NAME
courier - The Courier mail server
SYNOPSIS
courier {start | stop | restart | flush | flush qid |
clear user@domain | clear all | show all }
DESCRIPTION
The Courier mail server is a modular multi-protocol E-mail transport
agent. The courier command is an administrative command, and most of
its options are only available to the superuser.
"courier start" starts the server by running
/usr/lib/courier/courierctl.start in the background. "courier stop"
immediately stops all the Courier mail server processes and aborts all
current mail deliveries. "courier restart" restarts the Courier mail
server server. A restart is often needed for certain configuration
changes to take effect. "courier restart" waits for all current
deliveries to complete before restarting. This is the "nice" way to
restart the mail server. "courier flush" takes all undelivered messages
in the queue and attempts to deliver them immediately, instead of
waiting until their next scheduled attempted delivery time. "courier
flush" can be optionally followed by a message queue ID in order to
schedule an immediate delivery attempt for only a single message.
Message queue IDs are displayed by the mailq(1)[1] command.
Please note that courier start runs the main Courier mail server
scheduling engine only. It does not start any other daemons that you
may have, such as the ESMTP or the IMAP daemon.
"courier show all" lists all E-mail addresses currently blacklisted for
backscatter. "courier clear user@domain" manually clears <user@domain>
from the backscatter blacklist. "courier clear all" removes all
addresses from the backscatter blacklist. When the Courier mail server
encounters a delivery failure to an E-mail address the Courier mail
server may stop accepting any more messages to the same address in
order to minimize generation of so-called "backscatter bounces". This
does not occur in all cases, see "Backscatter suppresion" in the
Courier mail server´s installation instructions for more information.
The Courier mail server will resume accepting messages to the
blacklisted address if the delivery attempt originally encountered a
temporary failure, and a subsequent retry succesfully delivered the
message, or if more than two hours elapsed since the delivery failure.
Use the "clear" command to manually clear the E-mail address from the
backscatter blacklist. This may be useful if the undeliverable message
is manually removed from the Courier mail server´s mail queue, using
the "cancel" command. Even if the message is cancelled, the Courier
mail server will continue to refuse accepting mail for this address for
up to two hours. The "clear" command can be use to reenable mail
acceptance before then.
CONFIGURATION FILES
The Courier mail server uses several configuration files which are
located in /etc/courier. These configuration files are plain text files
that can be modified with any text editor. In certain instances a
subdirectory is used, and all plain text files in the subdirectory are
concatenated and are considered to be a single, consolidated,
configuration file. Unless otherwise specified, you must run courier
restart for any changes to these files to take effect.
aliasfilteracct
This file contains one line, containing the home directory of the
account that´s used for filtering mail addressed to local alias
lists.
When mail filtering is enabled, local recipients have the ability
to define mail filters which can selectively reject unwanted mail.
/etc/courier/aliases may define local mail aliases that contain one
or more recipients. If it is desired to use local mail filtering
for mail addressed to an alias address, designate a local account
that will be used to specify filtering instructions, and put its
home directory into this control file. The filtering argument will
be "alias-address" where address is the name of the alias. See
localmailfilter(7)[2] for more information.
Due to technical limitations, content filtering is not available
for multiple-recipient aliases.
Changes to this file take effect immediately.
authdaemonrc
This file configures the authdaemond authentication proxy. See
authlib(7)[3] for more information.
authldaprc
This file configures LDAP authentication. See authlib(7)[3] for
more information.
authmysqlrc
This file configures MySQL authentication. See authlib(7)[3] for
more information.
autoresponsesquota
This file sets the systemwide quota on autoreplies, if autoreplies
and mail filtering are enabled. Note that this can only really be
effective if there is no login access to the mail account, since
this autoreply quota can be trivially overriden.
The autoresponsesquota file contains one line: "Cnnn" or "Snnn" (or
both strings, on the same line). Cnnn: allow up to #nnn
autoreplies to be created. Snnn: allow up to #nnn bytes as the
total size of all autoreplies, combined. If both Cnnn and Snnn are
specified, both quotas apply. If this file does not exist, there is
no limit on autoreplies. This quota setting applies systemwide. To
override the quota setting for a particular Maildir, create the
autoresponsesquota file in that Maildir (which takes precedence).
backuprelay
This file contains one line, containing a name of a machine where
mail will be rerouted if it cannot be immediately delivered. Spaces
are not allowed in this file.
Mail gets rerouted if it cannot be delivered after the time
interval specified by the warntime configuration file. When
backuprelay is provided a delayed delivery status notification will
NOT be generated. The message will be rerouted even if the
recipient´s delivery status notification setting does not include a
delayed notification request.
This feature is intended for use by relays that handle large
quantities of mail, where you don´t want to accumulate a large mail
queue for unreachable mail servers. Please note that ALL
undeliverable mail will be rerouted in this fashion. Even if the
recipient of a message is a local recipient - and the recipient´s
mail filter is rejecting the message with a temporary error code -
the message will still be rerouted if it´s undeliverable after the
specified amount of time.
Although currently SMTP is the only meaningful application for this
feature, the Courier mail server is a protocol-independent mail
server, and the backup relay function can be extended to other
protocols, as they become available.
Multiple backup relays can be used by simply assigning multiple IP
addresses to the same machine name. Note that the Courier mail
server checks for both MX and A records for the machine specified
in this configuration file.
It´s important to note that when this setting is specified, warning
messages get turned off for all messages, including messages
addressed to local recipients. If a temporary delivery error
prevents a message from being delivered to a local mailbox, it
remains in the queue until the temporary error condition gets
cleared. Normally, if the message remains in the queue beyond the
warning interval, the warning message gets generated. When this
setting is specified, the warning message gets replaced with a
forward to the backup relay, but this occurs only for messages that
are delivered via SMTP.
batchsize
This file contains one line, containing a single number. This
number specifies the absolute maximum number of recipients for a
single message. If the Courier mail server receives a message with
more recipients, the message is duplicated as often as necessary
until each copy of the message has no more than batchsize
recipients. If batchsize is missing, it defaults to 100 recipients
per message.
bofh
This configuration file configures domain-based junk mail filters.
Lines in this configuration files that begin with the # character
are considered comments, and are ignored. The remaining lines
contain the following directives, in any order:
badfrom user@domain
Reject all mail with the return address of <user@domain>.
badfrom @domain
Reject all mail with the return address of <anything@domain>.
badfrom @.domain
Reject all mail with the return address of
<anything@anything.domain>.
badfrom user@.domain
Reject all mail with the return address of
<user@anything.domain>.
badmx N
Reject all mail with a return address in any mail domain whose
listed mail servers include server "N". "N" is an IP address.
The BOFHCHECKDNS option in the esmtp configuration file must
also be enabled (this is the default setting) in order for this
additional checking to take place. Note that this is "best
effort" check. A DNS failure to look up A records for hostnames
returned in the MX record may hide the blacklisted server from
view.
freemail domain [domain2] [domain3]...
Reject all mail with a return address <anything@domain> unless
the mail is received from a mail relay whose hostname is in the
same domain. "domain2" and "domain3" are optional, and
specifies other domains that the mail relay´s hostname may
belong to. For example: "freemail example.com domain.com"
specifies that mail with a return address @example.com will be
accepted only from a mail relay with a hostname in the
example.com or domain.com domain. Note that this setting
requires that DNS lookup be enabled for incoming ESMTP
connections (which is the default setting).
spamtrap user@domain
Reject all mail that has <user@domain> listed as one of its
recipients.
