Configuration Directives for the Mithril SMTP Proxy
The SMTP Proxy configuration file is typically
/etc/mithril/smtpcrypt.conf. It is broken into the following sections:
Server
address
The address key indicates an INET address which should be used as
the "backend" of the proxy. The address may contain an
optional port, such as "localhost:10025"; if no port is given,
the standard SMTP port (25) is assumed. Default: none
exec
The exec key indicates a file which should be executed as the
"backend" of the proxy. The executed file should expect to
communicate with the proxy using stdin/stdout.
Note: if both an exec and an address key are given, the exec
key will be used.
Proxy
log
Indicate the destination of logging. The value "stderr" indicates
that logs should be sent to file descriptor 2. The value "syslog"
indicates that logs should be sent to syslog. Any other value
indicates a file to which log entries should be appended.
Default: stderr
greeting
The greeting key allows markup of the initial SMTP greeting. The
string may have at most one instance of the characters "%s" which
will be replaced by the greeting sent by the backend server.
Default: %s
greeting host
The greeting host allows a server to claim to be a different
server (than the backend) in its SMTP greeting. Default: use the
host provided by the backend
tls
This key indicates that level of TLS support by the proxy. The
key may be one of:
disabled
No support is available.
enabled
The STARTTLS extension is advertised and the STARTTLS command
is available.
required
The STARTTLS extension is advertised and the STARTTLS command
is available. No commands (except EHLO, STARTTLS, QUIT, HELP,
and NOOP) may be used without an encryption layer in effect.
Default: disabled
tls cert file
If TLS is supported, this key specifies the location of the
server certificate (otherwise the key is ignored). Default: none
tls key file
If TLS is supported, this key specifies the location of the
server private key (it should be unencrypted). Otherwise,
the key is ignored. If this key is not present, the
tls cert file key is used. Default: none
auth requires tls
If this key is set to '1', then the LOGIN authentication
mechanism will not be available unless an encryption layer is in
effect. If set to '0', clear text login will be allowed.
Default: if stdin is a tty, the default is 0. Otherwise, 1.
secure prefixes
This key should consist of a list of recipient address prefixes,
separated by newlines, that will be recognized as indicating a
message should be sent encrypted (and rejected if this cannot be
accomplished). Default: "secure-"
insecure prefixes
This key should consist of a list of recipient address prefixes,
separated by newlines, that will be recognized as indicating a
message should not be sent encrypted. Default: "insecure-",
"unsecure-"
default is secure
If this key is set to '1', then recipients without address
prefixes will be encrypted if possible and rejected otherwise.
If it is set to '0', then unqualified addresses will be encrypted
if possible, but sent clear text otherwise.
Debug
No documentation is yet available for this section.