GNU Anubis Manual

Appendices

Indices

1. Overview

GNU Anubis is an SMTP message submission daemon. Its purpose is to receive the outgoing message, perform some manipulations over its contents, and to forward the altered message to the mail transport agent.

The usual mail sending scheme looks as follows: the user composes his message using mail user agent (MUA for short). Once the message is composed, the user sends it. When the MUA receives the send command it connects to the mail transport agent (MTA for short) and passes it the message for delivery. The figure below illustrates this interaction:

+-------+                 +-------+               
|  MUA  | ---[outmsg]---> |  MTA  | ... [outmsg]
+-------+                 +-------+         |     
                                            |
                                            V
                                     +--------------+
                                     |  Recipient's |
                                     |   Mailbox    |  
                                     +--------------+
                                                        

As shown in this figure, the outgoing message (outmsg), reaches the recipient's mailbox unaltered.

However, there are situations where it may be necessary to modify the outgoing message before it reaches MTA. As the simplest example, the user might wish to sign the outgoing messages with his PGP key, but his MUA does not support this operation or supports it unconditionally.

In such cases, installing GNU Anubis between the MUA and MTA allows the user to perform any additional processing on the sent message. The figure below illustrates this concept:

+-------+                 +--------+                 +-------+               
|  MUA  | ---[outmsg]---> | Anubis | ---[modmsg]---> |  MTA  | 
+-------+                 +--------+                 +-------+     
                                                         |
                                                      [modmsg]
                                                         .
                                                         .
                                                         V
                                                  +--------------+
                                                  |  Recipient's |
                                                  |   Mailbox    |  
                                                  +--------------+

The outgoing message is processed by GNU Anubis, and it is the resulting message (modmsg) that reaches the MTA.

GNU Anubis is able to perform on messages a wide set of operations, such as modifying message headers or body, encrypting or signing messages with GPG (GNU Privacy Guard) keys, installing secure tunnels to MTA using TLS/SSL encryption, tunneling messages through SOCKS proxies, etc.

When the set of built-in operations is not enough, the user can define his own operations using Guile, a GNU's Ubiquitous Intelligent Language for Extensions.

The message processing is controlled by system-wide and per-user configuration files written in a flexible and easy to use command scripting language, specially designed for this purpose.

2. Glossary of Frequently Used Terms

Authentication

A process whereby Anubis determines the authenticity of the connecting party, its user name and configuration settings.

Protocol

Any standard for the exchange of information. A protocol defines the specific wording and control flow for communications between two or more programs, devices, or systems.

SMTP

Simple Mail Transport Protocol is a common mechanism for exchanging mail across a network. This protocol is described in the RFC 821 document.

Daemon

We use a term daemon to define a process that runs in the background, doing automated processing.

Server

A server provides information or other services for its clients. Most network protocols are client–server based. This term usually refers to an entire machine, but it can refer (and we're doing that) also to the particular program or process, on that machine, that provides the service.

Proxy

We use a term proxy to define a program, which goes between the MUA and the MTA (it makes a tunnel). It can be used as a gateway to the outside world, while using a firewall. In this case the host under the firewall sends data to the proxy server, which in turn forwards it to the real server outside, receives the response, and passes it back to the internal host.

Guile

GNU's Ubiquitous Intelligent Language for Extensions. It provides a Scheme interpreter conforming to the R4RS language specification. GNU Anubis uses Guile as its extension language. For more information about Guile, See (guile)Top section `Overview' in The Guile Reference Manual.

GPG

GNU Privacy Guard, a tool compatible with the Pretty Good Privacy.

3. Authentication

When GNU Anubis accepts an incoming connection, it first has to identify the remote party, i.e. determine whether it has the right to use Anubis resources and, if so, what configuration settings should be used during the session. We call this process authentication. The exact method of authentication depends on Anubis operation mode. Currently there are two modes:

transparent

This is the default mode. It is compatible with versions of GNU Anubis up to 3.6.2. In this mode, Anubis relies on AUTH service (identd) to authenticate users.

auth

This mode uses SMTP AUTH mechanism to authenticate incoming connections. See section Pixie & Dixie, this is the first draft description of this mode.

Both modes have their advantages and deficiencies, which you have to weigh carefully before choosing which one to use. These are discussed below:

Transparent (‘traditional’) mode.

Deficiencies:

1. The user must have identd installed on his machine.
2. Each user must have a system account on the machine where GNU Anubis runs (though the system administrator may relax this limitation using user name translation, see section TRANSLATION Section).

Advantages:

1. Relative simplicity. You don't have to create your users database.
2. Authentication is performed immediately after the connection.

Auth mode.

Deficiencies:

1. You have to maintain your users database
2. User's MUA must be able to perform ESMTP AUTH.(1)

Advantages:

1. Better reliability.
2. Users do not have to run identd on their machines.
3. Users are not required to have accounts on the machine where Anubis runs.
4. Users can remotely modify their configuration files.

3.1 User Database

GNU Anubis uses User Database for keeping user credentials, i.e. data used to authenticate and authorize users. The exact way of storing these data does not matter here, it will be addressed further in this manual. In this section we treat user database as an abstraction layer.

The user database consists of records. Each record keeps information about a particular user. A record consists of four fields. A field may contain some value, or be empty, in which case we say that the field has null value.

The record fields are:

SMTP AUTHID

SMTP authentication ID of the user.

AUTH PASSWORD

SMTP password.

ACCOUNT

System user name to be used.

CONFIG

Path to the configuration file.

The first two fields are mandatory and must always have non-null values. No two records in the database may have the same value of SMTP AUTHID field. When anubis is trying to authenticate a user, it first looks up in the database a record with the value of SMTP AUTHID field matching AUTHID given by the user. If no such entry is found, authentication fails. Otherwise, anubis goes on and compares the password supplied by the user with that from AUTH PASSWORD column. If these match, authentication succeeds and anubis passes to authorization state.

In this state, it first determines the user ID (UID) to switch to. If the ACCOUNT field is not null, its value is used as a login name of the system account to use. If it is null, anubis switches to the privilege level of a default not privileged user, specified by user-notprivileged statement in the global configuration file (see section user-notprivileged).

The final step is to parse user configuration file. If CONFIG field is not null, its value is used as absolute path to the configuration file. Otherwise, anubis searches for file ‘~/.anubisrc’ (where ‘~’ denotes home directory for the system account obtained on the previous step) and if such a file exists, loads it.

3.2 Database URL

Anubis database is identified by its URL, or Universal Resource Locator. A URL consists of following elements (square brackets enclose optional elements):

proto://[[user[:password]@]host]/path[params]

The detailed description of each URL part follows:

proto

Specifies a database protocol. The protocol describes how the database is to be accessed. In a way, it may be regarded as specifying the database type. Currently, GNU Anubis supports following database protocols:

‘text’	A plain text file, containing users' credentials.
‘gdbm’	GDBM database
‘mysql’	MySQL database
‘pgsql’	PostgreSQL database
‘postgres’	Alias for ‘pgsql’.

These protocols are described in detail below.

user

User name necessary to access the database.

password

User password necessary to access the database.

host

Domain name or IP address of a machine running the database.

path

A path to the database. The exact meaning of this element depends on the database protocol. It is described in detail when discussing particular database protocols.

params

A list of protocol-dependent parameters. Each parameter is of the form keyword=name, parameters are separated by semicolons.

3.2.1 Plain text databases

This is the simplest database possible. It is kept in a plain text file. Each line in this file represents a single record, empty lines and lines beginning with ‘#’ (comments) sign are ignored. Records consist of fields, each field being a sequence of characters. Fields are separated by colons (‘:’, ASCII 58). If ‘:’ character occurs in a field, it is preceeded by a single backslash character (‘\\’, ASCII 92). A record must contain at least two fields.

1. SMTP ‘AUTHID’.
2. SMTP password.
3. Account name.
4. Path to user configuration file.

URL syntax

The URL syntax for this type of databases is quite simple:

text:path

where path specifies absolute file name of the database file.

3.2.2 Databases in GDBM format

The protocol value ‘gdbm’ specifies a GDBM database. For the detailed description of GDBM system (gdbm)Top section `Introduction' in The GNU DBM Manual.

URL syntax for GDBM databases is:

gdbm:path

where path specifies absolute file name of the database file.

3.2.3 MySQL and PostgreSQL

This is the most flexible database format. GNU Anubis 4.1 supports MySQL(2) and PostgreSQL(3) interfaces. No matter which of them you use, the implementation details are hidden behind a single consistent Anubis interface.

GNU Anubis supposes that all user data are kept in a single database table. This table must have at least four columns for storing SMTP ‘AUTHID’, SMTP password, system account name and path to user configuration file. Among those, only the last two may have NULL values. There is no restriction on the name of the database or the authentication table, nor on its column names. This information may be specified in URL as discussed below.

URL syntax

proto://[[user[:password]@host/dbname[params]

Proto describes the exact database type to use. Use ‘mysql’ for MySQL databases and ‘pgsql’ or ‘postgres’ for PostgreSQL databases.

Optional user and password specify authentication credentials used to access the database.

Host sets domain name or IP address of the machine running the database. It may be omitted if the database resides on ‘localhost’.

The database name is specified by dbname element.

Finally, further details needed for connecting to the database may be given by URL parameters. All of them have reasonable default values, so you'll have to specify only those parameters that does not match the default values. Known parameters are:

port=number

Specifies the port number to be used when connecting to the database. If it is not specified, the behavior depends on the value of socket parameter: if socket is not present, the program will use the default port number for the given protocol (i.e. 3306 for ‘mysql’ and 5432 for ‘pgsql’.

socket=string

Specifies UNIX name of the socket to connect to. This parameter cannot be used together with port (see above).

bufsize=number

Sets the length of the buffer used to create SQL queries. Default is 1024 bytes.

table=string

Specifies the name of database table keeping where the authentication data are stored. Default is ‘users’.

authid=string

Specifies the name of a column in table which holds ‘AUTHID’ value. Default is ‘authid’.

passwd=string

Specifies the name of a column in table which holds user password. Default is ‘passwd’.

account=string

Specifies the name of a column in table which holds the name of system account to be used for this ‘AUTHID’. Default is ‘account’.

rcfile=string

Specifies the name of a column in table which holds path to the user's configuration file. Default is ‘rcfile’.

