123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263 |
- <!DOCTYPE html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><meta name="keywords" content="GNU, Emacs, Libre Software, Hurd, Guile, Guix" /><meta name="description" content="GNUcode.me is a website focusing on libre software projects, especially the GNU project." /><link type="application/atom+xml" rel="alternate" title="GNUcode.me -- Feed" href="/feed.xml" /><a rel="me" href="https://fosstodon.org/@thegnuguy"></a><link type="text/css" href="css/footer.min.css" rel="stylesheet"></link><link type="text/css" href="css/header.min.css" rel="stylesheet"></link><link type="text/css" href="css/main.min.css" rel="stylesheet"></link><title>Status Update May 2022 — GNUcode.me</title></head><body><header><nav><ul><li><a href="index.html">GNUcode.me</a></li><li><a href="services.html">Services</a></li><li><a href="business-ideas.html">Business-ideas</a></li><li><a href="about.html">About</a></li></ul></nav></header><h1>Status Update May 2022</h1><main><section class="basic-section-padding"><article><h3>by Joshua Branson — May 03, 2022</h3><div><p>I have worked more this month on polishing/cleaning up my currect records for
- opensmtpd. I am still finding more things to do, but I am satisified with
- current code base. It is starting to feel like I have less and less things to do.</p><p>I have also written some preleminary documentation. The OpenBSD folks’ <code>man smtpd.conf</code>’ is a work of art. Seriously go read it. I have shamelessly copied
- numerous portions of that documentation to create my own monstrosity.</p><p>Whoever ends up committing my code for OpenBSD’s configuration for guix, will
- probably have to revise my rough draft of a document. But at least there is
- visible forward movement in the project. Here is that documentation that I was
- telling you about:</p><p>Apologies for the weird exported documentation...</p><h1>OpenSMTPD Service documentation</h1><p>OpenSMTPD is an easy-to-use mail transfer agent (MTA). Its configuration file is
- throughly documented in man 5 <code>smtpd.conf</code>. OpenSMTPD <strong>listens</strong> for incoming
- mail and <strong>matches</strong> the mail to <strong>actions</strong>. The following records represent those
- stages: <code><opensmtpd-listen-on-configuration></code>,
- <code><opensmtpd-listen-on-socket-configuration>=, =<opensmtpd-match-configuration></code>,
- <code><opensmtpd-action-local-delivery-configuration></code>, and
- <code><opensmtpd-action-relay-configuration></code>.</p><p>Additionally, each <code><opensmtpd-listen-on-configuration></code> and
- <code><opensmtpd-listen-on-socket-configuration></code> may use a list of
- <code><opensmtpd-filter-configuration></code>, and/or
- <code><opensmtpd-filter-phase-configuration></code> records to filter email/spam. Also
- numerous records’ fieldnames use <code><opensmtpd-table-configuration></code> to hold lists
- or key value pairs of data.</p><p>A simple example configuration is below:</p><pre><code>(let ((smtp.gnu.org (opensmtpd-pki-configuration
- (domain "smtp.gnu.org")
- (cert "file.cert")
- (key "file.key"))))
- (service opensmtpd-service-type
- (opensmtpd-configuration
- (listen-ons (list
- (opensmtpd-listen-on-configuration
- (pki smtp.gnu.org))
- (opensmtpd-listen-on-configuration
- (pki smtp.gnu.org)
- (secure-connection "smtps"))))
- (matches (list
- (opensmtpd-match-configuration
- (action
- (opensmtpd-action-local-delivery-configuration
- (name "local-delivery"))))
- (opensmtpd-match-configuration
- (action
- (opensmtpd-action-relay-configuration
- (name "relay")))))))))</code></pre><ul><li><p>Scheme Variable: opensmtpd-service-type</p><p>Service type for the OpenSMTPD (<a href="https://www.opensmtpd.org">https://www.opensmtpd.org</a>) email server. The
- value for this service type is a <code><opensmtpd-configuration></code> record.</p></li><li><p>Data Type: opensmtpd-configuration</p><p>Data type representing the configuration of OpenSMTPD.</p><ul><li><p><code>package</code> (default: <code>opensmtpd</code>)</p><p>The OpenSMTPD package to use.</p></li><li><p><code>config-file</code> (default: <code>#f</code>)</p><p>File-like object of the OpenSMTPD configuration file to use. By default it
- listens on the loopback network interface, and allows for mail from users
- and daemons on the local machine, as well as permitting email to remote
- servers. Run <code>man smtpd.conf</code> for more information.</p></li><li><p><code>bounce</code> (default: <code>(list "4h")</code>)</p><p><code>bounce</code> is a list of strings, which send warning messages to the envelope
- sender when temporary delivery failures cause a message to remain in the
- queue for longer than string <span class="underline">delay</span>. Each string <span class="underline">delay</span> parameter consists
- of a string beginning with a positive decimal integer and a unit s, m, h,
- or d. At most four delay parameters can be specified.</p></li><li><p><code>listen-ons</code> (default: <code>(list (opensmtpd-listen-on-configuration))</code> )</p><p><code>listen-ons</code> is a list of <code><opensmtpd-listen-on-configuration></code> records.
