Line 1: |
Line 1: |
| {{WIP box|this is a work in progress for the new SME 11 qpsmtpd configuration}} | | {{WIP box|this is a work in progress for the new SME 11 qpsmtpd configuration}} |
| + | |
| + | TODO: update [[Email#qpsmtpd]] for SME11 |
| | | |
| =qpsmtpd= | | =qpsmtpd= |
Line 274: |
Line 276: |
| | | | | |
| |- | | |- |
| + | |HeloPolicy |
| + | |<nowiki>(lenient)[lenient | rfc | strict]</nowiki> |
| | | | | |
| | | | | |
| + | | |
| + | |- |
| + | |MaximumDateOffset |
| + | |(0) |
| | | | | |
| | | | | |
| | | | | |
| |- | | |- |
| + | |MaxLoad |
| + | |(7) |
| | | | | |
| | | | | |
| + | | |
| + | |- |
| + | |SPFRejectPolicy |
| + | |(0)[0-4] |
| + | | |
| + | | |
| + | | |
| + | |- |
| + | |DMARCReject |
| + | |<nowiki>(disabled)[enabled|disabled]</nowiki> |
| + | | |
| + | | |
| + | | |
| + | |- |
| + | |DMARCReporting |
| + | |<nowiki>(enabled)[enabled|disabled]</nowiki> |
| + | | |
| + | | |
| + | | |
| + | |- |
| + | |disclaimer |
| + | |<nowiki>(disabled)[enabled|disabled]</nowiki> |
| | | | | |
| | | | | |
Line 599: |
Line 631: |
| | | | | |
| | | | | |
− | |TO remove | + | |To remove |
| |- | | |- |
| |06auth_imap | | |06auth_imap |
Line 615: |
Line 647: |
| |X | | |X |
| | | | | |
− | | | + | |enabled by default ? |
| |- | | |- |
| |10earlytalker | | |10earlytalker |
− | | | + | |earlytalker |
| |X | | |X |
| | | | | |
| |X | | |X |
| | | | | |
− | | | + | |<nowiki>add wait and check-at [ CONNECT | DATA ] options</nowiki> |
| |- | | |- |
| |11bogus_bounce | | |11bogus_bounce |
− | | | + | |bogus_bounce |
| | | | | |
| | | | | |
Line 634: |
Line 666: |
| |- | | |- |
| |12count_unrecognized_commands | | |12count_unrecognized_commands |
− | | | + | |count_unrecognized_commands 4 |
| |X | | |X |
| | | | | |
Line 642: |
Line 674: |
| |- | | |- |
| |13bcc | | |13bcc |
| + | |bcc mode $qpsmtpd{BccMode} all $user |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
− | | | + | |add possibility to set direction (all/incoming/outgoing) |
− | |
| |
| |- | | |- |
| |14relay | | |14relay |
| + | |relay |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
− | | | + | |should we remove from 465 and 581 or set RELAY ONLY ? |
− | |
| |
| |- | | |- |
| |15helo | | |15helo |
− | | | + | |<nowiki>helo policy { $qpsmtpd{HeloPolicy} || 'lenient' } reject naughty</nowiki> |
| |X | | |X |
| | | | | |
Line 666: |
Line 698: |
| |- | | |- |
| |16resolvable_fromhost | | |16resolvable_fromhost |
− | | | + | |resolvable_fromhost |
| |X | | |X |
| | | | | |
Line 674: |
Line 706: |
| |- | | |- |
| |17headers | | |17headers |
− | | | + | |headers future $days past $days" if ($days) |
| | | | | |
| | | | | |
Line 682: |
Line 714: |
| |- | | |- |
| |19loadcheck | | |19loadcheck |
− | | | + | |<nowiki>loadcheck max_load { $qpsmtpd{MaxLoad} || '7' }</nowiki> |
| |X | | |X |
| | | | | |
Line 690: |
Line 722: |
| |- | | |- |
| |20rhsbl | | |20rhsbl |
− | | | + | |rhsbl |
| |X | | |X |
| | | | | |
Line 698: |
Line 730: |
| |- | | |- |
