3185
3255
* postscreen(8)
3187
#define VAR_PS_CACHE_MAP "postscreen_cache_map"
3188
#define DEF_PS_CACHE_MAP "btree:$data_directory/ps_cache"
3189
extern char *var_ps_cache_map;
3257
#define VAR_PSC_CACHE_MAP "postscreen_cache_map"
3258
#define DEF_PSC_CACHE_MAP "btree:$data_directory/postscreen_cache"
3259
extern char *var_psc_cache_map;
3191
#define VAR_SMTPD_SERVICE "smtpd_service"
3261
#define VAR_SMTPD_SERVICE "smtpd_service_name"
3192
3262
#define DEF_SMTPD_SERVICE "smtpd"
3193
3263
extern char *var_smtpd_service;
3195
#define VAR_PS_POST_QLIMIT "postscreen_post_queue_limit"
3196
#define DEF_PS_POST_QLIMIT "$" VAR_PROC_LIMIT
3197
extern int var_ps_post_queue_limit;
3199
#define VAR_PS_PRE_QLIMIT "postscreen_pre_queue_limit"
3200
#define DEF_PS_PRE_QLIMIT "$" VAR_PROC_LIMIT
3201
extern int var_ps_pre_queue_limit;
3203
#define VAR_PS_CACHE_TTL "postscreen_cache_ttl"
3204
#define DEF_PS_CACHE_TTL "1d"
3205
extern int var_ps_cache_ttl;
3207
#define VAR_PS_CACHE_RET "postscreen_cache_retention_time"
3208
#define DEF_PS_CACHE_RET "1d"
3209
extern int var_ps_cache_ret;
3211
#define VAR_PS_CACHE_SCAN "postscreen_cache_cleanup_interval"
3212
#define DEF_PS_CACHE_SCAN "12h"
3213
extern int var_ps_cache_scan;
3215
#define VAR_PS_GREET_WAIT "postscreen_greet_wait"
3216
#define DEF_PS_GREET_WAIT "4s"
3217
extern int var_ps_greet_wait;
3219
#define VAR_PS_GREET_ACTION "postscreen_greet_action"
3220
#define DEF_PS_GREET_ACTION "continue"
3221
extern char *var_ps_greet_action;
3223
#define VAR_PS_DNSBL_SITES "postscreen_dnsbl_sites"
3224
#define DEF_PS_DNSBL_SITES ""
3225
extern char *var_ps_dnsbl_sites;
3227
#define VAR_PS_DNSBL_ACTION "postscreen_dnsbl_action"
3228
#define DEF_PS_DNSBL_ACTION "continue"
3229
extern char *var_ps_dnsbl_action;
3231
#define VAR_PS_HUP_ACTION "postscreen_hangup_action"
3232
#define DEF_PS_HUP_ACTION "continue"
3233
extern char *var_ps_hangup_action;
3235
#define VAR_PS_WLIST_NETS "postscreen_whitelist_networks"
3236
#define DEF_PS_WLIST_NETS "$" VAR_MYNETWORKS
3237
extern char *var_ps_wlist_nets;
3239
#define VAR_PS_BLIST_NETS "postscreen_blacklist_networks"
3240
#define DEF_PS_BLIST_NETS ""
3241
extern char *var_ps_blist_nets;
3243
#define VAR_PS_BLIST_ACTION "postscreen_blacklist_action"
3244
#define DEF_PS_BLIST_ACTION "continue"
3245
extern char *var_ps_blist_nets;
3247
#define VAR_PS_GREET_BANNER "postscreen_greet_banner"
3248
#define DEF_PS_GREET_BANNER "$" VAR_SMTPD_BANNER
