File: anubis.info, Node: Top, Next: Overview, Up: (dir) Copyright (C) 2001, 2002, 2003, 2004 Wojciech Polak and Sergey Poznyakoff. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, with the Front-Cover texts being "A GNU Manual", and with the Back-Cover Texts as in (a) below. A copy of the license is included in the section entitled "GNU Free Documentation License". (a) The FSF's Back-Cover Text is: "You have freedom to copy and modify this GNU Manual, like GNU software. Copies published by the Free Software Foundation raise funds for GNU development." 1 GNU Anubis ************ This edition of the `GNU Anubis Manual', last updated 18 December 2004, documents GNU Anubis Version 4.0. * Menu: * Overview:: Preliminary information. * Glossary:: Frequently Used Terms Explained. * Authentication:: How Incoming Connections Are Authenticated. * Configuration:: Writing your own configuration files. * Rule System:: How to use the Rule System. * Invoking Anubis:: How to invoke the GNU `anubis'. * Sample Beginning:: Here is a sample beginning. * TLS/SSL:: Using the TLS/SSL Encryption. * S/MIME:: Using S/MIME signatures. * Mutt:: Using Anubis with Mutt. * Problems:: Reporting bugs. Appendices * Pixie-Dixie:: Original description of the new GNU Anubis operation mode. * GNU Free Documentation License:: This manual is under the GNU Free Documentation License. Indices * Concept Index:: Index of concepts. File: anubis.info, Node: Overview, Next: Glossary, Prev: Top, Up: Top 2 Overview ********** GNU Anubis is an SMTP message submission daemon. Its purpose is to receive the outgoing message, perform some manipulations over its contents, and to forward the altered message to the mail transport agent. The usual mail sending scheme looks as follows: the user composes his message using "mail user agent" ("MUA" for short). Once the message is composed, the user sends it. When the MUA receives the send command it connects to the "mail transport agent" ("MTA" for short) and passes it the message for delivery. The figure below illustrates this interaction: +-------+ +-------+ | MUA | ---[outmsg]---> | MTA | ... [outmsg] +-------+ +-------+ | | V +--------------+ | Recipient's | | Mailbox | +--------------+ As shown in this figure, the outgoing message ("outmsg"), reaches the recipient's mailbox unaltered. However, there are situations where it may be necessary to modify the outgoing message before it reaches MTA. As the simplest example, the user might wish to sign the outgoing messages with his PGP key, but his MUA does not support this operation or supports it unconditionally. In such cases, installing GNU Anubis between the MUA and MTA allows the user to perform any additional processing on the sent message. The figure below illustrates this concept: +-------+ +--------+ +-------+ | MUA | ---[outmsg]---> | Anubis | ---[modmsg]---> | MTA | +-------+ +--------+ +-------+ | [modmsg] . . V +--------------+ | Recipient's | | Mailbox | +--------------+ The outgoing message is processed by GNU Anubis, and it is the resulting message ("modmsg") that reaches the MTA. GNU Anubis is able to perform on messages a wide set of operations, such as modifying message headers or body, encrypting or signing messages with GPG (GNU Privacy Guard) keys, installing secure tunnels to MTA using TLS/SSL encryption, tunneling messages through SOCKS proxies, etc. When the set of built-in operations is not enough, the user can define his own operations using Guile, a "GNU's Ubiquitous Intelligent Language for Extensions". The message processing is controlled by system-wide and per-user configuration files written in a flexible and easy to use command scripting language, specially designed for this purpose. File: anubis.info, Node: Glossary, Next: Authentication, Prev: Overview, Up: Top 3 Glossary of Frequently Used Terms *********************************** "Authentication" A process whereby Anubis determines the authenticity of the connecting party, its user name and configuration settings. "Protocol" Any standard for the exchange of information. A protocol defines the specific wording and control flow for communications between two or more programs, devices, or systems. "SMTP" Simple Mail Transport Protocol is a common mechanism for exchanging mail across a network. This protocol is described in the RFC 821 document. "Daemon" We use a term "daemon" to define a process that runs in the background, doing automated processing. "Server" A server provides information or other services for its clients. Most network protocols are client-server based. This term usually refers to an entire machine, but it can refer (and we're doing that) also to the particular program or process, on that machine, that provides the service. "Proxy" We use a term "proxy" to define a program, which goes between the MUA and the MTA (it makes a tunnel). It can be used as a gateway to the outside world, while using a firewall. In this case the host under the firewall sends data to the proxy server, which in turn forwards it to the real server outside, receives the response, and passes it back to the internal host. "Guile" GNU's Ubiquitous Intelligent Language for Extensions. It provides a Scheme interpreter conforming to the R4RS language specification. GNU Anubis uses Guile as its extension language. For more information about Guile, *Note Overview: (guile)Top. "GPG" GNU Privacy Guard, a tool compatible with the Pretty Good Privacy. File: anubis.info, Node: Authentication, Next: User Database, Prev: Glossary, Up: Top 4 Authentication **************** When GNU Anubis accepts an incoming connection, it first has to identify the remote party, i.e. determine whether it has the right to use Anubis resources and, if so, what configuration settings should be used during the session. We call this process "authentication". The exact method of authentication depends on Anubis "operation mode". Currently there are two modes: transparent This is the default mode. It is compatible with versions of GNU Anubis up to 3.6.2. In this mode, Anubis relies on AUTH service (`identd') to authenticate users. auth This mode uses SMTP AUTH mechanism to authenticate incoming connections. *Note Pixie-Dixie::, this is the first draft description of this mode. Both modes have their advantages and deficiencies, which you have to weigh carefully before choosing which one to use. These are discussed below: Transparent (`traditional') mode. --------------------------------- Deficiencies: 1. The user must have `identd' installed on his machine. 2. Each user must have a system account on the machine where GNU Anubis runs (though the system administrator may relax this limitation using user name translation, *note TRANSLATION Section::). Advantages: 1. Relative simplicity. You don't have to create your users database. 2. Authentication is performed immediately after the connection. Auth mode. ---------- Deficiencies: 1. You have to maintain your users database 2. User's MUA must be able to perform ESMTP AUTH.(1) Advantages: 1. Better reliability. 2. Users do not have to run `identd' on their machines. 3. Users are not required to have accounts on the machine where Anubis runs. 4. Users can remotely modify their configuration files. * Menu: * User Database:: * Database URL:: * Managing the Database:: ---------- Footnotes ---------- (1) It is not a serious restriction, however. The user may install Anubis on his machine for the sole purpose of SMTP authentication, as Pixie-Dixie suggests. File: anubis.info, Node: User Database, Next: Database URL, Prev: Authentication, Up: Authentication 4.1 User Database ================= GNU Anubis uses "User Database" for keeping "user credentials", i.e. data used to authenticate and authorize users. The exact way of storing these data does not matter here, it will be addressed further in this manual. In this section we treat user database as an abstraction layer. The user database consists of "records". Each record keeps information about a particular "user". A record consists of four "fields". A field may contain some value, or be empty, in which case we say that the field has "null" value. The record fields are: `SMTP AUTHID' SMTP authentication ID of the user. `AUTH PASSWORD' SMTP password. `ACCOUNT' System user name to be used. `CONFIG' Path to the configuration file. The first two fields are mandatory and must always have non-null values. No two records in the database may have the same value of `SMTP AUTHID' field. When `anubis' is trying to authenticate a user, it first looks up in the database a record with the value of `SMTP AUTHID' field matching AUTHID given by the user. If no such entry is found, authentication fails. Otherwise, `anubis' goes on and compares the password supplied by the user with that from `AUTH PASSWORD' column. If these match, authentication succeeds and `anubis' passes to authorization state. In this state, it first determines the user ID (UID) to switch to. If the `ACCOUNT' field is not null, its value is used as a login name of the system account to use. If it is null, `anubis' switches to the privilege level of a "default not privileged user", specified by `user-notprivileged' statement in the global configuration file (*note user-notprivileged: Security Settings.). The final step is to parse "user configuration file". If `CONFIG' field is not null, its value is used as absolute path to the configuration file. Otherwise, `anubis' searches for file `~/.anubisrc' (where `~' denotes home directory for the system account obtained on the previous step) and if such a file exists, loads it. File: anubis.info, Node: Database URL, Next: text, Prev: User Database, Up: Authentication 4.2 Database URL ================ Anubis database is identified by its "URL", or "Universal Resource Locator". A `URL' consists of following elements (square brackets enclose optional elements): PROTO://[[USER[:PASSWORD]@]HOST]/PATH[PARAMS] The detailed description of each `URL' part follows: PROTO Specifies a database "protocol". The protocol describes how the database is to be accessed. In a way, it may be regarded as specifying the database "type". Currently, GNU Anubis supports following database protocols: `text' A plain text file, containing users' credentials. `gdbm' GDBM database `mysql' MySQL database `pgsql' PostgreSQL database `postgres' Alias for `pgsql'. These protocols are described in detail below. USER User name necessary to access the database. PASSWORD User password necessary to access the database. HOST Domain name or IP address of a machine running the database. PATH A "path" to the database. The exact meaning of this element depends on the database protocol. It is described in detail when discussing particular database protocols. PARAMS A list of protocol-dependent parameters. Each parameter is of the form `KEYWORD=NAME', parameters are separated by semicolons. * Menu: * text:: Plain text databases * gdbm:: Databases in GDBM format * sql:: MySQL and PostgreSQL databases File: anubis.info, Node: text, Next: gdbm, Prev: Database URL, Up: Database URL 4.2.1 Plain text databases -------------------------- This is the simplest database possible. It is kept in a plain text file. Each line in this file represents a single "record", empty lines and lines beginning with `#' ("comments") sign are ignored. Records consist of "fields", each field being a sequence of characters. Fields are separated by colons (`:', ASCII 58). If `:' character occurs in a field, it is preceeded by a single backslash character (`\\', ASCII 92). A record must contain at least two fields. 