smtp, smtpd - mail transport
upas/smtp [ -aAdfiops ] [ -b busted-mx ] ... [ -g gateway ] [ -h host ]
[ -u user ] [ .domain ] destaddr sender rcpt-list
upas/smtpd [ -adDfrg ] [ -c certfile ] [ -h mydom ] [ -k evilipaddr ] [
-m mailer ] [ -n netdir ]
Smtp sends the mail message from standard input to the users rcpt-list
on the host at network address address using the Simple Mail Transfer
Protocol. The options are:
-a if the server supports PLAIN or LOGIN authentication, authenti‐
cate to the server using a password from factotum(4). See RFCs
3207 and 2554. This option implies -s.
-A autistic server: don't wait for an SMTP greeting banner but
immediately send a command to provoke the server into respond‐
-b ignore busted-mx when trying MX hosts. May be repeated.
-d turn on debugging to standard error.
-f just filter the converted message to standard output rather than
-g makes gateway the system to pass the message to if smtp can't
find an address nor MX entry for the destination system.
-h use host as the local system name; it may be fully-qualified or
not. If not specified, it will default to the contents of
-i under -a, authenticate even if we can't start TLS.
-o under -s, use TLS even if we don't know the remote system.
-p ping: just verify that the users named in the rcpt-list are
valid users at destaddr; don't send any mail.
-s if the server supports the ESMTP extension to use TLS encryp‐
tion, turn it on for this session. See RFC3207 for details.
-u specify a user name to be used in authentication. The default
name is the current login id.
Finally if .domain is given, it is appended to the end of any unquali‐
fied system names in the envelope or header.
Smtpd receives a message using the Simple Mail Transfer Protocol.
Standard input and output are the protocol connection. SMTP authenti‐
cation by login and cram-md5 protocols is supported; authenticated con‐
nections are permitted to relay.
The options are:
-a requires that all clients authenticate to be able to send mail.
-c specifies a certificate to use for TLS. Without this option,
the capability to start TLS will not be advertised.
-d turns on debugging output, with each connection's output going
to a uniquely-named file in /sys/log/smtpdb.
-D sleeps for 15 seconds usually at the start of the SMTP dialogue;
this deters some spammers. Connections from Class A networks
frequented by spammers will incur a longer delay.
-f prevents relaying from non-trusted networks. It also tags mes‐
sages from non-trusted sites when they deliver mail from an
address in a domain we believe we represent.
-g turns on grey/white list processing. All mail is rejected (with
a retry code) unless the sender's IP address is on the
whitelist, /mail/grey/whitelist, an append only file. Addresses
can be added to the whitelist by the administrator. However,
the usual way for addresses to be added is by smtpd itself.
Whenever a message is received and the sender's address isn't on
the whitelist, smtpd first looks for the file /mail/grey/tmp‐
/local/remote/recipient, where local and remote are IP addresses
of the local and remote systems, respectively. If it exists and
was created more than a few minutes go, the remote address is
added to the whitelist. If not, the file is created and the
mail is rejected with a `try again' code. The expectation is
that spammers will not retry for more than a few minutes and
that others will.
-h specifies the receiving domain. If this flag is not specified,
the receiving domain is inferred from the host name.
-k causes connections from the host at the IP address, evilipaddr,
to be dropped at program startup. Multiple addresses can be
specified with several -k options. This option should be used
carefully; it is intended to lessen the effects of denial of
service attacks or broken mailers which continually connect.
The connections are not logged and the remote system is not
notified via the protocol.
-m set the mailer to which smtpd passes a received message. The
default is /bin/upas/send.
-n specifies the name of the network directory assigned to the
incoming connection. This is used to determine the peer IP
address. If this flag is not specified, the peer address is
determined using standard input.
-p permits clients to authenticate using protocols which transfer
the password in the clear, e.g. login protocol. This should
only be used if the connection has previously encrypted using
-r turns on forward DNS validation of non-trusted sender address.
-s causes copies of blocked messages to be saved in a sub-directory
Smtpd is normally run by a network listener such as listen(8). Most of
the command line options are more conveniently specified in the smtpd
configuration file stored in /mail/lib/smtpd.conf.
SEE ALSOaliasmail(8), faces(1), filter(1), mail(1), marshal(1), mlmgr(1), ned‐
mail(1), qer(8), rewrite(6), send(8), tlssrv(8), upasfs(4)SMTP(8)