Go to most recent revision | Blame | Compare with Previous | Last modification | View Log | RSS feed
## Copyright (c) 1998-2004 Sendmail, Inc. and its suppliers.# All rights reserved.# Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved.# Copyright (c) 1988, 1993# The Regents of the University of California. All rights reserved.## By using this file, you agree to the terms and conditions set# forth in the LICENSE file which can be found at the top level of# the sendmail distribution.######################################################################################################################################################## SENDMAIL CONFIGURATION FILE########## built by mockbuild@builder10.centos.org on Thu Aug 11 13:32:26 EDT 2011##### in /builddir/build/BUILD/sendmail-8.13.8/cf/cf##### using ../ as configuration include directory##################################################################################### DO NOT EDIT THIS FILE! Only edit the source .mc file.###################################################################################################################################################### $Id: cfhead.m4,v 8.116 2004/01/28 22:02:22 ca Exp $ ########## $Id: cf.m4,v 8.32 1999/02/07 07:26:14 gshapiro Exp $ ########## setup for linux ########## $Id: linux.m4,v 8.13 2000/09/17 17:30:00 gshapiro Exp $ ########## $Id: local_procmail.m4,v 8.22 2002/11/17 04:24:19 ca Exp $ ########## $Id: no_default_msa.m4,v 8.2 2001/02/14 05:03:22 gshapiro Exp $ ########## $Id: smrsh.m4,v 8.14 1999/11/18 05:06:23 ca Exp $ ########## $Id: mailertable.m4,v 8.25 2002/06/27 23:23:57 gshapiro Exp $ ########## $Id: virtusertable.m4,v 8.23 2002/06/27 23:23:57 gshapiro Exp $ ########## $Id: redirect.m4,v 8.15 1999/08/06 01:47:36 gshapiro Exp $ ########## $Id: always_add_domain.m4,v 8.11 2000/09/12 22:00:53 ca Exp $ ########## $Id: use_cw_file.m4,v 8.11 2001/08/26 20:58:57 gshapiro Exp $ ########## $Id: use_ct_file.m4,v 8.11 2001/08/26 20:58:57 gshapiro Exp $ ########## $Id: local_procmail.m4,v 8.22 2002/11/17 04:24:19 ca Exp $ ########## $Id: access_db.m4,v 8.26 2004/06/24 18:10:02 ca Exp $ ########## $Id: blacklist_recipients.m4,v 8.13 1999/04/02 02:25:13 gshapiro Exp $ ########## $Id: accept_unresolvable_domains.m4,v 8.10 1999/02/07 07:26:07 gshapiro Exp $ ########## $Id: proto.m4,v 8.719 2006/03/30 20:50:13 ca Exp $ ###### level 10 config file formatV10/Berkeley# override file safeties - setting this option compromises system security,# addressing the actual file configuration problem is preferred# need to set this before any file actions are encountered in the cf file#O DontBlameSendmail=safe# default LDAP map specification# need to set this now before any LDAP maps are defined#O LDAPDefaultSpec=-h localhost################### local info #################### my LDAP cluster# need to set this before any LDAP lookups are done (including classes)#D{sendmailMTACluster}$mCwlocalhost# file containing names of hosts for which we receive emailFw/etc/mail/local-host-names# my official domain name# ... define this only if sendmail cannot automatically determine your domain#Dj$w.Foo.COM# host/domain names ending with a token in class P are canonicalCP.# "Smart" relay host (may be null)DShomeserver.ujsoftware.com# operators that cannot be in local usernames (i.e., network indicators)CO @ % !# a class with just dot (for identifying canonical names)C..# a class with just a left bracket (for identifying domain literals)C[[# access_db acceptance classC{Accept}OK RELAYC{ResOk}OKR# Hosts for which relaying is permitted ($=R)FR-o /etc/mail/relay-domains# arithmetic mapKarith arith# macro storage mapKmacro macro# possible values for TLS_connection in access mapC{Tls}VERIFY ENCR# dequoting mapKdequote dequote# class E: names that should be exposed as from this host, even if we masquerade# class L: names that should be delivered locally, even if we have a relay# class M: domains that should be converted to $M# class N: domains that should not be converted to $M#CL rootC{E}rootC{w}localhost.localdomain# my name for error messagesDnMAILER-DAEMON# Mailer table (overriding domains)Kmailertable hash -o /etc/mail/mailertable.db# Virtual user table (maps incoming users)Kvirtuser hash -o /etc/mail/virtusertable.dbCPREDIRECT# Access list database (for spam stomping)Kaccess hash -T<TMPF> -o /etc/mail/access.db# Configuration version numberDZ8.13.8################ Options ################# strip message body to 7 bits on input?O SevenBitInput=False# 8-bit data handling#O EightBitMode=pass8# wait for alias file rebuild (default units: minutes)O AliasWait=10# location of alias fileO AliasFile=/etc/aliases# minimum number of free blocks on filesystemO MinFreeBlocks=100# maximum message size#O MaxMessageSize=0# substitution for space (blank) charactersO BlankSub=.# avoid connecting to "expensive" mailers on initial submission?O HoldExpensive=False# checkpoint queue runs after every N successful deliveries#O CheckpointInterval=10# default delivery modeO DeliveryMode=background# error message header/file#O ErrorHeader=/etc/mail/error-header# error mode#O ErrorMode=print# save Unix-style "From_" lines at top of header?#O SaveFromLine=False# queue file mode (qf files)#O QueueFileMode=0600# temporary file modeO TempFileMode=0600# match recipients against GECOS field?#O MatchGECOS=False# maximum hop count#O MaxHopCount=25# location of help fileO HelpFile=/etc/mail/helpfile# ignore dots as terminators in incoming messages?#O IgnoreDots=False# name resolver options#O ResolverOptions=+AAONLY# deliver MIME-encapsulated error messages?O SendMimeErrors=True# Forward file search pathO ForwardPath=$z/.forward.$w:$z/.forward# open connection cache sizeO ConnectionCacheSize=2# open connection cache timeoutO ConnectionCacheTimeout=5m# persistent host status directory#O HostStatusDirectory=.hoststat# single thread deliveries (requires HostStatusDirectory)?#O SingleThreadDelivery=False# use Errors-To: header?O UseErrorsTo=False# log levelO LogLevel=9# send to me too, even in an alias expansion?#O MeToo=True# verify RHS in newaliases?O CheckAliases=False# default messages to old style headers if no special punctuation?O OldStyleHeaders=True# SMTP daemon optionsO DaemonPortOptions=Port=smtp,Addr=127.0.0.1, Name=MTA# SMTP client options#O ClientPortOptions=Family=inet, Address=0.0.0.0# Modifiers to define {daemon_flags} for direct submissions#O DirectSubmissionModifiers# Use as mail submission program? See sendmail/SECURITY#O UseMSP# privacy flagsO PrivacyOptions=authwarnings,novrfy,noexpn,restrictqrun# who (if anyone) should get extra copies of error messages#O PostmasterCopy=Postmaster# slope of queue-only function#O QueueFactor=600000# limit on number of concurrent queue runners#O MaxQueueChildren# maximum number of queue-runners per queue-grouping with multiple queues#O MaxRunnersPerQueue=1# priority of queue runners (nice(3))#O NiceQueueRun# shall we sort the queue by hostname first?#O QueueSortOrder=priority# minimum time in queue before retry#O MinQueueAge=30m# how many jobs can you process in the queue?#O MaxQueueRunSize=0# perform initial split of envelope without checking MX records#O FastSplit=1# queue directoryO QueueDirectory=/var/spool/mqueue# key for shared memory; 0 to turn off#O SharedMemoryKey=0# timeouts (many of these)#O Timeout.initial=5mO Timeout.connect=1m#O Timeout.aconnect=0s#O Timeout.iconnect=5m#O Timeout.helo=5m#O Timeout.mail=10m#O Timeout.rcpt=1h#O Timeout.datainit=5m#O Timeout.datablock=1h#O Timeout.datafinal=1h#O Timeout.rset=5m#O Timeout.quit=2m#O Timeout.misc=2m#O Timeout.command=1hO Timeout.ident=0#O Timeout.fileopen=60s#O Timeout.control=2mO Timeout.queuereturn=5d#O Timeout.queuereturn.normal=5d#O Timeout.queuereturn.urgent=2d#O Timeout.queuereturn.non-urgent=7d#O Timeout.queuereturn.dsn=5dO Timeout.queuewarn=4h#O Timeout.queuewarn.normal=4h#O Timeout.queuewarn.urgent=1h#O Timeout.queuewarn.non-urgent=12h#O Timeout.queuewarn.dsn=4h#O Timeout.hoststatus=30m#O Timeout.resolver.retrans=5s#O Timeout.resolver.retrans.first=5s#O Timeout.resolver.retrans.normal=5s#O Timeout.resolver.retry=4#O Timeout.resolver.retry.first=4#O Timeout.resolver.retry.normal=4#O Timeout.lhlo=2m#O Timeout.auth=10m#O Timeout.starttls=1h# time for DeliverBy; extension disabled if less than 0#O DeliverByMin=0# should we not prune routes in route-addr syntax addresses?