| 3 |
- |
1 |
#
|
|
|
2 |
# Copyright (c) 1998-2004 Sendmail, Inc. and its suppliers.
|
|
|
3 |
# All rights reserved.
|
|
|
4 |
# Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved.
|
|
|
5 |
# Copyright (c) 1988, 1993
|
|
|
6 |
# The Regents of the University of California. All rights reserved.
|
|
|
7 |
#
|
|
|
8 |
# By using this file, you agree to the terms and conditions set
|
|
|
9 |
# forth in the LICENSE file which can be found at the top level of
|
|
|
10 |
# the sendmail distribution.
|
|
|
11 |
#
|
|
|
12 |
#
|
|
|
13 |
|
|
|
14 |
######################################################################
|
|
|
15 |
######################################################################
|
|
|
16 |
#####
|
|
|
17 |
##### SENDMAIL CONFIGURATION FILE
|
|
|
18 |
#####
|
|
|
19 |
##### built by mockbuild@builder10.centos.org on Thu Aug 11 13:32:26 EDT 2011
|
|
|
20 |
##### in /builddir/build/BUILD/sendmail-8.13.8/cf/cf
|
|
|
21 |
##### using ../ as configuration include directory
|
|
|
22 |
#####
|
|
|
23 |
######################################################################
|
|
|
24 |
#####
|
|
|
25 |
##### DO NOT EDIT THIS FILE! Only edit the source .mc file.
|
|
|
26 |
#####
|
|
|
27 |
######################################################################
|
|
|
28 |
######################################################################
|
|
|
29 |
|
|
|
30 |
##### $Id: cfhead.m4,v 8.116 2004/01/28 22:02:22 ca Exp $ #####
|
|
|
31 |
##### $Id: cf.m4,v 8.32 1999/02/07 07:26:14 gshapiro Exp $ #####
|
|
|
32 |
##### setup for linux #####
|
|
|
33 |
##### $Id: linux.m4,v 8.13 2000/09/17 17:30:00 gshapiro Exp $ #####
|
|
|
34 |
|
|
|
35 |
|
|
|
36 |
|
|
|
37 |
##### $Id: local_procmail.m4,v 8.22 2002/11/17 04:24:19 ca Exp $ #####
|
|
|
38 |
|
|
|
39 |
|
|
|
40 |
##### $Id: no_default_msa.m4,v 8.2 2001/02/14 05:03:22 gshapiro Exp $ #####
|
|
|
41 |
|
|
|
42 |
##### $Id: smrsh.m4,v 8.14 1999/11/18 05:06:23 ca Exp $ #####
|
|
|
43 |
|
|
|
44 |
##### $Id: mailertable.m4,v 8.25 2002/06/27 23:23:57 gshapiro Exp $ #####
|
|
|
45 |
|
|
|
46 |
##### $Id: virtusertable.m4,v 8.23 2002/06/27 23:23:57 gshapiro Exp $ #####
|
|
|
47 |
|
|
|
48 |
##### $Id: redirect.m4,v 8.15 1999/08/06 01:47:36 gshapiro Exp $ #####
|
|
|
49 |
|
|
|
50 |
##### $Id: always_add_domain.m4,v 8.11 2000/09/12 22:00:53 ca Exp $ #####
|
|
|
51 |
|
|
|
52 |
##### $Id: use_cw_file.m4,v 8.11 2001/08/26 20:58:57 gshapiro Exp $ #####
|
|
|
53 |
|
|
|
54 |
|
|
|
55 |
##### $Id: use_ct_file.m4,v 8.11 2001/08/26 20:58:57 gshapiro Exp $ #####
|
|
|
56 |
|
|
|
57 |
|
|
|
58 |
##### $Id: local_procmail.m4,v 8.22 2002/11/17 04:24:19 ca Exp $ #####
|
|
|
59 |
|
|
|
60 |
##### $Id: access_db.m4,v 8.26 2004/06/24 18:10:02 ca Exp $ #####
|
|
|
61 |
|
|
|
62 |
##### $Id: blacklist_recipients.m4,v 8.13 1999/04/02 02:25:13 gshapiro Exp $ #####
|
|
|
63 |
|
|
|
64 |
##### $Id: accept_unresolvable_domains.m4,v 8.10 1999/02/07 07:26:07 gshapiro Exp $ #####
|
|
|
65 |
|
|
|
66 |
|
|
|
67 |
##### $Id: proto.m4,v 8.719 2006/03/30 20:50:13 ca Exp $ #####
|
|
|
68 |
|
|
|
69 |
# level 10 config file format
|
|
|
70 |
V10/Berkeley
|
|
|
71 |
|
|
|
72 |
# override file safeties - setting this option compromises system security,
|
|
|
73 |
# addressing the actual file configuration problem is preferred
|
|
|
74 |
# need to set this before any file actions are encountered in the cf file
|
|
|
75 |
#O DontBlameSendmail=safe
|
|
|
76 |
|
|
|
77 |
# default LDAP map specification
|
|
|
78 |
# need to set this now before any LDAP maps are defined
|
|
|
79 |
#O LDAPDefaultSpec=-h localhost
|
|
|
80 |
|
|
|
81 |
##################
|
|
|
82 |
# local info #
|
|
|
83 |
##################
|
|
|
84 |
|
|
|
85 |
# my LDAP cluster
|
|
|
86 |
# need to set this before any LDAP lookups are done (including classes)
|
|
|
87 |
#D{sendmailMTACluster}$m
|
|
|
88 |
|
|
|
89 |
Cwlocalhost
|
|
|
90 |
# file containing names of hosts for which we receive email
|
|
|
91 |
Fw/etc/mail/local-host-names
|
|
|
92 |
|
|
|
93 |
# my official domain name
|
|
|
94 |
# ... define this only if sendmail cannot automatically determine your domain
|
|
|
95 |
#Dj$w.Foo.COM
|
|
|
96 |
|
|
|
97 |
# host/domain names ending with a token in class P are canonical
|
|
|
98 |
CP.
|
|
|
99 |
|
|
|
100 |
# "Smart" relay host (may be null)
|
|
|
101 |
DShomeserver.ujsoftware.com
|
|
|
102 |
|
|
|
103 |
|
|
|
104 |
# operators that cannot be in local usernames (i.e., network indicators)
|
|
|
105 |
CO @ % !
|
|
|
106 |
|
|
|
107 |
# a class with just dot (for identifying canonical names)
|
|
|
108 |
C..
|
|
|
109 |
|
|
|
110 |
# a class with just a left bracket (for identifying domain literals)
|
|
|
111 |
C[[
|
|
|
112 |
|
|
|
113 |
# access_db acceptance class
|
|
|
114 |
C{Accept}OK RELAY
|
|
|
115 |
|
|
|
116 |
|
|
|
117 |
C{ResOk}OKR
|
|
|
118 |
|
|
|
119 |
|
|
|
120 |
# Hosts for which relaying is permitted ($=R)
|
|
|
121 |
FR-o /etc/mail/relay-domains
|
|
|
122 |
|
|
|
123 |
# arithmetic map
|
|
|
124 |
Karith arith
|
|
|
125 |
# macro storage map
|
|
|
126 |
Kmacro macro
|
|
|
127 |
# possible values for TLS_connection in access map
|
|
|
128 |
C{Tls}VERIFY ENCR
|
|
|
129 |
|
|
|
130 |
|
|
|
131 |
|
|
|
132 |
|
|
|
133 |
|
|
|
134 |
# dequoting map
|
|
|
135 |
Kdequote dequote
|
|
|
136 |
|
|
|
137 |
# class E: names that should be exposed as from this host, even if we masquerade
|
|
|
138 |
# class L: names that should be delivered locally, even if we have a relay
|
|
|
139 |
# class M: domains that should be converted to $M
|
|
|
140 |
# class N: domains that should not be converted to $M
|
|
|
141 |
#CL root
|
|
|
142 |
C{E}root
|
|
|
143 |
C{w}localhost.localdomain
|
|
|
144 |
|
|
|
145 |
|
|
|
146 |
|
|
|
147 |
# my name for error messages
|
|
|
148 |
DnMAILER-DAEMON
|
|
|
149 |
|
|
|
150 |
|
|
|
151 |
# Mailer table (overriding domains)
|
|
|
152 |
Kmailertable hash -o /etc/mail/mailertable.db
|
|
|
153 |
|
|
|
154 |
# Virtual user table (maps incoming users)
|
|
|
155 |
Kvirtuser hash -o /etc/mail/virtusertable.db
|
|
|
156 |
|
|
|
157 |
CPREDIRECT
|
|
|
158 |
|
|
|
159 |
# Access list database (for spam stomping)
|
|
|
160 |
Kaccess hash -T<TMPF> -o /etc/mail/access.db
|
|
|
161 |
|
|
|
162 |
# Configuration version number
|
|
|
163 |
DZ8.13.8
|
|
|
164 |
|
|
|
165 |
|
|
|
166 |
###############
|
|
|
167 |
# Options #
|
|
|
168 |
###############
|
|
|
169 |
|
|
|
170 |
# strip message body to 7 bits on input?
|
|
|
171 |
O SevenBitInput=False
|
|
|
172 |
|
|
|
173 |
# 8-bit data handling
|
|
|
174 |
#O EightBitMode=pass8
|
|
|
175 |
|
|
|
176 |
# wait for alias file rebuild (default units: minutes)
|
|
|
177 |
O AliasWait=10
|
|
|
178 |
|
|
|
179 |
# location of alias file
|
|
|
180 |
O AliasFile=/etc/aliases
|
|
|
181 |
|
|
|
182 |
# minimum number of free blocks on filesystem
|
|
|
183 |
O MinFreeBlocks=100
|
|
|
184 |
|
|
|
185 |
# maximum message size
|
|
|
186 |
#O MaxMessageSize=0
|
|
|
187 |
|
|
|
188 |
# substitution for space (blank) characters
|
|
|
189 |
O BlankSub=.
