3,250
edits
Changes
Jump to navigation
Jump to search
Line 1:
Line 1: + + Line 254:
Line 256: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Line 502:
Line 564: − + Line 521:
Line 583: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Line 553:
Line 923: − + Line 559:
Line 929: − + + + Line 577:
Line 949: − + + Line 587:
Line 960: − + Line 593:
Line 966: − + Line 612:
Line 985: − + Line 628:
Line 1,001: − + Line 634:
Line 1,007: − +
→Upgrade Considerations
{{WIP box|this is a work in progress for the new SME 11 qpsmtpd configuration}}
{{WIP box|this is a work in progress for the new SME 11 qpsmtpd configuration}}
TODO: update [[Email#qpsmtpd]] for SME11
=qpsmtpd=
=qpsmtpd=
|x
|x
|x
|x
|
|-
|
|
|
|
|
|-
|KarmaNegative
|(2)
|
|
|
|-
|KarmaStrikes
|(3)
|
|
|
|-
|HeloPolicy
|<nowiki>(lenient)[lenient | rfc | strict]</nowiki>
|
|
|
|-
|MaximumDateOffset
|(0)
|
|
|
|-
|MaxLoad
|(7)
|
|
|
|-
|SPFRejectPolicy
|(0)[0-4]
|
|
|
|-
|DMARCReject
|<nowiki>(disabled)[enabled|disabled]</nowiki>
|
|
|
|-
|DMARCReporting
|<nowiki>(enabled)[enabled|disabled]</nowiki>
|
|
|
|-
|disclaimer
|<nowiki>(disabled)[enabled|disabled]</nowiki>
|
|
|
|
|}
|}
$uqpsmtpd{TlsBeforeAuth}
$uqpsmtpd{TlsBeforeAuth}
|sqpsmtpd default to uqpsmtpd
|sqpsmtpd default to uqpsmtpd
global default is $modSSL{CipherSuite} || 'ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:HIGH@STRENGTH:!SSLv2:!ADH:!aNULL:!MD5:!RC4'
global default is $modSSL{CipherSuite}
|-
|-
|tls_protocols
|tls_protocols
|
|
|$qpsmtpd{UBLList}
|$qpsmtpd{UBLList}
|
|}
==Peer plugin configuration==
SME Server uses a plugin call peers, that set the plugins used depending on the client IP, i.e. 2 configurations are presents one for LAN and another for WAN.
{| class="wikitable"
|+
X for not present/overriden
!plugin
!config
!qp local
!qp 0
!sqp /uqp
local
!sqp/uqp
0
!TODO
|-
|00setup
|set bounce_unknown_user
|
|
|
|
|
|-
|02logterse
|logging/logterse
|
|
|
|
|
|-
|04tls
|tls ssl/cert.pem ssl/cert.pem ssl/cert.pem ssl/dhparam.pem
|
|
|
|
|
|-
|05auth_cvm_unix_local
|
|
|
|
|
|To remove
|-
|06auth_imap
|auth/auth_imap 127.0.0.1 143
|
|
|
|
|
|-
|09karma
|karma negative $negative strikes $strikes reject naughty db_dir /var/lib/qpsmtpd/karma
|X
|
|X
|
|enabled by default ?
|-
|10earlytalker
|earlytalker
|X
|
|X
|
|<nowiki>add wait and check-at [ CONNECT | DATA ] options</nowiki>
|-
|11bogus_bounce
|bogus_bounce
|
|
|
|
|
|-
|12count_unrecognized_commands
|count_unrecognized_commands 4
|X
|
|X
|
|
|-
|13bcc
|bcc mode $qpsmtpd{BccMode} all $user
|
|
|
|
|add possibility to set direction (all/incoming/outgoing)
|-
|14relay
|relay
|
|
|
|
|should we remove from 465 and 581 or set RELAY ONLY ?
