Spam Count™:543,811,049

If you feel that hermes is useful to you please donate any amount to help fund further hermes development.

User login

Top users
 
anonymous226,979,678
wahlich69,554,173
aplachy36,226,407
psycho36,057,488
7zsfx33,627,496

Config options

To configure hermes you have to edit the configfile, normally located in /etc/hermes/hermesrc.
These are the options that hermes recognizes:

background

Type: bool
Default value: true
whether to fork to the background. initscripts require this to be true most of the time.

chroot

Type: string
Default value: ""
chroot to this directory on startup. this path is ABSOLUTE, it WON'T work with a relative path, because we are chrooting to the dir BEFORE chrooting, as a security measure. to disable chrooting, use an empty string (default).

drop_privileges

Type: bool
Default value: true
drop privileges once running? recomended.

user

Type: string
Default value: "nobody"
user to drop privileges to.

group

Type: string
Default value: "nobody"
group to drop privileges to.

pid_file

Type: string
Default value: "/var/run/hermes.pid"
write a pid file with the pid of the main hermes server. if you set background=true above, this will write the pid of the forked hermes, not the original.

listening_port

Type: int
Default value: 25
the port where hermes will listen for new connection. if you are going to use a port lower than 1024 (almost always, smtp is 25, smtps is 465 and delivery is 587), then you need to run as root (you can drop privileges) or with setUID active.

bind_to

Type: string
Default value: ""
the ip to bind to. if you leave it empty (default), then it listens on all available ips

server_host

Type: string
Default value: "localhost"
the host of the real smtp server. if your server is qmail and you have the AUTH patch, DON'T use localhost, use the external IP instead.

server_port

Type: int
Default value: 2525
the port for the real smtp server.

database_file

Type: string
Default value: "/var/hermes/greylisting.db"
database file to use. if you are chrooting, the path is relative to the chroot: real filepath = chroot + database_file

greylist

Type: bool
Default value: true
whether to use greylisting. greylisting will slightly delay your emails (configurable, see below) to stop most spam. is the most efective technique in use by hermes.

throttle

Type: bool
Default value: true
whether to throttle connection. it will force some spammers (the more impatient ones) to drop the connection and leave you alone.

throttling_time

Type: int
Default value: 1
throttling time this is the time (in seconds) that hermes will wait between each sent line. don't set this too high (more than 3), as that will drop MANY connections

number_of_unimplemented_commands_allowed

Type: int
Default value: -1
number of unimplemented responses allowed this is the total number of "503 Unimplemented" responses allowed from the server -1 = unlimited

allow_data_before_banner

Type: bool
Default value: false
whether we should check if there is data before we send the SMTP banner. if there is data the email is almost certainly spam.

dns_blacklist_domains

Type: list
Default value: ""
dns blacklist domain list to check. if this is empty (default) hermes will not check anything, effectively disabling dns blacklisting. recommended value is "zen.spamhaus.org"

dns_blacklist_percentage

Type: int
Default value: 100
percentage of domains that have to blacklist an ip before considering it blacklisted. for example if you need a domain to be listed in only half of the blacklists to be considered as listed, just define dns_blacklist_percentage as 50 (50%)

dns_whitelist_domains

Type: list
Default value: ""
dns whitelist domain to check. if this is empty (default) hermes will not check anything, effectively disabling dns whitelisting. this lists should only list hosts that have a history of NOT sending spam. recommended value is "list.dnswl.org"

dns_whitelist_percentage

Type: int
Default value: 100
percentage of domains that have to whitelist an ip before considering it whitelisted. for example if you need a domain to be listed in only half of the whitelists to be considered as listed, just define dns_whitelist_percentage as 50 (50%).

add_status_header

Type: bool
Default value: false
if this is enabled, email will get tagged with a header "X-Hermes-Status: {white,black}listed" that way, your bayesian filter can learn from this automatically NOTE: if this is enabled, it will accept blacklisted emails and it will be up to you to filter them out, for example through procmail

banner_delay_time

Type: int
Default value: 5
time to delay the initial SMTP banner

initial_expiry

Type: int
Default value: 240
initial expiry time. when email is first recorded, it will expire after this time (in minutes).