- This list details what interfaces and ports OpenSMTPD listens on as well as
- other information.</p></li><li><p><code>listen-on-socket</code> (default: <code>(opensmtpd-listen-on-socket-configuration-configuration)</code> )</p><p>Listens for incoming connections on the Unix domain socket.</p></li><li><p><code>includes</code> (default: <code>#f</code>)</p><p><code>includes</code> is a list of string <span class="underline">filenames</span>. Each filename’s contents is
- additional configuration that is inserted into the top of the configuration
- file.</p></li><li><p><code>matches</code> default:</p><pre><code>(list (opensmtpd-match-configuration
- (action (opensmtpd-action-local-delivery-configuration
- (name "local")
- (method "mbox")))
- (for (opensmtpd-option-configuration
- (option "for local"))))
- (opensmtpd-match-configuration
- (action (opensmtpd-action-relay-configuration
- (name "outbound")))
- (from (opensmtpd-option-configuration
- (option "from local")))
- (for (opensmtpd-option-configuration
- (option "for any")))))</code></pre><p><code>matches</code> is a list of <code><opensmtpd-match-configuration></code> records, which
- matches incoming mail and sends it to a correspending action. The match
- records are evaluated sequentially, with the first match winning. If an
- incoming mail does not match any match records, then it is rejected.</p></li><li><p><code>mta-max-deferred</code> (default: <code>100</code>)</p><p>When delivery to a given host is suspended due to temporary failures, cache
- at most <span class="underline">number</span> envelopes for that host such that they can be delivered as
- soon as another delivery succeeds to that host. The default is 100.</p></li><li><p><code>queue</code> (default: <code>#f</code>)</p><p><code>queue</code> expects an <code><opensmtpd-queue-configuration></code> record. With it, one may
- compress and encrypt queue-ed emails as well as set the default expiration
- time for temporarily undeliverable messages.</p></li><li><p><code>smtp</code> (default: <code>#f</code>)</p><p><code>smtp</code> expects an <code><opensmtpd-smtp-configuration></code> record, which lets one
- specifiy how large email may be along with other settings.</p></li><li><p><code>srs</code> (default: <code>#f</code>)</p><p><code>srs</code> expects an <code><opensmtpd-srs-configuration></code> record, which lets one set
- up SRS, the Sender Rewritting Scheme.</p></li></ul></li><li><p>Data Type: opensmtpd-listen-on-configuration</p><p>Data type representing the configuration of an
- <code><opensmtpd-listen-on-configuration></code>. Listen on the fieldname <code>interface</code> for
- incoming connections, using the same syntax as for ifconfig(8). The interface
- parameter may also be an string interface group, an string IP address, or a
- string domain name. Listening can optionally be restricted to a specific
- address fieldname <code>family</code>, which can be either “inet4” or “inet6”.</p><ul><li><p><code>interface</code> (default: “lo”)</p><p>The string interface to listen for incoming connections. These interface can
- usually be found by the command <code>ip link</code>.</p></li><li><p><code>family</code> (default: <code>#f</code>)</p><p>The string IP family to use. Valid strings are “inet4” or “inet6”.</p></li><li><p><code>auth</code> (default: <code>#f</code>)</p><p>Support SMTPAUTH: clients may only start SMTP transactions after successful
- authentication. If <code>auth</code> is <code>#t</code>, then users are authenticated against
- their own normal login credentials. Alternatively <code>auth</code> may be an
- <code><opensmtpd-table-configuration></code> whose users are authenticated against
- their passwords.</p></li><li><p><code>auth-optional</code> (default: <code>#f</code>)</p><p>Support SMTPAUTH optionally: clients need not authenticate, but may do so.