3249
extern char *var_ps_banner;
3265
#define VAR_PSC_POST_QLIMIT "postscreen_post_queue_limit"
3266
#define DEF_PSC_POST_QLIMIT "$" VAR_PROC_LIMIT
3267
extern int var_psc_post_queue_limit;
3269
#define VAR_PSC_PRE_QLIMIT "postscreen_pre_queue_limit"
3270
#define DEF_PSC_PRE_QLIMIT "$" VAR_PROC_LIMIT
3271
extern int var_psc_pre_queue_limit;
3273
#define VAR_PSC_CACHE_RET "postscreen_cache_retention_time"
3274
#define DEF_PSC_CACHE_RET "7d"
3275
extern int var_psc_cache_ret;
3277
#define VAR_PSC_CACHE_SCAN "postscreen_cache_cleanup_interval"
3278
#define DEF_PSC_CACHE_SCAN "12h"
3279
extern int var_psc_cache_scan;
3281
#define VAR_PSC_GREET_WAIT "postscreen_greet_wait"
3282
#define DEF_PSC_GREET_WAIT "${stress?2}${stress:6}s"
3283
extern int var_psc_greet_wait;
3285
#define VAR_PSC_PREGR_BANNER "postscreen_greet_banner"
3286
#define DEF_PSC_PREGR_BANNER "$" VAR_SMTPD_BANNER
3287
extern char *var_psc_pregr_banner;
3289
#define VAR_PSC_PREGR_ENABLE "postscreen_greet_enable"
3290
#define DEF_PSC_PREGR_ENABLE no
3291
extern char *var_psc_pregr_enable;
3293
#define VAR_PSC_PREGR_ACTION "postscreen_greet_action"
3294
#define DEF_PSC_PREGR_ACTION "ignore"
3295
extern char *var_psc_pregr_action;
3297
#define VAR_PSC_PREGR_TTL "postscreen_greet_ttl"
3298
#define DEF_PSC_PREGR_TTL "1d"
3299
extern int var_psc_pregr_ttl;
3301
#define VAR_PSC_DNSBL_SITES "postscreen_dnsbl_sites"
3302
#define DEF_PSC_DNSBL_SITES ""
3303
extern char *var_psc_dnsbl_sites;
3305
#define VAR_PSC_DNSBL_THRESH "postscreen_dnsbl_threshold"
3306
#define DEF_PSC_DNSBL_THRESH 1
3307
extern int var_psc_dnsbl_thresh;
3309
#define VAR_PSC_DNSBL_ENABLE "postscreen_dnsbl_enable"
3310
#define DEF_PSC_DNSBL_ENABLE 0
3311
extern char *var_psc_dnsbl_enable;
3313
#define VAR_PSC_DNSBL_ACTION "postscreen_dnsbl_action"
3314
#define DEF_PSC_DNSBL_ACTION "ignore"
3315
extern char *var_psc_dnsbl_action;
3317
#define VAR_PSC_DNSBL_TTL "postscreen_dnsbl_ttl"
3318
#define DEF_PSC_DNSBL_TTL "1h"
3319
extern int var_psc_dnsbl_ttl;
3321
#define VAR_PSC_DNSBL_REPLY "postscreen_dnsbl_reply_map"
3322
#define DEF_PSC_DNSBL_REPLY ""
3323
extern char *var_psc_dnsbl_reply;
3325
#define VAR_PSC_PIPEL_ENABLE "postscreen_pipelining_enable"
3326
#define DEF_PSC_PIPEL_ENABLE 0
3327
extern bool var_psc_pipel_enable;
3329
#define VAR_PSC_PIPEL_ACTION "postscreen_pipelining_action"
3330
#define DEF_PSC_PIPEL_ACTION "enforce"
3331
extern char *var_psc_pipel_action;
3333
