.TH qmail-smtpd 8
.SH NAME
qmail-smtpd \- receive mail via SMTP
.SH SYNOPSIS
.B qmail-smtpd
.SH DESCRIPTION
.B qmail-smtpd
receives mail messages via the Simple Mail Transfer Protocol (SMTP)
and invokes
.B qmail-queue
to deposit them into the outgoing queue.
.B qmail-smtpd
must be supplied several environment variables;
see
.BR tcp-environ(5) .

.B qmail-smtpd
is responsible for counting hops.
It rejects any message with 100 or more 
.B Received
or
.B Delivered-To
header fields.

.B qmail-smtpd
supports ESMTP, including the 8BITMIME, DATA, PIPELINING, SIZE, and AUTH options.
.B qmail-smtpd
includes a \'MAIL FROM:\; parameter parser and obeys \'Auth\' and \'Size\' advertisements.
.B qmail-smtpd
can accept LOGIN, PLAIN, and CRAM-MD5 AUTH types.  It invokes
.IR checkprogram ,
which reads on file descriptor 3 the username, a 0 byte, the password
or CRAM-MD5 digest/response derived from the SMTP client,
another 0 byte, a CRAM-MD5 challenge (if applicable to the AUTH type),
and a final 0 byte.
.I checkprogram
invokes
.I subprogram
upon successful authentication, which should in turn return 0 to
.BR qmail-smtpd ,
effectively setting the environment variables $RELAYCLIENT and $TCPREMOTEINFO
(any supplied value replaced with the authenticated username).
.B qmail-smtpd
will reject the authentication attempt if it receives a nonzero return
value from
.I checkprogram
or
.IR subprogram .

Binding
.B qmail-smtpd
to the SUBMISSION port (\'587\') instead of the standard SMTP port 25 will advice
.B qmail-smtpd
to require SMTP authention prior of accepting the \'MAIL FROM:\' command.
A different port can be chosen, populating the environment variable
.IR SUBMISSIONPORT .

.SH TRANSPARENCY
.B qmail-smtpd
converts the SMTP newline convention into the UNIX newline convention
by converting CR LF into LF.
It returns a temporary error and drops the connection on bare LFs;
see
.BR http://pobox.com/~djb/docs/smtplf.html .

.B qmail-smtpd
accepts messages that contain long lines or non-ASCII characters,
even though such messages violate the SMTP protocol.
.SH "CONTROL FILES"
.TP 5
.I badhelo
Unacceptable HELO/EHLO host names.
.B qmail-smtpd
will reject every recipient address for a message if
the host name is listed in, 
or matches a POSIX regular expression pattern listed in,
.IR badhelo .
If the 
.B NOBADHELO 
environment variable is set, then the contents of 
.IR badhelo 
will be ignored.
For more information, please have a look at doc/README.qregex.
.TP 5
.I badmailfrom
Unacceptable envelope sender addresses.
.B qmail-smtpd
will reject every recipient address for a message
if the envelope sender address is listed in, or matches a POSIX regular expression
pattern listed in,
.IR badmailfrom .
A line in
.I badmailfrom
may be of the form
.BR @\fIhost ,
meaning every address at
.IR host .
For more information, please have a look at doc/README.qregex.
.TP 5
.I badmailfromnorelay
Functions the same as the
.IR badmailfrom
control file but is read only if the 
.B RELAYCLIENT 
environment variable is not set.
For more information, please have a look at doc/README.qregex.
.TP 5
.I badmailto
Unacceptable envelope recipient addresses.
.B qmail-smtpd
will reject every recipient address for a message if the recipient address
is listed in,
or matches a POSIX regular expression pattern listed in,
.IR badmailto .
For more information, please have a look at doc/README.qregex.
.TP 5
.I badmailtonorelay
Functions the same as the
.IR badmailto
control file but is read only if the
.B RELAYCLIENT
environment variable is not set.
For more information, please have a look at doc/README.qregex.
.TP 5
.I databytes
Maximum number of bytes allowed in a message,
or 0 for no limit.
Default: 0.
If a message exceeds this limit,
.B qmail-smtpd
returns a permanent error code to the client;
in contrast, if
the disk is full or
.B qmail-smtpd
hits a resource limit,
.B qmail-smtpd
returns a temporary error code.

