Line 1: |
Line 1: |
| {{WIP box|this is a work in progress for the new SME 11 qpsmtpd configuration}} | | {{WIP box|this is a work in progress for the new SME 11 qpsmtpd configuration}} |
| + | |
| + | TODO: update [[Email#qpsmtpd]] for SME11 |
| | | |
| =qpsmtpd= | | =qpsmtpd= |
Line 262: |
Line 264: |
| | | | | |
| |- | | |- |
| + | |KarmaNegative |
| + | |(2) |
| + | | |
| + | | |
| + | | |
| + | |- |
| + | |KarmaStrikes |
| + | |(3) |
| + | | |
| + | | |
| + | | |
| + | |- |
| + | |HeloPolicy |
| + | |<nowiki>(lenient)[lenient | rfc | strict]</nowiki> |
| + | | |
| + | | |
| + | | |
| + | |- |
| + | |MaximumDateOffset |
| + | |(0) |
| + | | |
| + | | |
| + | | |
| + | |- |
| + | |MaxLoad |
| + | |(7) |
| + | | |
| + | | |
| + | | |
| + | |- |
| + | |SPFRejectPolicy |
| + | |(0)[0-4] |
| + | | |
| + | | |
| + | | |
| + | |- |
| + | |DMARCReject |
| + | |<nowiki>(disabled)[enabled|disabled]</nowiki> |
| + | | |
| + | | |
| + | | |
| + | |- |
| + | |DMARCReporting |
| + | |<nowiki>(enabled)[enabled|disabled]</nowiki> |
| + | | |
| | | | | |
| | | | | |
| + | |- |
| + | |disclaimer |
| + | |<nowiki>(disabled)[enabled|disabled]</nowiki> |
| | | | | |
| | | | | |
Line 537: |
Line 587: |
| | | |
| ==Peer plugin configuration== | | ==Peer plugin configuration== |
| + | SME Server uses a plugin call peers, that set the plugins used depending on the client IP, i.e. 2 configurations are presents one for LAN and another for WAN. |
| {| class="wikitable" | | {| class="wikitable" |
| |+ | | |+ |
| + | X for not present/overriden |
| !plugin | | !plugin |
| !config | | !config |
| !qp local | | !qp local |
| !qp 0 | | !qp 0 |
− | !sqp local | + | !sqp /uqp |
− | !sqp 0 | + | local |
| + | !sqp/uqp |
| + | 0 |
| !TODO | | !TODO |
| |- | | |- |
| |00setup | | |00setup |
− | | | + | |set bounce_unknown_user |
| | | | | |
| | | | | |
Line 556: |
Line 610: |
| |- | | |- |
| |02logterse | | |02logterse |
− | | | + | |logging/logterse |
| | | | | |
| | | | | |
Line 564: |
Line 618: |
| |- | | |- |
| |04tls | | |04tls |
− | | | + | |tls ssl/cert.pem ssl/cert.pem ssl/cert.pem ssl/dhparam.pem |
| | | | | |
| | | | | |
Line 577: |
Line 631: |
| | | | | |
| | | | | |
− | | | + | |To remove |
| |- | | |- |
| |06auth_imap | | |06auth_imap |
− | | | + | |auth/auth_imap 127.0.0.1 143 |
| | | | | |
| | | | | |
Line 588: |
Line 642: |
| |- | | |- |
| |09karma | | |09karma |
| + | |karma negative $negative strikes $strikes reject naughty db_dir /var/lib/qpsmtpd/karma |
| + | |X |
| | | | | |
| + | |X |
| | | | | |
− | | | + | |enabled by default ? |
− | |
| |
− | |
| |
− | |
| |
| |- | | |- |
| |10earlytalker | | |10earlytalker |
| + | |earlytalker |
| + | |X |
| | | | | |
| + | |X |
| | | | | |
− | | | + | |<nowiki>add wait and check-at [ CONNECT | DATA ] options</nowiki> |
− | |
| |
− | |
| |
− | | | |
| |- | | |- |
| |11bogus_bounce | | |11bogus_bounce |
− | | | + | |bogus_bounce |
| | | | | |
| | | | | |
Line 612: |
Line 666: |
| |- | | |- |
| |12count_unrecognized_commands | | |12count_unrecognized_commands |
| + | |count_unrecognized_commands 4 |
| + | |X |
| | | | | |
− | | | + | |X |
− | |
| |
− | |
| |
| | | | | |
| | | | | |
| |- | | |- |
| |13bcc | | |13bcc |
| + | |bcc mode $qpsmtpd{BccMode} all $user |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
− | | | + | |add possibility to set direction (all/incoming/outgoing) |
− | |
| |
| |- | | |- |
