comparison man/masqmail.route.5 @ 223:9814e75de61c

updated docs to STARTTLS wrappers
author meillo@marmaro.de
date Fri, 23 Jul 2010 11:18:20 +0200
parents 8cddc65765bd
children 9397d10fd771
comparison
equal deleted inserted replaced
222:8cddc65765bd 223:9814e75de61c
78 78
79 If this is set, masqmail does not wait for the greeting of the SMTP server 79 If this is set, masqmail does not wait for the greeting of the SMTP server
80 after opening the connection. 80 after opening the connection.
81 Instead it says EHLO right away (ESMTP is assumed). 81 Instead it says EHLO right away (ESMTP is assumed).
82 Use this option with wrappers that eat the 220 greeting of the SMTP server. 82 Use this option with wrappers that eat the 220 greeting of the SMTP server.
83 Common examples are STARTTLS wrappers, like `openssl -starttls smtp ...'. 83 Common examples are STARTTLS wrappers, like `openssl s_client -starttls smtp ...'.
84 84
85 If this option is set and a 220 greeting is received though, 85 If this option is set and a 220 greeting is received though,
86 everything should still work. 86 everything should still work.
87 Please don't rely on that and keep in mind that RFC 2821 says that the client 87 Please don't rely on that and keep in mind that RFC 2821 says that the client
88 SHOULD wait for the 220 greeting of the server. 88 SHOULD wait for the 220 greeting of the server.
186 This is similar to \fBset_h_from_domain\fR, but more flexible. 186 This is similar to \fBset_h_from_domain\fR, but more flexible.
187 Set this to a list which maps local parts to a full RFC 822 compliant email address, 187 Set this to a list which maps local parts to a full RFC 822 compliant email address,
188 the local parts (the keys) are separated from the addresses (the values) by colons (`:'). 188 the local parts (the keys) are separated from the addresses (the values) by colons (`:').
189 189
190 Example: 190 Example:
191 191 .nf
192 map_h_from_addresses = "john: John Smith <jsmith@mail.academic.edu>; charlie: Charlie Miller <cmiller@mx.commercial.com>" 192 map_h_from_addresses = "john: John Smith <jsmith@mail.academic.edu>; charlie: Charlie Miller <cmiller@mx.commercial.com>"
193 .fi
193 194
194 You can use patterns, eg. * as keys. 195 You can use patterns, eg. * as keys.
195 196
196 .TP 197 .TP
197 \fBmap_h_reply_to_addresses\fR = \fIlist\fR 198 \fBmap_h_reply_to_addresses\fR = \fIlist\fR
212 the local parts (the keys) are separated from the addresses (the values) by colons (`:'). 213 the local parts (the keys) are separated from the addresses (the values) by colons (`:').
213 Note that this option takes RFC 821 addresses while \fBmap_h_from_addresses\fR takes RFC 822 addresses. 214 Note that this option takes RFC 821 addresses while \fBmap_h_from_addresses\fR takes RFC 822 addresses.
214 The most important difference is that RFC 821 addresses have no full name. 215 The most important difference is that RFC 821 addresses have no full name.
215 216
216 Example: 217 Example:
217 218 .nf
218 map_return_path_addresses = "john: <jsmith@mail.academic.edu>; charlie: <cmiller@mx.commercial.com>" 219 map_return_path_addresses = "john: <jsmith@mail.academic.edu>; charlie: <cmiller@mx.commercial.com>"
220 .fi
219 221
220 You can use patterns, eg. * as keys. 222 You can use patterns, eg. * as keys.
221 223
222 .TP 224 .TP
223 \fBexpand_h_sender_address\fR = \fIboolean\fR 225 \fBexpand_h_sender_address\fR = \fIboolean\fR
273 275
274 If set, instead of opening a connection to a remote server, 276 If set, instead of opening a connection to a remote server,
275 \fIcommand\fR will be called and all traffic will be piped to its stdin and from its stdout. 277 \fIcommand\fR will be called and all traffic will be piped to its stdin and from its stdout.
276 Purpose is to tunnel ip traffic, eg. for ssl. 278 Purpose is to tunnel ip traffic, eg. for ssl.
277 279
278 Example for ssl tunneling: 280 Example for SMTP over SSL tunneling:
279 281 .nf
280 wrapper="/usr/bin/openssl s_client \-quiet \-connect mail.gmx.net:465 2>/dev/null" 282 wrapper="/usr/bin/openssl s_client \-quiet \-connect mail.gmx.net:465 2>/dev/null"
281 283 .fi
282 Note: The above line works with masqmail, 284
283 but listening on Port 465 for SSL-encrypted connections is deprecated. 285 SMTP over SSL is supported since masqmail-0.1.8.
284 The modern way is STARTTLS (RFC-3207). 286 It is marked obsolete by the IETF but is still in use.
285 This could be covered by the following command. 287
286 Unfortunately, masqmail doesn't support that yet (as of 0.2.25). 288
287 289 Example for encryption with STARTTLS (RFC-3207):
290 .nf
291 # don't forget the instant_helo, otherwise it won't work
292 instant_helo=true
288 wrapper="/usr/bin/openssl s_client \-quiet \-starttls smtp \-connect mail.gmx.net:25 2>/dev/null" 293 wrapper="/usr/bin/openssl s_client \-quiet \-starttls smtp \-connect mail.gmx.net:25 2>/dev/null"
294 .fi
295
296 This is supported since masqmail-0.2.28.
297 STARTTLS supersedes SMTP over SSL.
289 298
290 Note for openssl: 299 Note for openssl:
291 Ensure that stderr is redirected. 300 Ensure that stderr is redirected.
292 Do *not* use \-crlf in the wrapper command, because masqmail does already insert CRLF. 301 Do *not* use \-crlf in the wrapper command, because masqmail does already insert CRLF.
293 However, you might want to specify \-crlf if you want to test your wrapper command 302 However, you might want to specify \-crlf if you want to test your wrapper command