#define VAR_PSC_PIPEL_TTL "postscreen_pipelining_ttl"
3334
#define DEF_PSC_PIPEL_TTL "30d"
3335
extern int var_psc_pipel_ttl;
3337
#define VAR_PSC_NSMTP_ENABLE "postscreen_non_smtp_command_enable"
3338
#define DEF_PSC_NSMTP_ENABLE 0
3339
extern bool var_psc_nsmtp_enable;
3341
#define VAR_PSC_NSMTP_ACTION "postscreen_non_smtp_command_action"
3342
#define DEF_PSC_NSMTP_ACTION "drop"
3343
extern char *var_psc_nsmtp_action;
3345
#define VAR_PSC_NSMTP_TTL "postscreen_non_smtp_command_ttl"
3346
#define DEF_PSC_NSMTP_TTL "30d"
3347
extern int var_psc_nsmtp_ttl;
3349
#define VAR_PSC_BARLF_ENABLE "postscreen_bare_newline_enable"
3350
#define DEF_PSC_BARLF_ENABLE 0
3351
extern bool var_psc_barlf_enable;
3353
#define VAR_PSC_BARLF_ACTION "postscreen_bare_newline_action"
3354
#define DEF_PSC_BARLF_ACTION "ignore"
3355
extern char *var_psc_barlf_action;
3357
#define VAR_PSC_BARLF_TTL "postscreen_bare_newline_ttl"
3358
#define DEF_PSC_BARLF_TTL "30d"
3359
extern int var_psc_barlf_ttl;
3361
#define VAR_PSC_WLIST_NETS "postscreen_whitelist_networks"
3362
#define DEF_PSC_WLIST_NETS "$" VAR_MYNETWORKS
3363
extern char *var_psc_wlist_nets;
3365
#define VAR_PSC_BLIST_NETS "postscreen_blacklist_networks"
3366
#define DEF_PSC_BLIST_NETS ""
3367
extern char *var_psc_blist_nets;
3369
#define VAR_PSC_BLIST_ACTION "postscreen_blacklist_action"
3370
#define DEF_PSC_BLIST_ACTION "ignore"
3371
extern char *var_psc_blist_nets;
3373
#define VAR_PSC_CMD_COUNT "postscreen_command_count_limit"
3374
#define DEF_PSC_CMD_COUNT 20
3375
extern int var_psc_cmd_count;
3377
#define VAR_PSC_CMD_TIME "postscreen_command_time_limit"
3378
#define DEF_PSC_CMD_TIME DEF_SMTPD_TMOUT
3379
extern char *var_psc_cmd_time;
3381
#define VAR_PSC_WATCHDOG "postscreen_watchdog_timeout"
3382
#define DEF_PSC_WATCHDOG "10s"
3383
extern int var_psc_watchdog;
3385
#define VAR_PSC_EHLO_DIS_WORDS "postscreen_discard_ehlo_keywords"
3386
#define DEF_PSC_EHLO_DIS_WORDS "$" VAR_SMTPD_EHLO_DIS_WORDS
3387
extern char *var_psc_ehlo_dis_words;
3389
#define VAR_PSC_EHLO_DIS_MAPS "postscreen_discard_ehlo_keyword_address_maps"
3390
#define DEF_PSC_EHLO_DIS_MAPS "$" VAR_SMTPD_EHLO_DIS_MAPS
3391
extern char *var_psc_ehlo_dis_maps;
3393
#define VAR_PSC_TLS_LEVEL "postscreen_tls_security_level"
3394
#define DEF_PSC_TLS_LEVEL "$" VAR_SMTPD_TLS_LEVEL
3395
extern char *var_psc_tls_level;
3397
#define VAR_PSC_USE_TLS "postscreen_use_tls"
3398
#define DEF_PSC_USE_TLS "$" VAR_SMTPD_USE_TLS
