobox.com/~djb/docs/smtplf.html. qmail-smtpd accepts messages that contain long lines or non-ASCII characters, even though such messages violate the SMTP protocol. CONTROL FILES badmailfrom Unacceptable envelope sender addresses. qmail-smtpd will reject every recipient address for a message if the envelope sender address is listed in badmailfrom. A line in badmailfrom may be of the form @host, mean- ing every address at host. clientca.pem A list of Certifying Authority (CA) certificates that are used to verify the client-presented certificates during a TLS-encrypted session. clientcrl.pem A list of Certificate Revocation Lists (CRLs). If present it should contain the CRLs of the CAs in clientca.pem and client certs will be checked for 1 qmail-smtpd(8) qmail-smtpd(8) revocation. databytes Maximum number of bytes allowed in a message, or 0 for no limit. Default: 0. If a message exceeds this limit, qmail-smtpd returns a permanent error code to the client; in contrast, if the disk is full or qmail-smtpd hits a resource limit, qmail-smtpd returns a temporary error code. databytes counts bytes as stored on disk, not as transmitted through the network. It does not count the qmail-smtpd Received line, the qmail-queue Received line, or the envelope. If the environment variable DATABYTES is set, it overrides databytes. dh1024.pem If these 1024 bit DH parameters are provided, qmail- smtpd will use them for TLS sessions instead of gen- erating one on-the-fly (which is very timeconsuming). dh512.pem 512 bit counterpart for dh1024.pem. localiphost Replacement host name for local IP addresses. Default: me, if that is supplied. qmail-smtpd is responsible for recognizing dotted-decimal addresses for the current host. When it sees a recipient address of the form box@[d.d.d.d], where d.d.d.d is a local IP address, it replaces [d.d.d.d] with localiphost. This is done before rcpthosts. morercpthosts Extra allowed RCPT domains. If rcpthosts and mor- ercpthosts both exist, morercpthosts is effectively appended to rcpthosts. You must run qmail-newmrh whenever morercpthosts changes. Rule of thumb for large sites: Put your 50 most com- monly used domains into rcpthosts, and the rest into morercpthosts. rcpthosts Allowed RCPT domains. If rcpthosts is supplied, qmail-smtpd will reject any envelope recipient address with a domain not listed in rcpthosts. 2 qmail-smtpd(8) qmail-smtpd(8) Exception: If the environment variable RELAYCLIENT is set, qmail-smtpd will ignore rcpthosts, and will append the value of RELAYCLIENT to each incoming recipient address. rcpthosts may include wildcards: heaven.af.mil .heaven.af.mil Envelope recipient addresses without @ signs are always allowed through. rsa512.pem If this 512 bit RSA key is provided, qmail-smtpd will use it for TLS sessions instead of generating one on- the-fly. servercert.pem SSL certificate to be presented to clients in TLS- encrypted sessions. Should contain both the certifi- cate and the private key. Certifying Authority (CA) and intermediate certificates can be added at the end of the file. smtpgreeting SMTP greeting message. Default: me, if that is sup- plied; otherwise qmail-smtpd will refuse to run. The first word of smtpgreeting should be the current host's name. timeoutsmtpd Number of seconds qmail-smtpd will wait for each new buffer of data from the remote SMTP client. Default: 1200. tlsclients A list of email addresses. When relay rules would reject an incoming message, qmail-smtpd can allow it if the client presents a certificate that can be ver- ified against the CA list in clientca.pem and the certificate email address is in tlsclients. tlsserverciphers A set of OpenSSL cipher strings. Multiple ciphers contained in a string should be separated by a colon. If the environment variable TLSCIPHERS is set to such a string, it takes precedence. 3 qmail-smtpd(8) qmail-smtpd(8) SEE ALSO tcp-env(1), tcp-environ(5), qmail-control(5), qmail- inject(8), qmail-newmrh(8), qmail-queue(8), qmail- remote(8) 4