MAKESMTPACCESS, MAKE

Section: Double Precision, Inc. (8) Updated: 02/19/2010 Local index Up

NAME

makesmtpaccess - Build ESMTP server access file

SYNOPSIS

makesmtpaccess
makesmtpaccess-msa

DESCRIPTION

makesmtpaccess

rebuilds the contents of the /etc/courier/smtpaccess.dat database from the contents of the files in the /etc/courier/smtpaccess directory. When the esmtpd script starts couriertcpd, the script specifies /etc/courier/smtpaccess.dat file to control access to the Courier mail server's ESMTP daemon. The makesmtpaccess script must be run before any changes in the /etc/courier/smtpaccess directory take effect.

The m[blue]couriertcpd(8)m[][1] manual page describes the general format of the access file.

The default Courier mail server configuration uses the same access file, /etc/courier/smtpaccess.dat for both the regular ESMTP server, and the message submission server on port 587 (m[blue]RFC 2476m[][2]). It is possible to use different access files. To do so, create a different access file, edit /etc/courier/esmtpd-msa, and set ACCESSFILE to the filename of the access file directory (the directory containing the plain text files, not the .dat file). Then, use makesmtpaccess-msa instead of makesmtpaccess to build the .dat file.

The smtpaccess configuration file

The m[blue]couriertcpd(8)m[][1] manual page describes the generic format of the access file. The access file specifies what should be done with connections from defined IP address ranges. The basic choices are to accept or reject the connection. Also, the generic format of the access file allows arbitrary environment variables to be set based on the connection's remote IP address.

The Courier mail server's ESMTPD server understands the following environment variables, which may be set in the access file:

BLOCK

: If this variable is set to a non-empty value, all mail will be rejected for this connection. The contents of the environment variable will be used as the error message. This is not the same as the couriertcpd access file setting that immediately drops the connection. The incoming connection is accepted, but every message will be rejected.

FAXRELAYCLIENT

Allow the client to send faxes via the m[blue]courierfax(8)m[][3] module.

: Note
When ESMTP authentication is enabled, a successful authentication automatically sets FAXRELAYCLIENT.

RELAYCLIENT

Allow the client to relay mail.

: Note
When ESMTP authentication is enabled, a successful authentication automatically sets RELAYCLIENT.

The following options are typically set globally in the esmtpd configuration file, but may be overriden in the smtpaccess configuration file:

BOFHCHECKDNS

Do not check the return address's domain in DNS if this environment variable is set to 0. The default value of BOFHCHECKDNS is 1.

: Note
Turning off the DNS check disables a number of options in the bofh configuration file. See m[blue]courier(8)m[][4] for more information.

BOFHCHECKHELO

Set this variable to 1 to check the hostname argument to the ESMTP HELO/EHLO command, as follows:

: • A hostname that's actually an IP address, and is the same as the connecting ESMTP client's IP address, is valid.

: • Otherwise hostname should be a valid DNS name with MX and/or A records, with at least one record matching the connecting ESMTP client's IP address.

: • An ESMTP client with relaying privileges (either due to RELAYCLIENT explicitly set, or if it succesfully authenticates) may use anything for an EHLO/HELO. The EHLO/HELO argument coming from an authenticated/relaying client is not checked.

BOFHNOEXPN