| |14relay | | |14relay |
| + | |relay |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
− | | | + | |should we remove from 465 and 581 or set RELAY ONLY ? |
− | |
| |
| |- | | |- |
| |15helo | | |15helo |
| + | |<nowiki>helo policy { $qpsmtpd{HeloPolicy} || 'lenient' } reject naughty</nowiki> |
| + | |X |
| | | | | |
− | | | + | |X |
− | |
| |
− | |
| |
| | | | | |
| | | | | |
| |- | | |- |
| |16resolvable_fromhost | | |16resolvable_fromhost |
| + | |resolvable_fromhost |
| + | |X |
| | | | | |
− | | | + | |X |
− | |
| |
− | |
| |
| | | | | |
| | | | | |
| |- | | |- |
| |17headers | | |17headers |
− | | | + | |headers future $days past $days" if ($days) |
| | | | | |
| | | | | |
Line 660: |
Line 714: |
| |- | | |- |
| |19loadcheck | | |19loadcheck |
| + | |<nowiki>loadcheck max_load { $qpsmtpd{MaxLoad} || '7' }</nowiki> |
| + | |X |
| | | | | |
− | | | + | |X |
− | |
| |
− | |
| |
| | | | | |
| | | | | |
| |- | | |- |
| |20rhsbl | | |20rhsbl |
| + | |rhsbl |
| + | |X |
| | | | | |
− | | | + | |X |
− | |
| |
− | |
| |
| | | | | |
| | | | | |
| |- | | |- |
| |221spf | | |221spf |
| + | |<nowiki>sender_permitted_from reject 1 no_dmarc_policy { $qpsmtpd{SPFRejectPolicy} || '0' }</nowiki> |
| + | |X |
| | | | | |
| + | |X |
| | | | | |
− | | | + | |change default to 1 |
− | |
| |
− | |
| |
− | |
| |
| |- | | |- |
| |222dkim | | |222dkim |
− | | | + | |dkim reject 0 |
| | | | | |
| | | | | |
Line 692: |
Line 746: |
| |- | | |- |
| |223dmarc | | |223dmarc |
| + | |<nowiki>marc reject { (( $qpsmtpd{DMARCReject} || 'disabled' ) =~ m/^1|on|enabled|yes$/) ? '1' : '0' } reporting { (( $qpsmtpd{DMARCReporting} || 'enabled' ) =~ m/^1|on|enabled|yes$/) ? '1' : '0' }</nowiki> |
| + | |X |
| | | | | |
− | | | + | |X |
− | |
| |
− | |
| |
| | | | | |
| | | | | |
| |- | | |- |
| |22dnsbl | | |22dnsbl |
| + | |dnsbl reject naughty |
| + | |X |
| | | | | |
− | | | + | |X |
− | |
| |
− | |
| |
| | | | | |
| | | | | |
| |- | | |- |
| |23naughty | | |23naughty |
| + | |naughty reject mail |
| + | |X |
| | | | | |
− | | | + | |X |
− | |
| |
− | |
| |
| | | | | |
| | | | | |
| |- | | |- |
| |24uribl | | |24uribl |
− | | | + | |uribl action deny |
| | | | | |
| | | | | |
Line 724: |
Line 778: |
| |- | | |- |
| |30badmailfrom | | |30badmailfrom |
− | | | + | |badmailfrom |
| | | | | |
| | | | | |
Line 732: |
Line 786: |
| |- | | |- |
| |34badrcptto | | |34badrcptto |
| + | |badrcptto |
| | | | | |
| + | |X |
| | | | | |
− | | | + | |X |
− | |
| |
− | |
| |
| | | | | |
| |- | | |- |
| |34badrcptto_ext | | |34badrcptto_ext |
| + | |badrcptto more_badrcptto badrcptto_ext |
| + | |X |
| | | | | |
− | | | + | |X |
− | |
| |
− | |
| |
| | | | | |
| | | | | |
| |- | | |- |
| |37check_smtp_forward | | |37check_smtp_forward |
| + | |check_smtp_forward |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
− | | | + | |needed for submission ? |
− | |
| |
| |- | | |- |
| |38check_goodrcptto | | |38check_goodrcptto |
− | | | + | |check_goodrcptto extn - |
| | | | | |
| | | | | |
Line 764: |
Line 818: |
| |- | | |- |
| |39rcpt_ok | | |39rcpt_ok |
− | | | + | |rcpt_ok |
| | | | | |
| | | | | |
Line 772: |
Line 826: |
| |- | | |- |
| |62pattern_filter | | |62pattern_filter |
− | | | + | |virus/pattern_filter check=patterns action=deny |
| | | | | |
| | | | | |
Line 780: |
Line 834: |
| |- | | |- |
| |62tnef2mime | | |62tnef2mime |
− | | | + | |tnef2mime |
| | | | | |
| | | | | |
Line 788: |
Line 842: |
| |- | | |- |
| |65disclaimer | | |65disclaimer |
| + | |disclaimer |
| | | | | |
| + | |X |
| | | | | |
− | | | + | |X |
− | | | + | |missing disclaimer_file definition? |
− | |
| |
− | |
| |
| |- | | |- |
| |70spamassassin | | |70spamassassin |
| + | |spamassassin reject $spamassassin{RejectLevel} munge_subject_threshold $spamassassin{TagLevel} size_limit $spamassassin{MaxMessageSize} |
| + | |X |
| | | | | |
| + | |X |
| | | | | |
| | | | | |
| + | |- |
| + | |71forcespamcheck |
| + | |forcespamcheck reject $spamassassin{RejectLevel} munge_subject_threshold $spamassassin{TagLevel} size_limit $spamassassin{MaxMessageSize} |
| | | | | |
| + | |X |
| | | | | |
| + | |X |
| | | | | |
| |- | | |- |
| |80clamav | | |80clamav |
− | | | + | |virus/clamdscan scan_all yes clamd_socket /run/clamd/clamd.socket defer_on_error yes max_size $max_size |
| | | | | |
| | | | | |
Line 812: |
Line 874: |
| |- | | |- |
| |90queue-qmail-queue | | |90queue-qmail-queue |
| + | |queue/qmail-queue |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
− | | | + | |also content commented to remove ? |
− | |
| |
| |- | | |- |
| |90queue-smtp-forward | | |90queue-smtp-forward |
− | | | + | |# commented out |
| | | | | |
| | | | | |
Line 829: |
Line 891: |
| | | |
| ==Upgrade Considerations== | | ==Upgrade Considerations== |
| + | we used check_badcountries for a while, but could we switch back to ident/geoip ? |
| + | |
| + | whitelist plugin : adding the ip-range whitelist; add login of ip |
| + | |
| ===A-Record DNSBL Services=== | | ===A-Record DNSBL Services=== |
| :Some DNSBL services - notably b.barracudacentral.org - provide their results using a DNS "A" record instead of a DNS TXT record. The dnsbl plugin requires these services to include a colon (":") in dnsbl_zones - however, SME used to use a colon the server separator in the configuration database. In order to support these A-Record DNSBL services, the separator for RBLList, SBLList, and the new UBLList is now a comma. | | :Some DNSBL services - notably b.barracudacentral.org - provide their results using a DNS "A" record instead of a DNS TXT record. The dnsbl plugin requires these services to include a colon (":") in dnsbl_zones - however, SME used to use a colon the server separator in the configuration database. In order to support these A-Record DNSBL services, the separator for RBLList, SBLList, and the new UBLList is now a comma. |
Line 857: |
Line 923: |
| | | |
| <div style="column-count:2;-moz-column-count:2;-webkit-column-count:2; border:1px solid grey;"> | | <div style="column-count:2;-moz-column-count:2;-webkit-column-count:2; border:1px solid grey;"> |
− | <tt><nowiki>+ New in SME 9.2</nowiki><br> | + | <tt>+ New in SME 11<br> |
| <nowiki>* Improved or changed in SME 9.2</nowiki><br> | | <nowiki>* Improved or changed in SME 9.2</nowiki><br> |
| <nowiki>U Unused (by default) in SME Server</nowiki><br> | | <nowiki>U Unused (by default) in SME Server</nowiki><br> |
Line 863: |
Line 929: |
| <nowiki>CW Contrib or Wiki page exists that uses this plugin</nowiki><br> | | <nowiki>CW Contrib or Wiki page exists that uses this plugin</nowiki><br> |
| <nowiki>SM Can be configured using server-manager</nowiki><br> | | <nowiki>SM Can be configured using server-manager</nowiki><br> |
− | <nowiki>DB Can be configured using db variables</nowiki><br> | + | <nowiki>DB Can be configured using db variables</nowiki></tt> |
