s/qmail BLURB
=============

s/sqmail inherits all features of qmail, since it includes its
concept and its code. 

Confidentially: s/qmail adds transmission confidentially by means
of TLS encryption. TLS encryption is provdided by for all protocols
except for QMTP while requiring UCSPI-SSL. 

Privacy: s/qmail does currently not provide email privacy. 
The persistance storage (Queue) is unencrypted and shared. 
This might be changed in forthcoming releases.

Authentication: s/sqmail supports user authentication for sending
and receiving mails by means of SMTP(S). QMTP and QMQP however, are
solely host-to-host mail transfer protocols. 

Distribution: s/qmail uses the concept of distributed queues to be
fed either by SMTP or QMTP/QMQP. 

Multi-domain capability: s/qmails allows to set up differently
parametrized transport/distribution pathes based on the domains
under control of the MTA. This concept is close to a multi-tenant
behavior; regarding the domain, not the individual recipient/sender.


Authenticated Email Senders
===========================

Within s/qmail both 

* qmail-smtpd for receiving emails and
* qmail-remote for sending emails 

support authentication regarding the methods

- PLAIN,
- LOGIN, and
- CRAM-MD5.

Additionally, 

* qmail-smtpd accepts authentication based on

- X.509 client certs.

* qmail-popup together with
* qmail-pop3d 

provide authentication by means of the methods

- USER and
- APOP.

The authentication module

* qmail-authuser

replaces the old 

* checkpassword and perhaps
* cmd5checkpw 

programs with much more flexibility. 
Given a LDAP infrastucture, 

* qmail-ldapam 

can be used to call the user data from here.


Validation receiving Mails
==========================

Within s/sqmail 

* qmail-smtpd,
* qmail-qmtpd, and
* qmail-qmqpd

are able to receive email from the Internet. 

While 

* qmail-qmtpd and
* qmail-qmqpd

use QMTP/QMQP transmitting emails and are currently
only supported by Postfix, Qmail, and s/qmail in a 
dedicated environment,

* qmail-smtpd

supports both SMTP and ESMTP and is a potential 
target for spam, virii, and other unsolicited email.

Thus 

* qmail-smtpd

supports greylisting and provides filters for the 

- SMTP envelope information, 
- the email content (with different mechanisms) and in 
  particular to check/validate the existance of a potenial 
- email recipient.

For this purpose, the modules

* qmail-smtpam, 
* qmail-vmailuser,
* ldapam, and
* qmail-authuser together with
* qmail-ldapam

are available. The RECIPIENTS mechanism supports a 
domain dependent validation based on a PAM mechanism
or perhaps a cdb. 

Domain based SPF lookups are provided for

* qmail-smtpd.


Anti-Spam Mechanisms
====================

* rblsmtpd (out of the package ucspi-tcp6)

supports 

- Relay Black Lists (RBL) and
- Greetdelay

prior of receiving mail by

* qmail-smtpd.

In adddition,

* qmail-smtpd

provides by means of the 

- QMAILQUEUE hook

an interface to SpamAssassin and other tools.
A wrapper script is included.

Further, the well known

- postgrey

server can be used by

* qmail-postgrey

as an add-on to be called by 

* qmail-smtpd.


Anti-Virus Mechanism
====================

* qmail-smtpd

uses 

- MIME and
- LOADER type

filters to allow an on-the-fly recognition of executable.

Anti-Virus tools are supported either by

- QHPSI or by the
- QMAILQUEUE hook.

A (combined) wrapper script for 

* qmail-queue 

is provided. 


Bounce Control
==============

Within s/qmail

* qmail-send 

is responsible to generated bounces, ie. None Deliverable Reports (NDR). 
s/qmail uses qmail's concept to generate the NDRs in the QSMBF (qmail-send
Message Bounce Format) unaltered (http://cr.yp.to/proto/qsbmf.txt). 

To control NDR, s/qmail provides two means:

* qmail-send 

can be adviced -- while generating a NDR -- to limit it to N bytes. 
Effectively this means the orgininal message is truncated and not 
completely bounced.

Upon transmitting bounce messages to third-party MTAs

* qmail-remote 

can be set-up to use a particular

- bounce queue (s/qmail instance) 

to take care of this delivery. Thus generic message transmission
is decoupled from bounce processing and does not inflict with it.


Logging, Monitoring, and Housekeeping
=====================================

s/qmail writes log information for 

- qmail-send (qmail-local & qmail-remote/qmail-smtpam) on FD 2
- qmail-popup (authentication information only) on FD 5
- qmail-smtpd (see 'LOGGING') on FD 2

Either the log information is fed by means of 'splogger' 
into the Syslog, or treated by daemontool's 'multilog' 
which automatically does the housekeeping and provides
a TAI64N timestamp for each line (event). 

Using 'multilog', the log information can be
picked up by 'qmail-mrtg' and graphically
displayed using 'MRTG' or 'RRDtool'.

The log information can be analysed using
the 'qmailanalog' facility and for convenience
the program 'tai64nfrac' is included.

The separate package 'newanalyse' provides
an easy customizable umbrella script for analysis 
and long-haule housekeeping together with the 
capability to track each incoming and outgoing 
mail.


E. Hoffmann -- 2021/01/01.