1. SMTP `AUTHID'. 2. SMTP password. 3. Account name. 4. Path to user configuration file. URL syntax ---------- The URL syntax for this type of databases is quite simple: text:PATH where PATH specifies absolute file name of the database file. File: anubis.info, Node: gdbm, Next: sql, Prev: text, Up: Database URL 4.2.2 Databases in GDBM format ------------------------------ The protocol value `gdbm' specifies a "GDBM database". For the detailed description of GDBM system *Note Introduction: (gdbm)Top. URL syntax for GDBM databases is: gdbm:PATH where PATH specifies absolute file name of the database file. File: anubis.info, Node: sql, Next: Managing the Database, Prev: gdbm, Up: Database URL 4.2.3 MySQL and PostgreSQL -------------------------- This is the most flexible database format. GNU Anubis 4.0 supports MySQL(1) and PostgreSQL(2) interfaces. No matter which of them you use, the implementation details are hidden behind a single consistent Anubis interface. GNU Anubis supposes that all user data are kept in a single database table. This table must have at least four columns for storing SMTP `AUTHID', SMTP password, system account name and path to user configuration file. Among those, only the last two may have NULL values. There is no restriction on the name of the database or the authentication table, nor on its column names. This information may be specified in URL as discussed below. URL syntax ---------- PROTO://[[USER[:PASSWORD]@HOST/DBNAME[PARAMS] PROTO describes the exact database type to use. Use `mysql' for MySQL databases and `pgsql' or `postgres' for PostgreSQL databases. Optional USER and PASSWORD specify authentication credentials used to access the database. HOST sets domain name or IP address of the machine running the database. It may be omitted if the database resides on `localhost'. The database name is specified by DBNAME element. Finally, further details needed for connecting to the database may be given by URL parameters. All of them have reasonable default values, so you'll have to specify only those parameters that does not match the default values. Known parameters are: PORT=NUMBER Specifies the port number to be used when connecting to the database. If it is not specified, the behavior depends on the value of SOCKET parameter: if SOCKET is not present, the program will use the default port number for the given protocol (i.e. 3306 for `mysql' and 5432 for `pgsql'. SOCKET=STRING Specifies UNIX name of the socket to connect to. This parameter cannot be used together with PORT (see above). BUFSIZE=NUMBER Sets the length of the buffer used to create SQL queries. Default is 1024 bytes. TABLE=STRING Specifies the name of database table keeping where the authentication data are stored. Default is `users'. AUTHID=STRING Specifies the name of a column in TABLE which holds `AUTHID' value. Default is `authid'. PASSWD=STRING Specifies the name of a column in TABLE which holds user password. Default is `passwd'. ACCOUNT=STRING Specifies the name of a column in TABLE which holds the name of system account to be used for this `AUTHID'. Default is `account'. RCFILE=STRING Specifies the name of a column in TABLE which holds path to the user's configuration file. Default is `rcfile'. ---------- Footnotes ---------- (1) See `http://www.mysql.com'. (2) See `http://www.postgres.org'. File: anubis.info, Node: Managing the Database, Next: Administrators, Prev: sql, Up: Authentication 4.3 Managing the Database ========================= Managing the user database is a complex task, which looks differently from administrator's and user's point of view. The administrator have full rights on the database, it can add new records and delete or modify existing ones. A user, of course, does not have such ample rights. The only thing he is able to do is to maintain his own record in the database, provided that he already has one. If he does not, he should contact the system administrator and arrange for the creation of his record. * Menu: * Administrators:: The Administrator's View * Users:: The User's View File: anubis.info, Node: Administrators, Next: Create, Prev: Managing the Database, Up: Managing the Database 4.3.1 Administrators -------------------- All administrative tasks are done using `anubisadm' command -- a multipurpose tool for Anubis administrator. The command usage syntax is: anubisadm COMMAND [OPTIONS] DATABASE-URL where COMMAND specifies the operation to be performed on the database, OPTIONS give additional operation-specific parameters, and DATABASE-URL specifies the database to operate upon. All administrative tasks can be subdivided into the following five categories: * Creating the Database * Listing Database Records * Adding New Records * Removing Existing Records * Modifying Existing Records These operations are described in detail in the following subsections. * Menu: * Create:: Creating the Database * List:: Listing Database Records * Add:: Adding New Records * Remove:: Removing Existing Records * Modify:: Modifying Existing Records * anubisadm summary:: Summary of All Administrative Commands File: anubis.info, Node: Create, Next: List, Prev: Administrators, Up: Administrators 4.3.1.1 Creating the Database ............................. To create a database use `anubisadm --create' (or `anubisadm -c') command. `Anubisadm' will read database entries from the standard input and write them to the database. The standard input is supposed to be formatted as `text' database (*note text::). Thus to create a GDBM database from plain text file `userlist', use the following command anubisadm --create gdbm:/etc/anubis.db < userlist Similarly, to create an initially empty database, type anubisadm --create gdbm:/etc/anubis.db < /dev/null _Notice_, that if you use SQL database format, `--create' command does not imply creating the database structure! So, before running anubisadm --create mysql://localhost/dbname < userlist make sure you create the underlying database structure (including granting privileges to the `anubis' user), via the usual procedure. Please refer to corresponding database manual for the detailed instructions on this. It is sometimes necessary to convert the existing user database from one format (protocol) to another. For example, suppose you have been running GDBM database (`text:/etc/anubis.db') for some time, but now it has grown considerably and you decided to switch to PostgreSQL database to improve performance. To do so, first create the database using postgres utilities. Then run anubisadm --list text:/etc/anubis.db | \ anubisadm --create pgsql://localhost/dbname That's all there is to it! File: anubis.info, Node: List, Next: Add, Prev: Create, Up: Administrators 4.3.1.2 Listing Database Records ................................ The command `--list' (or `-l') lists the existing database. When run without additional options, it will display all records from the database, e.g.: anubisadm --list gdbm:/etc/anubis.db Among its other uses, such invocation is handy for converting user database to another format (*note Create::). If you wish to list only a particular record, specify the `AUTHID' using `--authid' (`-i') option. For example, to list record of the user with `AUTHID' `test', type: example$ anubisadm --list --authid test gdbm:/etc/anubis.db File: anubis.info, Node: Add, Next: Remove, Prev: List, Up: Administrators 4.3.1.3 Adding New Records .......................... To add a new record use command `--add' (`-a'). Additional data are specified via the following options: `-i STRING' `--authid=STRING' Specify the user `SMTP AUTHID'. `-p STRING' `--password=STRING' Specify user password password. `-u STRING' `--user=STRING' Specify system user name corresponding to the given `AUTHID'. `-f STRING' `--rcfile=STRING' Specify configuration file to be used for this user. For example, the following command adds a record with `SMTP AUTHID' `test', password `guessme' and maps it to the system account `gray': anubisadm --add --authid test --password guessme \ --user gray gdbm:/etc/anubis.db File: anubis.info, Node: Remove, Next: Modify, Prev: Add, Up: Administrators 4.3.1.4 Removing Existing Records ................................. Removing a record is quite straightforward: use `--remove' (`-r') command and specify `AUTHID' using `--authid' option. For example, to remove the record created in the previous subsection, run: anubisadm --remove --authid test gdbm:/etc/anubis.db File: anubis.info, Node: Modify, Next: anubisadm summary, Prev: Remove, Up: Administrators 4.3.1.5 Modifying Existing Records .................................. To modify an existing record use command `--modify' (`-m'). The record is identified via `--authid' option. The fields to be changed are given with the following options: `-p STRING' `--password=STRING' Specify user password password. `-u STRING' `--user=STRING' Specify system user name corresponding to the given `AUTHID'. `-f STRING' `--rcfile=STRING' Specify configuration file to be used for this user. For example, the following command sets new configuration file name for the user `smith': anubisadm --authid smith \ --rcfile=/var/spool/anubis/common gdbm:/etc/anubis.db File: anubis.info, Node: anubisadm summary, Next: Users, Prev: Modify, Up: Administrators 4.3.1.6 Summary of All Administrative Commands .............................................. Usage ----- anubisadm COMMAND [OPTIONS] DATABASE-URL Commands: --------- `-c' `--create' Create the database. `-l' `--list' List the contents of an existing database. `-a' `--add' Add a new record. `-m' `--modify' Modify an existing record. `-r' `--remove' Remove an existing record. `--version' Display program version number and exit. `--help' Display short usage summary and exit. Options: -------- `-i STRING' `--authid=STRING' Specify the authid to operate upon. This option is mandatory for `--add', `--modify' and `--remove' commands. It may also be used with `--list' command. `-p STRING' `--password=STRING' Specify the password for the authid. This option is mandatory for `--add', `--modify' and `--remove' commands. `-u STRING' `--user=STRING' Specify the system user name corresponding to the given authid. It may be used with `--add', `--modify', and `--remove' commands. `-f STRING' `--rcfile=STRING' Specify the rc file to be used for this authid. The option may be used with `--add', `--modify', and `--remove' commands. File: anubis.info, Node: Users, Next: Configuration, Prev: anubisadm summary, Up: Managing the Database 4.3.2 Users ----------- Users maintain their database records using `anubisusr' command. Main purpose of this command is to keep the copy of your configuration on GNU Anubis server up to date. . We recommend to invoke `anubisusr' from your `~/.profile', which will make sure that your configuration file is up to date when you log in. (1). Usage ----- anubisusr [OPTIONS] [SMTP-URL] where SMTP-URL is a URL of your GNU Anubis server. Notice that if it lacks user name and password, then `anubisusr' will first try to retrieve them from your `~/.netrc' file (See `netrc(5)' for more info), and if not found it will prompt you to supply them. Options ------- `-m MECH' `--mechanism MECH' Only use SASL mechanism MECH. Use this option several times to set a list of allowed mechanisms. `-v' `--verbose' Verbose output. Multiple options increase the verbosity. Maximum verbosity level is 3. `--version' Display program version number and exit. `--help' Display short usage summary and exit. ---------- Footnotes ---------- (1) Make sure to run `anubisusr' in background, so it does not slow down your normal login sequence File: anubis.info, Node: Configuration, Next: Rule System, Prev: Users, Up: Top 5 Configuration *************** The behavior of GNU Anubis is controlled by two configuration files. The "system configuration file", `/etc/anubisrc', specifies system-wide options that affect all users. This file is usually owned by root. The "user configuration file" specifies what GNU Anubis should do for a particular user. By default it is located in `~/.anubisrc'. This location can be changed in auth mode. To protect your passwords in the configuration files, use the 0600 (u=rw,g=,o=) permissions, otherwise GNU Anubis won't accept them. Lexical Structure ----------------- Both configuration files use simple line-oriented syntax. Each line introduces a single statement. A statement consists of "words", each word being defined as a contiguous sequence of non-whitespace symbols. A word may be composed of alphanumeric characters and any of the following punctuation symbols: `_', `.', `/', `-'. Any arbitrary sequence of characters enclosed in a pair of double quotes is also recognized as a word. The familiar shell "here document" syntax may be used to produce a word containing several lines of text. The syntax is: <<[-]delimiter text delimiter If "here document" starts with `<<-', then all leading tab characters are stripped from input lines and the line containing "delimiter". This allows to indent here-document in a natural fashion. To summarize all the above, let's consider the example: first-word "second word" <<-EOT Third word containing several lines of text EOT This line contains three words: `first-word', `second word' and the third one composed of the three lines between the `EOT' markers. If a statement is very long, it may be split among several lines of text. To do so, precede the newline characters with a backslash `\', e.g.: a very long statement\ occupying several lines\ of text A `#' in a line starts a "comment". It and the rest of the line are ignored. Comments may appear on any of the lines in the configuration file, except on a commands and within a "here-document" construction. A line containing just a comment (with perhaps spaces before it) is effectively blank, and is ignored. For example: # This is a comment if header[Subject] :re "No.*" # This is also a comment guile-process action-name This # is not a comment!!! fi Logical Structure ----------------- The statements within a configuration file are grouped into "sections". Each section has its name. A section begins with one of the following constructs: BEGIN NAME ---BEGIN NAME--- and ends with one of the following constructs: END ---END--- Notice, that both `BEGIN' and `END' must be uppercase. When using the second form, any amount of whitespace is allowed between the three dashes and the word. The sections cannot be nested. There are five predefined sections, whose names are uppercase. The user may define his own sections, which may then be referred to from the `RULE' section as subroutines (*note Call Action::). The predefined section names are: "AUTH" Controls authentication mechanisms. "CONTROL" This section specifies the basic GNU Anubis behavior. Its presence is required in the system configuration file. It may be used in the user configuration file to override the system-wide settings. "TRANSLATION" This section specifies a translation map for remapping remote or local users. It may be used only in the system-wide configuration file. "GUILE" Contains the settings of the Guile interpreter. The section is allowed in both configuration files. "RULE" Defines the rules that are used to alter the contents of the messages (conditional and unconditional rules). * Menu: * AUTH Section:: * CONTROL Section:: * TRANSLATION Section:: * GUILE Section:: File: anubis.info, Node: AUTH Section, Next: CONTROL Section, Prev: Configuration, Up: Configuration 5.1 AUTH Section ================ `AUTH' session controls various aspects of authentication mode. -- Option: smtp-greeting-message TEXT Configures the greeting message issued by GNU Anubis upon accepting the connection. -- Option: smtp-help-message HELP-TEXT Sets the test of the message issued by Anubis in response to SMTP `HELP' command. HELP-TEXT is a list of strings. Each string from the list will be displayed at a separate response line. -- Option: sasl-password-db URL Sets the user database URL (*note User Database::). -- Option: sasl-allowed-mech MECH-LIST Defines the list of allowed authentication methods. File: anubis.info, Node: CONTROL Section, Next: TRANSLATION Section, Prev: AUTH Section, Up: Configuration 5.2 CONTROL Section =================== The `CONTROL' section specifies the basic GNU Anubis behavior. Specified in the system configuration file, it applies to all users on the machine, but each user can specify its own `CONTROL' section, to customize own settings. Of course, not all options can be set or change by user. Some options can only be set in the system configuration file, and some only in user configuration file. By default, options specified in user configuration file have a *higher* priority that those specified in system configuration file. All option names are case insensitive, so you can use for instance: `bind' or `BIND' or `BiNd', and so on. * Menu: * Basic Settings:: * Output Settings:: * Proxy Settings:: * ESMTP Authentication Settings:: * Encryption Settings:: * Security Settings:: File: anubis.info, Node: Basic Settings, Next: Output Settings, Prev: CONTROL Section, Up: CONTROL Section 5.2.1 Basic Settings -------------------- -- Option: bind [HOST:]PORT Specify the TCP port on which GNU Anubis listens for connections. The default HOST value is `INADDR_ANY', which means that anyone can connect to GNU Anubis. The default PORT number is 24 (private mail system). This option is available only in the system configuration file. If you would like, for instance, to bind GNU Anubis to port 25 (SMTP) and limit its clients only to those from `localhost', then set the following in your system configuration file: bind localhost:25 -- Option: remote-mta HOST[:PORT] Specify a remote SMTP host name or IP address, which GNU Anubis will connect and forward mail to (after a processing). The default PORT number is 25. This option is available in both configuration files. -- Option: local-mta FILE-NAME [ARGS] Execute a local SMTP server, which works on standard input and output (inetd-type program). This option excludes the `remote-mta' keyword (or `--remote-mta' command line option). For example: local-mta /usr/sbin/sendmail -bs -- Option: mode MODE-NAME Selects Anubis operation mode. Allowed values for MODE-NAME are: transparent auth *Note Authentication::, for the detailed discussion of GNU Anubis operation modes. File: anubis.info, Node: Output Settings, Next: Proxy Settings, Prev: Basic Settings, Up: CONTROL Section 5.2.2 Output Settings --------------------- -- Option: termlevel LEVEL This is a logging level for `syslogd' or a terminal (if using the `--foreground' command line option). LEVEL can be one of the following: normal Only errors are logged. This is the default level. verbose Produce more diagnostic output. debug Produce debugging output. silent Do not log anything. This command may be used only in system configuration file. -- Option: logfile FILE-NAME This command specifies an additional file, where GNU Anubis can log its information, but only those information available for a client. Only in user configuration file. For example: logfile "anubis.log" This will log to the `~/anubis.log' file in a client's home directory. -- Option: loglevel LEVEL This option specifies an output level for an additional file (`logfile'). It can be used only in user configuration file. LEVEL is one of the following: none fails all -- Option: tracefile YES-OR-NO -- Option: tracefile FILE-NAME This option instructs `anubis' to log the execution of tests and actions from the RULE sections. This is useful for debugging the configuration files. When this option is used in the system-wide configuration file, only its first form is allowed. Using `tracefile yes' enables logging of the actions and tests to the default syslog channel. Using `tracefile no' disables it. When used in the user configuration file, a filename is allowed as an argument to this option. This allows you to explicitly specify to which file the tracing output should go. Otherwise, using `tracefile yes' enables logging to the same file as `logfile' (if possible). File: anubis.info, Node: Proxy Settings, Next: ESMTP Authentication Settings, Prev: Output Settings, Up: CONTROL Section 5.2.3 Proxy Settings -------------------- -- Option: socks-proxy HOST[:PORT] This option enables tunneling the connections through a SOCKS proxy server, specified as an argument HOST. The PORT default value is 1080, which is a common port number for SOCKS proxies. -- Option: socks-v4 YES-OR-NO This specifies a SOCKS protocol version 4. By default it is turned off, and a default mode is SOCKS protocol version 5. -- Option: socks-auth USERNAME:PASSWORD Specify a user name and a password, if a SOCKS proxy server requires them. A USERNAME and a PASSWORD are separated with a colon (`:'). File: anubis.info, Node: ESMTP Authentication Settings, Next: Encryption Settings, Prev: Proxy Settings, Up: CONTROL Section 5.2.4 ESMTP Authentication Settings ----------------------------------- The following options set authentication credentials for ESMTP authentication. You may use this option, for example, if your MTA requires such an authentication, but your MUA does not support it. -- Option: esmtp-allowed-mech MECH-LIST Defines the list of allowed authentication mechanisms. MECH-LIST is a list of valid authentication mechanism names separated by whitespace. Anubis selects the authentication method using following algorithm: The MTA presents the list of authentication methods it supports. For each element in MECH-LIST, Anubis tests whether it is available in the list presented by MTA. If found, this method is selected. For example, suppose that the MTA supports following mechanisms: PLAIN LOGIN CRAM-MD5 ANONYMOUS and you have following statement in your configuration file esmtp-allowed-mech DIGEST-MD5 CRAM-MD5 LOGIN In this case Anubis will select CRAM-MD5. -- Option: esmtp-require-encryption MECH-LIST This statement declares the list of mechanisms that can be used only over a TLS encrypted channel. By default Anubis uses esmtp-require-encryption LOGIN PLAIN This prevents sending user password over an unencrypted connection. -- Option: esmtp-auth-id AUTHENTICATION-ID Sets authentication ID (user name). -- Option: esmtp-authz-id AUTHORIZATION-ID Sets authorization ID (user name). -- Option: esmtp-password PASSWORD Sets password to be used in authentication. -- Option: esmtp-auth USERNAME:PASSWORD This option sets both authentication and authorization IDs and the password. It is equivalent to esmtp-auth-id USERNAME esmtp-authz-id USERNAME esmtp-password PASSWORD The following options specify authentication credentials for GSSAPI, DIGEST-MD5 and KERBEROS_V5 authentication mechanisms: -- Option: esmtp-service SERVICE-NAME Sets the name of GSSAPI service. -- Option: esmtp-hostname HOSTNAME Sets hostname of the machine. -- Option: esmtp-generic-service SERVISE-NAME Sets generic service name. -- Option: esmtp-passcode PASSCODE Sets passcode. -- Option: esmtp-realm REALM-NAME Sets GSSAPI realm. Following option is useful with ANONYMOUS authentication mechanism: -- Option: esmtp-anonymous-token TOKEN Sets the token to be used with ANONYMOUS authentication mechanism File: anubis.info, Node: Encryption Settings, Next: Security Settings, Prev: ESMTP Authentication Settings, Up: CONTROL Section 5.2.5 Encryption Settings ------------------------- -- Option: ssl YES-OR-NO This option enables the TLS/SSL encryption between the MUA and the MTA. Value `no' is the default, but using the TLS/SSL encryption is recommended. You should also specify a private key and a certificate using the `ssl-key' and `ssl-cert' keywords (defined below). *Note TLS/SSL::, for details. -- Option: ssl-oneway YES-OR-NO This option enables the "ONEWAY" encryption. Use this mode, when you want to use the TLS/SSL, but your MUA doesn't provide a support for ESMTP TLS/SSL. Using this option doesn't require using the `ssl-key' and `ssl-cert' keywords. -- Option: ssl-cert FILE-NAME Specify a certificate for the TLS/SSL encryption. Value `anubis.pem' is the default. -- Option: ssl-key FILE-NAME Specify a private key for the TLS/SSL encryption. Value `anubis.pem' is the default. -- Option: ssl-cafile FILE-NAME Specify a CA certificate file (supported only by GnuTLS). File: anubis.info, Node: Security Settings, Prev: Encryption Settings, Up: CONTROL Section 5.2.6 Security Settings ----------------------- The following options control various security settings. -- Option: allow-local-mta YES-OR-NO For security reasons, this option is set to `no', but the `yes' value enables the `local-mta' keyword (or `--local-mta' command line option), so if you want to use a local mail server, which works on standard input and output, a supervisor must set this option to `yes'. The option is available only in system configuration file. -- Option: drop-unknown-user YES-OR-NO This option drops an unknown user, i.e. a client which has not been verified by IDENT service. Value `no' is the default. -- Option: user-notprivileged USERNAME For security reasons, it is recommended to create an unprivileged user, which the server runs as most of the time, when doing unprivileged operations. The option is available only in system configuration file. For example: user-notprivileged "anubis.unprivileged" *Caution:* Create a user account named `anubis.unprivileged' in the `/etc/passwd', if necessary. Add this user name also to the `/etc/anubis.allow', if using GNU Anubis with PAM support. -- Option: rule-priority VALUE This statement defines the order of execution of the system and user `RULE' sections (*Note Rule System::, for detailed description). It is available only in system configuration file. `system' The system section is executed first, then the user section is executed. `user' The user section is executed first, next the system section is executed. `system-only' Only the system `RULE' section is executed. `user-only' Only the user `RULE' section is executed. -- Option: control-priority VALUE Sets the order of processing the `CONTROL' sections. The option is available only in system configuration file. Its possible values are: `system' The system `CONTROL' section is processed first. Notice, that this means that the user may override the system settings in his configuration file. This is the default setting. `user' The user `CONTROL' section is processed first. Thus, the system-wide settings always override the user private settings. File: anubis.info, Node: TRANSLATION Section, Next: GUILE Section, Prev: CONTROL Section, Up: Configuration 5.3 TRANSLATION Section ======================= The `TRANSLATION' section specifies how to translate remote or local user names, or host names or addresses, to local user names. The `TRANSLATION' section is available _only_ in the system configuration file. Syntax: ---BEGIN TRANSLATION--- translate [USER@]ADDRESS into USERNAME ... ---END--- ADDRESS means host name or IP address. You can also specify `0.0.0.0', and it means any address (`INADDR_ANY'). An example: ---BEGIN TRANSLATION--- translate jack@somewhere.net into john ---END--- The rule above will allow a remote user `jack' at `somewhere.net' to use the configuration file of the local user `john'. Or you can write: `translate somewhere.net into john', and this means that _all_ users at `somewhere.net' are allowed to use the local john's configuration file. File: anubis.info, Node: GUILE Section, Prev: TRANSLATION Section, Up: Configuration 5.4 GUILE Section ================= -- Command: guile-output FILE Specifies the name of the file to bind to the Scheme standard error and output ports. This option has no effect if GNU Anubis is started with either of `--foreground' or `--stdio' command line options. -- Command: guile-debug YES-OR-NO When set to `yes' enables Guile stack traces and debugging output. -- Command: guile-load-path-append PATH Appends the given PATH to the list of Guile load paths (*note %load-path: (guile)Build Config.). -- Command: guile-load-program FILE Reads the given Scheme program. File: anubis.info, Node: Rule System, Next: Invoking Anubis, Prev: Configuration, Up: Top 6 The Rule System ***************** The rule system is a core part of GNU Anubis. It can be regarded as a program that is executed for every outgoing message. Throughout this chapter, when showing syntax definitions, the optional parts of these will be enclosed in a pair of square brackets, e.g.: keyword [OPTIONAL-PART] MANDATORY-PART When the square braces are required symbols, they will be marked as such, e.g.: remove `['KEY`]' The rule system is defined in "RULE" section. The statements within this section are executed sequentially. Each statement is either an "action" or a "conditional statement". * Menu: * Actions:: * Conditional Statements:: * Triggers:: * Boolean Operators:: * Regular Expressions:: * Action List:: * Using Guile Actions:: File: anubis.info, Node: Actions, Next: Conditional Statements, Prev: Rule System, Up: Rule System 6.1 Actions =========== An "action" is a statement defining an operation to be performed over the message. Syntactically, each action is COMMAND [=] RIGHT-HAND-SIDE Where COMMAND specifies a particular operation and RIGHT-HAND-SIDE specifies the arguments for it. The equal sign is optional. File: anubis.info, Node: Conditional Statements, Next: Triggers, Prev: Actions, Up: Rule System 6.2 Conditional Statements ========================== A "conditional statement" defines the control flow in the section. It allows to execute arbitrary actions depending on whether a certain condition is met. A conditional statement in its simplest form is: if PART [PATTERN-MATCH-FLAGS] COND-EXPR ACTION-LIST-1 fi The PART specifies which part of the input should be considered when evaluating the condition. It is either `command', meaning the text of an smtp command issued while sending the message, or `header', meaning the value of an RFC822 header. Either of the two may be followed by the name of the corresponding command or header enclosed in square brackets. If this part is missing, all command or headers will be searched. The optional PATTERN-MATCH-FLAGS alter the pattern matching type used in subsequent conditional expression. It will be described in detail in the section *Note Regular Expressions::. The COND-EXPR is a "conditional expression". It consists of a series of "conditions" joined together with boolean operators `and' or `or' (*note Boolean Operators::). Each condition is: = REGEXP Returns true if the requested part of the input matches the given regular expression (REGEXP). != REGEXP Returns true if the requested part of the input does not match the given regular expression. not CONDITION Reverses the sense of CONDITION ( COND-EXPR ) Returns the result of the conditional expression in parentheses. This is useful for changing operator precedence. The simplest example: if header [Subject] "^ *Re:" ... fi The actions represented by ... will be executed only if the `Subject:' header of the message starts with `Re:' optionally preceded by any amount of whitespace. The more elaborate form of a conditional allows you to choose among the two different action sets depending on a given condition. The syntax is: if PART [FLAGS] COND-EXPR ACTION-LIST-1 else ACTION-LIST-2 fi Here, the ACTION-LIST-1 is executed if the condition COND-EXPR is met. Otherwise, ACTION-LIST-2 is executed. if PART [FLAGS] COND-EXPR ACTION-LIST-1 else ACTION-LIST-2 fi Note also, that in the examples above any of the statements ACTION-LIST may contain conditionals, so that the conditional statements may be nested. This allows to create very sophisticated rule sets. As an example, consider the following statement: if [List-Id] :re ".