Option Syntax

Options can be expressed in four different ways. Boolean options are expressed as +option or -option to turn the option on or off respectively. Numeric, string, and list options are expressed as option=value to set the option or option+=value to append to a list. Note that the +option and -option syntax are equivalent to option=1 and option=0 respectively. String values containing white space must be quoted using single (') or double (") quotes. Option names are case insensitive.

Some options, like +help or -help, are treated as immediate actions or commands. Unknown options are ignored and not reported. The first command-line argument is that which does not adhere to the above option syntax. The special command-line argument -- can be used to explicitly signal an end to the list of options.

The default options, as shown below, can be altered by specifying them on the command-line or within an option file, which simply contains command-line options one or more per line and/or on multiple lines. Comments are allowed and are denoted by a line starting with a hash (#) character. If the file option is defined and not empty, then it is parsed first, followed by the command line options.

Option names that start with a leading underscore (_) are considered experimental and subject to change or be removed from future builds. They should not normally be used on production systems.

Option Summary

access-map=sql!/etc/smtpf/access.sq3

The type and location of the read-only access key-value map. It provides a centralised means to black and white list hosts, domains, mail addresses, etc. The following methods are supported:

sql!/path/database

socketmap!host:port

socketmap!/path/local/socket

socketmap!123.45.67.89:port

socketmap![2001:0DB8::1234]:port

For those locations that specify a host:port, if :port is omitted, the default is 7953.

The access-map contains key-value pairs. Lookups are performed from most to least specific, stopping on the first entry found. Keys are case-insensitive.

An IPv4 lookup is repeated several times reducing the IP address by one octet from right to left until a match is found.

tag:192.0.2.9

tag:192.0.2

tag:192.0

tag:192

An IPv6 lookup is repeated several times reducing the IP address by one 16-bit word from right to left until a match is found.

tag:2001:0DB8:0:0:0:0:1234:5678

tag:2001:0DB8:0:0:0:0:1234

tag:2001:0DB8:0:0:0:0

tag:2001:0DB8:0:0:0

tag:2001:0DB8:0:0

tag:2001:0DB8:0:0

tag:2001:0DB8:0

tag:2001:0DB8

tag:2001

A domain lookup is repeated several times reducing the domain by one label from left to right until a match is found.

tag:[ipv6:2001:0DB8::1234:5678]

tag:[192.0.2.9]

tag:sub.domain.tld

tag:domain.tld

tag:tld

tag:

An email lookup is similar to a domain lookup, the exact address is first tried, then the address's domain, and finally the local part of the address.

tag:account@sub.domain.tld

tag:sub.domain.tld

tag:domain.tld

tag:tld

tag:account@

tag:

The tags Connect:, Helo:, From:, and To: are used for black / white list lookup by connecting client IP or domain, HELO/EHLO argument, sender address, and recipient address respectively. Other options may specify other tags. See the access-map chapter.

If a key is found, then the value is processed as a pattern list and the result returned. A pattern list is a whitespace separated list of pattern-action pairs followed by an optional default action. The support pattern formats are:

[network/cidr]action	Classless Inter-Domain Routing
!pattern!action	Simple fast text matching.
/regex/action	Extended Regular Expressions

The CIDR will only ever match for IP address related lookups.

A !pattern! uses an asterisk (*) for a wildcard, scanning over zero or more characters; a question-mark (?) matches any single character; a backslash followed by any character treats it as a literal (it loses any special meaning).

!abc!	exact match for 'abc'
!abc*!	match 'abc' at start of string
!*abc!	match 'abc' at the end of string
!abc*def!	match 'abc' at the start and match 'def' at the end, maybe with stuff in between.
!*abc*def*!	find 'abc', then find 'def'

For black-white lookups, the following actions are recognised: OK (white list), CONTENT (white list pre-DATA) DISCARD (accept & discard), SPF-PASS (white-list sender if SPF passed), REJECT (black list), IREJECT (black list immediately), TEMPFAIL, SAVE (save copy if delivered), TRAP (accept, save, but do not deliver), TAG (tag Subject instead of reject or drop), SKIP or DUNNO (stop lookup, no result), and NEXT (opposite of SKIP, resume lookup). It is possible to specify an empty action after a pattern, which is treated like SKIP returning an undefined result. Other options may specify other actions.

±access-tag-words

Write to standard output access-map action tag and valid word mapping.

±access-word-tags

Write to standard output access-map action word and valid tag mapping.

-auth-delay-checks

Delay some client connection and HELO tests until MAIL FROM: to allow the sender to authenticate using the AUTH command.

avastd-policy=reject

Policy to apply if message is infected. Specify either none, reject, or discard.

avastd-socket=

The unix domain socket or Internet host[:port] of the avastd server. Specify the empty string to disable avastd scan. The default clamd port is 5037.

avastd-timeout=120

The avastd I/O timeout in seconds.

cache-accept-ttl=604800

Cache time-to-live in seconds for positive results. A record will be maintained as long as there is regular activity.

cache-gc-interval=300

Cache garbage collection interval in seconds.

cache-multicast-ip=

The Multicast Cache facility provides the ability to share cache updates between two or more machines on the same network segment. The multicast group can be an IPv4 or IPv6 address plus an optional port. For IPv4, RFC 3171 reserves 232/8 for one-to- many applications. RFC 3513 outlines multicast IPv6 assignment and it is recommended to use something within FF12/16 for link-local. To disable the multicast cache updates, specify the empty string.

cache-multicast-port=6920

The listener port for multicast cache updates.

cache-multicast-ttl=1

The multicast TTL value to be applied to broadcast packets.

