Difference between revisions of "Qpsmtpd"

From SME Server
Jump to navigationJump to search
(A place to gather configuration notes on qpsmtpd plugins...)
 
 
(7 intermediate revisions by the same user not shown)
Line 5: Line 5:
  
 
==Upgrade Considerations==
 
==Upgrade Considerations==
* A-Record DNSBL Services
+
===A-Record DNSBL Services===
: Some DNSBL services - notably b.barracudacentral.org - provide their results using a DNS "A" record instead of a DNS TXT record.  The dnsbl plugin requires these services to include a colon (":") in dnsbl_zones - however, SME used to use a colon the server separator in the configuration database.  In order to support these A-Record DNSBL services, the separator for RBLList, SBLList, and the new UBLList is now a comma. You can now configure b.barracudacentral.org using (note the single quotes):
+
: Some DNSBL services - notably b.barracudacentral.org - provide their results using a DNS "A" record instead of a DNS TXT record.  The dnsbl plugin requires these services to include a colon (":") in dnsbl_zones - however, SME used to use a colon the server separator in the configuration database.  In order to support these A-Record DNSBL services, the separator for RBLList, SBLList, and the new UBLList is now a comma.  
 +
 
 +
: You can now configure b.barracudacentral.org using (note the single quotes):
 
: <code><nowiki>config setprop qpsmtpd RBLList server1,server2,'b.barracudacentral.org:Blocked - see <http://bbl.barracudacentral.com/q.cgi?ip=%IP%>'</nowiki></code>
 
: <code><nowiki>config setprop qpsmtpd RBLList server1,server2,'b.barracudacentral.org:Blocked - see <http://bbl.barracudacentral.com/q.cgi?ip=%IP%>'</nowiki></code>
* DKIM & DMARC
+
 
 +
===DKIM & DMARC===
 
: DKIM & DMARC are now supported natively by SME Server.  To enable these you will need to configure appropriate DNS records in your public DNS server.
 
: DKIM & DMARC are now supported natively by SME Server.  To enable these you will need to configure appropriate DNS records in your public DNS server.
 
: There are forum reports of problems for users who had DKIM enabled using the DKIM contrib.
 
: There are forum reports of problems for users who had DKIM enabled using the DKIM contrib.
* URIBL
+
===URIBL===
: SME Server now supports URIBL - the ability to block emails that contain known malicious URLs within the body of the email.  This service is disabled by default.
+
: qpsmtpd now supports URIBL - the ability to block emails that contain known malicious URLs within the body of the email.  This service is disabled by default.
* "Naughty" plugin
+
 
 +
: Enable URIBL with the default services using:
 +
<nowiki>config setprop qpsmtpd URIBL enabled
 +
signal-event email-update</nowiki>
 +
 
 +
: '''Note:''' If your SME server is using high traffic external DNS forwarders like [https://developers.google.com/speed/public-dns/ google] (8.8.8.8 / 8.8.4.4), [https://www.opendns.com/setupguide/ opendns] (208.67.222.222 / 208.67.220.220), or any large ISP's (Cox, Comcast, Verizon), enabling URIBL may block all incoming email.  This will only affect you if you have configured a DNS forwarder in server-manager -- a default SME server installation does its own direct DNS lookups and would not be affected unless you receive over 250,000 emails per day.
 +
 
 +
:  Read more at http://uribl.com/refused.shtml
 +
 
 +
==="Naughty" plugin===
 
: SME Server is now using the 'naughty' plugin which allows early plugins like dnsbl, earlytalker, etc to indicate that the email should be rejected at a later point in the interaction.  This allows the server to log extra information for denied emails.  Specifically, emails denied by dnsbl will now show the sender and recipient email addresses in the qpsmtpd log
 
: SME Server is now using the 'naughty' plugin which allows early plugins like dnsbl, earlytalker, etc to indicate that the email should be rejected at a later point in the interaction.  This allows the server to log extra information for denied emails.  Specifically, emails denied by dnsbl will now show the sender and recipient email addresses in the qpsmtpd log
  
Line 31: Line 43:
 
</div><br>
 
</div><br>
 
<div style="column-count:4;-moz-column-count:4;-webkit-column-count:4">
 
<div style="column-count:4;-moz-column-count:4;-webkit-column-count:4">
* [[Qpsmtpd:auth|auth]] (AC)
+
* [[Qpsmtpd:auth/auth_checkpassword|auth/auth_checkpassword]] (U)
 +
* [[Qpsmtpd:auth/auth_cvm_unix_local|auth/auth_cvm_unix_local]] (AC)
 +
* [[Qpsmtpd:auth/authdeny|auth/authdeny]] (U)
 +
* [[Qpsmtpd:auth/auth_flat_file|auth/auth_flat_file]] (U)
 +
* [[Qpsmtpd:auth/auth_imap|auth/auth_imap]] (U)
 +
* [[Qpsmtpd:auth/auth_ldap_bind|auth/auth_ldap_bind]] (U)
 +
* [[Qpsmtpd:auth/auth_vpopmail|auth/auth_vpopmail]] (U)
 +
* [[Qpsmtpd:auth/auth_vpopmaild|auth/auth_vpopmaild]] (U)
 +
* [[Qpsmtpd:auth/auth_vpopmail_sql|auth/auth_vpopmail_sql]] (U)
 
* [[Qpsmtpd:autowhitelist_relayrcpt|autowhitelist_relayrcpt]] (U)
 
* [[Qpsmtpd:autowhitelist_relayrcpt|autowhitelist_relayrcpt]] (U)
 
* [[Qpsmtpd:badmailfrom|badmailfrom]]
 
* [[Qpsmtpd:badmailfrom|badmailfrom]]
Line 40: Line 60:
 
* [[Qpsmtpd:check_goodrcptto|check_goodrcptto]] (AC)
 
* [[Qpsmtpd:check_goodrcptto|check_goodrcptto]] (AC)
 
* [[Qpsmtpd:check_smtp_forward|check_smtp_forward]] (AC)
 
* [[Qpsmtpd:check_smtp_forward|check_smtp_forward]] (AC)
* [[Qpsmtpd:connection_time|connection_time]] (U CW)
+
* [[Qpsmtpd_connection_time|connection_time]] (U CW)
 
* [[Qpsmtpd:content_log|content_log]] (U)
 
* [[Qpsmtpd:content_log|content_log]] (U)
 
* [[Qpsmtpd:count_unrecognized_commands|count_unrecognized_commands]] (DB)
 
* [[Qpsmtpd:count_unrecognized_commands|count_unrecognized_commands]] (DB)
 
* [[Qpsmtpd:denysoft_multi_rcpt|denysoft_multi_rcpt]] (U)
 
* [[Qpsmtpd:denysoft_multi_rcpt|denysoft_multi_rcpt]] (U)
* [[Qpsmtpd:disclaimer|disclaimer]] (U DB CW)
+
* [[Email#How_do_I_enable_and_configure_a_disclaimer_in_email_messages|disclaimer]] (U DB CW)
 
* [[Qpsmtpd:dkim|dkim]] (+ DB E)
 
* [[Qpsmtpd:dkim|dkim]] (+ DB E)
 
* [[Qpsmtpd:dkim_sign|dkim_sign]] (+ DB E)
 
* [[Qpsmtpd:dkim_sign|dkim_sign]] (+ DB E)
 
* [[Qpsmtpd:dmarc|dmarc]] (+ DB E)
 
* [[Qpsmtpd:dmarc|dmarc]] (+ DB E)
* [[Qpsmtpd:dnsbl|dnsbl]] (* DB CW)
+
* [[Email#Real-time_Blackhole_List_.28RBL.29|dnsbl]] (* DB CW)
 
* [[Qpsmtpd:dns_whitelist_soft|dns_whitelist_soft]] (U)
 
* [[Qpsmtpd:dns_whitelist_soft|dns_whitelist_soft]] (U)
 
* [[Qpsmtpd:domainkeys|domainkeys]]
 
* [[Qpsmtpd:domainkeys|domainkeys]]
 
* [[Qpsmtpd:dont_require_anglebrackets|dont_require_anglebrackets]] (U)
 
* [[Qpsmtpd:dont_require_anglebrackets|dont_require_anglebrackets]] (U)
 
* [[Qpsmtpd:dspam|dspam]] (U)
 
* [[Qpsmtpd:dspam|dspam]] (U)
* [[Qpsmtpd:earlytalker|earlytalker]] (AC CW)
+
* [[Qpsmtpd_check_earlytalker|earlytalker]] (AC CW)
 
* [[Qpsmtpd:exe_filter|exe_filter]] (U AC)
 
* [[Qpsmtpd:exe_filter|exe_filter]] (U AC)
 
* [[Qpsmtpd:fcrdns|fcrdns]] (U)
 
* [[Qpsmtpd:fcrdns|fcrdns]] (U)
 
* [[Qpsmtpd:fix_headers_case|fix_headers_case]] (U CW)
 
* [[Qpsmtpd:fix_headers_case|fix_headers_case]] (U CW)
* [[Qpsmtpd:greylisting|greylisting]] (U CW)
+
* [[Greylisting|greylisting]] (U CW)
 
* [[Qpsmtpd:handler|handler]] (U)
 
* [[Qpsmtpd:handler|handler]] (U)
 
* [[Qpsmtpd:headers|headers]] (*)
 
* [[Qpsmtpd:headers|headers]] (*)
Line 64: Line 84:
 
* [[Qpsmtpd:hosts_allow|hosts_allow]] (AC)
 
* [[Qpsmtpd:hosts_allow|hosts_allow]] (AC)
 
* [[Qpsmtpd:http_config|http_config]] (U)
 
* [[Qpsmtpd:http_config|http_config]] (U)
* [[Qpsmtpd:ident|ident]] (U)
+
* [[Qpsmtpd:ident/geoip|ident/geoip]] (U)
 +
* [[Qpsmtpd:ident/p0f|ident/p0f]] (U)
 