*" modify [Subject] "[Anubis Commit Notice] &" else if [List-Id] :re ".*" modify [Subject] "[Anubis Bug Notice] &" else add [X-Passed] "Subject checking" fi fi This statement, depending on the value of `List-Id' header, will prepend the `Subject' header with an identification string, or add an `X-Passed' header if no known `List-Id' was found. File: anubis.info, Node: Triggers, Next: Boolean Operators, Prev: Conditional Statements, Up: Rule System 6.3 Triggers ============ Triggers are conditional statements that use the value of the `Subject' header to alter the control flow. Syntactically, a trigger is: trigger [FLAGS] PATTERN ACTION-LIST done Here, PATTERN is the pattern against which the `Subject' header is checked, FLAGS are optional flags controlling the type of regular expression used (*note Regular Expressions::). For backward compatibility, the keyword `rule' may be used instead of `trigger'. The triggers act as follows: First, the value of the `Subject' header is matched against the pattern `@@'PATTERN. If it matches, then the matched part is removed from the `Subject', and the ACTION-LIST is executed. Basically, putting aside the possibility to use different flavors of regular expressions, a trigger is equivalent to the following statement: if header[Subject] :posix "(.*)@@PATTERN" modify header [Subject] "\1" ACTION-LIST fi Thus, adding the `@@RULE-NAME' code to the `Subject' header of your message, triggers a rule named RULE-NAME, specified in a user configuration file. For example: ---BEGIN RULE--- trigger :basic "^gpg-encrypt-john" gpg-encrypt "john's_gpg_key" done ---END--- Now you can simply send an email with the following subject: `hello John!@@gpg-encrypt-john' to process an outgoing message with the rule specified above--encrypt message with a John's public key. Moreover, the trigger will remove the `@@', so John will only receive a message with a subject `hello John!'. Another example shows an even more dynamic trigger, that is using a substitution and back-references: ---BEGIN RULE--- trigger :extended "^gpg-encrypt:(.*)" gpg-encrypt "\1" add [X-GPG-Comment] "Encrypted for \1" done ---END--- To encrypt a message to user e.g. `John', simply send an email with a subject `hello John!@@gpg-encrypt:john's_gpg_key'. This way, you decide at a run time which public key should be used, without creating separate rules for each user; thanks to back-references, those 3--4 lines are enough. File: anubis.info, Node: Boolean Operators, Next: Regular Expressions, Prev: Triggers, Up: Rule System 6.4 Boolean Operators ===================== The following table lists the three boolean operators that can be used in Anubis conditional expressions in the order of increasing binding strength: * `OR' * `AND' * `NOT' As an example, let's consider the following statement: if header[X-Mailer] "mutt" or header[X-Mailer] "mail" \ and not header[Content-Type] "^multipart/mixed;.*" ACTION fi In this case the ACTION will be executed if the `X-Mailer' header contains the word `mutt'. The same ACTION will also be executed if the `X-Mailer' header contains the word `mail' _and_ the value of the `Content-Type' header does not begin with the string `multipart/mixed'. Now, if we wished to execute the ACTION for any message sent using `mail' or `mutt' whose `Content-Type' header does not begin with the string `multipart/mixed', we would write the following: if (header[X-Mailer] "mutt" or header[X-Mailer] "mail") \ and not header[Content-Type] "^multipart/mixed;.*" ACTION fi Notice the use of parentheses to change the binding strength of the boolean operators. File: anubis.info, Node: Regular Expressions, Next: Action List, Prev: Boolean Operators, Up: Rule System 6.5 Regular Expressions ======================= GNU Anubis supports two types of regular expressions: POSIX (both basic and extended), and Perl-style regular expressions. Among this, the former are always supported, whereas the support for the latter depends on the configuration settings at compile time. The default type of regular expressions is POSIX Extended. A number of modifiers is provided to change the type of regular expressions. These are described in the following table. `:regex' `:re' Indicates that the following pattern should be considered a regular expression. The default type for this expression is assumed. `:perl' `:perlre' The regular expression is a Perl-style one. `:exact' `:ex' Disables regular expression matching, all patterns will be matched as exact strings. `:scase' Enables case-sensitive comparison. `:icase' Enables case-insensitive comparison. `:basic' Switches to the POSIX Basic regular expression matching. `:extended' Switches to the POSIX Extended regular expression matching. The special statement `regex' allows you to alter the default regular expression type. For example, the following statement regex :perl :scase sets the default regular expression types to Perl-style, case-sensitive. The settings of `regex' statement regard only those patterns that appear after it in the configuration file and have force until the next occurrence of the `regex' statement. A couple of examples: if header[Subject] :perlre "(?<=(?. Before reporting a bug, make sure you have actually found a real bug. Carefully reread the documentation and see if it really says you can do what you are trying to do. If it is not clear whether you should be able to do something or not, report that too; it's a bug in the documentation! File: anubis.info, Node: Pixie-Dixie, Next: GNU Free Documentation License, Prev: Problems, Up: Top 13 Pixie & Dixie **************** * Introduction This document describes a new scheme for client authentication and authorization in GNU Anubis 4.x. * Task Description So far the only authentication method used by Anubis was based on the AUTH protocol (RFC 1413) (ftp://ftp.rfc-editor.org/in-notes/rfc1413.txt), and thus required client party to use a popular daemon `identd', which listens on TCP port 113 for authentication requests. As its primary advantage, this method allows to quickly identify whom the server had to deal with, i.e. to obtain user name or his UID. Actually, the authentication process finishes before the client sends over his first byte. Besides, this method allows to process the entire SMTP envelope. It has, however, several drawbacks, first of them being the requirement to run `identd' on the client machine, which is not always possible (e.g. on mobile devices), and may be considered harmful for the system security (due to sending user ID over the wire). * The Proposed Solution Proposed are two operation modes: 1. "Traditional" or "transparent" (also known as "Pixie" ;-) 2. "Authentication first" (also known as "Dixie" ;-) A short description of each mode follows: - `Pixie' mode - Server requires the remote party to authenticate itself using SMTP AUTH (RFC 2554) (ftp://ftp.rfc-editor.org/in-notes/rfc2554.txt). - Early processing of SMTP envelope is possible. - Connections between MUA and MTA are tunneled "on the fly" - `Dixie' mode In this mode GNU Anubis runs its own user database, additionally translating logins (*note login translation::). It also is able to keep users' configuration files (an additional option and an advantage -- *note anubis database::). Users are authenticated using ESMTP AUTH protocol. Early processing of SMTP envelope is not possible in this mode , instead it becomes possible only after the authentication is finished successfully. This mode also delays connecting to the MTA, since Anubis first has to perform ESMTP AUTH, and only after finishing authentication, does it read and process the user's configuration file and connects to the selected MTA. Of course, the client is not able to begin sending messages until he is authenticated and accepted by Anubis. * Details There is a great difference between the two modes. To begin with, `Pixie' mode provides a tunnel (or proxy), in the sense that Anubis connects user's MUA to the remote MTA without requiring any special actions from the user. Let's consider a simple interaction between `Machine-A', which runs Anubis 4, and `Machine-B', where MUA is run. A: 220 Machine-A (GNU Anubis vX.X [Dixie]) ESMTP time; send your identity! B: EHLO Machine-B A: 250-Machine-A Hello ID 250-STARTTLS 250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN 250-XDATABASE 250 HELP B: STARTTLS A: 220 2.0.0 Ready to start TLS B: AUTH [method-specific authentication interchange follows] Now, the Anubis server has authenticated the client using data from Anubis database! I'd like this database to contain, beside the user name and password, the name and password of this user on Machine-A. Confusing? Let's suppose that the database contains following record: JohnSmith encrypted-pass-1 John The user has authenticated himself as `JohnSmith' with password `encrypted-pass-1', using ESMTP AUTH, and the given credentials matched those from the Anubis database. Now, Anubis, which has been running with super-user privileges, switches to UID of the user `John'. Such solution will allow for a very flexible database, that would ease the administration tasks, since users will be able to update their corresponding records (of course, if the system administrator grants them such privileges). For instance, ODBC, SQL? Let's return to our sample session. After successful authentication and switching to the user's privileges, Anubis parses file `~/.anubisrc'. Then, based on user's configuration settings, it connects to the MTA and from then on operates as SMTP tunnel and mail processor :-). It sends the following response to `Machine-B': A: 220 OK, Welcome. Continue sending your mail! * Further details The above description shows that it is impossible to use both `Pixie' and `Dixie' simultaneously. It is the