courier — The Courier mail server
courier
{ start | stop | restart | flush |
flush
qid
|
clear
user@domain
|
clear
all
|
show
all
}
The Courier mail server is a modular multi-protocol E-mail transport agent. The courier command is an administrative command, and most of its options are only available to the superuser.
"courier start" starts the server by running /usr/lib/courier/courierctl.start in the background. "courier stop" immediately stops all the Courier mail server processes and aborts all current mail deliveries. "courier restart" restarts the Courier mail server server. A restart is often needed for certain configuration changes to take effect. "courier restart" waits for all current deliveries to complete before restarting. This is the "nice" way to restart the mail server. "courier flush" takes all undelivered messages in the queue and attempts to deliver them immediately, instead of waiting until their next scheduled attempted delivery time. "courier flush" can be optionally followed by a message queue ID in order to schedule an immediate delivery attempt for only a single message. Message queue IDs are displayed by the mailq(1) command.
Please note that courier start runs the main Courier mail server scheduling engine only. It does not start any other daemons that you may have, such as the ESMTP or the IMAP daemon.
"courier show all" lists all E-mail addresses currently blacklisted for backscatter. "courier clear user@domain" manually clears <user@domain> from the backscatter blacklist. "courier clear all" removes all addresses from the backscatter blacklist. When the Courier mail server encounters a delivery failure to an E-mail address the Courier mail server may stop accepting any more messages to the same address in order to minimize generation of so-called "backscatter bounces". This does not occur in all cases, see "Backscatter suppression" in the Courier mail server's installation instructions for more information.
The Courier mail server will resume accepting messages to the blacklisted address if the delivery attempt originally encountered a temporary failure, and a subsequent retry succesfully delivered the message, or if more than two hours elapsed since the delivery failure. Use the "clear" command to manually clear the E-mail address from the backscatter blacklist. This may be useful if the undeliverable message is manually removed from the Courier mail server's mail queue, using the "cancel" command. Even if the message is cancelled, the Courier mail server will continue to refuse accepting mail for this address for up to two hours. The "clear" command can be use to reenable mail acceptance before then.
The Courier mail server uses several configuration files which are located in
/etc/courier
.
These configuration files are plain text files
that can be modified with any text editor. In certain instances a
subdirectory is used, and all plain text files in the subdirectory are
concatenated and are considered to be a single, consolidated, configuration
file. Unless otherwise specified, you must run
courier restart
for any changes to these files to take effect.
International domain names should be listed in UTF-8 lowercase. For example, the hosteddomains file may list “пример.испытание” as a domain.
aliasfilteracct
This file contains one line, containing the home directory of the account that's used for filtering mail addressed to local alias lists.
When mail filtering is enabled, local recipients have the ability to
define mail filters which can selectively reject unwanted mail.
/etc/courier/aliases
may define local mail aliases that contain
one or more recipients. If it is desired to use local mail filtering for
mail addressed to an alias address, designate a local account that will be
used to specify filtering instructions, and put its home directory into this
control file. The filtering argument will be
"alias-
"
where address
address
is the name of the
alias. See
localmailfilter(7) for more
information.
Due to technical limitations, content filtering is not available for multiple-recipient aliases.
Changes to this file take effect immediately.
autoresponsesquota
This file sets the systemwide quota on autoreplies, if autoreplies and mail filtering are enabled. Note that this can only really be effective if there is no login access to the mail account, since this autoreply quota can be trivially overriden.
The autoresponsesquota
file contains one line:
"C
" or
"nnn
S
" (or both strings, on the same line). nnn
C
: allow up to #nnn
autoreplies to be created. nnn
S
: allow up to #nnn bytes as the total size of
all autoreplies, combined. If both nnn
C
and nnn
S
are specified, both quotas
apply. If this file does not exist, there is no limit on autoreplies. This
quota setting applies systemwide. To override the quota setting for a
particular Maildir, create the nnn
autoresponsesquota
file in that
Maildir (which takes precedence).
backuprelay
This file contains one line, containing a name of a machine where mail will be rerouted if it cannot be immediately delivered. Spaces are not allowed in this file.
Mail gets rerouted if it cannot be delivered after the time interval
specified by the warntime
configuration file. When
backuprelay
is provided a delayed delivery status notification
will NOT be generated. The message will be rerouted even if the recipient's
delivery status notification setting does not include a delayed notification
request.
This feature is intended for use by relays that handle large quantities of mail, where you don't want to accumulate a large mail queue for unreachable mail servers. Please note that ALL undeliverable mail will be rerouted in this fashion. Even if the recipient of a message is a local recipient - and the recipient's mail filter is rejecting the message with a temporary error code - the message will still be rerouted if it's undeliverable after the specified amount of time.
Although currently SMTP is the only meaningful application for this feature, the Courier mail server is a protocol-independent mail server, and the backup relay function can be extended to other protocols, as they become available.
Multiple backup relays can be used by simply assigning multiple IP addresses to the same machine name. Note that the Courier mail server checks for both MX and A records for the machine specified in this configuration file.
It's important to note that when this setting is specified, warning messages get turned off for all messages, including messages addressed to local recipients. If a temporary delivery error prevents a message from being delivered to a local mailbox, it remains in the queue until the temporary error condition gets cleared. Normally, if the message remains in the queue beyond the warning interval, the warning message gets generated. When this setting is specified, the warning message gets replaced with a forward to the backup relay, but this occurs only for messages that are delivered via SMTP.
batchsize
This file contains one line, containing a single number. This number
specifies the absolute maximum number of recipients for a single message. If
the Courier mail server receives a message with more recipients, the message is duplicated as
often as necessary until each copy of the message has no more than
batchsize
recipients. If batchsize
is missing, it
defaults to 100 recipients per message.
bofh
This configuration file configures domain-based junk mail filters. Lines in this configuration files that begin with the # character are considered comments, and are ignored. The remaining lines contain the following directives, in any order:
badfrom user@domain
Reject all mail with the return
address of <user@domain>
.
badfrom @domain
Reject all mail with the return address
of <anything@domain>
.
badfrom @.domain
Reject all mail with the return address
of <anything@anything.domain>
.
badfrom user@.domain
Reject all mail with the return address
of <user@anything.domain>
.
badmx N
Reject all mail with a return address in any
mail domain whose listed mail servers include server "N
". "N
" is an IP
address. The BOFHCHECKDNS
option in the esmtp
configuration
file must also be enabled (this is the default setting) in order for this
additional checking to take place. Note that this is "best effort" check.
A DNS failure to look up A records for hostnames returned in the MX
record may hide the blacklisted server from view.
freemail domain
[domain2
] [domain3
]...
Reject all mail with a return address
<anything@domain>
unless the
mail is received from a mail relay whose hostname is in the same domain.
"domain2
" and "domain3
" are optional, and specifies other domains that
the mail relay's hostname may belong to. For example: "freemail
example.com domain.com
" specifies that mail with a return address
@example.com
will be accepted only from a mail relay with a hostname in
the example.com
or domain.com
domain. Note that this setting requires
that DNS lookup be enabled for incoming ESMTP connections (which is the
default setting).
spamtrap user@domain
Reject all mail that has
<user@domain>
listed as one of its recipients.
For local mailboxes, 'domain
' must be set to the
contents of the me
configuration file, or the server's hostname. Also, this check is made
after any alias processing takes place. Suggested usage: create a single
local spamtrap account, then create aliases in the alias file that point
to the spamtrap account.
maxrcpts N
[hard]
Accept the first N
recipient addresses
per message, maximum. The remaining recipients are rejected. An optional
verbatim token "hard" specifies that the remaining recipients will
immediately be returned as undeliverable (otherwise the remaining
recipients are rejected as "temporary unavailable", and may be accepted
on a later delivery attempt). If not specified, the first 100 recipients
are accepted.
opt BOFHCHECKHELO=1
Verify the hostname provided in the ESMTP HELO/EHLO statement.
“opt BOFHCHECKHELO=1” is a global default, which may be
overridden by setting the BOFHCHECKHELO
environment
variable in the SMTP access file.
See
makesmtpaccess(8)
for more information.
“opt BOFHCHECKHELO=1” enables ESMTP HELO/EHLO checking by
default, and ESMTP HELO/EHLO checking may be turned off for individual IP
address ranges by setting
BOFHCHECKHELO
to 0
using
makesmtpaccess(8).
Alternatively, HELO/EHLO checking may be turned off by default, and enabled
for specific IP address ranges by using
makesmtpaccess(8)
to set
BOFHCHECKHELO
to 1
.