#O DontPruneRoutes=False# queue up everything before forking?O SuperSafe=True# status fileO StatusFile=/var/log/mail/statistics# time zone handling:# if undefined, use system default# if defined but null, use TZ envariable passed in# if defined and non-null, use that info#O TimeZoneSpec=# default UID (can be username or userid:groupid)O DefaultUser=8:12# list of locations of user database file (null means no lookup)O UserDatabaseSpec=/etc/mail/userdb.db# fallback MX host#O FallbackMXhost=fall.back.host.net# fallback smart host#O FallbackSmartHost=fall.back.host.net# if we are the best MX host for a site, try it directly instead of config errO TryNullMXList=True# load average at which we just queue messages#O QueueLA=8# load average at which we refuse connections#O RefuseLA=12# log interval when refusing connections for this long#O RejectLogInterval=3h# load average at which we delay connections; 0 means no limit#O DelayLA=0# maximum number of children we allow at one time#O MaxDaemonChildren=0# maximum number of new connections per second#O ConnectionRateThrottle=0# Width of the window#O ConnectionRateWindowSize=60s# work recipient factor#O RecipientFactor=30000# deliver each queued job in a separate process?#O ForkEachJob=False# work class factor#O ClassFactor=1800# work time factor#O RetryFactor=90000# default character set#O DefaultCharSet=unknown-8bit# service switch file (name hardwired on Solaris, Ultrix, OSF/1, others)#O ServiceSwitchFile=/etc/mail/service.switch# hosts file (normally /etc/hosts)#O HostsFile=/etc/hosts# dialup line delay on connection failure#O DialDelay=0s# action to take if there are no recipients in the message#O NoRecipientAction=none# chrooted environment for writing to files#O SafeFileEnvironment# are colons OK in addresses?#O ColonOkInAddr=True# shall I avoid expanding CNAMEs (violates protocols)?#O DontExpandCnames=False# SMTP initial login message (old $e macro)O SmtpGreetingMessage=$j Sendmail $v/$Z; $b# UNIX initial From header format (old $l macro)O UnixFromLine=From $g $d# From: lines that have embedded newlines are unwrapped onto one line#O SingleLineFromHeader=False# Allow HELO SMTP command that does not include a host name#O AllowBogusHELO=False# Characters to be quoted in a full name phrase (@,;:\()[] are automatic)#O MustQuoteChars=.# delimiter (operator) characters (old $o macro)O OperatorChars=.:%@!^/[]+# shall I avoid calling initgroups(3) because of high NIS costs?#O DontInitGroups=False# are group-writable :include: and .forward files (un)trustworthy?# True (the default) means they are not trustworthy.#O UnsafeGroupWrites=True# where do errors that occur when sending errors get sent?#O DoubleBounceAddress=postmaster# where to save bounces if all else fails#O DeadLetterDrop=/var/tmp/dead.letter# what user id do we assume for the majority of the processing?#O RunAsUser=sendmail# maximum number of recipients per SMTP envelope#O MaxRecipientsPerMessage=0# limit the rate recipients per SMTP envelope are accepted# once the threshold number of recipients have been rejected#O BadRcptThrottle=0# shall we get local names from our installed interfaces?O DontProbeInterfaces=True# Return-Receipt-To: header implies DSN request#O RrtImpliesDsn=False# override connection address (for testing)#O ConnectOnlyTo=0.0.0.0# Trusted user for file ownership and starting the daemon#O TrustedUser=root# Control socket for daemon management#O ControlSocketName=/var/spool/mqueue/.control# Maximum MIME header length to protect MUAs#O MaxMimeHeaderLength=0/0# Maximum length of the sum of all headers#O MaxHeadersLength=32768# Maximum depth of alias recursion#O MaxAliasRecursion=10# location of pid file#O PidFile=/var/run/sendmail.pid# Prefix string for the process title shown on 'ps' listings#O ProcessTitlePrefix=prefix# Data file (df) memory-buffer file maximum size#O DataFileBufferSize=4096# Transcript file (xf) memory-buffer file maximum size#O XscriptFileBufferSize=4096# lookup type to find information about