|
|
|
190 |
|
|
|
191 |
# avoid connecting to "expensive" mailers on initial submission?
|
|
|
192 |
O HoldExpensive=False
|
|
|
193 |
|
|
|
194 |
# checkpoint queue runs after every N successful deliveries
|
|
|
195 |
#O CheckpointInterval=10
|
|
|
196 |
|
|
|
197 |
# default delivery mode
|
|
|
198 |
O DeliveryMode=background
|
|
|
199 |
|
|
|
200 |
# error message header/file
|
|
|
201 |
#O ErrorHeader=/etc/mail/error-header
|
|
|
202 |
|
|
|
203 |
# error mode
|
|
|
204 |
#O ErrorMode=print
|
|
|
205 |
|
|
|
206 |
# save Unix-style "From_" lines at top of header?
|
|
|
207 |
#O SaveFromLine=False
|
|
|
208 |
|
|
|
209 |
# queue file mode (qf files)
|
|
|
210 |
#O QueueFileMode=0600
|
|
|
211 |
|
|
|
212 |
# temporary file mode
|
|
|
213 |
O TempFileMode=0600
|
|
|
214 |
|
|
|
215 |
# match recipients against GECOS field?
|
|
|
216 |
#O MatchGECOS=False
|
|
|
217 |
|
|
|
218 |
# maximum hop count
|
|
|
219 |
#O MaxHopCount=25
|
|
|
220 |
|
|
|
221 |
# location of help file
|
|
|
222 |
O HelpFile=/etc/mail/helpfile
|
|
|
223 |
|
|
|
224 |
# ignore dots as terminators in incoming messages?
|
|
|
225 |
#O IgnoreDots=False
|
|
|
226 |
|
|
|
227 |
# name resolver options
|
|
|
228 |
#O ResolverOptions=+AAONLY
|
|
|
229 |
|
|
|
230 |
# deliver MIME-encapsulated error messages?
|
|
|
231 |
O SendMimeErrors=True
|
|
|
232 |
|
|
|
233 |
# Forward file search path
|
|
|
234 |
O ForwardPath=$z/.forward.$w:$z/.forward
|
|
|
235 |
|
|
|
236 |
# open connection cache size
|
|
|
237 |
O ConnectionCacheSize=2
|
|
|
238 |
|
|
|
239 |
# open connection cache timeout
|
|
|
240 |
O ConnectionCacheTimeout=5m
|
|
|
241 |
|
|
|
242 |
# persistent host status directory
|
|
|
243 |
#O HostStatusDirectory=.hoststat
|
|
|
244 |
|
|
|
245 |
# single thread deliveries (requires HostStatusDirectory)?
|
|
|
246 |
#O SingleThreadDelivery=False
|
|
|
247 |
|
|
|
248 |
# use Errors-To: header?
|
|
|
249 |
O UseErrorsTo=False
|
|
|
250 |
|
|
|
251 |
# log level
|
|
|
252 |
O LogLevel=9
|
|
|
253 |
|
|
|
254 |
# send to me too, even in an alias expansion?
|
|
|
255 |
#O MeToo=True
|
|
|
256 |
|
|
|
257 |
# verify RHS in newaliases?
|
|
|
258 |
O CheckAliases=False
|
|
|
259 |
|
|
|
260 |
# default messages to old style headers if no special punctuation?
|
|
|
261 |
O OldStyleHeaders=True
|
|
|
262 |
|
|
|
263 |
# SMTP daemon options
|
|
|
264 |
|
|
|
265 |
O DaemonPortOptions=Port=smtp,Addr=127.0.0.1, Name=MTA
|
|
|
266 |
|
|
|
267 |
# SMTP client options
|
|
|
268 |
#O ClientPortOptions=Family=inet, Address=0.0.0.0
|
|
|
269 |
|
|
|
270 |
# Modifiers to define {daemon_flags} for direct submissions
|
|
|
271 |
#O DirectSubmissionModifiers
|
|
|
272 |
|
|
|
273 |
# Use as mail submission program? See sendmail/SECURITY
|
|
|
274 |
#O UseMSP
|
|
|
275 |
|
|
|
276 |
# privacy flags
|
|
|
277 |
O PrivacyOptions=authwarnings,novrfy,noexpn,restrictqrun
|
|
|
278 |
|
|
|
279 |
# who (if anyone) should get extra copies of error messages
|
|
|
280 |
#O PostmasterCopy=Postmaster
|
|
|
281 |
|
|
|
282 |
# slope of queue-only function
|
|
|
283 |
#O QueueFactor=600000
|
|
|
284 |
|
|
|
285 |
# limit on number of concurrent queue runners
|
|
|
286 |
#O MaxQueueChildren
|
|
|
287 |
|
|
|
288 |
# maximum number of queue-runners per queue-grouping with multiple queues
|
|
|
289 |
#O MaxRunnersPerQueue=1
|
|
|
290 |
|
|
|
291 |
# priority of queue runners (nice(3))
|
|
|
292 |
#O NiceQueueRun
|
|
|
293 |
|
|
|
294 |
# shall we sort the queue by hostname first?
|
|
|
295 |
#O QueueSortOrder=priority
|
|
|
296 |
|
|
|
297 |
# minimum time in queue before retry
|
|
|
298 |
#O MinQueueAge=30m
|
|
|
299 |
|
|
|
300 |
# how many jobs can you process in the queue?
|
|
|
301 |
#O MaxQueueRunSize=0
|
|
|
302 |
|
|
|
303 |
# perform initial split of envelope without checking MX records
|
|
|
304 |
#O FastSplit=1
|
|
|
305 |
|
|
|
306 |
# queue directory
|
|
|
307 |
O QueueDirectory=/var/spool/mqueue
|
|
|
308 |
|
|
|
309 |
# key for shared memory; 0 to turn off
|
|
|
310 |
#O SharedMemoryKey=0
|
|
|
311 |
|
|
|
312 |
|
|
|
313 |
|
|
|
314 |
# timeouts (many of these)
|
|
|
315 |
#O Timeout.initial=5m
|
|
|
316 |
O Timeout.connect=1m
|
|
|
317 |
#O Timeout.aconnect=0s
|
|
|
318 |
#O Timeout.iconnect=5m
|
|
|
319 |
#O Timeout.helo=5m
|
|
|
320 |
#O Timeout.mail=10m
|
|
|
321 |
#O Timeout.rcpt=1h
|
|
|
322 |
#O Timeout.datainit=5m
|
|
|
323 |
#O Timeout.datablock=1h
|
|
|
324 |
#O Timeout.datafinal=1h
|
|
|
325 |
#O Timeout.rset=5m
|
|
|
326 |
#O Timeout.quit=2m
|
|
|
327 |
#O Timeout.misc=2m
|
|
|
328 |
#O Timeout.command=1h
|
|
|
329 |
O Timeout.ident=0
|
|
|
330 |
#O Timeout.fileopen=60s
|
|
|
331 |
#O Timeout.control=2m
|
|
|
332 |
O Timeout.queuereturn=5d
|
|
|
333 |
#O Timeout.queuereturn.normal=5d
|
|
|
334 |
#O Timeout.queuereturn.urgent=2d
|
|
|
335 |
#O Timeout.queuereturn.non-urgent=7d
|
|
|
336 |
#O Timeout.queuereturn.dsn=5d
|
|
|
337 |
O Timeout.queuewarn=4h
|
|
|
338 |
#O Timeout.queuewarn.normal=4h
|
|
|
339 |
#O Timeout.queuewarn.urgent=1h
|
|
|
340 |
#O Timeout.queuewarn.non-urgent=12h
|
|
|
341 |
#O Timeout.queuewarn.dsn=4h
|
|
|
342 |
#O Timeout.hoststatus=30m
|
|
|
343 |
#O Timeout.resolver.retrans=5s
|
|
|
344 |
#O Timeout.resolver.retrans.first=5s
|
|
|
345 |
#O Timeout.resolver.retrans.normal=5s
|
|
|
346 |
#O Timeout.resolver.retry=4
|
|
|
347 |
#O Timeout.resolver.retry.first=4
|
|
|
348 |
#O Timeout.resolver.retry.normal=4
|
|
|
349 |
#O Timeout.lhlo=2m
|
|
|
350 |
#O Timeout.auth=10m
|
|
|
351 |
#O Timeout.starttls=1h
|
|
|
352 |
|
|
|
353 |
# time for DeliverBy; extension disabled if less than 0
|
|
|
354 |
#O DeliverByMin=0
|
|
|
355 |
|
|
|
356 |
# should we not prune routes in route-addr syntax addresses?
|
|
|
357 |
#O DontPruneRoutes=False
|
|
|
358 |
|
|
|
359 |
# queue up everything before forking?
|
|
|
360 |
O SuperSafe=True
|
|
|
361 |
|
|
|
362 |
# status file
|
|
|
363 |
O StatusFile=/var/log/mail/statistics
|
|
|
364 |
|
|
|
365 |
# time zone handling:
|
|
|
366 |
# if undefined, use system default
|
|
|
367 |
# if defined but null, use TZ envariable passed in
|
|
|
368 |
# if defined and non-null, use that info
|
|
|
369 |
#O TimeZoneSpec=
|
|
|
370 |
|
|
|
371 |
# default UID (can be username or userid:groupid)
|
|
|
372 |
O DefaultUser=8:12
|
|
|
373 |
|
|
|
374 |
# list of locations of user database file (null means no lookup)
|
|
|
375 |
O UserDatabaseSpec=/etc/mail/userdb.db
|
|
|
376 |
|
|
|
377 |
# fallback MX host
|
|
|
378 |
#O FallbackMXhost=fall.back.host.net
|
|
|
379 |
|
|
|
380 |
# fallback smart host
|
|
|
381 |
#O FallbackSmartHost=fall.back.host.net
|
|
|
382 |
|
|
|
383 |
# if we are the best MX host for a site, try it directly instead of config err
|
|
|
384 |
O TryNullMXList=True
|
|
|
385 |
|
|
|
386 |
# load average at which we just queue messages
|
|
|
387 |
#O QueueLA=8
|
|
|
388 |
|
|
|
389 |
# load average at which we refuse connections
|
|
|
390 |
#O RefuseLA=12
|
|
|
391 |
|
|
|
392 |
# log interval when refusing connections for this long
|
|
|
393 |
#O RejectLogInterval=3h
|
|
|
394 |
|
|
|
395 |
# load average at which we delay connections; 0 means no limit
|
|
|
396 |
#O DelayLA=0
|
|
|
397 |
|
|
|
398 |
# maximum number of children we allow at one time
|
|
|
399 |
#O MaxDaemonChildren=0
|
|
|
400 |
|
|
|
401 |
# maximum number of new connections per second
|
|
|
402 |
#O ConnectionRateThrottle=0
|
|
|
403 |
|
|
|
404 |
# Width of the window
|
|
|
405 |
#O ConnectionRateWindowSize=60s
|
|
|
406 |
|
|
|
407 |
# work recipient factor
|
|
|
408 |
#O RecipientFactor=30000
|
|
|
409 |
|
|
|
410 |
# deliver each queued job in a separate process?
|
|
|
411 |
#O ForkEachJob=False
|
|
|
412 |
|
|
|
413 |
# work class factor
|
|
|
414 |
#O ClassFactor=1800
|
|
|
415 |
|
|
|
416 |
# work time factor
|
|
|
417 |
#O RetryFactor=90000
|
|
|
418 |
|
|
|
419 |
# default character set
|
|
|
420 |
#O DefaultCharSet=unknown-8bit
|
|
|
421 |
|
|
|
422 |
# service switch file (name hardwired on Solaris, Ultrix, OSF/1, others)
|
|
|
423 |
#O ServiceSwitchFile=/etc/mail/service.switch
|
|
|
424 |
|
|
|
425 |
# hosts file (normally /etc/hosts)
|
|
|
426 |
#O HostsFile=/etc/hosts
|
|
|
427 |
|
|
|
428 |
# dialup line delay on connection failure
|
|
|
429 |
#O DialDelay=0s
|
|
|
430 |
|
|
|
431 |
# action to take if there are no recipients in the message
|
|
|
432 |
#O NoRecipientAction=none
|
|
|
433 |
|
|
|
434 |
# chrooted environment for writing to files
|
|
|
435 |
#O SafeFileEnvironment
|
|
|
436 |
|
|
|
437 |
# are colons OK in addresses?
|
|
|
438 |
#O ColonOkInAddr=True
|
|
|
439 |
|
|
|
440 |
# shall I avoid expanding CNAMEs (violates protocols)?
|
|
|
441 |
#O DontExpandCnames=False
|
|
|
442 |
|
|
|
443 |
# SMTP initial login message (old $e macro)
|
|
|
444 |
O SmtpGreetingMessage=$j Sendmail $v/$Z; $b
|
|
|
445 |
|
|
|
446 |
# UNIX initial From header format (old $l macro)
|
|
|
447 |
O UnixFromLine=From $g $d
|
|
|
448 |
|
|
|
449 |
# From: lines that have embedded newlines are unwrapped onto one line
|
|
|
450 |
#O SingleLineFromHeader=False
|
|
|
451 |
|
|
|
452 |
# Allow HELO SMTP command that does not include a host name
|
|
|
453 |
#O AllowBogusHELO=False
|
|
|
454 |
|
|
|
455 |
# Characters to be quoted in a full name phrase (@,;:\()[] are automatic)
|
|
|
456 |
#O MustQuoteChars=.
|
|
|
457 |
|
|
|
458 |
# delimiter (operator) characters (old $o macro)
|
|
|
459 |
O OperatorChars=.:%@!^/[]+
|
|
|
460 |
|
|
|
461 |
# shall I avoid calling initgroups(3) because of high NIS costs?
|
|
|
462 |
#O DontInitGroups=False
|
|
|
463 |
|
|
|
464 |
# are group-writable :include: and .forward files (un)trustworthy?
|
|
|
465 |
# True (the default) means they are not trustworthy.
|
|
|
466 |
#O UnsafeGroupWrites=True
|
|
|
467 |
|
|
|
468 |
|
|
|
469 |
# where do errors that occur when sending errors get sent?
|
|
|
470 |
#O DoubleBounceAddress=postmaster
|
|
|
471 |
|
|
|
472 |
# where to save bounces if all else fails
|
|
|
473 |
#O DeadLetterDrop=/var/tmp/dead.letter
|
|
|
474 |
|
|
|
475 |
# what user id do we assume for the majority of the processing?
|
|
|
476 |
#O RunAsUser=sendmail
|
|
|
477 |
|
|
|
478 |
# maximum number of recipients per SMTP envelope
|
|
|
479 |
#O MaxRecipientsPerMessage=0
|
|
|
480 |
|
|
|
481 |
# limit the rate recipients per SMTP envelope are accepted
|
|
|
482 |
# once the threshold number of recipients have been rejected
|
|
|
483 |
#O BadRcptThrottle=0
|
|
|
484 |
|
|
|
485 |
# shall we get local names from our installed interfaces?
|
|
|
486 |
O DontProbeInterfaces=True
|
|
|
487 |
|
|
|
488 |
# Return-Receipt-To: header implies DSN request
|
|
|
489 |
#O RrtImpliesDsn=False
|
|
|
490 |
|
|
|
491 |
# override connection address (for testing)
|
|
|
492 |
#O ConnectOnlyTo=0.0.0.0
|
|
|
493 |
|
|
|
494 |
# Trusted user for file ownership and starting the daemon
|
|
|
495 |
#O TrustedUser=root
|
|
|
496 |
|
|
|
497 |
# Control socket for daemon management
|
|
|
498 |
#O ControlSocketName=/var/spool/mqueue/.control
|
|
|
499 |
|
|
|
500 |
# Maximum MIME header length to protect MUAs
|
|
|
501 |
#O MaxMimeHeaderLength=0/0
|
|
|
502 |
|
|
|
503 |
# Maximum length of the sum of all headers
|
|
|
504 |
#O MaxHeadersLength=32768
|
|
|
505 |
|
|
|
506 |
# Maximum depth of alias recursion
|
|
|
507 |
#O MaxAliasRecursion=10
|
|
|
508 |
|
|
|
509 |
# location of pid file
|
|
|
510 |
#O PidFile=/var/run/sendmail.pid
|
|
|
511 |
|
|
|
512 |
# Prefix string for the process title shown on 'ps' listings
|
|
|
513 |
#O ProcessTitlePrefix=prefix
|
|
|
514 |
|
|
|
515 |
# Data file (df) memory-buffer file maximum size
|
|
|
516 |
#O DataFileBufferSize=4096
|
|
|
517 |
|
|
|
518 |
# Transcript file (xf) memory-buffer file maximum size
|
|
|
519 |
#O XscriptFileBufferSize=4096
|
|
|
520 |
|
|
|
521 |
# lookup type to find information about local mailboxes
|
|
|
522 |
#O MailboxDatabase=pw
|
|
|
523 |
|
|
|
524 |
# override compile time flag REQUIRES_DIR_FSYNC
|
|
|
525 |
#O RequiresDirfsync=true
|
|
|
526 |
|
|
|
527 |
# list of authentication mechanisms
|
|
|
528 |
#O AuthMechanisms=EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5
|
|
|
529 |
|
|
|
530 |
# Authentication realm
|
|
|
531 |
#O AuthRealm
|
|
|
532 |
|
|
|
533 |
# default authentication information for outgoing connections
|
|
|
534 |
#O DefaultAuthInfo=/etc/mail/default-auth-info
|
|
|
535 |
|
|
|
536 |
# SMTP AUTH flags
|
|
|
537 |
O AuthOptions=A
|
|
|
538 |
|
|
|
539 |
# SMTP AUTH maximum encryption strength
|
|
|
540 |
#O AuthMaxBits
|
|
|
541 |
|
|
|
542 |
# SMTP STARTTLS server options
|
|
|
543 |
#O TLSSrvOptions
|
|
|
544 |
|
|
|
545 |
# Input mail filters
|
|
|
546 |
#O InputMailFilters
|
|
|
547 |
|
|
|
548 |
|
|
|
549 |
# CA directory
|
|
|
550 |
#O CACertPath
|
|
|
551 |
# CA file
|
|
|
552 |
#O CACertFile
|
|
|
553 |
# Server Cert
|
|
|
554 |
#O ServerCertFile
|
|
|
555 |
# Server private key
|
|
|
556 |
#O ServerKeyFile
|
|
|
557 |
# Client Cert
|
|
|
558 |
#O ClientCertFile
|
|
|
559 |
# Client private key
|
|
|
560 |
#O ClientKeyFile
|
|
|
561 |
# File containing certificate revocation lists
|
|
|
562 |
#O CRLFile
|
|
|
563 |
# DHParameters (only required if DSA/DH is used)
|
|
|
564 |
#O DHParameters
|
|
|
565 |
# Random data source (required for systems without /dev/urandom under OpenSSL)
|
|
|
566 |
#O RandFile
|
|
|
567 |
|
|
|
568 |
############################
|
|
|
569 |
# QUEUE GROUP DEFINITIONS #
|
|
|
570 |
############################
|
|
|
571 |
|
|
|
572 |
|
|
|
573 |
###########################
|
|
|
574 |
# Message precedences #
|
|
|
575 |
###########################
|
|
|
576 |
|
|
|
577 |
Pfirst-class=0
|
|
|
578 |
Pspecial-delivery=100
|
|
|
579 |
Plist=-30
|
|
|
580 |
Pbulk=-60
|
|
|
581 |
Pjunk=-100
|
|
|
582 |
|
|
|
583 |
#####################
|
|
|
584 |
# Trusted users #
|
|
|
585 |
#####################
|
|
|
586 |
|
|
|
587 |
# this is equivalent to setting class "t"
|
|
|
588 |
Ft/etc/mail/trusted-users
|
|
|
589 |
Troot
|
|
|
590 |
Tdaemon
|
|
|
591 |
Tuucp
|
|
|
592 |
|
|
|
593 |
#########################
|
|
|
594 |
# Format of headers #
|
|
|
595 |
#########################
|
|
|
596 |
|
|
|
597 |
H?P?Return-Path: <$g>
|
|
|
598 |
HReceived: $?sfrom $s $.$?_($?s$|from $.$_)
|
|
|
599 |
$.$?{auth_type}(authenticated$?{auth_ssf} bits=${auth_ssf}$.)