Note
For local mailboxes, ´domain´ must be set to the contents
of the me configuration file, or the server´s hostname.
Also, this check is made after any alias processing takes
place. Suggested usage: create a single local spamtrap
account, then create aliases in the alias file that point
to the spamtrap account.
maxrcpts N [hard]
Accept the first N recipient addresses per message, maximum.
The remaining recipients are rejected. An optional verbatim
token "hard" specifies that the remaining recipients will
immediately be returned as undeliverable (otherwise the
remaining recipients are rejected as "temporary unavailable",
and may be accepted on a later delivery attempt). If not
specified, the first 100 recipients are accepted.
opt BOFHBADMIME=action
Set default disposition of mail with invalid or corrupted MIME
headers. Possible settings for action are: accept - accept and
pass on the corrupted message, untouched; reject - reject and
return the mail as undeliverable; wrap - "wrap" the message as
an attachment, that must be separately opened (this is the
default action). This setting applies to mail that´s generated
locally, or which is sent from IP addresses that do not have an
explicit BOFHBADMIME setting listed in the smtpaccess
configuration file. smtpaccess can be used to set BOFHBADMIME
for specific sending IP address ranges only. See
makesmtpaccess(8)[4] for more information.
Note
BOFHBADMIME=accept implies MIME=none (see submit(8)[5] for
more information).
opt BOFHCHECKHELO=1
Verify the hostname provided in the ESMTP HELO/EHLO statement.
“opt BOFHCHECKHELO=1” is a global default, which may be
overridden by setting the BOFHCHECKHELO environment variable in
the SMTP access file. See makesmtpaccess(8)[4] for more
information. “opt BOFHCHECKHELO=1” enables ESMTP HELO/EHLO
checking by default, and ESMTP HELO/EHLO checking may be turned
off for individual IP address ranges by setting BOFHCHECKHELO
to 0 using makesmtpaccess(8)[4]. Alternatively, HELO/EHLO
checking may be turned off by default, and enabled for specific
IP address ranges by using makesmtpaccess(8)[4] to set
BOFHCHECKHELO to 1. See makesmtpaccess(8)[4] for more
information.
opt BOFHHEADERLIMIT=n
Reject messages whose headers exceed n bytes in size (minimum
1,000 bytes, default 100,000 bytes).
opt BOFHNOBASE64TEXT=1
Reject messages with base64-encoded text/plain or text/html
content.
opt BOFHSPFHELO=keywords
Use Sender Policy Framework to verify the HELO or EHLO domain
sent by the connecting SMTP client. See Sender Policy Framework
Keywords below for a list of possible keywords.
SPF checking is not used for HELO or EHLO commands that specify
an IP address instead of a domain name.
Note
This setting may be used in combination with opt
BOFHCHECKHELO=1. The BOFHCHECKHELO=1 check is disabled if
SPF verification of the HELO/EHLO results in the SPF status
of “pass”. This makes sense: if the HELO/EHLO domains
complies with the domain´s SPF, it is not necessary to
check it further.
opt BOFHSPFMAILFROM=keywords
Use Sender Policy Framework to verify the return address in the
MAIL FROM command sent by the connecting SMTP client. See
Sender Policy Framework Keywords below for a list of possible
keywords.
Note
No SPF checking is done for if the MAIL FROM command
specifies an empty return address (a bounce). There´s
nothing to check.
opt BOFHSPFFROM=keywords
Use Sender Policy Framework to verify the return address in the
From: header. See Sender Policy Framework Keywords below for
important information, and a list of possible keywords.
opt BOFHSPFHARDERROR=keywords
This setting lists the unacceptable SPF results that should
result in a permanent error. All other unacceptable SPF results
are kicked back with a temporary error indication, inviting the
sender to try again later.
The default setting for BOFHSPFHARDERROR is fail,softfail.
opt BOFHSPFTRUSTME=1
Disable all SPF checks for any connecting client that has
relaying privileges (RELAYCLIENT is explicitly set, or
inherited after a successful SMTP authentication).
opt BOFHSPFNOVERBOSE=1
This setting disables custom SPF rejection messages. Any SPF
rejection message specified by the SPF policy is replaced by a
stock, bland message. The author of this SPF implementation
believes that there´s a minor security issue with letting an
external site control the error messages issued by your mail
server. The same author does not believe that this is such a
big deal, but security-sensitive minds may choose to enable
this setting, and sleep easy at night.
opt BOFHSUPPRESSBACKSCATTER=list
This is one of the two settings that controls which messages
are subject to backscatter suppression. The other setting,
ESMTP_BLOCKBACKSCATTER is set in the courierd configuration
file, which contains further documentation.
“list” is a comma-separated list of message sources. The
possible message sources are:
authsmtp
Messages received via SMTP from clients with relaying
privileges (authenticated SMTP, or IP addresses that always
have relaying privileges.
smtp
All other messages received via SMTP.
none
Do not suppress backscatter messages from any source.
The default setting is “opt BOFHSUPPRESSBACKSCATTER=smtp”. The
other possible values are “opt
BOFHSUPPRESSBACKSCATTER=smtp,authsmtp” (which suppresses
backscatter from all SMTP mail), and “opt
BOFHSUPPRESSBACKSCATTER=none”.
calendarmode
This configuration file enables basic calendaring features in the
webmail server. Calendaring is currently considered experimental in
nature, and the current implementation provides basic calendaring
services. If this file does not exist, calendaring options are
disabled. If this file exists it should contain a single word:
"local". For example:
echo "local" >/etc/courier/calendarmode
This configuration file must be globally readable, so make sure
that your umask is not set too tight.
courierd
This configuration file specifies several parameters relating to
general the Courier mail server configuration. A default
configuration file will be installed, and you should consult its
contents for additional information.
defaultdomain
This file contains one line whose contents is a valid mail domain.
Most header rewriting functions will append @defaultdomain to all
E-mail addresses that do not specify a domain. If defaultdomain is
missing, the Courier mail server uses the contents of the me
control file.
When the ESMTP server receives a “RCPT TO” command containing the
address <user@[ip.address]>, and the IP address is the same as the
IP address of the socket it´s listening on, the ESMTP server
replaces the IP address with the contents of the defaultdomain
control file. If defaultdomain is missing, the Courier mail server
uses the contents of the me control file.
The contents of defaultdomain are also appended to return addresses
to mail sent from the Courier mail server´s webmail server, if they
don´t already have a domain. If defaultdomain does not exist, the
Courier mail server´s webmail server obtain the machine hostname,
and uses that.
Note
The mail domain in defaultdomain must be one of the local
domains, as defined by the locals and the hosteddomains control
files.
dotextension
This file contains one line whose contents specify the name of
dot-files in users´ home directories which contain delivery
instructions. If this file does not exist, the Courier mail server
reads $HOME/.courier, $HOME/.courier-foo, $HOME/.courier-default,
and so on. If this file contains the text "qmail", the Courier mail
server will instead read $HOME/.qmail, $HOME/.qmail-foo,
$HOME/.qmail-default, and so on.
dsnfrom
This file contains one line specifying the contents of the From:
header that the Courier mail server puts in all delivery status
notifications. This file specifies a complete header, except for
the "From: " part. If dsnfrom is missing, then the Courier mail
server uses the following header: "Courier mail server mail server
at me" <@>
dsnlimit
Maximum size, in bytes, of a message whose contents are included in
delivery status notifications. By default, the entire message is
only included in non-delivery notices (failures). Only the headers
will be returned for delay notifications (warnings) and return
receipts; or for failures if the original message is larger than
dsnlimit. If missing, dsnlimit is set to 32K.
