Linux Manpages Online - man.cx manual pages

smtpserver [ −46aBigntVvw ] [ −p port ] [ −l SYSLOG ] [ −l logfile ] [ −s[ftveR] ] [ −s strict ] [ −I pidfile ] [ −L maxloadaver ] [ −M SMTPmaxsize ] [ −P postoffice ] [ −R router ] [ −C cfgfile ] [ −T ’[1.2.3.4]’ ]

DESCRIPTION

This program implements the server side of the SMTP protocol as described in RFC821, and knows about the common extensions to the protocol expected by Sendmail and BSMTP clients.

By default the program will kill the previous smtpserver daemon, if any, then detach and listen for SMTP connections. Incoming messages will be submitted for processing using the zmailer(3) interface to ZMailer. Nontrivial address checking is done asynchronously, although this behaviour can be changed by a command line option if you cannot afford to transfer data just to bounce it back. All checking is done by executing the router(8) program in interactive mode, and executing a well-known shell function with well-known parameters for each request.

OPTIONS

	−4		Explicitely to use IPv4 type of socket even on machines that is capable to do IPv6 type of sockets.
	−6		Explicitely to (try to) use IPv6 type of socket even if the machine does not support it. For a default the server will try to use IPv6, if it has been compiled on an environment where it is present, but will do a fallback to IPv4 in case the runtime system does not have IPv6.
	−a		turn on RFC931/RFC1413 indentification protocol, and log the information acquired with it to the submitted file.
	−w		turn on usage of "whoson" protocol. This option is available even if actual code is not available.
	−g		the gullible option will make the program believe any information it is told (such as origin of a connection) without checking.
	−i		runs the server interactively, which makes it usable for processing a batched SMTP stream (BSMTP) on stdin. With −v option this echoes incoming BSMTP to create more accurate faximille of BITNET BSMTP mailers.

−l SYSLOG

A magic value of "SYSLOG" for the logfile is interpreted by directing all session log stuff thru syslogd; something which may require better syslogd, than your system has by default; see ’’syslog-ng’’ at a well indexed free software sites.

−l logfile

specifies a logfile and enables recording of incoming SMTP conversations. If you want both file based session log, and syslog() based, issue this option after ’’−l SYSLOG’’ one.

	−n		indicates the program is being run from inetd(8).
	−p		specifies the TCP port to listen on instead of the default SMTP port, 25.
	−B		flags the email to arrive via BSMTP channel (via BITNET, for example).

−I pidfile

specifies an alternate PID file location.

−L maxloadaver

tells the maximum load-average the system is under when we still accept email in.

−M SMTPmaxsize

Defines the asolute maximum size we accept from incoming email. (Default: infinite) (This is local policy issue.)

−P postoffice

specifies an alternate POSTOFFICE directory.

−R router

specifies an alternate router (8) program to use for address verification.

−C cfgfile

specifies nonstandard configuration file location; the default is $MAILSHARE/smtpserver.conf.

−s strict

this turns on all kinds of strict smtp protocol adherence checks, which in normal life can be relaxed slightly. Great for compliance testing ;)

−s [ftveRS]

specifies the style of address verification to be performed. There are four independent commands that can invoke some kind of address verification, and four independent flags to control whether this should be done. They are:

The flags are concatenated to form the argument to the −s option. The default is ve.

−T ’[1.2.3.4]’
−T ’[ipv6.hhhh:hhhh:hhhh:hhhh:hhhh:hhhh:1.2.3.4]’

Supply (in interactive mode) test address for policy dataset address testing. The optionset recommended for that case is:

−i −d 1 −T ’[1.2.3.4]’

A notable detail is that to see what really is going on in the policy analysis, one must usei the ’’-d 1’’ option to turn on the debugging early enough to see its initial verdict at the time the ’’220..’’ greeting banner is produced..

Also notable is that brackets in the supplied IP address must be present, otherwise illegal syntax will be reported. (Using RFC 821 address literal parser here.)

	−t		Set when running smtpserver under e.g. inetd, and using service port number 465; a "well-known" deprecated one of SSL/SMTP; (From the era before ’’STARTTLS’’ protocol verb.)
	−V		prints a version message and exits.

CONFIGURATION

If the $MAILSHARE/smtpserver.conf exists it is read to configure two kinds of things:
PARAM −entries

allow server start-time parametrization of several things, including:
− help-texts
− acceptance/rejection database definitions
− various feature parametrizations
On PARAM lines the system allows $-expansions of ZENV variables. (Special note: ’$$’ expands as ’$’, not shell-style process-id number!)

