# # smtpserver.conf - autogenerated edition # #PARAM maxsize 10000000 # Same as -M -option #PARAM min-availspace 5000 # Minimum free in POSTOFFICE after # # message has arrived; in KILOBYTES. #PARAM max-error-recipients 3 # More than this is probably SPAM! #PARAM max-unknown-commands 10 # Max unknown cmds before we hung up # #PARAM MaxSameIpSource 10 # Max simultaneous connections # # from any IP source address #PARAM MaxParallelConnections 800 # Max simultaneous connections # # in total to the server #PARAM TcpRcvBufferSize 32000 # Should not need to set! #PARAM TcpXmitBufferSize 32000 # Should not need to set! # #PARAM ListenQueueSize 10 # listen(2) parameter # #PARAM RcptLimitCount 10000 # Max number of recipients for one # # MAIL FROM session. Minimum: 100 #PARAM sum-sizeoption-value # #PARAM BindPort 25 # Binding port #PARAM BindAddress [0.0.0.0] # Binding address - for multihomers.. #PARAM BindAddress [IPv6.0::0] # and here is for IPv6 - NO SPACES! #PARAM BindAddress iface:eth0:2 # Addresses of that interface # # Enables of some commands: #PARAM DEBUGcmd #PARAM EXPNcmd #PARAM VRFYcmd #PARAM enable-router # This is a security decission for you. # # This is needed for EXPN/VRFY and interactive # # processing of MAIL FROM and RCPT TO addresses. # # However it also may allow external user entrance # # to ZMailer router shell environment with suitably # # pervert input, if quotation rules are broken in # # the scripts. # #PARAM smtp-auth-sasl # Authentication with SASL[2] mechanisms # # in the system. Enabling this takes precedence over # # smtp-auth below! # #PARAM sasl-mechanisms LIST OF SASL MECHANISMS # # A space delimittered list of SASL mechanisms we # # want to support. # #PARAM smtp-auth # Enable, if you want to allow SMTP to autenticate # # with the default code against system /etc/passwd # # (or whatever source getpwnam() uses for it..) # # This is intended to be used WITH the TLS network # # encryption! This supports just plaintext logins. # #PARAM SMTP-auth-pipe /path/to/program # # External authentication program. The # # authenticator should read a username from # # command line and a password from standard input. # # Exit status 0 means successful authentication. # # Works only without SASL # #PARAM AUTH-LOGIN-also-without-TLS # # Enable, if the "AUTH LOGIN" must be allowed to # # be used without running under SSL/TLS encryption # # envelope. ENABLING THIS IS A SECURITY THREAT! # #PARAM MSA-mode # Message Submission Agent mode. Require # # successful user authentication during SMTP # # sessions initiated from outside of the trusted # # networks or the networks with relaying enabled # # (see "fulltrustnet" and "relaycustnet" in # # smtp-policy.src file). # #PARAM use-tcp-wrapper # # If TCP-WRAPPER is configured in, uncommenting this # # will activate its use to look service name: smtp-receiver # # Disablers of some facility adverticements # #PARAM NoEHLO #PARAM NoPIPELINING #PARAM No8BITMIME #PARAM NoCHUNKING #PARAM NoDSN #PARAM NoETRN PARAM no-multiline-replies # except to EHLO (Bloody M$ RFC821/AppE violators) #PARAM force-rcpt-notify-never # Some want to hide the delivery knowledge.. # # HDR220 metatags: # %% = '%' character # %H = myhostname # %I = '+IDENT' if 'identflg' is set # %V = VersionNumb # %T = curtime string # %X = xlatelang parameter # #PARAM hdr220 %H ZMailer ESMTP-server %V running at Yoyodyne Propulsion Inc #PARAM hdr220 %H ESMTP (NO UCE)(NO UBE) our local time is now %T # # Note above the "ESMTP" words are present because *some* MTA systems won't # do EHLO greeting, unless they see "ESMTP" - against RFC 1869 part 4. # "EHLO is