## ## ## outpost-insmtpd configuration file ## ## ## Copyright (C) 2003 FOSS-On-Line , ## Aleksey Krivoshey ## ## This program is free software; you can redistribute it and/or modify ## it under the terms of the GNU General Public License as published by ## the Free Software Foundation; either version 2 of the License, or ## (at your option) any later version. ## ## This program is distributed in the hope that it will be useful, ## but WITHOUT ANY WARRANTY; without even the implied warranty of ## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ## GNU General Public License for more details. ## ## You should have received a copy of the GNU General Public License ## along with this program; if not, write to the Free Software ## Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA ## OUTPOST_HOME = /home/voodoo/Projects/Outpost # # include log.conf ( logs are defined there ) # DOTCONFPPIncludeFile ${OUTPOST_HOME}/conf/log.conf # # include modules config file # DOTCONFPPIncludeFile ${OUTPOST_HOME}/conf/modules.conf # # User to run outpost-insmtpd # User voodoo # # Group to run outpost-insmtpd # Group users # # messages with level greater than this will not be logged # possible values are [0..2] # 0 - default, 2 - maximum detail (debug) # LoggingLevel 2 # # PID file # PIDFile = /var/pid/outpost-insmtpd.pid # # bind address # It can either contain "*", an IP address, or a fully qualified Internet domain name (FQDN). BindAddress * # # port # Port 10000 # # Log suffix # # Logs are defined in log.conf, there are two must-present logs: errlog and maillog # but when you want for example outpost-insmtpd to do all log output # in logfiles different with other outpost processes you can define LogSuffix here # and then add , , ... to log.conf # # This is also usefull then you want to run several "virtual" insmtpd servers for different addresses # e.g. by use of BindAddress ( of course you need to use different insmtpd.conf file for each server ) # LogSuffix "insmtpd" # # My official FQDN name # serverFQDN = ${HOSTNAME}.foss.local # # Server greeting string (part of response to SMTP EHLO/HELO command) # serverGreeting = "ESMTP Outpost 0.0.1" # # Maximum allowed message size # default: 0 - no limit # format: MaxMessageSize num{M|k} # # example: MaxMessageSize 5M, MaxMessageSize 300k # MaxMessageSize 3M # # Local domain names # users from these domains are treated as local # LocalDomains voodoo.foss.local foss.local foss.kharkov.ua # # Permissions on ESMTP commands # NOTE!: you can not set permissions on "EHLO", "HELO", "QUIT" or "NOOP" commands # # presence of symbol '+' before extension means that this extension is required # if there is no symbol '+' before extension, then if any of those extensions without sign '+' # has reported success, command is allowed: # Example: HELP from * allow +SMTP-TLS AUTH-LOGIN AUTH-CRAM-MD5 # HELP command will be allowed if SMTP-TLS has reported OK and any of AUTH-CRAM-MD5 or AUTH-LOGIN has # reported success # # NOTE!: DO NOT create HERE spam filters! This is _only_ policy rules. # For filtering spam use corresponding modules # # WARNING!: be carefull to not disable extension's command by requiring this extension to complete command # for example: # # defult rule: # * from * allow SMTP-TLS # here you must explicitly allow command STARTTLS, because default rule will require SMTP-TLS extension for it: # STARTTLS from * allow * # # DEFAULTS for any command ( except for "EHLO", "HELO", "QUIT" or "NOOP" ) # * from 10.0.1.* allow +SMTP-TLS AUTH-CRAM-MD5 AUTH-PLAIN AUTH-LOGIN * from * allow * # ------ ESMTP UNSECURE COMMANDS ----- EXPN from 10.0.1.0/24 default EXPN deny VRFY from 10.0.1.8 default VRFY from 10.0.1.10 default VRFY from * deny # "HELP" command can be used to generate too much network traffic HELP from 10.0.1.0/24 default HELP deny # ------ END ESMTP UNSECURE COMMANDS ----- # enable STARTTLS command ( default command policy above will require AUTH-CRAM-MD5 to STARTTLS) STARTTLS from * allow # AUTH command ( from mod_smtp_auth_*.so modules) AUTH from 10.0.1.0/24 allow AUTH from * default # # Permissions on SMTP extensions # # by default policy is 'from * allow *' # AUTH-LOGIN from 10.0.1.0/24 allow AUTH-LOGIN from * allow SMTP-TLS AUTH-PLAIN from * allow SMTP-TLS # # MAIL FROM control # # NOTE!: DO NOT create here spam filters! This is _only_ policy rules. # For filtering spam use corresponding modules # # !!!WARNING!!!: Blocking MAIL FROM: is _NOT_ conforming with RFC!!! # !!!WARNING!!!: This may lead to blocking legitimate mail ( see RFC2505, page 14 for details ) # !!!WARNING!!!: You are strongly encouraged to use other techniques such as PGP for message signing and/or encryption # # from 10.0.1.14 allow AUTH-CRAM-MD5 SMTP-TLS from 10.0.1.16 allow AUTH-CRAM-MD5 SMTP-TLS from * deny from 10.0.1.* allow * from * allow AUTH-CRAM-MD5 SMTP-TLS # END MAIL FROM CONTROL # # Relaying control ( delivery to nonlocal users ) # # Format: # Relay [for ] from allow # or: # Relay [for ] from deny # # By default all relaying is denied, that is: Relay for * from * deny (even for localhost) # # if "for " is not specified, "for *" is assumed # NOTE!!: relaying mail for some domain will work !!ONLY!! if we are one of the MX hosts for that domain # # # Allow relaying from 192.168.83.* either if authenticated by CRAM-MD5 or by DIGEST-MD5 # NOTE: that restrictions placed on "AUTH" command ( see ) may require starting SMTP-TLS session before # "AUTH" command will succeed Relay from 192.168.83.* allow AUTH-CRAM-MD5 AUTH-LOGIN AUTH-PLAIN # Allow relaying from 192.168.80.0/24 if authenticated by CRAM-MD5 Relay from 192.168.80.0/24 allow AUTH-CRAM-MD5 # Completely untrusted host. No relaying for it at all. Just local deliveries. Relay from 10.0.1.8 deny # Completely trusted network Relay from 10.0.1.* allow * # All others can use us as relay only if SMTP-TLS was successful Relay from * allow SMTP-TLS # Allow relaying mail for gov.ua ( if we are MX host for this domain ) Relay for gov.ua allow * # Relaying for concrete domain # bank.ua MUST have us as their MX host Relay for bank.ua from dialup.bank.ru allow SMTP-TLS Relay for bank.ua from * allow SMTP-TLS AUTH-CRAM-MD5 # END RELAYING CONTROL #EOF