The style (−s) option

behaviour based on glob patterns matching the HELO/EHLO name given by a remote client. Lines beginning with a # or whitespace are ignored in the file, and all other lines must consist of two tokens: a shell-style (glob) pattern starting at the beginning of the line, whitespace, and a sequence of style flags. The first matching line is used. As a special case, the flags section may start with a ! character in which case the remainder of the line is a failure comment message to print at the client. This configuration capability is intended as a way to control misbehaving client software or mailers.

PARAM maxsize

This is synonym to start-time −M option.

PARAM min−availspace 5000

This defines, in kilobytes, the minimum available space in POSTOFFICE directory after the message has been accepted in.

PARAM max−error−recipients

This defines how many recipients can be on a message whose source address is MAIL FROM:<>. That is, is an error message. (Sometimes SPAMs are tried to inject in that form...)

PARAM MaxSameIpSource

This sets the maximum number of active connections from any given single IP address.

When the limit is reached, system tells the remote end: ’’450 Too many simultaneous connections...’’ (and then closes the connection.)

When the limit is exceeded by factor of four, the server just closes the connection without telling anything.

Do note that this works only when the smtpserver is running as its own daemon, not while run from under inetd!

PARAM MaxParallelConnections

This limits how many simultaneous connections the server will accept in total -- e.g. how many childs a master server can have running. Default value: 800.

Exceeding the limit by less than 100 will get a message ’’450 Too many simultaneous connections...’’ printed to the connection. In every case the connection is closed right after the possible message.

Do note that this works only when the smtpserver is running as its own daemon, not while run from under inetd!

PARAM ListenQueueSize

This sets the listen queue size parameter for listen(2) call at the server.

PARAM TcpRcvBufferSize

This sets setsockopt(SO_RCVBUF) value, in case the system default is not suitable.

PARAM TcpXmitBufferSize

This sets setsockopt(SO_SNDBUF) value, in case the system default is not suitable.

PARAM RcptLimitCount 10000

This sets the maximum number of accepted recipients per one message transaction. Default (and minimum!) value is 100, which is mandated by the RFC 821.

PARAM BindPort 25
PARAM BindAddress [0.0.0.0]
PARAM BindAddress [IPv6.0::0]
PARAM BindAddress iface:ifacename

Per default the server mode SMTP-server binds to port 25 and any locally accepted address, but occasionally people seem to want to have separate server instances with different configurations, and for those cases are these parameters.

PARAM DEBUGcmd
PARAM EXPNcmd
PARAM VRFYcmd

This trio (DEBUGcmd, EXPNcmd, VRFYcmd) are enablers of like named SMTP verbs which have some uses in the debug mode.

They are normally disabled, but running them enabled does not allow direct attacks with them. (That we know of.)

PARAM enable−router

This enables interactive router use where user inputs reach the router. As things turn out, while the canned scripts should be safe against any and all inputs, a careless change in the router scripts may endanger this status.

Per default this is disabled to protect your system.

To enable EXPN and VRFY, this must be enabled, but be very carefull when you do this. This is also required for interactive router processing of ’’MAIL FROM’’ and ’’RCPT TO’’ addresses.

PARAM smtp−auth

This enables ’SMTP AUTH’ facility (AUTH verb, plus optional parameter to MAIL verb). With this the users who are able to ’login’ successfully to this host, are then able to relay the email thru the server unlimited.

PARAM AUTH−LOGIN−also−without−TLS

This enables ’SMTP AUTH’ facility usage also without running under SSL/TLS security envelope.

PARAM MSA−mode

Enable Message Submission Agent mode, where smtpserver requires successful user authentication during SMTP sessions initiated from outside of the trusted networks or the networks with relaying enabled (see "fulltrustnet" and "relaycustnet" at the sample proto/db/smtp−policy.src file).

PARAM SMTP−auth−pipe /path/to/program

This is a path to the external authentication program. The authenticator should read a username from command line and a password from standard input. Exit status 0 means successful authentication.

It is relatively easy to make a mistake in external authentication program that follows the specification. Use this option only if you know exactly what you do! BE CAREFULL!

