1# SMTP/LMTP/Submission endpoint23Module 'smtp' is a listener that implements ESMTP protocol with optional4authentication, LMTP and Submission support. Incoming messages are processed in5accordance with pipeline rules (explained in Message pipeline section below).67```8smtp tcp://0.0.0.0:25 {9 hostname example.org10 tls /etc/ssl/private/cert.pem /etc/ssl/private/pkey.key11 io_debug no12 debug no13 insecure_auth no14 sasl_login no15 read_timeout 10m16 write_timeout 1m17 max_message_size 32M18 max_header_size 1M19 auth pam20 defer_sender_reject yes21 dmarc yes22 smtp_max_line_length 400023 limits {24 endpoint rate 1025 endpoint concurrency 50026 }2728 # Example pipeline ocnfiguration.29 destination example.org {30 deliver_to &local_mailboxes31 }32 default_destination {33 reject34 }35}36```3738## Configuration directives3940### hostname _string_41Default: global directive value4243Server name to use in SMTP banner.4445```46220 example.org ESMTP Service Ready47```4849---5051### tls _certificate-path_ _key-path_ { ... }52Default: global directive value5354TLS certificate & key to use. Fine-tuning of other TLS properties is possible55by specifying a configuration block and options inside it:5657```58tls cert.crt key.key {59 protocols tls1.2 tls1.360}61```6263See [TLS configuration / Server](/reference/tls/#server-side) for details.6465---6667### proxy_protocol _trusted ips..._ { ... } <br>68Default: not enabled6970Enable use of HAProxy PROXY protocol. Supports both v1 and v2 protocols.71If a list of trusted IP addresses or subnets is provided, only connections72from those will be trusted.7374TLS for the channel between the proxies and maddy can be configured75using a 'tls' directive:76```77proxy_protocol {78 trust 127.0.0.1 ::1 192.168.0.1/2479 tls &proxy_tls80}81```8283---8485### io_debug _boolean_86Default: `no`8788Write all commands and responses to stderr.8990---9192### debug _boolean_93Default: global directive value9495Enable verbose logging.9697---9899### insecure_auth _boolean_100Default: `no` (`yes` if TLS is disabled)101102Allow plain-text authentication over unencrypted connections. Not recommended!103104---105106### sasl_login _boolean_107Default: `no`108109Enable support for SASL LOGIN authentication mechanism used by110some outdated clients.111112---113114### read_timeout _duration_115Default: `10m`116117I/O read timeout.118119---120121### write_timeout _duration_122Default: `1m`123124I/O write timeout.125126---127128### max_message_size _size_129Default: `32M`130131Limit the size of incoming messages to 'size'.132133---134135### max_header_size _size_136Default: `1M`137138Limit the size of incoming message headers to 'size'.139140---141142### auth _module-reference_143Default: not specified144145Use the specified module for authentication.146147---148149### defer_sender_reject _boolean_150Default: `yes`151152Apply sender-based checks and routing logic when first RCPT TO command153is received. This allows maddy to log recipient address of the rejected154message and also improves interoperability with (improperly implemented)155clients that don't expect an error early in session.156157---158159### max_logged_rcpt_errors _integer_160Default: `5`161162Amount of RCPT-time errors that should be logged. Further errors will be163handled silently. This is to prevent log flooding during email dictionary164attacks (address probing).165166---167168### max_received _integer_169Default: `50`170171Max. amount of Received header fields in the message header. If the incoming172message has more fields than this number, it will be rejected with the permanent error1735.4.6 ("Routing loop detected").174175---176177### buffer `ram`<br>buffer `fs` _path_ <br>buffer `auto` _max-size_ _path_178Default: `auto 1M StateDirectory/buffer`179180Temporary storage to use for the body of accepted messages.181182- `ram` – Store the body in RAM.183- `fs` – Write out the message to the FS and read it back as needed.184_path_ can be omitted and defaults to StateDirectory/buffer.185- `auto` – Store message bodies smaller than `_max_size_` entirely in RAM,186otherwise write them out to the FS. _path_ can be omitted and defaults to `StateDirectory/buffer`.187188---189190### smtp_max_line_length _integer_191Default: `4000`192193The maximum line length allowed in the SMTP input stream. If client sends a194longer line - connection will be closed and message (if any) will be rejected195with a permanent error.196197RFC 5321 has the recommended limit of 998 bytes. Servers are not required198to handle longer lines correctly but some senders may produce them.199200Unless BDAT extension is used by the sender, this limitation also applies to201the message body.202203---204205### dmarc _boolean_206Default: `yes`207208Enforce sender's DMARC policy. Due to implementation limitations, it is not a209check module.210211**Note**: Report generation is not implemented now.212213**Note**: DMARC needs SPF and DKIM checks to function correctly.214Without these, DMARC check will not run.215216---217218## Rate & concurrency limiting219220### limits { ... }221Default: no limits222223This allows configuring a set of message flow restrictions including224max. concurrency and rate per-endpoint, per-source, per-destination.225226Limits are specified as directives inside the block:227228```229limits {230 all rate 20231 destination concurrency 5232}233```234235Supported limits:236237### _scope_ rate _burst_ _period_238239Rate limit. Restrict the amount of messages processed in _period_ to240_burst_ messages. If period is not specified, 1 second is used.241242### _scope_ concurrency _max_243Concurrency limit. Restrict the amount of messages processed in parallel244to _max_.245246For each supported limitation, _scope_ determines whether it should be applied247for all messages ("all"), per-sender IP ("ip"), per-sender domain ("source") or248per-recipient domain ("destination"). Having a scope other than "all" means249that the restriction will be enforced independently for each group determined250by scope. E.g. "ip rate 20" means that the same IP cannot send more than 20251messages per second. "destination concurrency 5" means that no more than 5252messages can be sent in parallel to a single domain.253254**Note**: At the moment, SMTP endpoint on its own does not support per-recipient255limits. They will be no-op. If you want to enforce a per-recipient restriction256on outbound messages, do so using 'limits' directive for the 'table.remote' module257258It is possible to share limit counters between multiple endpoints (or any other259modules). To do so define a top-level configuration block for module "limits"260and reference it where needed using standard & syntax. E.g.261262```263limits inbound_limits {264 all rate 20265}266267smtp smtp://0.0.0.0:25 {268 limits &inbound_limits269 ...270}271272submission tls://0.0.0.0:465 {273 limits &inbound_limits274 ...275}276```277278Using an "all rate" restriction in such way means that no more than 20279messages can enter the server through both endpoints in one second.280281# Submission module (submission)282283Module 'submission' implements all functionality of the 'smtp' module and adds284certain message preprocessing on top of it, additionally authentication is285always required.286287'submission' module checks whether addresses in header fields From, Sender, To,288Cc, Bcc, Reply-To are correct and adds Message-ID and Date if it is missing.289290```291submission tcp://0.0.0.0:587 tls://0.0.0.0:465 {292 # ... same as smtp ...293}294```295296# LMTP module (lmtp)297298Module 'lmtp' implements all functionality of the 'smtp' module but uses299LMTP (RFC 2033) protocol.300301```302lmtp unix://lmtp.sock {303 # ... same as smtp ...304}305```306307## Limitations of LMTP implementation308309- Can't be used with TCP.310- Delivery to 'sql' module storage is always atomic, either all recipients will311 succeed or none of them will.312