responsibility of the system administrator to decide which operation mode to use. We could probably provide for a smooth switching between the two modes, without requiring to restart the daemon... However, it is not critical. Restarting the daemon in order to switch to another operation mode is also a feasible solution. Now, let me describe for what kind of users each mode is intended. The traditional (`Pixie') mode is intended for those users who use Anubis on a single machine or within a local network that allows to use `identd'. In short, `Pixie' is useful when the use of `identd' is possible and safe. In contrast, the new mode `Dixie' is intended for more complex setups, where a single machine running GNU Anubis serves a number of clients connecting from different machines and networks. It is supposed that no client machine is running `identd'. The only recommendation for this mode is that each user have a system account on the machine running Anubis. But then, even this is not required! That's a feature I haven't described yet :^) As described above, Anubis database must contain second login name in order for Anubis to be able to switch to the user's privileges and parse his `~/.anubisrc' file. Now, I supposed that the database is able to keep user configuration files as well. So, each database record must contain an additional flag informing Anubis whether it should read the local file `~/.anubisrc', or read the configuration file stored in the database. Sure enough, GNU Anubis still will have to switch to the user's privileges, for security reasons, but this can be done using usual `user-notprivileged' configuration (*note user-notprivileged: Security Settings.). Surely you have noticed that in its response to EHLO command Dixie returned `250-XDATABASE' capability. Yes, this is exactly that command that I'd like to be used for remote management of the database records (after having successfully passed ESMTP AUTH). Available operations are: `ADD', `MODIFY', `REMOVE', meaning addition, modification and removal of a user record, and `UPLOAD', providing a way to upload the user's configuration file `~/.anubisrc'. This solution will free the users from the obligation to have `~/.anubisrc' on the server machine, so they, for the first time since early Anubis versions, will be able to have their _own_ configuration files. Current versions () require that the user configuration file be stored on the server machine before the user is able to use the service. This approach requires a certain attention from the system administrator. Should the user wish to change something in his configuration file, he would have to install the modified file on `Machine-A' (that's how it works now, and that's how it will continue to work for `Pixie' mode). The new `Dixie' mode solves this and frees the user from necessity to contact the system administrator of `Machine-A'. The Anubis database engine is supposed to check the correctness of the uploaded configuration file and inform the client about the result. It also should compute MD5 hash of the file and compare it to the one sent by the user... What for? * A program sending user's configuration file Well, we're almost finished. The user will have a small program, `config-sender', written in whatever language (C, Java, C#), whose main purpose is to send user's configuration file to the database. Such a program could even be installed on a mobile device! Notice also, that this program is optional, the user is not required to use it. I envision a situation where: 1. A user logs in to his account on `Machine-B' 2. His `~/.profile' invokes `config-sender' program. This program, in turn, computes MD5 sum of the local `~/.anubisrc' file and sends it to Anubis. There it will be compared to the sum kept in the Anubis database, and if the two sums differ, the `config-sender' will upload the contents of `~/.anubisrc'... (1) 3. The `config-sender' program will, of course, connect to the Anubis database using ESMTP (TLS/AUTH) and `XDATABASE'. Such a program will be an additional advantage, since no existing MUA is, of course, able to use `XDATABASE' command to manage Anubis database. Notice however, that GNU Hydrant (http://savannah.gnu.org/projects/hydrant) will probably support `XDATABASE' in the future... * The End. Thus, the user will simply use his MUA, no identd, no hassle :) Actually, the only requirement for the MUA is that it support ESMTP AUTH. Unfortunately, some MUA, even on UNIX-like systems, are still not able to use ESMTP AUTH. But in this case, the user can install Anubis on his machine and use it to perform authentication ;-))) And the last detail: what to do if the remote MTA also requires ESMTP AUTH? The answer is quite simple: GNU Anubis is already able to handle this (*note esmtp-auth: Basic Settings.). * Summary (`Dixie' mode) - a little slower than `Pixie', in the sense that the actual connection to the MTA is established only after successful authentication - does not require `identd'! - allows the user full control over his configuration settings - delays processing of SMTP envelope until after successful authentication. * PS: A couple of words about storing configuration files in the database... These can be stored in a special directory as usual files, then each database record will have an additional field with the name of the configuration file for the given user. -- THE END -- ---------- Footnotes ---------- (1) The scheme implemented currently is a bit different. First, the `config-sender' program issues an `EXAMINE' command that fetches the contents of the user configuration file from the server. Then, it compares it with the local copy kept on the client machine. If the copies differ, `config-sender' issues `UPLOAD' and thus updates the configuration on the server. File: anubis.info, Node: GNU Free Documentation License, Next: Concept Index, Prev: Pixie-Dixie, Up: Top Appendix A GNU Free Documentation License ***************************************** Version 1.2, November 2002 Copyright (C) 2000,2001,2002 Free Software Foundation, Inc. 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. 0. PREAMBLE The purpose of this License is to make a manual, textbook, or other functional and useful document "free" in the sense of freedom: to assure everyone the effective freedom to copy and redistribute it, with or without modifying it, either commercially or noncommercially. Secondarily, this License preserves for the author and publisher a way to get credit for their work, while not being considered responsible for modifications made by others. This License is a kind of "copyleft", which means that derivative works of the document must themselves be free in the same sense. It complements the GNU General Public License, which is a copyleft license designed for free software. We have designed this License in order to use it for manuals for free software, because free software needs free documentation: a free program should come with manuals providing the same freedoms that the software does. But this License is not limited to software manuals; it can be used for any textual work, regardless of subject matter or whether it is published as a printed book. We recommend this License principally for works whose purpose is instruction or reference. 1. APPLICABILITY AND DEFINITIONS This License applies to any manual or other work, in any medium, that contains a notice placed by the copyright holder saying it can be distributed under the terms of this License. Such a notice grants a world-wide, royalty-free license, unlimited in duration, to use that work under the conditions stated herein. The "Document", below, refers to any such manual or work. Any member of the public is a licensee, and is addressed as "you". You accept the license if you copy, modify or distribute the work in a way requiring permission under copyright law. A "Modified Version" of the Document means any work containing the Document or a portion of it, either copied verbatim, or with modifications and/or translated into another language. A "Secondary Section" is a named appendix or a front-matter section of the Document that deals exclusively with the relationship of the publishers or authors of the Document to the Document's overall subject (or to related matters) and contains nothing that could fall directly within that overall subject. (Thus, if the Document is in part a textbook of mathematics, a Secondary Section may not explain any mathematics.) The relationship could be a matter of historical connection with the subject or with related matters, or of legal, commercial, philosophical, ethical or political position regarding them. The "Invariant Sections" are certain Secondary Sections whose titles are designated, as being those of Invariant Sections, in the notice that says that the Document is released under this License. If a section does not fit the above definition of Secondary then it is not allowed to be designated as Invariant. The Document may contain zero Invariant Sections. If the Document does not identify any Invariant Sections then there are none. The "Cover Texts" are certain short passages of text that are listed, as Front-Cover Texts or Back-Cover Texts, in the notice that says that the Document is released under this License. A Front-Cover Text may be at most 5 words, and a Back-Cover Text may be at most 25 words. A "Transparent" copy of the Document means a machine-readable copy, represented in a format whose specification is available to the general public, that is suitable for revising the document straightforwardly with generic text editors or (for images composed of pixels) generic paint programs or (for drawings) some widely available drawing editor, and that is suitable for input to text formatters or for automatic translation to a variety of formats suitable for input to text formatters. A copy made in an otherwise Transparent file format whose markup, or absence of markup, has been arranged to thwart or discourage subsequent modification by readers is not Transparent. An image format is not Transparent if used for any substantial amount of text. A copy that is not "Transparent" is called "Opaque". Examples of suitable formats for Transparent copies include plain ASCII without markup, Texinfo input format, LaTeX input format, SGML or XML using a publicly available DTD, and standard-conforming simple HTML, PostScript or PDF designed for human modification. Examples of transparent image formats include PNG, XCF and JPG. Opaque formats include proprietary formats that can be read and edited only by proprietary word processors, SGML or XML for which the DTD and/or processing tools are not generally available, and the machine-generated HTML, PostScript or PDF produced by some word processors for output purposes only. The "Title Page" means, for a printed book, the title page itself, plus such following pages as are needed to hold, legibly, the material this License requires to appear in the title page. For works in formats which do not have any title page as such, "Title Page" means the text near the most prominent appearance of the work's title, preceding the beginning of the body of the text. A section "Entitled XYZ" means a named subunit of the Document whose title either is precisely XYZ or contains XYZ in parentheses following text that translates XYZ in another language. (Here XYZ stands for a specific section name mentioned below, such as "Acknowledgements", "Dedications", "Endorsements", or "History".) To "Preserve the Title" of such a section when you modify the Document means that it remains a section "Entitled XYZ" according to this definition. The Document may include Warranty Disclaimers next to the notice which states that this License applies to the Document. These Warranty Disclaimers are considered to be included by reference in this License, but only as regards disclaiming warranties: any other implication that these Warranty Disclaimers may have is void and has no effect on the meaning of this License. 