See
makesmtpaccess(8)
for more information.
opt BOFHCHECKHELO=2
Setting to BOFHCHECKHELO
2
has the effect of returning a
temporary SMTP error code, instead of a permanent SMTP
error code, for a failed HELO/EHLO SPF check.
opt BOFHHEADERLIMIT=n
Reject messages whose headers exceed n
bytes in
size (minimum 1,000 bytes, default 100,000 bytes).
opt BOFHNOBASE64TEXT=1
Reject messages with base64-encoded text/plain
or
text/html
content.
opt BOFHSPFHELO=
keywords
Use Sender Policy Framework to verify the HELO
or
EHLO
domain sent by the connecting SMTP client.
See Sender Policy Framework Keywords below for
a list of possible keywords.
SPF checking is not used for
HELO
or
EHLO
commands that specify an IP address instead of
a domain name.
This setting may be used in combination with
opt BOFHCHECKHELO=1
.
The BOFHCHECKHELO=1
check is disabled
if SPF verification of the HELO
/EHLO
results in the SPF status of “pass”.
This makes sense: if the HELO
/EHLO
domains complies with the domain's SPF, it is not necessary to check it
further.
opt BOFHSPFMAILFROM=
keywords
Use Sender Policy Framework to verify the return address in the
MAIL FROM
command sent by the connecting SMTP client.
See Sender Policy Framework Keywords below for
a list of possible keywords.
No SPF checking is done for if the MAIL FROM
command
specifies an empty return address (a bounce).
There's nothing to check.
opt BOFHSPFFROM=
keywords
Use Sender Policy Framework to verify the return address in the
From:
header.
See Sender Policy Framework Keywords below for
important information, and a list of possible keywords.
opt BOFHSPFHARDERROR=
keywords
This setting lists the unacceptable SPF results that should result in a permanent error. All other unacceptable SPF results are kicked back with a temporary error indication, inviting the sender to try again later.
The default setting for BOFHSPFHARDERROR
is
fail,softfail
.
opt BOFHSPFTRUSTME=1
Disable all SPF checks for any connecting client that has relaying privileges
(RELAYCLIENT
is explicitly set, or inherited after a successful
SMTP authentication).
opt BOFHSPFNOVERBOSE=1
This setting disables custom SPF rejection messages. Any SPF rejection message specified by the SPF policy is replaced by a stock, bland message. The author of this SPF implementation believes that there's a minor security issue with letting an external site control the error messages issued by your mail server. The same author does not believe that this is such a big deal, but security-sensitive minds may choose to enable this setting, and sleep easy at night.
opt BOFHSUPPRESSBACKSCATTER=
list
This is one of the two settings that controls which messages are subject to
backscatter suppression.
The other setting, ESMTP_BLOCKBACKSCATTER
is set in the
courierd
configuration file, which contains further
documentation.
“list” is a comma-separated list of message sources. The possible message sources are:
authsmtp
Messages received via SMTP from clients with relaying privileges (authenticated SMTP, or IP addresses that always have relaying privileges.
smtp
All other messages received via SMTP.
none
Do not suppress backscatter messages from any source.
The default setting is “opt BOFHSUPPRESSBACKSCATTER=smtp”. The other possible values are “opt BOFHSUPPRESSBACKSCATTER=smtp,authsmtp” (which suppresses backscatter from all SMTP mail), and “opt BOFHSUPPRESSBACKSCATTER=none”.
calendarmode
This configuration file enables basic calendaring features in the webmail server. Calendaring is currently considered experimental in nature, and the current implementation provides basic calendaring services. If this file does not exist, calendaring options are disabled. If this file exists it should contain a single word: "local". For example:
echo "local" >/etc/courier/calendarmode
This configuration file must be globally readable, so make sure that your umask is not set too tight.
courierd
This configuration file specifies several parameters relating to general the Courier mail server configuration. A default configuration file will be installed, and you should consult its contents for additional information.
defaultdomain
This file contains one line whose contents is a valid mail domain. Most
header rewriting functions will append @defaultdomain
to all
E-mail addresses that do not specify a domain. If defaultdomain
is missing, the Courier mail server uses the contents of the me
control file.
When the ESMTP server receives a “RCPT TO” command containing
the address <user@[
,
and the IP address is the same as the IP address of the socket it's listening
on, the ESMTP server replaces the IP address with the contents of the
ip.address
]>defaultdomain
control file.
If defaultdomain
is missing, the Courier mail server uses the contents of the me
control file.
The contents of defaultdomain
are also appended to return
addresses to mail sent from the Courier mail server's webmail server, if they don't already
have a domain. If defaultdomain
does not exist,
the Courier mail server's
webmail server obtain the machine hostname, and uses that.
The mail domain in defaultdomain
should be
one of the local domains,
as defined by the
locals
and the hosteddomains
control files.
Otherwise, if a domain-less address in mail headers gets
augmented with defaultdomain
and
the recipient replies to the message, upon receipt Courier won't recognize
the recipient address as a local mailbox.
This might not necessarily be wrong, but the consequences of such an action
must be clearly understood.
If you change the contents of this configuration file, it may be necessary to rerun the makealiases command again, else your mail will promptly begin to bounce. If you don't have this configuration file defined, and you change the system's network host name, you may also need to run makealiases.
dotextension
This file contains one line whose contents specify the name of dot-files in
users' home directories which contain delivery instructions. If this file
does not exist,
the Courier mail server reads $HOME/.courier
,
$HOME/.courier-foo
, $HOME/.courier-default
, and so
on. If this file contains the text "qmail",
the Courier mail server will instead read
$HOME/.qmail
, $HOME/.qmail-foo
,
$HOME/.qmail-default
, and so on.
dsnfrom
This file contains one line specifying the contents of the
From:
header that the Courier mail server puts in all delivery status notifications. This file
specifies a complete header, except for the "From: " part. If
dsnfrom
is missing, then the Courier mail server uses the following
header:
"Courier mail server mail server at
me
" <@>
dsnlimit
Maximum size, in bytes, of a message whose contents are included in
delivery status notifications. By default, the entire message is only
included in non-delivery notices (failures). Only the headers will be
returned for delay notifications (warnings) and return receipts; or for
failures if the original message is larger than dsnlimit
.
If missing, dsnlimit
is set to 32K.
The sender can request that the entire message be returned even on delayed notices or return receipts, however the Courier mail server will ignore this request if the message size exceeds this limit.
enablefiltering
This configuration file enables the global mail filtering API for selected mail sources. This file, if it exists, contains a single line of text that specifies which kind of mail will be filtered. The possible values are:
esmtp
Enables global mail filtering for mail received via ESMTP.
local
Specifies that mail received from logged on users, via sendmail, and mail forwarded from dot-courier(5) will be filtered using the global mail filtering API.
uucp
Specifies that mail received from UUCP will be filtered.
If you want to specify more than one source of mail, such as ESMTP and
local mail, specify both esmtp
and
local
, separated by a space character.
The global mail filtering API is described, in detail, in the courierfilter(8) manual page. This is NOT the traditional user-controlled mail filtering, such as maildrop(1) . A global mail filter is a daemon process that selectively accepts or rejects incoming mail, based on arbitrary criteria.
esmtpacceptmailfor
This file lists all domains that the Courier mail server accepts mail for via ESMTP. This
file is in the same format as the locals
file. If this file is
missing, the Courier mail server uses the
single domain specified in me
(or the
system machine name).
See the section called “Hostname-dependent configuration”
for more information on hostname-dependent configuration in the
esmtpacceptmailfor
configuration file.
esmtpacceptmailfor.dat
and esmtpacceptmailfor.dir
esmtpacceptmailfor.dat
is a binary database file that lists additional domains
that the Courier mail server
accepts mail for, just like
esmtpacceptmailfor
.
The binary
database file will be faster than a flat text file with a large
number of domains. The Courier mail
server accepts mail for domains listed in either
esmtpacceptmailfor
or
esmtpacceptmailfor.dat
.
esmtpacceptmailfor.dat
is created by the
makeacceptmailfor command
from the contents of the
esmtpacceptmailfor.dir
directory.
You can use both
esmtpacceptmailfor.dat
and
esmtpacceptmailfor
at
the same time. Put your most popular domains in
esmtpacceptmailfor
, and put the rest of
them into
esmtpacceptmailfor.dat
.
See the section called “Hostname-dependent configuration”
for more information on hostname-dependent configuration in the
esmtpacceptmailfor.dir
configuration files.
esmtpauthclient
This configuration file configures ESMTP authentication for the ESMTP client. This is a text file of zero or more lines that contain the following fields:
relay userid password
When the Courier mail server connects to a remote ESMTP relay
,
the Courier mail server will
authenticate itself using userid
and password
. These fields
are separated by one or more whitespace characters. Because this file
contains passwords, it must not be world or group readable, and owned by the
user "courier
".