|
|
|
600 |
$.by $j ($v/$Z)$?r with $r$. id $i$?{tls_version}
|
|
|
601 |
(version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify})$.$?u
|
|
|
602 |
for $u; $|;
|
|
|
603 |
$.$b
|
|
|
604 |
H?D?Resent-Date: $a
|
|
|
605 |
H?D?Date: $a
|
|
|
606 |
H?F?Resent-From: $?x$x <$g>$|$g$.
|
|
|
607 |
H?F?From: $?x$x <$g>$|$g$.
|
|
|
608 |
H?x?Full-Name: $x
|
|
|
609 |
# HPosted-Date: $a
|
|
|
610 |
# H?l?Received-Date: $b
|
|
|
611 |
H?M?Resent-Message-Id: <$t.$i@$j>
|
|
|
612 |
H?M?Message-Id: <$t.$i@$j>
|
|
|
613 |
|
|
|
614 |
#�
|
|
|
615 |
######################################################################
|
|
|
616 |
######################################################################
|
|
|
617 |
#####
|
|
|
618 |
##### REWRITING RULES
|
|
|
619 |
#####
|
|
|
620 |
######################################################################
|
|
|
621 |
######################################################################
|
|
|
622 |
|
|
|
623 |
############################################
|
|
|
624 |
### Ruleset 3 -- Name Canonicalization ###
|
|
|
625 |
############################################
|
|
|
626 |
Scanonify=3
|
|
|
627 |
|
|
|
628 |
# handle null input (translate to <@> special case)
|
|
|
629 |
R$@ $@ <@>
|
|
|
630 |
|
|
|
631 |
# strip group: syntax (not inside angle brackets!) and trailing semicolon
|
|
|
632 |
R$* $: $1 <@> mark addresses
|
|
|
633 |
R$* < $* > $* <@> $: $1 < $2 > $3 unmark <addr>
|
|
|
634 |
R@ $* <@> $: @ $1 unmark @host:...
|
|
|
635 |
R$* [ IPv6 : $+ ] <@> $: $1 [ IPv6 : $2 ] unmark IPv6 addr
|
|
|
636 |
R$* :: $* <@> $: $1 :: $2 unmark node::addr
|
|
|
637 |
R:include: $* <@> $: :include: $1 unmark :include:...
|
|
|
638 |
R$* : $* [ $* ] $: $1 : $2 [ $3 ] <@> remark if leading colon
|
|
|
639 |
R$* : $* <@> $: $2 strip colon if marked
|
|
|
640 |
R$* <@> $: $1 unmark
|
|
|
641 |
R$* ; $1 strip trailing semi
|
|
|
642 |
R$* < $+ :; > $* $@ $2 :; <@> catch <list:;>
|
|
|
643 |
R$* < $* ; > $1 < $2 > bogus bracketed semi
|
|
|
644 |
|
|
|
645 |
# null input now results from list:; syntax
|
|
|
646 |
R$@ $@ :; <@>
|
|
|
647 |
|
|
|
648 |
# strip angle brackets -- note RFC733 heuristic to get innermost item
|
|
|
649 |
R$* $: < $1 > housekeeping <>
|
|
|
650 |
R$+ < $* > < $2 > strip excess on left
|
|
|
651 |
R< $* > $+ < $1 > strip excess on right
|
|
|
652 |
R<> $@ < @ > MAIL FROM:<> case
|
|
|
653 |
R< $+ > $: $1 remove housekeeping <>
|
|
|
654 |
|
|
|
655 |
# strip route address <@a,@b,@c:user@d> -> <user@d>
|
|
|
656 |
R@ $+ , $+ $2
|
|
|
657 |
R@ [ $* ] : $+ $2
|
|
|
658 |
R@ $+ : $+ $2
|
|
|
659 |
|
|
|
660 |
# find focus for list syntax
|
|
|
661 |
R $+ : $* ; @ $+ $@ $>Canonify2 $1 : $2 ; < @ $3 > list syntax
|
|
|
662 |
R $+ : $* ; $@ $1 : $2; list syntax
|
|
|
663 |
|
|
|
664 |
# find focus for @ syntax addresses
|
|
|
665 |
R$+ @ $+ $: $1 < @ $2 > focus on domain
|
|
|
666 |
R$+ < $+ @ $+ > $1 $2 < @ $3 > move gaze right
|
|
|
667 |
R$+ < @ $+ > $@ $>Canonify2 $1 < @ $2 > already canonical
|
|
|
668 |
|
|
|
669 |
|
|
|
670 |
# convert old-style addresses to a domain-based address
|
|
|
671 |
R$- ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > resolve uucp names
|
|
|
672 |
R$+ . $- ! $+ $@ $>Canonify2 $3 < @ $1 . $2 > domain uucps
|
|
|
673 |
R$+ ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > uucp subdomains
|
|
|
674 |
|
|
|
675 |
# if we have % signs, take the rightmost one
|
|
|
676 |
R$* % $* $1 @ $2 First make them all @s.
|
|
|
677 |
R$* @ $* @ $* $1 % $2 @ $3 Undo all but the last.
|
|
|
678 |
R$* @ $* $@ $>Canonify2 $1 < @ $2 > Insert < > and finish
|
|
|
679 |
|
|
|
680 |
# else we must be a local name
|
|
|
681 |
R$* $@ $>Canonify2 $1
|
|
|
682 |
|
|
|
683 |
|
|
|
684 |
################################################
|
|
|
685 |
### Ruleset 96 -- bottom half of ruleset 3 ###
|
|
|
686 |
################################################
|
|
|
687 |
|
|
|
688 |
SCanonify2=96
|
|
|
689 |
|
|
|
690 |
# handle special cases for local names
|
|
|
691 |
R$* < @ localhost > $* $: $1 < @ $j . > $2 no domain at all
|
|
|
692 |
R$* < @ localhost . $m > $* $: $1 < @ $j . > $2 local domain
|
|
|
693 |
R$* < @ localhost . UUCP > $* $: $1 < @ $j . > $2 .UUCP domain
|
|
|
694 |
|
|
|
695 |
# check for IPv4/IPv6 domain literal
|
|
|
696 |
R$* < @ [ $+ ] > $* $: $1 < @@ [ $2 ] > $3 mark [addr]
|
|
|
697 |
R$* < @@ $=w > $* $: $1 < @ $j . > $3 self-literal
|
|
|
698 |
R$* < @@ $+ > $* $@ $1 < @ $2 > $3 canon IP addr
|
|
|
699 |
|
|
|
700 |
|
|
|
701 |
|
|
|
702 |
|
|
|
703 |
|
|
|
704 |
# if really UUCP, handle it immediately
|
|
|
705 |
|
|
|
706 |
# try UUCP traffic as a local address
|
|
|
707 |
R$* < @ $+ . UUCP > $* $: $1 < @ $[ $2 $] . UUCP . > $3
|
|
|
708 |
R$* < @ $+ . . UUCP . > $* $@ $1 < @ $2 . > $3
|
|
|
709 |
|
|
|
710 |
# hostnames ending in class P are always canonical
|
|
|
711 |
R$* < @ $* $=P > $* $: $1 < @ $2 $3 . > $4
|
|
|
712 |
R$* < @ $* $~P > $* $: $&{daemon_flags} $| $1 < @ $2 $3 > $4
|
|
|
713 |
R$* CC $* $| $* < @ $+.$+ > $* $: $3 < @ $4.$5 . > $6
|
|
|
714 |
R$* CC $* $| $* $: $3
|
|
|
715 |
# pass to name server to make hostname canonical
|
|
|
716 |
R$* $| $* < @ $* > $* $: $2 < @ $[ $3 $] > $4
|
|
|
717 |
R$* $| $* $: $2
|
|
|
718 |
|
|
|
719 |
# local host aliases and pseudo-domains are always canonical
|
|
|
720 |
R$* < @ $=w > $* $: $1 < @ $2 . > $3
|
|
|
721 |
R$* < @ $=M > $* $: $1 < @ $2 . > $3
|
|
|
722 |
R$* < @ $={VirtHost} > $* $: $1 < @ $2 . > $3
|
|
|
723 |
R$* < @ $* . . > $* $1 < @ $2 . > $3
|
|
|
724 |
|
|
|
725 |
|
|
|
726 |
##################################################
|
|
|
727 |
### Ruleset 4 -- Final Output Post-rewriting ###
|
|
|
728 |
##################################################
|
|
|
729 |
Sfinal=4
|
|
|
730 |
|
|
|
731 |
R$+ :; <@> $@ $1 : handle <list:;>
|
|
|
732 |
R$* <@> $@ handle <> and list:;
|
|
|
733 |
|
|
|
734 |
# strip trailing dot off possibly canonical name
|
|
|
735 |
R$* < @ $+ . > $* $1 < @ $2 > $3
|
|
|
736 |
|
|
|
737 |
# eliminate internal code
|
|
|
738 |
R$* < @ *LOCAL* > $* $1 < @ $j > $2
|
|
|
739 |
|
|
|
740 |
# externalize local domain info
|
|
|
741 |
R$* < $+ > $* $1 $2 $3 defocus
|
|
|
742 |
R@ $+ : @ $+ : $+ @ $1 , @ $2 : $3 <route-addr> canonical
|
|
|
743 |
R@ $* $@ @ $1 ... and exit
|
|
|
744 |
|
|
|
745 |
# UUCP must always be presented in old form
|
|
|
746 |
R$+ @ $- . UUCP $2!$1 u@h.UUCP => h!u
|
|
|
747 |
|
|
|
748 |
# delete duplicate local names
|
|
|
749 |
R$+ % $=w @ $=w $1 @ $2 u%host@host => u@host
|
|
|
750 |
|
|
|
751 |
|
|
|
752 |
|
|
|
753 |
##############################################################
|
|
|
754 |
### Ruleset 97 -- recanonicalize and call ruleset zero ###
|
|
|
755 |
### (used for recursive calls) ###
|
|
|
756 |
##############################################################
|
|
|
757 |
|
|
|
758 |
SRecurse=97
|
|
|
759 |
R$* $: $>canonify $1
|
|
|
760 |
R$* $@ $>parse $1
|
|
|
761 |
|
|
|
762 |
|
|
|
763 |
######################################
|
|
|
764 |
### Ruleset 0 -- Parse Address ###
|
|
|
765 |
######################################
|
|
|
766 |
|
|
|
767 |
Sparse=0
|
|
|
768 |
|
|
|
769 |
R$* $: $>Parse0 $1 initial parsing
|
|
|
770 |
R<@> $#local $: <@> special case error msgs
|
|
|
771 |
R$* $: $>ParseLocal $1 handle local hacks
|
|
|
772 |
R$* $: $>Parse1 $1 final parsing
|
|
|
773 |
|
|
|
774 |
#
|
|
|
775 |
# Parse0 -- do initial syntax checking and eliminate local addresses.
|
|
|
776 |
# This should either return with the (possibly modified) input
|
|
|
777 |
# or return with a #error mailer. It should not return with a
|
|
|
778 |
# #mailer other than the #error mailer.
|
|
|
779 |
#
|
|
|
780 |
|
|
|
781 |
SParse0
|
|
|
782 |
R<@> $@ <@> special case error msgs
|
|
|
783 |
R$* : $* ; <@> $#error $@ 5.1.3 $: "553 List:; syntax illegal for recipient addresses"
|
|
|
784 |
R@ <@ $* > < @ $1 > catch "@@host" bogosity
|
|
|
785 |
R<@ $+> $#error $@ 5.1.3 $: "553 User address required"
|
|
|
786 |
R$+ <@> $#error $@ 5.1.3 $: "553 Hostname required"
|
|
|
787 |
R$* $: <> $1
|
|
|
788 |
R<> $* < @ [ $* ] : $+ > $* $1 < @ [ $2 ] : $3 > $4
|
|
|
789 |
R<> $* < @ [ $* ] , $+ > $* $1 < @ [ $2 ] , $3 > $4
|
|
|
790 |
R<> $* < @ [ $* ] $+ > $* $#error $@ 5.1.2 $: "553 Invalid address"
|
|
|
791 |
R<> $* < @ [ $+ ] > $* $1 < @ [ $2 ] > $3
|
|
|
792 |
R<> $* <$* : $* > $* $#error $@ 5.1.3 $: "553 Colon illegal in host name part"
|
|
|
793 |
R<> $* $1
|
|
|
794 |
R$* < @ . $* > $* $#error $@ 5.1.2 $: "553 Invalid host name"
|
|
|
795 |
R$* < @ $* .. $* > $* $#error $@ 5.1.2 $: "553 Invalid host name"
|
|
|
796 |
R$* < @ $* @ > $* $#error $@ 5.1.2 $: "553 Invalid route address"
|
|
|
797 |
R$* @ $* < @ $* > $* $#error $@ 5.1.3 $: "553 Invalid route address"
|
|
|
798 |
R$* , $~O $* $#error $@ 5.1.3 $: "553 Invalid route address"
|
|
|
799 |
|
|
|
800 |
|
|
|
801 |
# now delete the local info -- note $=O to find characters that cause forwarding
|
|
|
802 |
R$* < @ > $* $@ $>Parse0 $>canonify $1 user@ => user
|
|
|
803 |
R< @ $=w . > : $* $@ $>Parse0 $>canonify $2 @here:... -> ...
