Mailfromd Manual (split by chapter):   Section:   Chapter:FastBack: MTA Configuration   Up: Top   FastForward: mfdbtool   Contents: Table of ContentsIndex: Concept Index

10 calloutd

The callout verification is usually performed by a special instance of mailfromd (see callout server). However, it is also possible to set up a dedicated callout server on a separate machine. You can choose to do so, for instance, in order to reduce the load on the server running mailfromd.

This stand-alone callout facility is provided by the calloutd daemon.

10.1 Calloutd Configuration

Main configuration file /etc/mailfromd.conf is used (see Mailfromd Configuration). The configuration statements are basically the same as for mailfromd.

The address to listen on is defined in the server statement. Basically, it is the only statement the configuration file is required to have. The minimal configuration can look like:

program calloutd {
  server {
    listen inet://;

To instruct the mailfromd daemon to use this server, the following statement should be added to the /etc/mailfromd.conf file:

program mailfromd {
  callout-url inet://;

The server statement differs a little from the similar statement for mailfromd. This and another calloutd-specific statements are described in detail in the subsections that follow. The rest of statements is shared with mailfromd. The following table lists all supported configuration statements along with cross-references to the correspondent descriptions:

aclSee Mailutils Configuration File in GNU Mailutils Manual.
authSee Mailutils Configuration File in GNU Mailutils Manual.
databaseSee conf-database.
database-modeSee database-mode.
database-typeSee database-type.
debug (section)See Mailutils Configuration File in GNU Mailutils Manual.
debugSee conf-calloutd-log.
ehlo-domainSee ehlo-domain.
enable-vrfySee enable-vrfy.
groupSee group.
includeSee Mailutils Configuration File in GNU Mailutils Manual.
io-timeoutSee io-timeout.
lockingSee Mailutils Configuration File in GNU Mailutils Manual.
lock-retry-countSee lock-retry-count.
lock-retry-timeoutSee lock-retry-timeout.
loggerSee conf-calloutd-log.
loggingSee Mailutils Configuration File in GNU Mailutils Manual.
mailerSee Mailutils Configuration File in GNU Mailutils Manual.
mail-from-addressSee mail-from-address.
pidfileSee pidfile.
serverSee conf-calloutd-server.
source-ipSee source-ip.
smtp-timeoutSee conf-timeout.
state-directorySee state-directory.
transcriptSee conf-calloutd-log,
userSee user.

10.1.1 calloutd General Setup

Calloutd Conf: source-ip IP

Sets source IP address for TCP connections.

Calloutd Conf: pidfile filename

Defines the name of the file to store PID value in.

Calloutd Conf: state-directory dir

Sets the name of the program state directory. See statedir.

10.1.2 The server statement

The server statement configures how calloutd will communicate with the client mailfromd server.

server {
  id name;
  listen url;
  backlog num;
  max-instances num;
  single-process bool;
  reuseaddr bool;
  default bool;
  callout url;
  acl { … }
Calloutd Conf: server

Define a server. Optional label may follow the server keyword. The label is ignored.

The substatements in the server block provide parameters for configuring this server.

server: id name

Assign an identifier to this server. This identifier is used as a suffix to syslog tag (see syslog tag) in messages related to this server. For example, if a server block had the following statement in it:

id main;

then all messages related to this server will be marked with tag ‘calloutd#main’.

The part before the ‘#’ is set using the tag statement in logging block (see Mailutils Configuration File in GNU Mailutils Manual).

server: listen url

Listen for connections on the given URL. See milter port specification, for a description of allowed url formats.


listen inet://;
server: backlog num

Configures the size of the queue of pending connections. Default value is 8.

server: max-instances number

Sets the maximum number of instances allowed for this server.

server: single-process bool

When set to ‘yes’, this server will run in single-process mode, i.e. it will not fork sub-processes to serve requests. This option is meant exclusively to assist in debugging calloutd. Don’t use it for anything else but for debugging!

server: reuseaddr bool

When set to ‘yes’, calloutd will attempt to reuse existing socket addresses. This is the default behavior.

server: acl statements

Defines access control list for this server. See Mailutils Configuration File in GNU Mailutils Manual, for a detailed discussion.

If the global ACL is defined as well, an incoming connection is checked against both lists: first the per-server ACL, then the global one. The connection will be permitted only if it passes both checks.

10.1.3 calloutd logging

Calloutd Conf: logger mech

Set default logger mechanism. Allowed values for mech are:


Log everything to the standard error.


Log to syslog.


Log to syslog using the asynchronous syslog implementation.

See Logging and Debugging, for a detailed discussion. See also Using non-blocking syslog, for information on how to set default syslog implementation at compile time.

Calloutd Conf: debug spec

Set mailfromd debug verbosity level. The spec must be a valid debugging level specification (see debugging level specification).

Calloutd Conf: transcript bool

If the boolean value bool is ‘true’, enables the transcript of call-out SMTP sessions.

10.2 Calloutd Command-Line Options

The calloutd invocation syntax is:

  calloutd [option...]

The following options are available:

Server configuration modifiers


Stay in foreground. When given this option, calloutd will not disconnect itself from the controlling terminal and will run in the foreground.

-g name

Retain the group name when switching to user privileges. See Starting and Stopping.


Set pidfile name. Overrides the pidfile configuration statement, which you are advised to use instead (see pidfile).


Read resolver settings from file, instead of the default /etc/resolv.conf.

-S ip

Set source address for TCP connections. Overrides the ‘source-ip’ configuration statement, which you are advised to use instead (see source-ip).


Do not fork sub-processes to serve requests. This option is meant to assist in debugging calloutd. Don’t use it for anything else but for debugging, as it terribly degrades performance!


Set new program state directory. See Local state directory, for the description of this directory and its purposes.

-u name
--user name

Switch to this user’s privileges after startup. Overrides the user configuration file statement, which you are advised to use instead (see user). Default user is ‘mail’.

Logging and debugging options

-d string

Set debugging level. See Logging and Debugging.


Output logs to syslog facility.


Tag syslog entries with the given string, instead of the program name.


Set logger mechanism (mech is one of ‘stderr’, ‘syslog’, ‘syslog:async’). See Logging and Debugging.


Selects default syslog mechanism for diagnostic output.


Directs all logging to standard output. Similar to --logger=stderr.

-S ip

Set source address for TCP connections. Overrides the ‘source-ip’ configuration statement, which you are advised to use instead (see source-ip).


Set Mailutils debugging level. See, for a detailed discussion of level argument.


Include C source information in debugging messages. This is similar to setting line-info yes in the debug configuration block (see line-info in GNU Mailutils Manual).

The --no-source-info can be used to cancel the effect of the line-info yes configuration statement.

You do not need this option, unless you are developing or debugging calloutd.


Enable or disable transcript of the SMTP sessions to the log channel. See Logging and Debugging.

Configuration file control


Load this configuration file.


Check syntax of configuration files and exit. Exit code is 0 if the file or files are OK, and 78 otherwise.


Verbosely log parsing of the configuration files.


Don’t load site-wide configuration file.


Set configuration parameter

Informational options


Show configuration file summary.


Show compilation options.


Give a short help list.


Give a short usage message.


Print program version

10.3 The Callout Protocol

This section describes the protocol used to communicate with the calloutd server.

The protocol works over stream-oriented TCP/IP transport. Either UNIX or IPv4 socket can be used. Commands and responses are terminated by a single CR LF pair. Each command occupies exactly one line. If the server succeeded in executing the command, it replies with a line starting with the word ‘OK’. Depending on the command, this keyword may be followed by a single space character and additional information. More information can be returned in unsolicited replies before the ‘OK’ line. Each unsolicited reply line starts with and asterisk followed by a single horizontal space character.

On error, the server replies with ‘NO’ followed by a horizontal space character and human-readable description of the problem.

The valid commands are discussed below. In examples illustrating the commands, the lines sent by the client are prefixed with C:, and lines sent by the server are prefixed with S:.

Command: vrfy email [option arg]

Adds email to the queue of email addresses to be verified. Available options are:

mode kw

Sets verification mode for this email address. Available modes are:


The default mode.

If the host option is also given, its argument is taken as the domain name. Otherwise, domain part of email is used.

The verification goes as follows. First, determine MX servers for that domain. Query each of them in order of increasing priority. First of them that replies determines the result of the test.

If no MX servers are defined for that domain, look for its ‘A’ record. If available, run SMTP probe on that IP.


Query MX servers for the domain specified with the host option.


Query the server whose name or IP address is supplied with the host option.


The reverse of mxfirst: first query the host, then the MX servers. The domain must be specified using the host option.

host name

Supplies the domain name for mxonly and mode, and host name or IP address for hostfirst and hostonly modes. The use of this keyword with any of these modes is mandatory.

ehlo string

Use string as the argument to the SMTP EHLO command.

mailfrom email

Use email in the SMTP MAIL FROM command.

On success, the server replies with ‘OK’, followed by a non-negative session ID for that email:

S: OK 0000000001
Command: get arg [arg]

Query value of internal callout parameters. Valid values for arg are:


Return the string used as argument to the SMTP EHLO command.


Return the email address that is used in the SMTP MAIL FROM command.

On success, the server returns the requested value (if found) in an unsolicited reply:

C: GET ehlo timeout
S: *
Command: sid string

Sets string as session identifier for that session. Example:

C: SID deadbeef
Command: timeout connect initial helo mail rcpt rset quit

Sets timeouts for various stages of SMTP session. On success, ‘OK’ is returned.

C: timeout 300 300 300 600 300 300 120
S: OK timeouts set
Command: run

Runs callout session for emails registered with the vrfy command. On success, results of the check are returned after the ‘OK’ keyword in a whitespace-separated list of ‘id=result’ pairs. In each pair, id is its identifier as returned in the reply to the VRFY command and result is one of the following result strings: ‘success’, ‘not_found’, ‘failure’, ‘temp_failure’, ‘timeout’.

Additional information about each callout session is returned in unsolicited replies. Each such reply is prefixed with the email identifier and callout stage name. Stage names are:

INIT remote_name

The calloutd server is establishing communication with the remote SMTP server remote_name.

GRTNG line

calloutd received initial response from the remote server. line is the first line of the reply.

HELO line

calloutd received response to the EHLO (or HELO) command. In case of multiline response, line is the first line.

SENT command

The SMTP command command has been sent to the remote server.

RECV line

The remote server returned line in response. In case of multiline response, line is the first line.

Example of verification session:

S: * 0000000000 INIT
S: * 0000000000 GRTNG 220 ESMTP Ready
S: * 0000000000 HELO Hello tester
S: * 0000000000 SENT RCPT TO:<>
S: * 0000000000 RECV 250 Accepted
S: * 0000000001 INIT
S: * 0000000001 GRTNG 220 foo ESMTP server ready
S: * 0000000001 HELO Hello
S: * 0000000001 SENT RCPT TO:<>
S: * 0000000001 RECV 450 4.7.0 You are greylisted for 3600 seconds
OK 0000000000=success 0000000001=temp_failure
Command: drop serial

Drop the email with the given serial number from the verification queue. Example:

C: DROP 0000000002
Command: quit

Finishes the current session and disconnects from the callout server.

S: OK bye

Mailfromd Manual (split by chapter):   Section:   Chapter:FastBack: calloutd   Up: calloutd   FastForward: mfdbtool   Contents: Table of ContentsIndex: Concept Index