= s/qmail/DOC/smtpd = https://www.fehcom.de/sqmail/man/qmail-smtpd.html 機能強化されたsmtpd RBL検査を挟むなら: https://notes.sagredo.eu/en/qmail-notes-185/setting-up-rblsmtpd-127.html http://www.fehcom.de/ipnet/ucspi-tcp6/rblsmtpd.html ---- qmail-smtpd includes a 'MailFrom:' parameter parser and obeys 'Auth', 'Size', and 'SMTPUTF8' advertisements. qmail-smtpd supports SMTPUTF8 SMTP envelope addresses and provides 8 bit clean message transmission. qmail-smtpd STARTTLS and SMTPS implementation requires the use of sslserver from ucspi-ssl. == TRANSPARENCY == badmailfrom Unacceptable envelope sender addresses. qmail-smtpd will reject every recipient address for a message if the envelope sender address is listed in badmailfrom. * A line in badmailfrom may be of the form @host, meaning every address at host. Additionally, any envelope sender address can be filtered with a wildmat check: {{{ *@earthlink.net !fred@earthlink.net [0-9][0-9][0-9][0-9][0-9]@[0-9][0-9][0-9].com answerme@save* *%* @yahoo.com- @hotmail.com= @mydomain.tld+ ~yahoo.com ?nobody@example.com }}} A badmailfrom file with this contents reject all mail from Earthlink except from fred@earthlink.net. It also rejects all mail with addresses like: 12345@123.com and answerme@savetrees.com. Further, any mail with a sender address containing a percent sign (%) is rejected. This implementation recognises 'extended' addresss in badmailfrom allowing to reject mails with particluar spoofed domain addresses: . (1) The address is appended with a '-'. Now, if TCP(6)REMOTEHOST equals 'unknown', mails with the corresponding address are rejected (badmailfromunknown). . (2) The address is appended with a '='. In case TCP(6)REMEOTEHOST is set mails, whose domain part of the envelope addresses not matching the corresponding entry are rejected (badmailfromwellknown). . (3) The address is appended with a '+'. If RELAYCLIENT is not set and the sender address matches a corresponding entry (anti- spoofing for internal addresses). . (4) The address is enhanced with a leading '~'. This requires a (left to right partial) matching of TCP(6)REMOTEHOST with the {{{ * ! !*@*.* *viagra* }}} == ENVIRONMENT VARIABLES READ == HELOCHECK="" enables a check of the provided HELO/EHLO greeting against the content of the control file badhelo. * In case no HELO/EHLO greeting is given, SMTP connections can be rejected, if HELOCHECK='!' is set. * Checks on the presence and the content of the HELO/EHLO greeting string is facilitated, setting HELOCHECK='.'. * To enforce the match of the HELO/EHLO greeting with the remote host's FQDN ( TCP(6)REMOTEHOST), use HELOCHECK='='. HELOCHECK='A' | HELOCHECK='M' enable DNS A/MX lookup for the HELO/EHLO greeting string. In addition, the HELO/EHLO string is checked against the content of badhelo. Controlling the SMTP Mail From: Controlling the SMTP RCPT TO: Controlling the email body: Environment variables for SMTP authentication: Setting up the TLS/STARTTLS environment: Other environment variables used: