From c493a11b449f5071aed9adb34faa3e3dd85ea762 Mon Sep 17 00:00:00 2001 From: "(no author)" <(no author)> Date: Thu, 8 Jul 2004 18:21:20 +0000 Subject: New repository initialized by cvs2svn. --- doc/.cvsignore | 3 - doc/Makefile.am | 3 - doc/proxsmtpd.8 | 213 --------------------------------------------------- doc/proxsmtpd.conf | 52 ------------- doc/proxsmtpd.conf.5 | 177 ------------------------------------------ 5 files changed, 448 deletions(-) delete mode 100644 doc/.cvsignore delete mode 100644 doc/Makefile.am delete mode 100644 doc/proxsmtpd.8 delete mode 100644 doc/proxsmtpd.conf delete mode 100644 doc/proxsmtpd.conf.5 (limited to 'doc') diff --git a/doc/.cvsignore b/doc/.cvsignore deleted file mode 100644 index 9ad01f5..0000000 --- a/doc/.cvsignore +++ /dev/null @@ -1,3 +0,0 @@ -Makefile -Makefile.in -test.conf diff --git a/doc/Makefile.am b/doc/Makefile.am deleted file mode 100644 index 9bc2bb3..0000000 --- a/doc/Makefile.am +++ /dev/null @@ -1,3 +0,0 @@ - -man_MANS = proxsmtpd.8 proxsmtpd.conf.5 -EXTRA_DIST = $(man_MANS) proxsmtpd.conf diff --git a/doc/proxsmtpd.8 b/doc/proxsmtpd.8 deleted file mode 100644 index 9f9f9d0..0000000 --- a/doc/proxsmtpd.8 +++ /dev/null @@ -1,213 +0,0 @@ -.\" -.\" Copyright (c) 2004, Nate Nielsen -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" * Redistributions of source code must retain the above -.\" copyright notice, this list of conditions and the -.\" following disclaimer. -.\" * Redistributions in binary form must reproduce the -.\" above copyright notice, this list of conditions and -.\" the following disclaimer in the documentation and/or -.\" other materials provided with the distribution. -.\" * The names of contributors to this software may not be -.\" used to endorse or promote products derived from this -.\" software without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -.\" "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -.\" LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS -.\" FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -.\" COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, -.\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS -.\" OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED -.\" AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, -.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF -.\" THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH -.\" DAMAGE. -.\" -.\" -.\" CONTRIBUTORS -.\" Nate Nielsen -.\" -.Dd September, 2004 -.Dt proxsmtpd 8 -.Os proxsmtp -.Sh NAME -.Nm proxsmtpd -.Nd an SMTP server for performing filtering -.Sh SYNOPSIS -.Nm -.Op Fl d Ar level -.Op Fl f Ar configfile -.Op Fl p Ar pidfile -.Nm -.Fl v -.Sh DESCRIPTION -.Nm -is an SMTP filter that allows you to perform arbitrary filtering on email. It -accepts SMTP connections and forwards the SMTP commands and responses to another -SMTP server. -.Pp -The DATA email body is intercepted and scanned before forwarding. Email can be -altered, bounced, or silently dropped. -.Pp -.Nm -aims to be lightweight and simple rather than have a myriad of options. The options -it does have are configured by editing the -.Xr proxsmtpd.conf 5 -file. See the man page for -.Xr proxsmtpd.conf 5 -for more info on the default location of the configuration file. -.Sh OPTIONS -The options are as follows. -.Bl -tag -width Fl -.It Fl d -Don't detach from the console and run as a daemon. In addition the -.Ar level -argument specifies what level of error messages to display. 0 being -the least, 4 the most. -.It Fl f -.Ar configfile -specifies an alternate location for the -.Nm -configuration file. See -.Xr proxsmtpd.conf 5 -for more details on where the configuration file is located by default. -.It Fl p -.Ar pidfile -specifies a location for the a process id file to be written to. This file -contains the process id of -.Nm -and can be used to stop the daemon. -.It Fl v -Prints the proxsmtp version number and exits. -.El -.Sh FILTER SCRIPTS -The filter script is specified using the -.Ar FilterCommand -option. By default the email is piped through the script on standard input. -Standard output is read for the filtered email. Standard error is also read -for error messages. -.Pp -If the -.Ar FilterType -option is set to 'file', your filter will operate on a file rather than processing -standard in and standard out. The file name will be passed to your filter -command using the -.Ar EMAIL -environment variable. Your script can change the file as needed. Standard error -is still processed as outlined below. -.Pp -If the filter command returns a successful exit code (ie: 0), then the filtered -email is sent to the destination mail server as usual. When a error exit code -(ie: anything but 0) a failure message is sent back to the sending server. In -this case the email is not sent. -.Pp -You can customize the error message sent back. The last line of output printed -to standard error will be used in this case. If you specify a full SMTP error -code then it will be used (ie: '550 Bad Email'). If it's just a text message -then a 550 SMTP error code will be used. -.Pp -You can silently drop messages by using an error message with a 250 SMTP code. -This gives the illusion to the sending server that the email was accepted. -.Pp -Various environment variables will be present when your script is run. You -may need to escape them properly before use in your favorite scripting -language. Failure to do this could lead to a REMOTE COMPROMISE of your -machine. -.Bl -tag -width Fl -.It Ar CLIENT -The network address of the SMTP client connected. -.It Ar EMAIL -When the -.Ar FilterType -option is set to 'file', this specifies the file that the email was saved to. -.It Ar RECIPIENTS -The email addresses of the email recipients. These are specified one per -line, in standard address format. -.It Ar SENDER -The email address for the sender of the email. -.It Ar SERVER -The network address of the SMTP server we're connected to. -.It Ar TMPDIR -The path to the temp directory in use. This is the same as the -.Ar TempDirectory -option. -.El -.Sh LOGGING -.Nm -logs to -.Xr syslogd -by default under the 'mail' facility. You can also output logs to the console -using the -.Fl d -option. -.Sh LOOPBACK FEATURE -In some cases it's advantageous to consolidate the filtering for several mail -servers on one machine. -.Nm -allows this by providing a loopback feature to connect back to the IP that an -SMTP connection comes in from. -.Pp -To use this feature specify only a port number (no IP address) for the -.Ar OutAddress -setting in the configuration file. This will cause -.Nm -to pass the email back to the said port on the incoming IP address. -.Pp -Make sure the -.Ar MaxConnections -setting is set high enough to handle the mail from all the servers without refusing -connections. -.Sh TRANSPARENT PROXY FEATURE -A transparent proxy is a configuration on a gateway that routes certain types of -traffic through a proxy server without any changes on the client computers. -.Nm -has support for transparent proxying of SMTP traffic by enabling the -.Ar TransparentProxy -setting. This type of setup usually involves firewall rules which redirect traffic to -.Nm -and the setup varies from OS to OS. The SMTP traffic will be forwarded to it's -original destination after being scanned. -.Pp -Note that some features (such as SSL/TLS) will not be available -when going through the transparent proxy. -.Pp -Make sure that the -.Ar MaxConnections -setting is set high enough for your transparent proxying. Because -.Nm -is not being used as a filter inside a queue, which usually throttles the amount -of email going through, this setting may need to be higher than usual. -.Sh SECURITY -There's no reason to run this daemon as root. It is meant as a filter and should -listen on a high TCP port. -.Pp -Care should be taken with the directory that -.Nm -writes its temporary files to. In order to be secure, it should not be a world -writeable location. Specify the directory using the -.Ar TempDirectory -setting. -.Pp -Make sure you understand the issues involved with escaping external data. The -environment variables such as -.Ar SENDER -or -.Ar RECIPIENTS -need to be treated with care. -.Pp -If running -.Nm -on a publicly accessible IP address or without a firewall please be sure to -understand all the possible security issues. This is especially true if the -loopback feature is used (see above). -.Sh SEE ALSO -.Xr proxsmtpd.conf 5 -.Sh AUTHOR -.An Nate Nielsen Aq nielsen@memberwebs.com diff --git a/doc/proxsmtpd.conf b/doc/proxsmtpd.conf deleted file mode 100644 index 2b87e84..0000000 --- a/doc/proxsmtpd.conf +++ /dev/null @@ -1,52 +0,0 @@ -# ------------------------------------------------------------------------------ -# SAMPLE PROXSMTPD CONFIG FILE -# ------------------------------------------------------------------------------ -# -# - Comments are a line that starts with a # -# - All the options are found below with sample settings - - -# The address to send scanned mail to. -# This option is required unless TransparentProxy is enabled -OutAddress: 10026 - -# The Filter Command run for each email. See 'man proxsmtpd' for details -# The following command is a simple which just creates temp files. -#FilterCommand: tee `mktemp -t sample-filter.XXXXXX` - -# The amount of time to wait for data from FilterCommand -#FilterTimeout: 10 - -# The type of filter ('pipe' to pipe data through filter, -# or 'file' to pass a file to the filter) -#FilterType: pipe - -# The maximum number of connection allowed at once. -# Be sure that clamd can also handle this many connections -#MaxConnections: 64 - -# Amount of time (in seconds) to wait on network IO -#TimeOut: 180 - -# A header to add to all scanned email -#Header: X-Filtered: By ProxSMTP - -# Keep Alives (ie: NOOP's to server) -#KeepAlives: 0 - -# Send XCLIENT commands to receiving server -#XClient: off - -# Address to listen on (defaults to all local addresses on port 10025) -#Listen: 0.0.0.0:10025 - -# Directory for temporary files -#TempDirectory: /tmp - -# Enable transparent proxy support -#TransparentProxy: off - -# User to switch to -#User: nobody - - diff --git a/doc/proxsmtpd.conf.5 b/doc/proxsmtpd.conf.5 deleted file mode 100644 index 916bc7b..0000000 --- a/doc/proxsmtpd.conf.5 +++ /dev/null @@ -1,177 +0,0 @@ -.\" -.\" Copyright (c) 2004, Nate Nielsen -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" * Redistributions of source code must retain the above -.\" copyright notice, this list of conditions and the -.\" following disclaimer. -.\" * Redistributions in binary form must reproduce the -.\" above copyright notice, this list of conditions and -.\" the following disclaimer in the documentation and/or -.\" other materials provided with the distribution. -.\" * The names of contributors to this software may not be -.\" used to endorse or promote products derived from this -.\" software without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -.\" "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -.\" LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS -.\" FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -.\" COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, -.\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS -.\" OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED -.\" AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, -.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF -.\" THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH -.\" DAMAGE. -.\" -.\" -.\" CONTRIBUTORS -.\" Nate Nielsen -.\" -.Dd September, 2004 -.Dt proxsmtpd.conf 5 -.Os proxsmtp -.Sh NAME -.Nm proxsmtpd.conf -.Nd the configuration file for -.Xr proxsmtpd 8 -.Sh DESCRIPTION -.Xr proxsmtpd 8 -reads a configuration file when starting up. The location of the file is dependent -on how you compiled proxsmtp but it should usually be in either the -.Pa /usr/local/etc/ -or -.Pa /etc/ -directories. If -.Xr proxsmtpd 8 -does not find its configuration file it'll print a warning when it starts up along -with the location it's expecting to find it in. You can also specify a different -location for a config file by passing the -.Fl f -argument to -.Xr proxsmtpd 8 -.Pp -The settings are specified one per line. The setting names come first, followed -by a colon and then the value. Comments start with the '#' character on a line -of their own. Whitespace is ignored at the beginning of line, end of line and -around the colons. -.Pp -A sample configuration file can be found in the -.Pa doc/ -directory of the proxsmtp distribution. -.Sh SETTINGS -The various settings are as follows: -.Bl -tag -width Fl -.It Ar FilterCommand -This is the command used to filter email through. If not specified then no -filtering will be done. Specify all the arguments the command needs as you -would on a command-line. -.Pp -[ Default: no filtering ] -.It Ar FilterTimeout -The amount of time in seconds to wait for the -.Ar FilterCommand -to process email data. -.Pp -[ Default: 30 seconds ] -.It Ar FilterType -When set to 'pipe' the email data is piped through the -.Ar FilterCommand -using standard in and standard out. When set to 'file' the email data is saved -to a file and the file name is passed to the -.Ar FilterCommand -using the -.Ar EMAIL -environment variable. -.Pp -[ Default: pipe ] -.It Ar Header -A header to add to scanned messages. Put an empty value to suppress adding -a header. You can include the following special formatting characters in the -string to include special values: -.Bl -inset -.It Ar %i -Client IP Address -.It Ar %l -Local IP Address -.It Ar %d -Current Date -.El -.Pp -You can also include the standard \\r or \\n escapes. -.Pp -[ Optional ] -.It Ar KeepAlives -On slow connections the server will sometimes timeout before -.Xr proxsmtpd 8 -is finished filtering the file. This option sends NOOP's to the server -to keep the connection alive. Specify the number of seconds, or 0 -to disable. -.Pp -[ Default: 0 ] -.It Ar Listen -The address and port to listen for SMTP connections on. See syntax of -addresses below. -.Pp -[ Default: port 10025 on all local IP addresses ] -.It Ar MaxConnections -Specifies the maximum number of connections to accept at once. -.Pp -[ Default: 64 ] -.It Ar OutAddress -The address of the SMTP server to send email to once it's been scanned. See -syntax of addreses below. -.Pp -[ Required ] -.It Ar TempDirectory -The directory to write temp files to. -.Pp -[ Default: -.Pa /tmp -] -.It Ar TimeOut -The number of seconds to wait while reading data from network connections. -.Pp -[ Default: 180 seconds ] -.It Ar TransparentProxy -This option enables transparent proxy support, which allows you to route all -SMTP traffic that's going through a gateway through proxsmtp which will then -send it on to its final destination. This setup usually involves firewall -rules which redirect traffic to proxsmtp, and the setup varies from OS to OS. -.Pp -[ Default: off ] -.It Ar User -The user to run as. If this option is specified then -.Xr proxsmtpd 8 -must be started as root. It will then drop root privileges and run as the -specified user. The user can either be a name or a numerical user id. -.Pp -[ Optional ] -.It Ar XClient -Send an XCLIENT command to the receiving server. This is useful for forwarding -client addresses and connection info to servers that support this feature. -.Pp -[ Default: off ] -.El -.Sh ADDRESSES -Addresses can be specified in multiple formats: -.Bl -bullet -.It -Unix local addresses can be specified by specifying their full path. -(ie: '/var/run/socket'). -.It -IP addresses can be specified using dotted notation with a colon before -the port number (ie: '127.0.0.1:3310'). -.It -IPv6 addresses are implemented but disabled. The code needs testing. -.El -.Sh SEE ALSO -.Xr proxsmtpd 8 -.Sh AUTHOR -.An Nate Nielsen Aq nielsen@memberwebs.com -- cgit v1.2.3