3399
extern bool var_psc_use_tls;
3401
#define VAR_PSC_ENFORCE_TLS "postscreen_enforce_tls"
3402
#define DEF_PSC_ENFORCE_TLS "$" VAR_SMTPD_ENFORCE_TLS
3403
extern bool var_psc_enforce_tls;
3405
#define VAR_PSC_FORBID_CMDS "postscreen_forbidden_commands"
3406
#define DEF_PSC_FORBID_CMDS "$" VAR_SMTPD_FORBID_CMDS
3407
extern char *var_psc_forbid_cmds;
3409
#define VAR_PSC_HELO_REQUIRED "postscreen_helo_required"
3410
#define DEF_PSC_HELO_REQUIRED "$" VAR_HELO_REQUIRED
3411
extern bool var_psc_helo_required;
3413
#define VAR_PSC_DISABLE_VRFY "postscreen_disable_vrfy_command"
3414
#define DEF_PSC_DISABLE_VRFY "$" VAR_DISABLE_VRFY_CMD
3415
extern bool var_psc_disable_vrfy;
3417
#define VAR_PSC_CCONN_LIMIT "postscreen_client_connection_count_limit"
3418
#define DEF_PSC_CCONN_LIMIT "$" VAR_SMTPD_CCONN_LIMIT
3419
extern int var_psc_cconn_limit;
3421
#define VAR_PSC_REJ_FOOTER "postscreen_reject_footer"
3422
#define DEF_PSC_REJ_FOOTER "$" VAR_SMTPD_REJ_FOOTER
3423
extern char *var_psc_rej_footer;
3425
#define VAR_PSC_EXP_FILTER "postscreen_expansion_filter"
3426
#define DEF_PSC_EXP_FILTER "$" VAR_SMTPD_EXP_FILTER
3427
extern char *var_psc_exp_filter;
3429
#define VAR_PSC_CMD_FILTER "postscreen_command_filter"
3430
#define DEF_PSC_CMD_FILTER ""
3431
extern char *var_psc_cmd_filter;
3433
#define PSC_ACL_NAME_WL_MYNETWORKS "permit_mynetworks"
3434
#define PSC_ACL_NAME_WHITELIST "permit"
3435
#define PSC_ACL_NAME_BLACKLIST "reject"
3436
#define PSC_ACL_NAME_DUNNO "dunno"
3437
#define PSC_ACL_NAME_ERROR "error"
3439
#define VAR_PSC_ACL "postscreen_access_list"
3440
#define DEF_PSC_ACL PSC_ACL_NAME_WL_MYNETWORKS
3441
extern char *var_psc_acl;
3443
#define VAR_DNSBLOG_SERVICE "dnsblog_service_name"
3444
#define DEF_DNSBLOG_SERVICE MAIL_SERVICE_DNSBLOG
3445
extern char *var_dnsblog_service;
3447
#define VAR_DNSBLOG_DELAY "dnsblog_reply_delay"
3448
#define DEF_DNSBLOG_DELAY "0s"
3449
extern int var_dnsblog_delay;
3451
#define VAR_TLSPROXY_SERVICE "tlsproxy_service_name"
3452
#define DEF_TLSPROXY_SERVICE MAIL_SERVICE_TLSPROXY
3453
extern char *var_tlsproxy_service;
3455
#define VAR_TLSP_WATCHDOG "tlsproxy_watchdog_timeout"
3456
#define DEF_TLSP_WATCHDOG "10s"
3457
extern int var_tlsp_watchdog;
3459
#define VAR_TLSP_TLS_LEVEL "tlsproxy_tls_security_level"
3460
#define DEF_TLSP_TLS_LEVEL "$" VAR_SMTPD_TLS_LEVEL
3461
extern char *var_tlsp_tls_level;
3463
#define VAR_TLSP_USE_TLS "tlsproxy_use_tls"
3464