local mailboxes#O MailboxDatabase=pw# override compile time flag REQUIRES_DIR_FSYNC#O RequiresDirfsync=true# list of authentication mechanisms#O AuthMechanisms=EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5# Authentication realm#O AuthRealm# default authentication information for outgoing connections#O DefaultAuthInfo=/etc/mail/default-auth-info# SMTP AUTH flagsO AuthOptions=A# SMTP AUTH maximum encryption strength#O AuthMaxBits# SMTP STARTTLS server options#O TLSSrvOptions# Input mail filters#O InputMailFilters# CA directory#O CACertPath# CA file#O CACertFile# Server Cert#O ServerCertFile# Server private key#O ServerKeyFile# Client Cert#O ClientCertFile# Client private key#O ClientKeyFile# File containing certificate revocation lists#O CRLFile# DHParameters (only required if DSA/DH is used)#O DHParameters# Random data source (required for systems without /dev/urandom under OpenSSL)#O RandFile############################# QUEUE GROUP DEFINITIONS ######################################################### Message precedences ############################Pfirst-class=0Pspecial-delivery=100Plist=-30Pbulk=-60Pjunk=-100###################### Trusted users ####################### this is equivalent to setting class "t"Ft/etc/mail/trusted-usersTrootTdaemonTuucp########################## Format of headers ##########################H?P?Return-Path: <$g>HReceived: $?sfrom $s $.$?_($?s$|from $.$_)$.$?{auth_type}(authenticated$?{auth_ssf} bits=${auth_ssf}$.)$.by $j ($v/$Z)$?r with $r$. id $i$?{tls_version}(version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify})$.$?ufor $u; $|;$.$bH?D?Resent-Date: $aH?D?Date: $aH?F?Resent-From: $?x$x <$g>$|$g$.H?F?From: $?x$x <$g>$|$g$.H?x?Full-Name: $x# HPosted-Date: $a# H?l?Received-Date: $bH?M?Resent-Message-Id: <$t.$i@$j>H?M?Message-Id: <$t.$i@$j>####################################################################################################################################################### REWRITING RULES################################################################################################################################################################################################ Ruleset 3 -- Name Canonicalization ###############################################Scanonify=3# handle null input (translate to <@> special case)R$@ $@ <@># strip group: syntax (not inside angle brackets!) and trailing semicolonR$* $: $1 <@> mark addressesR$* < $* > $* <@> $: $1 < $2 > $3 unmark <addr>R@ $* <@> $: @ $1 unmark @host:...R$* [ IPv6 : $+ ] <@> $: $1 [ IPv6 : $2 ] unmark IPv6 addrR$* :: $* <@> $: $1 :: $2 unmark node::addrR:include: $* <@> $: :include: $1 unmark :include:...R$* : $* [ $* ] $: $1 : $2 [ $3 ] <@> remark if leading colonR$* : $* <@> $: $2 strip colon if markedR$* <@> $: $1 unmarkR$* ; $1 strip trailing semiR$* < $+ :; > $* $@ $2 :; <@> catch <list:;>R$* < $* ; > $1 < $2 > bogus bracketed semi# null input now results from list:; syntaxR$@ $@ :; <@># strip angle brackets -- note RFC733 heuristic to get innermost itemR$* $: < $1 > housekeeping <>R$+ < $* > < $2 > strip excess on leftR< $* > $+ < $1 > strip excess on rightR<> $@ < @ > MAIL FROM:<> caseR< $+ > $: $1 remove housekeeping <># strip route address <@a,@b,@c:user@d> -> <user@d>R@ $+ , $+ $2R@ [ $* ] : $+ $2R@ $+ : $+ $2# find focus for list syntaxR $+ : $* ; @ $+ $@ $>Canonify2 $1 : $2 ; < @ $3 > list syntaxR $+ : $* ; $@ $1 : $2; list syntax# find focus for @ syntax addressesR$+ @ $+ $: $1 < @ $2 > focus on domainR$+ < $+ @ $+ > $1 $2 < @ $3 > move gaze rightR$+ < @ $+ > $@ $>Canonify2 $1 < @ $2 > already canonical# convert old-style addresses to a domain-based addressR$- ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > resolve uucp namesR$+ . $- ! $+ $@ $>Canonify2 $3 < @ $1 . $2 > domain uucpsR$+ ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > uucp subdomains# if we have % signs, take the rightmost oneR$* % $* $1 @ $2 First make them all @s.R$* @ $* @ $* $1 % $2 @ $3 Undo all but the last.R$* @ $* $@ $>Canonify2 $1 < @ $2 > Insert < > and finish# else we must be a local nameR$* $@ $>Canonify2 $1################################################### Ruleset 96 -- bottom half of ruleset 3 ###################################################SCanonify2=96# handle special cases for local namesR$* < @ localhost > $* $: $1 < @ $j . > $2 no domain at allR$* < @ localhost . $m > $* $: $1 < @ $j . > $2 local domainR$* < @ localhost . UUCP > $* $: $1 < @ $j . > $2 .UUCP domain# check for IPv4/IPv6 domain literalR$* < @ [ $+ ] > $* $: $1 < @@ [ $2 ] > $3 mark [addr]R$* < @@ $=w > $* $: $1 < @ $j . > $3 self-literalR$* < @@ $+ > $* $@ $1 < @ $2 > $3 canon IP addr# if really UUCP, handle it immediately# try UUCP traffic as a local addressR$* < @ $+ . UUCP > $* $: $1 < @ $[ $2 $] . UUCP . > $3R$* < @ $+ . . UUCP . > $* $@ $1 < @ $2 . > $3# hostnames ending in class P are always canonicalR$* < @ $* $=P > $* $: $1 < @ $2 $3 . > $4R$* < @ $* $~P > $* $: $&{daemon_flags} $| $1 < @ $2 $3 > $4R$* CC $* $| $* < @ $+.$+ > $* $: $3 < @ $4.$5 . > $6R$* CC $* $| $* $: $3# pass to name server to make hostname canonicalR$* $| $* < @ $* > $* $: $2 < @ $[ $3 $] > $4R$* $| $* $: $2# local host aliases and pseudo-domains are always canonicalR$* < @ $=w > $* $: $1 < @ $2 . > $3R$* < @ $=M > $* $: $1 < @ $2 . > $3R$* < @ $={VirtHost} > $* $: $1 < @ $2 . > $3R$* < @ $* . . > $* $1 < @ $2 . > $3##################################################### Ruleset 4 -- Final Output Post-rewriting #####################################################Sfinal=4R$+ :; <@> $@ $1 : handle <list:;>R$* <@> $@ handle <> and list:;# strip trailing dot off possibly canonical nameR$* < @ $+ . > $* $1 < @ $2 > $3# eliminate internal codeR$* < @ *LOCAL* > $* $1 < @ $j > $2# externalize local domain infoR$* < $+ > $* $1 $2 $3 defocusR@ $+ : @ $+ : $+ @ $1 , @ $2 : $3 <route-addr> canonicalR@ $* $@ @ $1 ... and exit# UUCP must always be presented in old formR$+ @ $- . UUCP $2!$1 u@h.UUCP => h!u# delete duplicate local namesR$+ % $=w @ $=w $1 @ $2 u%host@host => u@host################################################################# Ruleset 97 -- recanonicalize and call ruleset zero ###### (used for recursive calls) #################################################################SRecurse=97R$* $: $>canonify $1R$* $@ $>parse $1######################################### Ruleset 0 -- Parse Address #########################################Sparse=0R$* $: $>Parse0 $1 initial parsingR<@> $#local $: <@> special case error msgsR$* $: $>ParseLocal $1 handle local hacksR$* $: $>Parse1 $1 final parsing## Parse0 -- do initial syntax checking and eliminate local addresses.# This should either return with the (possibly modified) input# or return with a #error mailer. It should not return with a# #mailer other than the #error mailer.#SParse0R<@> $@ <@> special case error msgsR$* : $* ; <@> $#error $@ 5.1.3 $: "553 List:; syntax illegal for recipient addresses"R@ <@ $* > < @ $1 > catch "@@host" bogosityR<@ $+> $#error $@ 5.1.3 $: "553 User address required"R$+ <@> $#error $@ 5.1.3 $: "553 Hostname required"R$* $: <> $1R<> $* < @ [ $* ] : $+ > $* $1 < @ [ $2 ] : $3 > $4R<> $* < @ [ $* ] , $+ > $* $1 < @ [ $2 ] , $3 > $4R<> $* < @ [ $* ] $+ > $* $#error $@ 5.1.2 $: "553 Invalid address"R<> $* < @ [ $+ ] > $* $1 < @ [ $2 ] > $3R<> $* <$* : $* > $* $#error $@ 5.1.3 $: "553 Colon illegal in host name part"R<> $* $1R$* < @ . $* > $* $#error $@ 5.1.2 $: "553 Invalid host name"R$* < @ $* .. $* > $* $#error $@ 5.1.2 $: "553 Invalid host name"R$* < @ $* @ > $* $#error $@ 5.1.2 $: "553 Invalid route address"R$* @ $* < @ $* > $* $#error $@ 5.1.3 $: "553 Invalid route address"R$* , $~O $* $#error $@ 5.1.3 $: "553 Invalid route address"# now delete the local info -- note $=O to find characters that cause forwardingR$* < @ > $* $@ $>Parse0 $>canonify $1 user@ => userR< @ $=w . > : $* $@ $>Parse0 $>canonify $2 @here:... -> ...R$- < @ $=w . > $: $(dequote $1 $) < @ $2 . > dequote "foo"@hereR< @ $+ > $#error $@ 5.1.3 $: "553 User address required"R$* $=O $* < @ $=w . > $@ $>Parse0 $>canonify $1 $2 $3 ...@here -> ...R$- $: $(dequote $1 $) < @ *LOCAL* > dequote "foo"R< @ *LOCAL* > $#error $@ 5.1.3 $: "553 User address required"R$* $=O $* < @ *LOCAL* >$@ $>Parse0 $>canonify $1 $2 $3 ...