glenda.party
term% ls -F
term% cat index.txt
SMTPD(6)                         Games Manual                         SMTPD(6)



NAME
       smtpd - SMTP listener configuration

DESCRIPTION
       The SMTP daemon of mail(1) implements the slave side of the SMTP proto‐
       col to accept incoming mail on TCP port 25.  In  general,  smtpd's  de‐
       fault  parameters are sufficient for internal systems on protected net‐
       works, but external or  gateway  systems  require  additional  security
       mechanisms.   The  files /mail/lib/smtpd.conf, containing configuration
       parameters, and /mail/lib/blocked, containing banished addresses,  pro‐
       vide the means to exercise these facilities.

   Input Format
       In both files input lines consist of a verb followed by one or more pa‐
       rameters.  These tokens are separated by white space or commas and  all
       characters following a # are comments.  A # cannot be escaped.  Contin‐
       uation lines are not supported, but verbs that take multiple parameters
       can  be restated on many lines and the associated parameters accumulate
       into a single set.  All token processing is case-insensitive.

       Many parameters are addresses, either numeric IP addresses in CIDR  no‐
       tation or a sender address in UUCP-style format.

       An IP address in CIDR notation has the form

            aaa.bbb.ccc.ddd/mask

       consisting of a four octet IP address, a slash, and a mask length spec‐
       ifying the number of significant high-order bits.  The lower  the  mask
       length,  the larger the range of addresses covered by the CIDR address;
       see RFC 1878 for a  discussion  of  mask  lengths.   Missing  low-order
       octets  are  assumed to be zero.  If a mask length is not given, a mask
       length of 16, 24, or 32 is assumed for addresses containing two, three,
       or  four  octets,  respectively.   These mask lengths select a class B,
       class C or Class D address block.  Notice that this convention  differs
       from  the  standard treatment, where the default mask length depends on
       the allocation class of the network block containing the address.

       Sender addresses are specified in UUCP notation as follows:

            [domain!]...domain!user

       It is seldom necessary to specify more than one domain.  When domain is
       missing or *, the address selects the specified user in all domains.  A
       domain of the form *.domain selects the domain and all of  its  sub-do‐
       mains.   For example, example.com!user only matches the account user in
       domain example.com, while *.example.com!user selects  that  account  in
       example.com and all of its sub-domains.  When user is omitted or *, the
       address selects all users in the specified domain.  Finally, when *  is
       the last character of the user name it is a wild-card matching all user
       names beginning with user.  This limited  pattern  matching  capability
       should  be  used with care.  For safety, the sender addresses *, !, *!,
       !*  and *!*  are ignored.

   /mail/lib/smtpd.conf
       This file contains configuration options and parameters describing  the
       local domain.  Many of the options can also be specified on the command
       line; command line options always override the  values  in  this  file.
       Configuration options are:

       defaultdomain domain
                 The  name  of  the  local domain; it is appended to addresses
                 lacking a domain qualification.  This is identical to the  -h
                 command line option.

       norelay [on|off]
                 If  on is specified, relaying is prohibited from unauthorized
                 networks to external domains.  Authorized  networks  and  do‐
                 mains  must  be specified by the ournets and ourdomains verbs
                 described below.  Setting this option  on  is  equivalent  to
                 specifying the -f command line flag, but the list of networks
                 and domains can only be specified in this file.

       verifysenderdom [on|off]
                 When on, smtpd verifies that the first domain of the sender's
                 address  exists.   The  test  is cursory; it checks only that
                 there is a DNS delegation for the domain.  Setting the option
                 on is equivalent to specifying the -r command line option and
                 is useful for detecting some unreturnable messages as well as
                 messages with randomly generated domain names.

       saveblockedmsg [on|off]
                 When  on,  causes  copies  of blocked messages to be saved in
                 subdirectories of /mail/queue.dump.   Directories  are  named
                 with the date and file names are random numbers.  If this op‐
                 tion is off blocked messages are discarded.  Setting this op‐
                 tion  on  is equivalent to specifying the -s command line op‐
                 tion.

       ournets IP address [, IP address, ..., IP address]
                 This option specifies trusted source networks  that  are  al‐
                 lowed  to  relay mail to external domains.  These are usually
                 the internal networks of the local domain, but they can  also
                 include  friendly  external  networks.  Addresses are in CIDR
                 notation.

       ourdomains domain [, domain, ..., domain]
                 This option specifies destination domains that are allowed to
                 receive  relayed  mail.  These are usually the domains served
                 by a gateway system.  Domain specifications  conform  to  the
                 format for sender addresses given above.

       When the norelay option is enabled or the -f command line option given,
       relaying is allowed only if the source IP address is in ournets or  the
       destination domain is specified in ourdomains.

   Blocked Addresses
       Smtpd  consults  /mail/ratify  (see  ratfs(4)) for a list of banned ad‐
       dresses.  Messages received from these addresses are  rejected  with  a
       5xx-series  SMTP error code.  There is no option to turn blocking on or
       off; if /mail/ratify is mounted, smtpd will use it,  even  for  connec‐
       tions from trusted networks.

       The command line format and address specifications conform to the nota‐
       tion described above.  If the parameters of  the  verb  is  sender  ad‐
       dresses in UUCP format, the line must begin with an * character; if the
       parameters are one or more IP addresses, the * must precede  the  verb.
       Most verbs cause messages to be rejected; verbs of this class generally
       select different error messages.  The remaining verbs specify addresses
       that  are always accepted, in effect overriding blocked addresses.  The
       file is processed in order, so an override must precede its  associated
       blocked address.  Supported verbs are:

       dial IP address [,..., IP address]
                 The  parameters  are  IP  addresses  associated  with dial-up
                 ports.  The rejection message states  that  connections  from
                 dial-up ports are not accepted.  Copies of messages are never
                 saved.

       block address [, ... address]
                 Messages from addresses matching the parameters are  rejected
                 with  an error message saying that spam is not accepted.  The
                 message is saved if the option is enabled.

       relay address [, ... address]
                 This verb is identical to block, but the error message states
                 that  the  message  is rejected because the sending system is
                 being used as a spam relay.

       deny address [, ... address]
                 The deny command rejects a message when  the  sender  address
                 matches  one  of  its parameters.  The rejection message asks
                 the sender to contact postmaster@ hostdomain for further  in‐
                 formation.   This verb is usually used to block inadvertently
                 abusive traffic, for example, mail loops and  stuck  senders.
                 Messages are never saved.

       allow address [, ... address]
                 The allow verb negates the effect of subsequent blocking com‐
                 mands.  It is useful when a large range of addresses contains
                 a  few  legitimate addresses, for example, when a mail server
                 is in a Class C network block of modem  ports.   Rather  than
                 enumerate  the  dial  ports, it is easier to block the entire
                 Class C with a dial command, and precede it with an  override
                 for  the address of the mail server.  Similarly, it is possi‐
                 ble to block mail from an entire domain while accepting  mail
                 from  a  few friendly senders in the domain.  The verb accept
                 is a synonym for allow.

       Scanmail(8) describes spam detection software that works well with  the
       capabilities  described  here and mail(1) defines additional smtpd com‐
       mand line arguments applicable to exposed systems.

SEE ALSO
       mail(1), ratfs(4), scanmail(8)



                                                                      SMTPD(6)