cache-on-corrupt=replace

Action taken if cache corruption is detected. Set to one of: exit, rename, or replace. This is intended for debugging.

cache-path=/var/db/smtpf/cache.sq3

The file path of the SQLite3 cache. The directory containing the cache must be read-writable by the process so that SQLite3 can create journal files as required.

cache-reject-ttl=604800

Cache time-to-live in seconds for reject results.

cache-secret=

The Multicast & Unicast Cache facility broadcasts UDP packets in the clear on the link-local network segment or direct to a set of hosts. In order to identify valid broadcasts, each participating machine must have the same shared secret used to generate and validate the cache updates.

cache-sync-mode=off

Cache synchronisation mode. Set to one of: off, normal, or full. The normal and full modes improve reliability at the sake of speed.

cache-temp-fail-ttl=7200

Cache time-to-live in seconds for temporary failure results.

cache-unicast-hosts=

The Unicast Cache facility provides the ability to broadcast cache updates to a set of remote hosts beyond the local network segment. A space or comma separated list of host names and/or IP addresses with optional colon separated port numbers. This option and cache-unicast-domain are mutually exclusive.

cache-unicast-port=6921

The listener port for unicast cache updates.

-call-ahead-as-sender

When set, perform the call-ahead using the original MAIL FROM: instead of the MAIL FROM:<> (null sender). Some down stream mail stores reject MAIL FROM:<> or reject a sender at RCPT TO:

call-ahead-command-timeout=45

SMTP command timeout in seconds for call-aheads. This timeout must be less than the smtp-command-timeout, if a call-ahead is to have any chance in completing before the SMTP client times out.

-call-back

When set, performs sender address verification using a call-back to one of the sender's MX hosts. Note that this form of test is very unpopular with large mail services for a variety of reasons such as resource consumption and that it can be abused for proxied dictionary harvesting attacks. Use of this test could result in black listing of your host by those services. Use with care.

-call-back-pass-grey

If the call-back returns a pass result, then skip grey-listing.

-call-back-strict-greeting

During a call-back, require that the first word of the 220 response is a FQDN, otherwise fail the call-back. See RFC 2821 section 4.2 grammar for greeting and section 4.3.1 paragraph 3.

-call-back-uri-greeting

During a call-back, URI BL test the FQDN host name given by the 220 response. The call-back fails if the host name is listed.

clamd-max-size=10000

Max. number of kilobytes to pass to clamd, 0 for unlimited.

clamd-policy=reject

Policy to apply if message is infected. Specify either none, reject, or discard.

+clamd-scan-all

When set, scan all messages for viruses. ClamAV can also scan for phishing scams. Otherwise, as an optimisation, only scan messages with attachments for viruses.

clamd-socket=

The unix domain socket or Internet host[:port] of the clamd server. Specify the empty string to disable clamd scan. The default clamd port is 3310. If clamd is running on the same host as smtpf, then the special token SCAN can be specified to use scanning by file path instead of by socket stream for an I/O efficiency gain.

clamd-timeout=120

The clamd I/O timeout in seconds.

click-secret=

Specify a phrase used to generate and validate a click challenge. Be sure to quote the string if it contains white space.

click-ttl=90000

Time-to-live in seconds for click challenge links.

click-url=

Specify either an empty string, mailto, or an http URL. If set to mailto, then reject messages are appended with a special mail address that a sender can mail in order to get temporarily white listed.

If set to an http: URL, then a reject messages are appended with a URL that the sender can click on in order to get temporarily white listed. The click-url is suffixed with query string parameters, where c= is the trimmed PTR or IP of the sender (see grey-key), a comma, and the sender's mail address; the h= is the ASCII encoded time stamp and MD5 hash generated from the binary value of the timestamp, the click-secret, and the c= value.

Otherwise set to empty string to disable this facility.

-client-ip-in-ptr

Apply a pattern heuristic to the connected client's PTR record. Reject if it looks like it is composed from the client IP address. See also client-is-mx.

-client-is-mx

Weaken rejects based on client-ptr-required or client-ip-in-ptr until the sender address is known. If the client IP and sender combination pass SPF or the client IP is an MX for the sender, then ignore the results of client-ptr-required and client-ip-in-ptr. Otherwise reject if client-ptr-required is false or client-ip-in-ptr is true.

-client-ptr-required

The connecting client IP address must have a PTR record. See also client-is-mx.

Concurrent Connection Control

The tag Concurrent-Connect: can be used in the access-map.

If a key is found, then the value is processed as a pattern list and the result returned. A positive integer value is specified in place of an action and is the maximum number of concurrent connections permitted at any one time.

Connection Rate Control

The tag Rate-Connect: can be used in the access-map.

If a key is found, then the value is processed as a pattern list and the result returned. An integer, in place of an action word, specifies the number of connections per minute allowed. Specify zero (0) connections to disable the rate limit.

ctasd-policy=reject

Policy to apply if message is infected. Specify either none, reject, or discard.

ctasd-socket=

The unix domain socket or Internet host[:port] of the CommTouch Advanced Security daemon (ctasd). Specify the empty string to disable ctasd scan. The default ctasd port is 8088.

-ctasd-stream

When set, the message is streamed to the ctasd server, otherwiese the message is passed by temporary file reference. Currently ctasd does not properly support true inline streaming, so this option should remain unset.

ctasd-subject-tag=[SUSPECT]

When the ctasd server reports the message as suspicious then the Subject header is prepended with this tag to identify suspect messages. Specify the empty string to disable the subject tag.

ctasd-timeout=120

The ctasd I/O timeout in seconds.

