Man/Man5/feat-environ

From Qmail-LDAP Wiki

Jump to: navigation, search

NAME

feat-environ - Advanced Features Environment Variables

DESCRIPTION

These environment variables enable advanced features of your qmail-ldap system.

The variables presented here don't describe a TCP connection, for those variables see tcp-environ(5).

VARIABLES

421GREETING
Rejects a connection right away with a 421 in the greeting line and starts in a dummy mode where only QUIT works unless 421GREETING is set -- in that case the connection will closed immediatly after printing the greeting.
Default: off
Affects: qmail-smtpd
Example:
""
"Go away!"
Note:
  • You can set this in tcpserver if you want to reject messages from an IP address temporarily.
  • If no string is given it will default to "Service temporarily not available (#4.3.2)".
  • The timeout is reduced to 20 seconds to prevent starvation.


550GREETING
Rejects a connection right away with a 550 in the greeting line and starts in a dummy mode where only QUIT works unless 421GREETING is set -- in that case the connection will closed immediatly after printing the greeting.
Default: off
Affects: qmail-smtpd
Example:
""
"Go away!"
Note:
  • You can set this in tcpserver if you want to reject messages from an IP address permanently.
  • If no string is given it will default to "Sorry, your message has been administratively denied. (#5.7.1)".
  • The timeout is reduced to 20 seconds to prevent starvation.
  • 550GREETING has precedence over 421GREETING.


AUTHPREPEND
String that is prepended to the login in the received line.
Default: off
Affects: qmail-smtpd
Example:
"Authenticated user: "
Note:
  • Just for additional information in the received line.
  • You can use this to make tracking of (ab)users easier.


AUTHREQUIRED
Allow sending of messages (for this host and relaying) only to authenticated senders.
Default: off
Affects: qmail-smtpd
Example:
"" (any value will do)
Note:
  • Use this only if all clients support AMTP-AUTH. Be careful not to block remote mail servers sending messages for local users.
  • This is only useful if you want to restrict certain IP ranges (for example you dial-up or other customers) to be able to send only as existing and valid users.


BLOCKRELAYPROBE
Rejects recipients with and "!", "%" or double-"@".
Default: off
Affects: qmail-smtpd
Example:
"" (any value will do)
Note:
  • This is quite useful to stop so called anti-spam probes of clueless and overzealus wannabe RBL operators.
  • These probes try to exploit some ancient sendmail bugs never existent in qmail. Unfortunatly qmail accepts such stuff even if it doesn't relays it and bounces it later.
  • "!" is the old UUCP bang path.
  • "%" is a sendmail relaying hack and
  • double-"@" a sendmail bug.
  • Beware if you actually use the qmail percent-hack! Then this can't be used obviously!


LDAPSOFTOK
Treat ldap soft errors (ldap server unavailable, etc) as if the check was successful and continue.
Default: off
Affects: qmail-smtpd
Example:
"" (any value will do)
Note:
  • Normally qmail-smtp will give a 450 temporary error if the ldap server could not be successfuly queried. This changes to treat such errors as if they had been successful.
  • It is useful when it is more important to keep the service available, even if the ldap server can't be queried for some reason (down, unreachable, insufficient query rights, etc).


LOGLEVEL
Level of log verbosity in qmail-smtpd.
Default: 0 (Zero)
Affects: qmail-smtpd
Example:
3
Levels:
0 = no logging
1 = fatal errors
2 = accounting
3 = connection setup and smtp errors
4 = verbose
Note:
  • Integer value.
  • Everything will be logged through tcpserver.


MAXRCPTCOUNT
Maxrcptcount is the maximum number of RCPT TOs you accept before permanently rejecting this delivery attempt.
Default: 0 (which means no unlimited)
Affects: qmail-smtpd
Example:
5
Note:
  • This is a hard limit.
  • If you just want to give some pain for smaller recipient numbers consider tarpit use as well.


NOBOUNCE
Rejects null sender bounces.
Default: off
Affects: qmail-smtpd
Example:
"" (any value will do)
Note:
  • Use only in extreme cases and only for certain IP ranges.
  • Blocking bounces is considered harmful and strictly prohibited by RFC2821.
  • This can be useful if a spammer used your domain as sender and you get all the bounces.
  • Otherwise don't enable this! You want to get bounces!


QMAILQUEUE
Use this queueing program instead of the default qmail-queue program.
Default: off
Affects: qmail-smtpd, qmail-qmtpd, qmail-qmqpd, qmail-inject, qmail-local, qmail-reply, qmail-send, qreceipt, condredirect, forward.
Example:
/var/scanner/bin/qmail-scanner-queue.pl
Note:
  • Using this for something different than the mail incoming daemons is dissuaded.


RBL
If set turns on RBL checks.
Default: none
Affects: qmail-smtpd
Example:
"" (any value will do)
Note:
  • See also rbllist control file.