3.3 Managing the Database

Managing the user database is a complex task, which looks differently from administrator's and user's point of view. The administrator have full rights on the database, it can add new records and delete or modify existing ones. A user, of course, does not have such ample rights. The only thing he is able to do is to maintain his own record in the database, provided that he already has one. If he does not, he should contact the system administrator and arrange for the creation of his record.

3.3.1 Administrators

All administrative tasks are done using anubisadm command — a multipurpose tool for Anubis administrator.

The command usage syntax is:

anubisadm command [options] database-url

where command specifies the operation to be performed on the database, options give additional operation-specific parameters, and database-url specifies the database to operate upon.

All administrative tasks can be subdivided into the following five categories:

• Creating the Database
• Listing Database Records
• Adding New Records
• Removing Existing Records
• Modifying Existing Records

These operations are described in detail in the following subsections .

3.3.1.1 Creating the Database

To create a database use anubisadm --create (or anubisadm -c) command. Anubisadm will read database entries from the standard input and write them to the database. The standard input is supposed to be formatted as text database (see section Plain text databases).

Thus to create a GDBM database from plain text file ‘userlist’, use the following command

anubisadm --create gdbm:/etc/anubis.db < userlist

Similarly, to create an initially empty database, type

anubisadm --create gdbm:/etc/anubis.db < /dev/null

Notice, that if you use SQL database format, ‘--create’ command does not imply creating the database structure! So, before running

anubisadm --create mysql://localhost/dbname < userlist

make sure you create the underlying database structure (including granting privileges to the anubis user), via the usual procedure. Please refer to corresponding database manual for the detailed instructions on this.

It is sometimes necessary to convert the existing user database from one format (protocol) to another. For example, suppose you have been running GDBM database (text:/etc/anubis.db) for some time, but now it has grown considerably and you decided to switch to PostgreSQL database to improve performance. To do so, first create the database using postgres utilities. Then run

anubisadm --list text:/etc/anubis.db | \
 anubisadm --create pgsql://localhost/dbname

That's all there is to it!

3.3.1.2 Listing Database Records

The command ‘--list’ (or ‘-l’) lists the existing database. When run without additional options, it will display all records from the database, e.g.:

anubisadm --list gdbm:/etc/anubis.db

Among its other uses, such invocation is handy for converting user database to another format (see section Creating the Database).

If you wish to list only a particular record, specify the AUTHID using ‘--authid’ (‘-i’) option. For example, to list record of the user with AUTHID ‘test’, type:

example$ anubisadm --list --authid test gdbm:/etc/anubis.db

3.3.1.3 Adding New Records

To add a new record use command ‘--add’ (‘-a’). Additional data are specified via the following options:

‘-i string’

‘--authid=string’

Specify the user SMTP AUTHID.

‘-p string’

‘--password=string’

Specify user password password.

‘-u string’

‘--user=string’

Specify system user name corresponding to the given AUTHID.

‘-f string’

‘--rcfile=string’

Specify configuration file to be used for this user.

For example, the following command adds a record with SMTP AUTHID ‘test’, password ‘guessme’ and maps it to the system account ‘gray’:

anubisadm --add --authid test --password guessme \
          --user gray gdbm:/etc/anubis.db

3.3.1.4 Removing Existing Records

Removing a record is quite straightforward: use ‘--remove’ (‘-r’) command and specify AUTHID using ‘--authid’ option. For example, to remove the record created in the previous subsection, run:

anubisadm --remove --authid test gdbm:/etc/anubis.db

3.3.1.5 Modifying Existing Records

To modify an existing record use command ‘--modify’ (‘-m’). The record is identified via ‘--authid’ option. The fields to be changed are given with the following options:

‘-p string’

‘--password=string’

Specify user password password.

‘-u string’

‘--user=string’

Specify system user name corresponding to the given AUTHID.

‘-f string’

‘--rcfile=string’

Specify configuration file to be used for this user.

For example, the following command sets new configuration file name for the user ‘smith’:

anubisadm --authid smith \
          --rcfile=/var/spool/anubis/common gdbm:/etc/anubis.db

3.3.1.6 Summary of All Administrative Commands

• Usage

  anubisadm command [options] database-url

• Commands:

  ‘-c’

  ‘--create’

  Create the database.

  ‘-l’

  ‘--list’

  List the contents of an existing database.

  ‘-a’

  ‘--add’

  Add a new record.

  ‘-m’

  ‘--modify’

  Modify an existing record.

  ‘-r’

  ‘--remove’

  Remove an existing record.

  ‘--version’

  Display program version number and exit.

  ‘--help’

  Display short usage summary and exit.

• Options:

  ‘-i string’

  ‘--authid=string’

  Specify the authid to operate upon. This option is mandatory for ‘--add’, ‘--modify’ and ‘--remove’ commands. It may also be used with ‘--list’ command.

  ‘-p string’

  ‘--password=string’

  Specify the password for the authid. This option is mandatory for ‘--add’, ‘--modify’ and ‘--remove’ commands.

  ‘-u string’

  ‘--user=string’

  Specify the system user name corresponding to the given authid. It may be used with ‘--add’, ‘--modify’, and ‘--remove’ commands.

  ‘-f string’

  ‘--rcfile=string’

  Specify the rc file to be used for this authid. The option may be used with ‘--add’, ‘--modify’, and ‘--remove’ commands.

3.3.2 Users

Users maintain their database records using anubisusr command. Main purpose of this command is to keep the copy of your configuration on GNU Anubis server up to date. . We recommend to invoke anubisusr from your ‘~/.profile’, which will make sure that your configuration file is up to date when you log in. (4).

Usage

anubisusr [options] [smtp-url]

where smtp-url is a URL of your GNU Anubis server. Notice that if it lacks user name and password, then anubisusr will first try to retrieve them from your ‘~/.netrc’ file (See netrc(5) for more info), and if not found it will prompt you to supply them.

Options

‘-m mech’

‘--mechanism mech’

Only use SASL mechanism mech. Use this option several times to set a list of allowed mechanisms.

‘-v’

‘--verbose’

Verbose output. Multiple options increase the verbosity. Maximum verbosity level is 3.

‘--version’

Display program version number and exit.

‘--help’

Display short usage summary and exit.

4. Configuration

The behavior of GNU Anubis is controlled by two configuration files. The system configuration file, ‘/etc/anubisrc’, specifies system-wide options that affect all users. This file is usually owned by root. The user configuration file specifies what GNU Anubis should do for a particular user. By default it is located in ‘~/.anubisrc’. This location can be changed in auth mode. To protect your passwords in the configuration files, use the 0600 (u=rw,g=,o=) permissions, otherwise GNU Anubis won't accept them.

Lexical Structure

Both configuration files use simple line-oriented syntax. Each line introduces a single statement. A statement consists of words, each word being defined as a contiguous sequence of non-whitespace symbols. A word may be composed of alphanumeric characters and any of the following punctuation symbols: ‘_’, ‘.’, ‘/’, ‘-’. Any arbitrary sequence of characters enclosed in a pair of double quotes is also recognized as a word. Such a sequence is called quoted string.

Quoted strings follow the same syntax rules as in C language. A backslash character ‘\’ alters the meaning of the character following it. This special construct is called escape sequence. When processing an escape sequence, Anubis removes it from the string and replaces it with a single character as described in the following table:

\a

Audible bell character (ASCII 7)

\b

Backspace (ASCII 8)(5)

\e

Escape character (ASCII 27)

\f

Form feed (ASCII 12)

\n

Newline (ASCII 10)

\r

Carriage return (ASCII 13)

\t

Horizontal tab (ASCII 9)

\d

(where ‘d’ represents a single decimal digit) Reproduced verbatim.

A backslash followed by any character not listed above is replaced by the character alone. This can be used for inserting ‘"’ character within a string, as in the example below:

"This string contains \"quoted string\"."

Similarly, backslash followed by a newline is replaced by the newline itself. Thus, the following two strings are equivalent:

"This string is split\nover two lines"

"This string is split\
over two lines"

The familiar shell here document syntax may be used to produce a word containing several lines of text. The syntax is:

<<[-]delimiter
    text
delimiter

If “here document” starts with ‘<<-’, then all leading tab characters are stripped from input lines and the line containing delimiter. This allows to indent here-document in a natural fashion.

To summarize all the above, let's consider the example:

first-word "second word" <<-EOT
                            Third word
                            containing several
                            lines of text
                            EOT

This line contains three words: ‘first-word’, ‘second word’ and the third one composed of the three lines between the ‘EOT’ markers.

If a statement is very long, it may be split among several lines of text. To do so, precede the newline characters with a backslash ‘\’, e.g.:

a very long statement\
  occupying several lines\
  of text
 

A ‘#’ in a line starts a comment. It and the rest of the line are ignored. Comments may appear on any of the lines in the configuration file, except on a commands and within a “here-document” construction. A line containing just a comment (with perhaps spaces before it) is effectively blank, and is ignored. For example:

# This is a comment
if header[Subject] :re "No.*"  # This is also a comment
  guile-process action-name This # is not a comment!!!
fi

Logical Structure

The statements within a configuration file are grouped into sections. Each section has its name. A section begins with one of the following constructs:

BEGIN name
---BEGIN name---

and ends with one of the following constructs:

END
---END---

Notice, that both ‘BEGIN’ and ‘END’ must be uppercase. When using the second form, any amount of whitespace is allowed between the three dashes and the word.

The sections cannot be nested.

There are five predefined sections, whose names are uppercase. The user may define his own sections, which may then be referred to from the RULE section as subroutines (see section Call Action).

The predefined section names are:

AUTH

Controls authentication mechanisms.

CONTROL

This section specifies the basic GNU Anubis behavior. Its presence is required in the system configuration file. It may be used in the user configuration file to override the system-wide settings.

TRANSLATION

This section specifies a translation map for remapping remote or local users. It may be used only in the system-wide configuration file.

GUILE

Contains the settings of the Guile interpreter. The section is allowed in both configuration files.

RULE

Defines the rules that are used to alter the contents of the messages (conditional and unconditional rules).

4.1 AUTH Section

AUTH session controls various aspects of authentication mode.

Option: smtp-greeting-message text

Configures the greeting message issued by GNU Anubis upon accepting the connection.

Option: smtp-help-message help-text

Sets the test of the message issued by Anubis in response to SMTP HELP command. Help-text is a list of strings. Each string from the list will be displayed at a separate response line.

Option: sasl-password-db url

Sets the user database URL (see section User Database).

Option: sasl-allowed-mech mech-list

Defines the list of allowed authentication methods.

4.2 CONTROL Section

The ‘CONTROL’ section specifies the basic GNU Anubis behavior. Specified in the system configuration file, it applies to all users on the machine, but each user can specify its own ‘CONTROL’ section, to customize own settings. Of course, not all options can be set or changed by user. Some options can only be set in the system configuration file, and some only in user configuration file. By default, options specified in user configuration file have a higher priority that those specified in system configuration file.

All option names are case insensitive, so you can use for instance: bind or BIND or BiNd, and so on.

4.2.1 Basic Settings

(This message will disappear, once this node revised.)

Option: bind [host:]port

Specify the TCP port on which GNU Anubis listens for connections. The default host value is ‘INADDR_ANY’, which means that anyone can connect to GNU Anubis. The default port number is 24 (private mail system). This option is available only in the system configuration file. If you would like, for instance, to bind GNU Anubis to port 25 (SMTP) and limit its clients only to those from ‘localhost’, then set the following in your system configuration file:

bind localhost:25

Option: remote-mta host[:port]

Specify a remote SMTP host name or IP address, which GNU Anubis will connect and forward mail to (after a processing). The default port number is 25. This option is available in both configuration files.

Option: local-mta file-name [args]

Execute a local SMTP server, which works on standard input and output (inetd-type program). This option excludes the ‘remote-mta’ keyword (or ‘--remote-mta’ command line option). For example:

local-mta /usr/sbin/sendmail -bs

Option: mode mode-name

Selects Anubis operation mode. Allowed values for mode-name are:

transparent

auth

See section Authentication, for the detailed discussion of GNU Anubis operation modes.

Option: read-entire-body yes-or-no

When processing a multi-part message using an external filter (see section Using an External Processor) Anubis normally feeds to it only the first part. The rest of the message is copied verbatim. To alter this behavior so that your external program sees the entire message body, set read-entire-body yes in your control section.

Option: incoming-mail-rule string

Declares name of processing sections for incoming mail. Default is ‘INCOMING’. This option is available only for system configuration file. See section Using Anubis to Process Incoming Mail, for detailed description of incoming mail processing.

Option: outgoing-mail-rule string

Declares name of processing sections for outgoing mail. Default is ‘RULE’. This option is available only for system configuration file.

4.2.2 Output Settings

Option: termlevel level

This is a logging level for syslogd or a terminal (if using the ‘--foreground’ command line option). level can be one of the following:

normal

Only errors are logged. This is the default level.

verbose

Produce more diagnostic output.

debug

Produce debugging output.

silent

Do not log anything.

This command may be used only in system configuration file.

Option: logfile file-name

This command specifies an additional file, where GNU Anubis can log its information, but only those information available for a client. Only in user configuration file. For example:

logfile "anubis.log"

This will log to the ‘~/anubis.log’ file in a client's home directory.

Option: loglevel level

This option specifies an output level for an additional file (‘logfile’). It can be used only in user configuration file. level is one of the following:

none

fails

all

Option: tracefile yes-or-no

Option: tracefile file-name

This option instructs anubis to log the execution of tests and actions from the RULE sections. This is useful for debugging the configuration files.

When this option is used in the system-wide configuration file, only its first form is allowed. Using ‘tracefile yes’ enables logging of the actions and tests to the default syslog channel. Using ‘tracefile no’ disables it.

When used in the user configuration file, a filename is allowed as an argument to this option. This allows you to explicitly specify to which file the tracing output should go. Otherwise, using ‘tracefile yes’ enables logging to the same file as ‘logfile’ (if possible).

Option: HANG delay

Do not use this option, unless you are developing or debugging Anubis! This option instructs a child process to hang for the given number of seconds. Before hanging, the process will issue the following diagnostic message, no matter what the settings of termlevel variable were:

Child process suspended for delay seconds

This option is useful for Anubis developers who wish to attach to a child process with debugger. After attaching, set the variable _anubis_hang to zero to continue processing. It is useful to add the following statement to your ‘.gdbinit’ file:

set variable _anubis_hang=0

4.2.3 Proxy Settings

Option: socks-proxy host[:port]

This option enables tunneling the connections through a SOCKS proxy server, specified as an argument host. The port default value is 1080, which is a common port number for SOCKS proxies.

Option: socks-v4 yes-or-no

This specifies a SOCKS protocol version 4. By default it is turned off, and a default mode is SOCKS protocol version 5.

Option: socks-auth username:password

Specify a user name and a password, if a SOCKS proxy server requires them. A username and a password are separated with a colon (‘:’).

4.2.4 ESMTP Authentication Settings

The following options set authentication credentials for ESMTP authentication. You may use this option, for example, if your MTA requires such an authentication, but your MUA does not support it.

Option: esmtp-allowed-mech mech-list

Defines the list of allowed authentication mechanisms. Mech-list is a list of valid authentication mechanism names separated by whitespace.

Anubis selects the authentication method using following algorithm: The MTA presents the list of authentication methods it supports. For each element in mech-list, Anubis tests whether it is available in the list presented by MTA. If found, this method is selected. For example, suppose that the MTA supports following mechanisms:

PLAIN LOGIN CRAM-MD5 ANONYMOUS

and you have following statement in your configuration file

esmtp-allowed-mech DIGEST-MD5 CRAM-MD5 LOGIN

In this case Anubis will select CRAM-MD5.

Option: esmtp-require-encryption mech-list

This statement declares the list of mechanisms that can be used only over a TLS encrypted channel. By default Anubis uses

esmtp-require-encryption LOGIN PLAIN

This prevents sending user password over an unencrypted connection.

Option: esmtp-auth-id authentication-id

Sets authentication ID (user name).

Option: esmtp-authz-id authorization-id

Sets authorization ID (user name).

Option: esmtp-password password

Sets password to be used in authentication.

Option: esmtp-auth username:password

This option sets both authentication and authorization IDs and the password. It is equivalent to

esmtp-auth-id username esmtp-authz-id username esmtp-password password

The following options specify authentication credentials for GSSAPI, DIGEST-MD5 and KERBEROS_V5 authentication mechanisms:

Option: esmtp-service service-name

Sets the name of GSSAPI service.

Option: esmtp-hostname hostname

Sets hostname of the machine.

Option: esmtp-generic-service servise-name

Sets generic service name.

Option: esmtp-passcode passcode

Sets passcode.

Option: esmtp-realm realm-name

Sets GSSAPI realm.

Following option is useful with ANONYMOUS authentication mechanism:

Option: esmtp-anonymous-token token

Sets the token to be used with ANONYMOUS authentication mechanism

4.2.5 Encryption Settings

Option: ssl yes-or-no

This option enables the TLS/SSL encryption between the MUA and the MTA. Value ‘no’ is the default, but using the TLS/SSL encryption is recommended. You should also specify a private key and a certificate using the ‘ssl-key’ and ‘ssl-cert’ keywords (defined below). See section Using the TLS/SSL Encryption, for details.

Option: ssl-oneway yes-or-no

This option enables the ONEWAY encryption. Use this mode, when you want to use the TLS/SSL, but your MUA doesn't provide a support for ESMTP TLS/SSL. Using this option doesn't require using the ‘ssl-key’ and ‘ssl-cert’ keywords.

Option: ssl-cert file-name

Specify a certificate for the TLS/SSL encryption. Value ‘anubis.pem’ is the default.

Option: ssl-key file-name

Specify a private key for the TLS/SSL encryption. Value ‘anubis.pem’ is the default.

Option: ssl-cafile file-name

Specify a CA certificate file (supported only by GnuTLS).

4.2.6 Security Settings

The following options control various security settings.

Option: allow-local-mta yes-or-no

For security reasons, this option is set to ‘no’, but the ‘yes’ value enables the ‘local-mta’ keyword (or ‘--local-mta’ command line option), so if you want to use a local mail server, which works on standard input and output, a supervisor must set this option to ‘yes’. The option is available only in system configuration file.

Option: drop-unknown-user yes-or-no

This option drops an unknown user, i.e. a client which has not been verified by IDENT service. Value ‘no’ is the default.

Option: user-notprivileged username

For security reasons, it is recommended to create an unprivileged user, which the server runs as most of the time, when doing unprivileged operations. The option is available only in system configuration file. For example:

user-notprivileged "anubis.unprivileged"

Caution: Create a user account named ‘anubis.unprivileged’ in the ‘/etc/passwd’, if necessary. Add this user name also to the ‘/etc/anubis.allow’, if using GNU Anubis with PAM support.

Option: rule-priority value

This statement defines the order of execution of the system and user RULE sections (See section The Rule System, for detailed description). It is available only in system configuration file.

system

The system section is executed first, then the user section is executed.

user

The user section is executed first, next the system section is executed.

system-only

Only the system RULE section is executed.

user-only

Only the user RULE section is executed.

Option: control-priority value

Sets the order of processing the CONTROL sections. The option is available only in system configuration file. Its possible values are:

system

The system CONTROL section is processed first. Notice, that this means that the user may override the system settings in his configuration file. This is the default setting.

user

The user CONTROL section is processed first. Thus, the system-wide settings always override the user private settings.

4.3 TRANSLATION Section

The ‘TRANSLATION’ section specifies how to translate remote or local user names, or host names or addresses, to local user names. The ‘TRANSLATION’ section is available only in the system configuration file. Syntax:

---BEGIN TRANSLATION---
translate  [user@]address into  username
...
---END---

address means host name or IP address. You can also specify ‘0.0.0.0’, and it means any address (‘INADDR_ANY’).

