80
edits
Changes
From SME Server
Jump to navigationJump to search→Qpsmtpd for SME versions 9.2 and Later
The karma plugin tracks sender history. For each inbound email, various plugins can raise, or lower the "naughtiness" of the connection (eg, if SPF check passes, if the message is spammy etc...). For each host sending us email, the total number of connections, and the number of good and bad connections is recorded in a database. If a host as more bad than good connections in its history, emails will be rejected for 1 day. 3 settings are available for this plugin:
The karma plugin tracks sender history. For each inbound email, various plugins can raise, or lower the "naughtiness" of the connection (eg, if SPF check passes, if the message is spammy etc...). For each host sending us email, the total number of connections, and the number of good and bad connections is recorded in a database. If a host as more bad than good connections in its history, emails will be rejected for 1 day. 3 settings are available for this plugin:
* Karma (enabled|disabled): Default value is disabled. Change to enabled to use the plugin
* Karma (enabled|disabled): Default value is disabled. Change to enabled to use the plugin<br />
* KarmaNegative (integer): Default value is 2. It's the delta between good and bad connection to consider the host naughty enough to block it for 1 day. Eg, with a default value of two, a host can be considered naughty if it sent you 8 good emails and 10 bad ones
* KarmaNegative (integer): Default value is 2.<br /> It's the delta between good and bad connection to consider the host naughty enough to block it for 1 day.<br /> Eg, with a default value of two, a host can be considered naughty if it sent you 8 good emails and 10 bad ones<br />
* KarmaStrikes (integer): Default value is 3. This is the threshold for a single email to be considered good or bad. Eg, with the default value of 3, an email needs at least 3 bad karmas (reaches -3) for the connection to be considered bad. On the other side, 3 good karmas are needed for the connection to be considered good. Between the two, the connection is considered neutral and won't be used in the history count
* KarmaStrikes (integer): Default value is 3. This is the threshold for a single email to be considered good or bad. <br />Eg, with the default value of 3, an email needs at least 3 bad karmas (reaches -3) for the connection to be considered bad.<br />On the other side, 3 good karmas are needed for the connection to be considered good. Between the two, the connection is considered neutral<br />and won't be used in the history count
Example:
Example:
* URIBL (enabled|disabled): Default is disabled. Set this to enabled to use the plugin
* URIBL (enabled|disabled): Default is disabled. Set this to enabled to use the plugin
* UBLList: (Comma separated list addresses): Default value is **multi.surbl.org:8-16-64-128,black.uribl.com,rhsbl.sorbs.net**.
* UBLList: (Comma separated list addresses): Default value is **multi.surbl.org:8-16-64-128,black.uribl.com,rhsbl.sorbs.net**.<br />This can be the same as RBLList. You can also set bitmask to use for combined lists (in the default value, the bitmask is 8-16-64-128)
This can be the same as RBLList. You can also set bitmask to use for combined lists (in the default value, the bitmask is 8-16-64-128)
DMARC is a policy on top of DKIM and SPF. By default, SPF and DKIM are now checked on every inbound emails, but no reject is attempted. The dmarc plugin can decide to reject the email (depending on the sender policy). dkim and spf plugins are always enabled. dmarc has two settings:
DMARC is a policy on top of DKIM and SPF. By default, SPF and DKIM are now checked on every inbound emails, but no reject is attempted. The dmarc plugin can decide to reject the email (depending on the sender policy). dkim and spf plugins are always enabled. dmarc has two settings:
* DMARCReject (enabled|disabled): Default value is disabled. If set to enabled, the dmarc plugin can decide to reject an email (if the policy of the sender is to reject on alignment failure)
* DMARCReject (enabled|disabled): Default value is disabled.<br />If set to enabled, the dmarc plugin can decide to reject an email (if the policy of the sender is to reject on alignment failure)<br />
* DMARCReporting (enabled|disabled): Default value is enabled. If set to enabled, enable reporting (which is the **r** in dma**r**c). Reporting is a very important part of the DMARC standard. When enabled, you'll record information about email you receive from domains which have published a DMARC policy in a local SQLite database (/var/lib/qpsmtpd/dmarc/reports.sqlite). Then, once a day, you send the aggregate reports to the domain owner so they have feedback. You can set this to disabled if you want to disable this feature
* DMARCReporting (enabled|disabled): Default value is enabled.<br />If set to enabled, enable reporting (which is the **r** in dma**r**c). Reporting is a very important part of the DMARC standard.<br />When enabled, you'll record information about email you receive from domains which have published a DMARC policy in a local<br />SQLite database (/var/lib/qpsmtpd/dmarc/reports.sqlite).<br />Then, once a day, you send the aggregate reports to the domain owner so they have feedback.<br />You can set this to disabled if you want to disable this feature<br />
* SPFRejectPolicy (0|1|2|3|4): Default value is 0. Set the policy to apply in case of SPF failure when the sender hasn't published a DMARC policy. Note: this is only used when no DMARC policy is published by the sender. If there's a DMARC policy, even a "p=none" one (meaning no reject), then the email won't be rejected, even on failed SPF tests.
* SPFRejectPolicy (0|1|2|3|4): Default value is 0. Set the policy to apply in case of SPF failure when the sender hasn't published a DMARC policy.<br />Note: this is only used when no DMARC policy is published by the sender.<br />If there's a DMARC policy, even a "p=none" one (meaning no reject), then the email won't be rejected, even on failed SPF tests.
* 0: do not reject anything
* 0: do not reject anything
* 1: reject when SPF says fail
* 1: reject when SPF says fail