RBLONLYHEADER
Causes qmail-smtpd not to reject the message in any case but just to add a line with it's findings to the mail header.
Default: none
Affects: qmail-smtpd
Example:
"" (any value will do)
Note:
  • Add's a "X-RBL: (relays.ordb.org) matches with 127.0.0.2 and tells us go home" header to the message for later filtering.


RCPTCHECK
Check if the recipient (envelope "rcpt to:") of a message really exists. If not give a 550 reject right now instead of bouncing later in qmail-lspawn.
Default: off
Affects: qmail-smtpd
Example:
"" (any value will do)
Note:
  • Only applies to recipients whose domain is listed in locals.
  • Recipients domains listed in rcpthosts are allowed without further checks.
  • If RELAYCLIENT is set, all other recipients are allowed as well.
  • Addresses or domains listed in goodmailaddr are unconditionally allowed in all cases.


REJECTEXEC
Reject DOS/Windows executables in mail attachements.
Default: off
Affects: qmail-smtpd
Example:
"" (any value will do)
Note:
  • This patch does not distinguish between valid applications and evil viruses and trojans so handle with care.
  • It is not a 100% guaranteed protection but it handles a lot of unwanted stuff.
  • The file signatures contains signatures for matching of mime attachments.


RETURNMXCHECK
Rejects senders if they don't have a valid return MX.
Default: off
Affects: qmail-smtpd
Example:
"" (any value will do)
Note:
  • This is quite useful even though it doesn't stops many spammers today.
  • But it ensures that you can send an email or a bounce back to the sender.
  • It is also useful for your own users/customers because if they type a nonexistent sender into their "from" field (typos!) it'll stop them the first time instead of getting helpdesk calls when nobody can reply to them.


SANITYCHECK
Rejects senders without an @, no . in domain part or too long/short TLD.
Default: off
Affects: qmail-smtpd
Example:
"" (any value will do)
Note:
  • Rejects stuff which you probably don't want on your mailserver because it's highly likely that it'll bounce later.


SENDERCHECK
Check if the sender (envelope "mail from:") of a message really exists (in the LDAP directory). If not give a 550 reject right now.
Default: off
Affects: qmail-smtpd
Example:
"" or "LOOSE" or "STRICT"
Note:
  • Only applies to senders whose domain is listed in locals.
  • Everything else is assumed to be an external message with a foreign sender coming in, so no check applied. This is normal mode.
  • Setting to "LOOSE" will allow only senders which are listed either in the file locals or rcpthosts.
  • Setting to "STRICT" will only allow senders which are listed in locals. With this you can enforce for example that people from certain ip ranges can only send if they have a valid existing email address with you.
  • Addresses or domains listed in goodmailaddr are unconditionally allowed in all cases.


SMTP550DISCONNECT
Disconnect the SMTP session if a 5xx is produced by the sender.
Default: off
Affects: qmail-smtpd
Example:
"" (any value will do)
Note:
  • This is useful if you have a spammer trying different senders or recipients in the same session separated by rset's.


SMTPAUTH
Enables SMTP-AUTH for remote clients. Authenticated clients are allowed to relay through this server and their login is being recorded in the received line.
Default: off
Affects: qmail-smtpd
Example:
"TLSREQUIRED" or "" (any value will do)
Note:
  • With SMTP-AUTH remote users can use this mail server for relaying.
  • SMTP is unencrypted and auth passwords are in clear text equivalent base64 encoding.
  • With TLSREQUIRED enabled SMTP-AUTH is only accepted when the SMTP session is TLS encrypted to prevent password sniffing.
  • TLSREQUIRED requires TLS option to be compiled into qmail-ldap.


SSLCERT
Path to the SSL certificate qmail-smtpd should use for STARTTLS.
Default: none, smtpcert will be used
Example:
/var/qmail/boot/qmail-smtpd/cert.pem
Note:
  • Overrides smtpcert.


TARPITCOUNT
Tarpitcount is the number of RCPT TOs you accept before you start tarpitting.
Default: 0 (which means no tarpitting)
Affects: qmail-smtpd
Example:
5
Note:
  • This number should be smaller than MAXRCPTCOUNT to have any effect.
TARPITDELAY
Tarpitdelay is the number of seconds of delay to introduce after each subsequent RCPT TO.
Default: 5
Affects: qmail-smtpd
Example:
10
Note:
  • Connection which are tarpitted take a long time to finish.
  • Be aware that this ties up the available qmail-smtpd slots.
  • Raise connection limits with tcpserver if neccessary.


ABOUT

AUTHOR: Bruno Negrao G Zica, bnegrao AT yahoo DOT com
Last Revision: 2005/07/02


SEE ALSO

qmail-control(5), qmail-inject(8), qmail-lspawn(8), qmail-smtpd(8), qmail-qmtpd(8), qmail-qmqpd(8), qmail-qmqpc(8), qmail-send(8), tcp-environ(5)
Retrieved from "http://www.qmail-ldap.org/wiki/index.php/Man/Man5/feat-environ"
Personal tools