| |221spf | | |221spf |
− | | | + | |<nowiki>sender_permitted_from reject 1 no_dmarc_policy { $qpsmtpd{SPFRejectPolicy} || '0' }</nowiki> |
| |X | | |X |
| | | | | |
| |X | | |X |
| | | | | |
− | | | + | |change default to 1 |
| |- | | |- |
| |222dkim | | |222dkim |
− | | | + | |dkim reject 0 |
| | | | | |
| | | | | |
Line 714: |
Line 746: |
| |- | | |- |
| |223dmarc | | |223dmarc |
− | | | + | |<nowiki>marc reject { (( $qpsmtpd{DMARCReject} || 'disabled' ) =~ m/^1|on|enabled|yes$/) ? '1' : '0' } reporting { (( $qpsmtpd{DMARCReporting} || 'enabled' ) =~ m/^1|on|enabled|yes$/) ? '1' : '0' }</nowiki> |
| |X | | |X |
| | | | | |
Line 722: |
Line 754: |
| |- | | |- |
| |22dnsbl | | |22dnsbl |
− | | | + | |dnsbl reject naughty |
| |X | | |X |
| | | | | |
Line 730: |
Line 762: |
| |- | | |- |
| |23naughty | | |23naughty |
− | | | + | |naughty reject mail |
| |X | | |X |
| | | | | |
Line 738: |
Line 770: |
| |- | | |- |
| |24uribl | | |24uribl |
− | | | + | |uribl action deny |
| | | | | |
| | | | | |
Line 746: |
Line 778: |
| |- | | |- |
| |30badmailfrom | | |30badmailfrom |
− | | | + | |badmailfrom |
| | | | | |
| | | | | |
Line 754: |
Line 786: |
| |- | | |- |
| |34badrcptto | | |34badrcptto |
− | | | + | |badrcptto |
| | | | | |
| |X | | |X |
Line 762: |
Line 794: |
| |- | | |- |
| |34badrcptto_ext | | |34badrcptto_ext |
− | | | + | |badrcptto more_badrcptto badrcptto_ext |
| |X | | |X |
| | | | | |
Line 770: |
Line 802: |
| |- | | |- |
| |37check_smtp_forward | | |37check_smtp_forward |
| + | |check_smtp_forward |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
− | | | + | |needed for submission ? |
− | |
| |
| |- | | |- |
| |38check_goodrcptto | | |38check_goodrcptto |
− | | | + | |check_goodrcptto extn - |
| | | | | |
| | | | | |
Line 786: |
Line 818: |
| |- | | |- |
| |39rcpt_ok | | |39rcpt_ok |
− | | | + | |rcpt_ok |
| | | | | |
| | | | | |
Line 794: |
Line 826: |
| |- | | |- |
| |62pattern_filter | | |62pattern_filter |
− | | | + | |virus/pattern_filter check=patterns action=deny |
| | | | | |
| | | | | |
Line 802: |
Line 834: |
| |- | | |- |
| |62tnef2mime | | |62tnef2mime |
− | | | + | |tnef2mime |
| | | | | |
| | | | | |
Line 810: |
Line 842: |
| |- | | |- |
| |65disclaimer | | |65disclaimer |
− | | | + | |disclaimer |
| | | | | |
| |X | | |X |
| | | | | |
| |X | | |X |
− | | | + | |missing disclaimer_file definition? |
| |- | | |- |
| |70spamassassin | | |70spamassassin |
− | | | + | |spamassassin reject $spamassassin{RejectLevel} munge_subject_threshold $spamassassin{TagLevel} size_limit $spamassassin{MaxMessageSize} |
| |X | | |X |
| | | | | |
Line 826: |
Line 858: |
| |- | | |- |
| |71forcespamcheck | | |71forcespamcheck |
− | | | + | |forcespamcheck reject $spamassassin{RejectLevel} munge_subject_threshold $spamassassin{TagLevel} size_limit $spamassassin{MaxMessageSize} |
| | | | | |
| |X | | |X |
Line 834: |
Line 866: |
| |- | | |- |
| |80clamav | | |80clamav |