- This allows the <code><opensmtpd-listen-on-configuration></code> to both accept
- incoming mail from untrusted senders and permit outgoing mail from
- authenticated users (using <code><opensmtpd-match-configuration></code> fieldname
- <code>auth</code>). It can be used in situations where it is not possible to listen on
- a separate port (usually the submission port, 587) for users to
- authenticate.</p></li><li><p><code>filters</code> (default: <code>#f</code>)</p><p>A list of one or many <code><opensmtpd-filter-configuration></code> or
- <code><opensmtpd-filter-phase-configuration></code> records. The filters are applied
- sequentially. These records listen and filter on connections handled by this
- listener.</p></li><li><p><code>hostname</code> (default: <code>#f</code>)</p><p>Use string “hostname” in the greeting banner instead of the default server
- name.</p></li><li><p><code>hostnames</code> (default: <code>#f</code>)</p><p>Override the server name for specific addresses. Use a
- <code><opensmtpd-table-configuration></code> containing a mapping of string IP
- addresses to hostnames. If the address on which the connection arrives
- appears in the mapping, the associated hostname is used.</p></li><li><p><code>mask-src</code> (default: <code>#f</code>)</p><p>If <code>#t</code>, then omit the from part when prepending “Received” headers.</p></li><li><p><code>disable-dsn</code> (default: <code>#f</code>)</p><p>When <code>#t</code>, then disable the DSN (Delivery Status Notification) extension.</p></li><li><p><code>pki</code> (default: <code>#f</code>)</p><p>For secure connections, use an <code><opensmtpd-pki-configuration></code>
- to prove a mail server’s identity.</p></li><li><p><code>port</code> (default: <code>#f</code>)</p><p>Listen on the <span class="underline">integer</span> port instead of the default port of 25.</p></li><li><p><code>proxy-v2</code> (default: <code>#f</code>)</p><p>If <code>#t</code>, then support the PROXYv2 protocol, rewriting appropriately source
- address received from proxy.</p></li><li><p><code>received-auth</code> (default: <code>#f</code>)</p><p>If <code>#t</code>, then in “Received” headers, report whether the session was
- authenticated and by which local user.</p></li><li><p><code>senders</code> (default: <code>#f</code>)</p><p>Look up the authenticated user in the supplied
- <code><opensmtpd-table-configuration></code> to find the email addresses that user is
- allowed to submit mail as.</p></li><li><p><code>secure-connection</code> (default: <code>#f</code>)</p><p>This is a string of one of these options:</p></li></ul></li></ul><blockquote><pre><code> |----------------------+---------------------------------------------|
- | "smtps" | Support SMTPS, by default on port 465. |
- |----------------------+---------------------------------------------|
- | "tls" | Support STARTTLS, by default on port 25. |
- |----------------------+---------------------------------------------|
- | "tls-require-verify" | Like tls, but force clients to establish |
- | | a secure connection before being allowed to |
- | | start an SMTP transaction. With the verify |
- | | option, clients must also provide a valid |
- | | certificate to establish an SMTP session. |
- |----------------------+---------------------------------------------|</code></pre></blockquote><pre><code>- `tag` (default: `#f`)
-
- Clients connecting to the listener are tagged with the given string tag.</code></pre><ul><li><p>Data Type: opensmtpd-listen-on-socket-configuration</p><p>Data type representing the configuration of an
- <code><opensmtpd-listen-on-socket-configuration></code>. Listen for incoming SMTP
- connections on the Unix domain socket <code>/var/run/smtpd.sock</code>. This is done by
- default, even if the directive is absent.</p><ul><li><p><code>filters</code> (default: <code>#f</code>)</p><p>A list of one or many <code><opensmtpd-filter-configuration></code> or
- <code><opensmtpd-filter-phase-configuration></code> records. These filter incoming
- connections handled by this listener.</p></li><li><p><code>mask-src</code> (default: <code>#f</code>)</p><p>If <code>#t</code>, then omit the from part when prepending “Received” headers.</p></li><li><p><code>tag</code> (default: <code>#f</code>)</p><p>Clients connecting to the listener are tagged with the given string tag.</p></li></ul></li><li><p>Data Type: opensmtpd-match-configuration</p><p>This data type represents the configuration of an
- <code><opensmtpd-match-configuration></code> record.</p><p>If at least one mail envelope matches the options of one match record, receive
- the incoming message, put a copy into each matching envelope, and atomically
- save the envelopes to the mail spool for later processing by the respective
- <code><opensmtpd-action-configuration></code> found in fieldname <code>action</code>.</p><ul><li><p><code>action</code> (default: <code>#f</code>)</p><p>If mail matches this match configuration, then do this action. Valid values
