smtp-proxy.cfg — format of smtp-proxy program configuration file
General syntax rules of Kernun Firewall configuration files are described in configuration(7). This man page describes types, sections and items specific for the smtp-proxy.cfg configuration file.
Repeatable sections/items are marked by
the '*' before section/item name.
Configuration directives have attributes of several value-types. For the basic types description, see configuration(7).
Enumeration is a list of words (names) representing integer values. Some enumerations accept both names and direct integer values; in this case, enumeration description contains values for every name (in parenthesis next to name). For other enumerations, using of names is obligatory.
The following enumerations are used in smtp-proxy.cfg configuration directives:
enabling (see common(5))yes-no (see common(5))direction (see common(5))ip-version (see common(5))osi4-proto (see common(5))time-cond (see common(5))zip-mode (see common(5))obligation (see common(5))range-op (see common(5))inline-file-format (see common(5))dbglev (see log(5))logfail-mode (see log(5))week-day (see time(5))month (see time(5))lock-type (see ipc(5))radius-attr (see radius(5))ldap-tls-reqcert-mode (see ldap(5))ldap-search-scope (see ldap(5))ldap-group-match (see ldap(5))auth-method (see auth(5))oob-authentication-method (see auth(5))bandwidth-mode (see pf-queue(5))pf-sc-setting (see pf-queue(5))antivirus-protocol (see antivirus(5))virus-status (see antivirus(5))database-source (see antivirus(5))source-address-mode (see source-address(5))accept-deny (see mod-html-filter(5))transparency (see acl(5))user-auth-spec (see acl(5))doctype-ident-method (see acl(5))header-op (see acl(5))lagg-protocol (see interface(5))listen-on-sock (see listen-on(5))log-in-vain-proto (see sysctl(5))blackhole-proto (see sysctl(5))ssl-ver (see ssl(5))extension-op (see ssl(5))veri-fail-action (see ssl(5))auth-cert-type (see ssl(5))distrusted-cert-type (see ssl(5))smtp-error (see mod-mail-doc(5))mail-reaction (see mod-mail-doc(5))mail-fallback (see mod-mail-doc(5))mime-header-check-type (see mod-mail-doc(5))smtp-size-usage (see smtp-proxy(5))ssl-startup-mode (see smtp-proxy(5))postfix-security-level (see smtp-proxy(5))postfix-transport-map-mode (see smtp-proxy(5))smtp-err-switch (see smtp-proxy(5))spf-result (see smtp-proxy(5))spf-modes (see smtp-proxy(5))Program smtp-proxy recognizes following items and sections:
* antispam name { ... }
* antivirus name { ... }
* fake-cert name { ... }
* html-filter name { ... }
* interface name { ... }
* ldap-client-auth name { ... }
* mail-filter name { ... }
* oob-auth name { ... }
* pf-queue name { ... }
* radius-client name { ... }
* resolver name { ... }
* shared-dir name { ... }
* shared-file name { ... }
* smtp-forwarder name { ... }
* ssl-params name { ... }
sysctl { ... }
use-resolver ... ;
* smtp-proxy name { ... }
ipv6-mode ... ;
All configured email domains must be handled by some SMTP-FORWARDER.
antispam name {
connection ... ;
sock-opt { ... }
altq ... ;
}
antispam section is derived from
antispam section prototype.
For detail description of it, see mod-antispam(5).
antivirus name {
connection ... ;
sock-opt { ... }
timeout ... ;
comm-dir ... ;
altq ... ;
max-checked-size ... ;
icap-pass-200-with-pure-body ... ;
persistent-stream ... ;
clamav-agent { ... }
}
antivirus section is derived from
antivirus section prototype.
For detail description of it, see antivirus(5).
fake-cert name {
key ... ;
auth-ca ... ;
fail-ca ... ;
* extension ... ;
purge ... ;
}
fake-cert section is derived from
fake-cert section prototype.
For detail description of it, see ssl(5).
html-filter name {
* script-tag-language ... ;
replace-head-script-tags ... ;
replace-body-script-tags ... ;
* style-tag-type ... ;
replace-style-tags ... ;
* iframe-tag-src ... ;
replace-iframe-tags ... ;
* intrinsic-language ... ;
* intrinsic-hack ... ;
replace-intrinsic ... ;
* macro-language ... ;
* macro-hack ... ;
replace-macros ... ;
* uri ... ;
replace-uri ... ;
* embed-tag-type ... ;
* embed-src-hack ... ;
* embed-plugin-hack ... ;
replace-head-embed-tags ... ;
replace-body-embed-tags ... ;
* applet ... ;
replace-applets ... ;
* object ... ;
* object-classid-hack ... ;
* object-data-hack ... ;
replace-head-object-tags ... ;
replace-body-object-tags ... ;
* param-tags ... ;
replace-param ... ;
script-end-hack ... ;
}
html-filter section is derived from
html-filter section prototype.
For detail description of it, see mod-html-filter(5).
interface name {
dev ... ;
ipv4 ... ;
ipv6 ... ;
mac ... ;
aggregate ... ;
pike ... ;
vlan ... ;
tunnel ... ;
dhcp-client ... ;
ipv6-rtadv { ... }
* alias name { ... }
* tag ... ;
}
interface section is derived from
interface section prototype.
For detail description of it, see interface(5).
ldap-client-auth name {
server ... ;
ssl { ... }
bindinfo ... ;
kerberos ... ;
users ... ;
groups ... ;
active-directory ... ;
}
ldap-client-auth section is derived from
ldap-client-auth section prototype.
For detail description of it, see ldap(5).
mail-filter name {
stamp-limit ... ;
stamp-filter ... ;
* unflagged-8bit ... ;
* bad-end-of-line ... ;
* invalid-header ... ;
* long-header-lines ... ;
* invalid-chars ... ;
* header-8bit-chars ... ;
* bad-boundary-chars ... ;
* bad-boundary-length ... ;
* long-body-lines ... ;
* long-encoded-lines ... ;
enc-line-len ... ;
* bad-mime-struct ... ;
* invalid-encoding ... ;
treat-rfc822-as-text ... ;
}
mail-filter section is derived from
mail-filter section prototype.
For detail description of it, see mod-mail-doc(5).
oob-auth name {
method ... ;
max-sessions ... ;
max-user ... ;
max-groups ... ;
truncate-groups ... ;
file ... ;
lock ... ;
}
oob-auth section is derived from
oob-auth section prototype.
For detail description of it, see auth(5).
pf-queue name {
parent ... ;
bandwidth ... ;
priority ... ;
qlimit ... ;
cbq { ... }
priq { ... }
hfsc { ... }
}
pf-queue section is derived from
pf-queue section prototype.
For detail description of it, see pf-queue(5).
radius-client name {
nas ... ;
groups ... ;
* server ... ;
}
radius-client section is derived from
radius-client section prototype.
For detail description of it, see radius(5).
resolver name {
* server ... ;
search ... ;
preference ... ;
edns ... ;
conf-timeout ... ;
initial-timeout ... ;
final-timeout ... ;
conn-timeout ... ;
disable-deresolution ... ;
}
resolver section is derived from
resolver section prototype.
For detail description of it, see resolver(5).
shared-dir name {
path ... ;
}
shared-dir section is derived from
shared-dir section prototype.
For detail description of it, see common(5).
shared-file name {
path ... ;
format ... ;
}
shared-file section is derived from
shared-file section prototype.
For detail description of it, see common(5).
smtp-forwarder name {
* server ... ;
agent { ... }
timeouts { ... }
hostname ... ;
size ... ;
source-address ... ;
* domain ... ;
server-ssl ... ;
* server-cert-match ... ;
altq ... ;
}
smtp-forwarder section is derived from
smtp-forwarder section prototype.
For detail description of it, see smtp-proxy(5).
ssl-params name {
versions ... ;
ciphers ... ;
tcp-eof ... ;
id ... ;
* auth-cert ... ;
distrusted-certs ... ;
dont-check-crl ... ;
* crl ... ;
verify-peer ... ;
cache-timeout ... ;
use-ticket ... ;
enable-renegotiation ... ;
fake-cert ... ;
prefer_server_ciphers ... ;
enable-ecdh ... ;
}
ssl-params section is derived from
ssl-params section prototype.
For detail description of it, see ssl(5).
sysctl {
* variable ... ;
portrange-default ... ;
portrange-high ... ;
portrange-low ... ;
portrange-reserved ... ;
somaxconn ... ;
log-in-vain ... ;
blackhole ... ;
}
sysctl section is derived from
sysctl section prototype.
For detail description of it, see sysctl(5).
use-resolver name;Resolver Section Specification.
This item defines name of global (system) resolver section used in particular configuration environment. Namely, it is applicable within SYSTEM section and within any section derived from PROXY prototype. The former usage defines system-wide values, the latter one values valid for particular proxy.
name (type: name of resolver, see resolver(5))smtp-proxy name {
phase ... ;
* tag ... ;
log-debug { ... }
log-stats { ... }
use-resolver ... ;
cfg-resolution ... ;
monitoring { ... }
stats-daily { ... }
stats-weekly { ... }
stats-monthly { ... }
nodaemon ... ;
singleproc ... ;
app-user ... ;
idle-timeout ... ;
run-block-sigalrm ... ;
listen-on { ... }
tcpserver { ... }
doctype-identification { ... }
client-conn { ... }
server-conn { ... }
mail-pool ... ;
quarantine ... ;
postmaster ... ;
hostname ... ;
init-timeout ... ;
bad-commands ... ;
bad-recipients ... ;
dsn-mail-copy ... ;
use-antivirus ... ;
use-antispam ... ;
ssl-session-cache { ... }
grey-listing { ... }
* session-acl name { ... }
* delivery-acl name { ... }
* mail-acl name { ... }
* doc-acl name { ... }
}
smtp-proxy section is derived from
smtp-proxy section prototype.
For detail description of it, see smtp-proxy(5).
ipv6-mode [status];Enabling/Disabling IPv6 Mode.
status (type: enabling, optional, default: enable)configuration(7), smtp-proxy(8), acl(5), antivirus(5), auth(5), common(5), interface(5), ipc(5), ldap(5), listen-on(5), log(5), mod-antispam(5), mod-html-filter(5), mod-mail-doc(5), pf-queue(5), radius(5), resolver(5), smtp-proxy(5), source-address(5), ssl(5), sysctl(5), time(5), host-matching(7)