− | | | + | |virus/clamdscan scan_all yes clamd_socket /run/clamd/clamd.socket defer_on_error yes max_size $max_size |
| | | | | |
| | | | | |
Line 842: |
Line 874: |
| |- | | |- |
| |90queue-qmail-queue | | |90queue-qmail-queue |
| + | |queue/qmail-queue |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
− | | | + | |also content commented to remove ? |
− | |
| |
| |- | | |- |
| |90queue-smtp-forward | | |90queue-smtp-forward |
− | | | + | |# commented out |
| | | | | |
| | | | | |
Line 859: |
Line 891: |
| | | |
| ==Upgrade Considerations== | | ==Upgrade Considerations== |
| + | we used check_badcountries for a while, but could we switch back to ident/geoip ? |
| + | |
| + | whitelist plugin : adding the ip-range whitelist; add login of ip |
| + | |
| ===A-Record DNSBL Services=== | | ===A-Record DNSBL Services=== |
| :Some DNSBL services - notably b.barracudacentral.org - provide their results using a DNS "A" record instead of a DNS TXT record. The dnsbl plugin requires these services to include a colon (":") in dnsbl_zones - however, SME used to use a colon the server separator in the configuration database. In order to support these A-Record DNSBL services, the separator for RBLList, SBLList, and the new UBLList is now a comma. | | :Some DNSBL services - notably b.barracudacentral.org - provide their results using a DNS "A" record instead of a DNS TXT record. The dnsbl plugin requires these services to include a colon (":") in dnsbl_zones - however, SME used to use a colon the server separator in the configuration database. In order to support these A-Record DNSBL services, the separator for RBLList, SBLList, and the new UBLList is now a comma. |
Line 887: |
Line 923: |
| | | |
| <div style="column-count:2;-moz-column-count:2;-webkit-column-count:2; border:1px solid grey;"> | | <div style="column-count:2;-moz-column-count:2;-webkit-column-count:2; border:1px solid grey;"> |
− | <tt><nowiki>+ New in SME 9.2</nowiki><br> | + | <tt>+ New in SME 11<br> |
| <nowiki>* Improved or changed in SME 9.2</nowiki><br> | | <nowiki>* Improved or changed in SME 9.2</nowiki><br> |
| <nowiki>U Unused (by default) in SME Server</nowiki><br> | | <nowiki>U Unused (by default) in SME Server</nowiki><br> |
Line 893: |
Line 929: |
| <nowiki>CW Contrib or Wiki page exists that uses this plugin</nowiki><br> | | <nowiki>CW Contrib or Wiki page exists that uses this plugin</nowiki><br> |
| <nowiki>SM Can be configured using server-manager</nowiki><br> | | <nowiki>SM Can be configured using server-manager</nowiki><br> |
− | <nowiki>DB Can be configured using db variables</nowiki><br> | + | <nowiki>DB Can be configured using db variables</nowiki></tt> |
| + | |
| + | <tt>X Provided by a contrib, not in qpsmtpd git<br> |
| <nowiki>AC Auto-configured by SME Server</nowiki></tt> | | <nowiki>AC Auto-configured by SME Server</nowiki></tt> |
| </div><br> | | </div><br> |
Line 911: |
Line 949: |
| *[[Qpsmtpd:badrcptto|badrcptto]] (AC) | | *[[Qpsmtpd:badrcptto|badrcptto]] (AC) |
| *[[Qpsmtpd:bcc|bcc]] (U DB) | | *[[Qpsmtpd:bcc|bcc]] (U DB) |