|-
|15helo
|<nowiki>helo policy { $qpsmtpd{HeloPolicy} || 'lenient' } reject naughty</nowiki>
|X
|
|X
|
|
|-
|16resolvable_fromhost
|resolvable_fromhost
|X
|
|X
|
|
|-
|17headers
|headers future $days past $days" if ($days)
|
|
|
|
|
|-
|19loadcheck
|<nowiki>loadcheck max_load { $qpsmtpd{MaxLoad} || '7' }</nowiki>
|X
|
|X
|
|
|-
|20rhsbl
|rhsbl
|X
|
|X
|
|
|-
|221spf
|<nowiki>sender_permitted_from reject 1 no_dmarc_policy { $qpsmtpd{SPFRejectPolicy} || '0' }</nowiki>
|X
|
|X
|
|change default to 1
|-
|222dkim
|dkim reject 0
|
|
|
|
|
|-
|223dmarc
|<nowiki>marc reject { (( $qpsmtpd{DMARCReject} || 'disabled' ) =~ m/^1|on|enabled|yes$/) ? '1' : '0' } reporting { (( $qpsmtpd{DMARCReporting} || 'enabled' ) =~ m/^1|on|enabled|yes$/) ? '1' : '0' }</nowiki>
|X
|
|X
|
|
|-
|22dnsbl
|dnsbl reject naughty
|X
|
|X
|
|
|-
|23naughty
|naughty reject mail
|X
|
|X
|
|
|-
|24uribl
|uribl action deny
|
|
|
|
|
|-
|30badmailfrom
|badmailfrom
|
|
|
|
|
|-
|34badrcptto
|badrcptto
|
|X
|
|X
|
|-
|34badrcptto_ext
|badrcptto more_badrcptto badrcptto_ext
|X
|
|X
|
|
|-
|37check_smtp_forward
|check_smtp_forward
|
|
|
|
|needed for submission ?
|-
|38check_goodrcptto
|check_goodrcptto extn -
|
|
|
|
|
|-
|39rcpt_ok
|rcpt_ok
|
|
|
|
|
|-
|62pattern_filter
|virus/pattern_filter check=patterns action=deny
|
|
|
|
|
|-
|62tnef2mime
|tnef2mime
|
|
|
|
|
|-
|65disclaimer
|disclaimer
|
|X
|
|X
|missing disclaimer_file definition?
|-
|70spamassassin
|spamassassin reject $spamassassin{RejectLevel} munge_subject_threshold $spamassassin{TagLevel} size_limit $spamassassin{MaxMessageSize}
|X
|
|X
|
|
|-
|71forcespamcheck
|forcespamcheck reject $spamassassin{RejectLevel} munge_subject_threshold $spamassassin{TagLevel} size_limit $spamassassin{MaxMessageSize}
|
|X
|
|X
|
|-
|80clamav
|virus/clamdscan scan_all yes clamd_socket /run/clamd/clamd.socket defer_on_error yes max_size $max_size
|
|
|
|
|
|-
|90queue-qmail-queue
|queue/qmail-queue
|
|
|
|
|also content commented to remove ?
|-
|90queue-smtp-forward
|# commented out
|
|
|
|
|
|
|}
|}
==Upgrade Considerations==
==Upgrade Considerations==
we used check_badcountries for a while, but could we switch back to ident/geoip ?
whitelist plugin : adding the ip-range whitelist; add login of ip
===A-Record DNSBL Services===
===A-Record DNSBL Services===
:Some DNSBL services - notably b.barracudacentral.org - provide their results using a DNS "A" record instead of a DNS TXT record. The dnsbl plugin requires these services to include a colon (":") in dnsbl_zones - however, SME used to use a colon the server separator in the configuration database. In order to support these A-Record DNSBL services, the separator for RBLList, SBLList, and the new UBLList is now a comma.
:Some DNSBL services - notably b.barracudacentral.org - provide their results using a DNS "A" record instead of a DNS TXT record. The dnsbl plugin requires these services to include a colon (":") in dnsbl_zones - however, SME used to use a colon the server separator in the configuration database. In order to support these A-Record DNSBL services, the separator for RBLList, SBLList, and the new UBLList is now a comma.
<div style="column-count:2;-moz-column-count:2;-webkit-column-count:2; border:1px solid grey;">
<div style="column-count:2;-moz-column-count:2;-webkit-column-count:2; border:1px solid grey;">
<tt><nowiki>+ New in SME 9.2</nowiki><br>
<tt>+ New in SME 11<br>
<nowiki>* Improved or changed in SME 9.2</nowiki><br>
<nowiki>* Improved or changed in SME 9.2</nowiki><br>
<nowiki>U Unused (by default) in SME Server</nowiki><br>
<nowiki>U Unused (by default) in SME Server</nowiki><br>
<nowiki>CW Contrib or Wiki page exists that uses this plugin</nowiki><br>
<nowiki>CW Contrib or Wiki page exists that uses this plugin</nowiki><br>
<nowiki>SM Can be configured using server-manager</nowiki><br>
<nowiki>SM Can be configured using server-manager</nowiki><br>
<nowiki>DB Can be configured using db variables</nowiki><br>
<nowiki>DB Can be configured using db variables</nowiki></tt>
<tt>X Provided by a contrib, not in qpsmtpd git<br>
<nowiki>AC Auto-configured by SME Server</nowiki></tt>
<nowiki>AC Auto-configured by SME Server</nowiki></tt>
</div><br>
</div><br>
*[[Qpsmtpd:badrcptto|badrcptto]] (AC)
*[[Qpsmtpd:badrcptto|badrcptto]] (AC)
*[[Qpsmtpd:bcc|bcc]] (U DB)
*[[Qpsmtpd:bcc|bcc]] (U DB)
*[[Qpsmtpd:bogus_bounce|bogus_bounce]] (+ DB)
*[[Qpsmtpd:bogus_bounce|bogus_bounce]] (DB)
*check_badcountries (X [[GeoIP|CW]])
*[[Qpsmtpd:check_goodrcptto|check_goodrcptto]] (AC)
*[[Qpsmtpd:check_goodrcptto|check_goodrcptto]] (AC)
*[[Qpsmtpd:check_smtp_forward|check_smtp_forward]] (AC)
*[[Qpsmtpd:check_smtp_forward|check_smtp_forward]] (AC)
*[[Qpsmtpd:dkim|dkim]] (+ DB E)
*[[Qpsmtpd:dkim|dkim]] (+ DB E)
*[[Qpsmtpd:dkim_sign|dkim_sign]] (+ DB E)
*[[Qpsmtpd:dkim_sign|dkim_sign]] (+ DB E)
*[[Qpsmtpd:dmarc|dmarc]] (+ DB E)
*[[Qpsmtpd:dmarc|dmarc]] (DB E)
*[[Email#Real-time_Blackhole_List_.28RBL.29|dnsbl]] (* DB CW)
*[[Email#Real-time_Blackhole_List_.28RBL.29|dnsbl]] (* DB CW)
*[[Qpsmtpd:dns_whitelist_soft|dns_whitelist_soft]] (U)
*[[Qpsmtpd:dns_whitelist_soft|dns_whitelist_soft]] (U)
*[[Qpsmtpd:dont_require_anglebrackets|dont_require_anglebrackets]] (U)
*[[Qpsmtpd:dont_require_anglebrackets|dont_require_anglebrackets]] (U)
*[[Qpsmtpd:dspam|dspam]] (U)
*[[Qpsmtpd:dspam|dspam]] (U)
*[[Qpsmtpd_check_earlytalker|earlytalker]] (AC CW)
*[[Qpsmtpd_check_earlytalker|earlytalker]] (AC [[Qpsmtpd check earlytalker|CW]])
*[[Qpsmtpd:exe_filter|exe_filter]] (U AC)
*[[Qpsmtpd:exe_filter|exe_filter]] (U AC)
*[[Qpsmtpd:fcrdns|fcrdns]] (U)
*[[Qpsmtpd:fcrdns|fcrdns]] (U)
*[[Qpsmtpd:loop|loop]] (U)
*[[Qpsmtpd:loop|loop]] (U)
*[[Qpsmtpd:milter|milter]] (U)
*[[Qpsmtpd:milter|milter]] (U)
*[[Qpsmtpd:naughty|naughty]] (+)
*[[Qpsmtpd:naughty|naughty]] ()
*[[Qpsmtpd:noop_counter|noop_counter]] (U)
*[[Qpsmtpd:noop_counter|noop_counter]] (U)
*[[Qpsmtpd:parse_addr_withhelo|parse_addr_withhelo]] (U)
*[[Qpsmtpd:parse_addr_withhelo|parse_addr_withhelo]] (U)
*[[Qpsmtpd:resolvable_fromhost|resolvable_fromhost]] (AC)
*[[Qpsmtpd:resolvable_fromhost|resolvable_fromhost]] (AC)
*[[Email#Real-time_Blackhole_List_.28RBL.29|rhsbl]] (* DB CW)
*[[Email#Real-time_Blackhole_List_.28RBL.29|rhsbl]] (* DB CW)
*[[Qpsmtpd:sender_permitted_from|sender_permitted_from]] (+?)
*[[Qpsmtpd:sender_permitted_from|sender_permitted_from]] (?)
*[[Email#Spamassassin|spamassassin]] (DB SM AC CW)
*[[Email#Spamassassin|spamassassin]] (DB SM AC CW)
*[[Qpsmtpd:stunnel|stunnel]] (U)
*[[Qpsmtpd:stunnel|stunnel]] (U)
*[[Qpsmtpd:tls_cert|tls_cert]]
*[[Qpsmtpd:tls_cert|tls_cert]]
*[[Qpsmtpd:tnef2mime|tnef2mime]] (AC)
*[[Qpsmtpd:tnef2mime|tnef2mime]] (AC)
*[[Qpsmtpd:uribl|uribl]] (+ DB)
*[[Qpsmtpd:uribl|uribl]] (DB)
*[[Qpsmtpd:user_config|user_config]] (U)
*[[Qpsmtpd:user_config|user_config]] (U)
*[[Virus:Email_Attachment_Blocking|virus]] (DB SM CW)
*[[Virus:Email_Attachment_Blocking|virus]] (DB SM CW)