smtp-gated.conf
Bartlomiej Korupczynski
2011-12-04
NAME
smtp-gated.conf - The smtp-gated configuration file.
VERSION
This manual describes smtp-gated v. 1.4.18.8
DESCRIPTION
This file defines configuration to be used by daemon.
Options are placed one per line, and consists of option name, followed
by number or spaces or tabs, and option value. Empty lines, and lines
starting with # or ; (hash or semicolon) are ignored.
Tags in square brackets, show additional information for each variable. See
EXPLANATION later in this manual.
This manual describes configuration for 1.4.14-rc2.
For previous releases, use manuals included in source archive.
MAIN OPTIONS
- proxy_name STRING
-
Name that appears on communicates generated by daemon (usually errors, or
session blocking). Use asterisk '*' to use host name as proxy_name.
- bind_address IP [RESTART]
-
Defines IP the daemon listes on.
- port PORT [RESTART]
-
Defines listening TCP port.
- outgoing_addr IP
-
Defines IP for outgoing SMTP connections (this appears as source on MTA servers).
This option has been renamed from source_addr.
- pidfile FILE [RESTART]
-
Defines .pid file path.
- chroot_path PATH [RESTART]
-
If this setting is defined, daemon chroot()'s to this path after forking. This
allows to raise security.
- set_user USER [RESTART]
-
- set_group GROUP [RESTART]
-
Daemon changes it UID/GID to the one defined for username and groupname. This
setting does not allow to specify UID/GID as numbers yet. Do NOT run proxy as
root, as this will break locking.
- priority INT [RESTART]
-
Daemon changes it's priority when it's defined. 0 means "no change". Values as
in setpriority(2).
- connect_queue INT
-
Defines listen(2) backlog.
- enfile_sleep UINT
-
Sleep time in case ENFILE error occured.
- on_takeover_cmds UINT
-
Limit for commands issued by MUA after session takeover.
- buffer_size UINT
-
Defines buffer size (in bytes) to track SMTP sessions. Should be above 1500.
- pipeline_size UINT
-
Queue size for SMTP PIPELINING extension.
- pid_hash_size UINT
-
- host_hash_size UINT
-
Controls hashing table size for PID and host counters. Usually there is no much
sense to set it higher than max_connections.
RESOURCE CONTROL
- limit_core_size INT
-
Set core dump file size. Helps debugging unexpected problems :) "-1" means to
leave system default setting. "0" turns off core dump completely. If this can
not be changed at runtime, process does not terminate, logging error instead.
- limit_virt_size INT
-
- limit_data_size INT
-
- limit_fsize INT
-
Three above correspond to RLIMIT_AS, RLIMIT_DATA and RLIMIT_FSIZE in
setrlimit(3). You should set this to higher values if you are getting
"Not enought memory" errors (this can also happen upon memory leak).
Keep in mind, that all resource limits are inherited by child process,
including action scripts.
MODE
Mode defined method, to discover destination IP addres to forward connection to. It differs
obviously on different platforms, but there are couple of common modes, platform independent.
- mode fixed|fixed+xclient|remote|remote-udp|getsockname|netfilter|tproxy|tproxy,netfilter|ipfw|ipfilter|pf [ONE,RESTART]
-
Set operating mode "remote".
Supported modes are printed as USE_NAT with:
smtp-gated -V
In all modes except remote/remote-udp proxy must be running on the NAT
machine itself to be able to determine destination IP. If you need to run
proxy on separate machine, it's possible to use policy routing to reroute
all SMTP traffic through proxy machine. This machine should be running in
NAT mode specific to OS (netfilter/ipfw/ipfilter/pf/getsockname/tproxy),
and act as "router" for SMTP traffic only.
If you use Linux on your router, then it's possible to run proxy on other
machine (not necessarily Linux), if you run proxy-helper on the router
(see http://software.klolik.org for details).