The sender can request that the entire message be returned even on
delayed notices or return receipts, however the Courier mail server
will ignore this request if the message size exceeds this limit.
enablefiltering
This configuration file enables the global mail filtering API for
selected mail sources. This file, if it exists, contains a single
line of text that specifies which kind of mail will be filtered.
The possible values are:
esmtp
Enables global mail filtering for mail received via ESMTP.
local
Specifies that mail received from logged on users, via
sendmail, and mail forwarded from dot-courier(5)[6] will be
filtered using the global mail filtering API.
uucp
Specifies that mail received from UUCP will be filtered.
If you want to specify more than one source of mail, such as ESMTP
and local mail, specify both esmtp and local, separated by a space
character.
Note
The global mail filtering API is described, in detail, in the
courierfilter(8)[7] manual page. This is NOT the traditional
user-controlled mail filtering, such as maildrop(1)[8]. A
global mail filter is a daemon process that selectively accepts
or rejects incoming mail, based on arbitrary criteria.
esmtpacceptmailfor
This file lists all domains that the Courier mail server accepts
mail for via ESMTP. This file is in the same format as the locals
file. If this file is missing, the Courier mail server uses the
single domain specified in me (or the system machine name).
esmtpacceptmailfor.dat
This is a binary database file that lists additional domains that
the Courier mail server accepts mail for, just like
esmtpacceptmailfor. A binary database file will be faster than a
flat text file when the number of domains is large. The Courier
mail server will accept mail for domains listed in either
esmtpacceptmailfor or esmtpacceptmailfor.dat.
esmtpacceptmailfor.dat is created by the makeacceptmailfor command.
You can use both esmtpacceptmailfor.dat and esmtpacceptmailfor at
the same time. Put your most popular domains in esmtpacceptmailfor,
and put the rest of them into esmtpacceptmailfor.dat.
esmtpauthclient
This configuration file configures ESMTP authentication for the
ESMTP client. This is a text file of zero or more lines that
contain the following fields:
relay userid password
When the Courier mail server connects to a remote ESMTP relay, the
Courier mail server will authenticate itself using userid and
password. These fields are separated by one or more whitespace
characters. Because this file contains passwords, it must not be
world or group readable, and owned by the user "daemon".
ESMTP negotiation will take place, and the Courier mail server will
use a SASL authentication method supported by both the Courier mail
server and the remote ESMTP server. Currently the Courier mail
server supports PLAIN, LOGIN and CRAM-MD5 authentication. CRAM-MD5
is preferred over the other two, and PLAIN is preferred over LOGIN.
The Courier mail server also supports ESMTP over SSL (the ESMTP
STARTTLS extension). If ESMTP STARTTLS is enabled, STARTTLS will be
used to establish a secure link first. The authentication will take
place afterwards, over a secure channel.
Changes to this file take effect, more or less, immediately
(existing connections are not affected, but new connections will
read the updated data).
esmtpd
This file is used to initialize the environment and parameters for
courieresmtpd. A default file will be provided during installation.
See the comments in the file for more information. For changes to
this file to take effect you run the esmtpd stop command followed
by esmtpd start.
esmtpdelay
This file contains one line of text that specifies how long
courieresmtp waits after a failure to contact the remote mail
server before another attempt is made. courieresmtp (not to be
confused with courieresmtpd) delivers outgoing mail to remote mail
servers. The timeout is specified as an integral number, optionally
followed by m - minutes, or h - hours. Otherwise it is specified in
seconds.
The courieresmtp process delivers mail that´s routed to external
mail relays, via ESMTP. When attempting to initally contact a mail
server courieresmtp waits for the amount of time specified by
esmtptimeoutconnect (see below). esmtptimeoutconnect is usually
set to a relatively long period of time, in order to accomodate
slow mail servers. A large number of messages queued up for an
unreachable mail server can tie up delivery slots that can be put
to a better use by reassigning them for mail to another domain.
Although the Courier mail server does not usually assign all
delivery slots for messages to the same domain (this is a tuneable
parameter), it is still not very healthy to have a bunch of
courieresmtp daemons spinning their wheels, doing nothing.
The situation worsens when there is a large number of mail relays
that accept mail for the same domain, and all of them are
unreachable due to a network failure. That´s because the
esmtptimeout waiting period is used for each individual mail relay.
Multiply esmtptimeout by the number of servers to see how large the
delay really will be.
esmtpdelay is implemented internally in the courieresmtp module.
The main the Courier mail server scheduling daemon is not aware of
what´s happening internally in courieresmtp. When courieresmtp
fails to contact any mail relay for the domain, the message is
postponed, and the esmtpdelay timer is set. Any additional messages
received by the same courieresmtp daemon (for the same domain), are
immediately postponed without any attempt to contact a remote mail
relay. When the amount of time set by esmtpdelay expires,
courieresmtp will attempt to make another delivery attempt as
usual.
If esmtpdelay does not exist, the default delay is five minutes.
Any messages that are postponed look like any other temporary
failure to courierd. Delivery attempts are rescheduled as if a real
temporary failure took place. Therefore it does not make sense to
set esmtpdelay to be greater than retryalpha (see below). When
retryalpha is smaller is esmtpdelay, you´ll just messages spinning
through the mail queue, with useless delivery attempts being
attempted because esmtpdelay still hasn´t expired.
Occasionally you might observe somewhat strange behavior on systems
with heavy mail traffic. esmtpdelay applies separately to each
individual instance of courieresmtp. When a remote mail server
keeps going up and down, it is possible to end up with multiple
courieresmtp daemons handling mail for the same domain, but only
some of them will encounter a network failure, purely by the luck
of the draw. The remaining daemons will be able to establish a
connection. So you´ll end up with some courieresmtp daemons being
able to deliver mail immediately, while the rest are still waiting
patiently for esmtpdelay to expire, postponing all messages in the
meantime. Some messages - but not all - will be immediately
postponed without a delivery attempt, becauses they ended up
getting to a daemon which is waiting for esmtpdelay to expire.
Another anomalous situation may happen when a courieresmtp daemon
gets reassigned to another domain, and then receives more mail for
the previous domain. This can happen when you have a lot of mail
going through. Although the Courier mail server tries to shuffle
all mail for same domain into one pile, the scheduler still tries
to dispatch mail on "first-come, first-serve" basis, as much as
possible. When that happens another delivery attempt will be made
immediately, because the previous esmtpdelay was cancelled when the
daemon got reassigned to another domain.
There can also be occasional abnormalities that affect systems with
light traffic. When there is a domain with several mail relays of
equal priority, one mail relay is chosen at random for the
connection attempt. If some of the equal-priority mail relays are
unreachable and a courieresmtp daemon picks it, it will start the
esmtpdelay timer and refuse to deliver any more mail until it
expires, even if most of the mail servers are functional. This will
happen only with mail relays of the lowest priority. Otherwise,
courieresmtp will always try to contact another mail relay of a
still lower priority, before giving up and setting the esmtpdelay
timer. Another courieresmtp daemon will not be started for the same
domain if there´s already an existing one, so all delivery attempts
will be turned away until esmtpdelay expires. Another courieresmtp
daemon will be started only in the event of multiple simultaneous
delivery attempts that happen to coincide at the same time.