PARAM No8BITMIME
PARAM NoCHUNKING
PARAM NoDSN
PARAM NoEHLO
PARAM NoENCHANCEDSTATUS(CODES)
PARAM NoETRN
PARAM NoPIPELINING

This set are disablers of like named Extended SMTP EHLO responses, plus EHLO verb itself, e.g. using these will turn off given (for example ’’PIPELINING’’) response from the EHLO replies, and then a client possibly capable to feed PIPELINING will not do it -- unless it breaks rules, and does it even when the server does not report facility being available.

If you want to disable any of these, you better have a good reason for it, as in general they work quite fine.

Of these, 8BITMIME can not in reality be disabled, only its adverticement can be turned off.

PARAM no−multiline−replies

Turn off ZMailer’s default multiline replies; many systems (especially from M$ breed) don’t do RFC 821 Appendix E properly...

PARAM policydb

This defines smtp input policy filtering/analysis database location. See the comments at the sample proto/db/smtp−policy.src file.

An error here will be reported with obscureish code; "1" = "DBTYPE parameter unknown/unsupported", "2" = "can’t open the database".

PARAM contentfilter $MAILBIN/smtp-contentfilter

An external program for received message content analysis.

The interface to the program is simple synchronous half-duplex one, smtpserver writes relative filepath of the message into programs stdin, ending it with a newline. The filter programs reply must begin with a signed integer, then whatever text is desired to give to the user.

PARAM tarpit n1 n2

This defines a pre-reply slow-down factor, and next delay multiplier (both are integers). Default values are (0, 0). Delay tops at 250 (seconds). The ’’n1’’ is used as the initial tarpit delay, and ’’n2’’ is multiplier for formula: next = prev + (prev * n2)

PARAM rcvd−ident
PARAM rcvd−whoson
PARAM rcvd−auth−user
PARAM rcvd−tls−mode
PARAM rcvd−tls−peer

This quintet controls what possibly collected data is shown at the published ’’Received:’’ header that this system generates.

PARAM etrn−cluster node−name−or−address mq2−username mq2−passwd

In load-balance clusters a network level load-balancer may distribute the incoming SMTP connections to multiple real machines, and by using this parameter (repeatedly) to list those peers, system can relay user initiated ETRN requests to all cluster nodes.

This method requires that the scheduler runs its mailq service in MAILQv2 mode!

PARAM lmtp−mode

When desiring to test LMTP (RFC 2033), this parameter can be turned on, however ZMailer is no real LMTP server, and this feature is only for debug purposes.

Here is a possible configuration file:

#
# smtpserver.conf - autogenerated edition
#
#PARAM maxsize        10000000 # Same as -M -option
#PARAM min-availspace     5000 # Minimum free in POSTOFFICE after
#                              # message has arrived; in kBs.
#PARAM max-error-recipients  3 # More than this is probably SPAM!
#PARAM max-unknown-commands 10 # More than this is probably broken
#                              # client
#PARAM MaxSameIpSource      10 # Max simultaneous connections
#                              # from any IP source address
#PARAM MaxParallelConnections 800 # Max simultaneous connections
#                              # in total to the server
#PARAM TcpRcvBufferSize  32000 # Should not need to set!
#PARAM TcpXmitBufferSize 32000 # Should not need to set!
#
#PARAM ListenQueueSize      10 # listen(2) parameter
#
#PARAM RcptLimitCount    10000 # Max number of recipients for one
#                              # MAIL FROM session. Minimum: 100
#
#PARAM BindPort          25    # Binding port
#PARAM BindAddress  [0.0.0.0]  # Binding address - for multihomers..
#PARAM BindAddress [IPv6.0::0] # and here is for IPv6 - NO SPACES!
#
# Enables of some commands:
#PARAM  DEBUGcmd
PARAM   EXPNcmd
PARAM   VRFYcmd
PARAM  enable-router
#               # This is a security decission for you.
#               # This is needed for EXPN/VRFY and interactive
#               # processing of MAIL FROM and RCPT TO addresses.
#               # However it also may allow external user entrance
#               # to ZMailer router shell environment with some
#               # suitably pervert input, if quotation rules are
#               # broken in the scripts.
#
#PARAM  smtp-auth
#               # enable if you want to allow SMTP to autenticate
#               # with the default code against system /etc/passwd
#               # (or whatever source  getpwnam() uses for it..)
#
#PARAM  AUTH−LOGIN−also−without−TLS
#               # Enable, if the "AUTH LOGIN" is to be allowed to
#               # be used without running under SSL/TLS security
#               # envelope.
#
#PARAM  MSA-mode
#               # Message Submission Agent mode. Require
#               # successful user authentication during SMTP
#               # sessions initiated from outside of the trusted
#               # networks or the networks with relaying enabled
#               # (see "fulltrustnet" and "relaycustnet" in
#               # smtp−policy.src file).
#
#PARAM  SMTP-auth-pipe /path/to/program
#               # External authentication program. The
#               # authenticator should read a username from
#               # command line and a password from standard input.
#               # Exit status 0 means successful authentication.
#
# Disablers of some facility adverticements
#PARAM  NoEHLO
#PARAM  NoPIPELINING
#PARAM  No8BITMIME
#PARAM  NoCHUNKING
#PARAM  NoDSN
#PARAM  NoETRN
#PARAM  no-multiline-replies # except to EHLO
#
# HDR220 metatags:
#  %% -- ’%’ character
#  %H -- SS->myhostname
#  %I -- ’+IDENT’ if ’identflg’ is set
#  %V -- VersionNumb
#  %T -- curtime string
#  %X -- xlatelang parameter
#
#PARAM hdr220 %H ZMailer ESMTP-server %V running at Yoyodyne Inc.
#PARAM hdr220 %H (NO UCE)(NO UBE) our local time is now %T
#
PARAM help ------------------------------------------------------
PARAM help  This mail-server is at Yoyodyne Propulsion Inc.
PARAM help  Our telephone number is: +1-234-567-8900, and
PARAM help  telefax number is: +1-234-567-8999
PARAM help  Our business-hours are Mon-Fri: 0800-1700 (TZ: -0700)
PARAM help
PARAM help  Questions regarding our email service should be sent
PARAM help  via email to address  <postmaster@OURDOMAIN>
PARAM help  Reports about abuse are to be sent to: <abuse@OURDOMAIN>
PARAM help ------------------------------------------------------
#
# Uncomment following for not to strip incoming addresses of
# form: <@aa,@bb:cc@dd> into non-source-routed base form: <cc@dd>
#
#PARAM allowsourceroute
#
# The policy database:
# (NOTE: See ’makedb’ for its default suffixes!)
#
PARAM  policydb   $DBTYPE  $MAILVAR/db/smtp−policy
#
# External program for received message content analysis:
#PARAM  contentfilter  $MAILBIN/smtp-content-policy-analysis

#PARAM  tarpit 0 0   # No "tarpit" for 4XX/5XX reply codes
#PARAM  tarpit 20 2  # Initial delay: 20 secs, next = prev + (prev * 2)

#
# TLSv1/SSLv[23] parameters;
# all must be used for the system to work!
#
# See   doc/guides/openssl,  or:
# http://www.aet.tu-cottbus.de/personen/jaenicke/pfixtls/doc/setup.html
#
#PARAM  use-tls
##PARAM listen-ssmtp    # A deprecated TCP/465 port listener for SSL/SMTP
#PARAM  tls-CAfile      $MAILVAR/db/smtpserver-CAcert.pem
#PARAM  tls-cert-file   $MAILVAR/db/smtpserver-cert.pem
#PARAM  tls-key-file    $MAILVAR/db/smtpserver-key.pem
#  # Then some futher thoughs that may materialize some time..
#PARAM tls-loglevel     0
#PARAM tls-ccert-vd     0
#PARAM tls-ask-cert     0
#PARAM tls-require-cert 0
##PARAM tls-CApath ... (somewhen: verify client’s certificates)
##PARAM tls-enforce-tls 1

# Elements to be added into "Received:" header’s
# initial comment part:
#
#PARAM rcvd-ident       # The ident lookup result
#                       # (or even admitting it having queried)
#PARAM rcvd-whoson      # Likewise for "whoson"
#PARAM rcvd-auth-user   # Authenticated Username
#PARAM rcvd-tls-mode    # Cipher or not
#PARAM rcvd-tls-ccert   # Client Certificate reference

# A load-balanced server cluster may want to communicate
# the ETRN request to cluster components, here is how:
# See also:  doc/guides/etrn-cluster
#
#PARAM etrn-cluster localhost mq2-username mq2-passwd
#PARAM etrn-cluster node-2-name-or-address mq2-username mq2-passwd
#PARAM etrn-cluster node-3-name-or-address mq2-username mq2-passwd
#...
#PARAM etrn-cluster node-40-name-or-address mq2-username mq2-passwd


