smtp-gated.conf(1)smtp-gated.conf(1)NAMEsmtp-gated.conf - The smtp-gated configuration file.
VERSION
This manual describes smtp-gated v. 1.4.20.0
DESCRIPTION
This file defines configuration to be used by daemon.
Options are placed one per line, and consists of option name, followed
by number or spaces or tabs, and option value. Empty lines, and lines
starting with # or ; (hash or semicolon) are ignored.
Tags in square brackets, show additional information for each variable.
See EXPLANATION later in this manual.
MAIN OPTIONS
proxy_name STRING
Name that appears on communicates generated by daemon (usually
errors, or session blocking). Use asterisk '*' to use host name
as proxy_name.
bind_address IP [RESTART]
Defines IP the daemon listes on.
port PORT [RESTART]
Defines listening TCP port.
outgoing_addr IP
Defines IP for outgoing SMTP connections (this appears as source
on MSA servers). This option has been renamed from source_addr.
pidfile FILE [RESTART]
Defines .pid file path.
chroot_path PATH [RESTART]
If this setting is defined, daemon chroot()'s to this path after
forking. This allows to raise security.
set_user USER [RESTART]
set_group GROUP [RESTART]
Daemon changes it UID/GID to the one defined for username and
groupname. This setting does not allow to specify UID/GID as
numbers yet. Do NOT run proxy as root, as this will break lock‐
ing.
priority INT [RESTART]
Daemon changes it's priority when it's defined. 0 means "no
change". Values as in setpriority(2).
connect_queue INT
Defines listen(2) backlog.
enfile_sleep UINT
Sleep time in case ENFILE error occured.
on_takeover_cmds UINT
Limit for commands issued by MUA after session takeover.
buffer_size UINT
Defines buffer size (in bytes) to track SMTP sessions. Should be
above 1500.
pipeline_size UINT
Queue size for SMTP PIPELINING extension.
pid_hash_size UINT
host_hash_size UINT
Controls hashing table size for PID and host counters. Usually
there is no much sense to set it higher than max_connections.
RESOURCE CONTROL
limit_core_size INT
Set core dump file size. Helps debugging unexpected problems :)
"-1" means to leave system default setting. "0" turns off core
dump completely. If this can not be changed at runtime, process
does not terminate, logging error instead.
limit_virt_size INT
limit_data_size INT
limit_fsize INT
Three above correspond to RLIMIT_AS, RLIMIT_DATA and
RLIMIT_FSIZE in setrlimit(3). You should set this to higher val‐
ues if you are getting "Not enought memory" errors (this can
also happen upon memory leak).
Keep in mind, that all resource limits are inherited by child
process, including action scripts.
MODE
Mode defined method, to discover destination IP addres to forward con‐
nection to. It differs obviously on different platforms, but there are
couple of common modes, platform independent.
mode fixed|fixed+xclient|remote|remote-udp|getsockname|netfil‐
ter|tproxy|tproxy,netfilter|ipfw|ipfilter|pf [ONE,RESTART]
Set operating mode "remote".
Supported modes are printed as USE_NAT with:
smtp-gated -V
In all modes except remote/remote-udp proxy must be running on the NAT
machine itself to be able to determine destination IP. If you need to
run proxy on separate machine, it's possible to use policy routing to
reroute all SMTP traffic through proxy machine. This machine should be
running in NAT mode specific to OS (netfilter/ipfw/ipfilter/pf/getsock‐
name/tproxy), and act as "router" for SMTP traffic only.
If you use Linux on your router, then it's possible to run proxy on
other machine (not necessarily Linux), if you run proxy-helper on the
router (see http://software.klolik.org for details).
Special mode tproxy,netfilter is runtime conditional. It is changed for
every new connection to netfilter for private IPs (10.0.0.0/8,
172.16.0.0/12, 192.168.0.0/16, 169.254.0.0/16), and to tproxy for
routable IPs (the rest).