- include <code><opensmtpd-action-local-delivery-configuration></code> or
- <code><opensmtpd-action-relay-configuration></code>.</p></li><li><p><code>options</code> (default: <code>#f</code>) <code><opensmtpd-option-configuration></code>
- The fieldname ’option’ is a list of unique
- <code><opensmtpd-option-configuration></code> records.</p><p>Each <code><opensmtpd-option-configuration></code> record’s fieldname ’option’ has some
- mutually exclusive options: there can be one “for” and one “from” option.</p><p>The following matching options are supported and can all be negated via (not
- #t). The options that support a table (anything surrounded with ’<’ and ’>’
- eg: <table>), also support specifying regex via (regex #t).</p><ul><li><p><code>for any</code></p><p>Specify that session may address any destination.</p></li><li><p><code>for local</code></p><p>Specify that session may address any local domain. This is the default,
- and may be omitted.</p></li><li><p><code>for domain _domain_ | <domain></code></p><p>Specify that session may address the string or list table <span class="underline">domain</span>.</p></li><li><p><code>for rcpt-to _recipient_ | <recipient></code></p><p>Specify that session may address the string or list table <span class="underline">recipient</span>.</p></li><li><p><code>from any</code></p><p>Specify that session may originate from any source.</p></li><li><p><code>from auth</code></p><p>Specify that session may originate from any authenticated user, no matter
- the source IP address.</p></li><li><p><code>from auth _user_ | <user></code></p><p>Specify that session may originate from authenticated <span class="underline">user</span> or user list
- user, no matter the source IP address.</p></li><li><p><code>from local</code></p><p>Specify that session may only originate from a local IP address, or from
- the local enqueuer. This is the default, and may be omitted.</p></li><li><p><code>from mail-from _sender_ | <sender></code></p><p>Specify that session may originate from <span class="underline">sender</span> or table <span class="underline">sender</span>, no
- matter the source IP address.</p></li><li><p><code>from rdns</code></p><p>Specify that session may only originate from an IP address that resolves
- to a reverse DNS.</p></li><li><p><code>from rdns _hostname_ | <hostname></code></p><p>Specify that session may only originate from an IP address that resolves
- to a reverse DNS matching string or list string <span class="underline">hostname</span>.</p></li><li><p><code>from socket</code></p><p>Specify that session may only originate from the local enqueuer.</p></li><li><p><code>from src _address_ | <address></code></p><p>Specify that session may only originate from string or list table address
- which can be a specific <span class="underline">address</span> or a subnet expressed in CIDR-notation.</p></li><li><p><code>auth</code></p><p>Matches transactions which have been authenticated.</p></li><li><p><code>auth _username_ | <username></code></p><p>Matches transactions which have been authenticated for user or user list
- <span class="underline">username</span>.</p></li><li><p><code>helo _helo-name_ | <helo-name></code></p><p>Specify that session’s HELO / EHLO should match the string or list table
- <span class="underline">helo-name</span>.</p></li><li><p><code>mail-from _sender_ | <sender></code></p><p>Specify that transactions’s MAIL FROM should match the string or list
- table <span class="underline">sender</span>.</p></li><li><p><code>rcpt-to _recipient_ | <recipient></code></p><p>Specify that transaction’s RCPT TO should match the string or list table
- <span class="underline">recipient</span>.</p></li><li><p><code>tag tag</code>
- Matches transactions tagged with the given <span class="underline">tag</span>.</p></li><li><p><code>tls</code>
- Specify that transaction should take place in a TLS channel.</p></li></ul><p>Here is a simple example:</p><pre><code>(opensmtpd-option-configuration
- (not #t)
- (regex #f)
- (option "for domain")
- (data (opensmtpd-table-configuration
- (name "domain-table")
- (data (list "gnu.org" "dismail.de")))))</code></pre><p>The mail must NOT come from the domains <code>gnu.org</code> or <code>dismail.de</code>.</p></li><li><p>Data Type: opensmtpd-option-configuration</p></li></ul></li><li><p>Data Type: opensmtpd-action-local-delivery-configuration</p><p>This data type represents the configuration of an
- <code><opensmtpd-action-local-delivery-configuration></code> record.</p><ul><li><p><code>name</code> (default: <code>#f</code>)</p><p><code>name</code> is the string name of the relay action.</p></li><li><p><code>method</code> (default: <code>"mbox"</code>)</p><p>The email delivery option. Valid options are:</p><ul><li><p><code>"mbox"</code></p><p>Deliver the message to the user’s mbox with mail.local(8).</p></li><li><p><code>"expand-only"</code></p><p>Only accept the message if a delivery method was specified in an aliases
