emailrelay/doc/emailrelay-man.html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE>Man page of EMAILRELAY</TITLE>
</HEAD><BODY>
<H1>EMAILRELAY</H1>
Section: User Commands  (1)<BR>Updated: local<BR><A HREF="#index">Index</A>
<A HREF="../index.html">Return to Main Contents</A><HR>

<A NAME="lbAB">&nbsp;</A>
<H2>NAME</H2>

emailrelay - e-mail transfer agent and proxy
<A NAME="lbAC">&nbsp;</A>
<H2>SYNOPSIS</H2>

<B>emailrelay</B>

[OPTIONS]
<P>

<B>emailrelay</B>

--as-server
<P>

<B>emailrelay</B>

--as-client
<I>server-address</I>

<P>

<B>emailrelay</B>

--as-proxy
<I>server-address</I>

<A NAME="lbAD">&nbsp;</A>
<H2>DESCRIPTION</H2>

<I>emailrelay</I>

is a simple SMTP proxy and store-and-forward message transfer agent.
It does store-and-forward mail relay to a fixed next-hop server, without
any routing.
<P>

It runs in two main modes: a storage daemon
(<I>--as-server</I>)

and a forwarding
agent
(<I>--as-client</I>).

The storage daemon is an SMTP server which stores e-mail
messages in a local spool directory. The forwarding agent acts as an
SMTP client sending the spooled e-mail messages on to the next
SMTP server in the chain.
<P>

It can also run in a third mode, as a proxy server
(<I>--as-proxy</I>).

In this mode all e-mail messages are spooled temporarily while the
client is connected and forwarded as soon as the client
disconnects.
<A NAME="lbAE">&nbsp;</A>
<H2>OPTIONS</H2>

<DL COMPACT>
<DT><B>--address-verifier </B><I>&lt;program&gt;</I>

<DD>
Runs the specified external program to verify a message recipent's e-mail address. A network verifier can be specified as <I>net:&lt;transport-address&gt;</I>.
<DT><B>-a, --admin </B><I>&lt;admin-port&gt;</I>

<DD>
Enables an administration interface on the specified listening port number. Use telnet or something similar to connect. The administration interface can be used to trigger forwarding of spooled mail messages if the <I>--forward-to</I> option is used.
<DT><B>-Q, --admin-terminate</B>

<DD>
Enables the <I>terminate</I> command in the administration interface.
<DT><B>-A, --anonymous</B>

<DD>
Disables the server's SMTP VRFY command, sends less verbose SMTP responses and SMTP greeting, and stops <I>Received</I> lines being added to mail message content files.
<DT><B>-q, --as-client </B><I>&lt;host:port&gt;</I>

<DD>
This is equivalent to <I>--log</I>, <I>--no-syslog</I>, <I>--no-daemon</I>, <I>--dont-serve</I>, <I>--forward</I> and <I>--forward-to</I>. It is a convenient way of running a forwarding agent that forwards spooled mail messages and then terminates.
<DT><B>-y, --as-proxy </B><I>&lt;host:port&gt;</I>

<DD>
This is equivalent to <I>--log</I>, <I>--close-stderr</I>, <I>--forward-on-disconnect</I> and <I>--forward-to</I>. It is a convenient way of running a store-and-forward daemon. Use <I>--log</I>, <I>--forward-on-disconnect</I> and <I>--forward-to</I> instead of <I>--as-proxy</I> to keep the standard error stream open.
<DT><B>-d, --as-server</B>

<DD>
This is equivalent to <I>--log</I> and <I>--close-stderr</I>. It is a convenient way of running a background storage daemon that accepts mail messages and spools them. Use <I>--log</I> instead of <I>--as-server</I> to keep standard error stream open.
<DT><B>-C, --client-auth </B><I>&lt;file&gt;</I>

<DD>
Enables SMTP client authentication with the remote server, using the client account details taken from the specified secrets file. The secrets file should normally contain one line that starts with <I>client</I> and that line should have between four and five space-separated fields; the second field is the password encoding (<I>plain</I> or <I>md5</I>), the third is the user-id and the fourth is the password. The user-id is RFC-1891 xtext encoded, and the password is either xtext encoded or generated by <I>emailrelay-passwd</I>. If the remote server does not support SMTP authentication then the SMTP connection will fail.
<DT><B>--client-auth-config </B><I>&lt;config&gt;</I>

<DD>
Configures the SMTP client authentication module using a semicolon-separated list of configuration items. Each item is a single-character key, followed by a colon and then a comma-separated list. A 'm' character introduces an ordered list of authentication mechanisms, and an 'x' is used for blocklisted mechanisms.
<DT><B>-Y, --client-filter </B><I>&lt;program&gt;</I>

<DD>
Runs the specified external filter program whenever a mail message is forwarded. The filter is passed the name of the message file in the spool directory so that it can edit it as required. A network filter can be specified as <I>net:&lt;transport-address&gt;</I> and prefixes of <I>spam:</I>, <I>spam-edit:</I> and <I>exit:</I> are also allowed. The <I>spam:</I> and <I>spam-edit:</I> prefixes require a SpamAssassin daemon to be running. For store-and-forward applications the <I>--filter</I> option is normally more useful than <I>--client-filter</I>.
<DT><B>-6, --client-interface </B><I>&lt;ip-address&gt;</I>

<DD>
Specifies the IP network address to be used to bind the local end of outgoing SMTP connections. By default the address will depend on the routing tables in the normal way. Use <I>0.0.0.0</I> to use only IPv4 addresses returned from DNS lookups of the <I>--forward-to</I> address, or <I>::</I> for IPv6.
<DT><B>-j, --client-tls</B>

<DD>
Enables negotiated TLS for outgoing SMTP connections; the SMTP STARTTLS command will be issued if the remote server supports it.
<DT><B>--client-tls-certificate </B><I>&lt;pem-file&gt;</I>

<DD>
Defines the TLS certificate file when acting as a SMTP client. This file must contain the client's private key and certificate chain using the PEM file format. Alternatively, use this option twice with the first one specifying the key file and the second the certificate file. Keep the file permissions tight to avoid accidental exposure of the private key.
<DT><B>-b, --client-tls-connection</B>

<DD>
Enables the use of a TLS tunnel for outgoing SMTP connections. This is for SMTP over TLS (SMTPS), not TLS negotiated within SMTP using STARTTLS.
<DT><B>--client-tls-required</B>

<DD>
Makes the use of TLS mandatory for outgoing SMTP connections. The SMTP STARTTLS command will be used before mail messages are sent out. If the remote server does not allow STARTTLS then the SMTP connection will fail.
<DT><B>--client-tls-server-name </B><I>&lt;hostname&gt;</I>

<DD>
Defines the target server hostname in the TLS handshake. With <I>--client-tls-connection</I> this can be used for SNI, allowing the remote server to adopt an appropriate identity.
<DT><B>--client-tls-verify </B><I>&lt;ca-list&gt;</I>

<DD>
Enables verification of the remote SMTP server's certificate against any of the trusted CA certificates in the specified file or directory. In many use cases this should be a file containing just your self-signed root certificate. Specify <I>&lt;default&gt;</I> for the TLS library's default set of trusted CAs.
<DT><B>--client-tls-verify-name </B><I>&lt;cname&gt;</I>

<DD>
Enables verification of the CNAME within the remote SMTP server's certificate.
<DT><B>-e, --close-stderr</B>

<DD>
Causes the standard error stream to be closed soon after start-up. This is useful when operating as a background daemon and it is therefore implied by <I>--as-server</I> and <I>--as-proxy</I>.
<DT><B>-U, --connection-timeout </B><I>&lt;time&gt;</I>

<DD>
Specifies a timeout (in seconds) for establishing a TCP connection to remote SMTP servers. The default is 40 seconds.
<DT><B>-g, --debug</B>

<DD>
Enables debug level logging, if built in. Debug messages are usually only useful when cross-referenced with the source code and they may expose plaintext passwords and mail message content.
<DT><B>--dnsbl </B><I>&lt;config&gt;</I>

<DD>
Specifies a list of DNSBL servers that are used to reject SMTP connections from blocked addresses. The configuration string is made up of comma-separated fields: the DNS server's transport address, a timeout in milliseconds, a rejection threshold, and then the list of DNSBL servers.
<DT><B>-D, --domain </B><I>&lt;fqdn&gt;</I>

<DD>
Specifies the network name that is used in SMTP EHLO commands, <I>Received</I> lines, and for generating authentication challenges. The default is derived from a DNS lookup of the local hostname.
<DT><B>-x, --dont-serve</B>