2. VERBATIM COPYING You may copy and distribute the Document in any medium, either commercially or noncommercially, provided that this License, the copyright notices, and the license notice saying this License applies to the Document are reproduced in all copies, and that you add no other conditions whatsoever to those of this License. You may not use technical measures to obstruct or control the reading or further copying of the copies you make or distribute. However, you may accept compensation in exchange for copies. If you distribute a large enough number of copies you must also follow the conditions in section 3. You may also lend copies, under the same conditions stated above, and you may publicly display copies. 3. COPYING IN QUANTITY If you publish printed copies (or copies in media that commonly have printed covers) of the Document, numbering more than 100, and the Document's license notice requires Cover Texts, you must enclose the copies in covers that carry, clearly and legibly, all these Cover Texts: Front-Cover Texts on the front cover, and Back-Cover Texts on the back cover. Both covers must also clearly and legibly identify you as the publisher of these copies. The front cover must present the full title with all words of the title equally prominent and visible. You may add other material on the covers in addition. Copying with changes limited to the covers, as long as they preserve the title of the Document and satisfy these conditions, can be treated as verbatim copying in other respects. If the required texts for either cover are too voluminous to fit legibly, you should put the first ones listed (as many as fit reasonably) on the actual cover, and continue the rest onto adjacent pages. If you publish or distribute Opaque copies of the Document numbering more than 100, you must either include a machine-readable Transparent copy along with each Opaque copy, or state in or with each Opaque copy a computer-network location from which the general network-using public has access to download using public-standard network protocols a complete Transparent copy of the Document, free of added material. If you use the latter option, you must take reasonably prudent steps, when you begin distribution of Opaque copies in quantity, to ensure that this Transparent copy will remain thus accessible at the stated location until at least one year after the last time you distribute an Opaque copy (directly or through your agents or retailers) of that edition to the public. It is requested, but not required, that you contact the authors of the Document well before redistributing any large number of copies, to give them a chance to provide you with an updated version of the Document. 4. MODIFICATIONS You may copy and distribute a Modified Version of the Document under the conditions of sections 2 and 3 above, provided that you release the Modified Version under precisely this License, with the Modified Version filling the role of the Document, thus licensing distribution and modification of the Modified Version to whoever possesses a copy of it. In addition, you must do these things in the Modified Version: A. Use in the Title Page (and on the covers, if any) a title distinct from that of the Document, and from those of previous versions (which should, if there were any, be listed in the History section of the Document). You may use the same title as a previous version if the original publisher of that version gives permission. B. List on the Title Page, as authors, one or more persons or entities responsible for authorship of the modifications in the Modified Version, together with at least five of the principal authors of the Document (all of its principal authors, if it has fewer than five), unless they release you from this requirement. C. State on the Title page the name of the publisher of the Modified Version, as the publisher. D. Preserve all the copyright notices of the Document. E. Add an appropriate copyright notice for your modifications adjacent to the other copyright notices. F. Include, immediately after the copyright notices, a license notice giving the public permission to use the Modified Version under the terms of this License, in the form shown in the Addendum below. G. Preserve in that license notice the full lists of Invariant Sections and required Cover Texts given in the Document's license notice. H. Include an unaltered copy of this License. I. Preserve the section Entitled "History", Preserve its Title, and add to it an item stating at least the title, year, new authors, and publisher of the Modified Version as given on the Title Page. If there is no section Entitled "History" in the Document, create one stating the title, year, authors, and publisher of the Document as given on its Title Page, then add an item describing the Modified Version as stated in the previous sentence. J. Preserve the network location, if any, given in the Document for public access to a Transparent copy of the Document, and likewise the network locations given in the Document for previous versions it was based on. These may be placed in the "History" section. You may omit a network location for a work that was published at least four years before the Document itself, or if the original publisher of the version it refers to gives permission. K. For any section Entitled "Acknowledgements" or "Dedications", Preserve the Title of the section, and preserve in the section all the substance and tone of each of the contributor acknowledgements and/or dedications given therein. L. Preserve all the Invariant Sections of the Document, unaltered in their text and in their titles. Section numbers or the equivalent are not considered part of the section titles. M. Delete any section Entitled "Endorsements". Such a section may not be included in the Modified Version. N. Do not retitle any existing section to be Entitled "Endorsements" or to conflict in title with any Invariant Section. O. Preserve any Warranty Disclaimers. If the Modified Version includes new front-matter sections or appendices that qualify as Secondary Sections and contain no material copied from the Document, you may at your option designate some or all of these sections as invariant. To do this, add their titles to the list of Invariant Sections in the Modified Version's license notice. These titles must be distinct from any other section titles. You may add a section Entitled "Endorsements", provided it contains nothing but endorsements of your Modified Version by various parties--for example, statements of peer review or that the text has been approved by an organization as the authoritative definition of a standard. You may add a passage of up to five words as a Front-Cover Text, and a passage of up to 25 words as a Back-Cover Text, to the end of the list of Cover Texts in the Modified Version. Only one passage of Front-Cover Text and one of Back-Cover Text may be added by (or through arrangements made by) any one entity. If the Document already includes a cover text for the same cover, previously added by you or by arrangement made by the same entity you are acting on behalf of, you may not add another; but you may replace the old one, on explicit permission from the previous publisher that added the old one. The author(s) and publisher(s) of the Document do not by this License give permission to use their names for publicity for or to assert or imply endorsement of any Modified Version. 5. COMBINING DOCUMENTS You may combine the Document with other documents released under this License, under the terms defined in section 4 above for modified versions, provided that you include in the combination all of the Invariant Sections of all of the original documents, unmodified, and list them all as Invariant Sections of your combined work in its license notice, and that you preserve all their Warranty Disclaimers. The combined work need only contain one copy of this License, and multiple identical Invariant Sections may be replaced with a single copy. If there are multiple Invariant Sections with the same name but different contents, make the title of each such section unique by adding at the end of it, in parentheses, the name of the original author or publisher of that section if known, or else a unique number. Make the same adjustment to the section titles in the list of Invariant Sections in the license notice of the combined work. In the combination, you must combine any sections Entitled "History" in the various original documents, forming one section Entitled "History"; likewise combine any sections Entitled "Acknowledgements", and any sections Entitled "Dedications". You must delete all sections Entitled "Endorsements." 6. COLLECTIONS OF DOCUMENTS You may make a collection consisting of the Document and other documents released under this License, and replace the individual copies of this License in the various documents with a single copy that is included in the collection, provided that you follow the rules of this License for verbatim copying of each of the documents in all other respects. You may extract a single document from such a collection, and distribute it individually under this License, provided you insert a copy of this License into the extracted document, and follow this License in all other respects regarding verbatim copying of that document. 