- or <span class="underline">.forward file</span>.</p></li><li><p><code>"forward-only"</code></p><p>Only accept the message if the recipient results in a remote address after
- the processing of aliases or forward file.</p></li><li><p><code><opensmtpd-lmtp-configuration></code></p><p>Deliver the message to an LMTP server at
- <code><opensmtpd-lmtp-configuration></code>’s fieldname <code>destination</code>. The location
- may be expressed as string host:port or as a UNIX socket. Optionally,
- <code><opensmtpd-lmtp-configuration></code>’s fieldname <code>rcpt-to</code> might be specified
- to use the recipient email address (after expansion) instead of the local
- user in the LMTP session as RCPT TO.</p></li><li><p><code><opensmtpd-maildir-configuration></code></p><p>Deliver the message to the maildir in
- <code><opensmtpd-maildir-configuration></code>’s fieldname <code>pathname</code> if specified,
- or by default to <code>~/Maildir</code>.</p><p>The pathname may contain format specifiers that are expanded before use
- (see the below section about Format Specifiers).</p><p>If <code><opensmtpd-maildir-configuration></code>’s record fieldname <code>junk</code> is <code>#t</code>,
- then message will be moved to the ‘Junk’ folder if it contains a positive
- ‘X-Spam’ header. This folder will be created under fieldname <code>pathname</code> if
- it does not yet exist.</p></li><li><p><code><opensmtpd-mda-configuration></code></p><p>Delegate the delivery to the <code><opensmtpd-mda-configuration></code>’s fieldname
- <code>command</code> (type string) that receives the message on its standard input.</p><p>The <code>command</code> may contain format specifiers that are expanded before use
- (see Format Specifiers).</p></li></ul></li><li><p><code>alias</code> (default: <code>#f</code>)</p><p>Use the mapping table for aliases expansion. <code>alias</code> is an
- <code><opensmtpd-table-configuration></code>.</p></li><li><p><code>ttl</code> (default: <code>#f</code>)</p><p><code>ttl</code> is a string specify how long a message may remain in the queue. It’s
- format is <code>n{s|m|h|d}</code>. eg: “4m” is four minutes.</p></li><li><p><code>user</code> (default: <code>#f</code> )</p><p><code>user</code> is the string username for performing the delivery, to be looked up
- with getpwnam(3).</p><p>This is used for virtual hosting where a single username is in charge of
- handling delivery for all virtual users.</p><p>This option is not usable with the mbox delivery method.</p></li><li><p><code>userbase</code> (default: <code>#f</code>)</p><p><code>userbase</code> is an <code><opensmtpd-table-configuration></code> record for mapping user
- lookups instead of the getpwnam(3) function.</p><p>The fieldnames <code>user</code> and <code>userbase</code> are mutually exclusive.</p></li><li><p><code>virtual</code> (default: <code>#f</code>)</p><p><code>virtual</code> is an <code><opensmtpd-table-configuration></code> record is used for virtual
- expansion.</p></li></ul></li><li><p>Data Type: opensmtpd-action-relay-configuration</p><p>This data type represents the configuration of an
- <code><opensmtpd-action-relay-configuration></code> record.</p><ul><li><p><code>name</code> (default: <code>#f</code>)</p><p><code>name</code> is the string name of the relay action.</p></li><li><p><code>backup</code> (default: <code>#f</code>)</p><p>When <code>#t</code>, operate as a backup mail exchanger delivering messages to any
- mail exchanger with higher priority.</p></li><li><p><code>backup-mx</code> (default: <code>#f</code>)</p><p>Operate as a backup mail exchanger delivering messages to any mail exchanger
- with higher priority than mail exchanger identified as string name.</p></li><li><p><code>helo</code> (default: <code>#f</code>)</p><p>Advertise string heloname as the hostname to other mail exchangers during
- the HELO phase.</p></li><li><p><code>helo-src</code> (default: <code>#f</code> )</p><p>Use the mapping <code><openmstpd-table-configuration></code> to look up a hostname
- matching the source address, to advertise during the HELO phase.</p></li><li><p><code>domain</code> (default: <code>#f</code>)</p><p>Do not perform MX lookups but look up destination domain in an
- <code><opensmtpd-table-configuration></code> and use matching relay url as relay host.</p></li><li><p><code>host</code> (default: <code>#f</code>)</p><p>Do not perform MX lookups but relay messages to the relay host described by
- the string relay-url. The format for relay-url is
- <code>[proto://[label@]]host[:port]</code>. The following protocols are available:</p><p>Unless noted, port defaults to 25.</p><p>The label corresponds to an entry in a credentials table, as documented in
- <code>table(5)</code>. It is used with the <code>"smtp+tls"</code> and <code>"smtps"</code> protocols for