<DD>
Disables all network serving, including SMTP, POP and administration interfaces. The program will terminate as soon as any initial forwarding is complete.
<DT><B>-z, --filter </B><I>&lt;program&gt;</I>

<DD>
Runs the specified external filter program whenever a mail message is stored. The filter is passed the name of the message file in the spool directory so that it can edit it as required. The mail message is rejected if the filter program terminates with an exit code between 1 and 99. Use <I>net:&lt;transport-address&gt;</I> to communicate with a filter daemon over the network, or <I>spam:&lt;transport-address&gt;</I> for a spamassassin spamd daemon to accept or reject mail messages, or <I>spam-edit:&lt;transport-address&gt;</I> to have spamassassin edit the message content without rejecting it, or <I>exit:&lt;number&gt;</I> to emulate a filter program that just exits.
<DT><B>-W, --filter-timeout </B><I>&lt;time&gt;</I>

<DD>
Specifies a timeout (in seconds) for running a <I>--filter</I> program. The default is 300 seconds.
<DT><B>-f, --forward</B>

<DD>
Causes spooled mail messages to be forwarded when the program first starts.
<DT><B>-1, --forward-on-disconnect</B>

<DD>
Causes spooled mail messages to be forwarded whenever a SMTP client connection disconnects.
<DT><B>-o, --forward-to </B><I>&lt;host:port&gt;</I>

<DD>
Specifies the transport address of the remote SMTP server that is use for mail message forwarding.
<DT><B>--forward-to-some</B>

<DD>
Allow forwarding to continue even if some recipient addresses on an e-mail envelope are rejected by the remote server.
<DT><B>-h, --help</B>

<DD>
Displays help text and then exits. Use with <I>--verbose</I> for more complete output.
<DT><B>-H, --hidden</B>

<DD>
Windows only. Hides the application window and disables all message boxes, overriding any <I>--show</I> option. This is useful when running as a windows service.
<DT><B>--idle-timeout </B><I>&lt;time&gt;</I>

<DD>
Specifies a timeout (in seconds) for receiving network traffic from remote SMTP and POP clients. The default is 1800 seconds.
<DT><B>-m, --immediate</B>

<DD>
Causes mail messages to be forwarded as they are received, even before they have been accepted. This can be used to do proxying without store-and-forward, but in practice clients tend to to time out while waiting for their mail message to be accepted.
<DT><B>-I, --interface </B><I>&lt;ip-address-list&gt;</I>

<DD>
Specifies the IP network addresses or interface names used to bind listening ports. By default listening ports for incoming SMTP, POP and administration connections will bind the 'any' address for IPv4 and for IPv6, ie. <I>0.0.0.0</I> and <I>::</I>. Multiple addresses can be specified by using the option more than once or by using a comma-separated list. Use a prefix of <I>smtp=</I>, <I>pop=</I> or <I>admin=</I> on addresses that should apply only to those types of listening port. Any link-local IPv6 addresses must include a zone name or scope id.  Interface names can be used instead of addresses, in which case all the addresses associated with that interface at startup will used for listening. When an interface name is decorated with a <I>-ipv4</I> or <I>-ipv6</I> suffix only their IPv4 or IPv6 addresses will be used (eg. <I>ppp0-ipv4</I>).
<DT><B>--localedir </B><I>&lt;dir&gt;</I>

<DD>
Enables localisation and specifies the locale base directory where message catalogues can be found. An empty directory can be used for the built-in default.
<DT><B>-l, --log</B>

<DD>
Enables logging to the standard error stream and to the syslog. The <I>--close-stderr</I> and <I>--no-syslog</I> options can be used to disable output to standard error stream and the syslog separately. Note that <I>--as-server</I>, <I>--as-client</I> and <I>--as-proxy</I> imply <I>--log</I>, and <I>--as-server</I> and <I>--as-proxy</I> also imply <I>--close-stderr</I>.
<DT><B>--log-address</B>

<DD>
Adds the network address of remote clients to the logging output.
<DT><B>-N, --log-file </B><I>&lt;file&gt;</I>

<DD>
Redirects standard-error logging to the specified file. Logging to the log file is not affected by <I>--close-stderr</I>. The filename can include <I>%d</I> to get daily log files; the <I>%d</I> is replaced by the current date in the local timezone using a <I>YYYYMMDD</I> format.
<DT><B>-L, --log-time</B>

<DD>
Adds a timestamp to the logging output using the local timezone.
<DT><B>-t, --no-daemon</B>

<DD>
Disables the normal backgrounding at startup so that the program runs in the foreground, without forking or detaching from the terminal.  On Windows this disables the system tray icon so the program uses a normal window; when the window is closed the program terminates.
<DT><B>-X, --no-smtp</B>

<DD>
Disables listening for incoming SMTP connections.
<DT><B>-n, --no-syslog</B>

<DD>
Disables logging to the syslog. Note that <I>--as-client</I> implies <I>--no-syslog</I>.
<DT><B>-i, --pid-file </B><I>&lt;pid-file&gt;</I>

<DD>
Causes the process-id to be written into the specified file when the program starts up, typically after it has become a background daemon.
<DT><B>-O, --poll </B><I>&lt;period&gt;</I>

<DD>
Causes forwarding of spooled mail messages to happen at regular intervals (with the time given in seconds).
<DT><B>-B, --pop</B>

<DD>
Enables the POP server listening, by default on port 110, providing access to spooled mail messages. Negotiated TLS using the POP <I>STLS</I> command will be enabled if the <I>--server-tls</I> option is also given.
<DT><B>-F, --pop-auth </B><I>&lt;file&gt;</I>

<DD>
Specifies a file containing valid POP account details. The file format is the same as for the SMTP server secrets file, ie. lines starting with <I>server</I>, with user-id and password in the third and fourth fields. A special value of <I>/pam</I> can be used for authentication using linux PAM.
<DT><B>-J, --pop-by-name</B>

<DD>
Modifies the spool directory used by the POP server to be a sub-directory with the same name as the POP authentication user-id. This allows multiple POP clients to read the spooled messages without interfering with each other, particularly when also using <I>--pop-no-delete</I>. Content files can stay in the main spool directory with only the envelope files copied into user-specific sub-directories. The <I>emailrelay-filter-copy</I> program is a convenient way of doing this when run via <I>--filter</I>.
<DT><B>-G, --pop-no-delete</B>

<DD>
Disables the POP DELE command so that the command appears to succeed but mail messages are not deleted from the spool directory.
<DT><B>-E, --pop-port </B><I>&lt;port&gt;</I>

<DD>
Sets the POP server's listening port number.
<DT><B>-p, --port </B><I>&lt;port&gt;</I>

<DD>
Sets the port number used for listening for incoming SMTP connections.
<DT><B>-w, --prompt-timeout </B><I>&lt;time&gt;</I>

<DD>
Specifies a timeout (in seconds) for getting the initial prompt from a remote SMTP server. If no prompt is received after this time then the SMTP dialog goes ahead without it.
<DT><B>-r, --remote-clients</B>

<DD>
Allows incoming connections from addresses that are not local. The default behaviour is to reject connections that are not local in order to prevent accidental exposure to the public internet, although a firewall should also be used. Local address ranges are defined in RFC-1918, RFC-6890 etc.
<DT><B>-T, --response-timeout </B><I>&lt;time&gt;</I>

<DD>
Specifies a timeout (in seconds) for getting responses from remote SMTP servers. The default is 1800 seconds.
<DT><B>-S, --server-auth </B><I>&lt;file&gt;</I>

<DD>
Enables SMTP server authentication of remote SMTP clients. Account names and passwords are taken from the specified secrets file. The secrets file should contain lines that have four space-separated fields, starting with <I>server</I> in the first field; the second field is the password encoding (<I>plain</I> or <I>md5</I>), the third is the client user-id and the fourth is the password. The user-id is RFC-1891 xtext encoded, and the password is either xtext encoded or generated by <I>emailrelay-passwd</I>. A special value of <I>/pam</I> can be used for authentication using linux PAM.
<DT><B>--server-auth-config </B><I>&lt;config&gt;</I>

<DD>
Configures the SMTP server authentication module using a semicolon-separated list of configuration items. Each item is a single-character key, followed by a colon and then a comma-separated list. A 'm' character introduces a preferred sub-set of the built-in authentication mechanisms, and an 'x' is used for blocklisted mechanisms.
<DT><B>-K, --server-tls</B>