@*LOCAL* -> ...R$* < @ *LOCAL* > $: $1## Parse1 -- the bottom half of ruleset 0.#SParse1# handle numeric address specR$* < @ [ $+ ] > $* $: $>ParseLocal $1 < @ [ $2 ] > $3 numeric internet specR$* < @ [ $+ ] > $* $: $1 < @ [ $2 ] : $S > $3 Add smart host to pathR$* < @ [ $+ ] : > $* $#esmtp $@ [$2] $: $1 < @ [$2] > $3 no smarthost: sendR$* < @ [ $+ ] : $- : $*> $* $#$3 $@ $4 $: $1 < @ [$2] > $5 smarthost with mailerR$* < @ [ $+ ] : $+ > $* $#esmtp $@ $3 $: $1 < @ [$2] > $4 smarthost without mailer# handle virtual usersR$+ $: <!> $1 Mark for lookupR<!> $+ < @ $={VirtHost} . > $: < $(virtuser $1 @ $2 $@ $1 $: @ $) > $1 < @ $2 . >R<!> $+ < @ $=w . > $: < $(virtuser $1 @ $2 $@ $1 $: @ $) > $1 < @ $2 . >R<@> $+ + $+ < @ $* . >$: < $(virtuser $1 + + @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . >R<@> $+ + $* < @ $* . >$: < $(virtuser $1 + * @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . >R<@> $+ + $* < @ $* . >$: < $(virtuser $1 @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . >R<@> $+ + $+ < @ $+ . > $: < $(virtuser + + @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . >R<@> $+ + $* < @ $+ . > $: < $(virtuser + * @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . >R<@> $+ + $* < @ $+ . > $: < $(virtuser @ $3 $@ $1 $@ $2 $@ +$2 $: ! $) > $1 + $2 < @ $3 . >R<@> $+ < @ $+ . > $: < $(virtuser @ $2 $@ $1 $: @ $) > $1 < @ $2 . >R<@> $+ $: $1R<!> $+ $: $1R< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4R< error : $- $+ > $* $#error $@ $(dequote $1 $) $: $2R< $+ > $+ < @ $+ > $: $>Recurse $1# short circuit local delivery so forwarded email worksR$=L < @ $=w . > $#local $: @ $1 special local namesR$+ < @ $=w . > $#local $: $1 regular local name# not local -- try mailer table lookupR$* <@ $+ > $* $: < $2 > $1 < @ $2 > $3 extract host nameR< $+ . > $* $: < $1 > $2 strip trailing dotR< $+ > $* $: < $(mailertable $1 $) > $2 lookupR< $~[ : $* > $* $>MailerToTriple < $1 : $2 > $3 check -- resolved?R< $+ > $* $: $>Mailertable <$1> $2 try domain# resolve remotely connected UUCP links (if any)# resolve fake top level domains by forwarding to other hosts# pass names that still have a host to a smarthost (if defined)R$* < @ $* > $* $: $>MailerToTriple < $S > $1 < @ $2 > $3 glue on smarthost name# deal with other remote namesR$* < @$* > $* $#esmtp $@ $2 $: $1 < @ $2 > $3 user@host.domain# handle locally delivered namesR$=L $#local $: @ $1 special local namesR$+ $#local $: $1 regular local names############################################################################## Ruleset 5 -- special rewriting after aliases have been expanded ##############################################################################SLocal_localaddrSlocaladdr=5R$+ $: $1 $| $>"Local_localaddr" $1R$+ $| $#ok $@ $1 no changeR$+ $| $#$* $#$2R$+ $| $* $: $1# deal with plussed users so aliases work nicelyR$+ + * $#local $@ $&h $: $1R$+ + $* $#local $@ + $2 $: $1 + *# prepend an empty "forward host" on the frontR$+ $: <> $1R< > $+ $: < > < $1 <> $&h > nope, restore +detailR< > < $+ <> + $* > $: < > < $1 + $2 > check whether +detailR< > < $+ <> $* > $: < > < $1 > else discardR< > < $+ + $* > $* < > < $1 > + $2 $3 find the user partR< > < $+ > + $* $#local $@ $2 $: @ $1 strip the extra +R< > < $+ > $@ $1 no +detailR$+ $: $1 <> $&h add +detail back inR$+ <> + $* $: $1 + $2 check whether +detailR$+ <> $* $: $1 else discardR< local : $* > $* $: $>MailerToTriple < local : $1 > $2 no host extensionR< error : $* > $* $: $>MailerToTriple < error : $1 > $2 no host extensionR< $~[ : $+ > $+ $: $>MailerToTriple < $1 : $2 > $3 < @ $2 >R< $+ > $+ $@ $>MailerToTriple < $1 > $2 < @ $1 >###################################################################### Ruleset 90 -- try domain part of mailertable entry ######################################################################SMailertable=90R$* <$- . $+ > $* $: $1$2 < $(mailertable .