FIXED MODE
In this mode, all connections are forwarded to one, fixed MSA. This may
be used to filter SMTP traffic just before ISP SMTP server. Use it, if
you want to protect your SMTP server from outside world.
fixed_server IP
IP of MSA to connect to.
fixed_server_port PORT
Port to connect to.
FIXED+XCLIENT MODE
Accepts the same options as FIXED MODE. Uses XCLIENT to impersonate
client to MSA. Allows prefiltering for postfix (v2.3 or later) as
(almost) transparent proxy.
REMOTE IDENT MODE / REMOTE-UDP IDENT MODE
In this mode, daemon is running on dedicated server, serving protection
for couple of routers. For each incoming connection, lookup is per‐
formed on source IP, to discover destination IP. REMOTE requires
patched ident daemon (not public yet), and therefore is useless for
most users. REMOTE-UDP uses so called proxy-helper.
remote_port PORT
Port to lookup ident and destination IP.
remote_udp_retries INT
Number of retries for UDP lookup
remote_udp_secret INT
Secret used for simple authentication
GETSOCKNAME MODE
Last resort -- try it if your OS is not supported elsewhere. Should it
not run, you'll receive 'avoiding loop' in your logs.
NETFILTER MODE
Linux netfilter mode. All connections are forwarded to original MSA.
Netfilter connection tracking is used for destination IP lookup. This
mode was formerly enabled by "use_netfilter" option.
TPROXY MODE
Linux/netfilter TPROXY module support (since 1.4.16.4) for spoofing
source address. This way proxy preserves source IP of client (useful
for public addresses). Please note, that all port 25 traffic needs to
flow through the proxy. It's not a problem if you install smtp-gated on
your "main" Linux router. If you use some external router, you need to
redirect the traffic to proxy interface.
You need to have proper kernel header and modules to enable it
(linux/netfilter/xt_TPROXY.h existing probably under /usr/include), and
depdends on kernel version. Works for 2.6.32 and maybe earlier. See
./configure summary.
# NAT module must be loaded iptables -t nat -N placeholder # packets
for proxy need to be tproxied iptables -t mangle -N divert iptables -t
mangle -A divert -j MARK --set-mark 1 iptables -t mangle -A divert -j
ACCEPT iptables -t mangle -A PREROUTING -p tcp -m socket -j divert ipt‐
ables -t mangle -A PREROUTING -p tcp --dport 25 -j TPROXY --tproxy-mark
0x1/0x1 --on-port 9199 # packets for tproxy need to be rerouted ip rule
add fwmark 1 lookup 100 ip route add local 0.0.0.0/0 dev lo table 100
Please note that when nf_conntrack_ipv4 module is loaded on 2.6.32 (and
maybe on others), I've seen delay during connection setup, and tcpdump
shows double TCP SYN+ACK, with only the second being accepted, thus
introducing delay during connection setup. Connection continues nor‐
mally. It's probably some tproxy code fault.
Be aware, that if you use external router to redirect only SMTP traffic
to proxy host, you have all the traffic seen twice. Let's say the
client IP is 1.1.1.1 connects to MSA 2.2.2.2, and the proxy is 3.3.3.3:
1. client sends packet from 1.1.1.1 to 2.2.2.2 via router 2. the packet
is routed through 3.3.3.3 (having source and destination intact) 3. the
proxy accepts connection, does some internal magic and creates *new*
connection with source 1.1.1.1 and destination 2.2.2.2 4. proxy host
sends it's own version of packet from 1.1.1.1 to 2.2.2.2 through router
5. router should route the new packet to the MSA 2.2.2.2 according to
normal routing table 6. MSA replies through router to proxy 7. proxy
does the reverse magic and replies through router to client
So, the packet flow is like:
client <=1/7=> proxy <=3/6=> MSA
As you can see there are two kind of packets (client<=>proxy and
proxy<=>MSA) that seem to be identical. It's your job, to setup the
routers policy routing.
IPFW MODE
FreeBSD ipfw mode. All connections are forwarded to original MSA. ipfw
connection tracking is used for destination IP lookup.
IPFILTER MODE
*BSD Packet filter mode. All connections are forwarded to original MSA.
ipfilter connection tracking is used for destionation IP lookup.
PF MODE
FreeBSD PacketFilter mode. All connections are forwarded to original
MSA. pf connection tracking is used for destination IP lookup. Proxy
needs to have proper permissions to /dev/pf.
STATUS
statefile FILE
Defined file which will contains status.
statefile_perm OCT
Statefile mode passed to open(2).
statefile_type human|flat|slots [MULTI]
Defined status format. Flat is preferred for parsing, human is
preferred to be read by humans :) By adding "slots" you can see
current slot assignment and statistics for each session.
Status file is written on SIGUSR1: see smtp-gated(8).
LOCKING
When virus/SPAM is found, user's IP or IP+ident can be blocked for cer‐
tain time. After that time, lock is removed, and user is allowed to use
SMTP again. Lockfile has name same as IP, or IP "-" IDENT if ident is
used.
Administrator can prevent locking some IP (IP+ident), by creating cor‐
responding lock file with owner other than daemon runs on. This lock
file is not automatically deleted. Contents is ignored, so it can be
description, or sth else.
lock_on virus|spam|maxhost|maxident|dnsbl|regex|earlytalk|rate‐
limit|never [MULTI]
Set events locking occurs for. See max_per_host, max_per_ident.
lock_duration INT [s]
Time the lock persists. 0 disables locking, -1 means lock for‐
ever (or: until manually unlocked).
lock_path PATH
Directory for lock files.
lock_perm OCTAL
Lock files permissions as for open(2). Octal value must be pre‐
ceded by zero.
NOTE: Lock files are checked (and eventually removed) for every incom‐
ing connection. This means that they will exist after expiration, until
next connection from its "owner". In particular, they can be left for‐
ever, if user won't use SMTP any more. You can use crontab to remove
stale locks like this (though it's not necessary for proxy to funcion
properly):
find /var/spool/smtp-gated/lock -type f -user smtpgw -mtime +30
-exec rm {} \;
ACTION SCRIPT
Action script is called when virus or spam is found, and if host/ident
limit is reached. If locking is used, action_script is called only when
lock is created (once until unblocked). This makes sure, that script is
called only once for a specified period (until lock expires). Script is
obviously called with proxy UID/GID.
Despite of actions taken by script (i.e. firewall-level user lock), you
should set lock_duration high enough (i.e. 15 seconds), to prevent con‐
nection-flood translate to action-flood (scripting is as expensive as
fork() and shell expansions).
If you have strange problems with action scripts (ENOMEM or ENFILE),
that seem to work well when executed manually, read about resource con‐
trol above. This will have impact especially on language interpreters
like perl.
action_script FILE
Defines path to script called when virus/spam is found.
All parameters for action_script are passed via environment variables:
PROXY_NAME
proxy name as defined in proxy_name in config file
[>=1.4.12-rc7]
FOUND contains word "VIRUS" or "SPAM", "MAX_HOST", "MAX_IDENT".
VIRUS_NAME
virus name if virus found.
SPAM_SCORE
spam score if spam found.
SOURCE_IP
source IP.
SOURCE_PORT
source port.
TARGET_IP
target (SMTP server) IP.
TARGET_PORT
target (SMTP server) port.
LOCAL_IP
local (proxy) IP as redirected.
LOCAL_PORT
local (proxy) port as redirected.
IDENT source ident [REMOTE].
IDENT_COUNT
connections count from particular host+ident [REMOTE].
HELO HELO/EHLO string.
MAIL_FROM
SMTP "MAIL FROM" line, stripped.
RCPTS_TOTAL
total number of mail recipients in session (not transaction).
SIZE message size [bytes].
TRANSACTION
transaction number, starting from 1.
AUTH authentication flags bitmap: 1=supported, 2=accepted,
4=rejected; see AUTH_FLAG_* in src/smtp-gated.h
SPOOL_NAME
spool file name.
LOCK_FILE
lock file name.
TIME time of connection start, human readable text.
UNIXTIME
time of connection start, unix timestamp.
SPOOLING
spool_path PATH
Directory for temporary message files.
spool_perm OCTAL
Temporary files permissions as for open(2). Octal value must be
preceded by zero.
spool_leave_on error|spam|virus|never|always [MULTI]
Set events, spool file is left for. If set to "never", spool is
always deleted. If you choose "always" please note that for
multi-transactional session, only the last mail is saved. Spools
are also removed if they exceed size limit or if there's error
during file write (including but not limited to drive full).
TIMEOUTS
All timeouts are specified in seconds.
timeout_direct UINT
Timeout for direct proxy session. This type of session is used
on TLS connections.
timeout_lookup UINT [REMOTE]
Timeout for lookup.
timeout_scanner UINT
Timeout for antivirus scanner engine.
timeout_spam UINT
Timeout for antispam scanner engine.
timeout_session UINT
Timeout for fake session (when virus/SPAM is blocked).
timeout_idle UINT
Timeout for idle sessions. Prevents stale connections.
timeout_connect UINT
Timeout for connecting to remote MSA.
AUTHENTICATION CONTROL
Proxy can limit access to MSA, according to SMTP AUTH support and
state. For now, there is no way to whitelist host or MSA.
auth_require no|ifsupported|mandatory [ONE]
Set authorization requirements:
no do not require any authorization, pass all mes‐
sages.
ifsupported require authorization if MSA advertises sup‐
port for it. If authorization is not advertised, mail is passed.
If authorization is advertised, mail is passed only if client
has authorized successfully.
mandatory require authorization for all connections. It MSA
does not support authorization, no mail is passed.
Authentication state is logged in "CLOSE by=... auth=N", where N is
bitwise OR for following values:
1 MSA supports auth (advertised in EHLO response)
2 user authenticated successfuly
4 user authentication failed (rejected by MSA)
auth_skip none|direct|antivir|antispam|dnsbl|regex [MULTI]
Skip checking/scanning if session is authenticated. direct is
special one: after authentication, session goes to DIRECT PROXY
mode. Using any other option together with direct obviously
makes no sense. Note that 'auth_skip dnsbl' delays dnsbl rejec‐
tion to MAIL FROM stage (as opposite to connect stage).
LIMITS
All sizes are specified in bytes. Loadavg limits can be disabled by
specyfing zero, but this is not recommended.
max_connections UINT [RESTART]
Total maximum connections.
max_per_host UINT
Maximum connections per source IP (see also: lock_on maxhost).
max_per_ident UINT [REMOTE]
maximum connections per IP+ident (see also: lock_on maxident).
max_load FLOAT
Reject connections if load is above this setting.
size_limit UINT
Limit maximum message size. 0=disabled (default).
scan_max_size UINT
av-scan messages with size up to this limit.
spam_max_size INT
SPAM-scan messages with size up to this limit. Should spam scan‐
ning be turned off, set it to 0 (default).
spam_max_load FLOAT
Don't SPAM-scan messages if load above this setting.
spam_threshold FLOAT
Treat message as SPAM if it's score is equal/greater than this
value.
MISCELLANOUS
ignore_errors BOOL
Continue when possible even if error occured (i.e. virus scanner
failure).