to be done blindly, server responses are not to be studied for # any possible 'ESMTP' keyword!" # #PARAM help ============================================================= #PARAM help This mail-server is at Yoyodyne Propulsion Inc. #PARAM help Our telephone number is: +1-234-567-8900, and #PARAM help telefax number is: +1-234-567-8999 #PARAM help Our business-hours are Mon-Fri: 0800-1700 (Timezone: -0700) #PARAM help #PARAM help Questions regarding our email service should be sent via #PARAM help email to address #PARAM help Reports about abuse are to be sent to: #PARAM help ============================================================= # # Uncomment following for not to strip incoming addresses of format: # <@aa,@bb:cc@dd> into non-source-routed base form: # #PARAM allowsourceroute # DON'T ENABLE UNLESS YOU USE ROUTER BASED # # POLICY ANALYSIS! # # The policy database: (NOTE: See 'makedb' for its default suffixes!) # PARAM policydb $DBTYPE $MAILVAR/db/smtp-policy # # External program for received message content analysis: #PARAM contentfilter $MAILBIN/smtp-contentfilter #PARAM debug-contentfilter # Debug the content-filter interface protocol # #PARAM tarpit 0 0 0 # No "tarpit" for 4XX/5XX reply codes (default) #PARAM tarpit 20 2 300 # Initial delay: 20 secs, next = prev + (prev * 2) # # TLSv1/SSLv[23] parameters; all must be used for the system to work! # # See doc/guides/openssl, or: # http://www.aet.tu-cottbus.de/personen/jaenicke/pfixtls/doc/setup.html # #PARAM use-tls ##PARAM listen-ssmtp # A deprecated TCP/465 port listener for SSL/SMTP ##PARAM outlook-tls-bug # Variant of ssmtp # #PARAM tls-CAfile $MAILVAR/db/smtpserver-CAcert.pem #PARAM tls-cert-file $MAILVAR/db/smtpserver-cert.pem #PARAM tls-key-file $MAILVAR/db/smtpserver-key.pem # # If system default SSL-session-cache is to be used ? #PARAM tls-use-scache #PARAM tls-scache-timeout 3600 # (cache timeout in seconds) # # Then some futher thoughs that may materialize some time.. #PARAM tls-loglevel 0 #PARAM tls-ccert-vd 0 #PARAM tls-ask-cert 0 #PARAM tls-require-cert 0 ##PARAM tls-CApath ... (somewhen: ways to verify client's certificates) ##PARAM tls-enforce-tls 1 # Elements to be added into "Received:" header's initial comment part: # #PARAM rcvd-ident # The ident lookup result (or even admitting it) #PARAM rcvd-whoson # Likewise for "whoson" #PARAM rcvd-auth-user # Authenticated Username #PARAM rcvd-tls-mode # Cipher, or not #PARAM rcvd-tls-peer # Client Certificate reference # A load-balanced server cluster may want to communicate # the ETRN request to cluster components, here is how: # See also: doc/guides/etrn-cluster # #PARAM etrn-cluster localhost mq-etrn-user mq-etrn-pw #PARAM etrn-cluster node-2-name-or-address mq-etrn-user mq-etrn-pw #PARAM etrn-cluster node-3-name-or-address mq-etrn-user mq-etrn-pw #... #PARAM etrn-cluster node-40-name-or-address mq-etrn-user mq-etrn-pw # # # HELO/EHLO-pattern style-flags / !reject_message # [max loadavg] # # Note about the style-flags: 'ftve' set needs enable-router! # The system will not complain about lack of it (since 2.99.56), # but without that enable, those four flags have no effect. # #localhost 999 ftveR #some.host.domain 999 !NO EMAIL ACCEPTED FROM YOUR MACHINE # If the host presents itself as: HELO [1.2.3.4], be lenient to it.. # The syntax below is due to these patterns being SH-GLOB style patterns # where the brackets are special characters. \[*\] 999 ve # Per default demand strict syntactic adherence, including fully # qualified addresses for MAIL FROM, and RCPT TO. To be lenient # on that detail, remove the "R" from "veR" string below: * 999 veR