$3 $@ $1$2 $@ $2 $) > $4R$* <$~[ : $* > $* $>MailerToTriple < $2 : $3 > $4 check -- resolved?R$* < . $+ > $* $@ $>Mailertable $1 . <$2> $3 no -- strip & try againR$* < $* > $* $: < $(mailertable . $@ $1$2 $) > $3 try "."R< $~[ : $* > $* $>MailerToTriple < $1 : $2 > $3 "." found?R< $* > $* $@ $2 no mailertable match###################################################################### Ruleset 95 -- canonify mailer:[user@]host syntax to triple ######################################################################SMailerToTriple=95R< > $* $@ $1 strip off null relayR< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4R< error : $- : $+ > $* $#error $@ $(dequote $1 $) $: $2R< error : $+ > $* $#error $: $1R< local : $* > $* $>CanonLocal < $1 > $2R< $~[ : $+ @ $+ > $*<$*>$* $# $1 $@ $3 $: $2<@$3> use literal userR< $~[ : $+ > $* $# $1 $@ $2 $: $3 try qualified mailerR< $=w > $* $@ $2 delete local hostR< $+ > $* $#relay $@ $1 $: $2 use unqualified mailer###################################################################### Ruleset CanonLocal -- canonify local: syntax ######################################################################SCanonLocal# strip local host from routed addressesR< $* > < @ $+ > : $+ $@ $>Recurse $3R< $* > $+ $=O $+ < @ $+ > $@ $>Recurse $2 $3 $4# strip trailing dot from any host name that may appearR< $* > $* < @ $* . > $: < $1 > $2 < @ $3 ># handle local: syntax -- use old user, either with or without hostR< > $* < @ $* > $* $#local $@ $1@$2 $: $1R< > $+ $#local $@ $1 $: $1# handle local:user@host syntax -- ignore host partR< $+ @ $+ > $* < @ $* > $: < $1 > $3 < @ $4 ># handle local:user syntaxR< $+ > $* <@ $* > $* $#local $@ $2@$3 $: $1R< $+ > $* $#local $@ $2 $: $1###################################################################### Ruleset 93 -- convert header names to masqueraded form ######################################################################SMasqHdr=93# do not masquerade anything in class NR$* < @ $* $=N . > $@ $1 < @ $2 $3 . >R$* < @ *LOCAL* > $@ $1 < @ $j . >###################################################################### Ruleset 94 -- convert envelope names to masqueraded form ######################################################################SMasqEnv=94R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2###################################################################### Ruleset 98 -- local part of ruleset zero (can be null) ######################################################################SParseLocal=98# addresses sent to foo@host.REDIRECT will give a 551 error codeR$* < @ $+ .REDIRECT. > $: $1 < @ $2 . REDIRECT . > < ${opMode} >R$* < @ $+ .REDIRECT. > <i> $: $1 < @ $2 . REDIRECT. >R$* < @ $+ .REDIRECT. > < $- > $#error $@ 5.1.1 $: "551 User has moved; please try " <$1@$2>######################################################################### D: LookUpDomain -- search for domain in access database###### Parameters:### <$1> -- key (domain name)### <$2> -- default (what to return if not found in db)### <$3> -- mark (must be <(!|+) single-token>)### ! does lookup only with tag### + does lookup with and without tag### <$4> -- passthru (additional data passed unchanged through)######################################################################SDR<$*> <$+> <$- $-> <$*> $: < $(access $4:$1 $: ? $) > <$1> <$2> <$3 $4> <$5>R<?> <$+> <$+> <+ $-> <$*> $: < $(access $1 $: ? $) > <$1> <$2> <+ $3> <$4>R<?> <[$+.$-]> <$+> <$- $-> <$*> $@ $>D <[$1]> <$3> <$4 $5> <$6>R<?> <[$+::$-]> <$+> <$- $-> <$*> $: $>D <[$1]> <$3> <$4 $5> <$6>R<?> <[$+:$-]> <$+> <$- $-> <$*> $: $>D <[$1]> <$3> <$4 $5> <$6>R<?> <$+.$+> <$+> <$- $-> <$*> $@ $>D <$2> <$3> <$4 $5> <$6>R<?> <$+> <$+> <$- $-> <$*> $@ <$2> <$5>R<$* <TMPF>> <$+> <$+> <$- $-> <$*> $@ <<TMPF>> <$6>R<$*> <$+> <$+> <$- $-> <$*> $@ <$1> <$6>######################################################################### A: LookUpAddress -- search for host address in access database###### Parameters:### <$1> -- key (dot quadded host address)### <$2> -- default (what to return if not found in db)### <$3> -- mark (must be <(!|+) single-token>)### ! does lookup only with tag### + does lookup with and without tag### <$4> -- passthru (additional data passed through)######################################################################SAR<$+> <$+> <$- $-> <$*> $: < $(access $4:$1 $: ? $) > <$1> <$2> <$3 $4> <$5>R<?