SMTP & LMTP transparent forwarding

Module that implements transparent forwarding of messages over SMTP.

Use in pipeline configuration:

deliver_to smtp tcp://127.0.0.1:5353
# or
deliver_to smtp tcp://127.0.0.1:5353 {
  # Other settings, see below.
}

target.lmtp can be used instead of target.smtp to use LMTP protocol.

Endpoint addresses use format described in Configuration files syntax / Address definitions.

Configuration directives

target.smtp {
    debug no
    tls_client {
        ...
    }
    attempt_starttls yes
    require_tls no
    auth off
    targets tcp://127.0.0.1:2525
    connect_timeout 5m
    command_timeout 5m
    submission_timeout 12m
}

debug boolean

Default: global directive value

Enable verbose logging.

tls_client { ... }

Default: not specified

Advanced TLS client configuration options. See TLS configuration / Client for details.

starttls boolean

Default: yes (no for target.lmtp)

Use STARTTLS to enable TLS encryption. If STARTTLS is not supported by the remote server - connection will fail.

maddy will use localhost as HELO hostname before STARTTLS and will only send its actual hostname after STARTTLS.

attempt_starttls boolean

Default: yes (no for target.lmtp)

DEPRECATED: Equivalent to starttls. Plaintext fallback is no longer supported.

require_tls boolean

Default: no

DEPRECATED: Ignored. Set starttls yes to use STARTLS.

auth `off` | `plain` username password | `forward` | `external`

Default: off

Specify the way to authenticate to the remote server. Valid values:

off – No authentication.
plain – Authenticate using specified username-password pair. Don't use this without enforced TLS (require_tls).
forward – Forward credentials specified by the client. Don't use this without enforced TLS (require_tls).
external – Request "external" SASL authentication. This is usually used for authentication using TLS client certificates. See TLS configuration / Client for details.

targets endpoints...

Required.
Default: not specified

List of remote server addresses to use. See Address definitions for syntax to use. Basically, it is tcp://ADDRESS:PORT for plain SMTP and tls://ADDRESS:PORT for SMTPS (aka SMTP with Implicit TLS).

Multiple addresses can be specified, they will be tried in order until connection to one succeeds (including TLS handshake if TLS is required).

connect_timeout duration

Default: 5m

Same as for target.remote.

command_timeout duration

Default: 5m

Same as for target.remote.

submission_timeout duration

Default: 12m

Same as for target.remote.

Frequently Asked Questions
Tutorials
Release builds
Multiple domains configuration
Upgrading from older maddy versions
Outbound delivery security
Docker
Reference manual
- Modules introduction
- Global configuration directives
- TLS configuration
- Automatic certificate management via ACME
- Endpoints configuration
- IMAP storage
  - IMAP filters
  - SQL-indexed storage
  - Blob storage
    - Filesystem
    - Amazon S3
- SMTP message routing (pipeline)
- SMTP targets
- SMTP checks
- SMTP modifiers
  - DKIM signing
  - Envelope sender / recipient rewriting
- Lookup tables (string translation)
- Authentication providers
- Configuration files syntax
Integration with software
Internals

SMTP & LMTP transparent forwarding

Configuration directives

debug boolean

tls_client { ... }

starttls boolean

attempt_starttls boolean

require_tls boolean

auth off | plain username password | forward | external

targets endpoints...

connect_timeout duration

command_timeout duration

submission_timeout duration

auth `off` | `plain` username password | `forward` | `external`