ESMTP negotiation will take place, and the Courier mail server will use a SASL authentication method supported by both the Courier mail server and the remote ESMTP server. Currently the Courier mail server supports PLAIN, LOGIN and CRAM-MD5 authentication. CRAM-MD5 is preferred over the other two, and PLAIN is preferred over LOGIN.
The Courier mail server also supports ESMTP over SSL (the ESMTP STARTTLS extension). If ESMTP STARTTLS is enabled, STARTTLS will be used to establish a secure link first. The authentication will take place afterwards, over a secure channel.
Changes to this file take effect, more or less, immediately (existing connections are not affected, but new connections will read the updated data).
esmtpd
This file is used to initialize the environment and parameters for courieresmtpd. A default file will be provided during installation. See the comments in the file for more information. For changes to this file to take effect you run the esmtpd stop command followed by esmtpd start.
esmtpdelay
This file contains one line of text that specifies how long courieresmtp waits after a failure to contact the remote mail server before another attempt is made. courieresmtp (not to be confused with courieresmtpd) delivers outgoing mail to remote mail servers. The timeout is specified as an integral number, optionally followed by m - minutes, or h - hours. Otherwise it is specified in seconds.
The courieresmtp process delivers mail that's routed to
external mail relays, via ESMTP. When attempting to initally contact a mail
server courieresmtp waits for the amount of time specified by
esmtptimeoutconnect
(see below).
esmtptimeoutconnect
is usually set to a relatively long period
of time, in order to accomodate slow mail servers. A large number of messages
queued up for an unreachable mail server can tie up delivery slots that can
be put to a better use by reassigning them for mail to another domain.
Although the Courier mail server does not usually assign all delivery slots for messages to
the same domain (this is a tuneable parameter), it is still not very healthy
to have a bunch of courieresmtp daemons spinning their wheels,
doing nothing.
The situation worsens when there is a large number of mail relays that
accept mail for the same domain, and all of them are unreachable due to a
network failure. That's because the esmtptimeout
waiting period
is used for each individual mail relay. Multiply esmtptimeout
by the number of servers to see how large the delay really will be.
esmtpdelay
is implemented internally in the
courieresmtp module. The main the Courier mail server scheduling daemon is not
aware of what's happening internally in courieresmtp. When
courieresmtp fails to contact any mail relay for the domain, the
message is postponed, and the esmtpdelay
timer is set. Any
additional messages received by the same courieresmtp daemon
(for the same domain), are immediately postponed without any attempt to
contact a remote mail relay. When the amount of time set by
esmtpdelay
expires, courieresmtp will attempt to
make another delivery attempt as usual.
If esmtpdelay
does not exist, the default delay is five
minutes. Any messages that are postponed look like any other temporary
failure to courierd. Delivery attempts are rescheduled as if a
real temporary failure took place. Therefore it does not make sense to set
esmtpdelay
to be greater than retryalpha
(see
below). When retryalpha
is smaller is esmtpdelay
,
you'll just messages spinning through the mail queue, with useless delivery
attempts being attempted because esmtpdelay
still hasn't
expired.
Occasionally you might observe somewhat strange behavior on systems with
heavy mail traffic. esmtpdelay
applies separately to each
individual instance of courieresmtp. When a remote mail server
keeps going up and down, it is possible to end up with multiple
courieresmtp daemons handling mail for the same domain, but only
some of them will encounter a network failure, purely by the luck of the
draw. The remaining daemons will be able to establish a connection. So you'll
end up with some courieresmtp daemons being able to deliver mail
immediately, while the rest are still waiting patiently for
esmtpdelay
to expire, postponing all messages in the meantime.
Some messages - but not all - will be immediately postponed without a
delivery attempt, becauses they ended up getting to a daemon which is waiting
for esmtpdelay
to expire.
Another anomalous situation may happen when a courieresmtp
daemon gets reassigned to another domain, and then receives more mail for the
previous domain. This can happen when you have a lot of mail going through.
Although the Courier mail server tries to shuffle all mail for same domain into one pile, the
scheduler still tries to dispatch mail on "first-come, first-serve" basis, as
much as possible. When that happens another delivery attempt will be made
immediately, because the previous esmtpdelay
was cancelled when
the daemon got reassigned to another domain.
There can also be occasional abnormalities that affect systems with light
traffic. When there is a domain with several mail relays of equal priority,
one mail relay is chosen at random for the connection attempt. If some of the
equal-priority mail relays are unreachable and a courieresmtp
daemon picks it, it will start the esmtpdelay
timer and refuse
to deliver any more mail until it expires, even if most of the mail servers
are functional. This will happen only with mail relays of the lowest
priority. Otherwise, courieresmtp will always try to contact
another mail relay of a still lower priority, before giving up and setting
the esmtpdelay
timer. Another courieresmtp daemon
will not be started for the same domain if there's already an existing one,
so all delivery attempts will be turned away until esmtpdelay
expires. Another courieresmtp daemon will be started only in the
event of multiple simultaneous delivery attempts that happen to coincide at
the same time.
This is somewhat mitigated by the fact that all courieresmtp
daemons are killed after a short period of total inactivity (currently one
minute), so that longer intervals specified by esmtpdelay
are
ignored. Note, however, that receiving a message to deliver, and then
postponing it immediately, does count as some activity.
esmtpdelay
can be turned off by setting it to 0 seconds.
esmtpdelay
is designed for servers that handle heavy amount of
mail that wish to avoid having outbound delivery slots tied up due to network
failures, at an expense of an occasional anomalous behavior due to harmless
paranoia. esmtpdelay
may prove to actually make things worse for
systems that carry only light mail traffic, if they are burdened with a task
of exchanging mail primarily with external systems that are not properly
maintained.
esmtpgreeting
The complete greeting banner displayed by courieresmtpd. Changes to this file take effect immediately.
esmtphelo
This file contains one line of text, what the Courier mail server calls itself in the
EHLO
or HELO
command sent to a remote SMTP server.
me
is used if this file does not exist.
esmtphelo
may also be set to a special value of
“*”:
echo '*' >esmtphelo
(Note the single quotes, to prevent “*” from being expanded
by the shell).
The Courier mail server will take the IP address of the local side of the connection to
the remote SMTP server, look up the IP address in DNS,
and use the hostname from the reverse DNS lookup.
This might be useful when the Courier mail server server is multihomed.
The Courier mail server will look up the local IP address of each individual connection,
and use that in its EHLO
or HELO
command.
Functioning DNS is required.
Using the hosts
file, or an equivalent, won't work.
This function uses the Courier mail server's native DNS resolver, which
reads /etc/resolv.conf
and queries the listed
DNS servers directly.
See the section called “Servers with multiple IP addresses” for a better way of accomplishing the same results.
esmtproutes
This file is used by the ESMTP module, and it contains one or more lines in the following form:
domain
:relay
[,port
][/SECURITY=STARTTLS][/SECURITY=REQUIRED][/SECURITY=SMTPS]
domain
is any SMTP domain. relay
specifies a
fixed mail relay for this domain. relay
is optionally followed
by a comma and a port number, to specify a port other than the default port
25. If an address's domain is not found in esmtproutes
,
the Courier mail server
looks for MX and A records as usual (and always delivers to port 25). If the
domain is found in esmtproutes
, however, any MX or A records for
the domain are ignored; instead the Courier mail server delivers the message to the specified
relay.
relay
can be another domain, or an explicit IP address inside
brackets. For example, if esmtproutes
contains the following:
example.com: relay.domain.com domain.com: [192.168.0.2]
Mail for example.com
is delivered to
relay.domain.com
, ignoring any MX records for
example.com
. Mail for domain.com
will be delivered
to the machine at IP address 192.168.0.2. All other domains will have their MX
and A records looked up.
Unlike Qmail, the Courier mail server
looks up MX and A records for
relay.example.com
(Qmail only looks up A records).
esmtproutes
may contain comments, any line that starts with
the # character is ignored. Also, wildcards are allowed:
.example.com: [192.168.0.3],26
This specifies that any address of the form
<anything@anything.example.com>
will be delivered to the
mail server at this IP address, but on port 26.
esmtproutes
is read from top to bottom, stopping as soon as a
first match is found.
domain
may be empty, this specifies a smarthost for all
domains. For example, if esmtproutes
contains the following
text:
example.com: relay.example.com :[192.168.0.4]
This specifies that all mail to example.com
is rerouted to
relay.example.com
. All other mail is routed to the IP
address 192.168.0.4
.
If relay is empty, the Courier mail server interprets it as an explicit directive to use MX and A records from DNS. For example:
example.com: :[192.168.0.4]
This uses MX and A records for all messages to example.com
.
All other mail is rerouted to the IP address
192.168.0.4
.
The /SECURITY=STARTTLS
flag indicates that
mail to this domain will use the SECURITY
ESMTP extension. See the Courier mail
server installation notes for a description of
SECURITY
, what it does, and how to configure
it.
