smtp-proxy.cfg — format of smtp-proxy program configuration file
General syntax rules of Kernun Firewall configuration files are described in configuration(7). This man page describes types, sections and items specific for the smtp-proxy.cfg configuration file.
Repeatable sections/items are marked by
the '*
' before section/item name.
Configuration directives have attributes of several value-types. For the basic types description, see configuration(7).
Enumeration is a list of words (names) representing integer values. Some enumerations accept both names and direct integer values; in this case, enumeration description contains values for every name (in parenthesis next to name). For other enumerations, using of names is obligatory.
The following enumerations are used in smtp-proxy.cfg configuration directives:
enabling
(see common(5))yes-no
(see common(5))direction
(see common(5))ip-version
(see common(5))osi4-proto
(see common(5))time-cond
(see common(5))zip-mode
(see common(5))obligation
(see common(5))range-op
(see common(5))inline-file-format
(see common(5))dbglev
(see log(5))logfail-mode
(see log(5))week-day
(see time(5))month
(see time(5))lock-type
(see ipc(5))radius-attr
(see radius(5))ldap-tls-reqcert-mode
(see ldap(5))ldap-search-scope
(see ldap(5))ldap-group-match
(see ldap(5))auth-method
(see auth(5))oob-authentication-method
(see auth(5))bandwidth-mode
(see pf-queue(5))pf-sc-setting
(see pf-queue(5))antivirus-protocol
(see antivirus(5))virus-status
(see antivirus(5))database-source
(see antivirus(5))source-address-mode
(see source-address(5))accept-deny
(see mod-html-filter(5))transparency
(see acl(5))user-auth-spec
(see acl(5))doctype-ident-method
(see acl(5))header-op
(see acl(5))lagg-protocol
(see interface(5))listen-on-sock
(see listen-on(5))log-in-vain-proto
(see sysctl(5))blackhole-proto
(see sysctl(5))ssl-ver
(see ssl(5))extension-op
(see ssl(5))veri-fail-action
(see ssl(5))auth-cert-type
(see ssl(5))distrusted-cert-type
(see ssl(5))smtp-error
(see mod-mail-doc(5))mail-reaction
(see mod-mail-doc(5))mail-fallback
(see mod-mail-doc(5))mime-header-check-type
(see mod-mail-doc(5))smtp-size-usage
(see smtp-proxy(5))ssl-startup-mode
(see smtp-proxy(5))postfix-security-level
(see smtp-proxy(5))postfix-transport-map-mode
(see smtp-proxy(5))smtp-err-switch
(see smtp-proxy(5))spf-result
(see smtp-proxy(5))spf-modes
(see smtp-proxy(5))Program smtp-proxy recognizes following items and sections:
* antispam name
{ ... }
* antivirus name
{ ... }
* fake-cert name
{ ... }
* html-filter name
{ ... }
* interface name
{ ... }
* ldap-client-auth name
{ ... }
* mail-filter name
{ ... }
* oob-auth name
{ ... }
* pf-queue name
{ ... }
* radius-client name
{ ... }
* resolver name
{ ... }
* shared-dir name
{ ... }
* shared-file name
{ ... }
* smtp-forwarder name
{ ... }
* ssl-params name
{ ... }
sysctl { ... }
use-resolver ... ;
* smtp-proxy name
{ ... }
ipv6-mode ... ;
All configured email domains must be handled by some SMTP-FORWARDER.
antispam
name
{
connection ... ;
sock-opt { ... }
altq ... ;
}
antispam
section is derived from
antispam
section prototype.
For detail description of it, see mod-antispam(5).
antivirus
name
{
connection ... ;
sock-opt { ... }
timeout ... ;
comm-dir ... ;
altq ... ;
max-checked-size ... ;
icap-pass-200-with-pure-body ... ;
persistent-stream ... ;
clamav-agent { ... }
}
antivirus
section is derived from
antivirus
section prototype.
For detail description of it, see antivirus(5).
fake-cert
name
{
key ... ;
auth-ca ... ;
fail-ca ... ;
* extension ... ;
purge ... ;
}
fake-cert
section is derived from
fake-cert
section prototype.
For detail description of it, see ssl(5).
html-filter
name
{
* script-tag-language ... ;
replace-head-script-tags ... ;
replace-body-script-tags ... ;
* style-tag-type ... ;
replace-style-tags ... ;
* iframe-tag-src ... ;
replace-iframe-tags ... ;
* intrinsic-language ... ;
* intrinsic-hack ... ;
replace-intrinsic ... ;
* macro-language ... ;
* macro-hack ... ;
replace-macros ... ;
* uri ... ;
replace-uri ... ;
* embed-tag-type ... ;
* embed-src-hack ... ;
* embed-plugin-hack ... ;
replace-head-embed-tags ... ;
replace-body-embed-tags ... ;
* applet ... ;
replace-applets ... ;
* object ... ;
* object-classid-hack ... ;
* object-data-hack ... ;
replace-head-object-tags ... ;
replace-body-object-tags ... ;
* param-tags ... ;
replace-param ... ;
script-end-hack ... ;
}
html-filter
section is derived from
html-filter
section prototype.
For detail description of it, see mod-html-filter(5).
interface
name
{
dev ... ;
ipv4 ... ;
ipv6 ... ;
mac ... ;
aggregate ... ;
pike ... ;
vlan ... ;
tunnel ... ;
dhcp-client ... ;
ipv6-rtadv { ... }
* alias name
{ ... }
* tag ... ;
}
interface
section is derived from
interface
section prototype.