| + | |
| + | <tt>X Provided by a contrib, not in qpsmtpd git<br> |
| <nowiki>AC Auto-configured by SME Server</nowiki></tt> | | <nowiki>AC Auto-configured by SME Server</nowiki></tt> |
| </div><br> | | </div><br> |
Line 881: |
Line 949: |
| *[[Qpsmtpd:badrcptto|badrcptto]] (AC) | | *[[Qpsmtpd:badrcptto|badrcptto]] (AC) |
| *[[Qpsmtpd:bcc|bcc]] (U DB) | | *[[Qpsmtpd:bcc|bcc]] (U DB) |
− | *[[Qpsmtpd:bogus_bounce|bogus_bounce]] (+ DB) | + | *[[Qpsmtpd:bogus_bounce|bogus_bounce]] (DB) |
| + | *check_badcountries (X [[GeoIP|CW]]) |
| *[[Qpsmtpd:check_goodrcptto|check_goodrcptto]] (AC) | | *[[Qpsmtpd:check_goodrcptto|check_goodrcptto]] (AC) |
| *[[Qpsmtpd:check_smtp_forward|check_smtp_forward]] (AC) | | *[[Qpsmtpd:check_smtp_forward|check_smtp_forward]] (AC) |
Line 891: |
Line 960: |
| *[[Qpsmtpd:dkim|dkim]] (+ DB E) | | *[[Qpsmtpd:dkim|dkim]] (+ DB E) |
| *[[Qpsmtpd:dkim_sign|dkim_sign]] (+ DB E) | | *[[Qpsmtpd:dkim_sign|dkim_sign]] (+ DB E) |
− | *[[Qpsmtpd:dmarc|dmarc]] (+ DB E) | + | *[[Qpsmtpd:dmarc|dmarc]] (DB E) |
| *[[Email#Real-time_Blackhole_List_.28RBL.29|dnsbl]] (* DB CW) | | *[[Email#Real-time_Blackhole_List_.28RBL.29|dnsbl]] (* DB CW) |
| *[[Qpsmtpd:dns_whitelist_soft|dns_whitelist_soft]] (U) | | *[[Qpsmtpd:dns_whitelist_soft|dns_whitelist_soft]] (U) |
Line 897: |
Line 966: |
| *[[Qpsmtpd:dont_require_anglebrackets|dont_require_anglebrackets]] (U) | | *[[Qpsmtpd:dont_require_anglebrackets|dont_require_anglebrackets]] (U) |
| *[[Qpsmtpd:dspam|dspam]] (U) | | *[[Qpsmtpd:dspam|dspam]] (U) |
− | *[[Qpsmtpd_check_earlytalker|earlytalker]] (AC CW) | + | *[[Qpsmtpd_check_earlytalker|earlytalker]] (AC [[Qpsmtpd check earlytalker|CW]]) |
| *[[Qpsmtpd:exe_filter|exe_filter]] (U AC) | | *[[Qpsmtpd:exe_filter|exe_filter]] (U AC) |
| *[[Qpsmtpd:fcrdns|fcrdns]] (U) | | *[[Qpsmtpd:fcrdns|fcrdns]] (U) |
Line 916: |
Line 985: |
| *[[Qpsmtpd:loop|loop]] (U) | | *[[Qpsmtpd:loop|loop]] (U) |
| *[[Qpsmtpd:milter|milter]] (U) | | *[[Qpsmtpd:milter|milter]] (U) |
− | *[[Qpsmtpd:naughty|naughty]] (+) | + | *[[Qpsmtpd:naughty|naughty]] () |
| *[[Qpsmtpd:noop_counter|noop_counter]] (U) | | *[[Qpsmtpd:noop_counter|noop_counter]] (U) |
| *[[Qpsmtpd:parse_addr_withhelo|parse_addr_withhelo]] (U) | | *[[Qpsmtpd:parse_addr_withhelo|parse_addr_withhelo]] (U) |
Line 932: |
Line 1,001: |
| *[[Qpsmtpd:resolvable_fromhost|resolvable_fromhost]] (AC) | | *[[Qpsmtpd:resolvable_fromhost|resolvable_fromhost]] (AC) |
| *[[Email#Real-time_Blackhole_List_.28RBL.29|rhsbl]] (* DB CW) | | *[[Email#Real-time_Blackhole_List_.28RBL.29|rhsbl]] (* DB CW) |
− | *[[Qpsmtpd:sender_permitted_from|sender_permitted_from]] (+?) | + | *[[Qpsmtpd:sender_permitted_from|sender_permitted_from]] (?) |
| *[[Email#Spamassassin|spamassassin]] (DB SM AC CW) | | *[[Email#Spamassassin|spamassassin]] (DB SM AC CW) |
| *[[Qpsmtpd:stunnel|stunnel]] (U) | | *[[Qpsmtpd:stunnel|stunnel]] (U) |
Line 938: |
Line 1,007: |
| *[[Qpsmtpd:tls_cert|tls_cert]] | | *[[Qpsmtpd:tls_cert|tls_cert]] |
| *[[Qpsmtpd:tnef2mime|tnef2mime]] (AC) | | *[[Qpsmtpd:tnef2mime|tnef2mime]] (AC) |
− | *[[Qpsmtpd:uribl|uribl]] (+ DB) | + | *[[Qpsmtpd:uribl|uribl]] (DB) |
| *[[Qpsmtpd:user_config|user_config]] (U) | | *[[Qpsmtpd:user_config|user_config]] (U) |
| *[[Virus:Email_Attachment_Blocking|virus]] (DB SM CW) | | *[[Virus:Email_Attachment_Blocking|virus]] (DB SM CW) |