+daemon

Start as a background daemon or foreground application.

deny-compressed-name=*.bat

deny-compressed-name+=*.com

deny-compressed-name+=*.cpl

deny-compressed-name+=*.exe

deny-compressed-name+=*.inf

deny-compressed-name+=*.msi

deny-compressed-name+=*.msp

deny-compressed-name+=*.pif

deny-compressed-name+=*.scr

A list of unacceptable file patterns to reject when found RAR or ZIP attachments. The default list consists of unsafe Windows file extensions as given by Microsoft. Specify an empty list to disable.

-deny-content

When enabled, then deny-content-* options are applied.

deny-content-name=*.adp

deny-content-name+=*.bas

deny-content-name+=*.bat

deny-content-name+=*.chm

deny-content-name+=*.cmd

deny-content-name+=*.com

deny-content-name+=*.cpl

deny-content-name+=*.crt

deny-content-name+=*.exe

deny-content-name+=*.hlp

deny-content-name+=*.hta

deny-content-name+=*.inf

deny-content-name+=*.ins

deny-content-name+=*.isp

deny-content-name+=*.js

deny-content-name+=*.jse

deny-content-name+=*.lnk

deny-content-name+=*.mdb

deny-content-name+=*.mde

deny-content-name+=*.msc

deny-content-name+=*.msi

deny-content-name+=*.msp

deny-content-name+=*.mst

deny-content-name+=*.pcd

deny-content-name+=*.pif

deny-content-name+=*.reg

deny-content-name+=*.scr

deny-content-name+=*.sct

deny-content-name+=*.shs

deny-content-name+=*.shb

deny-content-name+=*.url

deny-content-name+=*.vb

deny-content-name+=*.vbe

deny-content-name+=*.vbs

deny-content-name+=*.wsc

deny-content-name+=*.wsf

deny-content-name+=*.wsh

A list of unacceptable file patterns to reject when found as MIME attachments. The default list consists of unsafe Windows file extensions as given by Microsoft. Specify an empty list to disable.

deny-content-type=application/*executable

deny-content-type+=application/*msdos-program

deny-content-type+=message/partial

A list of unacceptable attachment MIME types to reject. Specify an empty list to disable.

deny-top-content-type=application/*

A list of unacceptable message MIME types to reject. Specify an empty list to disable.

digest-bl=

A list of MD5 digest based BL suffixes to consult. Aggregate lists are supported using suffix/mask. Without a /mask, suffix is the same as suffix/0x00FFFFFE.

dns-bl=

A list of IP based DNS BL suffixes to consult, like sbl-xbl.spamhaus.org. Aggregate lists are supported using suffix/mask. Without a /mask, suffix is the same as suffix/0x00FFFFFE.

dns-bl-headers=

A semi-colon separated list of mail headers to parse for IP addresses and check against one or more DNS BL. Specify the empty list to disable.

dns-gl=

A list of IP based DNS grey-list suffixes to consult. This is similar to dns-wl, but only white lists as far as, but not including, the data content filters. Intended for use with less reliable DNS white lists. Aggregate lists are supported using suffix/mask. Without a /mask, suffix is the same as suffix/0x00FFFFFE.

dns-max-timeout=45

Maximum timeout in seconds for a DNS query.

-dns-round-robin

Set true to query NS servers in round robin order. Set false to query all the NS servers in parallel.

dns-wl=

A list of IP based DNS WL suffixes to consult. Aggregate lists are supported using suffix/mask. Without a /mask, suffix is the same as suffix/0x00FFFFFE.

domain-bl=.dbl.spamhaus.org

A list of domain black list suffixes to consult, like .dbl.spamhaus.org. The host or domain name found in a URI is checked against these DNS black lists. These black lists are assumed to use wildcards entries, so only a single lookup is done. IP-as-domain in a URI are ignored.

-dupmsg-track-all

When set, we track all Message-ID headers received and reject any duplicates messages that arrive again. This can prevent some types of spam from being sent repeatedly, however it will greatly increase the size of the cache on high volume systems and so should be used with care.

dupmsg-ttl=90000

Time-to-live in seconds for duplicate message tracking records. These records are created in the event that there was an I/O error while sending a 250 message accepted reply and have successfully relayed the message to the forward host(s), in which case record the message ID in order accept and discard future retries of the same message and so avoid duplicates.

emew-dsn-policy=none

If the message is a DSN or MDN and does not contain a reference to an enhanced Message-ID that originated here, then apply the given policy, which can be either reject or none.

emew-secret=

Specify a phrase used to generate and validate an enhanced Message-ID. Be sure to quote the string if it contains white space. Specify the empty string to disable enhanced Message-ID support.

emew-ttl=604800

Time-to-live in seconds for an enhanced Message-ID header. Messages referring to stale mail that originated here are rejected. This limits the window of opportunity for replay attacks.

file=/etc/smtpf/smtpf.cf

Read option file before command line options.

fpscand-policy=reject

Policy to apply if message is infected. Specify either none, reject, or discard.

fpscand-socket=

The unix domain socket or Internet host[:port] of the fpscand server. Specify the empty string to disable fpscand scan. The default fpscand port is 10200.

fpscand-timeout=120

The fpscand I/O timeout in seconds.

-grey-content

Content based grey listing. After all other content filters have passed over a message and when the grey-list key tuple has not been previously seen, we store a hash for the message and temporarily reject it, and grey-list at DATA until the grey-temp-fail-period expires. If the same message returns and matches the previously stored hash, then update the grey-list record to a pass. All other messages from the matching grey-list key tuple are temporarily rejected until the previously hashed message is sent again.