An example:

---BEGIN TRANSLATION---
translate jack@somewhere.net into john
---END---

The rule above will allow a remote user ‘jack’ at ‘somewhere.net’ to use the configuration file of the local user ‘john’. Or you can write: ‘translate somewhere.net into john’, and this means that all users at ‘somewhere.net’ are allowed to use the local john's configuration file.

4.4 GUILE Section

Command: guile-output file

Specifies the name of the file to bind to the Scheme standard error and output ports. This option has no effect if GNU Anubis is started with either of ‘--foreground’ or ‘--stdio’ command line options.

Command: guile-debug yes-or-no

When set to ‘yes’ enables Guile stack traces and debugging output.

Command: guile-load-path-append path

Appends the given path to the list of Guile load paths (see %load-path: (guile)Build Config section `Build Config' in The Guile Reference Manual).

Command: guile-load-program file

Reads the given Scheme program.

5. The Rule System

The rule system is a core part of GNU Anubis. It can be regarded as a program that is executed for every outgoing message.

Throughout this chapter, when showing syntax definitions, the optional parts of these will be enclosed in a pair of square brackets, e.g.:

keyword [optional-part] mandatory-part

When the square braces are required symbols, they will be marked as such, e.g.:

remove ‘[’key‘]’

The rule system is defined in RULE section. The statements within this section are executed sequentially. Each statement is either an action or a conditional statement.

5.1 Actions

An action is a statement defining an operation to be performed over the message. Syntactically, each action is

command [=] right-hand-side

Where command specifies a particular operation and right-hand-side specifies the arguments for it. The equal sign is optional.

5.2 Conditional Statements

A conditional statement defines the control flow in a section. It allows to execute arbitrary actions depending on whether a certain condition is met. The conditional statement in its simplest form is:

if condition
  action-list-1
fi

If condition evaluates to true, then the list of statements action-list-1 is executed.

A simple condition has the following syntax:

part [sep] [op] [pattern-match-flags] regex

(where the square brackets denote optional parts). Its parts are:

part

The part specifies which part of the input should be considered when evaluating the condition. It is either ‘command’, meaning the text of an smtp command issued while sending the message, or ‘header’, meaning the value of an RFC822 header. Either of the two may be followed by the name of the corresponding command or header enclosed in square brackets. If this part is missing, all command or headers will be searched.

sep

Optional concatenation separator. See section Concatenations, for its meaning.

op

Either ‘=’, meaning “match”, or ‘!=’, meaning “does not match”. Missing op is equivalent to ‘=’.

pattern-match-flags

Optional pattern-match-flags alter the pattern matching type used in subsequent conditional expression. It will be described in detail in the section Regular Expressions.

regex

The regex is a regular expression enclosed in double quotes.

The condition yields true if the requested part of the input matches the given regular expression (if op is ‘=’), or does not match it (if op is ‘!=’).

The simplest example:

if header [Subject] "^ *Re:"
  ...
fi

The actions represented by … will be executed only if the ‘Subject:’ header of the message starts with ‘Re:’ optionally preceded by any amount of whitespace.

The more elaborate form of a conditional allows you to choose among the two different action sets depending on a given condition. The syntax is:

if condition
  action-list-1
else
  action-list-2
fi

Here, the action-list-1 is executed if the condition is met. Otherwise, action-list-2 is executed.

if condition
  action-list-1
else
  action-list-2  
fi

Note also, that in the examples above any of the statements action-list may contain conditionals, so that the conditional statements may be nested. This allows to create very sophisticated rule sets. As an example, consider the following statement:

if [List-Id] :re ".*<anubis-commit@gnu.org>"
  modify [Subject] "[Anubis Commit Notice] &"
else
  if [List-Id] :re ".*<bug-anubis@gnu.org>"
    modify [Subject] "[Anubis Bug Notice] &"
  else
    add [X-Passed] "Subject checking"
  fi
fi  

This statement, depending on the value of List-Id header, will prepend the Subject header with an identification string, or add an X-Passed header if no known List-Id was found.

5.2.1 Concatenations

It is important to understand that conditional expressions choose the first match. To illustrate this, lets suppose you need to store values of all recipients from the envelope in the ‘X-Also-Delivered-To’ header. A naive way to do so is:

if command [rcpt to:] = "(.*)"
  add header [X-Also-Delivered-To] "\1"
fi

However, this will store only the very first RCPT TO value, so you will not achieve your goal.

To help you in this case, anubis offers a concatenation operator, whose effect is to concatenate the values of all requested keys prior to matching them against the regular expression. Syntactically, the concatenation operator is a string enclosed in parentheses, placed right after the key part of a condition. This string is used as a separator when concatenating values. For example:

if command [rcpt to:] (",") = "(.*)"
  add header [X-Also-Delivered-To] "\1"
fi

This fragment will first create a string consisting of all RCPT TO addresses, separated by a comma, and then will match it against the regular expression on the right hand side. Since this expression matches any string, the ‘\1’ will contain a comma-separated list of addresses.

