./magic-smtpd 220 wizard.ca ESMTP MAIL FROM: firstname.lastname@example.org 250 ok RCPT TO: email@example.com 550 User does not exist QUIT 221 wizard.cathis was a test with a user known to not be valid. If you receive a "250 ok" message rather than the "550 User does not exist" message in response to your "RCPT TO:" command, the system thinks that the user does exist. If this works properly, you should also test with a known-valid user:
./magic-smtpd 220 wizard.ca ESMTP MAIL FROM: firstname.lastname@example.org 250 ok RCPT TO: email@example.com 250 ok QUIT 221 wizard.caIf you receive a "550 User does not exist" rather than the "250 ok" in response to your "RCPT TO:" command, this means that your configuration is incorrect. If it does not work for you, please recheck your configuration and try again. If it works properly and you get the proper response to both of these test cases: congratulations, you have successfully configured Valid-User checking.
http://cr.yp.to/checkpwd/interface.htmlBeing that the program only needs to be compatible with the checkpassword program, almost any program which is being used with an existing Qmail installation for POP3 authentication (assuming you are using the included qmail-popup and qmail-pop3d programs) can be used directly for SMTP authentication, including the vchkpw program included in the vpopmail package.
perl -e "use MIME::Base64; print encode_base64('username')" perl -e "use MIME::Base64; print encode_base64('password')"The resulting strings were: dXNlcm5hbWU= and cGFzc3dvcmQ= in this example. After you have the base64 encoded strings, you can make a telnet connection to the localhost (these commands should be run on the machine running magic-smtpd) and do a test of the SMTP Authentication feature (the italicized portions indicate your input):
telnet localhost 25 Trying 127.0.0.1.... Connected to localhost. Escape character is ''. 220 wizard.ca ESMTP EHLO wizard.ca 250-wizard.ca 250-AUTH LOGIN 250-AUTH=LOGIN 250-PIPELINING 250 8BITMIME AUTH LOGIN dXNlcm5hbWU= 334 UGFzc3dvcmQ6 cGFzc3dvcmQ= 235 ok, go ahead (#2.0.0)If you do not see the "AUTH LOGIN" lines as part of the response to your "EHLO" command, this means that the SMTP Authentication has not been properly enabled. Please double check your settings and try again. The "AUTH LOGIN" command's argument is the base64 encoded username. The subsequent "334 UGFzc3dvcmQ6" prompt actually says "334 Password:" as this string is base64 encoded, so your response should be the base64 encoded version of your password. If something is misconfigured, or your password or username are incorrect you will instead see either "454 problems performing authorization (#4.3.0)" or "535 authorization failed (#5.7.0)". If you receive either of these messages, you will need to double check your settings and the username and password you are using. If you receive the "235 ok, go ahead (#2.0.0)" message as above: congratulations, you now have your server configured for SMTP Authentication and should be able to configure your mail client to use this.
rulen valuenwith the n indicating a single newline character. Rules that have multiple values (ie lists) should be output in the following manner:
rulen list item 1n rulen list item 2nsuch that each value (whether part of a list or single-value rule) results in exactly 2 lines being output to stdout. A sample program is included with this distribution which should suffice as-is or with small modifications for many configurations. More information about this program can be found in Section 11. For help with debugging problems related to spam rules, see Section 5.1. A list of spam rules that can be configured is included in Appendix A, and a detailed description of each rule is included in Section 5.4.
<user@domain>where "user" and "domain" are at least 1 character and the <,@ and > characters are all present.
firstname.lastname@example.org$which would match "email@example.com", "firstname.lastname@example.org" and any other email address with a name that starts with j and whose domain is wizard.ca. If you use a simple substring like:
wizardthis would match "email@example.com" or "firstname.lastname@example.org" or any other address which contains the string "wizard".
m.*wizard.ca$which would match "mail.wizard.ca", "mx.wizard.ca" and any other address with a name that starts with m and whose domain is wizard.ca. If you use a simple substring like:
wizardthis would match "mail.wizard.ca" or "wizard.domain.com" or any other hostname which contains the string "wizard".
http://www.iana.org/cctld/cctld-whois.htmEach entry in this list should consist only of the two letters of the country code. No other characters should be present. The connecting IP address will be checked against a database in order to determine which country the client is connected from. If the country is on the country_blacklist, the message will be marked as spam unless another whitelist rule has already marked it as whitelisted.