-grey-content-save

When set, save the DATA content that is hashed to a file in the save-dir directory. Intended for testing and diagnosis.

grey-key=ptr,mail,rcpt

A comma separated list of what composes the grey-list key: ip, ptr, helo, mail, rcpt. The ptr element is the PTR record for the connecting client minus the first label, so if host.example.com is the returned PTR value, then example.com is the value used. If there is no PTR record found or the client IP appears to be a dynamic IP, then the client IP address is used. Specify the empty string to disable grey-listing.

grey-report-header=X-Grey-Report

The name of the grey report header. Empty string to disable.

grey-temp-fail-period=600

This is the amount of time in seconds a correspondent's grey-list record will be temporarily rejected before being upgraded to a pass.

The tags Grey-Connect: and Grey-To: can be used in the access-map to override this option's value. If a key is found, then the value is processed as a pattern list and the result returned. An integer, in place of an action word, specifies the number of seconds to temporarily reject a client. If several Grey-Connect: and Grey-To: keys are found, then the minimum value is used. Specify zero (0) seconds to disable grey listing.

grey-temp-fail-ttl=90000

Cache time-to-live in seconds to retain grey-list record that are in the temporary rejection state.

+helo-claims-us

Drop any host that claims to be from a domain we are responsible for in the HELO/EHLO argument.

-helo-ip-mismatch

Drop any host that specifies an IP address as the HELO argument that does not correspond to the connecting client's IP, excluding RFC 3330 IP addresses reserved for LANs.

-helo-is-ptr

If the HELO argument is the same as the PTR name and the PTR record is an instance of client IP-in-PTR, then reject the HELO command. See also client-is-mx.

±help

help=filepath

Write the option summary to standard output and exit. The output is suitable for use as an option file. For Windows this option can be assigned a file path string to save the output to a file, eg. help=./smtpf.cf.txt

http-timeout=60

Socket timeout used when testing HTTP links.

idle-retest-timer=300

Periodically reapply some tests, such as dns-bl, on long running connections. Specify zero (0) to disable.

±info

Write the configuration and compile time options to standard output and exit.

interfaces=[::0]:25; 0.0.0.0:25

A semi-colon separared list of interface host names or IP addresses on which to bind and listen for new connections. They can be IPv4 and/or IPv6.

ixhash-bl=

A list of MD5 iXhash based BL suffixes to consult. Aggregate lists are supported using suffix/mask. Without a /mask, suffix is the same as suffix/0x00FFFFFE.

lickey-file=/etc/smtpf/lickey.txt

The license key file.

-lint

Lint SMTP sessions and messages for as many issues as possible. A report of the results is sent to postmaster. This option requires a special license key.

mail-bl=

A list of MD5 based MAIL BL suffixes to consult. Aggregate lists are supported using suffix/mask. Without a /mask, suffix is the same as suffix/0x00FFFFFE.

mail-bl-domains=gmail.*

mail-bl-domains+=googlemail.*

mail-bl-domains+=hotmail.*

mail-bl-domains+=yahoo.*

mail-bl-domains+=aol.*

mail-bl-domains+=aim.*

mail-bl-domains+=live.*

mail-bl-domains+=ymail.com

mail-bl-domains+=rocketmail.com

mail-bl-domains+=centrum.cz

mail-bl-domains+=centrum.sk

mail-bl-domains+=inmail24.com

mail-bl-domains+=libero.it

mail-bl-domains+=mail2world.com

mail-bl-domains+=msn.com

mail-bl-domains+=she.com

mail-bl-domains+=shuf.com

mail-bl-domains+=sify.com

mail-bl-domains+=terra.es

mail-bl-domains+=tiscali.it

mail-bl-domains+=ubbi.com

mail-bl-domains+=virgilio.it

mail-bl-domains+=voila.fr

mail-bl-domains+=walla.com

mail-bl-domains+=y7mail.com

mail-bl-domains+=yeah.net

A list of domain glob-like patterns for which to test against mail-bl, typically free mail services. This reduces the load on public BLs. Specify * to test all domains, empty list to disable.

mail-bl-headers=From;Reply-To

A list of mail headers to parse for mail addresses and check against one or more MAIL BL. Specify the empty list to disable.

mail-bl-max=10

Maximum number of unique mail addresses to check. Specify zero for unlimited.

mail-bl-policy=reject

If the message contains a black listed mail address found by mail-bl the apply one of the following policies: none, reject, or discard.

+mail-require-mx

Reject if the sender's domain has no MX record.

-mail-retest-client

If set, recheck the client IP every message transaction. A client's IP could be black listed locally or by a DNS BL during a message transaction and would be caught starting with the next transaction.

Message Length Controls

The tags Length-Connect:, Length-From:, and Length-To: can be used in the access-map.

If a key is found, then the value is processed as a pattern list and the result returned. A size limit is specified in place of an action, and is the maximum number of octets permitted per message. it is expressed as a number with an optional scale suffix K (kilo), M (mega), or G (giga). If no size limit is given or is -1, then the message can be any length (ULONG_MAX).

When there are multiple message size limits possible, then the limit applied, in order of precedence is: maximum value of all relevant Length-To:, Length-From:, or Length-Connect:.

Message Limit Controls

The tags Msg-Limit-Connect:, Msg-Limit-From:, and Msg-Limit-To: can be used in the access-map.