- authentication. Server certificates for those protocols are verified by
- default.</p></li><li><p><code>pki</code> (default: <code>#f</code>)</p><p>For secure connections, use the certificate associated with
- <code><opensmtpd-pki-configuration></code> (declared in a pki directive) to prove the
- client’s identity to the remote mail server.</p></li><li><p><code>srs</code> (default: <code>#f</code>)</p><p>If <code>#t</code>, then when relaying a mail resulting from a forward, use the Sender
- Rewriting Scheme to rewrite sender address.</p></li><li><p><code>tls</code> (default: <code>#f</code>) boolean or string “no-verify”</p><p>When <code>#t</code>, Require TLS to be used when relaying, using mandatory STARTTLS by
- default. When used with a smarthost, the protocol must not be
- <code>"smtp+notls://"</code>. When string <code>"no-verify"</code>, then do not require a valid
- certificate.</p></li><li><p><code>auth</code> (default: <code>#f</code>) <code><opensmtpd-table-configuration></code></p><p>Use the alist <code><opensmtpd-table-configuration></code> for connecting to relay-url
- using credentials. This option is usable only with fieldname <code>host</code> option.</p></li><li><p><code>mail-from</code> (default: <code>#f</code>) string</p><p>Use the string <span class="underline">mailaddress</span> as MAIL FROM address within the SMTP transaction.</p></li><li><p><code>src</code> (default: <code>#f</code>) string | <code><opensmtpd-table-configuration></code></p><p>Use the string or <code><opensmtpd-table-configuration></code> sourceaddr for the
- source IP address, which is useful on machines with multiple interfaces. If
- the list contains more than one address, all of them are used in such a way
- that traffic is routed as efficiently as possible.</p></li></ul></li><li><p>Data Type: opensmtpd-filter-configuration</p><p>This data type represents the configuration of an
- <code><opensmtpd-filter-configuration></code>. This is the filter record one should use
- if they want to use an external package to filter email eg: rspamd or
- spamassassin.</p><ul><li><p><code>name</code> (default: <code>#f</code>)</p><p>The string name of the filter.</p></li><li><p><code>proc</code> (default: <code>#f</code>)</p><p>The string command or process name. If <code>proc-exec</code> is <code>#t</code>, <code>proc</code> is
- treated as a command to execute. Otherwise, it is a process name.</p></li><li><p><code>proc-exec</code> (default: <code>#f</code>)</p></li></ul></li><li><p>Data Type: opensmtpd-filter-phase-configuration</p><p>This data type represents the configuration of an
- <code><opensmtpd-filter-phase-configuration></code>.</p><p>In a regular workflow, smtpd(8) may accept or reject a message based only on
- the content of envelopes. Its decisions are about the handling of the message,
- not about the handling of an active session.</p><p>Filtering extends the decision making process by allowing smtpd(8) to stop at
- each phase of an SMTP session, check that options are met, then decide if a
- session is allowed to move forward.</p><p>With filtering via an <code><opensmtpd-filter-phase-configuration></code> record, a
- session may be interrupted at any phase before an envelope is complete. A
- message may also be rejected after being submitted, regardless of whether the
- envelope was accepted or not.</p><ul><li><p><code>name</code> (default: <code>#f</code>)</p><p>The string name of the filter phase.</p></li><li><p><code>phase-name</code> (default: <code>#f</code>)</p><p>The string name of the phase. Valid values are:</p></li><li><p><code>options</code> (default <code>#f</code>)</p><p>A list of unique <code><opensmtpd-option-configuration></code> records.</p><p>At each phase, various options, specified by a list of
- <code><opensmtpd-option-configuration></code>, may be checked. The
- <code><opensmtpd-option-configuration></code>’s fieldname ’option’ values of: “fcrdns”,
- “rdns”, and “src” data are available in all phases, but other data must have
- been already submitted before they are available. Options with a <code><table></code>
- next to them require the <code><opensmtpd-option-configuration></code>’s fieldname
- <code>data</code> to be an <code><opensmtpd-table-configuration></code>. There are the available
- options:</p><p>These conditions may all be negated by setting
- <code><opensmtpd-option-configuration></code>’s fieldname <code>not</code> to <code>#t</code>.</p><p>Any conditions that require a table may indicate that tables include regexs
- setting <code><opensmtpd-option-configuration></code>’s fieldname <code>regex</code> to <code>#t</code>.</p></li><li><p><code>decision</code></p><p>A string decision to be taken. Some decisions require an <code>message</code> or
- <code>value</code>. Valid strings are:</p><p>Decisions that involve a message require that the message be RFC valid,
- meaning that they should either start with a 4xx or 5xx status code.