.I databytes
counts bytes as stored on disk, not as transmitted through the network.
It does not count the
.B qmail-smtpd
Received line, the
.B qmail-queue
Received line, or the envelope.

If the environment variable
.B DATABYTES
is set, it overrides
.IR databytes .
.TP 5
.I localiphost
Replacement host name for local IP addresses.
Default:
.IR me ,
if that is supplied.
.B qmail-smtpd
is responsible for recognizing dotted-decimal addresses for the
current host.
When it sees a recipient address of the form
.IR box@[d.d.d.d] ,
where
.I d.d.d.d
is a local IP address,
it replaces
.IR [d.d.d.d]
with
.IR localiphost .
This is done before
.IR rcpthosts .
.TP 5
.I mfcheck
If set,
.B qmail-smtpd
tries to resolve the domain of the envelope from address.  It can be
handy when you want to filter out spamhosts.
.TP 5
.I morercpthosts
Extra allowed RCPT domains.
If
.I rcpthosts
and
.I morercpthosts
both exist,
.I morercpthosts
is effectively appended to
.IR rcpthosts .

You must run
.B qmail-newmrh
whenever
.I morercpthosts
changes.

Rule of thumb for large sites:
Put your 50 most commonly used domains into
.IR rcpthosts ,
and the rest into
.IR morercpthosts .
.TP 5
.I rcpthosts
Allowed RCPT domains.
If
.I rcpthosts
is supplied,
.B qmail-smtpd
will reject
any envelope recipient address with a domain not listed in
.IR rcpthosts .

Exception:
If the environment variable
.B RELAYCLIENT
is set,
.B qmail-smtpd
will ignore
.IR rcpthosts ,
and will append the value of
.B RELAYCLIENT
to each incoming recipient address.

.I rcpthosts
may include wildcards:

.EX
   heaven.af.mil
   .heaven.af.mil
.EE

Envelope recipient addresses without @ signs are
always allowed through.
.TP 5
.I smtpgreeting
SMTP greeting message.
Default:
.IR me ,
if that is supplied;
otherwise
.B qmail-smtpd
will refuse to run.
The first word of
.I smtpgreeting
should be the current host's name.
.TP 5
.I timeoutsmtpd
Number of seconds
.B qmail-smtpd
will wait for each new buffer of data from the remote SMTP client.
Default: 1200.
.TP 5
.I spfbehavior
Set to a value between 1 and 6 to enable SPF checks; 0 to disable.
1 selects 'annotate-only' mode, where
.B qmail-smtpd
will annotate incoming email with
.B Received-SPF
fields, but will not reject any messages.  2 will produce temporary
failures on DNS lookup problems so you can make sure you always have
meaningful Received-SPF headers.  3 selects 'reject' mode,
where incoming mail will be rejected if the SPF record says 'fail'.  4
selects a more stricter rejection mode, which is like 'reject' mode,
except that incoming mail will also be rejected when the SPF record
says 'softfail'.  5 will also reject when the SPF record says 'neutral',
and 6 if no SPF records are available at all (or a syntax error was
encountered). The contents of this file are overridden by the value of
the
.B SPFBEHAVIOR
environment variable, if set.
Default: 0.
.TP 5
.I spfexp
You can add a line with a an SPF explanation that will be shown to the
sender in case of a reject. It will override the default one. You can
use SPF macro expansion.
.TP 5
.I spfguess
You can add a line with SPF rules that will be checked if a sender
domain doesn't have a SPF record. The local rules will also be used
in this case.
.TP 5
.I spfrules
You can add a line with SPF rules that will be checked before other SPF
rules would fail.  This can be used to always allow certain machines to
send certain mails.
.SH "SEE ALSO"
tcp-env(1),
tcp-environ(5),
qmail-control(5),
qmail-inject(8),
qmail-newmrh(8),
qmail-queue(8),
qmail-remote(8)