|
|
|
804 |
R$- < @ $=w . > $: $(dequote $1 $) < @ $2 . > dequote "foo"@here
|
|
|
805 |
R< @ $+ > $#error $@ 5.1.3 $: "553 User address required"
|
|
|
806 |
R$* $=O $* < @ $=w . > $@ $>Parse0 $>canonify $1 $2 $3 ...@here -> ...
|
|
|
807 |
R$- $: $(dequote $1 $) < @ *LOCAL* > dequote "foo"
|
|
|
808 |
R< @ *LOCAL* > $#error $@ 5.1.3 $: "553 User address required"
|
|
|
809 |
R$* $=O $* < @ *LOCAL* >
|
|
|
810 |
$@ $>Parse0 $>canonify $1 $2 $3 ...@*LOCAL* -> ...
|
|
|
811 |
R$* < @ *LOCAL* > $: $1
|
|
|
812 |
|
|
|
813 |
#
|
|
|
814 |
# Parse1 -- the bottom half of ruleset 0.
|
|
|
815 |
#
|
|
|
816 |
|
|
|
817 |
SParse1
|
|
|
818 |
|
|
|
819 |
# handle numeric address spec
|
|
|
820 |
R$* < @ [ $+ ] > $* $: $>ParseLocal $1 < @ [ $2 ] > $3 numeric internet spec
|
|
|
821 |
R$* < @ [ $+ ] > $* $: $1 < @ [ $2 ] : $S > $3 Add smart host to path
|
|
|
822 |
R$* < @ [ $+ ] : > $* $#esmtp $@ [$2] $: $1 < @ [$2] > $3 no smarthost: send
|
|
|
823 |
R$* < @ [ $+ ] : $- : $*> $* $#$3 $@ $4 $: $1 < @ [$2] > $5 smarthost with mailer
|
|
|
824 |
R$* < @ [ $+ ] : $+ > $* $#esmtp $@ $3 $: $1 < @ [$2] > $4 smarthost without mailer
|
|
|
825 |
|
|
|
826 |
# handle virtual users
|
|
|
827 |
R$+ $: <!> $1 Mark for lookup
|
|
|
828 |
R<!> $+ < @ $={VirtHost} . > $: < $(virtuser $1 @ $2 $@ $1 $: @ $) > $1 < @ $2 . >
|
|
|
829 |
R<!> $+ < @ $=w . > $: < $(virtuser $1 @ $2 $@ $1 $: @ $) > $1 < @ $2 . >
|
|
|
830 |
R<@> $+ + $+ < @ $* . >
|
|
|
831 |
$: < $(virtuser $1 + + @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . >
|
|
|
832 |
R<@> $+ + $* < @ $* . >
|
|
|
833 |
$: < $(virtuser $1 + * @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . >
|
|
|
834 |
R<@> $+ + $* < @ $* . >
|
|
|
835 |
$: < $(virtuser $1 @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . >
|
|
|
836 |
R<@> $+ + $+ < @ $+ . > $: < $(virtuser + + @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . >
|
|
|
837 |
R<@> $+ + $* < @ $+ . > $: < $(virtuser + * @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . >
|
|
|
838 |
R<@> $+ + $* < @ $+ . > $: < $(virtuser @ $3 $@ $1 $@ $2 $@ +$2 $: ! $) > $1 + $2 < @ $3 . >
|
|
|
839 |
R<@> $+ < @ $+ . > $: < $(virtuser @ $2 $@ $1 $: @ $) > $1 < @ $2 . >
|
|
|
840 |
R<@> $+ $: $1
|
|
|
841 |
R<!> $+ $: $1
|
|
|
842 |
R< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4
|
|
|
843 |
R< error : $- $+ > $* $#error $@ $(dequote $1 $) $: $2
|
|
|
844 |
R< $+ > $+ < @ $+ > $: $>Recurse $1
|
|
|
845 |
|
|
|
846 |
# short circuit local delivery so forwarded email works
|
|
|
847 |
|
|
|
848 |
|
|
|
849 |
R$=L < @ $=w . > $#local $: @ $1 special local names
|
|
|
850 |
R$+ < @ $=w . > $#local $: $1 regular local name
|
|
|
851 |
|
|
|
852 |
# not local -- try mailer table lookup
|
|
|
853 |
R$* <@ $+ > $* $: < $2 > $1 < @ $2 > $3 extract host name
|
|
|
854 |
R< $+ . > $* $: < $1 > $2 strip trailing dot
|
|
|
855 |
R< $+ > $* $: < $(mailertable $1 $) > $2 lookup
|
|
|
856 |
R< $~[ : $* > $* $>MailerToTriple < $1 : $2 > $3 check -- resolved?
|
|
|
857 |
R< $+ > $* $: $>Mailertable <$1> $2 try domain
|
|
|
858 |
|
|
|
859 |
# resolve remotely connected UUCP links (if any)
|
|
|
860 |
|
|
|
861 |
# resolve fake top level domains by forwarding to other hosts
|
|
|
862 |
|
|
|
863 |
|
|
|
864 |
|
|
|
865 |
# pass names that still have a host to a smarthost (if defined)
|
|
|
866 |
R$* < @ $* > $* $: $>MailerToTriple < $S > $1 < @ $2 > $3 glue on smarthost name
|
|
|
867 |
|
|
|
868 |
# deal with other remote names
|
|
|
869 |
R$* < @$* > $* $#esmtp $@ $2 $: $1 < @ $2 > $3 user@host.domain
|
|
|
870 |
|
|
|
871 |
# handle locally delivered names
|
|
|
872 |
R$=L $#local $: @ $1 special local names
|
|
|
873 |
R$+ $#local $: $1 regular local names
|
|
|
874 |
|
|
|
875 |
###########################################################################
|
|
|
876 |
### Ruleset 5 -- special rewriting after aliases have been expanded ###
|
|
|
877 |
###########################################################################
|
|
|
878 |
|
|
|
879 |
SLocal_localaddr
|
|
|
880 |
Slocaladdr=5
|
|
|
881 |
R$+ $: $1 $| $>"Local_localaddr" $1
|
|
|
882 |
R$+ $| $#ok $@ $1 no change
|
|
|
883 |
R$+ $| $#$* $#$2
|
|
|
884 |
R$+ $| $* $: $1
|
|
|
885 |
|
|
|
886 |
|
|
|
887 |
|
|
|
888 |
|
|
|
889 |
# deal with plussed users so aliases work nicely
|
|
|
890 |
R$+ + * $#local $@ $&h $: $1
|
|
|
891 |
R$+ + $* $#local $@ + $2 $: $1 + *
|
|
|
892 |
|
|
|
893 |
# prepend an empty "forward host" on the front
|
|
|
894 |
R$+ $: <> $1
|
|
|
895 |
|
|
|
896 |
|
|
|
897 |
|
|
|
898 |
R< > $+ $: < > < $1 <> $&h > nope, restore +detail
|
|
|
899 |
|
|
|
900 |
R< > < $+ <> + $* > $: < > < $1 + $2 > check whether +detail
|
|
|
901 |
R< > < $+ <> $* > $: < > < $1 > else discard
|
|
|
902 |
R< > < $+ + $* > $* < > < $1 > + $2 $3 find the user part
|
|
|
903 |
R< > < $+ > + $* $#local $@ $2 $: @ $1 strip the extra +
|
|
|
904 |
R< > < $+ > $@ $1 no +detail
|
|
|
905 |
R$+ $: $1 <> $&h add +detail back in
|
|
|
906 |
|
|
|
907 |
R$+ <> + $* $: $1 + $2 check whether +detail
|
|
|
908 |
R$+ <> $* $: $1 else discard
|
|
|
909 |
R< local : $* > $* $: $>MailerToTriple < local : $1 > $2 no host extension
|
|
|
910 |
R< error : $* > $* $: $>MailerToTriple < error : $1 > $2 no host extension
|
|
|
911 |
|
|
|
912 |
R< $~[ : $+ > $+ $: $>MailerToTriple < $1 : $2 > $3 < @ $2 >
|
|
|
913 |
|
|
|
914 |
R< $+ > $+ $@ $>MailerToTriple < $1 > $2 < @ $1 >
|
|
|
915 |
|
|
|
916 |
|
|
|
917 |
###################################################################
|
|
|
918 |
### Ruleset 90 -- try domain part of mailertable entry ###
|
|
|
919 |
###################################################################
|
|
|
920 |
|
|
|
921 |
SMailertable=90
|
|
|
922 |
R$* <$- . $+ > $* $: $1$2 < $(mailertable .$3 $@ $1$2 $@ $2 $) > $4
|
|
|
923 |
R$* <$~[ : $* > $* $>MailerToTriple < $2 : $3 > $4 check -- resolved?
|
|
|
924 |
R$* < . $+ > $* $@ $>Mailertable $1 . <$2> $3 no -- strip & try again
|
|
|
925 |
R$* < $* > $* $: < $(mailertable . $@ $1$2 $) > $3 try "."
|
|
|
926 |
R< $~[ : $* > $* $>MailerToTriple < $1 : $2 > $3 "." found?
|
|
|
927 |
R< $* > $* $@ $2 no mailertable match
|
|
|
928 |
|
|
|
929 |
###################################################################
|
|
|
930 |
### Ruleset 95 -- canonify mailer:[user@]host syntax to triple ###
|
|
|
931 |
###################################################################
|
|
|
932 |
|
|
|
933 |
SMailerToTriple=95
|
|
|
934 |
R< > $* $@ $1 strip off null relay
|
|
|
935 |
R< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4
|
|
|
936 |
R< error : $- : $+ > $* $#error $@ $(dequote $1 $) $: $2
|
|
|
937 |
R< error : $+ > $* $#error $: $1
|
|
|
938 |
R< local : $* > $* $>CanonLocal < $1 > $2
|
|
|
939 |
R< $~[ : $+ @ $+ > $*<$*>$* $# $1 $@ $3 $: $2<@$3> use literal user
|
|
|
940 |
R< $~[ : $+ > $* $# $1 $@ $2 $: $3 try qualified mailer
|
|
|
941 |
R< $=w > $* $@ $2 delete local host
|
|
|
942 |
R< $+ > $* $#relay $@ $1 $: $2 use unqualified mailer
|
|
|
943 |
|
|
|
944 |
###################################################################
|
|
|
945 |
### Ruleset CanonLocal -- canonify local: syntax ###
|
|
|
946 |
###################################################################
|
|
|
947 |
|
|
|
948 |
SCanonLocal
|
|
|
949 |
# strip local host from routed addresses
|
|
|
950 |
R< $* > < @ $+ > : $+ $@ $>Recurse $3
|
|
|
951 |
R< $* > $+ $=O $+ < @ $+ > $@ $>Recurse $2 $3 $4
|
|
|
952 |
|
|
|
953 |
# strip trailing dot from any host name that may appear
|
|
|
954 |
R< $* > $* < @ $* . > $: < $1 > $2 < @ $3 >
|
|
|
955 |
|
|
|
956 |
# handle local: syntax -- use old user, either with or without host
|
|
|
957 |
R< > $* < @ $* > $* $#local $@ $1@$2 $: $1
|
|
|
958 |
R< > $+ $#local $@ $1 $: $1
|
|
|
959 |
|
|
|
960 |
# handle local:user@host syntax -- ignore host part
|
|
|
961 |
R< $+ @ $+ > $* < @ $* > $: < $1 > $3 < @ $4 >
|
|
|
962 |
|
|
|
963 |
# handle local:user syntax
|
|
|
964 |
R< $+ > $* <@ $* > $* $#local $@ $2@$3 $: $1
|
|
|
965 |
R< $+ > $* $#local $@ $2 $: $1
|
|
|
966 |
|
|
|
967 |
###################################################################
|
|
|
968 |
### Ruleset 93 -- convert header names to masqueraded form ###
|
|
|
969 |
###################################################################
|
|
|
970 |
|
|
|
971 |
SMasqHdr=93
|
|
|
972 |
|
|
|
973 |
|
|
|
974 |
# do not masquerade anything in class N
|
|
|
975 |
R$* < @ $* $=N . > $@ $1 < @ $2 $3 . >
|
|
|
976 |
|
|
|
977 |
R$* < @ *LOCAL* > $@ $1 < @ $j . >
|
|
|
978 |
|
|
|
979 |
###################################################################
|
|
|
980 |
### Ruleset 94 -- convert envelope names to masqueraded form ###
|
|
|
981 |
###################################################################
|
|
|
982 |
|
|
|
983 |
SMasqEnv=94
|
|
|
984 |
R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
|
|
|
985 |
|
|
|
986 |
###################################################################
|
|
|
987 |
### Ruleset 98 -- local part of ruleset zero (can be null) ###
|
|
|
988 |
###################################################################
|
|
|
989 |
|
|
|
990 |
SParseLocal=98
|
|
|
991 |
|
|
|
992 |
# addresses sent to foo@host.REDIRECT will give a 551 error code
|
|
|
993 |
R$* < @ $+ .REDIRECT. > $: $1 < @ $2 . REDIRECT . > < ${opMode} >
|
|
|
994 |
R$* < @ $+ .REDIRECT. > <i> $: $1 < @ $2 . REDIRECT. >
|
|
|
995 |
R$* < @ $+ .REDIRECT. > < $- > $#error $@ 5.1.1 $: "551 User has moved; please try " <$1@$2>
|
|
|
996 |
|
|
|
997 |
|
|
|
998 |
|
|
|
999 |
|
|
|
1000 |
######################################################################
|
|
|
1001 |
### D: LookUpDomain -- search for domain in access database
|
|
|
1002 |
###
|
|
|
1003 |
### Parameters:
|
|
|
1004 |
### <$1> -- key (domain name)
|
|
|
1005 |
### <$2> -- default (what to return if not found in db)
|
|
|
1006 |
### <$3> -- mark (must be <(!|+) single-token>)
|
|
|
1007 |
### ! does lookup only with tag
|
|
|
1008 |
### + does lookup with and without tag
|
|
|
1009 |
### <$4> -- passthru (additional data passed unchanged through)
|
|
|
1010 |
######################################################################
|
|
|
1011 |
|
|
|
1012 |
SD
|
|
|
1013 |
R<$*> <$+> <$- $-> <$*> $: < $(access $4:$1 $: ? $) > <$1> <$2> <$3 $4> <$5>
|
|
|
1014 |
R<?> <$+> <$+> <+ $-> <$*> $: < $(access $1 $: ? $) > <$1> <$2> <+ $3> <$4>
|
|
|
1015 |
R<?> <[$+.$-]> <$+> <$- $-> <$*> $@ $>D <[$1]> <$3> <$4 $5> <$6>
|
|
|
1016 |
R<?> <[$+::$-]> <$+> <$- $-> <$*> $: $>D <[$1]> <$3> <$4 $5> <$6>
|
|
|
1017 |
R<?> <[$+:$-]> <$+> <$- $-> <$*> $: $>D <[$1]> <$3> <$4 $5> <$6>
|
|
|
1018 |
R<?> <$+.$+> <$+> <$- $-> <$*> $@ $>D <$2> <$3> <$4 $5> <$6>
|
|
|
1019 |
R<?> <$+> <$+> <$- $-> <$*> $@ <$2> <$5>
|
|
|
1020 |
R<$* <TMPF>> <$+> <$+> <$- $-> <$*> $@ <<TMPF>> <$6>
|
|
|
1021 |
R<$*> <$+> <$+> <$- $-> <$*> $@ <$1> <$6>
|
|
|
1022 |
|
|
|
1023 |
######################################################################
|
|
|
1024 |
### A: LookUpAddress -- search for host address in access database
|
|
|
1025 |
###
|
|
|
1026 |
### Parameters:
|
|
|
1027 |
### <$1> -- key (dot quadded host address)
|
|
|
1028 |
### <$2> -- default (what to return if not found in db)
|
|
|
1029 |
### <$3> -- mark (must be <(!|+) single-token>)
|
|
|
1030 |
### ! does lookup only with tag
|
|
|
1031 |
### + does lookup with and without tag
|
|
|
1032 |
### <$4> -- passthru (additional data passed through)
|
|
|
1033 |
######################################################################
|
|
|
1034 |
|
|
|
1035 |
SA
|
|
|
1036 |
R<$+> <$+> <$- $-> <$*> $: < $(access $4:$1 $: ? $) > <$1> <$2> <$3 $4> <$5>
|
|
|
1037 |
R<?> <$+> <$+> <+ $-> <$*> $: < $(access $1 $: ? $) > <$1> <$2> <+ $3> <$4>
|
|
|
1038 |
R<?> <$+::$-> <$+> <$- $-> <$*> $@ $>A <$1> <$3> <$4 $5> <$6>
|
|
|
1039 |
R<?> <$+:$-> <$+> <$- $-> <$*> $@ $>A <$1> <$3> <$4 $5> <$6>
|
|
|
1040 |
R<?> <$+.$-> <$+> <$- $-> <$*> $@ $>A <$1> <$3> <$4 $5> <$6>
|
|
|
1041 |
R<?> <$+> <$+> <$- $-> <$*> $@ <$2> <$5>
|
|
|
1042 |
R<$* <TMPF>> <$+> <$+> <$- $-> <$*> $@ <<TMPF>> <$6>
|
|
|
1043 |
R<$*> <$+> <$+> <$- $-> <$*> $@ <$1> <$6>
|
|
|
1044 |
|
|
|
1045 |
######################################################################
|
|
|
1046 |
### CanonAddr -- Convert an address into a standard form for
|
|
|
1047 |
### relay checking. Route address syntax is
|
|
|
1048 |
### crudely converted into a %-hack address.
|
|
|
1049 |
###
|
|
|
1050 |
### Parameters:
|
|
|
1051 |
### $1 -- full recipient address
|
|
|
1052 |
###
|
|
|
1053 |
### Returns:
|
|
|
1054 |
### parsed address, not in source route form
|
|
|
1055 |
######################################################################
|
|
|
1056 |
|
|
|
1057 |
SCanonAddr
|
|
|
1058 |
R$* $: $>Parse0 $>canonify $1 make domain canonical
|
|
|
1059 |
|
|
|
1060 |
|
|
|
1061 |
######################################################################
|
|
|
1062 |
### ParseRecipient -- Strip off hosts in $=R as well as possibly
|
|
|
1063 |
### $* $=m or the access database.
|
|
|
1064 |
### Check user portion for host separators.
|
|
|
1065 |
###
|
|
|
1066 |
### Parameters:
|
|
|
1067 |
### $1 -- full recipient address
|
|
|
1068 |
###
|
|
|
1069 |
### Returns:
|
|
|
1070 |
### parsed, non-local-relaying address
|
|
|
1071 |
######################################################################
|
|
|
1072 |
|
|
|
1073 |
SParseRecipient
|
|
|
1074 |
R$* $: <?> $>CanonAddr $1
|
|
|
1075 |
R<?> $* < @ $* . > <?> $1 < @ $2 > strip trailing dots
|
|
|
1076 |
R<?> $- < @ $* > $: <?> $(dequote $1 $) < @ $2 > dequote local part
|
|
|
1077 |
|
|
|
1078 |
# if no $=O character, no host in the user portion, we are done
|
|
|
1079 |
R<?> $* $=O $* < @ $* > $: <NO> $1 $2 $3 < @ $4>
|
|
|
1080 |
R<?> $* $@ $1
|
|
|
1081 |
|
|
|
1082 |
|
|
|
1083 |
R<NO> $* < @ $* $=R > $: <RELAY> $1 < @ $2 $3 >
|
|
|
1084 |
R<NO> $* < @ $+ > $: $>D <$2> <NO> <+ To> <$1 < @ $2 >>
|
|
|
1085 |
R<$+> <$+> $: <$1> $2
|
|
|
1086 |
|
|
|
1087 |
|
|
|
1088 |
|
|
|
1089 |
R<RELAY> $* < @ $* > $@ $>ParseRecipient $1
|
|
|
1090 |
R<$+> $* $@ $2
|
|
|
1091 |
|
|
|
1092 |
|
|
|
1093 |
######################################################################
|
|
|
1094 |
### check_relay -- check hostname/address on SMTP startup
|
|
|
1095 |
######################################################################
|
|
|
1096 |
|
|
|
1097 |
|
|
|
1098 |
|
|
|
1099 |
SLocal_check_relay
|
|
|
1100 |
Scheck_relay
|
|
|
1101 |
R$* $: $1 $| $>"Local_check_relay" $1
|
|
|
1102 |
R$* $| $* $| $#$* $#$3
|
|
|
1103 |
R$* $| $* $| $* $@ $>"Basic_check_relay" $1 $| $2
|
|
|
1104 |
|
|
|
1105 |
SBasic_check_relay
|
|
|
1106 |
# check for deferred delivery mode
|
|
|
1107 |
R$* $: < $&{deliveryMode} > $1
|
|
|
1108 |
R< d > $* $@ deferred
|
|
|
1109 |
R< $* > $* $: $2
|
|
|
1110 |
|
|
|
1111 |
R$+ $| $+ $: $>D < $1 > <?> <+ Connect> < $2 >
|
|
|
1112 |
R $| $+ $: $>A < $1 > <?> <+ Connect> <> empty client_name
|
|
|
1113 |
R<?> <$+> $: $>A < $1 > <?> <+ Connect> <> no: another lookup
|
|
|
1114 |
R<?> <$*> $: OK found nothing
|
|
|
1115 |
R<$={Accept}> <$*> $@ $1 return value of lookup
|
|
|
1116 |
R<REJECT> <$*> $#error $@ 5.7.1 $: "550 Access denied"
|
|
|
1117 |
R<DISCARD> <$*> $#discard $: discard
|
|
|
1118 |
R<QUARANTINE:$+> <$*> $#error $@ quarantine $: $1
|
|
|
1119 |
R<ERROR:$-.$-.$-:$+> <$*> $#error $@ $1.$2.$3 $: $4
|
|
|
1120 |
R<ERROR:$+> <$*> $#error $: $1
|
|
|
1121 |
R<$* <TMPF>> <$*> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
|
|
|
1122 |
R<$+> <$*> $#error $: $1
|
|
|
1123 |
|
|
|
1124 |
|
|
|
1125 |
|
|
|
1126 |
######################################################################
|
|
|
1127 |
### check_mail -- check SMTP `MAIL FROM:' command argument
|
|
|
1128 |
######################################################################
|
|
|
1129 |
|
|
|
1130 |
SLocal_check_mail
|
|
|
1131 |
Scheck_mail
|
|
|
1132 |
R$* $: $1 $| $>"Local_check_mail" $1
|
|
|
1133 |
R$* $| $#$* $#$2
|
|
|
1134 |
R$* $| $* $@ $>"Basic_check_mail" $1
|
|
|
1135 |
|
|
|
1136 |
SBasic_check_mail
|
|
|
1137 |
# check for deferred delivery mode
|
|
|
1138 |
R$* $: < $&{deliveryMode} > $1
|
|
|
1139 |
R< d > $* $@ deferred
|
|
|
1140 |
R< $* > $* $: $2
|
|
|
1141 |
|
|
|
1142 |
# authenticated?
|
|
|
1143 |
R$* $: $1 $| $>"tls_client" $&{verify} $| MAIL
|
|
|
1144 |
R$* $| $#$+ $#$2
|
|
|
1145 |
R$* $| $* $: $1
|
|
|
1146 |
|
|
|
1147 |
R<> $@ <OK> we MUST accept <> (RFC 1123)
|
|
|
1148 |
R$+ $: <?> $1
|
|
|
1149 |
R<?><$+> $: <@> <$1>
|
|
|
1150 |
R<?>$+ $: <@> <$1>
|
|
|
1151 |
R$* $: $&{daemon_flags} $| $1
|
|
|
1152 |
R$* f $* $| <@> < $* @ $- > $: < ? $&{client_name} > < $3 @ $4 >
|
|
|
1153 |
R$* u $* $| <@> < $* > $: <?> < $3 >
|
|
|
1154 |
R$* $| $* $: $2
|
|
|
1155 |
# handle case of @localhost on address
|
|
|
1156 |
R<@> < $* @ localhost > $: < ? $&{client_name} > < $1 @ localhost >
|
|
|
1157 |
R<@> < $* @ [127.0.0.1] >
|
|
|
1158 |
$: < ? $&{client_name} > < $1 @ [127.0.0.1] >
|
|
|
1159 |
R<@> < $* @ localhost.$m >
|
|
|
1160 |
$: < ? $&{client_name} > < $1 @ localhost.$m >
|
|
|
1161 |
R<@> < $* @ localhost.localdomain >
|
|
|
1162 |
$: < ? $&{client_name} > < $1 @ localhost.localdomain >
|
|
|
1163 |
R<@> < $* @ localhost.UUCP >
|
|
|
1164 |
$: < ? $&{client_name} > < $1 @ localhost.UUCP >
|
|
|
1165 |
R<@> $* $: $1 no localhost as domain
|
|
|
1166 |
R<? $=w> $* $: $2 local client: ok
|
|
|
1167 |
R<? $+> <$+> $#error $@ 5.5.4 $: "553 Real domain name required for sender address"
|
|
|
1168 |
R<?> $* $: $1
|
|
|
1169 |
R$* $: <?> $>CanonAddr $1 canonify sender address and mark it
|
|
|
1170 |
R<?> $* < @ $+ . > <?> $1 < @ $2 > strip trailing dots
|
|
|
1171 |
# handle non-DNS hostnames (*.bitnet, *.decnet, *.uucp, etc)
|
|
|
1172 |
R<?> $* < @ $* $=P > $: <OKR> $1 < @ $2 $3 >
|
|
|
1173 |
R<?> $* < @ $j > $: <OKR> $1 < @ $j >
|
|
|
1174 |
R<?> $* < @ $+ > $: <OKR> $1 < @ $2 > ... unresolvable OK
|
|
|
1175 |
|
|
|
1176 |
# check sender address: user@address, user@, address
|
|
|
1177 |
R<$+> $+ < @ $* > $: @<$1> <$2 < @ $3 >> $| <F:$2@$3> <U:$2@> <D:$3>
|
|
|
1178 |
R<$+> $+ $: @<$1> <$2> $| <U:$2@>
|
|
|
1179 |
R@ <$+> <$*> $| <$+> $: <@> <$1> <$2> $| $>SearchList <+ From> $| <$3> <>
|
|
|
1180 |
R<@> <$+> <$*> $| <$*> $: <$3> <$1> <$2> reverse result
|
|
|
1181 |
# retransform for further use
|
|
|
1182 |
R<?> <$+> <$*> $: <$1> $2 no match
|
|
|
1183 |
R<$+> <$+> <$*> $: <$1> $3 relevant result, keep it
|
|
|
1184 |
|
|
|
1185 |
# handle case of no @domain on address
|
|
|
1186 |
R<?> $* $: $&{daemon_flags} $| <?> $1
|
|
|
1187 |
R$* u $* $| <?> $* $: <OKR> $3
|
|
|
1188 |
R$* $| $* $: $2
|
|
|
1189 |
R<?> $* $: < ? $&{client_addr} > $1
|
|
|
1190 |
R<?> $* $@ <OKR> ...local unqualed ok
|
|
|
1191 |
R<? $+> $* $#error $@ 5.5.4 $: "553 Domain name required for sender address " $&f
|
|
|
1192 |
...remote is not
|
|
|
1193 |
# check results
|
|
|
1194 |
R<?> $* $: @ $1 mark address: nothing known about it
|
|
|
1195 |
R<$={ResOk}> $* $@ <OKR> domain ok: stop
|
|
|
1196 |
R<TEMP> $* $#error $@ 4.1.8 $: "451 Domain of sender address " $&f " does not resolve"
|
|
|
1197 |
R<PERM> $* $#error $@ 5.1.8 $: "553 Domain of sender address " $&f " does not exist"
|
|
|
1198 |
R<$={Accept}> $* $# $1 accept from access map
|
|
|
1199 |
R<DISCARD> $* $#discard $: discard
|
|
|
1200 |
R<QUARANTINE:$+> $* $#error $@ quarantine $: $1
|
|
|
1201 |
R<REJECT> $* $#error $@ 5.7.1 $: "550 Access denied"
