Qmail control files and Enviroment Variables
From Ye Ole Stash
Control Files
| Control File Name | Patch Link | Combined Patches Used in | Related scripts | Related RFCs | Default |
|---|---|---|---|---|---|
| badmailfrom | Default Qmail | ||||
| bindroutes | From Qmail.org | qmail-1.03-jms1 | |||
| maxrcpt | qmail-1.03-maxrcpt.patch | qmail-1.03-jms1 | RFC2821 section-4.5.3.1 | ||
| mfcheck | qmail-1.03-mfcheck.3.patch | qmail-1.03-jms1 | 0 (Disabled) | ||
| spfbehavior | qmail-spf.patch | qmail-1.03-jms1 | |||
| spfrules | qmail-spf.patch | qmail-1.03-jms1 | |||
| spfguess | qmail-spf.patch | qmail-1.03-jms1 | |||
| spfexp | qmail-spf.patch | qmail-1.03-jms1 | |||
| bouncemaxbytes | qmail-bounce.patch | qmail-1.03-jms1 | 0 - No limit | ||
| smtproutes | qmail-1.03-jms1 | ||||
| databytes | qmail-smtpd.c.size.diff | qmail-1.03-jms1 | RFC_1870 | 0 - No Limit | |
| taps | qmail-1.03-jms1 | ||||
| senderip | newbind.patch | qmail-1.03-jms1 |
- concurrencyincoming
- concurrencyremote
- dh1024.pem
- dh512.pem
- locals
- Makefile
- me
- queuelifetime
- rcpthosts
- relay
- relay.cdb
- rsa512.pem
- simcontrol
- simcontrol.cdb
- simversions.cdb
- smtpgreeting
- timeoutremote
- timeoutsmtpd
- tlsserverciphers
Environment Variables
- RCPTCHECK
- If a RCPTCHECK environment variable exists, its value should be the full pathname of an external program which qmail-smtpd will run after receiving a RCPT command
- LOGREGEX
- if qmail-smtpd rejects a command because it matched a regular expression found in the badhelo, badmailfrom, badmailfromnorelay, badrcptto, or badrcpttonorelay control files, the error message it adds to the log will now include the regular expression which was matched. It took some doing, but I managed to get these changes added to the combined patch.
- AUTH
- ALLOW_INSECURE_AUTH
- Enable : set to a value greater than 0
- Allow AUTH without requiring there to be a secure (SSL or TLS) connection first (BAD IDEA).
- REQUIRE_AUTH
- Enable : set to a value greater than 0
- Used with SMTPS and other User level SMTP servers. DO NOT USE with email servers getting email from the internet as they will not AUTH and you will not get your email :)
- Author John Simpson
- MFCHECK
- DENY_TLS
- FORCE_TLS
- Enable : set to a value greater than 0
- For those who want a non-SSL server but don't want it to be able to accept mail without STARTTLS happening first.
- Author John Simpson
- VALIDRCPTTO_LIMIT
- Patch needed : John Simpsons validrcptto.cdb.shtml or qmail-1.03-jms1
- Value : ANY
- Default : 10
- Can be changed or disabled by creating an environment variable called VALIDRCPTTO_LIMIT with a numeric value. Setting it to zero will disable the checks, allowing unlimited attempts (otherwise known as "harvesting", a trick used by spammers to build a list of which email addresses do and don't work within your domain).
- AUTH_SET_$VAR - These override the control file and/or the original environment variable whenever a client authenticates. This means, for example, that if the initial environment contains the environment variables DATABYTES=5242800 and AUTH_SET_DATABYTES=0, that most clients will have a 5MB limit on their messages, but clients who send a successful AUTH command will have no limit.
- AUTH_SET_DATABYTES
- AUTH_SET_VALIDRCPTTO_LIMIT - Set a value whose value would override the original environment variable whenever a client authenticates.
- AUTH_SET_MFCHECK
- AUTH_SET_SPFBEHAVIOR
- AUTH_SET_VALIDRCPTTO_LOG
- AUTH_SET_SPF_LOG
- AUTH_SET_RELAYREJ
- AUTH_SET_QMAILSMTPD_LOG_MAI
- AUTH_SET_QMAILSMTPD_LOG_RCPT
- AUTH_SET_QMAILSMTPD_HELP_VERSION
- VALIDRCPTTO_LOG (also AUTH_SET_VALIDRCPTTO_LOG)
- Values : 1(on) 2(extended information)
- ALLOW_CRAM
- Values : 1(on) 0(off Default)
- SPF_LOG
- Values : 1(on) 0(off Default)
- SPF_BLOCK_PLUS_ALL
- AUTH_CDB
- This can contain the filename of a cdb file. The keys should be email addresses, converted to lowercase. The values should be ENCRYPTED passwords. The encryption can be any type which is supported by your system's crypt() function (i.e. anything which vpopmail supports- which is generally the old unix crypt or the newer MD5 hashes.)
- RELAYREJ - Setting this violates RFC 2821 section 4.1.2
- Values : 1(on) 0(off Default)
- SMTPGREETING
- Same as controls/ file but allows for different greetings for different SMTP servers.
- GREETDELAY
- This sets the number of seconds of delay before showing banner.
- DROP_PRE_GREET
- value - Non-Zero enables
- TLS_SERVER_CERT
- Name of PEM file.
- MAXRCPT
- Must be at least 100 to enforce RFC 2821 section 4.5.3.1
- Values 0 (no limit) 100=<
- QMAILSMTPD_LOG_MAIL - may be set to a non-zero value to enable logging.
- QMAILSMTPD_LOG_RCPT - may be set to a non-zero value to enable logging.
- QMAILSMTPD_HELP_VERSION - Shows version of Simpsons combined Patch.
Odd Qmail Behavor and Fixes
- Multi-MX Fix
- The patch below fixes where qmail only uses the first MX it successfully connects too. The next MX is tried on either 4xx or 5xx errors.
- Fixed with This Patch
