1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
|
.TH qmail-remote 8
.SH NAME
qmail-remote \- send mail via SMTP
.SH SYNOPSIS
.B qmail-remote
.I host
.I sender
.I recip
[
.I recip ...
]
.SH DESCRIPTION
.B qmail-remote
reads a mail message from its input
and sends the message
to one or more recipients
at a remote host.
The remote host is
.BR qmail-remote 's
first argument,
.IR host .
.B qmail-remote
sends the message to
.IR host ,
or to a mail exchanger for
.I host
listed in the Domain Name System,
via the Simple Mail Transfer Protocol (SMTP).
.I host
can be either a fully-qualified domain name:
.EX
silverton.berkeley.edu
.EE
or an IP address enclosed in brackets:
.EX
[128.32.183.163]
.EE
The envelope recipient addresses are listed as
.I recip
arguments to
.BR qmail-remote .
The envelope sender address is listed as
.I sender\fP.
Note that
.B qmail-remote
does not take options
and does not follow the
.B getopt
standard.
.SH TRANSPARENCY
End-of-file in SMTP is encoded as dot CR LF.
A dot at the beginning of a line is encoded as dot dot.
It is impossible in SMTP to send a message that does not end with a newline.
.B qmail-remote
converts the UNIX newline convention into the SMTP newline convention
by inserting CR before each LF.
It is a violation of the SMTP protocol
to send a message that contains long lines or non-ASCII characters.
However,
.B qmail-remote
will happily send such messages.
It is the user's responsibility to avoid generating illegal messages.
.SH "RESULTS"
.B qmail-remote
prints some number of
.I recipient reports\fP,
followed by a
.I message report\fR.
Each report is terminated by a 0 byte.
Each report begins with a single letter:
.TP 5
r
Recipient report: acceptance.
.TP 5
h
Recipient report: permanent rejection.
.TP 5
s
Recipient report: temporary rejection.
.TP 5
K
Message report: success.
.I host
has taken responsibility for delivering the message to each
acceptable recipient.
.TP 5
Z
Message report: temporary failure.
.TP 5
D
Message report: permanent failure.
.PP
After this letter comes a human-readable description of
what happened.
The recipient reports will always be printed in the same order as
.BR qmail-remote 's
.I recip
arguments.
Note that in failure cases there may be fewer
recipient reports
than
.I recip
arguments.
.B qmail-remote
always exits zero.
.SH "CONTROL FILES"
.TP 5
.I clientcert.pem
SSL certificate that is used to authenticate with the remote server
during a TLS session.
.TP 5
.I helohost
Current host name,
for use solely in saying hello to the remote SMTP server.
Default:
.IR me ,
if that is supplied;
otherwise
.B qmail-remote
refuses to run.
.TP 5
.I notlshosts/<FQDN>
.B qmail-remote
will not try TLS on servers for which this file exists
.RB ( <FQDN>
is the fully-qualified domain name of the server).
.IR (tlshosts/<FQDN>.pem
takes precedence over this file however).
.TP 5
.I smtproutes
Artificial SMTP routes.
Each route has the form
.IR domain\fB:\fIrelay ,
without any extra spaces.
If
.I domain
matches
.IR host ,
.B qmail-remote
will connect to
.IR relay ,
as if
.I host
had
.I relay
as its only MX.
(It will also avoid doing any CNAME lookups on
.IR recip .)
.I host
may include a colon and a port number to use instead of the
normal SMTP port, 25:
.EX
inside.af.mil:firewall.af.mil:26
.EE
.I relay
may be empty;
this tells
.B qmail-remote
to look up MX records as usual.
.I port
value of 465 (deprecated smtps port) causes TLS session to be started.
.I smtproutes
may include wildcards:
.EX
.af.mil:
:heaven.af.mil
.EE
Here
any address ending with
.B .af.mil
(but not
.B af.mil
itself)
is routed by its MX records;
any other address is artificially routed to
.BR heaven.af.mil .
The
.B qmail
system does not protect you if you create an artificial
mail loop between machines.
However,
you are always safe using
.I smtproutes
if you do not accept mail from the network.
.TP 5
.I timeoutconnect
Number of seconds
.B qmail-remote
will wait for the remote SMTP server to accept a connection.
Default: 60.
The kernel normally imposes a 75-second upper limit.
.TP 5
.I timeoutremote
Number of seconds
.B qmail-remote
will wait for each response from the remote SMTP server.
Default: 1200.
.TP 5
.I tlsclientciphers
A set of OpenSSL client cipher strings. Multiple ciphers
contained in a string should be separated by a colon.
.TP 5
.I tlshosts/<FQDN>.pem
.B qmail-remote
requires TLS authentication from servers for which this file exists
.RB ( <FQDN>
is the fully-qualified domain name of the server). One of the
.I dNSName
or the
.I CommonName
attributes have to match. The file contains the trusted CA certificates.
.B WARNING:
this option may cause mail to be delayed, bounced, doublebounced, or lost.
.TP 5
.I tlshosts/exhaustivelist
if this file exists
no TLS will be tried on hosts other than those for which a file
.B tlshosts/<FQDN>.pem
exists.
.SH "SEE ALSO"
addresses(5),
envelopes(5),
qmail-control(5),
qmail-send(8),
qmail-smtpd(8),
qmail-tcpok(8),
qmail-tcpto(8)
|