For detail description of it, see interface(5).
ldap-client-auth
name
{
server ... ;
ssl { ... }
bindinfo ... ;
kerberos ... ;
users ... ;
groups ... ;
active-directory ... ;
}
ldap-client-auth
section is derived from
ldap-client-auth
section prototype.
For detail description of it, see ldap(5).
mail-filter
name
{
stamp-limit ... ;
stamp-filter ... ;
* unflagged-8bit ... ;
* bad-end-of-line ... ;
* invalid-header ... ;
* long-header-lines ... ;
* invalid-chars ... ;
* header-8bit-chars ... ;
* bad-boundary-chars ... ;
* bad-boundary-length ... ;
* long-body-lines ... ;
* long-encoded-lines ... ;
enc-line-len ... ;
* bad-mime-struct ... ;
* invalid-encoding ... ;
treat-rfc822-as-text ... ;
}
mail-filter
section is derived from
mail-filter
section prototype.
For detail description of it, see mod-mail-doc(5).
oob-auth
name
{
method ... ;
max-sessions ... ;
max-user ... ;
max-groups ... ;
truncate-groups ... ;
file ... ;
lock ... ;
}
oob-auth
section is derived from
oob-auth
section prototype.
For detail description of it, see auth(5).
pf-queue
name
{
parent ... ;
bandwidth ... ;
priority ... ;
qlimit ... ;
cbq { ... }
priq { ... }
hfsc { ... }
}
pf-queue
section is derived from
pf-queue
section prototype.
For detail description of it, see pf-queue(5).
radius-client
name
{
nas ... ;
groups ... ;
* server ... ;
}
radius-client
section is derived from
radius-client
section prototype.
For detail description of it, see radius(5).
resolver
name
{
* server ... ;
search ... ;
preference ... ;
edns ... ;
conf-timeout ... ;
initial-timeout ... ;
final-timeout ... ;
conn-timeout ... ;
disable-deresolution ... ;
}
resolver
section is derived from
resolver
section prototype.
For detail description of it, see resolver(5).
shared-dir
name
{
path ... ;
}
shared-dir
section is derived from
shared-dir
section prototype.
For detail description of it, see common(5).
shared-file
name
{
path ... ;
format ... ;
}
shared-file
section is derived from
shared-file
section prototype.
For detail description of it, see common(5).
smtp-forwarder
name
{
* server ... ;
agent { ... }
timeouts { ... }
hostname ... ;
size ... ;
source-address ... ;
* domain ... ;
server-ssl ... ;
* server-cert-match ... ;
altq ... ;
}
smtp-forwarder
section is derived from
smtp-forwarder
section prototype.
For detail description of it, see smtp-proxy(5).
ssl-params
name
{
versions ... ;
ciphers ... ;
tcp-eof ... ;
id ... ;
* auth-cert ... ;
distrusted-certs ... ;
dont-check-crl ... ;
* crl ... ;
verify-peer ... ;
cache-timeout ... ;
use-ticket ... ;
enable-renegotiation ... ;
fake-cert ... ;
prefer_server_ciphers ... ;
enable-ecdh ... ;
}
ssl-params
section is derived from
ssl-params
section prototype.
For detail description of it, see ssl(5).
sysctl
{
* variable ... ;
portrange-default ... ;
portrange-high ... ;
portrange-low ... ;
portrange-reserved ... ;
somaxconn ... ;
log-in-vain ... ;
blackhole ... ;
}
sysctl
section is derived from
sysctl
section prototype.
For detail description of it, see sysctl(5).
use-resolver
name
;Resolver Section Specification.
This item defines name of global (system) resolver section used in particular configuration environment. Namely, it is applicable within SYSTEM section and within any section derived from PROXY prototype. The former usage defines system-wide values, the latter one values valid for particular proxy.
name
(type: name
of resolver
, see resolver(5))smtp-proxy
name
{
phase ... ;
* tag ... ;
log-debug { ... }
log-stats { ... }
use-resolver ... ;
cfg-resolution ... ;
monitoring { ... }
stats-daily { ... }
stats-weekly { ... }
stats-monthly { ... }
nodaemon ... ;
singleproc ... ;
app-user ... ;
idle-timeout ... ;
run-block-sigalrm ... ;
listen-on { ... }
tcpserver { ... }
doctype-identification { ... }
client-conn { ... }
server-conn { ... }
mail-pool ... ;
quarantine ... ;
postmaster ... ;
hostname ... ;
init-timeout ... ;
bad-commands ... ;
bad-recipients ... ;
dsn-mail-copy ... ;
use-antivirus ... ;
use-antispam ... ;
ssl-session-cache { ... }
grey-listing { ... }
* session-acl name
{ ... }
* delivery-acl name
{ ... }
* mail-acl name
{ ... }
* doc-acl name
{ ... }
}
smtp-proxy
section is derived from
smtp-proxy
section prototype.
For detail description of it, see smtp-proxy(5).
ipv6-mode
[status
];Enabling/Disabling IPv6 Mode.
status
(type: enabling
, optional, default: enable)configuration(7), smtp-proxy(8), acl(5), antivirus(5), auth(5), common(5), interface(5), ipc(5), ldap(5), listen-on(5), log(5), mod-antispam(5), mod-html-filter(5), mod-mail-doc(5), pf-queue(5), radius(5), resolver(5), smtp-proxy(5), source-address(5), ssl(5), sysctl(5), time(5), host-matching(7)