Mail Server

The Synchronet Mail Server is responsible for incoming and outgoing Internet e-mail.

The mail server accepts submissions via the SMTP and ESMTP protocols, by default, on TCP ports 25 and 587.

By default, the mail server does not allow relaying of mail from unauthenticated clients to external mail servers.

The SMTP server supports authentication via the PLAIN, LOGIN, or CRAM-MD5 SMTP-AUTH methods (client chooses).

The SMTP server does not at this time support SMTP-TLS sessions.

The SMTP server can service multiple simultaneous incoming sessions and messages, with multiple recipients per message.

The SMTP server also supports the SEND, SAML and SOML commands for delivering instant messages (a.k.a. telegrams) to users of the BBS.

Recipient mail addresses can have special prefixes to direct the routing of the incoming mail:

It is sometimes preferred to use an alias (configured in the ctrl/alias.cfg file) to allow the reception of a more “normal” looking email address and route to the Specially-Prefixed address. The following examples allows the reception of email sent to “cnnreport@<yourbbs>” and forwards the message to the message sub-board with the internal code of dove-deb:

cnnreport    sub:dove-deb

Incoming email is scanned for To: headers in the format <name>#<tag>@host

Tag is extracted, and if it is not found in data/user/<usernum>.smtptags it is sent to the user. If it DOES match a line in the smtptags file, the email is rejected with a “no such user” error.

Using this this feature allows you (the sysop) to easily create “temporary” email addresses. Once you start recieving spam on one tag, just disable it.

The SendMail Thread is responsible for delivering mail using the SMTP or ESMTP protocols, optionally authenticating using PLAIN, LOGIN, or CRAM-MD5 SMTP-AUTH methods if required by an SMTP relay server.

The SendMail Thread does not at this time support SMTP-TLS sessions.

The SendMail Thread currently can service one outgoing SMTP/ESMTP session at a time.

The mail server also services authenticated “post office” requests from mail clients using the POP3 protocol, by default, on TCP port 110.

The POP3 server supports client authentication via the USER or APOP methods.

The POP3 server can service multiple simultaneous incoming sessions.

For IMAP support, see Deuce's IMAP Service.

The Synchronet SMTP Server contains several anti-SPAM measures:

• DNS-based blacklist (DNSBL) look-up support with exemptions and multiple possible actions upon positive results
• Mail server filtering based on IP address/subnet or hostname (ctrl/spamblock.cfg), with exemptions (ctrl/spamblock_exempt.cfg)
• Email address filtering with wildcard support (text/email.can)
• Message subject filtering with wildcard support (text/subject.can)
• Configurable SPAM bait list (ctrl/spambait.cfg) for auto-blocking mail servers based on honey-pot destination email addresses
• Unlimited number of external mail processors (e.g. spamc.js, mailauth.js) that can modify (e.g. tag) or reject email messages at will
• Synchronet's normal host filtering (via ip.can and host.can) and configurable LoginAttempt tracking/throttling/blocking (in sbbs.ini) is also employed

DNS-based Blacklists (DNSBL) are 3rd party databases of IP addresses whose hosts are suspected of being habitual spammers or have other security problems which make mail received from these systems highly suspicious. Different DNSBL services/servers have differing criteria for what can get an IP listed or de-listed (removed) from their database. Examine your ctrl/dns_blacklist.cfg file to determine what DNSBL services your Synchronet Mail Server is using.

The Synchronet Mail Server can use DNS queries to multiple DNSBL servers (as configured in ctrl/dns_blacklist.cfg) for each inbound SMTP/ESMTP connection from a prospective mail transfer agent (MTA). If the MTA's IP address is listed by one of the DNSBL servers, then multiple actions may be taken:

• A Notice-level mail server log entry: SMTP BLACKLISTED SERVER on ... (always)
• An entry added to the data/spam.log file (always)
• Mail session refused, if the DNSBL_REFUSE option is set in the Mail section of the sbbs.ini file
• SMTP commands and lines of message headers and body text may be throttled at 1 line per second when the DNSBL_THROTTLE option is set
• Reject the mail message, if the DNSBL_BADUSER option is set
• Message Subject may be 'tagged' with a prepended configurable string (e.g. SPAM:), see DNSBlacklistSubject sbbs.ini key
• Message Header may be 'tagged' with a special header field (e.g. X-DNSBL), see DNSBlacklistHeader sbbs.ini key
• Message may be received and ignored/dropped, if the DNSBL_IGNORE option is set
• Message hash stored in a database of SPAM message body hashes (data/spam.hash), if the DNSBL_SPAMHASH option is set

A mail message's “Received” headers may also be scanned for DNSBL-listed IP addresses (DNSBL_CHKRECVHDRS option) so that any e-mail messages that originate or pass-through a DNSBL-listed will be treated as though it is being delivered directly from a DNSBL-listed MTA.

When a DNSBL service reports an IP address as “black-listed”, any additional DNSBL services/servers are not queried.

MTA's whose IP address or hostname is listed in your ctrl/dnsbl_exempt.cfg file are never checked against DNSBL servers.

Mail from e-mail addresses that are listed in the dnsbl_exempt.cfg file are also exempt from DNSBL actions.

The destination addersses of email delivered by the Synchronet Mail Server's SendMail Thread are automatically added to your dnsbl_exempt.cfg file unless the NO_AUTO_EXEMPT option is set.

Most of the DNSBL-related settings can be found in the sbbsctrl Mail Server Configuration tabs:

• TCP/IP FAQ
• sbbs.ini
• domains.cfg
• mailproc.ini
• dns_blacklist.cfg
• dnsbl_exempt.cfg
• spambait.cfg
• spamblock.cfg
• spamblock_exempt.cfg
• twitlist.cfg
• relay.cfg
• Example External Mail Processor (JavaScript)
• ListServer
• ListGate
• spamc
• Servers