#
#
# HELO/EHLO-pattern     style-flags
#               [max loadavg]
#
localhost           999 ftveR
some.host.domain    999 !NO EMAIL ACCEPTED FROM YOUR MACHINE
# If the host presents itself as:  HELO [1.2.3.4]  be lenient to
# it..  The syntax below is due to these patterns being SH-GLOB
# style patterns where the brackets are special characters.
\[*\]               999 ve
# Per default demant strict syntactic adherence, including fully
# qualified addresses for  MAIL FROM, and RCPT TO.  To be lenient
# on that detail, remove the "R" from "veR" string below:
*                   999 veR

CONTENTFILTER INTERFACE

The contentfilter program is started without parameters running userid of daemon in directory $POSTOFFICE.

The program must silently wait for input, which is full path to the message spool file, analyze it, and reply with exactly one line matching rule of: "%i " -- begin with signed integer, then have one or more whitespace, then whatever filter writer liked.

General rule:

 -1 negatives are condemned into rejection
  0 zero is ok! gladly accepted
  1 positives are sent into the freezer

The program may produce also the numeric SMTP reply codes in its response text:

 -1
 -1 250 2.7.1 Glad to see some spam, immediately destroyed :)
  0
  0 250 2.6.0 Message OK!
  1
  1 550 5.7.1 That is spam, rejected!

If the message has no text, some defaults are supplied. If the message text starts with numbers, it is presumed that it contains both the SMTP reply code, and ENHANCEDSTATUSCODE before the text. (If no ENHANCEDSTATUSCODE part is present, then some possibly senseless default is supplied.)

Interface message text lines beginning with anything except signed integer are logged, and the communication channel from the smtpserver to the contentfilter program is closed. Interface continues to scan things reported by the contentfilter program, and if no properly formatted line appears, default is to send the message into the freezer ("-1");

TCP−WRAPPER AND SMTPSERVER

If the ZMailer system is configured with tcp-wrapper code, then service-id "smtp-receive" is looked for all those addresses that are allowed to feed SMTP email in.

Usually this mode of operation is not used, and files hosts.allow, and hosts.deny contain following kind of entries:

/ETC/hosts.allow

   mailq : ALL [AT] 1.0
   smtp−receive: ALL@ALL

   /ETC/hosts.deny
   ALL : ALL@ALL

Alternatively, all the functions which tcp-wrapper could supply are also available thru the policy database machinery.

(Do note that scheduler(8) has also tcp−wrapper support, which becomes active simultaneously with smtpserver’s tcp−wrapper code!)

PAM−SUPPORT FOR SMTP−AUTH

If the system has <security/pam_appl.h> file, following file will also be needed for the system:

------- /etc/pam.d/smtpauth-login -----------
#%PAM-1.0
auth     required  /lib/security/pam_pwdb.so shadow
auth     required  /lib/security/pam_nologin.so
account  required  /lib/security/pam_pwdb.so

SMTP−POLICY CONFIGURATION

This subsystem of smtpserver does control acceptability of recipient envelope addresses per several criteria:

	-		"contactee IP address"
	-		SMTP "MAIL FROM:<..>" address
	-		SMTP "RCPT TO:<..>" addresses
	-		"various control files"

Specifically the $MAILBIN/policy-builder.sh script uses following files:

If you want, you can modify your boiler plate as well as your installed policy-builder.sh script. (Doing ’make install’ will overwrite policy-builder.sh, but not smtp−policy.src)

Basically these various source files (when existing) are used to combine knowledge of valid users around us. Some datasets have two input source files, smtp−policy.NN and smtp−policy.NN.manual, the ".manual" is intended to be overrider of of possibly autogenerated data at the "plain" version of files.
localnames

Who we are -- ok for receiving; does not grant outgoing relay capability.

smtp−policy.relay
smtp−policy.relay.manual

Who can use us as outbound relay.

Use here

[ip.number]/maskwidth

for listing those senders (networks) we absolutely trust. Additionally you may give (at the same line) some attributes as parameters for this key entry:

fulltrustnet + trustrecipient +

First pair will accept any source address, and any recipient addresses that are fed to the server; the second will verify the source address, but after that it will accept any recipient addresses.

You may also enter domains which are looked up for the hostname of reversed IP address, but it is not very wise; IP-reversal is not trustworthy data. It may also cause double- entry/level descendance problems when two domain-suffixes have same ending suffix (or are the same).. (Name/keyspace problem)

We can set the internal "always_accept" flag at the source IP test, and never after.

smtp−policy.mx
smtp−policy.mx.manual

Who really are our MX clients.