This is somewhat mitigated by the fact that all courieresmtp
daemons are killed after a short period of total inactivity
(currently one minute), so that longer intervals specified by
esmtpdelay are ignored. Note, however, that receiving a message to
deliver, and then postponing it immediately, does count as some
activity.
esmtpdelay can be turned off by setting it to 0 seconds.
esmtpdelay is designed for servers that handle heavy amount of mail
that wish to avoid having outbound delivery slots tied up due to
network failures, at an expense of an occasional anomalous behavior
due to harmless paranoia. esmtpdelay may prove to actually make
things worse for systems that carry only light mail traffic, if
they are burdened with a task of exchanging mail primarily with
external systems that are not properly maintained.
esmtpgreeting
The complete greeting banner displayed by courieresmtpd. Changes to
this file take effect immediately.
esmtphelo
This file contains one line of text, what the Courier mail server
calls itself in the EHLO or HELO command sent to a remote SMTP
server. me is used if this file does not exist.
esmtphelo may also be set to a special value of “*”:
echo ´*´ >esmtphelo
(Note the single quotes, to prevent “*” from being expanded by the
shell). The Courier mail server will take the IP address of the
local side of the connection to the remote SMTP server, look up the
IP address in DNS, and use the hostname from the reverse DNS
lookup. This might be useful when the Courier mail server server is
multihomed. The Courier mail server will look up the local IP
address of each individual connection, and use that in its EHLO or
HELO command.
Note
Functioning DNS is required. Using the hosts file, or an
equivalent, won´t work. This function uses the Courier mail
server´s native DNS resolver, which reads /etc/resolv.conf and
queries the listed DNS servers directly.
esmtproutes
This file is used by the ESMTP module, and it contains one or more
lines in the following form:
domain:relay[,port][/SECURITY=STARTTLS][/SECURITY=NONE]
domain is any SMTP domain. relay specifies a fixed mail relay for
this domain. relay is optionally followed by a comma and a port
number, to specify a port other than the default port 25. If an
address´s domain is not found in esmtproutes, the Courier mail
server looks for MX and A records as usual (and always delivers to
port 25). If the domain is found in esmtproutes, however, any MX or
A records for the domain are ignored; instead the Courier mail
server delivers the message to the specified relay.
relay can be another domain, or an explicit IP address inside
brackets. For example, if esmtproutes contains the following:
example.com: relay.domain.com
domain.com: [192.168.0.2]
Mail for example.com is delivered to relay.domain.com, ignoring any
MX records for example.com. Mail for domain.com will be delivered
to the machine at IP address 192.168.0.2. All other domains will
have their MX and A records looked up.
Note
Unlike Qmail, the Courier mail server looks up MX and A records
for relay.example.com (Qmail only looks up A records).
esmtproutes may contain comments, any line that starts with the #
character is ignored. Also, wildcards are allowed:
.example.com: [192.168.0.3],26
This specifies that any address of the form
<anything@anything.example.com> will be delivered to the mail
server at this IP address, but on port 26.
esmtproutes is read from top to bottom, stopping as soon as a first
match is found.
domain may be empty, this specifies a smarthost for all domains.
For example, if esmtproutes contains the following text:
example.com: relay.example.com
:[192.168.0.4]
This specifies that all mail to example.com is rerouted to
relay.example.com. All other mail is routed to the IP address
192.168.0.4.
If relay is empty, the Courier mail server interprets it as an
explicit directive to use MX and A records from DNS. For example:
example.com:
:[192.168.0.4]
This uses MX and A records for all messages to example.com. All
other mail is rerouted to the IP address 192.168.0.4.
The optional /SECURITY=STARTTLS flag indicates that mail to this
domain should be automatically upgraded to use the SECURITY ESMTP
extension. See the Courier mail server installation notes for a
description of SECURITY, what it does, and how to configure it.
The /SECURITY=NONE flag prevents the Courier mail server from using
the STARTTLS ESMTP extension even if the remote server claims to
support it. Use this flag to deliver mail to misconfigured
Microsoft Exchange relays that claim to support STARTTLS, but
always report a failure to a STARTTLS request.
Changes to this file take effect immediately, more or less.
Existing courieresmtp processes that already have an established
connection will ignore any changes.
esmtptimeout
This file contains one line of text that specifies the timeout for
an SMTP command. The timeout is specified as an integral number,
optionally followed by m - minutes, or h - hours. Otherwise it is
specified in seconds. This timeout is used for all SMTP commands,
unless the SMTP command has a dedicated timeout defined by a
different configuration file. The default timeout is ten minutes.
esmtptimeoutconnect
This file contains one line of text that specifies the timeout for
an SMTP connection attempt. Most TCP/IP stacks wait an
extraordinary long period of time for SMTP connections to go
through. This configuration setting limits the amount of time the
Courier mail server waits for the SMTP connection to complete. The
default timeout is one minute. Set esmtptimeoutconnect to 0 in
order to use whatever default timeout your TCP/IP stack uses.
esmtptimeoutdata
This file contains one line of text that specifies the timeout for
transferring the message contents or individual replies. The
default timeout is five minutes. You WILL HAVE TO bump this up if
you´re on a slow link, and you want to send large messages. A
28.8Kbps link can be optimistically expected to push 3,000 bytes
per second. With a five minute cutoff, you will not be able to send
or receive anything larger than about 870 Kb. You have no business
sending or receiving 870 Kb messagesl, if all you have is an analog
28.8Kbps connection.
esmtptimeouthelo
This file contains one line of text that specifies the timeout for
the initial EHLO or HELO command. The Courier mail server will wait
this amount of time to receive the initial greeting banner from the
remote SMTP server, and a response to the subsequent EHLO/HELO
command. The default value is 5 minutes.
esmtptimeoutkeepalive
This file contains one line of text that specifies how often
outbound SMTP sessions are kept idle after delivering a message.
After the Courier mail server connects to an SMTP server and
completes the attempt to deliver the message, the SMTP session is
kept idle for this time interval before being shut down. If the
Courier mail server receives another message for the same domain,
it will be delivered using the existing SMTP session, instead of
establishing a new one. Note that some SMTP servers have a very
short idle timeout, Qmail´s is only two minutes. The default value
is 60 seconds.
Note that there´s also a separate limit to the maximum number of
simultaneous SMTP sessions to the same domain. That limit is
currently four, which is adequate for nearly every situation, so
for now it will be set by an undocumented configuration file.
esmtptimeoutkeepaliveping
This file contains one line of text that specifies how often the
Courier mail server will issue a useless RSET command when the
connection is idle (see esmtptimeoutkeepalive). While waiting for
any more messages to deliver to the same domain, or for the
esmtptimeoutkeepalive interval to expire, courieresmtp will
transmit RSET commands at regular intervals specified by this
configuration file. The default value is 0 seconds, which turns off
the keepalive ping altogether. This configuration settings must be
for a shorter time interval than esmtptimeoutkeepalive for it to
make any sense. Note that other system administrators may consider
this to be a very rude thing to do. Also keep in mind that this may
generate quite a bit of idle traffic. If you have the Courier mail
server configured for a maximum number of 200 outbound SMTP
sessions and a 30 second esmtptimeoutkeepaliveping setting, then
you can have as much as an average of around seven pings every
second!
esmtptimeoutquit
This file contains one line of text that specifies how long the
Courier mail server waits for the external SMTP server to
acknowledge the QUIT command, before the Courier mail server
unilaterally tears down the connection. The default value is 10
seconds. This must be a small value because the Courier mail server
needs to be able to shut down quickly, on very short notice.