openssl genrsa 1024 > cert.key openssl req -new -x509 -nodes -sha1 -days 365 -key cert.key > cert.crt openssl gendh 1024 > cert.dh cat cert.crt cert.key cert.dh > /etc/magic-mail/control/cert.pemfilling in the appropriate data in the second step (Country, State, Organization, etc), and making sure that you set the "Common Name" field to be the hostname of the server as the clients will see it. If you are only using this certificate for magic-smtpd, you can delete the cert.key, cert.crt and cert.dh files once you have generated the cert.pem file. You should also change the owner of the file to match the user who is running the magic-smtpd daemon, and do a "chmod 400 /etc/magic-mail/control/cert.pem" in order to prevent other users from reading the private key from this file. If you would like to create a certificate which is signed by a certificate authority such as Verisign or Thawte, you will need to follow their instructions for creating your certificate. Once you have the signed certificate, you should be able to generate a .pem file in much the same fashion as is done above. Due to the wide variety of configurations available, doing this is outside the scope of this document.
echo "1" > /etc/magic-mail/control/tls_enableand verify the configuration using the "magic-smtpd -s" command. Once you have verified that the configuration is complete, you should test to ensure the TLS support is working properly. The next section will give you some pointers with regard to testing this feature. If for some reason this testing fails, you can disable TLS support until you have fixed the configuration by running the command:
echo "0" > /etc/magic-mail/control/tls_enable
openssl s_client -starttls smtp -ign_eof -crlf -connect 127.0.0.1:25the output should print many lines of text including a certificate and some other debug information before finally giving you a prompt that looks like:
220 wizard.ca ESMTPwhich indicates that it connected successfully. If you receive an error, TLS is not working properly. If you do not have OpenSSL 0.9.7 or higher, you will need to attempt to connect using a mail client which has been configured for TLS support. Unfortunately configuring mail clients for use as test clients for TLS is beyond the scope of this document. Upon successfully connecting using TLS you should also see a message in your mail logs saying "CONNECTED using SSL". If you are unable to get this working, feel free to ask for help on the mailing list (See Section 12.1).
/var/qmail/queue/NOTE: currently it is required to place a trailing "/" character on the directory specified by this option.
echo "true" > /etc/magic-mail/control/dump_core mkdir -p /var/cores/magic-smtpd chmod 1777 /var/cores/magic-smtpdThen when you get a segfault there should be a directory with a core file in this /var/cores/magic-smtpd directory. If you run:
gdb /PATH/TO/magic-smtpd /var/cores/magic-smtpd/DIR/corewhere you replace /PATH/TO with the actual absolute path of magic-smtpd, and replace DIR with the directory that was created in /var/cores/magic-smtpd, you should get to a gdb prompt. From this prompt if you run the command:
backtraceyou should get a bunch of output. You can then quit (type the command "quit"). If you send the output of the gdb backtrace, it would be very helpful in debugging your problem.
/email@example.com/and read all files in that directory as spam rules. If the rules for this email address also specify that the global rules should be loaded (eg. has use_global_from_whitelist set to true), the rules from:
/etc/magic-mail/spam_rules/0/will also be loaded if they exist, and any entries in the file:
/etc/magic-mail/spam_rules/0/from_whitelistwould be used by magic-smtpd to compare with the message to firstname.lastname@example.org. In order to set some rules for email@example.com you could do something like the following:
mkdir -p /firstname.lastname@example.org/ echo "true" > /email@example.com/spam_check echo "true" > /firstname.lastname@example.org/smtp_check echo "true" > /email@example.com/smtp_blocking echo "true" > /firstname.lastname@example.org/require_helo echo "email@example.com$" > /firstname.lastname@example.org/from_whitelist echo "email@example.com$" >> /firstname.lastname@example.org/from_whitelistwhich would enable the spam_check, smtp_check, smtp_blocking and require_helo rules and add two entries to the from_whitelist.
spamrules -e email@example.com list the rules and lists for the firstname.lastname@example.org user, and the command:
spamrules -e 0should list the global rules and lists. This spamrules binary uses the same code to load the spam rules as the magic-smtpd daemon, so if the rules are displayed by the spamrules program, they should be working in the SMTP daemon as well.
|Rule Name||Value Type||SMTP|
|Filename||Value Type||Default Value||Relevance|