Qmail-control-files

From QmailWiki

I've found that some patches use control files and these aren't well documented. This page is for a central place with the control files meanings.

Table of contents

1 control/badhelo 2 control/badmailfrom 3 control/badmailfromnorelay 4 control/badmailto 5 control/badmailtonorelay 6 control/bouncefrom 7 control/bouncehost 8 control/clientca.pem 9 control/clientcert.pem 10 control/clientcrl.pem 11 control/concurrencylocal 12 control/concurrencyremote 13 control/databytes 14 control/databytes 15 control/defaultdomain 16 control/defaulthost 17 control/dh1024.pem 18 control/dh512.pem 19 control/doublebouncehost 20 control/doublebounceto 21 control/envnoathost 22 control/helohost 23 control/idhost 24 control/localiphost 25 control/locals 26 control/me 27 control/morercpthosts 28 control/percenthack 29 control/plusdomain 30 control/qmqpservers 31 control/queuelifetime 32 control/rcpthosts 33 control/rsa512.pem 34 control/servercert.pem 35 control/smtpgreeting 36 control/smtproutes 37 control/spamt 38 control/spfbehavior 39 control/spfexp 40 control/spfguess 41 control/spfrules 42 control/timeoutconnect 43 control/timeoutremote 44 control/timeoutsmtpd 45 control/tlsclientciphers 46 control/tlsclients 47 control/tlshosts/ 48 control/tlsserverciphers 49 control/virtualdomains

control/badhelo

In general this is meant for checking against the envelope greeting (HELO/EHLO) argument.

qregex (http://www.arda.homeunix.net/store/qmail/) in particular, threats the contents of this control file as regular expressions (one per line). It then attempts a case insensitive matching against the HELO or EHLO string. If a match is made then a 553 permanent error will be issued to the client. Negation is also supported via use of the '!' operator.

Examples:

# Reject spambots using our mailserver's 11.22.33.44 IP as HELO/EHLO
^11\.22\.33\.44$
# Reject spambots using our mailserver's a.mx.ourdomian.tld name as HELO/EHLO
^a\.mx\.ourdomian\.tld$

control/badmailfrom

In general this is meant for checking against the envelope sender string (MAIL) argument.

qregex (http://www.arda.homeunix.net/store/qmail/) in particular, threats the contents of this control file as regular expressions (one per line). It then attempts a case insensitive matching against the envelope sender string, provided it is non-empty (ie bounces are never rejected). If a match is made then a 553 permanent error will be issued to the client at the RCPT stage. Negation is also supported via use of the '!' operator.

Examples:

# Reject senders with @spammer.com addresses
@spammer\.com$

control/badmailfromnorelay

In general this is meant for checking against the envelope sender string (MAIL) argument when the RELAYCLIENT environment variable is not set.

qregex (http://www.arda.homeunix.net/store/qmail/) in particular, uses it in the same manner as control/badmailfrom when the RELAYCLIENT environment variable is not set.

Examples:

# Reject senders without '@'
!@
# Reject senders spoofing @ourdomain.tld local adresses
@ourdomain\.tld$

control/badmailto

In general this is meant for checking against the envelope recipient string (RCPT) arguments.

qregex (http://www.arda.homeunix.net/store/qmail/) in particular, threats the contents of this control file as regular expressions (one per line). It then attempts a case insensitive matching against each envelope recipient string. If a match is made then a 553 permanent error will be issued to the client. Negation is also supported via use of the '!' operator.

Examples:

# Don't accept messages for addresses containing more than one '@'
@.+@

control/badmailtonorelay

In general this is meant for checking against the envelope recipient string (RCPT) arguments when the RELAYCLIENT environment variable is not set.

qregex (http://www.arda.homeunix.net/store/qmail/) in particular, uses it in the same manner as control/badmailto, when the RELAYCLIENT environment variable is not set.

Examples:

# Don't accept messages for addresses containing ' ', '!', '%', '#' etc
[ !%#:*^(){}]
# Don't allow outsiders to send messages to our staff@ourdomain.tld list
^staff@ourdomain\.tld$

control/bouncefrom

control/bouncehost

control/clientca.pem

control/clientcert.pem

control/clientcrl.pem

control/concurrencylocal

control/concurrencyremote

control/databytes

control/databytes

control/defaultdomain

control/defaulthost

control/dh1024.pem

control/dh512.pem

control/doublebouncehost

control/doublebounceto

control/envnoathost

control/helohost

control/idhost

control/localiphost

control/locals

control/me

control/morercpthosts

control/percenthack

control/plusdomain

control/qmqpservers

control/queuelifetime

control/rcpthosts

control/rsa512.pem

control/servercert.pem

control/smtpgreeting

control/smtproutes

control/spamt

man file (http://spamthrottle.qmail.ca/man/qmail-spamt.5.html)

example: 192.168.0.0/24:private:2000:120000:::::: 192.168.1.0/24:/24:2000:120000:::::: .

note that the file must end with a single dot!

each line format is: ipblock:dir:st:stmax:flush:rcpt:tg:tg_resp:

• ipblock:
• dir: directory where to store the stats, if two ip have the same dir, they will be thrated as a single user. use /## for making dirs based on the mask

control/spfbehavior

control/spfexp

control/spfguess

control/spfrules

control/timeoutconnect

control/timeoutremote

control/timeoutsmtpd

control/tlsclientciphers

control/tlsclients

control/tlshosts/

control/tlsserverciphers

control/virtualdomains