faxqueuetime
This file specifies how long the Courier mail server normally tries
to repeatedly resend a fax message (if the courierfax module is
enabled). The default E-mail message retry timeout (the queuetime
setting) is one week, which is a reasonable timeout value for
E-mail messages (taking into account downed circuits, or crashed
servers). However, it doesn´t make sense to keep trying to
redeliver fax messages for a whole week.
faxqueuetime specifies the timeout for fax messages. This time
interval is specified in the same way as queuetime (see queuetime
for more information).
faxnotifyrc
This file specifies which mailbox the Courier mail server should
deliver received faxes (if this option is enabled). See the Courier
mail server´s installation notes for more information.
faxrc
This file configures the Courier mail server´s outbound faxing and
dialing parameters. Consult the comments in the default file for
additional information, and the courierfax(8)[9] manual page for
more information.
hosteddomains
This file lists locally-hosted domains. It is very similar in
function to the locals control file. Any address with a domain
listed in hosteddomains is considered to be a local address. The
difference between hosteddomains and locals is that domains listed
in hosteddomains are not removed from individual addresses before
looking up the location of their mailboxes. For example, if the
domain "example.com" appears in locals, the address
user@example.com will have example.com removed, and then the
Courier mail server will look for a local mailbox named "user".
If the domain "example.com" appears in hosteddomains instead, the
Courier mail server will look for a local mailbox named
"user@example.com" instead.
The contents of the hosteddomains configuration file is a list of
domains, one per line, in lowercase. You must run the
makehosteddomains command for any changes to take effect.
Additionally, hosteddomains can specify simple domain aliases. See
the complete description in the makehosteddomains(8)[10] manual
page.
ldapaddressbook
This file is used by the webmail server. It contain a default
systemwide list of accessible LDAP address books. A default file
will be installed, listing some common Internet address books. Each
line in this file contains the following information:
name<tab>host<tab>port<tab>suffix<tab>binddn<tab>bindpw
"<tab>" is the ASCII tab character. “name” is the unique name for
this LDAP server. “host” and “port” specify the connection
parameters. “suffix” specifies the root LDAP entry whose subtree
gets searched. The “binddn” and “bindpw” fields are not presently
used (they were used in earlier version of the webmail server,
before the LDAP search interface was rewritten and simplified).
ldapaliasrc
This file is used by the courierldapaliasd process. See
courierldapaliasd(8)[11] for more information.
locallowercase
If this file exists, the Courier mail server will not distinguish
being lowercase and uppercase local accounts, so that
john@example.com and John@example.com will refer to the same local
mailbox (where example.com is your domain). Postmaster,
postmaster, and POSTMASTER always refer to the same account, even
if locallowercase does not exist.
Note
If locallowercase exists you cannot have any system accounts
that contain uppercase letters. locallowercase applies only to
local mail. Mail addressed to external domains will always have
the case of the addresses preserved.
locals
This file contains one or more lines of text, where each line
contains a valid mail domain. Any E-mail address without @domain,
or with a domain that can be found in locals will be considered to
be an address of a local mailbox. A domain can be specified with a
leading dot:
.domain.com
This is called a "wildcard". Any domain ending in domain.com, such
as a.domain.com, b.domain.com, a.b.c.domain.com - but NOT
somedomain.com - will be considered local. Note that domain.com is
NOT included in this wildcard. Both "domain.com" and ".domain.com"
should be listed.
Specific hosts can be excluded from the wildcard. Example:
!host.domain.com
.domain.com
anything.domain.com is considered to be a local domain, except for
host.domain.com. Note that "!host.domain.com" must appear in locals
before the .domain.com wildcard.
The "!hostname" syntax is also valid in the esmtpacceptmailfor
control file.
If locals does not exist, the Courier mail server uses the contents
of the me control file (note that me specifies only one domain,
second and subsequent lines are ignored). Also, see hosteddomains.
localtimeout
This file specifies the watchdog timer for local mail deliveries.
If a local mail delivery attempt does not complete in the
proscribed time interval, the delivering process ID is killed. The
time interval in localtimeout is specified in the same way as
queuetime (see queuetime for more information).
logindomainlist
If this file exists then the webmail login screen will have a
drop-down list whose contents will be read from this file. This
file should contain a list of E-mail domains, one per line. It
should be created if the Courier mail server´s webmail server is
used to provide mail access for more than one domain. Instead of
typing "user@domain" to log in, it will only be necessary to enter
"user", and select the domain from the drop-down list. If this file
does not exist it will be necessary to enter the full E-mail
address into the webmail login screen. The enhanced
logindomainlist makes it possible to specify a separate list of
domain for each virtual web site, and more control over the
defaults.
What if you don´t want to display a drop down menu? Administrators
can now specify records that generate a hidden field in login.html,
or an editable text field, allowing sqwebmail to show only one mail
login domain to each user per access URL or IP address. This
functionality can greatly reduce confusion for first time webmail
users, and greatly speed the login process for frequent webmail
users.
Finally, the new logindomainlist file offers a new tool to ease
maintenance. Administrators can now use wildcards to "rewrite" the
domain portion of the access URL to the mail domain equivalent. For
example, the following record can rewrite the URL "mail.*.com" to
the mail domain "*.com"
*.com:mail.*.com:@
This powerful wildcard functionality can ease the login process for
most of your server´s mail domains with just one or two
logindomainlist records.
File Format
Let´s take a look at the NEW logindomainlist file format:
firstfield:secondfield:thirdfield
Above, we can see that the new logindomainlist records are made
up of three fields delimited by colons. But what does each
field do?
First Field - the first field contains the "mail domain" for
which we would like the user to log in under. The mail domain
is the part of an email address after the @ symbol. For
example, in the email address "user@domain.com", "domain.com"
is the mail domain.
Second Field - the second field contains the "access domain".
The access domain contains an URL or IP address that is used to
figure out which mail domain to use by default. For example, in
the following logindomainlist record:
domain1.com:domain2.com
"domain2.com" is the "access domain" and "domain1.com" is the
"mail domain". If the user logs into the following URL:
http://domain2.com/cgi-bin/sqwebmail
His default "mail domain" will be "domain1.com".
Third Field - the third field may contain a modifier. The
modifier may be either a single character modifier, or a group
identification string. The single character modifiers and the
group modifier are described in detail below.
Finally, the logindomainlist file may also contain comments and
empty lines. Empty lines can be used to group records visually,
and comments can be used to explain why a certain record or
group of records look the way they do.
If the first character of a line is a ´#´, then the entire line
is considered a comment and is ignored. If the first character
of a line contains whitespace, the entire line is assumed to be
an empty line and is ignored.
Modifiers
@ - the ´@´ modifier can be used to create a hidden field on
the login.html page which contains the default mail domain. In
addition, this field will automatically display the default
mail domain in plain text to the right of the userid text box.
Note
The ´@´ modifier ALLOWS the use of wildcards to automate
the relationship between "access domains" and "mail
domains". See the heading "Wildcards" below for more
information about wildcarding.
- - the ´-´ modifier can be used to create an editable text
field on the login.html page which contains the default mail
domain.
Note
The ´-´ modifier ALLOWS the use of wildcards to automate
the relationship between "access domains" and "mail
domains". See the heading "Wildcards" below for more
information about wildcarding.
group string - If no modifier is specified in the third field,
or if the third field modifier is a group identifier string,
then a drop down menu will be displayed on the login.html page.