5.3 Triggers

Triggers are conditional statements that use the value of the ‘Subject’ header to alter the control flow. Syntactically, a trigger is:

trigger [flags] pattern
  action-list
done

Here, pattern is the pattern against which the ‘Subject’ header is checked, flags are optional flags controlling the type of regular expression used (see section Regular Expressions). For backward compatibility, the keyword rule may be used instead of trigger.

The triggers act as follows: First, the value of the ‘Subject’ header is matched against the pattern ‘@@’pattern. If it matches, then the matched part is removed from the ‘Subject’, and the action-list is executed.

Basically, putting aside the possibility to use different flavors of regular expressions, a trigger is equivalent to the following statement:

if header[Subject] :posix "(.*)@@pattern"
  modify header [Subject] "\1"
  action-list
fi

Thus, adding the ‘@@rule-name’ code to the ‘Subject’ header of your message, triggers a rule named rule-name, specified in a user configuration file. For example:

---BEGIN RULE---
trigger :basic "^gpg-encrypt-john"
   gpg-encrypt "john's_gpg_key"
done
---END---

Now you can simply send an email with the following subject: ‘hello John!@@gpg-encrypt-john’ to process an outgoing message with the rule specified above—encrypt message with a John's public key. Moreover, the trigger will remove the ‘@@’, so John will only receive a message with a subject ‘hello John!’.

Another example shows an even more dynamic trigger, that is using a substitution and back-references:

---BEGIN RULE---
trigger :extended "^gpg-encrypt:(.*)"
   gpg-encrypt "\1"
   add [X-GPG-Comment] "Encrypted for \1"
done
---END---

To encrypt a message to user e.g. ‘John’, simply send an email with a subject ‘hello John!@@gpg-encrypt:john's_gpg_key’. This way, you decide at a run time which public key should be used, without creating separate rules for each user; thanks to back-references, those 3—4 lines are enough.

5.4 Boolean Operators

The following table lists the three boolean operators that can be used in Anubis conditional expressions in the order of increasing binding strength:

• ‘OR’
• ‘AND’
• ‘NOT’

As an example, let's consider the following statement:

if header[X-Mailer] "mutt" or header[X-Mailer] "mail" \
   and not header[Content-Type] "^multipart/mixed;.*"
   action
fi

In this case the action will be executed if the X-Mailer header contains the word ‘mutt’. The same action will also be executed if the X-Mailer header contains the word ‘mail’ and the value of the Content-Type header does not begin with the string ‘multipart/mixed’.

Now, if we wished to execute the action for any message sent using mail or mutt whose Content-Type header does not begin with the string ‘multipart/mixed’, we would write the following:

if (header[X-Mailer] "mutt" or header[X-Mailer] "mail") \
   and not header[Content-Type] "^multipart/mixed;.*"
   action
fi

Notice the use of parentheses to change the binding strength of the boolean operators.

5.5 Regular Expressions

GNU Anubis supports two types of regular expressions: POSIX (both basic and extended), and Perl-style regular expressions. Among this, the former are always supported, whereas the support for the latter depends on the configuration settings at compile time. The default type of regular expressions is POSIX Extended.

Notice, that regular expressions often contain characters, prefixed with backslash (e.g. ‘\(’ in basic POSIX or ‘\s’ in perl-style regexp). Due to escape substitution (see section Configuration), you will have to escape the backslash character, e.g. write:

modify :perl body ["\\stext"] "text"

instead of

# WRONG!
modify :perl body ["\stext"] "text"

However, this rule does not apply to back references, i.e. "\1" is OK.

A number of modifiers is provided to change the type of regular expressions. These are described in the following table.

:regex

:re

Indicates that the following pattern should be considered a regular expression. The default type for this expression is assumed.

:perl

:perlre

The regular expression is a Perl-style one.

:exact

:ex

Disables regular expression matching, all patterns will be matched as exact strings.

:scase

Enables case-sensitive comparison.

:icase

Enables case-insensitive comparison.

:basic

Switches to the POSIX Basic regular expression matching.

:extended

Switches to the POSIX Extended regular expression matching.

The special statement regex allows you to alter the default regular expression type. For example, the following statement

regex :perl :scase

sets the default regular expression types to Perl-style, case-sensitive. The settings of regex statement regard only those patterns that appear after it in the configuration file and have force until the next occurrence of the regex statement.

A couple of examples:

if header[Subject] :perlre "(?<=(?<!foo)bar)baz"
 ...
fi

This will match any Subject header whose value matches an occurrence of ‘baz’ that is preceded by ‘bar’ which in turn is not preceded by ‘foo’.

if header[Subject] :scase "^Re"

will match a Subject header whose value starts with ‘Re’, but will not match it if it starts with ‘RE’ or ‘re’.

When using POSIX regular expressions, the extended syntax is enabled by default. If you wish to use a basic regular expression, precede it with the :basic flag.

For the detailed description of POSIX regular expressions, See (regex)Top section `Regular Expression Library' in Regular Expression Library. For information about Perl-style regular expressions, refer to the Perl documentation.