Special mode tproxy,netfilter is runtime conditional. It is changed for
every new connection to netfilter for private IPs (10.0.0.0/8, 172.16.0.0/12,
192.168.0.0/16, 169.254.0.0/16), and to tproxy for routable IPs (the rest).
FIXED MODE
In this mode, all connections are forwarded to one, fixed MTA. This may
be used to filter SMTP traffic just before ISP SMTP server. Use it, if
you want to protect your SMTP server from outside world.
- fixed_server IP
-
IP of MTA to connect to.
- fixed_server_port PORT
-
Port to connect to.
FIXED+XCLIENT MODE
Accepts the same options as FIXED MODE. Uses XCLIENT to impersonate client to MTA.
Allows prefiltering for postfix (v2.3 or later) as (almost) transparent proxy.
REMOTE IDENT MODE / REMOTE-UDP IDENT MODE
In this mode, daemon is running on dedicated server, serving protection
for couple of routers. For each incoming connection, lookup is performed
on source IP, to discover destination IP. REMOTE requires patched ident
daemon (not public yet), and therefore is useless for most users.
REMOTE-UDP uses so called proxy-helper.
- remote_port PORT
-
Port to lookup ident and destination IP.
- remote_udp_retries INT
-
Number of retries for UDP lookup
- remote_udp_secret INT
-
Secret used for simple authentication
GETSOCKNAME MODE
Last resort -- try it if your OS is not supported elsewhere. Should it not run,
you'll receive 'avoiding loop' in your logs.
NETFILTER MODE
Linux netfilter mode. All connections are forwarded to original MTA. Netfilter
connection tracking is used for destination IP lookup. This mode was formerly
enabled by "use_netfilter" option.
TPROXY MODE
Linux/netfilter TPROXY module support (since 1.4.16.4) for spoofing source address. This
way proxy preserves source IP of client (useful for public addresses). Please note, that
all port 25 traffic needs to flow through the proxy. It's not a problem if you install
smtp-gated on your "main" Linux router. If you use some external router, you need to
redirect the traffic to proxy interface.
You need to have proper kernel header and modules to enable it (linux/netfilter/xt_TPROXY.h
existing probably under /usr/include), and depdends on kernel version. Works for 2.6.32 and
maybe earlier. See ./configure summary.
# NAT module must be loaded
iptables -t nat -N placeholder
# packets for proxy need to be tproxied
iptables -t mangle -N divert
iptables -t mangle -A divert -j MARK --set-mark 1
iptables -t mangle -A divert -j ACCEPT
iptables -t mangle -A PREROUTING -p tcp -m socket -j divert
iptables -t mangle -A PREROUTING -p tcp --dport 25 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 9199
# packets for tproxy need to be rerouted
ip rule add fwmark 1 lookup 100
ip route add local 0.0.0.0/0 dev lo table 100
Please note that when nf_conntrack_ipv4 module is loaded on 2.6.32 (and maybe on
others), I've seen delay during connection setup, and tcpdump shows double TCP
SYN+ACK, with only the second being accepted, thus introducing delay during connection
setup. Connection continues normally. It's probably some tproxy code fault.
Be aware, that if you use external router to redirect only SMTP traffic to proxy
host, you have all the traffic seen twice. Let's say the client IP is 1.1.1.1 connects
to MTA 2.2.2.2, and the proxy is 3.3.3.3:
1. client sends packet from 1.1.1.1 to 2.2.2.2 via router
2. the packet is routed through 3.3.3.3 (having source and destination intact)
3. the proxy accepts connection, does some internal magic and creates *new* connection
with source 1.1.1.1 and destination 2.2.2.2
4. proxy host sends it's own version of packet from 1.1.1.1 to 2.2.2.2 through router
5. router should route the new packet to the MTA 2.2.2.2 according to normal routing
table
6. MTA replies through router to proxy
7. proxy does the reverse magic and replies through router to client
So, the packet flow is like:
client <=1/7=> proxy <=3/6=> MTA
As you can see there are two kind of packets (client<=>proxy and proxy<=>MTA) that
seem to be identical. It's your job, to setup the routers policy routing.