LOGGING
Daemon logs messages via syslog, facility daemon.
log_helo BOOL
Logs HELO/EHLO issued by client.
log_mail_from accepted|rejected|base64|off [MULTI]
Client MAIL FROM logging options:
off do not (log) accepted log if address is
accepted by MSA rejected log if address is rejected by
MSA base64 log as base64 encoded md5 hash of
e-mail
log_rcpt_to [MULTI]
Client RCPT TO logging mask. (see log_mail_from).
email_length UINT
MAIL FROM/RCPT TO email length limit (before optional md5 encod‐
ing).
log_level debug|info|notice|warning|err|alert|emerg|crit [ONE,RESTART]
Defined log level, as used by syslog(3):
crit Emergency messages (highest priority) emerg Critical,
requires intervention alert Critical messages err Errors
warning Warnings notice Normal, but significiant messages
info Informational messages debug Debugging messages (lowest
priority)
log_facility user|mail|daemon|auth|news|auth‐
priv|local0|local1|local2|local3|local4|local5|local6|local7
[ONE,RESTART]
Defined log facility, as used by syslog(3).
MANGLING
nat_header
Header injected into message stream header (sent to MSA);
default is "X-NAT-Received" [>=1.4.12-rc5]
nat_header_type none|simple|ip-only ONE, OLD: (nat_header)
Turns on/off injecting X-NAT-Received headers to messages.
[>=1.4.12-rc5]
none no (header) ip-only include only source IP in header
generic generic header (MSA-like)
spool_header
Header injected into message spool header (not sent to MSA, vis‐
ible in AV-scanner and AS-scanner), default is
"X-Proxy-Spool-Info" [>=1.4.12-rc5]
abuse STRING
Sets "abuse" info in full X-NAT-Received header.
SCANNERS
scanner_path FILE
not used.
antivirus_type off|clamd|mksd [ONE]
Choose antivirus to use. "off" means no scanning.
antivirus_path SOCKET
Path for clamd socket.
antispam_type off|spamassassin [ONE]
Choose antispam to use. "off" means no scanning.
antispam_path SOCKET
Path for spamd socket.
dspam_storage PATH
DSPAM storage home.
DNSBL
dnsbl zone,zone,[...]
Check incoming connections on specified DNSBL lists. Probably
makes sense for FIXED MODE only. See also: lock_on dnsbl
SPF
Check messages against SPF. IP used for SPF verification depends on spf
option.
spf none|incoming|outgoing|fixed [ONE]
Enables SPF checking.
none SPF turned off
incoming check against client incoming-IP, probably useful for
mode fixed only.
outgoing check against proxy outgoing-IP (outgoing_addr), prob‐
ably useful for NAT-mode only.
fixed check against static IP defined by spf_fixed_ip
spf_log_only yes|no
Logging only of SPF results, no mail rejection.
spf_fixed_ip IP
Static IP used by spf fixed only. Useful if proxy is behind NAT.
REGEX
regex_enforce_helo REGEX
regex_enforce_mail_from REGEX
regex_enforce_rcpt_to REGEX
Rejects HELO/MAIL FROM/RCPT TO if don't match regex_enforce_*.
regex_reject_helo REGEX
regex_reject_mail_from REGEX
regex_reject_rcpt_to REGEX
Rejects HELO/MAIL FROM/RCPT TO if they match regex_reject_*.
Please note, regex matching occurs only when corresponding command is
given. As a result, it is not possible to check if there was no
HELO/EHLO. See also: auth_skip regex, lock_on regex.
EARLYTALK
Earlytalker means MUA which starts to send SMTP commands before the
greeting from MSA. This is SMTP protocol violation and no legitimate
mail software should do that.
earlytalker BOOLEAN
Enable/disable earlytalker rejection.
lock_on earlytalker
Enable locking earlytalkers.
RATE LIMIT
Limits for client per time-period.
ratelimit_path PATH
Path for ratelimit files ("database"). If rate limiting is
enabled, these get rewritten for every connection, so it's prob‐
ably a bad idea to put them on any kind of Flash (SSD) drive.
ratelimit_period SECONDS
Time period for limits. 0 disables rate limiting entirely.
ratelimit_generation UINT
Generation is saved in ratelimiting structures together with
ratelimit_* limits. Limits are updated only if this generation
is increased. Recomended format is YYYYMMDDHHMMSS. To setup per‐
sonalised limit, write them with really high generation (no tool
for this yet).
ratelimit_connections INT
ratelimit_sessions INT
ratelimit_recipients INT
ratelimit_bytes INT
Limit per duration limits for each client (host or host+ident).
Limit database is saved into ratelimit_path directory. Setting
any limit to 0 disables that limit, and setting duration to 0
disables all limits.
ratelimit_mailfrom_rejects UINT
ratelimit_rcptto_rejects UINT
ratelimit_auth_rejects UINT
Limits on MAIL FROM, RCPT TO and AUTH rejected by MSA.
See also: lock_on ratelimit.
EARLYTALK
If client sends any command before MSA greeting, gets kicked. Current
implementation does not delay the greeting by itself, but relies on the
MSA.
earlytalk BOOL
enable/disable earlytalk check (enabled by default) See also:
lock_on earlytalk
COMMAND FILTER
forbid_starttls BOOL
Forbid entering TLS mode.
MESSAGES
All messages sent to user are customisable.
locale NAME
Changes locale of system errors from strerror(3). See setlo‐
cale(3). Does not change messages generated by daemon itself.
MESSAGES MAIN
msg_virus_found
Virus found in message.
msg_virus_locked
User locked, virus or SPAM found before.
msg_spam_found
SPAM found in message.
msg_unknown_virus
Virus name substituted, when it's unknown.
msg_spool_problem
Spooling file name problem.
msg_spool_open_fail
Spool creation failed.
msg_pipeline_full
Pipeline queue full.
msg_scanner_failed
Scanner has failed.
msg_cannot_connect
Cannot connect to MSA.
msg_connect_timeout
Connection to MSA timed out.
msg_nomem
Out of memory
MESSAGES FAKE MSA SESSION
msg_hello
Hello message.
msg_sign_off
Signing off.
msg_virus_no_more
Virus found, please end the session.
msg_session_timeout
Session timed out.
msg_proto_error
Protocol error.
msg_transaction_failed
Fake MSA transaction failed.
msg_unimpl_command
Unimplemented command (SMTP verb).
msg_temp_unavail
Service temporarily unavailable.
MESSAGES LIMITS
msg_max_reached
Total connections limit reached, try again later.
msg_max_per_host
Connections limit for IP reached, try again later.
msg_max_per_ident
Connections limit for IP+ident reached, try again later.
msg_system_load
System load too high, try again later.
MESSAGES FOR REMOTE IDENT MODE
msg_malformed_ip [REMOTE]
Malformed IP received
msg_lookup_failed
Lookup failed.
msg_lookup_timeout
Lookup timed out.
msg_lookup_mismatch
Invalid lookup response format.
msg_lookup_nomem
Lookup failed, not enough memory.
DIRECT PROXY
Direct proxy is a mode where proxy simply passes traffic between client
and MSA without any interaction or processing. This of course means,
that any checks/limits/quota/etc are ignored. You cannot force this
mode by config (it would be pointless to have the proxy), however proxy
enters this mode if:
1. STARTTLS is successfully requested by the client (proxy couldn't
process encrypted traffic anyway)
2. auth_skip direct is set and client has successfully authenti‐
cated to the MSA.
As the traffic in direct proxy mode is not processed, this means less
overhead to the proxy host.
FAQ
These are popular Questions and Answers:
Q1: Antispam is not working! What is wrong?
You must change max_spam_size to something above 0 to turn on
antispam scanning. It's set to 0 by default, and this means
turning antispam off. Also, set antispam_type.
Q2: Spammers don't get locked! What is wrong?
If you want to block spammers, set "lock_on spam[,...]", and see
Question#1.
Q3: I wanted to block some user by creating lockfile manually, but now
his traffic is not even scanned!
Creating lockfile with owner other than proxy process runs with,
will protect that host from being locked. The contents of file
does not matter.
Q4: My header is invalid after upgrading!
nat_header changed into nat_header_type since 1.4.12-rc5, so
after upgrade header will not be injected unless you rename it
in configuration file.
