Difference between revisions of "Qpsmtpd"
From SME Server
Jump to navigationJump to search (→URIBL) |
|||
(3 intermediate revisions by the same user not shown) | |||
Line 15: | Line 15: | ||
: There are forum reports of problems for users who had DKIM enabled using the DKIM contrib. | : There are forum reports of problems for users who had DKIM enabled using the DKIM contrib. | ||
===URIBL=== | ===URIBL=== | ||
− | : | + | : qpsmtpd now supports URIBL - the ability to block emails that contain known malicious URLs within the body of the email. This service is disabled by default. |
: Enable URIBL with the default services using: | : Enable URIBL with the default services using: | ||
<nowiki>config setprop qpsmtpd URIBL enabled | <nowiki>config setprop qpsmtpd URIBL enabled | ||
signal-event email-update</nowiki> | signal-event email-update</nowiki> | ||
+ | |||
+ | : '''Note:''' If your SME server is using high traffic external DNS forwarders like [https://developers.google.com/speed/public-dns/ google] (8.8.8.8 / 8.8.4.4), [https://www.opendns.com/setupguide/ opendns] (208.67.222.222 / 208.67.220.220), or any large ISP's (Cox, Comcast, Verizon), enabling URIBL may block all incoming email. This will only affect you if you have configured a DNS forwarder in server-manager -- a default SME server installation does its own direct DNS lookups and would not be affected unless you receive over 250,000 emails per day. | ||
+ | |||
+ | : Read more at http://uribl.com/refused.shtml | ||
==="Naughty" plugin=== | ==="Naughty" plugin=== | ||
Line 39: | Line 43: | ||
</div><br> | </div><br> | ||
<div style="column-count:4;-moz-column-count:4;-webkit-column-count:4"> | <div style="column-count:4;-moz-column-count:4;-webkit-column-count:4"> | ||
− | * [[Qpsmtpd:auth|auth]] (AC) | + | * [[Qpsmtpd:auth/auth_checkpassword|auth/auth_checkpassword]] (U) |
+ | * [[Qpsmtpd:auth/auth_cvm_unix_local|auth/auth_cvm_unix_local]] (AC) | ||
+ | * [[Qpsmtpd:auth/authdeny|auth/authdeny]] (U) | ||
+ | * [[Qpsmtpd:auth/auth_flat_file|auth/auth_flat_file]] (U) | ||
+ | * [[Qpsmtpd:auth/auth_imap|auth/auth_imap]] (U) | ||
+ | * [[Qpsmtpd:auth/auth_ldap_bind|auth/auth_ldap_bind]] (U) | ||
+ | * [[Qpsmtpd:auth/auth_vpopmail|auth/auth_vpopmail]] (U) | ||
+ | * [[Qpsmtpd:auth/auth_vpopmaild|auth/auth_vpopmaild]] (U) | ||
+ | * [[Qpsmtpd:auth/auth_vpopmail_sql|auth/auth_vpopmail_sql]] (U) | ||
* [[Qpsmtpd:autowhitelist_relayrcpt|autowhitelist_relayrcpt]] (U) | * [[Qpsmtpd:autowhitelist_relayrcpt|autowhitelist_relayrcpt]] (U) | ||
* [[Qpsmtpd:badmailfrom|badmailfrom]] | * [[Qpsmtpd:badmailfrom|badmailfrom]] | ||
Line 72: | Line 84: | ||
* [[Qpsmtpd:hosts_allow|hosts_allow]] (AC) | * [[Qpsmtpd:hosts_allow|hosts_allow]] (AC) | ||
* [[Qpsmtpd:http_config|http_config]] (U) | * [[Qpsmtpd:http_config|http_config]] (U) | ||
− | * [[Qpsmtpd:ident|ident]] (U) | + | * [[Qpsmtpd:ident/geoip|ident/geoip]] (U) |
+ | * [[Qpsmtpd:ident/p0f|ident/p0f]] (U) | ||
* [[Qpsmtpd:karma|karma]] (+ U DB) | * [[Qpsmtpd:karma|karma]] (+ U DB) | ||
* [[Qpsmtpd:karma_tool|karma_tool]] | * [[Qpsmtpd:karma_tool|karma_tool]] | ||
Line 108: | Line 121: | ||
---- | ---- | ||
− | [[Category:Mail]] | + | [[Category:Mail]][[Category:Qpsmtpd]] |
Latest revision as of 14:21, 8 April 2019
qpsmtpd
qpsmtpd has been a core component of SME Server since SME 7, providing advanced spam fighting capabilities.
SME Server 9.2 introduces qpsmtpd 0.96 with several new capabilities. At the same time, smeserver-qpsmtpd has been updated to provide additional SME Server configuration options.
