H-Sphere Documentation Sysadmin Guide

For more information contact us at info@psoft.net

Qmail Configuration
 

Related Docs:  

Qmail Compilation Mail Relays

H-Sphere SMTP Server is represented by Qmail with four antispam add-ons:

  • Fehcom Spamcontrol patch
  • qmail-smtpd badmailfrom-unknown addon
  • Psoft addon that checks if the sender's address in POP-before-SMTP authentication is local and the recipient's address is remote.
  • Psoft addon that checks if domain name in the sender's address matches the domain name used in SMTP authentication.

 

Qmail Configuration Overview

Qmail installation directory is usually /var/qmail. SMTPd configuration files are located in the /var/qmail/control directory. They are also called control files. Each SMTP parameter is configured in its own control file with the same name, for example, /var/qmail/control/smtpauth (see description below.)

To view SMTP server configuration, run the qmail-showctl utility, under root:

# /var/qmail/bin/qmail-showctl

You will get the list of SMTP parameters. Each line in the list has the following format:

smtp_parameter: [(Default.)] Value

Each stmp_parameter may be set in its own control file with the same name located in the /var/qmail/control directory.. The file contains the parameter's value. If the file is not found, the default value is taken and the default notification (Default.) shows up in the configuration list.

Value can be of three types:

  • Text: can be either a line, like @12.34.56.78, or a list, for example a list of addresses in badmailfrom.
    badmailfrom is the file that containts a list of senders mail isn't accepted from.
  • Number, like 1000 in databytes.
    databytes is the file that containts the maximum allowed size of a message.
  • Boolean, like 0 or 1 in smtpauth.
    0 disables SMTP Auth, 1 enables it.

Thus, for example, if you have to enable SMTP Auth, you create/modify the /var/qmail/control/smtpauth control file and put just 1 in it.

Also, text values may contain patterns: wildcard expressions to set the range of emails, domains and IPs for filtering rules.

Control characters in patterns:

  • Exclamation mark (!): allows you to INCLUDE particular clients/addresses by simply putting an exclamation mark (!) as first character in the line.
  • Asterisk (*): General pattern matching character; one or more preceding.
  • Question Mark (?): Match zero or one preceding.
  • Backslash (\): Literal expression of following character, eg. \[.
  • Match one from a set ([...]): i.e. [Ff][Aa][Kk][Ee] matches FAKE, fake, FaKe, FAKe etc.

As an example of patterns, see the canonical method filter for spam e-mail in README_SPAMCONTROL

 

General SMTP Configuration

To adjust Qmail for your server, include the following set of parameters into the standard Qmail configuration. Create respective files with text/integer/boolean values as described in the overview:

  1. tcpsessioncount: the number of concurrent SMTP connections. Default: 40. After setting this parameter, Qmail restart is required.
  2. concurrencyremote: the number of qmail-send processes of message delivery to remote addresses. Default: 20. Max: 120. If Max is exceeded, default is set.
  3. concurrencylocal: the number of qmail-send processes for message delivery to local addresses. Default: 10. Max: 120. If Max is exceeded, default is set.
  4. databytes: maximum size of a message. Default: 0 (unlimited).
  5. queuelifetime: the message queue lifetime in seconds (1 week by default).
  6. bouncefrom: the email user messages are bounced from;
  7. maxrecepients: maximum number of recipients in the "TO:", "CC:", and "BCC" fields. Default: 0 (unlimited).
  8. timeoutsmtpd: TCP connection timeout in seconds. Default: 1200.
    9. The following parameters were added by psoft to dynamically enable or disable options that are otherwise defined in the Spamcontrol patch before compilation:
  9. newline: accept or reject mail from mail user agents (MUA) that send commands without CR (carriage return);
  10. stripsinglequotes: enable or disable stripping single quotes (referred to in the spamcontrol manual as the feature that may cause unpredictable results);
  11. lowercase: enable or disable conversion of mail address to lowercase; it may be useful in filtering patterns, for case-sensitive rules.

 

SMTP Antispam Configuration

Antispam configuration in H-Sphere combines original SMTP parameters and parameters introduced in the antispam addons:

  1. badmailfrom: list of sender addresses whose emails will be rejected. A line in badmailfrom may be of the form @host, meaning every address at host.
  2. badmailpatterns: the same as standard badfromaddress but with patterns. Example: 
                  *@earthlink.net
              !fred@earthlink.net
              [0-9][0-9][0-9][0-9][0-9]@[0-9][0-9][0-9].com
              answerme@save*
              *%*;
  3. badmailfrom-unknown: if the domain part of sender's address matches a host in this list, qmail checks if sender's IP has a PTR record. Example
  4. badrcptto: list of recepient addresses for which all mail is blocked. A line in badrecipient may be of the form @host, meaning every address at host.
  5. badrcptpatterns: the same as badrcptto but with patterns. It allows qmail-smtpd to reject SPAM E-Mail including the signature 
                  *\[dd.dd.dd.dd\]*
    in the badrcptpatterns file, where dd.dd.dd is the IP address in brackets.
  6. blackholedsender: the same as badmailpatterns but quits the session immediately even if quitasap is disabled;
  7. relayclients: list of IP addresses of clients allowed to relay mail through this host. Addresses in relayclients may be wildcarded: 
                  192.168.0.1:
              192.168.1.:
  8. relaydomains: list of host and domain names allowed to relay mail through this host. This is an additional mail relay check by the domain name, in case if relay via the tcp.cdb static relay database is forbidden. more.
    Addresses in relaydomains may be wildcarded: 
                  heaven.af.mil:
              .heaven.af.mil:
  9. relaymailfrom: list of senders ("Mail From:") allowed to relay independently even if open relay is closed. Entries in relaymailfrom can be E-Mail addresses, or just the domain (with the @ sign). Unlike relaydomains native addresses should be entered. Examples: 
                   joeblow@domain1.com
               @domain2.com
    We strongly recommend not to add this parameter for antispam security reasons.
  10. quitasap: enables (1) or disables (0) quitting SMTP session immediately if one of the above rules works. Default: 0 which means no quitting;
  11. tarpitcount: the number of recepients after which qmail switches on delay before sending the message to the next portion of recipients. Default: 0 which means no tarpitting;
  12. tarpitdelay: tarpitdelay is the time in seconds of delay to be introduced after each subsequent RCPT TO:. Default: 5.
  13. mfdnscheck: enables DNS check of domain name in sender's address;
  14. nomfdnscheck: list of domain names that aren't checked for existence;
  15. smtpauth: enables SMTP AUTH extension. Default: 0 which means Qmail doesn't understand the AUTH LOGIN/PLAIN command.
  16. smdcheck: allows only local domains in the MAIL FROM address if mail is sent remotely;
  17. authsender: demands that domain name in the user address during SMTP authentication should coincide with the domain name in the MAIL FROM address field;
  18. pop3andsmtpauth: allows simultaneous POP-BEFORE-SMTP and SMTP AUTH authentication and uses the one that was established first. Default: 0 which means only SMTP AUTH. To allow POP-BEFORE-SMTP, set this parameter to 1.
  19. rblcheck: enables or disables check of sender's IPs against Remote Black List database(s).
  20. rblhosts: Remote Black List database hosts. Example: 
                   dnsbl.njabl.org
               spamguard.leadmon.net

Related Docs:  

Qmail Compilation Mail Relays



Home   Products   Services   Partners   Support   News   Contact   Forum
© Copyright 1998-2003. Positive Software Corporation.
All rights reserved.