- Descisions can be taken at any phase, though junking can only happen before
- a message is committed.</p></li><li><p><code>message</code> (default <code>#f</code>)</p><p>A string message beginning with a 4xx or 5xx status code.</p></li><li><p><code>value</code> (default: <code>#f</code>)</p><p>A number value. <code>value</code> and <code>message</code> are mutually exclusive.</p></li></ul></li><li><p>Data Type: opensmtpd-option-configuration</p><p>This data type represents the configuration of an
- <code><opensmtpd-option-configuration></code>, which is used by
- <code><opensmtpd-filter-phase-configuration></code> and <code><opensmtpd-match-configuration></code>
- to match various options for email.</p><ul><li><p><code>conditition</code> (default <code>#f</code>)</p><p>A string option to be taken. Some options require a string or an
- <code><opensmtpd-table-configuration></code> via the fieldname data. When the option
- record is used inside of an <code><opensmtpd-filter-phase-configuration></code>, then
- valid strings are:</p><p>At each phase, various options may be matched. The fcrdns, rdns, and src
- data are available in all phases, but other data must have been already
- submitted before they are available.</p><p>When <code><opensmtpd-option-configuration></code> is used inside of an
- <code><opensmtpd-match-configuration></code>, then valid strigs for fieldname <code>option</code>
- are: “for”, “for any”, “for local”, “for domain”, “for rcpt-to”, “from any”
- “from auth”, “from local”, “from mail-from”, “from rdns”, “from socket”,
- “from src”, “auth”, “helo”, “mail-from”, “rcpt-to”, “tag”, or “tls”.</p></li><li><p><code>data</code> (default <code>#f</code>) <code><opensmtpd-table-configuration></code></p><p>Some options require a table to be present. One would specify that table
- here.</p></li><li><p><code>regex</code> (default: <code>#f</code>) boolean</p><p>Any options using a table may indicate that tables hold regex by
- prefixing the table name with the keyword regex.</p></li><li><p><code>not</code> (default: <code>#f</code>) boolean</p><p>When <code>#t</code>, this option record is negated.</p></li></ul></li><li><p>Data Type: opensmtpd-table-configuration</p><p>This data type represents the configuration of an
- <code><opensmtpd-table-configuration></code>.</p><ul><li><p><code>name</code> (default <code>#f</code>)</p><p><code>name</code> is the name of the <code><opensmtpd-table-configuration></code> record.</p></li><li><p><code>data</code> (default: <code>#f</code>)</p><p><code>data</code> expects a list of strings or an alist, which is a list of
- cons cells. eg: <code>(data (list ("james" . "password")))</code> OR
- <code>(data (list ("gnu.org" "fsf.org")))</code>.</p></li></ul></li><li><p>Data Type: opensmtpd-pki-configuration</p><p>This data type represents the configuration of an
- <code><opensmtpd-pki-configuration></code>.</p><ul><li><p><code>domain</code> (default <code>#f</code>)</p><p><code>domain</code> is the string name of the <code><opensmtpd-pki-configuration></code> record.</p></li><li><p><code>cert</code> (default: <code>#f</code>)</p><p><code>cert</code> (default: <code>#f</code>)</p><p><code>cert</code> is the string certificate filename to use for this pki.</p></li><li><p><code>key</code> (default: <code>#f</code>)</p><p><code>key</code> is the string certificate falename to use for this pki.</p></li><li><p><code>dhe</code> (default: <code>"none"</code>)</p><p>Specify the DHE string parameter to use for DHE cipher suites with host
- pkiname. Valid parameter values are “none”, “legacy”, or “auto”. For “legacy”, a
- fixed key length of 1024 bits is used, whereas for “auto”, the key length is
- determined automatically. The default is “none”, which disables DHE cipher
- suites.</p></li></ul></li><li><p>Data Type: opensmtpd-maildir-configuration</p><ul><li><p><code>pathname</code> (default: <code>"~/Maildir"</code>)</p><p>Deliver the message to the maildir if pathname if specified, or by default
- to <code>~/Maildir</code>.</p><p>The pathname may contain format specifiers that are expanded before use
- (see FORMAT SPECIFIERS).</p></li><li><p><code>junk</code> (default: <code>#f</code>)</p><p>If the junk argument is <code>#t</code>, then the message will be moved to the <code>‘Junk’</code>