Upgrade Considerations
A-Record DNSBL Services
- Some DNSBL services - notably b.barracudacentral.org - provide their results using a DNS "A" record instead of a DNS TXT record. The dnsbl plugin requires these services to include a colon (":") in dnsbl_zones - however, SME used to use a colon the server separator in the configuration database. In order to support these A-Record DNSBL services, the separator for RBLList, SBLList, and the new UBLList is now a comma.
- You can now configure b.barracudacentral.org using (note the single quotes):
config setprop qpsmtpd RBLList server1,server2,'b.barracudacentral.org:Blocked - see <http://bbl.barracudacentral.com/q.cgi?ip=%IP%>'
DKIM & DMARC
- DKIM & DMARC are now supported natively by SME Server. To enable these you will need to configure appropriate DNS records in your public DNS server.
- There are forum reports of problems for users who had DKIM enabled using the DKIM contrib.
URIBL
- qpsmtpd now supports URIBL - the ability to block emails that contain known malicious URLs within the body of the email. This service is disabled by default.
- Enable URIBL with the default services using:
config setprop qpsmtpd URIBL enabled signal-event email-update
- Note: If your SME server is using high traffic external DNS forwarders like google (8.8.8.8 / 8.8.4.4), opendns (208.67.222.222 / 208.67.220.220), or any large ISP's (Cox, Comcast, Verizon), enabling URIBL may block all incoming email. This will only affect you if you have configured a DNS forwarder in server-manager -- a default SME server installation does its own direct DNS lookups and would not be affected unless you receive over 250,000 emails per day.
- Read more at http://uribl.com/refused.shtml
"Naughty" plugin
- SME Server is now using the 'naughty' plugin which allows early plugins like dnsbl, earlytalker, etc to indicate that the email should be rejected at a later point in the interaction. This allows the server to log extra information for denied emails. Specifically, emails denied by dnsbl will now show the sender and recipient email addresses in the qpsmtpd log
Plugins
Below is a list of all the plugins from /usr/share/qpsmtpd/plugins on a freshly updated SME 9.2 server.
+ New in SME 9.2
* Improved or changed in SME 9.2
U Unused (by default) in SME Server
E Extra / External Configuration Required
CW Contrib or Wiki page exists that uses this plugin
SM Can be configured using server-manager
DB Can be configured using db variables
AC Auto-configured by SME Server
- auth/auth_checkpassword (U)
- auth/auth_cvm_unix_local (AC)
- auth/authdeny (U)
- auth/auth_flat_file (U)
- auth/auth_imap (U)
- auth/auth_ldap_bind (U)
- auth/auth_vpopmail (U)
- auth/auth_vpopmaild (U)
- auth/auth_vpopmail_sql (U)
- autowhitelist_relayrcpt (U)
- badmailfrom
- badmailfromto (U)
- badrcptto (AC)
- bcc (U DB)
- bogus_bounce (+ DB)
- check_goodrcptto (AC)
- check_smtp_forward (AC)
- connection_time (U CW)
- content_log (U)
- count_unrecognized_commands (DB)
- denysoft_multi_rcpt (U)
- disclaimer (U DB CW)
- dkim (+ DB E)
- dkim_sign (+ DB E)
- dmarc (+ DB E)
- dnsbl (* DB CW)
- dns_whitelist_soft (U)
- domainkeys
- dont_require_anglebrackets (U)
- dspam (U)
- earlytalker (AC CW)
- exe_filter (U AC)
- fcrdns (U)
- fix_headers_case (U CW)
- greylisting (U CW)
- handler (U)
- headers (*)
- helo (AC)
- help (U)
- hosts_allow (AC)
- http_config (U)
- ident/geoip (U)
- ident/p0f (U)
- karma (+ U DB)
- karma_tool
- loadcheck (+)
- logging (AC)
- loop (U)
- milter (U)
- naughty (+)
- noop_counter (U)
- parse_addr_withhelo (U)
- peers (AC)
- per_user_config (U CW)
- qmail_deliverable (U)
- queue (AC)
- quit_fortune (U)
- random_error (U)
- rcpt_map (U)
- rcpt_ok (AC)
- rcpt_regexp (U)
- registry.txt (U)
- relay (AC)
- resolvable_fromhost (AC)
- rhsbl (* DB CW)
- sender_permitted_from (+?)
- spamassassin (DB SM AC CW)
- stunnel (U)
- tls (AC)
- tls_cert
- tnef2mime (AC)
- uribl (+ DB)
- user_config (U)
- virus (DB SM CW)
- whitelist (U?)