smtpwire

smtpwire

This program sits on the normal mail port - port 25 or port 587 for both plain
and TLS/SSL (or sometimes 465 or 2525 are used) - and pretends to be a fully
functional mail deamon.

It allows ALL mail traffic for a server to be sucked in and treated like an
incoming data stream like a wire service.

If only a few logons on a particular server are required and NOT all, do NOT
use this program but use the normal 'sendmail' routines and add 'sffmail' to
the 'aliases' file.

It allows NO relays, aliases or other dodgy bits - all that is done in other
Fip programs downstream (if you really need them of course).

If you need outgoings, use 'ipsmtp' and point it - using the -h (hostname)
switch at your in-house email server.

To get mail to your system you will need to sweet-talk the mail administrator
to replay those logons you are interested in to the host running 'smtpwire'.

A small FipHdr is added with date and time fields, sender and receiver logons
before the file is passed on - normally to spool/xsmtp for 'ipchkmail' to sort
out.

The Sender is the FipHdr fields SA and the Receipient the DA FipHdr (and DZ to
the no angle brackets-non-domain, stripped version)

To install on a Unix box, you will need to take sendmail down first before
replacing it (so please do make sure no-one else needs mail on that system !).

It is usually started by :
    On Unix it is the 'sendmail' with the '-bd' switches running :
    ps -ef | grep sendm
    root   163  1  0 09:40:22 ? 0:00 /usr/lib/sendmail -bd -q1h

    On Solaris - /etc/rc2.d/S88sendmail
        Stop sendmail with 'S88sendmail stop'
        Then stop it from restarting by renaming this to something NOT starting with
'S99'
    On Linux - RedHat - /etc/rc.d/rc2.d/S80sendmail
        Stop sendmail with 'S80sendmail stop'
        Then stop it from restarting by renaming this to something NOT starting with
'S99'

Note that on some flavours of Unix, 'smtpwire' needs to be started by someone
with 'root' priviledges if the port number is less than 1024 - which port 25
normally is !

If using Unix/Linux, only one instance of smtpwire should be in the SYSTEM file
and the -E 99 switch is used to determine the number of simultaneous inputs.

There is an optional parameter file which will be the same as the -z input
switch.
It can contain any SSL settings :
    use-tls:yes/no/both
        The commands are for a ftp running over SSL/TLS on the remote server
        NOTE - smtpwiressl and NOT smtpwire must be used for SSL/TLS
        default is NO
        no  - normal, standard SMTP on (normally) port 25 for the control
        yes - connect (on port 587) and use SSL for all transfers
        both    - connect in plain and if the remote client sends a 'STARTTLS' command,
use SSL for all subsequent transfers
    tls-auth: (XXX)
        AUTH type for TLS/SSL       default: TLS
        Valid entries are TLS, SSL, TLS-C (whatever that is !) and something starting
'X-' which will be something homegrown !
        NOTE that for all versions of SSL the method string is "SSL" (this string is
case sensitive according to the RFC)
        eg tls-auth:SSL

    ssl-method: tls tls1 tls1.1 tls1.2 sslv2 sslv3 sslv2and3
        Version number to use for TLS/SSL       default: 999 for current default (2 or 3)
        (only the digits are significant, so add other text to make it readable)
        For 'modern' connection, pls do NOT use sslv2 ! as it is deemed insecure
        If default it will check the available list and pick the highest.
        The default is currently 23 which on a modern server is sslv3 and tls1_2 !)
    ssl-password: (password)
    ssl-passwd: (password)            default: none
        Optional password if the handshake requires a shared secret
    ssl-cert: (name of a PEM certificate file)      default: none
    ssl-root-cert: (name of a root PEM certificate file)    defaunt: none
        Optional certificates - held in tables/ssl
    ssl-verify: yes/no  verify certificates     default: yes
    ssl-ciphers: (list) acceptable ciphers
        (use 'openssl ciphers' to list)
        default:  "HIGH:!aNULL:!kRSA:!SRP:!PSK:!CAMELLIA:!RC4:!MD5:!DSS"

Input Parameters :
All Optional :
    -A : name of the archive file if not the -n name field  default: 'name'
    -c : the chrset of the source (SC header field)     default: ascii
    -C : always close the underlying socket         default: no
    -d : done folder                    default: none
        This holds a copy of all incoming data files from every source
        The structure is
            (done folder) / (date)_(logon) eg 20110921_fip / (filename as written to the
o
utput folder)
        It can be purged with an entry in maintenance (zapfiplog)
        eg if '-d raw.smtpwire' and we want the last 30 days data
            /fip/bin/ipdelque -q/fip/spool/raw.smtpwire -i1 -a30
    -D : the name of a DUPLICATE wire where 2 copies of the same
        file is required (SD header field).     default: none
    -E : maximum number of threads              default: 1
        up to a max of 200 (not Win2k)
        Note this is also a hardware limit in that small systems may not be able to
run more than 50 or so
    -f : Extra FIP header information           default: none
        For fixed header info in FIP. eg -f #QA:AA#QB:BASIC
        As this flag is normally the last specified, its contents
        can be used to overwrite any unique fields such as DU, DP,
        SN etc.
    -h : hostname/internet address to select        default: systemname on boot
        for servers with more than one card/address
        To specify ALL ipaddresses on this box : '-h +'
    -I : id of this instance                default: ignored
        Where there are several copies of 'smtpwire' running (more relevant for
Win2k)
    -j : balance queue for balancing doneque items    default: 2balance
    -J : balance group for balancing doneque items    default: -none- no balancing
        This group MUST be in sys/BALANCE
    -l : no logging at all                  default: file
    -L : log all connections and files          default: no
    -n : name of service (same as -z)           default: SMTPWIRE
    -o : Output folder in /fip/spool            default: spool/xsmtp
    -O : Name of output format (DF field)           default: SMTPWIRE
    -P : port number to use                 default: 25 for plain, 587 if TLS is specified
    -r : the name of a DIFFERENT routing table to 'name'
        (SR field : used by iproute)            default: name
    -R : dump all raw data in a dump file in /fip/dump  default: no
    -s : same as -h
    -SSL : Force HTTPS (ie TLS/SSL)          default: no
    -w : max timeout with no data               default: 60 secs
        ie between packets. Set to ZERO to disable or 10 (or more) secs
    -u : logon for files created if NOT that
        which was used to start 'smtpwire'      default: same
    -V : HTTPS TLS/SSL method to use            default: 23 for 2 or 3
    -z : name of service (same as -n)           default: SMTPWIRE
    -Z : do NOT archive any incoming files          default: archive
    -v : Print the version number and exit

Version Control
;1h 24sep15 minor cleanups
    ;b-f 23nov15 added blacklist in /fip/fix (e - allow 0 for range) ;f 16apr18
better TLS plus optional param file
    ;g-h 18jun18 fipseq + Exchange/QP and spc dot bugette
;0z 23may00 original version
    ;a 18oct00 added -u plus bugette for MS EXCHG relays
    ;b-d 15nov00 MSexchg seems to allow multiple Senders !!
        - 503 already have sender now ignored
    ;e 29oct01 WINNT filenames better
    ;f 21jul03 better handling of to/from names; added DZ
    ;g-i 26jul03 added -C; added -w; better logging of incoming files
        allow multiple incoming files in one connection
    ;j-p speedy, -I wireId added ;n donque added, parse added ;o added S5
(remaddr) S6 (thsaddr) and S7 (thshost)
    ;q-s added -B for balance any done queue items
    ;t 24jun15 started STARTTLS ;u-z bugette - return MUST CRNL

(copyright) 2018 and previous years FingerPost Ltd.