If a key is found, then the value is processed as a pattern list and the result returned. A message limit is specified in place of an action and has the following format:

messages '/' time [unit]

which is the number of messages per time interval. The time unit specifier can be one of week, day, hour, minute, or seconds (note only the first letter is significant). Specify a negative number for messages to disable a limit.

When there are multiple message limits possible, then the limit applied, in order of precedence is: Msg-Limit-To:, Msg-Limit-From:, and Msg-Limit-Connect.

ns-bl=

A list of name based NS BL suffixes to consult. Aggregate lists are supported using suffix/mask. Without a /mask, suffix is the same as suffix/0x00FFFFFE.

ns-a-bl=

A comma or semi-colon separated list of IP black list suffixes to consult. The host or domain name found in a URI is used to find its DNS NS records and IP address, which are then checked against these IP black lists. Aggregate lists are supported using suffix/mask. Without a /mask, suffix is the same as suffix/0x00FFFFFE.

Null Sender Rate Control

The tag Null-Rate-To: can be used in the access-map. If a key is found, then the value is processed as a pattern list and the result returned. An integer, in place of an action word, specifies the number of DSN/MDN messages per minute allowed. Specify -1 to disable the limit.

+one-rcpt-per-null

When the sender is MAIL FROM:<>, then there can only be one RCPT TO: specified since the null address is only used to return a Delivery Status Notification or Message Disposition Notification to the original sender and it is not possible to have two or more sender's for one message (in theory).

-p0f-mutex

The p0f daemon is a single threaded process, but supposedly fast enough not to require threading or mutex locking. When enabled, a mutex is used to control access to the p0f daemon. (Experimental)

p0f-report-header=X-p0f-Report

The name of the p0f report header. Empty string to disable.

p0f-socket=

When set to the unix domain socket path of the p0f (passive OS finger-printing) server, typically /var/run/p0f.socket, then an X-p0f-Report: header is added to each message containing details about the SMTP client connection. The p0f socket may have to set to world read-writable in order for smtpf to be able to connect. Specify the empty string to disable.

p0f-timeout=60

The p0f I/O timeout in seconds.

±quit

Quit an already running instance and exit.

+rate-drop

When a client exceeds per-client rate connection limits, send a 421 reply and if this option is set, drop the connection, otherwise wait for the client to send the QUIT command.

rate-throttle=20

Overall client connections per second allowed before imposing a one second delay. Specify zero (0) to disable.

+reject-percent-relay

Reject occurrences of % relay hack in addresses.

+reject-quoted-at-sign

Reject occurrences of quoted @-sign in the local-part of the address.

+reject-unknown-tld

Reject top-level-domains not listed by IANA.

+reject-uucp-route

Reject UUCP !-path addresses.

-relay-reply

Relay downstream MTA error responses during RCPT TO: processing to connected clients. Enabling this option might disclose information about internal network structure, present incomplete or out of context errors, have inconsistent message styles from multiple MTAs, and generally appear more confusing than helpful to the connecting client.

±restart

Terminate an already running instance before starting.

±restart-if

Only restart when there is a currently running instance.

-rfc1652-8bitmime

Enables support for RFC 1652 8BITMIME transfers when the client sends EHLO. Note that the support for this is weak, pass through only. If enabled, then all forward hosts must also advertise 8BITMIME, otherwise the behaviour is undefined. See also smtp-enable-esmtp.

+rfc2606-special-domains

When set, use of RFC 2606 reserved domains from the Internet or in mail addresses is rejected. They are the TLDs .test, .example, .invalid, .localhost, and the second level domain .example using any TLD. While not part of RFC 2606, .localdomain and .local are also included. Clients within the LAN and relays are excluded.

+rfc2821-angle-brackets

Strict RFC 2821 grammar requirement for mail addresses be surrounded by angle brackets in MAIL FROM: and RCPT TO: commands.

-rfc2821-command-length

Strict RFC 2821 command line length limit.

-rfc2821-domain-length

Strict RFC 2821 domain name length limit.

-rfc2821-extra-spaces

Strict RFC 2821 grammar requirement that SMTP commands not contain any supurious white spaces.

-rfc2821-line-length

Strict RFC 2821 data line length limit.

-rfc2821-literal-plus

Treat plus-sign as itself; not a sendmail plussed address.

-rfc2821-local-length

Strict RFC 2821 local-part length limit.

-rfc2821-pad-reply-octet=

Specify a printable padding octet, then SMTP replies are padded out to the maximum reply line length of 512 bytes as sepecified in RFC 2821 section 4.5.3.1. Specify an empty string to disable padding.

-rfc2821-strict-dot

Strict RFC 2821 section 4.1.1.4 DATA handling of CRLF-DOT-CRLF sequence.

+rfc2821-strict-helo

Strict RFC 2821 section 4.1.1.1 HELO argument must be a FQDN or ip-domain literal.

-rfc2822-7bit-headers

Strict RFC 2822 7-bit ASCII printable message headers.

-rfc2822-min-headers

Require RFC 2822 minimum required headers.

-rfc2822-missing-eoh

Reject messages missing the RFC 2822 end-of-headers line.

-rfc2822-strict-date

Check Date, Resent-Date, and Received headers for strict RFC 2822 date syntax.