|
|
|
1202 |
R<ERROR:$-.$-.$-:$+> $* $#error $@ $1.$2.$3 $: $4
|
|
|
1203 |
R<ERROR:$+> $* $#error $: $1
|
|
|
1204 |
R<<TMPF>> $* $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
|
|
|
1205 |
R<$+> $* $#error $: $1 error from access db
|
|
|
1206 |
|
|
|
1207 |
######################################################################
|
|
|
1208 |
### check_rcpt -- check SMTP `RCPT TO:' command argument
|
|
|
1209 |
######################################################################
|
|
|
1210 |
|
|
|
1211 |
SLocal_check_rcpt
|
|
|
1212 |
Scheck_rcpt
|
|
|
1213 |
R$* $: $1 $| $>"Local_check_rcpt" $1
|
|
|
1214 |
R$* $| $#$* $#$2
|
|
|
1215 |
R$* $| $* $@ $>"Basic_check_rcpt" $1
|
|
|
1216 |
|
|
|
1217 |
SBasic_check_rcpt
|
|
|
1218 |
# empty address?
|
|
|
1219 |
R<> $#error $@ nouser $: "553 User address required"
|
|
|
1220 |
R$@ $#error $@ nouser $: "553 User address required"
|
|
|
1221 |
# check for deferred delivery mode
|
|
|
1222 |
R$* $: < $&{deliveryMode} > $1
|
|
|
1223 |
R< d > $* $@ deferred
|
|
|
1224 |
R< $* > $* $: $2
|
|
|
1225 |
|
|
|
1226 |
|
|
|
1227 |
######################################################################
|
|
|
1228 |
R$* $: $1 $| @ $>"Rcpt_ok" $1
|
|
|
1229 |
R$* $| @ $#TEMP $+ $: $1 $| T $2
|
|
|
1230 |
R$* $| @ $#$* $#$2
|
|
|
1231 |
R$* $| @ RELAY $@ RELAY
|
|
|
1232 |
R$* $| @ $* $: O $| $>"Relay_ok" $1
|
|
|
1233 |
R$* $| T $+ $: T $2 $| $>"Relay_ok" $1
|
|
|
1234 |
R$* $| $#TEMP $+ $#error $2
|
|
|
1235 |
R$* $| $#$* $#$2
|
|
|
1236 |
R$* $| RELAY $@ RELAY
|
|
|
1237 |
R T $+ $| $* $#error $1
|
|
|
1238 |
# anything else is bogus
|
|
|
1239 |
R$* $#error $@ 5.7.1 $: "550 Relaying denied"
|
|
|
1240 |
|
|
|
1241 |
|
|
|
1242 |
######################################################################
|
|
|
1243 |
### Rcpt_ok: is the recipient ok?
|
|
|
1244 |
######################################################################
|
|
|
1245 |
SRcpt_ok
|
|
|
1246 |
R$* $: $>ParseRecipient $1 strip relayable hosts
|
|
|
1247 |
|
|
|
1248 |
|
|
|
1249 |
|
|
|
1250 |
# blacklist local users or any host from receiving mail
|
|
|
1251 |
R$* $: <?> $1
|
|
|
1252 |
R<?> $+ < @ $=w > $: <> <$1 < @ $2 >> $| <F:$1@$2> <U:$1@> <D:$2>
|
|
|
1253 |
R<?> $+ < @ $* > $: <> <$1 < @ $2 >> $| <F:$1@$2> <D:$2>
|
|
|
1254 |
R<?> $+ $: <> <$1> $| <U:$1@>
|
|
|
1255 |
R<> <$*> $| <$+> $: <@> <$1> $| $>SearchList <+ To> $| <$2> <>
|
|
|
1256 |
R<@> <$*> $| <$*> $: <$2> <$1> reverse result
|
|
|
1257 |
R<?> <$*> $: @ $1 mark address as no match
|
|
|
1258 |
R<$={Accept}> <$*> $: @ $2 mark address as no match
|
|
|
1259 |
|
|
|
1260 |
R<REJECT> $* $#error $@ 5.2.1 $: "550 Mailbox disabled for this recipient"
|
|
|
1261 |
R<DISCARD> $* $#discard $: discard
|
|
|
1262 |
R<QUARANTINE:$+> $* $#error $@ quarantine $: $1
|
|
|
1263 |
R<ERROR:$-.$-.$-:$+> $* $#error $@ $1.$2.$3 $: $4
|
|
|
1264 |
R<ERROR:$+> $* $#error $: $1
|
|
|
1265 |
R<<TMPF>> $* $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
|
|
|
1266 |
R<$+> $* $#error $: $1 error from access db
|
|
|
1267 |
R@ $* $1 remove mark
|
|
|
1268 |
|
|
|
1269 |
# authenticated via TLS?
|
|
|
1270 |
R$* $: $1 $| $>RelayTLS client authenticated?
|
|
|
1271 |
R$* $| $# $+ $# $2 error/ok?
|
|
|
1272 |
R$* $| $* $: $1 no
|
|
|
1273 |
|
|
|
1274 |
R$* $: $1 $| $>"Local_Relay_Auth" $&{auth_type}
|
|
|
1275 |
R$* $| $# $* $# $2
|
|
|
1276 |
R$* $| NO $: $1
|
|
|
1277 |
R$* $| $* $: $1 $| $&{auth_type}
|
|
|
1278 |
R$* $| $: $1
|
|
|
1279 |
R$* $| $={TrustAuthMech} $# RELAY
|
|
|
1280 |
R$* $| $* $: $1
|
|
|
1281 |
# anything terminating locally is ok
|
|
|
1282 |
R$+ < @ $=w > $@ RELAY
|
|
|
1283 |
R$+ < @ $* $=R > $@ RELAY
|
|
|
1284 |
R$+ < @ $+ > $: $>D <$2> <?> <+ To> <$1 < @ $2 >>
|
|
|
1285 |
R<RELAY> $* $@ RELAY
|
|
|
1286 |
R<$* <TMPF>> $* $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
|
|
|
1287 |
R<$*> <$*> $: $2
|
|
|
1288 |
|
|
|
1289 |
|
|
|
1290 |
|
|
|
1291 |
# check for local user (i.e. unqualified address)
|
|
|
1292 |
R$* $: <?> $1
|
|
|
1293 |
R<?> $* < @ $+ > $: <REMOTE> $1 < @ $2 >
|
|
|
1294 |
# local user is ok
|
|
|
1295 |
R<?> $+ $@ RELAY
|
|
|
1296 |
R<$+> $* $: $2
|
|
|
1297 |
|
|
|
1298 |
######################################################################
|
|
|
1299 |
### Relay_ok: is the relay/sender ok?
|
|
|
1300 |
######################################################################
|
|
|
1301 |
SRelay_ok
|
|
|
1302 |
# anything originating locally is ok
|
|
|
1303 |
# check IP address
|
|
|
1304 |
R$* $: $&{client_addr}
|
|
|
1305 |
R$@ $@ RELAY originated locally
|
|
|
1306 |
R0 $@ RELAY originated locally
|
|
|
1307 |
R127.0.0.1 $@ RELAY originated locally
|
|
|
1308 |
RIPv6:::1 $@ RELAY originated locally
|
|
|
1309 |
R$=R $* $@ RELAY relayable IP address
|
|
|
1310 |
R$* $: $>A <$1> <?> <+ Connect> <$1>
|
|
|
1311 |
R<RELAY> $* $@ RELAY relayable IP address
|
|
|
1312 |
|
|
|
1313 |
R<<TMPF>> $* $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
|
|
|
1314 |
R<$*> <$*> $: $2
|
|
|
1315 |
R$* $: [ $1 ] put brackets around it...
|
|
|
1316 |
R$=w $@ RELAY ... and see if it is local
|
|
|
1317 |
|
|
|
1318 |
|
|
|
1319 |
# check client name: first: did it resolve?
|
|
|
1320 |
R$* $: < $&{client_resolve} >
|
|
|
1321 |
R<TEMP> $#TEMP $@ 4.4.0 $: "450 Relaying temporarily denied. Cannot resolve PTR record for " $&{client_addr}
|
|
|
1322 |
R<FORGED> $#error $@ 5.7.1 $: "550 Relaying denied. IP name possibly forged " $&{client_name}
|
|
|
1323 |
R<FAIL> $#error $@ 5.7.1 $: "550 Relaying denied. IP name lookup failed " $&{client_name}
|
|
|
1324 |
R$* $: <@> $&{client_name}
|
|
|
1325 |
# pass to name server to make hostname canonical
|
|
|
1326 |
R<@> $* $=P $:<?> $1 $2
|
|
|
1327 |
R<@> $+ $:<?> $[ $1 $]