IPFW MODE
FreeBSD ipfw mode. All connections are forwarded to original MTA. ipfw connection
tracking is used for destination IP lookup.
IPFILTER MODE
*BSD Packet filter mode. All connections are forwarded to original MTA. ipfilter
connection tracking is used for destionation IP lookup.
PF MODE
FreeBSD PacketFilter mode. All connections are forwarded to original MTA. pf connection
tracking is used for destination IP lookup. Proxy needs to have proper permissions to
/dev/pf.
STATUS
- statefile FILE
-
Defined file which will contains status.
- statefile_type human|flat|slots [MULTI]
-
Defined status format. Flat is preferred for parsing, human is preferred to be
read by humans :) By adding "slots" you can see current slot assignment and
statistics for each session.
Status file is written on SIGUSR1: see smtp-gated(8).
LOCKING
When virus/SPAM is found, user's IP or IP+ident can be blocked for certain
time. After that time, lock is removed, and user is allowed to use SMTP
again. Lockfile has name same as IP, or IP "-" IDENT if ident is used.
Administrator can prevent locking some IP (IP+ident), by creating
corresponding lock file with owner other than daemon runs on. This lock file
is not automatically deleted. Contents is ignored, so it can be description,
or sth else.
- lock_on virus|spam|maxhost|maxident|dnsbl|regex|earlytalk|never [MULTI]
-
Set events locking occurs for. See max_per_host, max_per_ident.
- lock_duration INT [s]
-
Time the lock persists. 0 disables locking, -1 means lock forever (or: until
manually unlocked).
- lock_path PATH
-
Directory for lock files.
- lock_perm OCTAL
-
Lock files permissions as for open(2). Octal value must be preceded by zero.
NOTE: Lock files are checked (and eventually removed) for every incoming
connection. This means that they will exist after expiration, until next
connection from its "owner". In particular, they can be left forever, if
user won't use SMTP any more. You can use crontab to remove stale locks
like this (though it's not necessary for proxy to funcion properly):
find /var/spool/smtp-gated/lock -type f -user smtpgw -mtime +30 -exec rm {} \;
ACTION SCRIPT
Action script is called when virus or spam is found, and if host/ident limit
is reached. If locking is used, action_script is called only when lock is
created (once until unblocked). This makes sure, that script is called only
once for a specified period (until lock expires). Script is obviously called
with proxy UID/GID.
Despite of actions taken by script (i.e. firewall-level user lock), you should set
lock_duration high enough (i.e. 15 seconds), to prevent connection-flood translate
to action-flood (scripting is as expensive as fork() and shell expansions).
If you have strange problems with action scripts (ENOMEM or ENFILE), that seem to
work well when executed manually, read about resource control above. This will have
impact especially on language interpreters like perl.
- action_script FILE
-
Defines path to script called when virus/spam is found.
All parameters for action_script are passed via environment variables:
- PROXY_NAME
-
proxy name as defined in proxy_name in config file [>=1.4.12-rc7]
- FOUND
-
contains word "VIRUS" or "SPAM", "MAX_HOST", "MAX_IDENT".
- VIRUS_NAME
-
virus name if virus found.
- SPAM_SCORE
-
spam score if spam found.
- SOURCE_IP
-
source IP.
- SOURCE_PORT
-
source port.
- TARGET_IP
-
target (SMTP server) IP.
- TARGET_PORT
-
target (SMTP server) port.
- LOCAL_IP
-
local (proxy) IP as redirected.
- LOCAL_PORT
-
local (proxy) port as redirected.
- IDENT
-
source ident [REMOTE].
- IDENT_COUNT
-
connections count from particular host+ident [REMOTE].
- HELO
-
HELO/EHLO string.
- MAIL_FROM
-
SMTP "MAIL FROM" line, stripped.
- RCPTS_TOTAL
-
total number of mail recipients in session (not transaction).
- SIZE
-
message size [bytes].
- TRANSACTION
-
transaction number, starting from 1.
- AUTH
-
authentication flags bitmap: 1=supported, 2=accepted, 4=rejected;
see AUTH_FLAG_* in src/smtp-gated.h
- SPOOL_NAME
-
spool file name.
- LOCK_FILE
-
lock file name.
- TIME
-
time of connection start, human readable text.
- UNIXTIME
-
time of connection start, unix timestamp.
SPOOLING
- spool_path PATH
-
Directory for temporary message files.
- spool_perm OCTAL
-
Temporary files permissions as for open(2). Octal
value must be preceded by zero.
- spool_leave_on error|spam|virus|never|always [MULTI]
-
Set events, spool file is left for. If set to "never", spool is always deleted.
If you choose "always" please note that for multi-transactional session, only the last mail is saved. Spools are also removed if they exceed size limit or if there's error during file write (including but not limited to drive full).
TIMEOUTS
All timeouts are specified in seconds.
- timeout_direct UINT
-
Timeout for direct proxy session. This type of session is used on TLS connections.
- timeout_lookup UINT [REMOTE]
-
Timeout for lookup.
- timeout_scanner UINT
-
Timeout for antivirus scanner engine.
- timeout_spam UINT
-
Timeout for antispam scanner engine.
- timeout_session UINT
-
Timeout for fake session (when virus/SPAM is blocked).
- timeout_idle UINT
-
Timeout for idle sessions. Prevents stale connections.
- timeout_connect UINT
-
Timeout for connecting to remote MTA.
AUTHENTICATION CONTROL
Proxy can limit access to MTA, according to SMTP AUTH support and state.
For now, there is no way to whitelist host or MTA.
- auth_require no|ifsupported|mandatory [ONE]
-
Set authorization requirements:
no do not require any authorization, pass all messages.
ifsupported require authorization if MTA advertises support for it. If authorization is not advertised, mail is passed. If authorization is advertised, mail is passed only if client has authorized successfully.
mandatory require authorization for all connections. It MTA does not support authorization, no mail is passed.
Authentication state is logged in "CLOSE by=... auth=N", where N is bitwise OR for following values:
1 MTA supports auth (advertised in EHLO response)
2 user authenticated successfuly
4 user authentication failed (rejected by MTA)
- auth_skip none|antivir|antispam|dnsbl|regex [MULTI]
-
Skip checking/scanning if session is authenticated.
Note that 'auth_skip dnsbl' delays dnsbl rejection to MAIL FROM stage (as opposite to connect stage).
LIMITS
All sizes are specified in bytes. Loadavg limits can be disabled by specyfing zero, but this is not recommended.
- max_connections UINT [RESTART]
-
Total maximum connections.
- max_per_host UINT
-
Maximum connections per source IP (see also: lock_on maxhost).
- max_per_ident UINT [REMOTE]
-
maximum connections per IP+ident (see also: lock_on maxident).
- max_load FLOAT
-
Reject connections if load is above this setting.
- size_limit UINT
-
Limit maximum message size. 0=disabled (default).
- scan_max_size UINT
-
av-scan messages with size up to this limit.
- spam_max_size INT
-
SPAM-scan messages with size up to this limit. Should spam scanning be turned off, set it to 0 (default).
- spam_max_load FLOAT
-
Don't SPAM-scan messages if load above this setting.
- spam_threshold FLOAT
-
Treat message as SPAM if it's score is equal/greater than this value.
MISCELLANOUS
- ignore_errors BOOL
-
Continue when possible even if error occured (i.e. virus scanner failure).
LOGGING
Daemon logs messages via syslog, facility daemon.
- log_helo BOOL
-
Logs HELO/EHLO issued by client.
- log_mail_from accepted|rejected|base64|off [MULTI]
-
Client MAIL FROM logging options:
off do not
accepted log if address is accepted by MTA
rejected log if address is rejected by MTA
base64 log as base64 encoded md5 hash of e-mail
- log_rcpt_to [MULTI]
-
Client RCPT TO logging mask. (see log_mail_from).
- email_length UINT
-
MAIL FROM/RCPT TO email length limit (before optional md5 encoding).
- log_level debug|info|notice|warning|err|alert|emerg|crit [ONE,RESTART]
-
Defined log level, as used by syslog(3):
crit Emergency messages (highest priority)
emerg Critical, requires intervention
alert Critical messages
err Errors
warning Warnings
notice Normal, but significiant messages
info Informational messages
debug Debugging messages (lowest priority)
- log_facility user|mail|daemon|auth|news|authpriv|local0|local1|local2|local3|local4|local5|local6|local7 [ONE,RESTART]
-
Defined log facility, as used by syslog(3).
MANGLING
- nat_header
-
Header injected into message stream header (sent to MTA); default is "X-NAT-Received" [>=1.4.12-rc5]
- nat_header_type none|simple|ip-only ONE, OLD:
-
Turns on/off injecting X-NAT-Received headers to messages. [>=1.4.12-rc5]
none no
ip-only include only source IP in header
generic generic header (MTA-like)
- spool_header
-
Header injected into message spool header (not sent to MTA, visible in AV-scanner and
AS-scanner), default is "X-Proxy-Spool-Info" [>=1.4.12-rc5]
- abuse STRING
-
Sets "abuse" info in full X-NAT-Received header.
SCANNERS
- scanner_path FILE
-
not used.
- antivirus_type off|clamd|mksd [ONE]
-
Choose antivirus to use. "off" means no scanning.
- antivirus_path SOCKET
-
Path for clamd socket.
- antispam_type off|spamassassin [ONE]
-
Choose antispam to use. "off" means no scanning.
- antispam_path SOCKET
-
Path for spamd socket.
- dspam_storage PATH
-
DSPAM storage home.
DNSBL
- dnsbl zone,zone,[...]
-
Check incoming connections on specified DNSBL lists. Probably makes sense for FIXED MODE only.
See also: lock_on dnsbl
SPF
Check messages against SPF. IP used for SPF verification depends on spf option.
- spf none|incoming|outgoing|fixed [ONE]
-
Enables SPF checking.
none SPF turned off
incoming check against client incoming-IP, probably useful for mode fixed only.
outgoing check against proxy outgoing-IP (outgoing_addr), probably useful for NAT-mode only.
fixed check against static IP defined by spf_fixed_ip
- spf_log_only yes|no
-
Logging only of SPF results, no mail rejection.
- spf_fixed_ip IP
-
Static IP used by spf fixed only. Useful if proxy is behind NAT.
REGEX
- regex_enforce_helo REGEX
-
- regex_enforce_mail_from REGEX
-
- regex_enforce_rcpt_to REGEX
-
Rejects HELO/MAIL FROM/RCPT TO if don't match regex_enforce_*.
- regex_reject_helo REGEX
-
- regex_reject_mail_from REGEX
-
- regex_reject_rcpt_to REGEX
-
Rejects HELO/MAIL FROM/RCPT TO if they match regex_reject_*.
Please note, regex matching occurs only when corresponding command is given. As a result,
it is not possible to check if there was no HELO/EHLO.
See also: auth_skip regex, lock_on regex.
EARLYTALK
Earlytalker means MUA which starts to send SMTP commands before the greeting from MTA.
This is SMTP protocol violation and all legitimate mail software should not do that.
- earlytalker BOOLEAN
-
Enable/disable earlytalker rejection.
- lock_on earlytalker
-
Enable locking earlytalkers.
RATE LIMIT
Limits for client per time-period. Experimental.
- ratelimit_path PATH
-
Path for ratelimit files ("database"). If rate limiting is enabled, these get
rewritten for every connection, so it's probably a bad idea to put them on any
kind of Flash (SSD) drive.
- ratelimit_period SECONDS
-
Time period for limits. 0 disables rate limiting entirely.
- ratelimit_generation UINT
-
Generation is saved in ratelimiting structures together with ratelimit_* limits.
Limits are updated only if this generation is increased. Recomended format is
YYYYMMDDHHMMSS. To setup personalised limit, write them with really high generation
(no tool for this yet).
- ratelimit_connections INT
-
- ratelimit_sessions INT
-
- ratelimit_recipients INT
-
- ratelimit_bytes INT
-
Limit per duration limits for each client (host or host+ident). Limit database
is saved into ratelimit_path directory. Setting any limit to 0 disables that
limit, and setting duration to 0 disables all limits.
EARLYTALK
If client sends any command before MTA greeting, gets kicked. Current
implementation does not delay the greeting by itself, but relies on the MTA.
- earlytalk BOOL
-
enable/disable earlytalk check (enabled by default)
See also: lock_on earlytalk
MESSAGES
All messages sent to user are customisable.
- locale NAME
-
Changes locale of system errors from strerror(3). See setlocale(3). Does not change messages
generated by daemon itself.
MESSAGES MAIN
- msg_virus_found
-
Virus found in message.
- msg_virus_locked
-
User locked, virus or SPAM found before.
- msg_spam_found
-
SPAM found in message.
- msg_unknown_virus
-
Virus name substituted, when it's unknown.
- msg_spool_problem
-
Spooling file name problem.
- msg_spool_open_fail
-
Spool creation failed.
- msg_pipeline_full
-
Pipeline queue full.
- msg_scanner_failed
-
Scanner has failed.
- msg_cannot_connect
-
Cannot connect to MTA.
- msg_connect_timeout
-
Connection to MTA timed out.
- msg_nomem
-
Out of memory
MESSAGES FAKE MTA SESSION
- msg_hello
-
Hello message.
- msg_sign_off
-
Signing off.
- msg_virus_no_more
-
Virus found, please end the session.
- msg_session_timeout
-
Session timed out.
- msg_proto_error
-
Protocol error.
- msg_transaction_failed
-
Fake MTA transaction failed.
- msg_unimpl_command
-
Unimplemented command (SMTP verb).
- msg_temp_unavail
-
Service temporarily unavailable.
MESSAGES LIMITS
- msg_max_reached
-
Total connections limit reached, try again later.
- msg_max_per_host
-
Connections limit for IP reached, try again later.
- msg_max_per_ident
-
Connections limit for IP+ident reached, try again later.
- msg_system_load
-
System load too high, try again later.
MESSAGES FOR REMOTE IDENT MODE
- msg_malformed_ip [REMOTE]
-
Malformed IP received
- msg_lookup_failed
-
Lookup failed.
- msg_lookup_timeout
-
Lookup timed out.
- msg_lookup_mismatch
-
Invalid lookup response format.
- msg_lookup_nomem
-
Lookup failed, not enough memory.
FAQ
These are popular Questions and Answers:
- Q1: Antispam is not working! What is wrong?
-
You must change max_spam_size to something above 0 to turn on antispam scanning. It's set to 0 by default, and this means turning antispam off. Also, set antispam_type.
- Q2: Spammers don't get locked! What is wrong?
-
If you want to block spammers, set "lock_on spam[,...]", and see Question#1.
- Q3: I wanted to block some user by creating lockfile manually, but now his traffic is not even scanned!
-
Creating lockfile with owner other than proxy process runs with, will protect that host from being locked. The contents of file does not matter.
- Q4: My header is invalid after upgrading!
-
nat_header changed into nat_header_type since 1.4.12-rc5, so after upgrade header will not be injected unless you rename it in configuration file.