+rfc2920-pipelining

Enables support for RFC 2920 SMTP command pipelining when the client sends EHLO. When there is early input before HELO/EHLO, HELO is used, or EHLO PIPELINING has been disabled by this option, earlier talkers are detected and rejected. See also smtp-enable-esmtp.

route-forward-selection=ordered

The FORWARD host selection policy used when there is more than one FORWARD host. Specify ordered or random. Ordered selection connects to each host in turn until one answers or the list is exhausted. Random selection will randomly connect to hosts from the list until one answers or the list is exhausted.

route-map=sql!/etc/smtpf/route.sq3

The type & location of the route key-value map used for forwarding, authentication, and recipient validation. The following methods are supported:

text!/path/map.txt	R/O text file, in-memory hash
sql!/path/database	An SQLite3 database
socketmap!host:port	Sendmail style socket-map
socketmap!/path/local/socket	Sendmail style socket-map
socketmap!123.45.67.89:port	Sendmail style socket-map
socketmap![2001:0DB8::1234]:port	Sendmail style socket-map

If port is omitted, the default is 7953.

The route-map contains key-value pairs. Lookups are performed from most to least specific, stopping on the first entry found. Keys are case-insensitive. Lookups are the same as for access-map using a route: tag and can include recipient mail address lookups.

If a key is found, then the value is a semicolon separated list of one or more parameters. The three types of parameters are:

RELAY	connecting clients can relay
RCPT: host:port ...	recipient verification list
FORWARD: host:port ...	accept & forward mail list

If the :port is omitted from a host name or IP address, then the default is SMTP port 25. The hosts are tried in the order they were specified. Some examples:

route:127.0.0.1

FORWARD: 127.0.0.1:26; RELAY

Relay mail inbound and outbound for the local host. Unqualifed recipients will be directed to here as well.

route:192.0.2

RELAY

Relay mail outbound for the LAN.

route:example.com

FORWARD: mx.filter.net; RCPT: in.our.net

Forward mail to another mail appliance, but call-ahead to validate recipients deeper inside our network.

route:other.example

RELAY; FORWARD: mx.other.example:8025

Relay mail outbound from client connections that resolve to other.example and forward mail destined for other.example to to an MX listening on a different port.

route:john@some.tld

FORWARD: mx1.baka.tld mx2.baka.tld

Forward mail for this recipient address to one of these two hosts.

run-group=smtpf

Run as this Unix group.

-run-jailed

Run in a chroot jail; run-work-dir used as the new root directory.

run-open-file-limit=1024

The maximum open file limit for the process.

run-pid-file=/var/run/smtpf.pid

The file path of where to save the process-id.

run-user=smtpf

Run as this Unix user.

run-work-dir=/var/tmp

The working directory of the process.

savdid-policy=reject

Policy to apply if message is infected. Specify either none, reject, or discard.

savdid-socket=

The unix domain socket or Internet host[:port] of the savdid server. Specify the empty string to disable savdid scan. The default savdid port is 4010.

savdid-timeout=120

The savdid I/O timeout in seconds.

-save-data

When set, save the DATA content to a file in the save-dir directory. Intended for testing and diagnosis.

save-dir=/var/tmp

A directory where to save temporary message files and/or output for diagnosis.

server-max-threads=0

Maximum number of server threads possible to handle new requests. Specify zero to allow upto the system thread limit.

server-min-threads=10

Minimum number of server threads to keep alive to handle new requests.

server-new-threads=10

Number of new server threads to create when all the existing threads are in use.

±service

Add or remove Windows service.

±slow-quit

Quit an already running instance, waiting for all the connections to terminate, then exit.

siq-score-reject=-1

Reject on or below this score, between 0 and 99; -1 to disable.

siq-score-tag=50

Tag the subject on or below this score, between 0 and 99; -1 to disable.

siq-servers=

Comma separated list of SIQ server host[:port] addresses.

This filter can tag or reject mail according to a score returned by a SIQ Protocol server that grades IP/domain pairs based on the server's reputation criteria. Third-party SIQ servers can provide facts about the reputation of an outbound mail server IP and/or MAIL FROM: domain including: stability, longevity, identifiability, SPF match, RHS type grouping, verified PTR record matching, et al. One such service is already available from Outbound Index. Please check with the service(s) available before using them as some require registration before they will answer queries.

siq-subject-tag=[SPAM]

Subject tag to preprend for messages identified as suspect.

-smtp-auth-enable

When set, enable SMTP AUTH support when EHLO command is given.

+smtp-auth-enable

When set true, ESMTP AUTH clear text method are only available over TLS connection.

-smtp-auth-white

When set, successful SMTP authenticated sessions are white listed through content filters. Otherwise, content filtering is applied. Regardless of this setting, successful SMTP AUTH sessions are always allowed to relay.

smtp-command-timeout=300

SMTP command timeout in seconds.

smtp-connect-timeout=60

SMTP client connection timeout in seconds.

smtp-data-line-timeout=180

SMTP data line timeout in seconds after DATA while collecting message content.

+smtp-delay-checks

Postpone any policy based 5xy rejections until after the first RCPT has been specified. Temporary failures and rejections due to syntax or protocol errors are still reported immediately. This allows recipient white-listing to override policy rejections based on connection, HELO, AUTH, or MAIL arguments.

-smtp-disconnect-after-dot

If the SMTP client drops the connection after sending the dot for end of message, but before the SMTP response is sent indicating whether the message was accepted or not, then the message is discarded and our end of the connection closed.

smtp-dot-timeout=600

Timeout in seconds to wait for a reply to the SMTP final dot sent to the forward hosts.

smtp-drop-after=5

Drop the connection after N temporary and permanently rejected commands, ie. count any 4xy or 5xy responses and eventually drop. Zero to disable.

-smtp-drop-unknown

Drop the connection if client sends an unknown command. To work around Cisco PIX firewalls broken fix-up protocol, this option ignores any command that starts with 'XXX'.

smtp-dsn-reply-to=

When set this is the mail address of the site's postmaster or help desk used for the Reply-To header in DSN error messages. Specify the empty string to disable.