Records with the SAME group string will be displayed together
in the drop down. For example, if your logindomainlist file
contains the following records:
domain1.com:domain2.com:firstgroup
domain3.com:domain4.com:firstgroup
domain5.com:domain6.com:firstgroup
domain7.com:domain8.com:secondgroup
domain9.com:domain10.com:secondgroup
And the user logs into sqwebmail with the following URL:
http://domain4.com/cgi-bin/sqwebmail
He will see a drop down containing ONLY the following domains:
domain1.com
domain3.com
domain5.com
"domain3.com" will be automatically selected, or defaulted.
Only the records in the firstgroup will be visible to the user.
This functionality is great for organizations with more than
one mail domain.
Note
The group string modifier does NOT allow the use of
wildcards to automate the relationship between "access
domains" and "mail domains". This is because drop down
menus are fundamentally incompatible with wildcards.
Wildcards
If a record´s modifier allows wildcarding (See "Modifiers"
above for information about which modifiers allow wildcarding
and which do not.) then the first and second fields of that
record _MAY_ contain wildcards. Wildcards match against the
HTTP_HOST CGI environment variable only. IP addresses can NOT
be used if either the first or second fields contain the
wildcard character. However, if neither the first nor second
fields contain the wildcard character, then the second field
can contain an IP address.
In the logindomainlist file, an asterisk (*) character in
either the first and/or second field represents a wildcard. Any
asterisk in the second field will be used to match an access
domain. If an asterisk exists in the first field then any
characters which the asterisk in the second field represents
will replace the asterisk in the first field when sqwebmail
determines the default mail domain. However, asterisks are not
required in either the first or second fields. They are totally
optional. For example, given the following logindomainlist
record:
*.com:mail.*.com:@
If the user logs into sqwebmail with the following URL:
http://mail.mydomain.com/cgi-bin/sqwebmail
The asterisk in the second field will represent the string
"mydomain". This string will then replace the asterisk in the
first field to give the following default mail domain:
mydomain.com
Similarly, if the following record exists in the
logindomainlist file:
*:*:@
Then ANY URL the user uses to access sqwebmail will be
automatically used for the default mail domain.
But the first field doesn´t _HAVE_ to contain an asterisk. The
following will work just fine:
mydomain.com:mydomain.*:@
The above example will allow the user to access the
"mydomain.com" mail domain from any of the following URLs:
"mydomain.org", "mydomain.net", "mydomain.us", etc...
And finally, the first field doesn´t have to contain anything
at all! If the first field is empty, that record will serve as
an explicit no-default mail domain. No default mail domain will
be specified if the second field matches the user´s login URL.
This is useful because the logindomainlist is searched from the
top down. Any wildcard records at the bottom of the list will
be overridden by records closer to the top. An "explicit
no-default" record can be used to specify certain domains as
"system account" domains so that no default mail domain is
specified.
maildirfilterconfig
This file, if exists, sets the global defaults for mail filtering
in the webmail server. Mail filtering in the webmail server is a
subject worthy of special mention. A full description of how to
install and configure webmail-based mail filtering is included in
the installation notes for the Courier mail server. Refer to the
installlation instructions for additional information.
maildirshared
This file, if exists, specifies the location of shared maildirs for
the webmail and IMAP server. Normally, each mailbox must be
separately configured to access every shared maildir, by the
maildirmake(1)[12] command. This file allows shared maildirs to be
set globally for everyone. Everyone´s webmail and IMAP server will
pick up the shared maildirs specified in this file. See
maildirmake(1)[12] for more information.
maildrop
This file contains one line whose contents is a pathname to the
maildrop(1)[8] mail delivery agent. If the Courier mail server
knows that the delivery agent used to delivery mail locally is
maildrop(1)[8] then certain delivery optimizations are possible.
This configuration file does NOT actually specify that
maildrop(1)[8] should be used as a local mail delivery agent, it
only specifies where maildrop(1)[8] is installed. The default local
mail delivery instructions are specified in the courierd
configuration file. If the specified delivery instruction specify
running an external program whose pathname matches the one
specified by this configuration file, the Courier mail server
assumes that it´s maildrop(1)[8], and will use maildrop-specific
options to optimize mail delivery.
This configuration file is initialized, by default, to point to the
version of maildrop(1)[8] that´s integrated with the Courier mail
server. The integrated version of maildrop(1)[8] is configured
slightly differently than the standalone version of maildrop(1)[8].
Although you can set the maildrop configuration file to point to
some other version of the maildrop mail filter, you MUST set the
maildropfilter configuration file (see below), to point to the
integrated version of maildrop.
maildropfilter
This file contains one line whose contents is a pathname to the
maildrop(1)[8] mail delivery filter. In addition to being a
delivery agent, maildrop can also be used as a mail filtering
engine. If this file exists, the Courier mail server will be
capable of invoking recipient-specified mail filters when a message
is received. If the mail filtering rules reject the message, the
Courier mail server will not accept the message for delivery. This
means that when receiving mail via ESMTP, the Courier mail server
will reject the ESMTP transaction without even accepting the
message from the remote mail server.
This file is not installed by default. To activate mail filtering
for local recipients, simply copy the contents of the maildrop
configuration file to maildropfilter.
maildroprc
This file contains systemwide mail filtering instructions for
maildrop(1)[8] deliveries. This configuration file is optional, and
is used by maildrop(1)[8] when it is invoked as a traditional
post-delivery mail filter. See maildropfilter(6)[13] for more
information.
me
This file contains one line whose contents is a valid machine name.
When a single installation of the Courier mail server is shared
over a network, each machine that´s running the Courier mail server
must have a unique me file. If me is missing, The Courier mail
server uses the result of the gethostname() system call.
Warning
If you change the contents of this configuration file, you must
run the makealiases command again, else your mail will promptly
begin to bounce. If you don´t have this configuration file
defined, and you change the system´s network host name, you
also must run makealiases.
msgidhost
If a message does not have a Message-ID: header, the Courier mail
server may decide to create one. The host portion of the new header
will be set to the contents of msgidhost, which contains one line
of text. If msgidhost does not exist, me will be used in its place.
Changes to this file take effect immediately.
nochangingfrom
The Courier mail server´s webmail server lets the contents of the
From: header be set for mailed messages. If this configuration file
exists, the ability to set the contents of the From: header is
disabled.
queuelo, queuehi, queuefill
These configuration settings tune the Courier mail server´s mail
queue processing. The Courier mail server does not load the entire
mail queue metadata in memory. queuelo contains a number that
specifies the queue “low watermark” message count. queuehi
contains a number that specifies the queue “high watermark” message
count. queuefill specifies a time interval, “queue refill” in
seconds. The number in queuefill may optionally be followed by "m",
indicating that the queue refill is specified in minutes.
queuehi specifies the maximum number of messages that are loaded
into memory. The Courier mail server reads the mail queue on disk
until either it reads all of it, or it reads the number of messages
specified by queuehi. As messages are delivered they are removed
from the memory and disk. Messages that are deferred for another
delivery attempt are removed from memory, but kept on the disk.
When the number of messages in memory falls below queuelo, The
Courier mail server goes back to disk and attempts to fill the
memory queue to the top, again.
This is, basically, a capsule summary of the mail queue processing
logic. Many small, low level details are omitted; this is just an
executive overview. When new messages arrive during a large mail
backlog, the new messages are also loaded into the memory queue, if
there´s room for them. Therefore, during a large mail backlog the
Courier mail server simultaneously tries to clear the existing
backlog, and process any new mail at the same time. Up to the
Courier mail server 0.41, all of this generally translates to the
Courier mail server giving priority to newly arrived mail, and
processing the backed up mail queue if spare resources are
available.