- folder if it contains a positive <code>‘X-Spam’</code> header. This folder will be
- created under pathname if it does not yet exist.</p></li></ul></li><li><p>Data Type: opensmtpd-mda-configuration</p><ul><li><p><code>name</code></p><p>The string name for this MDA command.</p></li><li><p><code>command</code></p><p>Delegate the delivery to a command that receives the message on its standard
- input.</p><p>The command may contain format specifiers that are expanded before use (see
- FORMAT SPECIFIERS).</p></li></ul></li><li><p>Data Type: opensmtpd-queue-configuration</p><ul><li><p><code>compression</code> (default <code>#f</code>)</p><p>Store queue files in a compressed format. This may be useful to save disk
- space.</p></li><li><p><code>encryption</code> (default <code>#f</code>)</p><p>Encrypt queue files with EVP<sub>aes</sub><sub>256</sub><sub>gcm</sub>(3). If no key is specified, it is
- read with getpass(3). If the string stdin or a single dash (‘-’) is given
- instead of a key, the key is read from the standard input.</p></li><li><p><code>ttl-delay</code> (default <code>#f</code>)</p><p>Set the default expiration time for temporarily undeliverable messages,
- given as a positive decimal integer followed by a unit s, m, h, or d. The
- default is four days (“4d”).</p></li></ul></li><li><p>Data Type: opensmtpd-smtp-configuration</p><p>Data type representing an <code><opensmtpd-smtp-configuration></code> record.</p><ul><li><p><code>ciphers</code> (default: <code>#f</code>)</p><p>Set the control string for SSL<sub>CTX</sub><sub>set</sub><sub>cipher</sub><sub>list</sub>(3). The default is
- “HIGH:!aNULL:!MD5”.</p></li><li><p><code>limit-max-mails</code> (default: <code>100</code>)</p><p>Limit the number of messages to count for each sessio</p></li><li><p><code>limit-max-rcpt</code> (default: <code>1000</code>)</p><p>Limit the number of recipients to count for each transaction.</p></li><li><p><code>max-message-size</code> (default: <code>35M</code>)</p><p>Reject messages larger than size, given as a positive number of bytes or as
- a string to be parsed with scan<sub>scaled</sub>(3).</p></li><li><p><code>sub-addr-delim character</code> (default: <code>+</code>)</p><p>When resolving the local part of a local email address, ignore the ASCII
- character and all characters following it. This is helpful for email
- filters. <code>"admin+bills@gnu.org"</code> is the same email address as
- <code>"admin@gnu.org"</code>. BUT an email filter can filter emails addressed to first
- email address into a ’Bills’ email folder.</p></li></ul></li><li><p>Data Type: opensmtpd-srs-configuration</p><ul><li><p><code>key</code> (default: <code>#f</code>)</p><p>Set the secret key to use for SRS, the Sender Rewriting Scheme.</p></li><li><p><code>backup-key</code> (default: <code>#f</code>)</p><p>Set a backup secret key to use as a fallback for SRS. This can be used to
- implement SRS key rotation.</p></li><li><p><code>ttl-delay</code> (default: <code>"4d"</code>)</p><p>Set the time-to-live delay for SRS envelopes. After this delay, a bounce
- reply to the SRS address will be discarded to limit risks of forged
- addresses.</p></li></ul></li><li><p>Format Specifiers</p><p>Some configuration records support expansion of their parameters at
- runtime. Such records (for example
- <code><opensmtpd-maildir-configuration></code>, <code><opensmtpd-mda-configuration></code>) may use
- format specifiers which are expanded before delivery or relaying. The
- following formats are currently supported:</p><p>Expansion formats also support partial expansion using the optional bracket notations
- with substring offset. For example, with recipient domain <code>“example.org”</code>:</p><p>In addition, modifiers may be applied to the token. For example, with recipient
- <code>“User+Tag@Example.org”</code>:</p></li></ul></div></article></section></main><footer><p>© 2020 Joshua Branson. The text on this site is free culture under the Creative Commons Attribution Share-Alike 4.0 International license.</p><p>This website is build with Haunt, a static site generator written in Guile Scheme. Source code is <a href="https://notabug.org/jbranso/gnucode.me">available.</a></p><p>The color theme of this website is based off of the famous <a href="#3f3f3f" target="_blank">zenburn</a> theme.</p></footer></body>
|