+smtp-enable-esmtp

Enable enhanced SMTP (ESMTP) for all clients. When disabled any hosts marked as RELAY in the route-map or from RFC 3330 private IP addresses will be exempt and always allowed to use ESMTP regardless.

smtp-keep-alive-timeout=60

In some cases, the forwarding of the DATA command is delayed and so we have to keep the forward connection(s) alive until they pass into the DATA state. The timeout is specified in seconds; specify 0 to disable the timeout.

-smtp-reject-delay

When set, exponentially delay the reporting of SMTP temporary and permanent rejects during the SMTP session. After enough rejects the client connection will timeout and be dropped. See also rfc2920-pipelining. and smtp-drop-after.

smtp-reject-file=

The file path of a text file containing a site specific message that will be appended to all SMTP reject responses. This text should contain brief instructions for the sender about who to contact for help. The text can be more than one line. Specify the empty string to disable this message.

smtp-report-header=X-smtpf-Report

The name of the smtpf report header. Empty string to disable.

smtp-server-queue=20

SMTP server connection queue size. This setting is OS specific and tells the kernel how many unanswered connections on the socket it should allow.

-smtp-slow-reply

Impose an throttling delay for all SMTP server replies. This option will most likely result in increased concurrency, which is normal.

-smtp-strict-relay

Only allow outbound messages from our specified relays and where the sender is from one of our routed domains (see route-map).

smtp-welcome-file=/etc/smtpf/welcome.txt

The file path to a text file containing one or more lines used for the SMTP welcome message banner. The 220 status code will be automatically prepended to each line. It is recommended that this message be two or more lines as this has been found to foil some spamware. If an empty string is given, a hard coded default will be used.

spamd-command=CHECK

Specify one of the SPAMD protocol commands: CHECK, SYMBOLS, REPORT, REPORT_IFSPAM to check the message. When used in conjunction with verbose=spamd, more detailed results from spamd will be logged.

spamd-flag-header=X-Spam-Flag

The name of the flag header. Empty string to disable.

spamd-level-header=X-Spam-Level

The name of the level header. Empty string to disable.

spamd-max-size=0

Max. number of kilobytes to pass to spamd, 0 for unlimited.

+spamd-reject-sender-marked-spam

When an X-Spam-Status header is supplied by the sender, then check their claimed score against spamd-score-reject and reject if they exceed it. Else if an "X-Spam-Flag: YES" header is supplied by the sender, then reject the message. If the sender thought it was spam, why would we want it? Otherwise the message will be scanned and scored as per usual.

spamd-report-header=X-Spam-Report

The name of the report header. Empty string to disable.

spamd-score-reject=10

When spamd returns a score greater than or equal to this value then the message will be rejected. Specify -1 to never reject.

spamd-socket=

The unix domain socket or Internet host[:port] of the spamd server. Specify the empty string to disable spamd scan. The default spamd port is 783.

spamd-status-header=X-Spam-Status

The name of the status header. Empty string to disable.

spamd-subject-tag=[SPAM]

When the score is greater than or equal to SpamAssassin's required_score and less than spamd-score-reject (when not disabled), then the Subject header is prepended with this tag to identify suspect messages. Specify the empty string to disable the subject tag.

spamd-timeout=120

The spamd I/O timeout in seconds.

spf-best-guess-txt=

If the initial SPF test does not yield a Pass for any reason, then we check this "best guess" TXT record (eg. v=spf1 a/24 mx/24 ptr) to see if it yields a Pass result. Otherwise use the original SPF result.

spf-helo-policy=

Check HELO argument and act according to a comma separated list: softfail-reject, softfail-tag, fail-reject, fail-tag Example: spf-helo-policy=fail-reject

spf-mail-policy=fail-reject

Check MAIL FROM: domain and act according to a comma separated list: softfail-reject, softfail-tag, fail-reject, fail-tag Example: spf-mail-policy=softfail-reject,fail-reject

+spf-received-spf-headers

Add Received-SPF: headers with results of HELO and MAIL FROM: checks.

+spf-temp-error-dns

RFC 4408 specifies that DNS lookup failures should return a TempError result. However, there are many broken SPF records that rely on other domains that may no longer exist or have connectity problems. Disabling this option allows such failures to be ignored and the remainder of the SPF record to be processed in hopes of finding a result.

stats-http-pass=

HTTP password for restricted access.

stats-http-post=

Specify an HTTP URL used to gather statistic data each garabage collection run. Specify the empty string to disable. The data sent has the same format as the STAT command output. Runtime, hourly, and 60 minute window data including route stats are all sent.

stats-http-user=

HTTP user name for restricted access.

stats-map=sql!/var/db/smtpf/stats.sq3

This option specifies the cache type and path used to record hourly statistic counters. Specify the empty string to disable. This file is updated according to the cache-gc-interval. Note that it is the responsibility of the data gatherer process to expire old entries from this file, otherwise it will grow indefinitely.

The following map methods are supported:

file!/path/map.txt	R/W Berstein string file, in-memory hash
text!/path/map.txt	R/O text file, in-memory hash
sql!/path/database	An SQLite3 database
socketmap!host:port	Sendmail style socket-map
socketmap!/path/local/socket	Sendmail style socket-map
socketmap!123.45.67.89:port	Sendmail style socket-map
socketmap![2001:0DB8::1234]:port	Sendmail style socket-map

If port is omitted, the default is 7953.

