-----
                                     ESMTP
                                     -----
                                  José Fonseca
                                      ---
                                   July 2003
                                     

Introduction
~~~~~~~~~~~~

  <<esmtp>> is a user configurable relay-only Mail Transfer Agent (MTA) with a
  <<sendmail>> compatible syntax.  It's based on <<libESMTP>> supporting the
  AUTH (including the CRAM-MD5 and NTLM SASL mechanisms) and the StartTLS SMTP
  extensions.

  See the {{{http://esmtp.sourceforge.net/}ESMTP home page}} for updated
  information.


Configuration
~~~~~~~~~~~~~


* Sample configuration files
~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  This is a simple configuration file for a quick start:

--------------------------------------
hostname = mail.myisp.com:25
username = "myself"
password = "secret"
starttls = enabled

mda "/usr/bin/procmail -d %T"
--------------------------------------

  If you have more than one SMTP account you have them automatically chosen for
  you:

--------------------------------------
identity myself@myisp.com
        hostname mail.myisp.com:25
        username "myself"
        password "secret"
        starttls enabled
	default

identity myself@anotherisp.com
        hostname smtp.anotherisp.com:25
        username "myself"
        password "secret"

mda "/usr/bin/procmail -d %T"
--------------------------------------


* Configuration options
~~~~~~~~~~~~~~~~~~~~~~~

  See the <<esmtprc>> man page for more detailed information on the
  configuration options.


Invocation
~~~~~~~~~~

  <<esmtp>> is command line compatible with <<sendmail>>.

  See the <<esmtp>> man page for information on how to invoke it.


Interfacing to Mail User Agents
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  Most Mail User Agents (MUAs) will work without need to configuration provided
  that you install a symbolic from <<</usr/sbin/sendmail>>> to the esmtp
  executable.  This should already be taken care of by the <install> target of
  the makefile when building from source.

  If by any reason it is not possible to have (such as no administrator
  privileges or the use of another MTA for local delivery) then you will have
  to reconfigure your MUA to use the esmtp executable instead.


* Mutt
~~~~~~

  If not using a symbolic link to the esmtp executable you can make <<Mutt>> use
  <<esmtp>> by adding the following line to your <<<~/.muttrc>>>:

-----------------------------
set sendmail="/path/to/esmtp"
-----------------------------

  <<Esmtp>> supports <<sendmail>> envelope sender <-f> flag, and you are
  advised to always enable it by adding the following line to <<Mutt>>
  configuration file:

---------------------
set envelope_from=yes
---------------------

  For debugging purposes you may prefer to put in your <<<~/.muttrc>>>:

--------------------------------------------------
set sendmail="/path/to/esmtp -v -X /tmp/esmtp.log"
--------------------------------------------------
    
  This will enable verbose output and logging of the traffic with the SMTP
  server.


Interfacing to Mail Delivery Agents
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  <<esmtp>> relies upon a Mail Delivery Agent (MDA) for local mail delivery, so
  you need one if you want to avoid having another MTA for local delivery.  
  
  Notice that at the moment <<esmtp>> does not honor mail aliases or
  <<<.forward>>> files.

  To deliver to other users beside yourself, the MDA must be installed with
  <setuid> flag -- which is done by default in most Linux distributions.


* Procmail
~~~~~~~~~~

  To use <<procmail>> with <<esmtp>> set the <<<mda>>> configuration value to:

-----------------------------
mda="/usr/bin/procmail -d %T"
-----------------------------

  If the mail message doesn't have a Date: header, such as those generated by
  vixie-cron, neither <<esmtp>> or <<procmail>> will add one for you. A simple
  hack is to pipe the message through the <<formail>> program (also part of the
  <<procmail>> distribution), such as:

------------------------------------------------------------
mda='/usr/bin/formail -a "Date: `date -R`" | /usr/bin/procmail -d %T'
------------------------------------------------------------

  Or, alternatively, add the following rule to your <<<.procmailrc>>>:

----------------------------------------------
:0fw
* ! ^Date:
| formail -a "Date: `date -R`"
------------------------------

  
Interfacing with other mail applications
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


* Fetchmail
~~~~~~~~~~~

  By default <<fetchmail>> delivers messages via SMTP to port 25 on the machine
  it is running.  Because <<esmtp>> has no SMTP server if you are not using another 
  MTA for local delivery then you will need to configure <<fetchmail>> to use 
  <<esmtp>> executable.  This is accomplished by adding the following lines to the top
  of your <<<~/.fetchmailrc>>>:

-------------------------------------
defaults
        mda "/path/to/esmtp -f %F %T"
-------------------------------------

  Since <<esmtp>> simply forwards the mail to another MDA you can avoid this
  redundant step by simply replacing the value inside the quotes above by
  whichever value you use on your <<<~/.esmtprc>>>.


Using the StartTLS extension
~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  TLS support in <<libESMTP>> although usable is not yet as robust and
  featureful as the rest of the library. At the moment to use the StarTLS
  extension you will need to:
  
    [[1]] create a ~/.authenticate directory for the certificates. All files
    and directories in ~/.authenticate (including itself) must be user-readable
    only , i.e., they must have 0600 and 0700 permissions respectively.

    [[2]] put the certificate of the trusted Cert-Authority that signed the
    server certificate into <<<~/.authenticate/ca.pem>>>. 

    [[3]] if a client certificate is required by the server then put it
    (including the private key) into
    <<<~/.authenticate/private/smtp-starttls.pem>>> or
    <<<~/.authenticate/host.name/private/smtp-starttls.pem>>>. If your client
    certificate has a passphrase then it should be specificied with the
    <certificate_passphrase> configuration.

    [[4]] enable (or require) the StartTLS extension with the <starttls>
    configuration option. Note that the value of the <hostname> configuration
    option of the server you connect MUST match the name in the server
    certificate, since it will be used to verify the server identity.

  In case of failure no error message will appear. Instead, <<libESMTP>> will
  terminate the SMTP connection right after issuing the STARTLS command.
  
  For more information about TLS support in <<libEMSTP>> see (here in
  cronological order, and roughly in reverse-order of importance):

    * {{http://mail.gnome.org/archives/balsa-list/2002-February/thread.html#00225}}
    
    * {{http://mail.gnome.org/archives/balsa-list/2002-March/thread.html#00000}}
    
    * {{http://mail.gnome.org/archives/balsa-list/2003-September/thread.html#00011}}
    
    * {{http://mail.gnome.org/archives/balsa-list/2003-September/msg00023.html}}

    * comments in smtp-tls.c in the <<libESMTP>> source distribution.
  
  Also of interest may be:
  
    * {{http://postfix.state-of-mind.de/patrick.koetter/smtpauth/postfix_tls_support.html}}