#define DEF_TLSP_USE_TLS "$" VAR_SMTPD_USE_TLS
3465
extern bool var_tlsp_use_tls;
3467
#define VAR_TLSP_ENFORCE_TLS "tlsproxy_enforce_tls"
3468
#define DEF_TLSP_ENFORCE_TLS "$" VAR_SMTPD_ENFORCE_TLS
3469
extern bool var_tlsp_enforce_tls;
3471
#define VAR_TLSP_TLS_ACERT "tlsproxy_tls_ask_ccert"
3472
#define DEF_TLSP_TLS_ACERT "$" VAR_SMTPD_TLS_ACERT
3473
extern bool var_tlsp_tls_ask_ccert;
3475
#define VAR_TLSP_TLS_RCERT "tlsproxy_tls_req_ccert"
3476
#define DEF_TLSP_TLS_RCERT "$" VAR_SMTPD_TLS_RCERT
3477
extern bool var_tlsp_tls_req_ccert;
3479
#define VAR_TLSP_TLS_CCERT_VD "tlsproxy_tls_ccert_verifydepth"
3480
#define DEF_TLSP_TLS_CCERT_VD "$" VAR_SMTPD_TLS_CCERT_VD
3481
extern int var_tlsp_tls_ccert_vd;
3483
#define VAR_TLSP_TLS_CERT_FILE "tlsproxy_tls_cert_file"
3484
#define DEF_TLSP_TLS_CERT_FILE "$" VAR_SMTPD_TLS_CERT_FILE
3485
extern char *var_tlsp_tls_cert_file;
3487
#define VAR_TLSP_TLS_KEY_FILE "tlsproxy_tls_key_file"
3488
#define DEF_TLSP_TLS_KEY_FILE "$" VAR_SMTPD_TLS_KEY_FILE
3489
extern char *var_tlsp_tls_key_file;
3491
#define VAR_TLSP_TLS_DCERT_FILE "tlsproxy_tls_dcert_file"
3492
#define DEF_TLSP_TLS_DCERT_FILE "$" VAR_SMTPD_TLS_DCERT_FILE
3493
extern char *var_tlsp_tls_dcert_file;
3495
#define VAR_TLSP_TLS_DKEY_FILE "tlsproxy_tls_dkey_file"
3496
#define DEF_TLSP_TLS_DKEY_FILE "$" VAR_SMTPD_TLS_DKEY_FILE
3497
extern char *var_tlsp_tls_dkey_file;
3499
#define VAR_TLSP_TLS_ECCERT_FILE "tlsproxy_tls_eccert_file"
3500
#define DEF_TLSP_TLS_ECCERT_FILE "$" VAR_SMTPD_TLS_ECCERT_FILE
3501
extern char *var_tlsp_tls_eccert_file;
3503
#define VAR_TLSP_TLS_ECKEY_FILE "tlsproxy_tls_eckey_file"
3504
#define DEF_TLSP_TLS_ECKEY_FILE "$" VAR_SMTPD_TLS_ECKEY_FILE
3505
extern char *var_tlsp_tls_eckey_file;
3507
#define DEF_TLSP_TLS_ECKEY_FILE "$" VAR_SMTPD_TLS_ECKEY_FILE
3508
extern char *var_tlsp_tls_eckey_file;
3510
#define VAR_TLSP_TLS_CA_FILE "tlsproxy_tls_CAfile"
3511
#define DEF_TLSP_TLS_CA_FILE "$" VAR_SMTPD_TLS_CA_FILE
3512
extern char *var_tlsp_tls_CAfile;
3514
#define VAR_TLSP_TLS_CA_PATH "tlsproxy_tls_CApath"
3515
#define DEF_TLSP_TLS_CA_PATH "$" VAR_SMTPD_TLS_CA_PATH
3516
extern char *var_tlsp_tls_CApath;
3518
#define VAR_TLSP_TLS_PROTO "tlsproxy_tls_protocols"
3519
#define DEF_TLSP_TLS_PROTO "$" VAR_SMTPD_TLS_PROTO
3520
extern char *var_tlsp_tls_proto;
3522
#define VAR_TLSP_TLS_MAND_PROTO "tlsproxy_tls_mandatory_protocols"
3523
#define DEF_TLSP_TLS_MAND_PROTO "$" VAR_SMTPD_TLS_MAND_PROTO
3524