/SECURITY=STARTTLS
does
not refer to the standard implementation
of SMTP over
TLS, but a
Courier-specific extension.
Courier automatically sends
mail using encryption if it's enabled and the remote server
advertises STARTTLS
.
/SECURITY=SMTPS
uses an encrypted
SMTP connection. This is an alternative
to STARTTLS
. Encrypted
SMTP uses a different port, port 465, which
must be specified explicitly:
: relay.example.com,465 /SECURITY=SMTPS
This example forwards all mail to
relay.example.com
on port 465 using
encrypted SMTP.
If you intend to use /SECURITY=SMTPS
to forward
all your mail to your provider's mail server over
smtps
additional you should also set
ESMTP_TLS_VERIFY_DOMAIN=1
,
TLS_VERIFYPEER=PEER
, and
TLS_TRUSTCERTS
to a list of trusted certificate
authorities (Courier's configuration
script should provide a default value for
TLS_TRUSTCERTS
on most platforms), in the
courierd
configuration file.
Otherwise, TLS
still gets used to send mail,
but the smarthost's certificate does not get validated.
Properly-managed Internet providers should install a valid
certificate, signed by a trusted authority, if they require
SMTPS
. Poorly-managed Internet providers will
just install a self-signed certificate, and will not be able to
explain why they require SMTPS
, if it's
trivially compromised with a man-in-the-middle attack that
a non-validated certificate enables, so either find a more
competent provider, or use /SECURITY=SMTPS
without actually enabling all the extra validation that's
actually needed to gain any kind of a secure mail
transmission channel.
A combination of broken mail servers written by incompetent programmers, and poorly-managed Internet providers will result in a mail server that advertises the ability to use an encrypted connection to receive mail, but either disconnect immediately, or return an error message when the sender takes up the receiver's offer to do so.
When the Courier mail server connects to another server that claims to support an encrypted connection, tries to enable it, then fails because the other mail server drops the connection or returns an error message, all subsequent connection attempts to the same mail server will ignore the server's false advertising, and proceed to send mail without attempting to enable encryption. The Courier mail server remembers not to use the encryption with this server for the next 2-4 hours (depending on an internal log file's rotation schedule). Once the remote mail server emerges from the penalty box, the next connection attempt will try again, and see if it's still doesn't work.
The /SECURITY=REQUIRED
flag blocks
the Courier mail server from sending
mail to the remote server unless a standard encryped connection
can get established.
If it's known that the given mail server should only receive
encrypted mail, /SECURITY=REQUIRED
prevents
a man-in-the-middle attack where the remote mail server's
advertisement of is STARTTLS
capability
gets suppressed, and the mail gets sent in the clear.
ESMTP_TLS_VERIFY_DOMAIN=1
,
TLS_VERIFYPEER=PEER
, and
TLS_TRUSTCERTS
should also be set, in the
courierd
configuration file, as described
above, for the same reasons, in this case.
To summarize:
/SECURITY=STARTTLS
Courier-specific extension, use a private certificate authority to set up a secure mail network, while supporting regular encrypted TLS with the rest of the world.
/SECURITY=SMTPS
Use regular encrypted SSL/TLS with
this mail server. Use this flag with an
esmtproutes
entry to
a server on port 465 (smtps).
/SECURITY=REQUIRED
Must use the STARTTLS
extension to
open a regular encrypted TLS connection
with this server on the regular SMTP port 25.
Changes to
esmtproutes
take effect immediately, more or less. Existing
courieresmtp processes that already have an
established connection will ignore any changes.
esmtptimeout
This file contains one line of text that specifies the timeout for an SMTP command. The timeout is specified as an integral number, optionally followed by m - minutes, or h - hours. Otherwise it is specified in seconds. This timeout is used for all SMTP commands, unless the SMTP command has a dedicated timeout defined by a different configuration file. The default timeout is ten minutes.
esmtptimeoutconnect
This file contains one line of text that specifies the timeout for an SMTP
connection attempt. Most TCP/IP stacks wait an extraordinary long period of
time for SMTP connections to go through. This configuration setting limits
the amount of time the Courier mail server waits for the SMTP connection to complete. The
default timeout is one minute. Set esmtptimeoutconnect
to 0 in
order to use whatever default timeout your TCP/IP stack uses.
esmtptimeoutdata
This file contains one line of text that specifies the timeout for transferring the message contents or individual replies. The default timeout is five minutes. You WILL HAVE TO bump this up if you're on a slow link, and you want to send large messages. A 28.8Kbps link can be optimistically expected to push 3,000 bytes per second. With a five minute cutoff, you will not be able to send or receive anything larger than about 870 Kb. You have no business sending or receiving 870 Kb messagesl, if all you have is an analog 28.8Kbps connection.
esmtptimeouthelo
This file contains one line of text that specifies the timeout for the initial EHLO or HELO command. The Courier mail server will wait this amount of time to receive the initial greeting banner from the remote SMTP server, and a response to the subsequent EHLO/HELO command. The default value is 5 minutes.
esmtptimeoutkeepalive
This file contains one line of text that specifies how often outbound SMTP sessions are kept idle after delivering a message. After the Courier mail server connects to an SMTP server and completes the attempt to deliver the message, the SMTP session is kept idle for this time interval before being shut down. If the Courier mail server receives another message for the same domain, it will be delivered using the existing SMTP session, instead of establishing a new one. Note that some SMTP servers have a very short idle timeout, Qmail's is only two minutes. The default value is 60 seconds.
Note that there's also a separate limit to the maximum number of simultaneous SMTP sessions to the same domain. That limit is currently four, which is adequate for nearly every situation, so for now it will be set by an undocumented configuration file.
esmtptimeoutkeepaliveping
This file contains one line of text that specifies how often the Courier mail server will
issue a useless RSET command when the connection is idle (see
esmtptimeoutkeepalive
). While waiting for any more messages to
deliver to the same domain, or for the esmtptimeoutkeepalive
interval to expire, courieresmtp will transmit RSET commands at
regular intervals specified by this configuration file. The default value is
0 seconds, which turns off the keepalive ping altogether. This configuration
settings must be for a shorter time interval than
esmtptimeoutkeepalive
for it to make any sense. Note that other
system administrators may consider this to be a very rude thing to do. Also
keep in mind that this may generate quite a bit of idle traffic. If you have
the Courier mail server configured for a maximum number of 200 outbound SMTP sessions and a
30 second esmtptimeoutkeepaliveping
setting, then you can have
as much as an average of around seven pings every second!
esmtptimeoutquit
This file contains one line of text that specifies how long the Courier mail server waits for the external SMTP server to acknowledge the QUIT command, before the Courier mail server unilaterally tears down the connection. The default value is 10 seconds. This must be a small value because the Courier mail server needs to be able to shut down quickly, on very short notice.
faxqueuetime
This file specifies how long the Courier mail server normally tries to repeatedly resend a
fax message (if the courierfax
module is enabled).
The default E-mail message retry timeout
(the queuetime
setting)
is one week, which is a reasonable
timeout value for E-mail messages (taking into account downed circuits,
or crashed servers).
However, it doesn't make sense to keep trying to redeliver fax messages
for a whole week.
faxqueuetime
specifies the timeout for fax messages.
This time interval is specified in the same way as
queuetime
(see queuetime
for more information).
faxnotifyrc
This file specifies which mailbox the Courier mail server should deliver received faxes (if this option is enabled). See the Courier mail server's installation notes for more information.
faxrc
This file configures the Courier mail server's outbound faxing and dialing parameters. Consult the comments in the default file for additional information, and the courierfax(8) manual page for more information.
hosteddomains
This file lists locally-hosted domains. It is very similar in function to
the locals
control file. Any address with a domain listed in
hosteddomains
is considered to be a local address. The
difference between hosteddomains
and locals
is that
domains listed in hosteddomains
are not removed from individual
addresses before looking up the location of their mailboxes. For example, if
the domain "example.com
" appears in locals
, the
address user@example.com
will have example.com
removed, and then the Courier mail server will look for a local mailbox named
"user
".
If the domain "example.com
" appears in
hosteddomains
instead, the
Courier mail server will look for a local mailbox
named "user@example.com
" instead.
The contents of the hosteddomains
configuration file is a list of domains, one per line,
in lowercase. You must run the
makehosteddomains command, followed by
courier restart (this restarts the server)
for any changes to take
effect.
Additionally, hosteddomains
can specify simple domain
aliases.
See the complete description in the
makehosteddomains(8)
manual page.