− | *[[Qpsmtpd:bogus_bounce|bogus_bounce]] (+ DB) | + | *[[Qpsmtpd:bogus_bounce|bogus_bounce]] (DB) |
| + | *check_badcountries (X [[GeoIP|CW]]) |
| *[[Qpsmtpd:check_goodrcptto|check_goodrcptto]] (AC) | | *[[Qpsmtpd:check_goodrcptto|check_goodrcptto]] (AC) |
| *[[Qpsmtpd:check_smtp_forward|check_smtp_forward]] (AC) | | *[[Qpsmtpd:check_smtp_forward|check_smtp_forward]] (AC) |
Line 921: |
Line 960: |
| *[[Qpsmtpd:dkim|dkim]] (+ DB E) | | *[[Qpsmtpd:dkim|dkim]] (+ DB E) |
| *[[Qpsmtpd:dkim_sign|dkim_sign]] (+ DB E) | | *[[Qpsmtpd:dkim_sign|dkim_sign]] (+ DB E) |
− | *[[Qpsmtpd:dmarc|dmarc]] (+ DB E) | + | *[[Qpsmtpd:dmarc|dmarc]] (DB E) |
| *[[Email#Real-time_Blackhole_List_.28RBL.29|dnsbl]] (* DB CW) | | *[[Email#Real-time_Blackhole_List_.28RBL.29|dnsbl]] (* DB CW) |
| *[[Qpsmtpd:dns_whitelist_soft|dns_whitelist_soft]] (U) | | *[[Qpsmtpd:dns_whitelist_soft|dns_whitelist_soft]] (U) |
Line 927: |
Line 966: |
| *[[Qpsmtpd:dont_require_anglebrackets|dont_require_anglebrackets]] (U) | | *[[Qpsmtpd:dont_require_anglebrackets|dont_require_anglebrackets]] (U) |
| *[[Qpsmtpd:dspam|dspam]] (U) | | *[[Qpsmtpd:dspam|dspam]] (U) |
− | *[[Qpsmtpd_check_earlytalker|earlytalker]] (AC CW) | + | *[[Qpsmtpd_check_earlytalker|earlytalker]] (AC [[Qpsmtpd check earlytalker|CW]]) |
| *[[Qpsmtpd:exe_filter|exe_filter]] (U AC) | | *[[Qpsmtpd:exe_filter|exe_filter]] (U AC) |
| *[[Qpsmtpd:fcrdns|fcrdns]] (U) | | *[[Qpsmtpd:fcrdns|fcrdns]] (U) |
Line 946: |
Line 985: |
| *[[Qpsmtpd:loop|loop]] (U) | | *[[Qpsmtpd:loop|loop]] (U) |
| *[[Qpsmtpd:milter|milter]] (U) | | *[[Qpsmtpd:milter|milter]] (U) |
− | *[[Qpsmtpd:naughty|naughty]] (+) | + | *[[Qpsmtpd:naughty|naughty]] () |
| *[[Qpsmtpd:noop_counter|noop_counter]] (U) | | *[[Qpsmtpd:noop_counter|noop_counter]] (U) |
| *[[Qpsmtpd:parse_addr_withhelo|parse_addr_withhelo]] (U) | | *[[Qpsmtpd:parse_addr_withhelo|parse_addr_withhelo]] (U) |
Line 962: |
Line 1,001: |
| *[[Qpsmtpd:resolvable_fromhost|resolvable_fromhost]] (AC) | | *[[Qpsmtpd:resolvable_fromhost|resolvable_fromhost]] (AC) |
| *[[Email#Real-time_Blackhole_List_.28RBL.29|rhsbl]] (* DB CW) | | *[[Email#Real-time_Blackhole_List_.28RBL.29|rhsbl]] (* DB CW) |
− | *[[Qpsmtpd:sender_permitted_from|sender_permitted_from]] (+?) | + | *[[Qpsmtpd:sender_permitted_from|sender_permitted_from]] (?) |
| *[[Email#Spamassassin|spamassassin]] (DB SM AC CW) | | *[[Email#Spamassassin|spamassassin]] (DB SM AC CW) |
| *[[Qpsmtpd:stunnel|stunnel]] (U) | | *[[Qpsmtpd:stunnel|stunnel]] (U) |
Line 968: |
Line 1,007: |
| *[[Qpsmtpd:tls_cert|tls_cert]] | | *[[Qpsmtpd:tls_cert|tls_cert]] |
| *[[Qpsmtpd:tnef2mime|tnef2mime]] (AC) | | *[[Qpsmtpd:tnef2mime|tnef2mime]] (AC) |
− | *[[Qpsmtpd:uribl|uribl]] (+ DB) | + | *[[Qpsmtpd:uribl|uribl]] (DB) |
| *[[Qpsmtpd:user_config|user_config]] (U) | | *[[Qpsmtpd:user_config|user_config]] (U) |
| *[[Virus:Email_Attachment_Blocking|virus]] (DB SM CW) | | *[[Virus:Email_Attachment_Blocking|virus]] (DB SM CW) |