|
|
|
1328 |
R$* . $1 strip trailing dots
|
|
|
1329 |
R<?> $=w $@ RELAY
|
|
|
1330 |
R<?> $* $=R $@ RELAY
|
|
|
1331 |
R<?> $* $: $>D <$1> <?> <+ Connect> <$1>
|
|
|
1332 |
R<RELAY> $* $@ RELAY
|
|
|
1333 |
R<$* <TMPF>> $* $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
|
|
|
1334 |
R<$*> <$*> $: $2
|
|
|
1335 |
|
|
|
1336 |
|
|
|
1337 |
######################################################################
|
|
|
1338 |
### F: LookUpFull -- search for an entry in access database
|
|
|
1339 |
###
|
|
|
1340 |
### lookup of full key (which should be an address) and
|
|
|
1341 |
### variations if +detail exists: +* and without +detail
|
|
|
1342 |
###
|
|
|
1343 |
### Parameters:
|
|
|
1344 |
### <$1> -- key
|
|
|
1345 |
### <$2> -- default (what to return if not found in db)
|
|
|
1346 |
### <$3> -- mark (must be <(!|+) single-token>)
|
|
|
1347 |
### ! does lookup only with tag
|
|
|
1348 |
### + does lookup with and without tag
|
|
|
1349 |
### <$4> -- passthru (additional data passed unchanged through)
|
|
|
1350 |
######################################################################
|
|
|
1351 |
|
|
|
1352 |
SF
|
|
|
1353 |
R<$+> <$*> <$- $-> <$*> $: <$(access $4:$1 $: ? $)> <$1> <$2> <$3 $4> <$5>
|
|
|
1354 |
R<?> <$+> <$*> <+ $-> <$*> $: <$(access $1 $: ? $)> <$1> <$2> <+ $3> <$4>
|
|
|
1355 |
R<?> <$+ + $* @ $+> <$*> <$- $-> <$*>
|
|
|
1356 |
$: <$(access $6:$1+*@$3 $: ? $)> <$1+$2@$3> <$4> <$5 $6> <$7>
|
|
|
1357 |
R<?> <$+ + $* @ $+> <$*> <+ $-> <$*>
|
|
|
1358 |
$: <$(access $1+*@$3 $: ? $)> <$1+$2@$3> <$4> <+ $5> <$6>
|
|
|
1359 |
R<?> <$+ + $* @ $+> <$*> <$- $-> <$*>
|
|
|
1360 |
$: <$(access $6:$1@$3 $: ? $)> <$1+$2@$3> <$4> <$5 $6> <$7>
|
|
|
1361 |
R<?> <$+ + $* @ $+> <$*> <+ $-> <$*>
|
|
|
1362 |
$: <$(access $1@$3 $: ? $)> <$1+$2@$3> <$4> <+ $5> <$6>
|
|
|
1363 |
R<?> <$+> <$*> <$- $-> <$*> $@ <$2> <$5>
|
|
|
1364 |
R<$+ <TMPF>> <$*> <$- $-> <$*> $@ <<TMPF>> <$5>
|
|
|
1365 |
R<$+> <$*> <$- $-> <$*> $@ <$1> <$5>
|
|
|
1366 |
|
|
|
1367 |
######################################################################
|
|
|
1368 |
### E: LookUpExact -- search for an entry in access database
|
|
|
1369 |
###
|
|
|
1370 |
### Parameters:
|
|
|
1371 |
### <$1> -- key
|
|
|
1372 |
### <$2> -- default (what to return if not found in db)
|
|
|
1373 |
### <$3> -- mark (must be <(!|+) single-token>)
|
|
|
1374 |
### ! does lookup only with tag
|
|
|
1375 |
### + does lookup with and without tag
|
|
|
1376 |
### <$4> -- passthru (additional data passed unchanged through)
|
|
|
1377 |
######################################################################
|
|
|
1378 |
|
|
|
1379 |
SE
|
|
|
1380 |
R<$*> <$*> <$- $-> <$*> $: <$(access $4:$1 $: ? $)> <$1> <$2> <$3 $4> <$5>
|
|
|
1381 |
R<?> <$+> <$*> <+ $-> <$*> $: <$(access $1 $: ? $)> <$1> <$2> <+ $3> <$4>
|
|
|
1382 |
R<?> <$+> <$*> <$- $-> <$*> $@ <$2> <$5>
|
|
|
1383 |
R<$+ <TMPF>> <$*> <$- $-> <$*> $@ <<TMPF>> <$5>
|
|
|
1384 |
R<$+> <$*> <$- $-> <$*> $@ <$1> <$5>
|
|
|
1385 |
|
|
|
1386 |
######################################################################
|
|
|
1387 |
### U: LookUpUser -- search for an entry in access database
|
|
|
1388 |
###
|
|
|
1389 |
### lookup of key (which should be a local part) and
|
|
|
1390 |
### variations if +detail exists: +* and without +detail
|
|
|
1391 |
###
|
|
|
1392 |
### Parameters:
|
|
|
1393 |
### <$1> -- key (user@)
|
|
|
1394 |
### <$2> -- default (what to return if not found in db)
|
|
|
1395 |
### <$3> -- mark (must be <(!|+) single-token>)
|
|
|
1396 |
### ! does lookup only with tag
|
|
|
1397 |
### + does lookup with and without tag
|
|
|
1398 |
### <$4> -- passthru (additional data passed unchanged through)
|
|
|
1399 |
######################################################################
|
|
|
1400 |
|
|
|
1401 |
SU
|
|
|
1402 |
R<$+> <$*> <$- $-> <$*> $: <$(access $4:$1 $: ? $)> <$1> <$2> <$3 $4> <$5>
|
|
|
1403 |
R<?> <$+> <$*> <+ $-> <$*> $: <$(access $1 $: ? $)> <$1> <$2> <+ $3> <$4>
|
|
|
1404 |
R<?> <$+ + $* @> <$*> <$- $-> <$*>
|
|
|
1405 |
$: <$(access $5:$1+*@ $: ? $)> <$1+$2@> <$3> <$4 $5> <$6>
|
|
|
1406 |
R<?> <$+ + $* @> <$*> <+ $-> <$*>
|
|
|
1407 |
$: <$(access $1+*@ $: ? $)> <$1+$2@> <$3> <+ $4> <$5>
|
|
|
1408 |
R<?> <$+ + $* @> <$*> <$- $-> <$*>
|
|
|
1409 |
$: <$(access $5:$1@ $: ? $)> <$1+$2@> <$3> <$4 $5> <$6>
|
|
|
1410 |
R<?> <$+ + $* @> <$*> <+ $-> <$*>
|
|
|
1411 |
$: <$(access $1@ $: ? $)> <$1+$2@> <$3> <+ $4> <$5>
|
|
|
1412 |
R<?> <$+> <$*> <$- $-> <$*> $@ <$2> <$5>
|
|
|
1413 |
R<$+ <TMPF>> <$*> <$- $-> <$*> $@ <<TMPF>> <$5>
|
|
|
1414 |
R<$+> <$*> <$- $-> <$*> $@ <$1> <$5>
|
|
|
1415 |
|
|
|
1416 |
######################################################################
|
|
|
1417 |
### SearchList: search a list of items in the access map
|
|
|
1418 |
### Parameters:
|
|
|
1419 |
### <exact tag> $| <mark:address> <mark:address> ... <>
|
|
|
1420 |
### where "exact" is either "+" or "!":
|
|
|
1421 |
### <+ TAG> lookup with and w/o tag
|
|
|
1422 |
### <! TAG> lookup with tag
|
|
|
1423 |
### possible values for "mark" are:
|
|
|
1424 |
### D: recursive host lookup (LookUpDomain)
|
|
|
1425 |
### E: exact lookup, no modifications
|
|
|
1426 |
### F: full lookup, try user+ext@domain and user@domain
|
|
|
1427 |
### U: user lookup, try user+ext and user (input must have trailing @)
|
|
|
1428 |
### return: <RHS of lookup> or <?> (not found)
|
|
|
1429 |
######################################################################
|
|
|
1430 |
|
|
|
1431 |
# class with valid marks for SearchList
|
|
|
1432 |
C{Src}E F D U
|
|
|
1433 |
SSearchList
|
|
|
1434 |
# just call the ruleset with the name of the tag... nice trick...
|
|
|
1435 |
R<$+> $| <$={Src}:$*> <$*> $: <$1> $| <$4> $| $>$2 <$3> <?> <$1> <>
|
|
|
1436 |
R<$+> $| <> $| <?> <> $@ <?>
|
|
|
1437 |
R<$+> $| <$+> $| <?> <> $@ $>SearchList <$1> $| <$2>
|
|
|
1438 |
R<$+> $| <$*> $| <$+> <> $@ <$3>
|
|
|
1439 |
R<$+> $| <$+> $@ <$2>
|
|
|
1440 |
|
|
|
1441 |
|
|
|
1442 |
######################################################################
|
|
|
1443 |
### trust_auth: is user trusted to authenticate as someone else?
|
|
|
1444 |
###
|
|
|
1445 |
### Parameters:
|
|
|
1446 |
### $1: AUTH= parameter from MAIL command
|
|
|
1447 |
######################################################################
|
|
|
1448 |
|
|
|
1449 |
SLocal_trust_auth
|
|
|
1450 |
Strust_auth
|
|
|
1451 |
R$* $: $&{auth_type} $| $1
|
|
|
1452 |
# required by RFC 2554 section 4.
|
|
|
1453 |
R$@ $| $* $#error $@ 5.7.1 $: "550 not authenticated"
|
|
|
1454 |
R$* $| $&{auth_authen} $@ identical
|
|
|
1455 |
R$* $| <$&{auth_authen}> $@ identical
|
|
|
1456 |
R$* $| $* $: $1 $| $>"Local_trust_auth" $2
|
|
|
1457 |
R$* $| $#$* $#$2
|
|
|
1458 |
R$* $#error $@ 5.7.1 $: "550 " $&{auth_authen} " not allowed to act as " $&{auth_author}
|
|
|
1459 |
|
|
|
1460 |
######################################################################
|
|
|
1461 |
### Relay_Auth: allow relaying based on authentication?
|
|
|
1462 |
###
|
|
|
1463 |
### Parameters:
|
|
|
1464 |
### $1: ${auth_type}
|
|
|
1465 |
######################################################################
|
|
|
1466 |
SLocal_Relay_Auth
|
|
|
1467 |
|
|
|
1468 |
######################################################################
|
|
|
1469 |
### srv_features: which features to offer to a client?
|
|
|
1470 |
### (done in server)
|
|
|
1471 |
######################################################################
|
|
|
1472 |
Ssrv_features
|
|
|
1473 |
R$* $: $>D <$&{client_name}> <?> <! "Srv_Features"> <>
|
|
|
1474 |
R<?>$* $: $>A <$&{client_addr}> <?> <! "Srv_Features"> <>
|
|
|
1475 |
R<?>$* $: <$(access "Srv_Features": $: ? $)>
|
|
|
1476 |
R<?>$* $@ OK
|
|
|
1477 |
R<$* <TMPF>>$* $#temp
|
|
|
1478 |
R<$+>$* $# $1
|
|
|
1479 |
|
|
|
1480 |
######################################################################
|
|
|
1481 |
### try_tls: try to use STARTTLS?
|
|
|
1482 |
### (done in client)
|
|
|
1483 |
######################################################################
|
|
|
1484 |
Stry_tls
|
|
|
1485 |
R$* $: $>D <$&{server_name}> <?> <! "Try_TLS"> <>
|
|
|
1486 |
R<?>$* $: $>A <$&{server_addr}> <?> <! "Try_TLS"> <>
|
|
|
1487 |
R<?>$* $: <$(access "Try_TLS": $: ? $)>
|
|
|
1488 |
R<?>$* $@ OK
|
|
|
1489 |
R<$* <TMPF>>$* $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
|
|
|
1490 |
R<NO>$* $#error $@ 5.7.1 $: "550 do not try TLS with " $&{server_name} " ["$&{server_addr}"]"
|
|
|
1491 |
|
|
|
1492 |
######################################################################
|
|
|
1493 |
### tls_rcpt: is connection with server "good" enough?
|
|
|
1494 |
### (done in client, per recipient)
|
|
|
1495 |
###
|
|
|
1496 |
### Parameters:
|
|
|
1497 |
### $1: recipient
|
|
|
1498 |
######################################################################
|
|
|
1499 |
Stls_rcpt
|
|
|
1500 |
R$* $: $(macro {TLS_Name} $@ $&{server_name} $) $1
|
|
|
1501 |
R$+ $: <?> $>CanonAddr $1
|
|
|
1502 |
R<?> $+ < @ $+ . > <?> $1 <@ $2 >
|
|
|
1503 |
R<?> $+ < @ $+ > $: $1 <@ $2 > $| <F:$1@$2> <U:$1@> <D:$2> <E:>
|
|
|
1504 |
R<?> $+ $: $1 $| <U:$1@> <E:>
|
|
|
1505 |
R$* $| $+ $: $1 $| $>SearchList <! "TLS_Rcpt"> $| $2 <>
|
|
|
1506 |
R$* $| <?> $@ OK
|
|
|
1507 |
R$* $| <$* <TMPF>> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
|
|
|
1508 |
R$* $| <$+> $@ $>"TLS_connection" $&{verify} $| <$2>
|
|
|
1509 |
|
|
|
1510 |
######################################################################
|
|
|
1511 |
### tls_client: is connection with client "good" enough?
|
|
|
1512 |
### (done in server)
|
|
|
1513 |
###
|
|
|
1514 |
### Parameters:
|
|
|
1515 |
### ${verify} $| (MAIL|STARTTLS)
|
|
|
1516 |
######################################################################
|
|
|
1517 |
Stls_client
|
|
|
1518 |
R$* $: $(macro {TLS_Name} $@ $&{server_name} $) $1
|
|
|
1519 |
R$* $| $* $: $1 $| $>D <$&{client_name}> <?> <! "TLS_Clt"> <>
|
|
|
1520 |
R$* $| <?>$* $: $1 $| $>A <$&{client_addr}> <?> <! "TLS_Clt"> <>
|
|
|
1521 |
R$* $| <?>$* $: $1 $| <$(access "TLS_Clt": $: ? $)>
|
|
|
1522 |
R$* $| <$* <TMPF>> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
|
|
|
1523 |
R$* $@ $>"TLS_connection" $1
|
|
|
1524 |
|
|
|
1525 |
######################################################################
|
|
|
1526 |
### tls_server: is connection with server "good" enough?
|
|
|
1527 |
### (done in client)
|
|
|
1528 |
###
|
|
|
1529 |
### Parameter:
|
|
|
1530 |
### ${verify}
|
|
|
1531 |
######################################################################
|
|
|
1532 |
Stls_server
|
|
|
1533 |
R$* $: $(macro {TLS_Name} $@ $&{server_name} $) $1
|
|
|
1534 |
R$* $: $1 $| $>D <$&{server_name}> <?> <! "TLS_Srv"> <>
|
|
|
1535 |
R$* $| <?>$* $: $1 $| $>A <$&{server_addr}> <?> <! "TLS_Srv"> <>
|
|
|
1536 |
R$* $| <?>$* $: $1 $| <$(access "TLS_Srv": $: ? $)>
|
|
|
1537 |
R$* $| <$* <TMPF>> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
|
|
|
1538 |
R$* $@ $>"TLS_connection" $1
|
|
|
1539 |
|
|
|
1540 |
######################################################################
|
|
|
1541 |
### TLS_connection: is TLS connection "good" enough?
|
|
|
1542 |
###
|
|
|
1543 |
### Parameters:
|
|
|
1544 |
### ${verify} $| <Requirement> [<>]
|
|
|
1545 |
### Requirement: RHS from access map, may be ? for none.
|
|
|
1546 |
######################################################################
|
|
|
1547 |
STLS_connection
|
|
|
1548 |
R$* $| <$*>$* $: $1 $| <$2>
|
|
|
1549 |
# create the appropriate error codes
|
|
|
1550 |
R$* $| <PERM + $={Tls} $*> $: $1 $| <503:5.7.0> <$2 $3>
|
|
|
1551 |
R$* $| <TEMP + $={Tls} $*> $: $1 $| <403:4.7.0> <$2 $3>
|
|
|
1552 |
R$* $| <$={Tls} $*> $: $1 $| <403:4.7.0> <$2 $3>
|
|
|
1553 |
# deal with TLS handshake failures: abort
|
|
|
1554 |
RSOFTWARE $| <$-:$+> $* $#error $@ $2 $: $1 " TLS handshake failed."
|
|
|
1555 |
RSOFTWARE $| $* $#error $@ 4.7.0 $: "403 TLS handshake failed."
|
|
|
1556 |
# deal with TLS protocol errors: abort
|
|
|
1557 |
RPROTOCOL $| <$-:$+> $* $#error $@ $2 $: $1 " STARTTLS failed."
|
|
|
1558 |
RPROTOCOL $| $* $#error $@ 4.7.0 $: "403 STARTTLS failed."
|
|
|
1559 |
R$* $| <$*> <VERIFY> $: <$2> <VERIFY> <> $1
|
|
|
1560 |
R$* $| <$*> <VERIFY + $+> $: <$2> <VERIFY> <$3> $1
|
|
|
1561 |
R$* $| <$*> <$={Tls}:$->$* $: <$2> <$3:$4> <> $1
|
|
|
1562 |
R$* $| <$*> <$={Tls}:$- + $+>$* $: <$2> <$3:$4> <$5> $1
|
|
|
1563 |
R$* $| $* $@ OK
|
|
|
1564 |
# authentication required: give appropriate error
|
|
|
1565 |
# other side did authenticate (via STARTTLS)
|
|
|
1566 |
R<$*><VERIFY> <> OK $@ OK
|
|
|
1567 |
R<$*><VERIFY> <$+> OK $: <$1> <REQ:0> <$2>
|
|
|
1568 |
R<$*><VERIFY:$-> <$*> OK $: <$1> <REQ:$2> <$3>
|
|
|
1569 |
R<$*><ENCR:$-> <$*> $* $: <$1> <REQ:$2> <$3>
|
|
|
1570 |
R<$-:$+><VERIFY $*> <$*> $#error $@ $2 $: $1 " authentication required"
|
|
|
1571 |
R<$-:$+><VERIFY $*> <$*> FAIL $#error $@ $2 $: $1 " authentication failed"
|
|
|
1572 |
R<$-:$+><VERIFY $*> <$*> NO $#error $@ $2 $: $1 " not authenticated"
|
|
|
1573 |
R<$-:$+><VERIFY $*> <$*> NOT $#error $@ $2 $: $1 " no authentication requested"
|
|
|
1574 |
R<$-:$+><VERIFY $*> <$*> NONE $#error $@ $2 $: $1 " other side does not support STARTTLS"
|
|
|
1575 |
R<$-:$+><VERIFY $*> <$*> $+ $#error $@ $2 $: $1 " authentication failure " $4
|
|
|
1576 |
R<$*><REQ:$-> <$*> $: <$1> <REQ:$2> <$3> $>max $&{cipher_bits} : $&{auth_ssf}
|
|
|
1577 |
R<$*><REQ:$-> <$*> $- $: <$1> <$2:$4> <$3> $(arith l $@ $4 $@ $2 $)
|
|
|
1578 |
R<$-:$+><$-:$-> <$*> TRUE $#error $@ $2 $: $1 " encryption too weak " $4 " less than " $3
|
|
|
1579 |
R<$-:$+><$-:$-> <$*> $* $: <$1:$2 ++ $5>
|
|
|
1580 |
R<$-:$+ ++ > $@ OK
|
|
|
1581 |
R<$-:$+ ++ $+ > $: <$1:$2> <$3>
|
|
|
1582 |
R<$-:$+> < $+ ++ $+ > <$1:$2> <$3> <$4>
|
|
|
1583 |
R<$-:$+> $+ $@ $>"TLS_req" $3 $| <$1:$2>
|
|
|
1584 |
|
|
|
1585 |
######################################################################
|
|
|
1586 |
### TLS_req: check additional TLS requirements
|
|
|
1587 |
###
|
|
|
1588 |
### Parameters: [<list> <of> <req>] $| <$-:$+>
|
|
|
1589 |
### $-: SMTP reply code
|
|
|
1590 |
### $+: Enhanced Status Code
|
|
|
1591 |
######################################################################
|
|
|
1592 |
STLS_req
|
|
|
1593 |
R $| $+ $@ OK
|
|
|
1594 |
R<CN> $* $| <$+> $: <CN:$&{TLS_Name}> $1 $| <$2>
|
|
|
1595 |
R<CN:$&{cn_subject}> $* $| <$+> $@ $>"TLS_req" $1 $| <$2>
|
|
|
1596 |
R<CN:$+> $* $| <$-:$+> $#error $@ $4 $: $3 " CN " $&{cn_subject} " does not match " $1
|
|
|
1597 |
R<CS:$&{cert_subject}> $* $| <$+> $@ $>"TLS_req" $1 $| <$2>
|
|
|
1598 |
R<CS:$+> $* $| <$-:$+> $#error $@ $4 $: $3 " Cert Subject " $&{cert_subject} " does not match " $1
|
|
|
1599 |
R<CI:$&{cert_issuer}> $* $| <$+> $@ $>"TLS_req" $1 $| <$2>
|
|
|
1600 |
R<CI:$+> $* $| <$-:$+> $#error $@ $4 $: $3 " Cert Issuer " $&{cert_issuer} " does not match " $1
|
|
|
1601 |
ROK $@ OK
|
|
|
1602 |
|
|
|
1603 |
######################################################################
|
|
|
1604 |
### max: return the maximum of two values separated by :
|
|
|
1605 |
###
|
|
|
1606 |
### Parameters: [$-]:[$-]
|
|
|
1607 |
######################################################################
|
|
|
1608 |
Smax
|
|
|
1609 |
R: $: 0
|
|
|
1610 |
R:$- $: $1
|
|
|
1611 |
R$-: $: $1
|
|
|
1612 |
R$-:$- $: $(arith l $@ $1 $@ $2 $) : $1 : $2
|
|
|
1613 |
RTRUE:$-:$- $: $2
|
|
|
1614 |
R$-:$-:$- $: $2
|
|
|
1615 |
|
|
|
1616 |
|
|
|
1617 |
######################################################################
|
|
|
1618 |
### RelayTLS: allow relaying based on TLS authentication
|
|
|
1619 |
###
|
|
|
1620 |
### Parameters:
|
|
|
1621 |
### none
|
|
|
1622 |
######################################################################
|
|
|
1623 |
SRelayTLS
|
|
|
1624 |
# authenticated?
|
|
|
1625 |
R$* $: <?> $&{verify}
|
|
|
1626 |
R<?> OK $: OK authenticated: continue
|
|
|
1627 |
R<?> $* $@ NO not authenticated
|
|
|
1628 |
R$* $: $&{cert_issuer}
|
|
|
1629 |
R$+ $: $(access CERTISSUER:$1 $)
|
|
|
1630 |
RRELAY $# RELAY
|
|
|
1631 |
RSUBJECT $: <@> $&{cert_subject}
|
|
|
1632 |
R<@> $+ $: <@> $(access CERTSUBJECT:$1 $)
|
|
|
1633 |
R<@> RELAY $# RELAY
|
|
|
1634 |
R$* $: NO
|
|
|
1635 |
|
|
|
1636 |
######################################################################
|
|
|
1637 |
### authinfo: lookup authinfo in the access map
|
|
|
1638 |
###
|
|
|
1639 |
### Parameters:
|
|
|
1640 |
### $1: {server_name}
|
|
|
1641 |
### $2: {server_addr}
|
|
|
1642 |
######################################################################
|
|
|
1643 |
Sauthinfo
|
|
|
1644 |
R$* $: $1 $| $>D <$&{server_name}> <?> <! AuthInfo> <>
|
|
|
1645 |
R$* $| <?>$* $: $1 $| $>A <$&{server_addr}> <?> <! AuthInfo> <>
|
|
|
1646 |
R$* $| <?>$* $: $1 $| <$(access AuthInfo: $: ? $)> <>
|
|
|
1647 |
R$* $| <?>$* $@ no no authinfo available
|
|
|
1648 |
R$* $| <$*> <> $# $2
|
|
|
1649 |
|
|
|
1650 |
|
|
|
1651 |
|
|
|
1652 |
|
|
|
1653 |
|
|
|
1654 |
#�
|
|
|
1655 |
######################################################################
|
|
|
1656 |
######################################################################
|
|
|
1657 |
#####
|
|
|
1658 |
##### MAIL FILTER DEFINITIONS
|
|
|
1659 |
#####
|
|
|
1660 |
######################################################################
|
|
|
1661 |
######################################################################
|
|
|
1662 |
|
|
|
1663 |
#�
|
|
|
1664 |
######################################################################
|
|
|
1665 |
######################################################################
|
|
|
1666 |
#####
|
|
|
1667 |
##### MAILER DEFINITIONS
|
|
|
1668 |
#####
|
|
|
1669 |
######################################################################
|
|
|
1670 |
######################################################################
|
|
|
1671 |
|
|
|
1672 |
#####################################
|
|
|
1673 |
### SMTP Mailer specification ###
|
|
|
1674 |
#####################################
|
|
|
1675 |
|
|
|
1676 |
##### $Id: smtp.m4,v 8.64 2001/04/03 01:52:54 gshapiro Exp $ #####
|
|
|
1677 |
|
|
|
1678 |
#
|
|
|
1679 |
# common sender and masquerading recipient rewriting
|
|
|
1680 |
#
|
|
|
1681 |
SMasqSMTP
|
|
|
1682 |
R$* < @ $* > $* $@ $1 < @ $2 > $3 already fully qualified
|
|
|
1683 |
R$+ $@ $1 < @ *LOCAL* > add local qualification
|
|
|
1684 |
|
|
|
1685 |
#
|
|
|
1686 |
# convert pseudo-domain addresses to real domain addresses
|
|
|
1687 |
#
|
|
|
1688 |
SPseudoToReal
|
|
|
1689 |
|
|
|
1690 |
# pass <route-addr>s through
|
|
|
1691 |
R< @ $+ > $* $@ < @ $1 > $2 resolve <route-addr>
|
|
|
1692 |
|
|
|
1693 |
# output fake domains as user%fake@relay
|
|
|
1694 |
|
|
|
1695 |
# do UUCP heuristics; note that these are shared with UUCP mailers
|
|
|
1696 |
R$+ < @ $+ .UUCP. > $: < $2 ! > $1 convert to UUCP form
|
|
|
1697 |
R$+ < @ $* > $* $@ $1 < @ $2 > $3 not UUCP form
|
|
|
1698 |
|
|
|
1699 |
# leave these in .UUCP form to avoid further tampering
|
|
|
1700 |
R< $&h ! > $- ! $+ $@ $2 < @ $1 .UUCP. >
|
|
|
1701 |
R< $&h ! > $-.$+ ! $+ $@ $3 < @ $1.$2 >
|
|
|
1702 |
R< $&h ! > $+ $@ $1 < @ $&h .UUCP. >
|
|
|
1703 |
R< $+ ! > $+ $: $1 ! $2 < @ $Y > use UUCP_RELAY
|
|
|
1704 |
R$+ < @ $~[ $* : $+ > $@ $1 < @ $4 > strip mailer: part
|
|
|
1705 |
R$+ < @ > $: $1 < @ *LOCAL* > if no UUCP_RELAY
|
|
|
1706 |
|
|
|
1707 |
|
|
|
1708 |
#
|
|
|
1709 |
# envelope sender rewriting
|
|
|
1710 |
#
|
|
|
1711 |
SEnvFromSMTP
|
|
|
1712 |
R$+ $: $>PseudoToReal $1 sender/recipient common
|
|
|
1713 |
R$* :; <@> $@ list:; special case
|
|
|
1714 |
R$* $: $>MasqSMTP $1 qualify unqual'ed names
|
|
|
1715 |
R$+ $: $>MasqEnv $1 do masquerading
|
|
|
1716 |
|
|
|
1717 |
|
|
|
1718 |
#
|
|
|
1719 |
# envelope recipient rewriting --
|
|
|
1720 |
# also header recipient if not masquerading recipients
|
|
|
1721 |
#
|
|
|
1722 |
SEnvToSMTP
|
|
|
1723 |
R$+ $: $>PseudoToReal $1 sender/recipient common
|
|
|
1724 |
R$+ $: $>MasqSMTP $1 qualify unqual'ed names
|
|
|
1725 |
R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
|
|
|
1726 |
|
|
|
1727 |
#
|
|
|
1728 |
# header sender and masquerading header recipient rewriting
|
|
|
1729 |
#
|
|
|
1730 |
SHdrFromSMTP
|
|
|
1731 |
R$+ $: $>PseudoToReal $1 sender/recipient common
|
|
|
1732 |
R:; <@> $@ list:; special case
|
|
|
1733 |
|
|
|
1734 |
# do special header rewriting
|
|
|
1735 |
R$* <@> $* $@ $1 <@> $2 pass null host through
|
|
|
1736 |
R< @ $* > $* $@ < @ $1 > $2 pass route-addr through
|
|
|
1737 |
R$* $: $>MasqSMTP $1 qualify unqual'ed names
|
|
|
1738 |
R$+ $: $>MasqHdr $1 do masquerading
|
|
|
1739 |
|
|
|
1740 |
|
|
|
1741 |
#
|
|
|
1742 |
# relay mailer header masquerading recipient rewriting
|
|
|
1743 |
#
|
|
|
1744 |
SMasqRelay
|
|
|
1745 |
R$+ $: $>MasqSMTP $1
|
|
|
1746 |
R$+ $: $>MasqHdr $1
|
|
|
1747 |
|
|
|
1748 |
Msmtp, P=[IPC], F=mDFMuX, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
|
|
|
1749 |
T=DNS/RFC822/SMTP,
|
|
|
1750 |
A=TCP $h
|
|
|
1751 |
Mesmtp, P=[IPC], F=mDFMuXa, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
|
|
|
1752 |
T=DNS/RFC822/SMTP,
|
|
|
1753 |
A=TCP $h
|
|
|
1754 |
Msmtp8, P=[IPC], F=mDFMuX8, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
|
|
|
1755 |
T=DNS/RFC822/SMTP,
|
|
|
1756 |
A=TCP $h
|
|
|
1757 |
Mdsmtp, P=[IPC], F=mDFMuXa%, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
|
|
|
1758 |
T=DNS/RFC822/SMTP,
|
|
|
1759 |
A=TCP $h
|
|
|
1760 |
Mrelay, P=[IPC], F=mDFMuXa8, S=EnvFromSMTP/HdrFromSMTP, R=MasqSMTP, E=\r\n, L=2040,
|
|
|
1761 |
T=DNS/RFC822/SMTP,
|
|
|
1762 |
A=TCP $h
|
|
|
1763 |
|
|
|
1764 |
|
|
|
1765 |
######################*****##############
|
|
|
1766 |
### PROCMAIL Mailer specification ###
|
|
|
1767 |
##################*****##################
|
|
|
1768 |
|
|
|
1769 |
##### $Id: procmail.m4,v 8.22 2001/11/12 23:11:34 ca Exp $ #####
|
|
|
1770 |
|
|
|
1771 |
Mprocmail, P=/usr/bin/procmail, F=DFMSPhnu9, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP/HdrFromSMTP,
|
|
|
1772 |
T=DNS/RFC822/X-Unix,
|
|
|
1773 |
A=procmail -Y -m $h $f $u
|
|
|
1774 |
|
|
|
1775 |
|
|
|
1776 |
##################################################
|
|
|
1777 |
### Local and Program Mailer specification ###
|
|
|
1778 |
##################################################
|
|
|
1779 |
|
|
|
1780 |
##### $Id: local.m4,v 8.59 2004/11/23 00:37:25 ca Exp $ #####
|
|
|
1781 |
|
|
|
1782 |
#
|
|
|
1783 |
# Envelope sender rewriting
|
|
|
1784 |
#
|
|
|
1785 |
SEnvFromL
|
|
|
1786 |
R<@> $n errors to mailer-daemon
|
|
|
1787 |
R@ <@ $*> $n temporarily bypass Sun bogosity
|
|
|
1788 |
R$+ $: $>AddDomain $1 add local domain if needed
|
|
|
1789 |
R$* $: $>MasqEnv $1 do masquerading
|
|
|
1790 |
|
|
|
1791 |
#
|
|
|
1792 |
# Envelope recipient rewriting
|
|
|
1793 |
#
|
|
|
1794 |
SEnvToL
|
|
|
1795 |
R$+ < @ $* > $: $1 strip host part
|
|
|
1796 |
|
|
|
1797 |
#
|
|
|
1798 |
# Header sender rewriting
|
|
|
1799 |
#
|
|
|
1800 |
SHdrFromL
|
|
|
1801 |
R<@> $n errors to mailer-daemon
|
|
|
1802 |
R@ <@ $*> $n temporarily bypass Sun bogosity
|
|
|
1803 |
R$+ $: $>AddDomain $1 add local domain if needed
|
|
|
1804 |
R$* $: $>MasqHdr $1 do masquerading
|
|
|
1805 |
|
|
|
1806 |
#
|
|
|
1807 |
# Header recipient rewriting
|
|
|
1808 |
#
|
|
|
1809 |
SHdrToL
|
|
|
1810 |
R$+ $: $>AddDomain $1 add local domain if needed
|
|
|
1811 |
R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
|
|
|
1812 |
|
|
|
1813 |
#
|
|
|
1814 |
# Common code to add local domain name (only if always-add-domain)
|
|
|
1815 |
#
|
|
|
1816 |
SAddDomain
|
|
|
1817 |
R$* < @ $* > $* $@ $1 < @ $2 > $3 already fully qualified
|
|
|
1818 |
|
|
|
1819 |
R$+ $@ $1 < @ *LOCAL* > add local qualification
|
|
|
1820 |
|
|
|
1821 |
Mlocal, P=/usr/bin/procmail, F=lsDFMAw5:/|@qSPfhn9, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL,
|
|
|
1822 |
T=DNS/RFC822/X-Unix,
|
|
|
1823 |
A=procmail -t -Y -a $h -d $u
|
|
|
1824 |
Mprog, P=/usr/sbin/smrsh, F=lsDFMoqeu9, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL, D=$z:/,
|
|
|
1825 |
T=X-Unix/X-Unix/X-Unix,
|
|
|
1826 |
A=smrsh -c $u
|
|
|
1827 |
|