See the section called “Hostname-dependent configuration”
for more information on hostname-dependent configuration in the
locals
configuration file.
ipout
, ip6out
Non-default IP addresses to send outgoing ESMTP messages from. See the section called “Servers with multiple IP addresses” and the section called “Simulating a server with multiple IP addresses”, below, for more information.
ldapaddressbook
This file is used by the webmail server. It contain a default systemwide list of accessible LDAP address books. A default file will be installed, listing some common Internet address books. Each line in this file contains the following information:
name<tab>host<tab>port<tab>suffix<tab>binddn<tab>bindpw
"<tab>" is the ASCII tab character. “name” is the unique name for this LDAP server. “host” and “port” specify the connection parameters. “suffix” specifies the root LDAP entry whose subtree gets searched. The “binddn” and “bindpw” fields are not presently used (they were used in earlier version of the webmail server, before the LDAP search interface was rewritten and simplified).
ldapaliasrc
This file is used by the courierldapaliasd process. See courierldapaliasd(8) for more information.
locallowercase
If this file exists, the Courier mail
server will not distinguish being lowercase and
uppercase local accounts, so that john@example.com
and
John@example.com
will refer to the same local mailbox (where
example.com
is your domain). Postmaster
,
postmaster
, and POSTMASTER
always refer to the same
account, even if locallowercase
does not exist.
If locallowercase
exists you cannot have any system
accounts that contain uppercase letters. locallowercase
applies
only to local mail. Mail addressed to external domains will always have the
case of the addresses preserved.
locals
This file contains one or more lines of text, where each line contains a
valid mail domain. Any E-mail address without @domain
, or with a
domain that can be found in locals
will be considered to be an
address of a local mailbox. A domain can be specified with a leading dot:
.domain.com
This is called a "wildcard". Any domain ending in domain.com
,
such as a.domain.com
, b.domain.com
,
a.b.c.domain.com
- but NOT somedomain.com
- will be
considered local. Note that domain.com
is NOT included in this
wildcard. Both "domain.com
" and ".domain.com
"
should be listed.
Specific hosts can be excluded from the wildcard. Example:
!host.domain.com .domain.com
anything.domain.com
is considered to be a local domain, except for
host.domain.com
. Note that "!host.domain.com
" must appear in
locals
before the .domain.com
wildcard.
The "!hostname
" syntax is also valid in the
esmtpacceptmailfor
control file.
If locals
does not exist, the
Courier mail server uses the contents of the
me
control file (note that me
specifies only one
domain, second and subsequent lines are ignored). Also, see
hosteddomains
.
See the section called “Hostname-dependent configuration”
for more information on hostname-dependent configuration in the
locals
configuration file.
localtimeout
This file specifies the watchdog timer for local mail deliveries.
If a local mail delivery attempt does not complete in the proscribed time
interval, the delivering process ID is killed.
The time interval in
localtimeout
is specified in the same way as
queuetime
(see queuetime
for more information).
logindomainlist
If this file exists then the webmail login screen will have a drop-down list
whose contents will be read from this file. This file should contain a list
of E-mail domains, one per line. It should be created if the Courier mail server's webmail
server is used to provide mail access for more than one domain. Instead of
typing "user@domain
" to log in, it will only be necessary
to enter "user
",
and select the domain from the drop-down list. If this file does not exist it
will be necessary to enter the full E-mail address into the webmail login
screen.
Enhanced login domain listing
The enhanced
logindomainlist
makes it possible to specify a separate list of domain for each virtual web site, and more control over the defaults.What if you don't want to display a drop down menu? Administrators can now specify records that generate a hidden field in
login.html
, or an editable text field, allowing sqwebmail to show only one mail login domain to each user per access URL or IP address. This functionality can greatly reduce confusion for first time webmail users, and greatly speed the login process for frequent webmail users.Finally, the new
logindomainlist
file offers a new tool to ease maintenance. Administrators can now use wildcards to "rewrite" the domain portion of the access URL to the mail domain equivalent. For example, the following record can rewrite the URL "mail.*.com
" to the mail domain "*.com
"
*.com:mail.*.com:@
This powerful wildcard functionality can ease the login process for most of your server's mail domains with just one or two
logindomainlist
records.
- File Format
Let's take a look at the NEW
logindomainlist
file format:
firstfield:secondfield:thirdfield
Above, we can see that the new
logindomainlist
records are made up of three fields delimited by colons. But what does each field do?
First Field
- the first field contains the "mail domain" for which we would like the user to log in under. The mail domain is the part of an email address after the @ symbol. For example, in the email address "user@domain.com
", "domain.com
" is the mail domain.
Second Field
- the second field contains the "access domain". The access domain contains an URL or IP address that is used to figure out which mail domain to use by default. For example, in the followinglogindomainlist
record:
domain1.com:domain2.com
"
domain2.com
" is the "access domain" and "domain1.com
" is the "mail domain". If the user logs into the following URL:
http://domain2.com/cgi-bin/sqwebmail
His default "mail domain" will be "
domain1.com
".
Third Field
- the third field may contain a modifier. The modifier may be either a single character modifier, or a group identification string. The single character modifiers and the group modifier are described in detail below.Finally, the
logindomainlist
file may also contain comments and empty lines. Empty lines can be used to group records visually, and comments can be used to explain why a certain record or group of records look the way they do.If the first character of a line is a '#', then the entire line is considered a comment and is ignored. If the first character of a line contains whitespace, the entire line is assumed to be an empty line and is ignored.
- Modifiers
@
- the '@' modifier can be used to create a hidden field on thelogin.html
page which contains the default mail domain. In addition, this field will automatically display the default mail domain in plain text to the right of the userid text box.Note
The '@' modifier ALLOWS the use of wildcards to automate the relationship between "access domains" and "mail domains". See the heading "Wildcards" below for more information about wildcarding.
-
- the '-' modifier can be used to create an editable text field on thelogin.html
page which contains the default mail domain.Note
The '-' modifier ALLOWS the use of wildcards to automate the relationship between "access domains" and "mail domains". See the heading "Wildcards" below for more information about wildcarding.
group string
- If no modifier is specified in the third field, or if the third field modifier is a group identifier string, then a drop down menu will be displayed on thelogin.html
page. Records with the SAME group string will be displayed together in the drop down. For example, if yourlogindomainlist
file contains the following records:domain1.com:domain2.com:firstgroup domain3.com:domain4.com:firstgroup domain5.com:domain6.com:firstgroup domain7.com:domain8.com:secondgroup domain9.com:domain10.com:secondgroupAnd the user logs into sqwebmail with the following URL:
http://domain4.com/cgi-bin/sqwebmail
He will see a drop down containing ONLY the following domains:
domain1.com domain3.com domain5.com"
domain3.com
" will be automatically selected, or defaulted. Only the records in thefirstgroup
will be visible to the user. This functionality is great for organizations with more than one mail domain.Note
The group string modifier does NOT allow the use of wildcards to automate the relationship between "access domains" and "mail domains". This is because drop down menus are fundamentally incompatible with wildcards.
- Wildcards
If a record's modifier allows wildcarding (See "Modifiers" above for information about which modifiers allow wildcarding and which do not.) then the first and second fields of that record _MAY_ contain wildcards. Wildcards match against the HTTP_HOST CGI environment variable only. IP addresses can NOT be used if either the first or second fields contain the wildcard character. However, if neither the first nor second fields contain the wildcard character, then the second field can contain an IP address.
In the
logindomainlist
file, an asterisk (*) character in either the first and/or second field represents a wildcard. Any asterisk in the second field will be used to match an access domain. If an asterisk exists in the first field then any characters which the asterisk in the second field represents will replace the asterisk in the first field when sqwebmail determines the default mail domain. However, asterisks are not required in either the first or second fields. They are totally optional. For example, given the followinglogindomainlist
record:
*.com:mail.*.com:@
If the user logs into sqwebmail with the following URL:
http://mail.mydomain.com/cgi-bin/sqwebmail
The asterisk in the second field will represent the string "
mydomain
". This string will then replace the asterisk in the first field to give the following default mail domain:mydomain.com
Similarly, if the following record exists in the
logindomainlist
file:
*:*:@
Then ANY URL the user uses to access sqwebmail will be automatically used for the default mail domain.