initial_blacklist

Type: int
Default value: 5
initial period of time (in minutes) during which a retry on the spammer's side will FAIL.

whitelist_expiry

Type: int
Default value: 36
once we have whitelisted a triplet, how long it stays whitelisted (in days). 36 is a magic number, is the maximum days between a day and the same day next month

submit_stats

Type: bool
Default value: true
whether to submit stats.

submit_stats_ssl

Type: bool
Default value: true
should stats be submited using SSL? recomended, but some people will compile without ssl.

submit_stats_username

Type: string
Default value: "anonymous"
username (used to submit stats). you can register on http:

submit_stats_password

Type: string
Default value: "anonymous"
password

log_level

Type: int
Default value: 1
log level: 0: log only errors 1: log errors and information (default) 2: debug (passwords might be written in plaintext with this option, so use with care)

file_logger_filename

Type: string
Default value: "hermes.log"
if you are using the filelogger, which file to log to.

keep_file_locked

Type: bool
Default value: true
whether to keep the logger file locked between writes

log_rotation_frequency

Type: int
Default value: 1440
frequency for log rotating in minutes default is 1440 (1 day) 0 means no rotation

rotate_filename

Type: string
Default value: "hermes-%%year%%-%%month%%-%%day%%-%%hour%%:%%minute%%.log"
format for the logfile rotation if you are using logfile rotation, file_logger represents the filename to which the logger will write, while this is the name files will get when rotated you can use the following variables: %%year%% - current year (4 digits) %%month%% - current month %%day%% - current day %%hour%% - current hour %%minute%% - current minute all of them are zero-padded

clean_db

Type: bool
Default value: true
whether to clean the database file and send stats. if you have two instances of hermes running (for example one for smtp and other for smtps) you want to configure all of them but one to use clean_db=false. also, you might prefer to not clean the database at all for many reasons (for example to keep a huge file around with all your system's email data). anyway, this doesn't mean in anyway that entries in the database won't expire, only that they will be left hanging around without any use.

outgoing_ssl

Type: bool
Default value: false
should we try to connect to our real smtp server using ssl? not really neccesary unless real smtp server is on other machine.

incoming_ssl

Type: bool
Default value: false
should we accept connections using ssl? NOTE: this does NOT disable the starttls capability, only starts hermes expecting SSL negotiation. starttls is handled the following way: if you have ssl, it is always on. clients can request it at any time an hermes will change to ssl at once. if you don't have ssl, hermes will refuse to starttls with a 354 error code, although it WILL still accept the command. connection should proceed normally even on that event

private_key_file

Type: string
Default value: "/etc/hermes/hermes.key"
file with our private key (PEM format). to generate, execute: # openssl genrsa 1024 > private.key

certificate_file

Type: string
Default value: "/etc/hermes/hermes.cert"
file with our server certificate (PEM format). to generate, execute: # openssl req -new -x509 -nodes -sha1 -days 365 -key private.key > certificate.crt and answer the questions

add_headers

Type: bool
Default value: true
whether to add headers to the email sent or no. to be rfc compatible this HAS to be true, but if you set to false, no one will know you are using hermes

hostname

Type: string
Default value: ""
the hostname to use for the headers. useful only in case that gethostname() returns something that is not correct. For example on windows, it seems to return only the host part of the name. if this is empty, hermes will use the value returned by gethostname()

whitelisted_disables_everything

Type: bool
Default value: true
should a whitelisted hostname or whitelisted ip also disable throttling and banner delaying? it is useful to make remote hosts deliver mail almost at once

reject_no_reverse_resolution

Type: bool
Default value: false
whether to reject connections from hosts that do not provide DNS reverse resolution. don't enable if you don't know what you are doing or what this switch does

check_helo_against_reverse

Type: bool
Default value: false
check whether your ehlo hostname matches your ip reverse resolution. don't enable unless you understand perfectly what this means

query_spf

Type: bool
Default value: true
whether to query the spf record for the incoming domain. should help, enable if you have libspf (if you don't, install it and recompile)

return_temp_error_on_reject

Type: bool
Default value: false
return temporary error instead of permanent error. Currently, this only applies to SPF and DNSBL rejected email You should enable this while debugging your hermes installation, as configuration errors won't be fatal.