7. AGGREGATION WITH INDEPENDENT WORKS A compilation of the Document or its derivatives with other separate and independent documents or works, in or on a volume of a storage or distribution medium, is called an "aggregate" if the copyright resulting from the compilation is not used to limit the legal rights of the compilation's users beyond what the individual works permit. When the Document is included an aggregate, this License does not apply to the other works in the aggregate which are not themselves derivative works of the Document. If the Cover Text requirement of section 3 is applicable to these copies of the Document, then if the Document is less than one half of the entire aggregate, the Document's Cover Texts may be placed on covers that bracket the Document within the aggregate, or the electronic equivalent of covers if the Document is in electronic form. Otherwise they must appear on printed covers that bracket the whole aggregate. 8. TRANSLATION Translation is considered a kind of modification, so you may distribute translations of the Document under the terms of section 4. Replacing Invariant Sections with translations requires special permission from their copyright holders, but you may include translations of some or all Invariant Sections in addition to the original versions of these Invariant Sections. You may include a translation of this License, and all the license notices in the Document, and any Warrany Disclaimers, provided that you also include the original English version of this License and the original versions of those notices and disclaimers. In case of a disagreement between the translation and the original version of this License or a notice or disclaimer, the original version will prevail. If a section in the Document is Entitled "Acknowledgements", "Dedications", or "History", the requirement (section 4) to Preserve its Title (section 1) will typically require changing the actual title. 9. TERMINATION You may not copy, modify, sublicense, or distribute the Document except as expressly provided for under this License. Any other attempt to copy, modify, sublicense or distribute the Document is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. 10. FUTURE REVISIONS OF THIS LICENSE The Free Software Foundation may publish new, revised versions of the GNU Free Documentation License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. See `http://www.gnu.org/copyleft/'. Each version of the License is given a distinguishing version number. If the Document specifies that a particular numbered version of this License "or any later version" applies to it, you have the option of following the terms and conditions either of that specified version or of any later version that has been published (not as a draft) by the Free Software Foundation. If the Document does not specify a version number of this License, you may choose any version ever published (not as a draft) by the Free Software Foundation. A.0.1 ADDENDUM: How to use this License for your documents ---------------------------------------------------------- To use this License in a document you have written, include a copy of the License in the document and put the following copyright and license notices just after the title page: Copyright (C) YEAR YOUR NAME. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the section entitled ``GNU Free Documentation License''. If you have Invariant Sections, Front-Cover Texts and Back-Cover Texts, replace the "with...Texts." line with this: with the Invariant Sections being LIST THEIR TITLES, with the Front-Cover Texts being LIST, and with the Back-Cover Texts being LIST. If you have Invariant Sections without Cover Texts, or some other combination of the three, merge those two alternatives to suit the situation. If your document contains nontrivial examples of program code, we recommend releasing these examples in parallel under your choice of free software license, such as the GNU General Public License, to permit their use in free software. File: anubis.info, Node: Concept Index, Prev: GNU Free Documentation License, Up: Top Concept Index ************* [index] * Menu: * Action List: Action List. (line 6) * actions defined: Actions. (line 6) * add: Adding Headers or Text. (line 6) * allow-local-mta: Security Settings. (line 9) * AUTH section: AUTH Section. (line 6) * authentication: Authentication. (line 6) * basic, flag: Regular Expressions. (line 6) * bind: Basic Settings. (line 7) * body-append: Inserting Files. (line 12) * body-clear: Inserting Files. (line 18) * body-clear-append: Inserting Files. (line 21) * bugs: Problems. (line 6) * call: Call Action. (line 6) * client: Overview. (line 6) * command line: Invoking Anubis. (line 6) * Conditional statements: Conditional Statements. (line 6) * configuration: Configuration. (line 6) * CONTROL section: CONTROL Section. (line 6) * control-priority: Security Settings. (line 52) * daemon: Overview. (line 6) * drop-unknown-user: Security Settings. (line 17) * else, conditional statements: Conditional Statements. (line 6) * encryption: TLS/SSL. (line 6) * entire message, filtering: Entire Message Filters. (line 6) * entire-msg-filter: Entire Message Filters. (line 14) * entire-msg-filter, Scheme function: Entire Message Filters. (line 6) * entire-msg.scm: Entire Message Filters. (line 6) * ESMTP authentication: ESMTP Authentication Settings. (line 6) * esmtp-allowed-mech: ESMTP Authentication Settings. (line 11) * esmtp-anonymous-token: ESMTP Authentication Settings. (line 79) * esmtp-auth: ESMTP Authentication Settings. (line 50) * esmtp-auth-id: ESMTP Authentication Settings. (line 41) * esmtp-authz-id: ESMTP Authentication Settings. (line 44) * esmtp-generic-service: ESMTP Authentication Settings. (line 68) * esmtp-hostname: ESMTP Authentication Settings. (line 65) * esmtp-passcode: ESMTP Authentication Settings. (line 71) * esmtp-password: ESMTP Authentication Settings. (line 47) * esmtp-realm: ESMTP Authentication Settings. (line 74) * esmtp-require-encryption: ESMTP Authentication Settings. (line 32) * esmtp-service: ESMTP Authentication Settings. (line 62) * ex, flag: Regular Expressions. (line 6) * exact, flag: Regular Expressions. (line 6) * extended, flag: Regular Expressions. (line 6) * extension language: GUILE Section. (line 6) * external-body-processor: External Processor. (line 7) * FDL, GNU Free Documentation License: GNU Free Documentation License. (line 6) * fi, conditional statements: Conditional Statements. (line 6) * FUNCTION: Invoking Guile Actions. (line 10) * GNU mailutils <1>: comparison. (line 6) * GNU mailutils: mail.remote. (line 6) * GNU Privacy Guard, GnuPG: Mail Encryption. (line 6) * GnuTLS: TLS/SSL. (line 6) * gpg-encrypt: Mail Encryption. (line 19) * gpg-passphrase: Mail Encryption. (line 7) * gpg-se: Mail Encryption. (line 44) * gpg-sign: Mail Encryption. (line 27) * gpg-sign-encrypt: Mail Encryption. (line 43) * GPG/PGP private key: Mail Encryption. (line 6) * GPG/PGP public key: Mail Encryption. (line 6) * Guile <1>: Using Guile Actions. (line 6) * Guile: GUILE Section. (line 6) * Guile Actions, defining: Defining Guile Actions. (line 6) * GUILE section: GUILE Section. (line 6) * guile-debug: GUILE Section. (line 13) * guile-load-path-append: GUILE Section. (line 16) * guile-load-program: GUILE Section. (line 20) * guile-output: GUILE Section. (line 7) * guile-process: Invoking Guile Actions. (line 6) * icase, flag: Regular Expressions. (line 6) * if, conditional statements: Conditional Statements. (line 6) * local-mta: Basic Settings. (line 25) * logfile: Output Settings. (line 27) * loglevel: Output Settings. (line 37) * mail.remote <1>: comparison. (line 6) * mail.remote: mail.remote. (line 6) * mailutils <1>: comparison. (line 6) * mailutils: mail.remote. (line 6) * message submission daemon: Overview. (line 6) * mode: Basic Settings. (line 32) * modify: Modifying Messages. (line 6) * msg2smtp.pl <1>: comparison. (line 6) * msg2smtp.pl: msg2smtp.pl. (line 6) * MTA, Mail Transport Agent: Overview. (line 6) * MUA, Mail User Agent: Overview. (line 6) * mutt: Mutt. (line 6) * mutt, using SMTP gateways <1>: comparison. (line 6) * mutt, using SMTP gateways: patch.sde.libesmtp.3. (line 6) * openssl: S/MIME. (line 6) * OpenSSL: TLS/SSL. (line 6) * openssl-filter: Entire Message Filters. (line 40) * openssl-filter, Scheme function: Entire Message Filters. (line 6) * outgoing mail processor: Overview. (line 6) * overview: Overview. (line 6) * perl, flag: Regular Expressions. (line 6) * perlre, flag: Regular Expressions. (line 6) * Pretty Good Privacy, PGP: Mail Encryption. (line 6) * problems: Problems. (line 6) * proxy: Overview. (line 6) * re, flag: Regular Expressions. (line 6) * regex, flag: Regular Expressions. (line 6) * remailer: Remailers. (line 6) * remailer-I: Remailers. (line 16) * remailer-I, Scheme function: Remailers. (line 16) * remote-mta: Basic Settings. (line 19) * remove: Removing Headers. (line 6) * rot-13: Rot-13. (line 6) * rot-13, Scheme function: Rot-13. (line 20) * rule system: Rule System. (line 6) * rule-priority: Security Settings. (line 33) * sasl-allowed-mech: AUTH Section. (line 21) * sasl-password-db: AUTH Section. (line 18) * scase, flag: Regular Expressions. (line 6) * Scheme: GUILE Section. (line 6) * Secure Socket Layer, SSL: TLS/SSL. (line 6) * server: Overview. (line 6) * settings: Configuration. (line 6) * signature-file-append: Inserting Files. (line 7) * Simple Mail Transport Protocol, SMTP: Overview. (line 6) * smime: S/MIME. (line 6) * smtp-greeting-message: AUTH Section. (line 9) * smtp-help-message: AUTH Section. (line 13) * SOCKS proxy: Proxy Settings. (line 6) * socks-auth: Proxy Settings. (line 16) * socks-proxy: Proxy Settings. (line 7) * socks-v4: Proxy Settings. (line 12) * ssl: Encryption Settings. (line 7) * ssl-cafile: Encryption Settings. (line 28) * ssl-cert: Encryption Settings. (line 20) * ssl-key: Encryption Settings. (line 24) * ssl-oneway: Encryption Settings. (line 14) * stop: Stop Action. (line 6) * system configuration file: Configuration. (line 6) * termlevel: Output Settings. (line 7) * tracefile: Output Settings. (line 48) * TRANSLATION section: TRANSLATION Section. (line 6) * Transport Layer Security, TLS: TLS/SSL. (line 6) * Triggers: Triggers. (line 6) * tunnel: Overview. (line 6) * user configuration file: Configuration. (line 6) * user-notprivileged: Security Settings. (line 21)