Q5: I don't have idents in my logs or headers, why?
It simple -- ident is used in REMOTE IDENT mode, which is cur‐
rently not available.
Q6: I don't see X-NAT-Received header in mails, why?
Please remember, that mail sent with TLS is not scanned. Also,
check nat_header_type directive in your config file, and
nat_header (see MANGLING above).
Q7: When X-Virus-Scan and/or X-Spam-Status headers will be supported?
The answer is: never. Reason is simple -- proxy is passing-thru
email headers and body. Because headers are sent first, we can't
predict spam-score or virus presence. The main assumption for
this project was not to buffer mail before forwarding, so this
option won't appear.
Q8: I have many locks left, even if they should be gone long time ago!
Please see note for the LOCKING.
Q9: Host gets locked, lock file appears, but he can still send e-mails!
Please *do not* run proxy as root, and set set_user properly. If
you do, remove all locks manually.
Q10: action_script does not work!
Please read about ACTION SCRIPT. Script will not be called once
the lock exists. If you were testing "by hand" by writing some
text to some log file, make sure the script has permissions to
write to it too, i.e. by temporarily doing chmod a+rw on that
log file. You should also check if disabling limit_* variables
will do the trick, and if the answer is yes, try to set them
high enough for script needs.
Q11: spamassassin gets timeout
Please check if "spamd -L" resolves this issue.
Q12: clamd fails with: SCAN:FAILED [...] result=lstat() failed.
Antispam and antivirus scanners need to have access to spool
files (spool_path, spool_perm). If you want to seal your setup,
you can add clamav user smtpgw group, and deny other to access
the spool directory.
Q13: action script does not seem to work well when executed by
smtp-gated, possibly failing with ENFILE or ENOMEM
Read notes about resource control and action scripts.
CHANGES
1.4.16-rc2:
spf:
changed: source -> incoming
added: fixed
1.4.16-rc1:
added options:
dnsbl
spf
spf_log_only
regex_*
renamed options:
source_addr -> outgoing_addr
changed options:
nat_header_type
auth_require
auth_skip: "regex", "dnsbl" added
lock_on: "regex", "dnsbl" added
1.4.14-rc2: renamed options:
dumpfile -> statefile
dumpfile_perm -> statefile_perm
1.4.14-rc1: Changed many configuration options. Please review your
previous configuration using:
smtp-gated -t /path/to/smtp-gated.conf
REPORTING BUGS
If you are willing to sent me a bug report, please check manuals first
to ensure you have configured properly. In report, please include:
1. output of "smtp-gated -V"
2. config file (as attachment if big)
3. full logs related to e-mails sent, with "log_level debug"
4. optional mail header (as sent from proxy).
If you get 'unknown option' or 'invalid value' errors, you
can list all supported options with supported values by run‐
ning:
smtp-gated -T
EXPLANATION
INT Signed integer
UINT Unsigned number; can be specified as decimal, octal (beginning
with 0), or hexadecimal (beginning with 0x or 0X)
BOOL Boolean (0, 1)
FLOAT Floating-point number
IP Valid IP address
PORT Valid IP port
STRING Arbitrary text string
PATH Valid directory name
FILE Valid file name
SOCKET UNIX socket or TCP socket. UNIX socket must begin with backslash
("/"), otherwise path is considered TCP socket and must be sub‐
mitted in following form: ip:port (i.e. 127.0.0.1:1097)
[ONE] Only one value allowed.
[MULTI]
Multiple values allowed, comma separated (do NOT insert any
white space before comma).
[RESTART]
This option needs full restart to take effect.
[REMOTE]
This option affects REMOTE IDENT MODE only.
GLOSSARY
MSA Mail Submission Agent
SEE ALSOsmtp-gated(8)HOMEPAGE
http://smtp-proxy.klolik.org
AUTHOR
Bartlomiej Korupczynski <smtp-proxy@klolik.org>
Bartlomiej Korupczynski 2013-02-26 smtp-gated.conf(1)