But the first field doesn't _HAVE_ to contain an asterisk. The following will work just fine:
mydomain.com:mydomain.*:@
The above example will allow the user to access the "
mydomain.com
" mail domain from any of the following URLs: "mydomain.org
", "mydomain.net
", "mydomain.us
", etc...And finally, the first field doesn't have to contain anything at all! If the first field is empty, that record will serve as an explicit no-default mail domain. No default mail domain will be specified if the second field matches the user's login URL. This is useful because the
logindomainlist
is searched from the top down. Any wildcard records at the bottom of the list will be overridden by records closer to the top. An "explicit no-default" record can be used to specify certain domains as "system account" domains so that no default mail domain is specified.
maildirfilterconfig
This file, if exists, sets the global defaults for mail filtering in the webmail server. Mail filtering in the webmail server is a subject worthy of special mention. A full description of how to install and configure webmail-based mail filtering is included in the installation notes for the Courier mail server. Refer to the installlation instructions for additional information.
maildirshared
This file, if exists, specifies the location of shared maildirs for the webmail and IMAP server. Normally, each mailbox must be separately configured to access every shared maildir, by the maildirmake(1) command. This file allows shared maildirs to be set globally for everyone. Everyone's webmail and IMAP server will pick up the shared maildirs specified in this file. See maildirmake(1) for more information.
maildrop
This file contains one line whose contents is a pathname to the
maildrop(1)
mail delivery agent. If the Courier mail server knows
that the delivery agent used to delivery mail locally is
maildrop(1)
then certain delivery optimizations
are possible. This configuration file does NOT actually specify that
maildrop(1)
should be used as a local mail delivery
agent, it only specifies where
maildrop(1)
is installed. The default local mail delivery instructions are specified in the
courierd
configuration file. If the specified delivery
instruction specify running an external program whose pathname matches the
one specified by this configuration file, the Courier mail server assumes that it's
maildrop(1),
and will use maildrop-specific options to optimize mail delivery.
This configuration file is initialized, by default, to point to the version of maildrop(1) that's integrated with the Courier mail server. The integrated version of maildrop(1) is configured slightly differently than the standalone version of maildrop(1).
Although you can set the maildrop
configuration file to point
to some other version of the maildrop mail filter,
you MUST set the
maildropfilter
configuration file (see below), to point to the
integrated version of maildrop.
maildropfilter
This file contains one line whose contents is a pathname to the maildrop(1) mail delivery filter. In addition to being a delivery agent, maildrop can also be used as a mail filtering engine. If this file exists, the Courier mail server will be capable of invoking recipient-specified mail filters when a message is received. If the mail filtering rules reject the message, the Courier mail server will not accept the message for delivery. This means that when receiving mail via ESMTP, the Courier mail server will reject the ESMTP transaction without even accepting the message from the remote mail server.
This file is not installed by default. To activate mail filtering for
local recipients, simply copy the contents of the maildrop
configuration file to maildropfilter
.
maildroprc
This file contains systemwide mail filtering instructions for maildrop(1) deliveries. This configuration file is optional, and is used by maildrop(1) when it is invoked as a traditional post-delivery mail filter. See maildropfilter(6) for more information.
me
This file contains one line whose contents is a
fully-qualified domain name. When a
single installation of the Courier
mail server is shared over a network, each machine that's
running the Courier mail server must
have a unique me
file.
A missing me
defaults to the gethostname
() system
call (see the section called “Hostname-dependent configuration”
for more information on hostname-dependent configuration).
Changing me
requires rerunning
the makealiases command again,
else mail can bounce.
Without this configuration file defined changing
the system's hostname also requires rerunning
makealiases.
msgidhost
If a message does not have a Message-ID:
header, the Courier mail server may
decide to create one. The host portion of the new header will be set to the
contents of msgidhost
, which contains one line of text. If
msgidhost
does not exist, me
will
be used in its
place. Changes to this file take effect immediately.
nochangingfrom
The Courier mail server's webmail server lets the contents of the From:
header be set for mailed messages. If this configuration file exists, the
ability to set the contents of the From:
header is disabled.
queuelo
,
queuehi
,
queuefill
These configuration settings tune the Courier mail server's mail queue processing.
The Courier mail server does not load the entire mail queue metadata in memory.
queuelo
contains a number that specifies the
queue “low watermark” message count.
queuehi
contains a number that specifies the
queue “high watermark” message count.
queuefill
specifies a time interval,
“queue refill” in seconds.
The number in queuefill
may optionally be followed
by "m", indicating that the queue refill is specified in minutes.
queuehi
specifies the maximum number of messages that
are loaded into memory.
The Courier mail server reads the mail queue on disk until either it reads all of it, or
it reads the number of messages specified by
queuehi
.
As messages are delivered they are removed from the memory and disk.
Messages that are deferred for another delivery attempt are removed from
memory, but kept on the disk.
When the number of messages in memory falls below queuelo
,
The Courier mail server goes back to disk and attempts to fill the memory queue to the top,
again.
This is, basically, a capsule summary of the mail queue processing logic. Many small, low level details are omitted; this is just an executive overview. When new messages arrive during a large mail backlog, the new messages are also loaded into the memory queue, if there's room for them. Therefore, during a large mail backlog the Courier mail server simultaneously tries to clear the existing backlog, and process any new mail at the same time. Up to the Courier mail server 0.41, all of this generally translates to the Courier mail server giving priority to newly arrived mail, and processing the backed up mail queue if spare resources are available.
The queuefill
setting was added in the Courier mail server 0.42, in
an attempt to keep new mail from excessively delaying existing mail during
a major queue backup.
queuefill
specifies a time interval.
When the Courier mail server completely fills the memory queue it sets a timer.
After the interval given by queuefill
The Courier mail server will go
back and re-fill the mail queue even if the number of messages did not fall
below the low watermark.
If the Courier mail server finds older messages in the mail queue they will be pushed to the
top of the scheduling queue, and given priority.
Smaller queuefill
time intervals means more frequent
trips to the disk, and more overhead.
But, in exchange for that, during a mail backlog the Courier mail server will spend more time
handling a greater number of delayed messages.
Larger queuefill
time intervals means less frequent
trips to the disk, and less overhead, in exchange for less "fairness"
during large mail backlogs.
queuefill
defaults to five minutes, if not specified.
Explicitly setting it to 0 seconds turns off the queue re-filling completely,
essentially reverting to pre-0.42 behavior.
The default queuelo
and
queuehi
values are computed at run time.
queuelo
defaults to the larger of 200, and the
sum total of configured
mail delivery slots, both local and remote.
queuehi
, if not explicitly set, defaults to the smaller
of twice the queuelo
, or queuelo
plus 1000.
queuetime
This file specifies how long the Courier mail server normally tries to repeatedly deliver a
message, before giving up and returning it as undeliverable. Messages are
immediately returned as undeliverable when a permanent failure is encountered
(such as the recipient address not being valid). Attempts to deliver the
message when there's a temporary, transient, error (such as the network being
down) will be repeatedly made for the duration of time specified by this
configuration file. This file contains a number followed by the letter
'w
'
for weeks, or
'd
'
for days. It is also possible to use
'h
'
for hours,
'm
'
for
minutes, or
's
'
for seconds. Only integers are allowed, fractions are
prohibited. However, you can use
'1w2d
'
to specify one week and two days. If
queuetime
is missing, the Courier mail server makes repeated delivery
attempts
for one week.
retryalpha, retrybeta, retrygamma, retrymaxdelta
These control files specify the schedule with which the Courier mail server tries to deliver
each message that has a temporary, transient, delivery failure.
retryalpha
and retrygamma
contain a time interval,
specified in the same way as queuetime
. retrybeta
and retrymaxdelta
contain small integral numbers
only.
The Courier mail server will first make retrybeta
delivery attempts, waiting
for the time interval specified by retryalpha
between each
attempt. Then, the Courier mail server waits for the amount of time specified by
retrygamma
, then the Courier mail server will make another
retrybeta
delivery attempts, retryalpha
amount of
time apart. If still undeliverable, the Courier mail server waits retrygamma
*2
amount of time before another retrybeta
delivery attempts, with
retryalpha
amount of time apart. The next delay will be
retrygamma
*4 amount of time long, the next one
retrygamma
*8, and so on.
retrymaxdelta
sets the
upper limit on the exponential backoff. Eventually the Courier mail server will keep waiting
retrygamma
*(2^retrymaxdelta
) amount of time before making
retrybeta
delivery attempts retryalpha
amount of
time apart, until the queuetime
interval expires.
The default values are:
retryalpha
Five minutes
retrybeta
Three times
retrygamma
Fifteen minutes
retrymaxdelta
Three
This results in the Courier mail server delivering each message according to the following schedule, in minutes: 5, 5, 5, 15, 5, 5, 30, 5, 5, 60, 5, 5, then repeating 120, 5, 5, until the message expires.
sizelimit
Maximum size of the message, in bytes, that the Courier mail server accepts for delivery.
The Courier mail server rejects larger messages. If sizelimit
is set to zero,
The Courier mail server accepts as large message as available disk space permits. If the
environment variable SIZELIMIT
is set at the time a new message
is received, it takes precedence and the Courier mail server uses the contents of the
environment variable instead. Changes to this file take effect immediately.
The SIZELIMIT
environment variable is for use by individual mail
submission agents. For example, it can be set by the smtpaccess
configuration file (see
makesmtpaccess(8)
for more information) for mail from certain IP addresses.
If sizelimit
does not exist, and SIZELIMIT
is
not set, the maximum message size defaults to 10485760 bytes.
submitdelay
submitdelay
specifies the delay before the first delivery
attempt for a message that has been entered into the mail queue. Normally,
the first delivery attempt is made as soon as possible. This setting delays
the initial delivery attempt. It is normally used when you have a mail filter
installed that detects duplicate messages arriving in a short period of time.
If the mail filter detects this situation it can use the
cancelmsg(1)
command to reject duplicate messages in the queue
(and return them back to the envelope sender).
submitdelay
specifies a time interval in the same format as
queuetime
.
usexsender
If this configuration file exists, the Courier mail server's webmail server will set the
X-Sender: header
on all outgoing messages. This is a good idea
if the webmail server allows the user to set the contents of the
From:
header. Note that the Courier mail server records the system userid of the
sender in all locally-sent messages (which includes messages mailed by the
webmail server), which is sufficient in most cases. In cases where you have
many virtual accounts that share the same system userid, this configuration
file provides a way to positively identify the sender of the outgoing
message.
uucpme
uucpme
sets the UUCP nodename of the Courier mail server mail relay. See
courieruucp(8)
for more information.
uucpneighbors
uucpneighbors
is used by the courieruucp module to
specify the Courier mail server's configuration for relaying mail via UUCP. See
courieruucp(8)
for more information.
uucprewriteheaders
If this file exists, headers of messages sent to/from UUCP addresses will be rewritten. Normally, only the message envelope sender and recipients are rewritten, the existence of this file causes the headers to be rewritten as well.
vhost.ip-address
, vhost.domain
Enable per-message virtual configuration settings described in the section called “Servers with multiple IP addresses” and the section called “Simulating a server with multiple IP addresses”, below, for more information.
warntime
warntime
specifies an amount of time in the same format as
queuetime
. If a message still has not been delivered after this
period of time, the Courier mail server sends a warning message (a "delayed" Delivery Status
Notification) to the sender. If warntime
is missing, the Courier mail server
sets warntime
to four hours.
The time interval specified by warntime
is only
approximate. The Courier mail server sends a delayed Delivery Status Notification at the
conclusion of the first attempted delivery after warntime
has
elapsed.
This section describes how to set the various domain-related parameters incorporating the server's system-specified hostname. This makes it possible to create a canned, boilerplate set of Courier configuration files. The configuration files then get replicated, as is, to multiple servers. These servers have their system hostname externally managed, often via DHCP. The server's assigned hostname gets automatically incorporated into Courier's configuration.
me
When the contents of the me
configuration file begin with “*.”, the
asterisk gets replaced by the system's hostname. For example:
me
contains:
*.example.com
The system's assigned hostname is “mx1”.
The effective contents of the
me
configuration file is “mx1.example.com”
A fully-qualified system hostname does not require an
explicit me
configuration file.
If me
configuration file
doesn't exist it defaults to the entire
(fully qualified) system
hostname.
locals
,
esmtpacceptmailfor
/esmtpacceptmailfor.dir
and
hosteddomains
When a line in these configuration files is “*” or begins with “*.”, the asterisk gets replaced by the system's hostname. For example:
A line in
locals
contains:
*.example.com
The system's assigned hostname is “mx1”.
This line in the locals
configuration file is effectively equivalent
to “mx1.example.com”
A line in
hosteddomains
contains:
*
The system's assigned hostname is “mx1.example.com”.
This line in the hosteddomains
configuration file is effectively equivalent
to “mx1.example.com”
HTML output from the webmail server is generated from the template files in
/usr/lib/courier/sqwebmail/html/en-us
.
It is possible to translate the webmail interface into another language
simply by creating another subdirectory underneath
/usr/lib/courier/sqwebmail/html
, then meticulously translating
each .html
file.
Each template file contains well-formed HTML, with dynamic content marked off
by tags.
Note that the large comment blocks in each HTML file need to be translated
too, since they are inserted as dynamic content, elsewhere.
The directory /usr/lib/courier/sqwebmail/html/en-us
also
contains several configuration files, in addition to the HTML template files.
Doing so allows this configuration information to be defined for each
available language.
This file consists of a single line of text, which names the character set used by the HTML template files. It is possible to specify multiple character set, by separating them with commas, provided that HTML templates use only the common portions of all listed character set.
The default English HTML templates use strictly the “us-ascii”
subset, and the CHARSET
contains
utf-8,iso-8859-1
.
When multiple character sets are listed, the first character set that's
supported by the browser is picked, so with UTF-8 capable browsers the default
webmail interface will use UTF-8
, falling back to
ISO-8859-1
for browsers that do not support
UTF-8
.
The contents of this file, if it exists, are appended to all messages sent by the webmail server.
This file consists of a single line of text, which contains the name of the dictionary used for spell-checking. It is passed as an argument to ispell, or aspell.
This file consists of a single line of text, which
should always be the same as the name of its directory
(en-us
).
This file is not needed at runtime, its contents are used during
installation.
See webmail/html/README_LANG
in the source
distribution for more information.
The corresponding C locale for these templates.
This file lists the available timezones on the login screen. See the comments in this file for more information.
The Courier mail server can perform “Sender Policy Framework” checks on up to
three addresses for each message.
This is controlled by setting the following variables:
BOFHSPFHELO
,
BOFHSPFMAILFROM
, and
BOFHSPFFROM
.
Each variable is set to a comma-separated list of the following keywords:
“off” - SPF verification disabled (default);
“none”,
“neutral”,
“pass”,
“fail”,
“softfail”,
“error”,
“unknown” - these keywords correspond to the possible results
of an SPF check, the message is accepted for the listed SPF results only,
any other SPF result is rejected;
“all” - shorthand for all possible SPF results, use
“all” to run SPF in informational mode only, recording the
SPF status in the Received-SPF:
header;
“allowok” - automatically pass the SPF verification if
the sender's IP address is found in a DNS access whitelist, any
whitelist given in the -allow
option to
couriertcpd, see the
“DNS ACCESS LISTS” section in
couriertcpd(1)
.
A rejected SPF result gets kicked back with a permanent error indication
if the SPF result is listed in BOFHSPFHARDERROR
, and
a temporary error indication otherwise.
When enabling SPF checking, the keyword list should always include “pass” (it makes no sense to do otherwise) and “none”. The keyword list should also include “softfail”, “neutral”, and “unknown”. See the SPF draft for a description of these status results. At some distant future, the keyword list will only include “pass”, rejecting all senders without a stated policy. This might be desirable at some point in the future, but not right now.
The BOFHSPFFROM
list may also include an additional keyword,
“mailfromok”.
BOFHSPFMAILFROM
and
BOFHSPFFROM
are trade-offs.
Using BOFHSPFMAILFROM
is faster, and it does not require
the entire message to be received, before running the SPF check.
BOFHSPFFROM
checking can only occur after the entire message
is received, but it's more reliable.
If “mailfromok” is listed, the From:
is not
checked if the MAIL FROM
command was checked
with the “pass” result.
In other words:
the From:
header is checked if
MAIL FROM
was empty, or did not pass the SPF checks.
If MAIL FROM
passed the SPF check the Courier mail server won't bother
looking at the From:
header.
A conservative policy should not reject failed SPF checks from the
From:
header,
because it can be counterproductive in some situations.
This is because when a sender from a domain with a published SPF policy
sends a message to a mailing list, the message goes through the
mailing list processor's IP address, and it will fail the SPF check unless
the domain SPF explicitly authorizes the mailing list processor's IP
address.
This is very unlikely. The end result is that domains with a published SPF record get punished, and domains without an SPF record get off scott free. Mailing lists should be encouraged to publish their own SPF records for mailing list traffic; then the “mailfromok” keyword can validate the mailing list's return address, and forego checking of the “From:” header from the mailing list, while still checking the “From:” header from everyone else.
Another alternative is to use
opt BOFHSPFFROM=all
for advisory purposes only.
Post-delivery mail filters can key off the “Received-SPF”
header.
The Courier mail server can add up to three “Received-SPF” headers of its own, one for each SPF check. The Courier mail server renames any existing “Received-SPF” header as “Old-Received-SPF”. All “Received-SPF” headers delivered to a local mailbox will always come from the Courier mail server.
The Courier mail server's default
configuration listens on port 25 on all IP addresses. If the
server has more than one IP address, Courier
accepts connections on any IP address.
Adjust the settings in the esmtpd
configuration
file to explicitly list which IP addresses
Courier should listenson.
This also applies to the ESMTP over SSL server on port 465 configured
by esmtpd-ssl
, and the MSA
server on port 587, configured by esmtpd-msa
.
That's for incoming EMSTP. For outgoing ESMTP connections, the Courier mail server does not specify an IP address by default, and lets the server select one. The server selects a default IP address based on a server's network configuration. The selection criteria is platform specific, and is typically based on the system's IP routing tables.