The queuefill setting was added in the Courier mail server 0.42, in
an attempt to keep new mail from excessively delaying existing mail
during a major queue backup. queuefill specifies a time interval.
When the Courier mail server completely fills the memory queue it
sets a timer. After the interval given by queuefill The Courier
mail server will go back and re-fill the mail queue even if the
number of messages did not fall below the low watermark. If the
Courier mail server finds older messages in the mail queue they
will be pushed to the top of the scheduling queue, and given
priority.
Smaller queuefill time intervals means more frequent trips to the
disk, and more overhead. But, in exchange for that, during a mail
backlog the Courier mail server will spend more time handling a
greater number of delayed messages. Larger queuefill time intervals
means less frequent trips to the disk, and less overhead, in
exchange for less "fairness" during large mail backlogs.
queuefill defaults to five minutes, if not specified. Explicitly
setting it to 0 seconds turns off the queue re-filling completely,
essentially reverting to pre-0.42 behavior. The default queuelo and
queuehi values are computed at run time. queuelo defaults to the
larger of 200, and the sum total of configured mail delivery slots,
both local and remote. queuehi, if not explicitly set, defaults to
the smaller of twice the queuelo, or queuelo plus 1000.
queuetime
This file specifies how long the Courier mail server normally tries
to repeatedly deliver a message, before giving up and returning it
as undeliverable. Messages are immediately returned as
undeliverable when a permanent failure is encountered (such as the
recipient address not being valid). Attempts to deliver the message
when there´s a temporary, transient, error (such as the network
being down) will be repeatedly made for the duration of time
specified by this configuration file. This file contains a number
followed by the letter ´w´ for weeks, or ´d´ for days. It is also
possible to use ´h´ for hours, ´m´ for minutes, or ´s´ for seconds.
Only integers are allowed, fractions are prohibited. However, you
can use ´1w2d´ to specify one week and two days. If queuetime is
missing, the Courier mail server makes repeated delivery attempts
for one week.
retryalpha, retrybeta, retrygamma, retrydelta
These control files specify the schedule with which the Courier
mail server tries to deliver each message that has a temporary,
transient, delivery failure. retryalpha and retrygamma contain a
time interval, specified in the same way as queuetime. retrybeta
and retrymaxdelta contain small integral numbers only.
The Courier mail server will first make retrybeta delivery
attempts, waiting for the time interval specified by retryalpha
between each attempt. Then, the Courier mail server waits for the
amount of time specified by retrygamma, then the Courier mail
server will make another retrybeta delivery attempts, retryalpha
amount of time apart. If still undeliverable, the Courier mail
server waits retrygamma*2 amount of time before another retrybeta
delivery attempts, with retryalpha amount of time apart. The next
delay will be retrygamma*4 amount of time long, the next one
retrygamma*8, and so on. retrymaxdelta sets the upper limit on the
exponential backoff. Eventually the Courier mail server will keep
waiting retrygamma*(2^retrymaxdelta) amount of time before making
retrybeta delivery attempts retryalpha amount of time apart, until
the queuetime interval expires.
The default values are:
retryalpha
Five minutes
retrybeta
Three times
retrygamma
Fifteen minutes
retrymaxdelta
Three
This results in the Courier mail server delivering each message
according to the following schedule, in minutes: 5, 5, 5, 15, 5, 5,
30, 5, 5, 60, 5, 5, then repeating 120, 5, 5, until the message
expires.
sizelimit
Maximum size of the message, in bytes, that the Courier mail server
accepts for delivery. The Courier mail server rejects larger
messages. If sizelimit is set to zero, The Courier mail server
accepts as large message as available disk space permits. If the
environment variable SIZELIMIT is set at the time a new message is
received, it takes precedence and the Courier mail server uses the
contents of the environment variable instead. Changes to this file
take effect immediately. The SIZELIMIT environment variable is for
use by individual mail submission agents. For example, it can be
set by the smtpaccess configuration file (see makesmtpaccess(8)[4]
for more information) for mail from certain IP addresses.
If sizelimit does not exist, and SIZELIMIT is not set, the maximum
message size defaults to 10485760 bytes.
submitdelay
submitdelay specifies the delay before the first delivery attempt
for a message that has been entered into the mail queue. Normally,
the first delivery attempt is made as soon as possible. This
setting delays the initial delivery attempt. It is normally used
when you have a mail filter installed that detects duplicate
messages arriving in a short period of time. If the mail filter
detects this situation it can use the cancelmsg(1)[14] command to
reject duplicate messages in the queue (and return them back to the
envelope sender).
submitdelay specifies a time interval in the same format as
queuetime.
usexsender
If this configuration file exists, the Courier mail server´s
webmail server will set the X-Sender: header on all outgoing
messages. This is a good idea if the webmail server allows the user
to set the contents of the From: header. Note that the Courier mail
server records the system userid of the sender in all locally-sent
messages (which includes messages mailed by the webmail server),
which is sufficient in most cases. In cases where you have many
virtual accounts that share the same system userid, this
configuration file provides a way to positively identify the sender
of the outgoing message.
uucpme
uucpme sets the UUCP nodename of the Courier mail server mail
relay. See courieruucp(8)[15] for more information.
uucpneighbors
uucpneighbors is used by the courieruucp module to specify the
Courier mail server´s configuration for relaying mail via UUCP. See
courieruucp(8)[15] for more information.
uucprewriteheaders
If this file exists, headers of messages sent to/from UUCP
addresses will be rewritten. Normally, only the message envelope
sender and recipients are rewritten, the existence of this file
causes the headers to be rewritten as well.
warntime
warntime specifies an amount of time in the same format as
queuetime. If a message still has not been delivered after this
period of time, the Courier mail server sends a warning message (a
"delayed" Delivery Status Notification) to the sender. If warntime
is missing, the Courier mail server sets warntime to four hours.
Note
The time interval specified by warntime is only approximate.
The Courier mail server sends a delayed Delivery Status
Notification at the conclusion of the first attempted delivery
after warntime has elapsed.
Webmail template files
HTML output from the webmail server is generated from the template
files in /usr/lib/courier/sqwebmail/html/en-us. It is possible to
translate the webmail interface into another language simply by
creating another subdirectory underneath
/usr/lib/courier/sqwebmail/html, then meticulously translating each
.html file. Each template file contains well-formed HTML, with dynamic
content marked off by tags. Note that the large comment blocks in each
HTML file need to be translated too, since they are inserted as dynamic
content, elsewhere.
The directory /usr/lib/courier/sqwebmail/html/en-us also contains
several configuration files, in addition to the HTML template files.
Doing so allows this configuration information to be defined for each
available language.
CHARSET
This file consists of a single line of text, which names the
character set used by the HTML template files. It is possible to
specify multiple character set, by separating them with commas,
provided that HTML templates use only the common portions of all
listed character set.
The default English HTML templates use strictly the “us-ascii”
subset, and the CHARSET contains utf-8,iso-8859-1. When multiple
character sets are listed, the first character set that´s supported
by the browser is picked, so with UTF-8 capable browsers the
default webmail interface will use UTF-8, falling back to
ISO-8859-1 for browsers that do not support UTF-8.
footer
The contents of this file, if it exists, are appended to all
messages sent by the webmail server.