<DD>
Enables TLS for incoming SMTP and POP connections. SMTP clients can then request TLS encryption by issuing the STARTTLS command. The <I>--server-tls-certificate</I> option must be used to define the server certificate.
<DT><B>--server-tls-certificate </B><I>&lt;pem-file&gt;</I>

<DD>
Defines the TLS certificate file when acting as a SMTP or POP server. This file must contain the server's private key and certificate chain using the PEM file format. Alternatively, use this option twice with the first one specifying the key file and the second the certificate file. Keep the file permissions tight to avoid accidental exposure of the private key.
<DT><B>--server-tls-connection</B>

<DD>
Enables SMTP over TLS when acting as an SMTP server. This is for SMTP over TLS (SMTPS), not TLS negotiated within SMTP using STARTTLS.
<DT><B>--server-tls-required</B>

<DD>
Makes the use of TLS mandatory for any incoming SMTP and POP connections. SMTP clients must use the STARTTLS command to establish a TLS session before they can issue SMTP AUTH or SMTP MAIL-TO commands.
<DT><B>--server-tls-verify </B><I>&lt;ca-list&gt;</I>

<DD>
Enables verification of remote SMTP and POP clients' certificates against any of the trusted CA certificates in the specified file or directory. In many use cases this should be a file containing just your self-signed root certificate. Specify <I>&lt;default&gt;</I> for the TLS library's default set of trusted CAs.
<DT><B>-M, --size </B><I>&lt;bytes&gt;</I>

<DD>
Limits the size of mail messages that can be submitted over SMTP.
<DT><B>-s, --spool-dir </B><I>&lt;dir&gt;</I>

<DD>
Specifies the directory used for holding mail messages that have been received but not yet forwarded.
<DT><B>-k, --syslog, --syslog=</B><I>&lt;facility&gt;</I>

<DD>
When used with <I>--log</I> this option enables logging to the syslog even if the <I>--no-syslog</I> option is also used. This is typically used as a convenient override when using <I>--as-client</I>.
<DT><B>-9, --tls-config </B><I>&lt;options&gt;</I>

<DD>
Selects and configures the low-level TLS library, using a comma-separated list of keywords. If OpenSSL and mbedTLS are both built in then keywords of <I>openssl</I> and <I>mbedtls</I> will select one or the other. Keywords like <I>tlsv1.0</I> can be used to set a minimum TLS protocol version, or <I>-tlsv1.2</I> to set a maximum version.
<DT><B>-u, --user </B><I>&lt;username&gt;</I>

<DD>
When started as root the program switches to a non-privileged effective user-id when idle. This option can be used to define the idle user-id and also the group ownership of new files and sockets. Specify <I>root</I> to  disable all user-id switching. Ignored on Windows.
<DT><B>-v, --verbose</B>

<DD>
Enables more verbose logging when used with <I>--log</I>, and more verbose help when used with <I>--help</I>.
<DT><B>-V, --version</B>

<DD>
Displays version information and then exits.
</DL>
<A NAME="lbAF">&nbsp;</A>
<H2>SEE ALSO</H2>

<B><A HREF="../man1/emailrelay-submit.1.html">emailrelay-submit</A></B>(1),

<B><A HREF="../man1/emailrelay-passwd.1.html">emailrelay-passwd</A></B>(1),

<A NAME="lbAG">&nbsp;</A>
<H2>AUTHOR</H2>

Graeme Walker, mailto:<A HREF="mailto:graeme_walker@users.sourceforge.net">graeme_walker@users.sourceforge.net</A>
<P>

<HR>
<A NAME="index">&nbsp;</A><H2>Index</H2>
<DL>
<DT><A HREF="#lbAB">NAME</A><DD>
<DT><A HREF="#lbAC">SYNOPSIS</A><DD>
<DT><A HREF="#lbAD">DESCRIPTION</A><DD>
<DT><A HREF="#lbAE">OPTIONS</A><DD>
<DT><A HREF="#lbAF">SEE ALSO</A><DD>
<DT><A HREF="#lbAG">AUTHOR</A><DD>
</DL>
<HR>
This document was created by
<A HREF="lynxcgi:./cgi-bin/man/man2html">man2html</A>,
using the manual pages.<BR>
</BODY>
</HTML>