Use this when you really know them, and don’t want just to trust that if recipient has MX to you, it would be ok... You can substitute this knowledge with a fuzzy feeling by using ’acceptifmx +’ attribute at the generic boilerplate.

List here domain names.

You CAN also list here all POSTMASTER addresses you accept email routed to:

postmaster [AT] local.domain postmaster [AT] client.domain

these are magic addresses that email is accepted to, even when everything else is blocked.

smtp−policy.spam
smtp−policy.spam.manual

Those users & domains that are absolutely no-no for the senders, or the recipients, no matter what earlier analysis has shown. (Except for those that we absolutely trust..)

Short usage instructions:

	-		Fill in/modify related files
	-		Execute MAILBIN/policy-builder.sh script

SMTP−POLICY TESTING

You can run the smtpserver in a mode where you can claim to be from any address in the outside world you wish:

$MAILBIN/smtpserver −i −d 1 −T ’[1.2.3.4]’

The mode must be interactive (−i), and supplying debug mode (−d 1) to it is good help.

Actual claimed connection source address is to be given inside square brackets as a SMTP IP address literal.

Now you can try things like:

  220 ...
  EHLO foo
  ...
  MAIL FROM:<>
  ...
  RCPT TO:<address [AT] local.domain>
  ...
  RCPT TO:<address [AT] elsewere.domain>
  ...

(Substitute some real domains into those RCPT TO lines -- "local.domain" is a hint about what to pick for it..)

Depending what kind of address you have supplied to the -T parameter, they get either accepted, or rejected.

SMTP−POLICY RBL−TYPE BLOCKING LISTS

Per default the system does not use RBL-type blocking lists. There are two ways how to take them into use:

You can start rejecting at the connection setup and then at MAIL FROM (and RCPT TO).

However many (especially M$ environment) SMTP clients won’t react on that properly, and will just keep repeating the delivery attempts.

You can delay the rejections until RCPT addresses are given.

SMTP−POLICY; IMMEDIATE REJECTION BY RBL

Like mentioned above, this method has a problem with many clients who don’t believe that HELO can give 500-series response.

Method is as follows:

Pick your choice of databases to the second variant ’’_rbl0’’ label by joining your selection from various things exemplified here below by using ’’:’’ character as glue in between:

’’+’’ alias ’’rbl.maps.vix.com’’
’’relays.mail-abuse.org’’
’’dul.maps.vix.com’’
’’relays.orbs.org’’
’’ok.orbs.org:relays.orbs.org’’ <-- THIS IS A PAIR!

For the ’’ok.orbs.org:relays.orbs.org’’ the ZMailer 2.99.52patch2 has special support, but it isn’t entirely fool-proof thing... (Due to false OKs in the OK zone while NETBLOCK type things exist at the RELAYS zone.)

An example for the resulting attribute pair: (RBL+DUL+RSS)

  #| Second RBL variant: Early block with RBL+DUL+RSS
  _rbl0   test-dns-rbl  +:dul.maps.vix.com:relays.mail-abuse.org
  _rbl1   # Nothing

SMTP−POLICY; DELAYED REJECTION BY RBL

Delay the rejection report to ’’RCPT TO’’ verbs by using the ’’Third RBL variant’’:

  #| Third RBL variant: Late block with RBL+DUL+RSS
  _rbl0   rcpt-dns-rbl      +:dul.maps.vix.com:relays.mail-abuse.org
  _rbl1   test-rcpt-dns-rbl +

The sample boilerplace will use these as defaults unless you choose to explicitely have ’’test-rcpt-dns-rbl -’’ at some of the recipient domains you list at smtp−policy.mx file:

  #sample.domain.with.rbl
  sample.domain.no.rbl    test-rcpt-dns-rbl -

FILES

/etc/zmailer.conf
/var/spool/postoffice/.pid.smtpserver (POSTOFFICE/.pid.smtpserver)
/local/share/mail/smtpserver.conf (MAILSHARE/smtpserver.conf)
/etc/pam.d/smtpauth-login (if PAM mechanism is present and plain-password authentication is wanted)

AUTHOR

This program authored and copyright by:
Rayan Zachariassen (was at U of Toronto)
Extended SMTP, policy facilities, etc. by
Matti Aarnio <mea [AT] nic.fi>

Manpages

NAME

SYNOPSIS