- Q5: I don't have idents in my logs or headers, why?
-
It simple -- ident is used in REMOTE IDENT mode, which is currently not available.
- Q6: I don't see X-NAT-Received header in mails, why?
-
Please remember, that mail sent with TLS is not scanned. Also, check nat_header_type directive in your config file, and nat_header (see MANGLING above).
- Q7: When X-Virus-Scan and/or X-Spam-Status headers will be supported?
-
The answer is: never. Reason is simple -- proxy is passing-thru email headers and body. Because headers are sent first, we can't predict spam-score or virus presence. The main assumption for this project was not to buffer mail before forwarding, so this option won't appear.
- Q8: I have many locks left, even if they should be gone long time ago!
-
Please see note for the LOCKING.
- Q9: Host gets locked, lock file appears, but he can still send e-mails!
-
Please *do not* run proxy as root, and set set_user properly. If you do, remove all locks manually.
- Q10: action_script does not work!
-
Please read about ACTION SCRIPT. Script will not be called once the lock exists. If you were testing "by hand" by writing some text to some log file, make sure the script has permissions to write to it too, i.e. by temporarily doing chmod a+rw on that log file. You should also check if disabling limit_* variables will do the trick, and if the answer is yes, try to set them high enough for script needs.
- Q11: spamassassin gets timeout
-
Please check if "spamd -L" resolves this issue.
- Q12: clamd fails with: SCAN:FAILED [...] result=lstat() failed.
-
Antispam and antivirus scanners need to have access to spool files (spool_path, spool_perm).
If you want to seal your setup, you can add clamav user smtpgw group, and deny other to access the spool directory.
- Q13: action script does not seem to work well when executed by smtp-gated, possibly failing with ENFILE or ENOMEM
-
Read notes about resource control and action scripts.
CHANGES
1.4.16-rc2:
spf:
changed: source -> incoming
added: fixed
1.4.16-rc1:
added options:
dnsbl
spf
spf_log_only
regex_*
renamed options:
source_addr -> outgoing_addr
changed options:
nat_header_type
auth_require
auth_skip: "regex", "dnsbl" added
lock_on: "regex", "dnsbl" added
1.4.14-rc2: renamed options:
dumpfile -> statefile
dumpfile_perm -> statefile_perm
1.4.14-rc1: Changed many configuration options. Please review your previous configuration using:
smtp-gated -t /path/to/smtp-gated.conf
REPORTING BUGS
If you are willing to sent me a bug report, please check manuals first to
ensure you have configured properly. In report, please include:
- output of "smtp-gated -V"
- config file (as attachment if big)
- full logs related to e-mails sent, with "log_level debug"
- optional mail header (as sent from proxy).
If you get 'unknown option' or 'invalid value' errors, you can list all
supported options with supported values by running:
smtp-gated -T
EXPLANATION
- INT
-
Signed integer
- UINT
-
Unsigned number; can be specified as decimal, octal (beginning with 0), or hexadecimal (beginning with 0x or 0X)
- BOOL
-
Boolean (0, 1)
- FLOAT
-
Floating-point number
- IP
-
Valid IP address
- PORT
-
Valid IP port
- STRING
-
Arbitrary text string
- PATH
-
Valid directory name
- FILE
-
Valid file name
- SOCKET
-
UNIX socket or TCP socket. UNIX socket must begin with backslash ("/"), otherwise path is considered TCP socket and must be submitted in following form: ip:port (i.e. 127.0.0.1:1097)
- [ONE]
-
Only one value allowed.
- [MULTI]
-
Multiple values allowed, comma separated (do NOT insert any white space before comma).
- [RESTART]
-
This option needs full restart to take effect.
- [REMOTE]
-
This option affects REMOTE IDENT MODE only.
SEE ALSO
smtp-gated(8)
HOMEPAGE
http://smtp-proxy.klolik.org
AUTHOR
Bartlomiej Korupczynski