The stats-map contains key-value pairs. The key is the current hour specified as "YYYYMMDDHH" and the value is a white space separated list of hex values, the first two being the process start time in seconds from the epoch and the last update time in seconds from the epoch followed by the counters (see STAT).

time-limit-delimiters=

A string of characters that can be used to indicate a time limit field in the local part of a recipient address. Specify the empty string to disable. Characters that can be used are defined in RFC 5322 "atext". They are:

! # $ % & ' * + - / = ? ^ _ ` { | } ~ .

Note that dot (.) is fairly common and should not be used. Also sendmail and postfix treat plus (+) and hyphen (-) specially and are not recommended. Percent (%) was used for an old routing synatx, which may be rejected by sites and not recommeded.

The delimiter indicates the start of a time limit field, which is an optional non-numeric informational token followed by a series of 4 to 12 decimal digits. The digits represents "YYYY[MM[DD[hh[mm]]]]" of the expire time when this recipient address is no longer valid and will be rejected. The delimiter and time limit field can appear any where in the user portion of the address and are removed before forwarding the receipient.

Examples using the address <john.smith@domain.example> and delimiter dollar-sign ($):

<john.smith$20080401@domain.example>
<$token_word20080401john.smith@domain.example>
<john$mail.list.name20080401.smith@domain.example>

tld-level-one-file=

The absolute file path of a text file, containing white space separated list of global and country top level domains (without any leading dot), eg. biz com info net org eu fr uk. This list will override the built-in list.

tld-level-two-file=

The absolute file path of a text file, containing white space separated list of two-level domains (without any leading dot), eg. co.uk ac.uk com.au gouv.fr tm.fr. This list will override the built-in list.

tls-cert-chain-file=

The file path for a collection of CA root certificates as a PEM formatted chain file.

tls-cert-dir=

The directory path for individual CA certificates in PEM format.

tls-server-cert=

The file path of the server's public certificate in PEM format.

tls-server-dh=

The path of an optional Diffie-Hellman parameter file in PEM format.

tls-server-key=

The file path of the server's private key in PEM format.

tls-server-key-pass=

The server key password, if required; otherwise an empty string.

trap-dir=/var/tmp

A directory where to save temporary message files and/or output marked by TRAP action for diagnosis.

uri-bl=

Extract from text, HTML, and/or MIME encoded messages bodies URIs such as http: and mailto: links, then check one or more URI black lists. Give a list of domain based DNS BL suffixes to consult, like .multi.surbl.org. Aggregate lists are supported using suffix/mask. Without a /mask, suffix is the same as suffix/0x00FFFFFE.

The tag Body: can be used in the access-map to white-list domains found within the message, for example w3c.org or google.com.

uri-bl-headers=

A semi-colon separated list of mail headers to parse for URI and check against one or more URI BL. Specify the empty list to disable.

-uri-bl-helo

Check if the HELO/EHLO argument is black listed using uri-dns-bl and/or uri-bl.

-uri-bl-mail

Check if the domain of the MAIL FROM: argument is black listed using uri-dns-bl and/or uri-bl.

uri-bl-policy=reject

Check if the message contains a black listed URI found by uri-bl or uri-dns-bl. Specify one of none, reject, or discard. When set to none, the test is disabled.

-uri-bl-ptr

Check if the PTR result is black listed using uri-dns-bl and/or uri-bl.

+uri-cite-list

When enabled, URI BL based rejection will cite the black list used.

uri-dns-bl=

Extract from text, HTML, and/or MIME encoded messages bodies URIs such as http: and mailto: links, then consult one or more IP black lists. Give a list of IP based DNS BL suffixes to consult, like sbl-xbl.spamhaus.org. Aggregate lists are supported using suffix/mask. Without a /mask, suffix is the same as suffix/0x00FFFFFE.

The tag Body: can be used in the access-map to white-list domains found within the message, for example w3c.org or google.com.

-uri-ip-in-name

For each URI, apply a pattern heuristic to the host's name and reject if it looks like it is composed from it's IP address.

-uri-ip-in-ns

For each URI, apply a pattern heuristic to the host's NS server names and reject if any look like they are composed from their IP addresses.

uri-links-policy=none

Test if message contains a broken URL and apply policy if found. Specify one of none, reject, or discard. When set to none, the test is disabled.

uri-max-test=10

Maximum number of unique URI to check. Specify zero for unlimited.

-uri-ns-nxdomain

Reject if a URI's NS host is in a non-existant domain.

-uri-reject-on-timeout

Reject any URI host/domain that times out while looking up DNS A records.

-uri-reject-unknown

Reject any URI host/domain that does not exist.

-uri-require-domain

Reject URLs that specify a scheme and refer to a bare IP address.

uri-require-ptr=0

Reject any URI where the host name is missing a PTR record for any of its IP addresses. Specify the minimum number of IP addresses a host must have before applying this test; zero to disable.

-uri-sub-domains

When querying against name based black lists, like .multi.surbl.org or .black.uribl.com, first test the registered domain, then any sub-domains from right-to-left. Typically sub-domains are not listed on URI black lists.

-uri-valid-soa

For each URI found, check that the domain has a valid SOA and reject otherwise.

verbose=warn,info

Verbose logging to system mail log. Specify one or more comma separated words: access attachment auth avastd cache clamd connect data db debug digest dns dupmsg emew fpscand grey headers helo info kvm mail mutex noop p0f rate rbl rcpt rset sav savdid save size smtp smtp-data smtp-dot socket-fd spamd spf stats subject timelimitrcpt timers trace uri warn

- TOP -

Copyright 2006, 2016 by SnertSoft. All rights reserved.
BarricadeMX trademark & patents pending.