1. s/qmail/DOC/smtpd

https://www.fehcom.de/sqmail/man/qmail-smtpd.html

• 機能強化されたsmtpd

RBL検査を挟むなら: https://notes.sagredo.eu/en/qmail-notes-185/setting-up-rblsmtpd-127.html

• http://www.fehcom.de/ipnet/ucspi-tcp6/rblsmtpd.html

qmail-smtpd includes a 'MailFrom:' parameter parser and obeys 'Auth', 'Size',

• and 'SMTPUTF8' advertisements.

qmail-smtpd supports SMTPUTF8 SMTP envelope addresses

• and provides 8 bit clean message transmission. qmail-smtpd STARTTLS and SMTPS implementation requires the use of sslserver from ucspi-ssl.

1.1. TRANSPARENCY

badmailfrom Unacceptable envelope sender addresses.

• qmail-smtpd will reject every recipient address for a message if the envelope sender address is listed in badmailfrom.
• A line in badmailfrom may be of the form @host, meaning every address at host.
  • Additionally, any envelope sender address can be filtered with a wildmat check:

              *@earthlink.net
              !fred@earthlink.net
              [0-9][0-9][0-9][0-9][0-9]@[0-9][0-9][0-9].com
              answerme@save*
              *%*
              @yahoo.com-
              @hotmail.com=
              @mydomain.tld+
              ~yahoo.com
              ?nobody@example.com

A badmailfrom file with this contents reject all mail from Earthlink except from fred@earthlink.net.

It also rejects all mail with addresses like: 12345@123.com and answerme@savetrees.com.

Further, any mail with a sender address containing a percent sign (%) is rejected.

This implementation recognises 'extended' addresss in badmailfrom allowing to reject mails with particluar spoofed domain addresses:

• (1) The address is appended with a '-'. Now, if TCP(6)REMOTEHOST
  • equals 'unknown', mails with the corresponding address are rejected (badmailfromunknown).
• (2) The address is appended with a '='. In case TCP(6)REMEOTEHOST
  • is set mails, whose domain part of the envelope addresses not matching the corresponding entry are rejected (badmailfromwellknown).
• (3) The address is appended with a '+'. If RELAYCLIENT is not set
  • and the sender address matches a corresponding entry (anti- spoofing for internal addresses).
• (4) The address is enhanced with a leading '~'. This requires a
  • (left to right partial) matching of TCP(6)REMOTEHOST with the

              *
              !
              !*@*.*
              *viagra*

1.2. ENVIRONMENT VARIABLES READ

HELOCHECK=""

• enables a check of the provided HELO/EHLO greeting against the content of the control file badhelo.

• In case no HELO/EHLO greeting is given, SMTP connections can be rejected,
  • if HELOCHECK='!' is set.
• Checks on the presence and the content of the HELO/EHLO greeting string is facilitated,
  • setting HELOCHECK='.'.
• To enforce the match of the HELO/EHLO greeting with the remote host's FQDN ( TCP(6)REMOTEHOST),
  • use HELOCHECK='='.

HELOCHECK='A' | HELOCHECK='M'

• enable DNS A/MX lookup for the HELO/EHLO greeting string. In addition, the HELO/EHLO string is checked against the content of badhelo.

Controlling the SMTP Mail From:

Controlling the SMTP RCPT TO:

Controlling the email body:

Environment variables for SMTP authentication:

Setting up the TLS/STARTTLS environment:

Other environment variables used: