NAME
makesmtpaccess - Build ESMTP server access file
SYNOPSIS
makesmtpaccess
makesmtpaccess-msa
DESCRIPTION
makesmtpaccess rebuilds the contents of the /etc/courier/smtpaccess.dat
database from the contents of the files in the /etc/courier/smtpaccess
directory. When the esmtpd script starts couriertcpd, the script
specifies /etc/courier/smtpaccess.dat file to control access to the
Courier mail server´s ESMTP daemon. The makesmtpaccess script must be
run before any changes in the /etc/courier/smtpaccess directory take
effect.
The couriertcpd(8)[1] manual page describes the general format of the
access file.
The default Courier mail server configuration uses the same access
file, /etc/courier/smtpaccess.dat for both the regular ESMTP server,
and the message submission server on port 587 (RFC 2476[2]). It is
possible to use different access files. To do so, create a different
access file, edit /etc/courier/esmtpd-msa, and set ACCESSFILE to the
filename of the access file directory (the directory containing the
plain text files, not the .dat file). Then, use makesmtpaccess-msa
instead of makesmtpaccess to build the .dat file.
The smtpaccess configuration file
The couriertcpd(8)[1] manual page describes the generic format of the
access file. The access file specifies what should be done with
connections from defined IP address ranges. The basic choices are to
accept or reject the connection. Also, the generic format of the access
file allows arbitrary environment variables to be set based on the
connection´s remote IP address.
The Courier mail server´s ESMTPD server understands the following
environment variables, which may be set in the access file:
BLOCK
If this variable is set to a non-empty value, all mail will be
rejected for this connection. The contents of the environment
variable will be used as the error message. This is not the same as
the couriertcpd access file setting that immediately drops the
connection. The incoming connection is accepted, but every message
will be rejected.
FAXRELAYCLIENT
Allow the client to send faxes via the courierfax(8)[3] module.
Note
When ESMTP authentication is enabled, a successful
authentication automatically sets FAXRELAYCLIENT.
RELAYCLIENT
Allow the client to relay mail.
Note
When ESMTP authentication is enabled, a successful
authentication automatically sets RELAYCLIENT.
The following options are typically set globally in the esmtpd
configuration file, but may be overriden in the smtpaccess
configuration file:
BOFHCHECKDNS
Do not check the return address´s domain in DNS if this environment
variable is set to 0. The default value of BOFHCHECKDNS is 1.
Note
Turning off the DNS check disables a number of options in the
bofh configuration file. See courier(8)[4] for more
information.
BOFHCHECKHELO
Set this variable to 1 to check the hostname argument to the ESMTP
HELO/EHLO command, as follows:
· A hostname that´s actually an IP address, and is the same as
the connecting ESMTP client´s IP address, is valid.
· Otherwise hostname should be a valid DNS name with MX and/or A
records, with at least one record matching the connecting ESMTP
client´s IP address.
· An ESMTP client with relaying privileges (either due to
RELAYCLIENT explicitly set, or if it succesfully authenticates)
may use anything for an EHLO/HELO. The EHLO/HELO argument
coming from an authenticated/relaying client is not checked.
BOFHNOEXPN
Disable the EXPN command if this environment variable is set to 1.
BOFHNOVRFY
Disable the VRFY command if this environment variable is set to 1.
Other useful environment variables are listed in the submit(8)[5]
manual page.
SEE ALSO
esmtpd(8)[6], couriertcpd(8)[1], submit(8)[5].
NOTES
1. couriertcpd(8)
[set $man.base.url.for.relative.links]/couriertcpd.html
2. RFC 2476
http://www.rfc-editor.org/rfc/rfc2476.txt
3. courierfax(8)
[set $man.base.url.for.relative.links]/courierfax.html
4. courier(8)
[set $man.base.url.for.relative.links]/courier.html
5. submit(8)
[set $man.base.url.for.relative.links]/submit.html
6. esmtpd(8)
[set $man.base.url.for.relative.links]/esmtpd.html