The
ipout
and
ip6out
configuration files set an explicit IP
address for Courier's outgoing connections:
# echo "192.168.0.1" >/etc/courier/ipout # echo "fec0::230:48ff:fec4:429c" >/etc/courier/ip6out
This example specifies 192.168.0.1
as the IP
address to make connections from for IPv4 destinations, and
fec0::230:48ff:fec4:429c
for IPv6 destinations.
If the Courier
mail server runs on a host with two IPv4 addresses,
192.168.0.1
,
192.168.1.1
, the above example uses
192.168.0.1
to send the relayed message to IPv4
destinations even if Courier received the
message from a client that connected to the other addresses.
If the Courier mail server accepts an
ESMTP connection and a message from an authenticated client with
relaying privileges, in a smarthost role, and forwards the message
via ESMTP, Courier normally uses the server's
default IP address, or the one set by
ipout
or ipout6
.
When the Courier mail servers runs on
more than
one IP address, it's possible to selectively
set the outgoing IP address based on which one of those IP addresses
the message was received at.
A simple, basic
configuration forwards the message from the same IP addresses
it was received from, but it doesn't have to be, it can be a different
one.
The first step is to enable a per-message, non-default configuration
settings, like the outgoing IP address, by creating a zero-length
vhost.
file:
ip-address
# touch >/etc/courier/vhost.192.168.0.1 # touch >"/etc/courier/vhost.fec0::230:48ff:fec4:429c"
This enables non-default settings for messages received from a client that connects to one of these IP addresses. These two IP addresses (one IPv4 and one IPv6 address) are, presumably, two of the server's IP addresses. This is not a client's IP address, these are the server's IP addresses. These may be the only two IP addresses the server has, or the server can have more IP addresses, but these are the only two IP addresses for which custom settings get enabled.
One such custom setting would be a different IP address for outgoing connections depending on the IP address of the connection the message was originally received from:
# echo "192.168.0.1" >/etc/courier/ipout.192.168.0.1 # echo "192.168.1.1" >/etc/courier/ipout.192.168.1.1
“ipout.
”
sets the IP address for outgoing connections for messages received
from a client connection to
“address
address
” only.
Just an ipout
applies to all other messages, except
ones which have an ipout.
in existence.
The above example specifies that, on a server with these two IP
addresses, messages received from a client that's connected to either
IP address get forwarded (from a client that normally authenticates
and receives relaying privileges) using a connection from the same
IP address.
If the server has any other IP addresses, the IP address in
address
ipout
takes effect (or the default system-specified
IP address).
For convenience, an empty ipout.
gets interpreted as if it contains
the same address
address
.
The above example is equivalent to:
# touch /etc/courier/ipout.192.168.0.1 # touch /etc/courier/ipout.192.168.1.1
The formal configuration rules are as follows, for a message
received from IP address
“address
”, which may be an
IPv4 or an IPv6 address:
The IPv4 address and the IPv6 address for outgoing ESMTP connections
get specified by the contents of
/etc/courier/ipout.
and
address
/etc/courier/ip6out.
, respectively.
address
If the file exists, but is empty, the same
address
becomes the IP address for the
outgoing connection.
The above rules are in effect only if
/etc/courier/vhost.
exists,
address
If the file does not exist, or if
/etc/courier/vhost.
does not exist, the contents of
address
/etc/courier/ipout
, for IPv4 connections, and
/etc/courier/ip6out
, for IPv6 connections
set the IP address.
Otherwise, the Courier mail server uses the default IP address determined by the system's network configuration.
In
/etc/courier/ipout.
and
address
/etc/courier/ip6out.
,
an address of "0" also specifies the system's default IP address.
address
It is possible for the Courier mail server
to receive a message from an IPv6 connection, and forward it to an
IPv4 address, or vice versa.
The address
portion of
/etc/courier/ipout.
and
address
/etc/courier/ip6out.
,
specifies the IP address the client used to connect to
Courier and may be either an IPv4 or an
IPv6 address, in both cases! For example:
address
# echo "192.168.0.1" >/etc/courier/ipout.192.168.0.1 # echo "fec0::230:48ff:fec4:429c" >/etc/courier/ip6out.192.168.0.1
This means that when a client connects to the
Courier mail server using the IP address
192.168.0.1
and relays a message, if the message
gets forwarded to an IPv4 address,
Courier uses the same IP address,
and if it gets forwarded to an IPv6 address
Courier uses this IPv6 address.
The above also probably means that:
# echo "192.168.0.1" >"/etc/courier/ipout.fec0::230:48ff:fec4:429c" # echo "fec0::230:48ff:fec4:429c" >"/etc/courier/ipout.fec0::230:48ff:fec4:429c"
So if an IPv6 client connects to Courier
on this IPv6 address and relays a message,
Courier uses the same IPv6 address, or
192.168.0.1
depending on the destination.
Notwithstanding the IP address set in an
ipout
or an
ip6out
file, the server's network configuration
must be able to actually establish a network connection to
the destination address from the explicitly specified IP address.
Specifying an explicit IP address for outgoing connections implies
that the IP addresses are fully and globally routable.
Additionally, for all other configuration files described in this
manual page, the Courier mail server uses
“filename.
” if it exists,
in place of
“address
filename
” when processing messages
received from “address”, either an IPv4 or an IPv6
address.
This is used in all contexts where it makes sense to do so:
# echo "relay.example.com" >/etc/courier/me.192.168.0.1 # echo "firewall.example.com" >/etc/courier/me.192.168.1.1
This example specifies “relay.example.com” as the
contents of the me
configuration file,
described earlier in this manual page, when processing messages
received by clients that connect to 192.168.0.1
,
and “firewall.example.com” for processing messages
received by clients that connect to 192.168.1.1
.
“me
”
is the default hostname for
most common Courier mail server configuration
settings, such as the server's name in the ESMTP greeting banner,
what Courier calls itself in the
ESMTP EHLO/HELO commands, and other contexts,
unless overridden by a more specific setting.
The IP address-specific configuration settings get used only in the context of processing messages, and have no impact on other parts of the Courier mail server that do not have a direct relationship to a specific message. One such example would be when Courier authenticates a client's username or password. This is not directly related to any message the client may or may not send after it authenticates, so this happens in exactly the same way no matter which IP address the client connected to.
As described in the previous section,
the existence of vhost.
enables configuration settings only for messages that were received
at one of the IP addresses that the
Courier mail server accepts connections on.
ip-address
It's possible to partially achieve the same end results by creating
vhost.
:
domain
# touch >/etc/courier/vhost.example.com
This enables per-message specific configuration for messages received from authenticated clients whose authenticated ID ends with “@example.com”. If the server has more than one IP address, but, for whatever reason, only receives mail on one of them but wants to use the other one for outgoing mail for this domain:
# echo '192.168.0.1' >/etc/courier/ipout.example.com
This sets this IP address for all outgoing messages with a “@example.com” authenticated client. It's important to note the following limitations:
The Courier authentication library (see installation instructions) must be configured with accounts and mailboxes that follow the “user@domain” format.
Not all configuration settings can be customized in a
.
The trivial example would be the ESMTP server banner.
The mail server emits the banner before it's ready to receive the
first message, so no return address-based customization is
possible, of course, to select an ESMTP server banner.
Additionally, the
“me” configuration setting gets set before the
return address is received, so the contents of a domain-specific
“me” may not be in effect in all contexts.
setting
.domain
Anyone can use any return address they wish. Some mitigation is possible, of course, using measures such as SPF, but it would be mistake to believe that this is much more than just eye candy.
Both an IP address and domain-based “vhost”s are allowed. An IP address-based vhost takes precedence.
Flushing a single message will not work if the message queue is backed up. When that happens, your only available option is to flush the entire queue.
courier start fails if the Courier mail server has detected a fatal operational error. In this situation the top-level courierd daemon sleeps for a minute, before automatically restarting. During this sleep interval courier stop does not work.
cancelmsg(1) , maildirmake(1) , maildrop(1) , preline(1) , sendmail(1) , testmxlookup(1) , dot-courier(5) , authlib(7) , courierfax(8) , courierfilter(8) , filterctl(8) , courierldapaliasd(8) , courierpop3d(8) , courierpop3d(8) , couriertcpd(8) , courieruucp(8) , esmtpd(8) , imapd(8) , localmailfilter(7) , mailq(1) , makeacceptmailfor(8) , makealiases(8) , makehosteddomains(8) , makepercentrelay(8) , makesmtpaccess(8) , makeuserdb(8) , pw2userdb(8) , mkdhparams(8) , mkesmtpdcert(8) , mkimapdcert(8) , pop3d(8) , submit(8) , userdb(8) .