3.5. Delivery configuration

This file contains delivery configuration, including settings like pooling and retries. Similar to the smtpd-suspend.yaml and smtpd-policy.yaml configuration files, it can be updated more independently. These settings can also be modified using the HSL Pre-delivery hook. However, unlike the Pre-delivery hook, this file supports conditions based on grouping, remoteip, and remotemx, which are resolved after the Pre-delivery hook runs. By default, smtpd loads it from /etc/halon/smtpd-delivery.yaml. It is described by, and can be validated with, the smtpd-delivery.schema.json. This file can be reloaded using the halonctl queue delivery reload command.

3.5.1. Delivery directives

delivery.conditions[]

Conditions can be used to apply settings. From a performance perspective it’s beneficial to use string and *.domain over regex patterns.

delivery.conditions[].if.tenantid

Supported types are string, /regex/ or a @list of those.

delivery.conditions[].if.jobid

Supported types are string, /regex/ or a @list of those.

delivery.conditions[].if.transportid

Supported types are string, /regex/ or a @list of those.

delivery.conditions[].if.localip

Supported types are ipv4, ipv4network, ipv6, ipv6network or @list of those.

delivery.conditions[].if.grouping

Supported types are string, *.domain, /regex/ or a @list of those.

delivery.conditions[].if.remoteip

Supported types are ipv4, ipv4network, ipv6, ipv6network or @list of those.

delivery.conditions[].if.remotemx

Supported types are domain, *.domain, /regex/ or a @list of those.

delivery.conditions[].if.recipientdomain

Supported types are domain, *.domain, /regex/ or a @list of those.

delivery.conditions[].then.tls.mode

The TLS mode that should be used. One of disabled, optional, optional_verify, require or require_verify. The default is disabled.

delivery.conditions[].then.tls.protocols

The TLS protocols that should be supported. The default is !SSLv2,!SSLv3,!TLSv1,!TLSv1.1.

delivery.conditions[].then.tls.ciphers

The TLS ciphers that should be used (<=TLSv1.2). The default is aNULL:-aNULL:HIGH:MEDIUM:+RC4:@STRENGTH.

delivery.conditions[].then.tls.ciphersuites

The TLS cipher suites that should be used (TLSv1.3).

delivery.conditions[].then.pooling.enabled

If connection pooling should be enabled. The default is false.

delivery.conditions[].then.pooling.evictable

If the connection is evictable from the cache due to the cache replacement policy (LRU) if the cache is full. The default is true.

delivery.conditions[].then.pooling.timeout

The idle timeout (in seconds) before an unused connection is closed. This setting support time format syntax (eg. 5s). The default is 5 seconds.

delivery.conditions[].then.pooling.transactions

The transactions per connection (0 is unlimited). The default is unlimited.

delivery.conditions[].then.timeout.connect

The connect timeout (in seconds). This setting support time format syntax (eg. 30s). The default is 30 seconds.

delivery.conditions[].then.timeout.smtp.{}

The connection timeout settings (in seconds) for one of below. This setting support time format syntax (eg. 2m). The default is defined by the RFC.

  • BANNER

  • HELO

  • EHLO

  • LHLO

  • STARTTLS

  • AUTH-CRAM-MD5

  • AUTH-PLAIN

  • AUTH-LOGIN

  • AUTH-LOGIN-USER

  • AUTH

  • XCLIENT

  • MAIL

  • RCPT

  • DATA

  • EOD

  • RSET

  • NOOP

  • QUIT

delivery.conditions[].then.retry.interval

See transportgroups[].retry.intervals[].

delivery.conditions[].then.extensions.chunking

Enable support for the CHUNKING extension. The default is true.

delivery.conditions[].then.extensions.pipelining

Enable support for the PIPELINING extension. The default is true.

delivery.default

The default settings that will apply if not match any policies[].conditions.

delivery.default.tls.mode

The TLS mode that should be used. One of disabled, optional, optional_verify, require or require_verify. The default is disabled.

delivery.default.tls.protocols

The TLS protocols that should be supported. The default is !SSLv2,!SSLv3,!TLSv1,!TLSv1.1.

delivery.default.tls.ciphers

The TLS ciphers that should be used (<=TLSv1.2). The default is aNULL:-aNULL:HIGH:MEDIUM:+RC4:@STRENGTH.

delivery.default.tls.ciphersuites

The TLS cipher suites that should be used (TLSv1.3).

delivery.default.pooling.enabled

If connection pooling should be enabled. The default is false.

delivery.default.pooling.evictable

If the connection is evictable from the cache due to the cache replacement policy (LRU) if the cache is full. The default is true.

delivery.default.pooling.timeout

The idle timeout (in seconds) before an unused connection is closed. This setting support time format syntax (eg. 5s). The default is 5 seconds.

delivery.default.pooling.transactions

The transactions per connection (0 is unlimited). The default is unlimited.

delivery.default.timeout.connect

The connect timeout (in seconds). This setting support time format syntax (eg. 30s). The default is 30 seconds.

delivery.default.timeout.smtp.{}

The connection timeout settings (in seconds) for one of below. This setting support time format syntax (eg. 2m). The default is defined by the RFC.

  • BANNER

  • HELO

  • EHLO

  • LHLO

  • STARTTLS

  • AUTH-CRAM-MD5

  • AUTH-PLAIN

  • AUTH-LOGIN

  • AUTH-LOGIN-USER

  • AUTH

  • XCLIENT

  • MAIL

  • RCPT

  • DATA

  • EOD

  • RSET

  • NOOP

  • QUIT

delivery.default.retry.interval

See transportgroups[].retry.intervals[].

delivery.default.extensions.chunking

Enable support for the CHUNKING extension. The default is true.

delivery.default.extensions.pipelining

Enable support for the PIPELINING extension. The default is true.