extern char *var_tlsp_tls_mand_proto;
3526
#define VAR_TLSP_TLS_CIPH "tlsproxy_tls_ciphers"
3527
#define DEF_TLSP_TLS_CIPH "$" VAR_SMTPD_TLS_CIPH
3528
extern char *var_tlsp_tls_ciph;
3530
#define VAR_TLSP_TLS_MAND_CIPH "tlsproxy_tls_mandatory_ciphers"
3531
#define DEF_TLSP_TLS_MAND_CIPH "$" VAR_SMTPD_TLS_MAND_CIPH
3532
extern char *var_tlsp_tls_mand_ciph;
3534
#define VAR_TLSP_TLS_EXCL_CIPH "tlsproxy_tls_exclude_ciphers"
3535
#define DEF_TLSP_TLS_EXCL_CIPH "$" VAR_SMTPD_TLS_EXCL_CIPH
3536
extern char *var_tlsp_tls_excl_ciph;
3538
#define VAR_TLSP_TLS_MAND_EXCL "tlsproxy_tls_mandatory_exclude_ciphers"
3539
#define DEF_TLSP_TLS_MAND_EXCL "$" VAR_SMTPD_TLS_MAND_EXCL
3540
extern char *var_tlsp_tls_mand_excl;
3542
#define VAR_TLSP_TLS_FPT_DGST "tlsproxy_tls_fingerprint_digest"
3543
#define DEF_TLSP_TLS_FPT_DGST "$" VAR_SMTPD_TLS_FPT_DGST
3544
extern char *var_tlsp_tls_fpt_dgst;
3546
#define VAR_TLSP_TLS_512_FILE "tlsproxy_tls_dh512_param_file"
3547
#define DEF_TLSP_TLS_512_FILE "$" VAR_SMTPD_TLS_512_FILE
3548
extern char *var_tlsp_tls_dh512_param_file;
3550
#define VAR_TLSP_TLS_1024_FILE "tlsproxy_tls_dh1024_param_file"
3551
#define DEF_TLSP_TLS_1024_FILE "$" VAR_SMTPD_TLS_1024_FILE
3552
extern char *var_tlsp_tls_dh1024_param_file;
3554
#define VAR_TLSP_TLS_EECDH "tlsproxy_tls_eecdh_grade"
3555
#define DEF_TLSP_TLS_EECDH "$" VAR_SMTPD_TLS_EECDH
3556
extern char *var_tlsp_tls_eecdh;
3558
#define VAR_TLSP_TLS_LOGLEVEL "tlsproxy_tls_loglevel"
3559
#define DEF_TLSP_TLS_LOGLEVEL "$" VAR_SMTPD_TLS_LOGLEVEL
3560
extern int var_tlsp_tls_loglevel;
3562
#define VAR_TLSP_TLS_RECHEAD "tlsproxy_tls_received_header"
3563
#define DEF_TLSP_TLS_RECHEAD "$" VAR_SMTPD_TLS_RECHEAD
3564
extern bool var_tlsp_tls_received_header;
3566
#define VAR_TLSP_TLS_SCACHE_DB "tlsproxy_tls_session_cache_database"
3567
#define DEF_TLSP_TLS_SCACHE_DB "$" VAR_SMTPD_TLS_SCACHE_DB
3568
extern char *var_tlsp_tls_scache_db;
3570
#define VAR_TLSP_TLS_SCACHTIME "tlsproxy_tls_session_cache_timeout"
3571
#define DEF_TLSP_TLS_SCACHTIME "$" VAR_SMTPD_TLS_SCACHTIME
3572
extern int var_tlsp_tls_scache_timeout;
3574
#define VAR_TLSP_TLS_SET_SESSID "tlsproxy_tls_always_issue_session_ids"
3575
#define DEF_TLSP_TLS_SET_SESSID "$" VAR_SMTPD_TLS_SET_SESSID
3576
extern bool var_tlsp_tls_set_sessid;
3579
* SMTPD "reject" contact info.
3581
#define VAR_SMTPD_REJ_FOOTER "smtpd_reject_footer"
3582
#define DEF_SMTPD_REJ_FOOTER ""
3583
extern char *var_smtpd_rej_footer;