ISPELLDICT
This file consists of a single line of text, which contains the
name of the dictionary used for spell-checking. It is passed as an
argument to ispell, or aspell.
LANGUAGE
This file consists of a single line of text, which should always be
the same as the name of its directory (en-us).
LANGUAGE_PREF
This file is not needed at runtime, its contents are used during
installation. See webmail/html/README_LANG in the source
distribution for more information.
LOCALE
The corresponding C locale for these templates.
TIMEZONELIST
This file lists the available timezones on the login screen. See
the comments in this file for more information.
Sender Policy Framework Keywords
The Courier mail server can perform “Sender Policy Framework” checks on
up to three addresses for each message. This is controlled by setting
the following variables: BOFHSPFHELO, BOFHSPFMAILFROM, and BOFHSPFFROM.
Each variable is set to a comma-separated list of the following
keywords: “off” - SPF verification disabled (default); “none”,
“neutral”, “pass”, “fail”, “softfail”, “error”, “unknown” - these
keywords correspond to the possible results of an SPF check, the
message is accepted for the listed SPF results only, any other SPF
result is rejected; “all” - shorthand for all possible SPF results, use
“all” to run SPF in informational mode only, recording the SPF status
in the Received-SPF: header.
A rejected SPF result gets kicked back with a permanent error
indication if the SPF result is listed in BOFHSPFHARDERROR, and a
temporary error indication otherwise.
When enabling SPF checking, the keyword list should always include
“pass” (it makes no sense to do otherwise) and “none”. The keyword list
should also include “softfail”, “neutral”, and “unknown”. See the SPF
draft for a description of these status results. At some distant
future, the keyword list will only include “pass”, rejecting all
senders without a stated policy. This might be desirable at some point
in the future, but not right now.
The BOFHSPFFROM list may also include an additional keyword,
“mailfromok”. BOFHSPFMAILFROM and BOFHSPFFROM are trade-offs. Using
BOFHSPFMAILFROM is faster, and it does not require the entire message
to be received, before running the SPF check. BOFHSPFFROM checking can
only occur after the entire message is received, but it´s more
reliable. If “mailfromok” is listed, the From: is not checked if the
MAIL FROM command was checked with the “pass” result.
In other words: the From: header is checked if MAIL FROM was empty, or
did not pass the SPF checks. If MAIL FROM passed the SPF check the
Courier mail server won´t bother looking at the From: header.
Note
A conservative policy should not reject failed SPF checks from the
From:header, because it can be counterproductive in some
situations. This is because when a sender from a domain with a
published SPF policy sends a message to a mailing list, the message
goes through the mailing list processor´s IP address, and it will
fail the SPF check unless the domain SPF explicitly authorizes the
mailing list processor´s IP address.
This is very unlikely. The end result is that domains with a
published SPF record get punished, and domains without an SPF
record get off scott free. Mailing lists should be encouraged to
publish their own SPF records for mailing list traffic; then the
“mailfromok” keyword can validate the mailing list´s return
address, and forego checking of the “From:” header from the mailing
list, while still checking the “From:” header from everyone else.
Another alternative is to use opt BOFHSPFFROM=all for advisory
purposes only. Post-delivery mail filters can key off the
“Received-SPF” header.
Note
The Courier mail server can add up to three “Received-SPF” headers
of its own, one for each SPF check. The Courier mail server renames
any existing “Received-SPF” header as “Old-Received-SPF”. All
“Received-SPF” headers delivered to a local mailbox will always
come from the Courier mail server.
BUGS
Flushing a single message will not work if the message queue is backed
up. When that happens, your only available option is to flush the
entire queue.
courier start fails if the Courier mail server has detected a fatal
operational error. In this situation the top-level courierd daemon
sleeps for a minute, before automatically restarting. During this sleep
interval courier stop does not work.
SEE ALSO
cancelmsg(1)[14], maildirmake(1)[12], maildrop(1)[8], preline(1)[16],
sendmail(1)[17], testmxlookup(1)[18], dot-courier(5)[6], authlib(7)[3],
courierfax(8)[9], courierfilter(8)[7], filterctl(8)[7],
courierldapaliasd(8)[11], courierpop3d(8)[19], courierpop3d(8)[19],
couriertcpd(8)[20], courieruucp(8)[15], esmtpd(8)[21], imapd(8)[22],
localmailfilter(7)[2], mailq(1)[1], makeacceptmailfor(8)[23],
makealiases(8)[24], makehosteddomains(8)[10], makepercentrelay(8)[25],
makesmtpaccess(8)[4], makeuserdb(8)[26], pw2userdb(8)[26],
mkesmtpdcert(8)[27], mkimapdcert(8)[28], pop3d(8)[29], submit(8)[5],
userdb(8)[30].
NOTES
1. mailq(1)
[set $man.base.url.for.relative.links]/mailq.html
2. localmailfilter(7)
[set $man.base.url.for.relative.links]/localmailfilter.html
3. authlib(7)
[set $man.base.url.for.relative.links]/authlib.html
4. makesmtpaccess(8)
[set $man.base.url.for.relative.links]/makesmtpaccess.html
5. submit(8)
[set $man.base.url.for.relative.links]/submit.html
6. dot-courier(5)
[set $man.base.url.for.relative.links]/dot-courier.html
7. courierfilter(8)
[set $man.base.url.for.relative.links]/courierfilter.html
8. maildrop(1)
[set $man.base.url.for.relative.links]/maildrop.html
9. courierfax(8)
[set $man.base.url.for.relative.links]/courierfax.html
10. makehosteddomains(8)
[set $man.base.url.for.relative.links]/makehosteddomains.html
11. courierldapaliasd(8)
[set $man.base.url.for.relative.links]/courierldapaliasd.html
12. maildirmake(1)
[set $man.base.url.for.relative.links]/maildirmake.html
13. maildropfilter(6)
[set $man.base.url.for.relative.links]/maildropfilter.html
14. cancelmsg(1)
[set $man.base.url.for.relative.links]/cancelmsg.html
15. courieruucp(8)
[set $man.base.url.for.relative.links]/courieruucp.html
16. preline(1)
[set $man.base.url.for.relative.links]/preline.html
17. sendmail(1)
[set $man.base.url.for.relative.links]/sendmail.html
18. testmxlookup(1)
[set $man.base.url.for.relative.links]/testmxlookup.html
19. courierpop3d(8)
[set $man.base.url.for.relative.links]/courierpop3d.html
20. couriertcpd(8)
[set $man.base.url.for.relative.links]/couriertcpd.html
21. esmtpd(8)
[set $man.base.url.for.relative.links]/esmtpd.html
22. imapd(8)
[set $man.base.url.for.relative.links]/imapd.html
23. makeacceptmailfor(8)
[set $man.base.url.for.relative.links]/makeacceptmailfor.html
24. makealiases(8)
[set $man.base.url.for.relative.links]/makealiases.html
25. makepercentrelay(8)
[set $man.base.url.for.relative.links]/makepercentrelay.html
26. makeuserdb(8)
[set $man.base.url.for.relative.links]/makeuserdb.html
27. mkesmtpdcert(8)
[set $man.base.url.for.relative.links]/mkesmtpdcert.html
28. mkimapdcert(8)
[set $man.base.url.for.relative.links]/mkimapdcert.html
29. pop3d(8)
[set $man.base.url.for.relative.links]/pop3d.html
30. userdb(8)
[set $man.base.url.for.relative.links]/userdb.html