smtpd – SMTP listener configuration


The SMTP daemon of mail(1) implements the slave side of the SMTP protocol to accept incoming mail on TCP port 25. In general, smtpd’s default parameters are sufficient for internal systems on protected networks, but external or gateway systems require additional security mechanisms. The files /mail/lib/smtpd.conf, containing configuration parameters, and /mail/lib/blocked, containing banished addresses, provide the means to exercise these facilities.

Input Format

In both files input lines consist of a verb followed by one or more parameters. These tokens are separated by white space or commas and all characters following a # are comments. A # cannot be escaped. Continuation lines are not supported, but verbs that take multiple parameters can be restated on many lines and the associated parameters accumulate into a single set. All token processing is case-insensitive.

Many parameters are addresses, either numeric IP addresses in CIDR notation or a sender address in UUCP-style format.

An IP address in CIDR notation has the form


consisting of a four octet IP address, a slash, and a mask length specifying the number of significant high-order bits. The lower the mask length, the larger the range of addresses covered by the CIDR address; see RFC 1878 for a discussion of mask lengths. Missing low-order octets are assumed to be zero. If a mask length is not given, a mask length of 16, 24, or 32 is assumed for addresses containing two, three, or four octets, respectively. These mask lengths select a class B, class C or Class D address block. Notice that this convention differs from the standard treatment, where the default mask length depends on the allocation class of the network block containing the address.

Sender addresses are specified in UUCP notation as follows:


It is seldom necessary to specify more than one domain. When domain is missing or *, the address selects the specified user in all domains. A domain of the form *.domain selects the domain and all of its sub-domains. For example,!user only matches the account user in domain, while *!user selects that account in and all of its sub-domains. When user is omitted or *, the address selects all users in the specified domain. Finally, when * is the last character of the user name it is a wild-card matching all user names beginning with user. This limited pattern matching capability should be used with care. For safety, the sender addresses *, !, *!, !* and *!* are ignored.


This file contains configuration options and parameters describing the local domain. Many of the options can also be specified on the command line; command line options always override the values in this file. Configuration options are:

defaultdomain domain

The name of the local domain; it is appended to addresses lacking a domain qualification. This is identical to the -h command line option.  

norelay [on|off]

If on is specified, relaying is prohibited from unauthorized networks to external domains. Authorized networks and domains must be specified by the ournets and ourdomains verbs described below. Setting this option on is equivalent to specifying the -f command line flag, but the list of networks and domains can only be specified in this file.  

verifysenderdom [on|off]

When on, smtpd verifies that the first domain of the sender’s address exists. The test is cursory; it checks only that there is a DNS delegation for the domain. Setting the option on is equivalent to specifying the -r command line option and is useful for detecting some unreturnable messages as well as messages with randomly generated domain names.  

saveblockedmsg [on|off]

When on, causes copies of blocked messages to be saved in subdirectories of /mail/queue.dump. Directories are named with the date and file names are random numbers. If this option is off blocked messages are discarded. Setting this option on is equivalent to specifying the -s command line option.  

ournets IP address [, IP address, ..., IP address]

This option specifies trusted source networks that are allowed to relay mail to external domains. These are usually the internal networks of the local domain, but they can also include friendly external networks. Addresses are in CIDR notation.  

ourdomains domain [, domain, ..., domain]

This option specifies destination domains that are allowed to receive relayed mail. These are usually the domains served by a gateway system. Domain specifications conform to the format for sender addresses given above.  

When the norelay option is enabled or the -f command line option given, relaying is allowed only if the source IP address is in ournets or the destination domain is specified in ourdomains.

Blocked Addresses

Smtpd consults /mail/ratify (see ratfs(4)) for a list of banned addresses. Messages received from these addresses are rejected with a 5xx-series SMTP error code. There is no option to turn blocking on or off; if /mail/ratify is mounted, smtpd will use it, even for connections from trusted networks.

The command line format and address specifications conform to the notation described above. If the parameters of the verb is sender addresses in UUCP format, the line must begin with an * character; if the parameters are one or more IP addresses, the * must precede the verb. Most verbs cause messages to be rejected; verbs of this class generally select different error messages. The remaining verbs specify addresses that are always accepted, in effect overriding blocked addresses. The file is processed in order, so an override must precede its associated blocked address. Supported verbs are:

dial IP address [,..., IP address]

The parameters are IP addresses associated with dial-up ports. The rejection message states that connections from dial-up ports are not accepted. Copies of messages are never saved.  

block address [, ... address]

Messages from addresses matching the parameters are rejected with an error message saying that spam is not accepted. The message is saved if the option is enabled.  

relay address [, ... address]

This verb is identical to block, but the error message states that the message is rejected because the sending system is being used as a spam relay.  

deny address [, ... address]

The deny command rejects a message when the sender address matches one of its parameters. The rejection message asks the sender to contact postmaster@ hostdomain for further information. This verb is usually used to block inadvertently abusive traffic, for example, mail loops and stuck senders. Messages are never saved.  

allow address [, ... address]

The allow verb negates the effect of subsequent blocking commands. It is useful when a large range of addresses contains a few legitimate addresses, for example, when a mail server is in a Class C network block of modem ports. Rather than enumerate the dial ports, it is easier to block the entire Class C with a dial command, and precede it with an override for the address of the mail server. Similarly, it is possible to block mail from an entire domain while accepting mail from a few friendly senders in the domain. The verb accept is a synonym for allow.  

Scanmail(8) describes spam detection software that works well with the capabilities described here and mail(1) defines additional smtpd command line arguments applicable to exposed systems.


mail(1), ratfs(4), scanmail(8)