.TH SMTPD 8 "August 2007" "OpenFWTK" .SH NAME smtpd \- SMTP proxy (client portion) .SH SYNOPSIS .BI "smtpd [-daemon " "port" "] [-fastdaemon " "port" "] [-as " "tag" "]" .SH DESCRIPTION .IX "smtpd" "" "\(em SMTP proxy (client portion)" The Firewall Toolkit .B smtpd proxy is an application level proxy that provides configurable access control and logging mechanisms. The .B smtpd client proxy together with the .B smtpfwdd server proxy, which run on the firewall, transfer mail between internal and external mail servers, using rules you supply. .PP All packets, and therefore all application requests go to the firewall. On the firewall, the .B smtpd and .B smtpfwdd proxy software relay information from one side of the firewall to the other. They prevent versions of .I sendmail on the external network from talking with versions of .I sendmail on the internal network, and vice versa. No IP packets pass from one side of the firewall to the other. All data is passed at the application level. . PP The client portion of the SMTP proxy .RB "(" smtpd ")" generally runs as a daemon (invoked from .IR "/etc/rc.local" ) and listens for requests on the standard SMTP port (25, as indicated in .IR "/etc/services" ). Whenever the system receives an SMTP request on this port, the .B smtpd client collects the mail from the sender, logs the message, and places the mail in a temporary directory. Periodically, based on a configurable value (by default every 60 seconds), the server daemon .RB "(" smtpfwdd ")" wakes up and checks to see if there is any new mail. The .B smtpfwdd daemon checks the headers of the mail for formatting problems. It then calls the configured message transfer agent (usually .B ssmtp ) for final delivery. .SH OPTIONS .SS Command Line Options The .B smtpd proxy recognizes the following command line options (whether started from the command line or from within .IR /etc/rc.local ): .TP .BI "-daemon " port Indicates that the .B smtpd proxy runs as a daemon, and the port (name or number) on which the .B smtpd proxy listens. When .IR "-daemon" option is used, configuration is being read from .IR netperm-table for every new connection accepted by proxy. .IP .I port Specifies either a numeric id or symbolic name from the .I /etc/services file. .TP .BI "-fastdaemon " port Indicates that the smtpd proxy runs as a daemon, and the port (name or number) on which the smtpd proxy listens. When .IR "-fastdaemon" option is used, configuration is being read from .IR netperm-table once the daemon starts or if .IR SIGHUP is received. .TP .BI "-as " tag Changes default application tag for .IR netperm-table from "smtpd" to any given string. .SS Configuration Options The .B smtpd proxy reads configuration rules from the .IR "/usr/local/etc/netperm-table" . It reads all rules using the .B smtpd , .B smap and .B * (wildcard) keywords. The .B smtpd proxy reads the .I netperm-table from top to bottom. If there are multiple rules in the table that could apply for a particular attribute, the .B smtpd proxy uses the first one that it finds. See .BR "netperm-table" (5) for a more complete explanation of .I netperm-table syntax and precedence. .B smap configuration options are included for TIS fwtk compatibility. .PP The .B smtpd proxy recognizes the following attributes: .TP .BI "directory " directory Specifies the directory that the .B smtpd proxy makes its root directory before providing service. This is also the directory where the .B smtpd proxy stores incoming messages. .TP .BI "hosts " "host-pattern [host-pattern...] [options]" rules specify host and access permissions. Typically, a hosts rule will be in the form of: .na .sp 1 smtpd: deny-hosts unknown .sp smtpd: hosts 192.33.112.* 192.94.214.* .ad .sp 1 There may be several host patterns following the "hosts" keyword, ending with the first optional parameter beginning with '-'. Optional parameters permit the selective enabling or disabling of logging information, etc. Sub-options are: .IP .IP .B \-log Increases log verbosity .IP .BI "[-client]-dscp " dscp-tag-name .br .BI "[-client]-dscp " dscp-hex-value specifies diffserv codepoint (QoS/ToS mark) for client to proxy connection. .TP .BI "groupid " group Specifies the name of the group the .B smtpd proxy uses when running. .RS .TP .I group Specifies either a name or numeric id from the .I /etc/group file. .RE .TP .BI "maxbytes " number Specifies max email size. .TP .BI "maxheaderline " number Specifes max single header line length. 998 is default as recommended by rfc2822. .TP .BI "maxrecip " number Specifies maximal number of receipients per SMTP session. .TP .BI "timeout " seconds Specifies the number of seconds the .B smtpd proxy is idle (with no network activity) before disconnecting .TP .BI "userid " user Specifies the user ID the proxy uses when running. .RS .TP .I user Specifies either a name or numeric id from the .I /etc/passwd file. .RE .SH EXAMPLES This example indicates that the .B smtpd and .B smtpfwdd proxies use the directory .I /var/spool/smtpd as their root directories: .sp 1 .nf .na .RS smtpd: permit-hosts 10.0.0.* outerrelay.illuminati.int smtpd, smtpfwdd: directory /var/spool/smtpd .RE .fa .fi .SH FILES .IP /etc/rc.local Command script that controls automatic reboot, and includes startup information for the .B smtpd proxy. .IP /usr/local/etc/netperm-table The network permissions file contains configuration information for the Firewall Toolkit, including the .B smtpd proxy. .IP /var/spool/smtpd The directory that the .B smtpd proxy uses as its root directory. .SH BUGS There is no advanced relay control. We accept everything from allowed hosts so relays should be properly configured to prevent unauthorized relaying. .PP smtpd does not do ESMTP. You may consider that as feature as well. .PP Report bugs to arkenoi@gmail.com or fwtk-users@buoy.com mailing list. Include a complete example, explaining what you expected to happen and what actually happened. Be sure to indicate the type of system (operating system, hardware, etc.) you are using, as well as the version of the smtpd proxy. .SH AUTHOR Obtuse Systems Corporation. .SH SEE ALSO .BR netperm-table "(5), " rc "(8), " smtpd "(8)"