* [[Qpsmtpd:karma|karma]] (+ U DB)  
 
* [[Qpsmtpd:karma|karma]] (+ U DB)  
 
* [[Qpsmtpd:karma_tool|karma_tool]]
 
* [[Qpsmtpd:karma_tool|karma_tool]]
Line 86: Line 107:
 
* [[Qpsmtpd:relay|relay]] (AC)
 
* [[Qpsmtpd:relay|relay]] (AC)
 
* [[Qpsmtpd:resolvable_fromhost|resolvable_fromhost]] (AC)
 
* [[Qpsmtpd:resolvable_fromhost|resolvable_fromhost]] (AC)
* [[Qpsmtpd:rhsbl|rhsbl]] (* DB CW)
+
* [[Email#Real-time_Blackhole_List_.28RBL.29|rhsbl]] (* DB CW)
 
* [[Qpsmtpd:sender_permitted_from|sender_permitted_from]] (+?)
 
* [[Qpsmtpd:sender_permitted_from|sender_permitted_from]] (+?)
* [[Qpsmtpd:spamassassin|spamassassin]] (DB SM AC CW)
+
* [[Email#Spamassassin|spamassassin]] (DB SM AC CW)
 
* [[Qpsmtpd:stunnel|stunnel]] (U)
 
* [[Qpsmtpd:stunnel|stunnel]] (U)
 
* [[Qpsmtpd:tls|tls]] (AC)
 
* [[Qpsmtpd:tls|tls]] (AC)
Line 95: Line 116:
 
* [[Qpsmtpd:uribl|uribl]] (+ DB)
 
* [[Qpsmtpd:uribl|uribl]] (+ DB)
 
* [[Qpsmtpd:user_config|user_config]] (U)
 
* [[Qpsmtpd:user_config|user_config]] (U)
* [[Qpsmtpd:virus|virus]] (DB SM CW)
+
* [[Virus:Email_Attachment_Blocking|virus]] (DB SM CW)
 
* [[Qpsmtpd:whitelist|whitelist]] (U?)
 
* [[Qpsmtpd:whitelist|whitelist]] (U?)
 
</div>
 
</div>
  
 
----
 
----
[[Category:Mail]]
+
[[Category:Mail]][[Category:Qpsmtpd]]

Latest revision as of 14:21, 8 April 2019

qpsmtpd

qpsmtpd has been a core component of SME Server since SME 7, providing advanced spam fighting capabilities.

SME Server 9.2 introduces qpsmtpd 0.96 with several new capabilities. At the same time, smeserver-qpsmtpd has been updated to provide additional SME Server configuration options.

Upgrade Considerations

A-Record DNSBL Services

Some DNSBL services - notably b.barracudacentral.org - provide their results using a DNS "A" record instead of a DNS TXT record. The dnsbl plugin requires these services to include a colon (":") in dnsbl_zones - however, SME used to use a colon the server separator in the configuration database. In order to support these A-Record DNSBL services, the separator for RBLList, SBLList, and the new UBLList is now a comma.
You can now configure b.barracudacentral.org using (note the single quotes):
config setprop qpsmtpd RBLList server1,server2,'b.barracudacentral.org:Blocked - see <http://bbl.barracudacentral.com/q.cgi?ip=%IP%>'

DKIM & DMARC

DKIM & DMARC are now supported natively by SME Server. To enable these you will need to configure appropriate DNS records in your public DNS server.
There are forum reports of problems for users who had DKIM enabled using the DKIM contrib.

URIBL

qpsmtpd now supports URIBL - the ability to block emails that contain known malicious URLs within the body of the email. This service is disabled by default.
Enable URIBL with the default services using:
config setprop qpsmtpd URIBL enabled
signal-event email-update
Note: If your SME server is using high traffic external DNS forwarders like google (8.8.8.8 / 8.8.4.4), opendns (208.67.222.222 / 208.67.220.220), or any large ISP's (Cox, Comcast, Verizon), enabling URIBL may block all incoming email. This will only affect you if you have configured a DNS forwarder in server-manager -- a default SME server installation does its own direct DNS lookups and would not be affected unless you receive over 250,000 emails per day.
Read more at http://uribl.com/refused.shtml

"Naughty" plugin

SME Server is now using the 'naughty' plugin which allows early plugins like dnsbl, earlytalker, etc to indicate that the email should be rejected at a later point in the interaction. This allows the server to log extra information for denied emails. Specifically, emails denied by dnsbl will now show the sender and recipient email addresses in the qpsmtpd log

Plugins

Below is a list of all the plugins from /usr/share/qpsmtpd/plugins on a freshly updated SME 9.2 server.

+ New in SME 9.2
* Improved or changed in SME 9.2
U Unused (by default) in SME Server
E Extra / External Configuration Required
CW Contrib or Wiki page exists that uses this plugin
SM Can be configured using server-manager
DB Can be configured using db variables
AC Auto-configured by SME Server