> <$+> <$+> <+ $-> <$*> $: < $(access $1 $: ? $) > <$1> <$2> <+ $3> <$4>R<?> <$+::$-> <$+> <$- $-> <$*> $@ $>A <$1> <$3> <$4 $5> <$6>R<?> <$+:$-> <$+> <$- $-> <$*> $@ $>A <$1> <$3> <$4 $5> <$6>R<?> <$+.$-> <$+> <$- $-> <$*> $@ $>A <$1> <$3> <$4 $5> <$6>R<?> <$+> <$+> <$- $-> <$*> $@ <$2> <$5>R<$* <TMPF>> <$+> <$+> <$- $-> <$*> $@ <<TMPF>> <$6>R<$*> <$+> <$+> <$- $-> <$*> $@ <$1> <$6>######################################################################### CanonAddr -- Convert an address into a standard form for### relay checking. Route address syntax is### crudely converted into a %-hack address.###### Parameters:### $1 -- full recipient address###### Returns:### parsed address, not in source route form######################################################################SCanonAddrR$* $: $>Parse0 $>canonify $1 make domain canonical######################################################################### ParseRecipient -- Strip off hosts in $=R as well as possibly### $* $=m or the access database.### Check user portion for host separators.###### Parameters:### $1 -- full recipient address###### Returns:### parsed, non-local-relaying address######################################################################SParseRecipientR$* $: <?> $>CanonAddr $1R<?> $* < @ $* . > <?> $1 < @ $2 > strip trailing dotsR<?> $- < @ $* > $: <?> $(dequote $1 $) < @ $2 > dequote local part# if no $=O character, no host in the user portion, we are doneR<?> $* $=O $* < @ $* > $: <NO> $1 $2 $3 < @ $4>R<?> $* $@ $1R<NO> $* < @ $* $=R > $: <RELAY> $1 < @ $2 $3 >R<NO> $* < @ $+ > $: $>D <$2> <NO> <+ To> <$1 < @ $2 >>R<$+> <$+> $: <$1> $2R<RELAY> $* < @ $* > $@ $>ParseRecipient $1R<$+> $* $@ $2######################################################################### check_relay -- check hostname/address on SMTP startup######################################################################SLocal_check_relayScheck_relayR$* $: $1 $| $>"Local_check_relay" $1R$* $| $* $| $#$* $#$3R$* $| $* $| $* $@ $>"Basic_check_relay" $1 $| $2SBasic_check_relay# check for deferred delivery modeR$* $: < $&{deliveryMode} > $1R< d > $* $@ deferredR< $* > $* $: $2R$+ $| $+ $: $>D < $1 > <?> <+ Connect> < $2 >R $| $+ $: $>A < $1 > <?> <+ Connect> <> empty client_nameR<?> <$+> $: $>A < $1 > <?> <+ Connect> <> no: another lookupR<?> <$*> $: OK found nothingR<$={Accept}> <$*> $@ $1 return value of lookupR<REJECT> <$*> $#error $@ 5.7.1 $: "550 Access denied"R<DISCARD> <$*> $#discard $: discardR<QUARANTINE:$+> <$*> $#error $@ quarantine $: $1R<ERROR:$-.$-.$-:$+> <$*> $#error $@ $1.$2.$3 $: $4R<ERROR:$+> <$*> $#error $: $1R<$* <TMPF>> <$*> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."R<$+> <$*> $#error $: $1######################################################################### check_mail -- check SMTP `MAIL FROM:' command argument######################################################################SLocal_check_mailScheck_mailR$* $: $1 $| $>"Local_check_mail" $1R$* $| $#$* $#$2R$* $| $* $@ $>"Basic_check_mail" $1SBasic_check_mail# check for deferred delivery modeR$* $: < $&{deliveryMode} > $1R< d > $* $@ deferredR< $* > $* $: $2# authenticated?R$* $: $1 $| $>"tls_client" $&{verify} $| MAILR$* $| $#$+ $#$2R$* $| $* $: $1R<> $@ <OK> we MUST accept <> (RFC 1123)R$+ $: <?> $1R<?><$+> $: <@> <$1>R<?>$+ $: <@> <$1>R$* $: $&{daemon_flags} $| $1R$* f $* $| <@> < $* @ $- > $: < ? $&{client_name} > < $3 @ $4 >R$* u $* $| <@> < $* > $: <?> < $3 >R$* $| $* $: $2# handle case of @localhost on addressR<@> < $* @ localhost > $: < ? $&{client_name} > < $1 @ localhost >R<@> < $* @ [127.0.0.1] >$: < ? $&{client_name} > < $1 @ [127.0.0.1] >R<@> < $* @ localhost.$m >$: < ? $&{client_name} > < $1 @ localhost.$m >R<@> < $* @ localhost.localdomain >$: < ? $&{client_name} > < $1 @ localhost.localdomain >R<@> < $* @ localhost.UUCP >$: < ? $&{client_name} > < $1 @ localhost.UUCP >R<@> $* $: $1 no localhost as domainR<? $=w> $* $: $2 local client: okR<? $+> <$+> $#error $@ 5.5.4 $: "553 Real domain name required for sender address"R<?> $* $: $1R$* $: <?> $>CanonAddr $1 canonify sender address and mark itR<?> $* < @ $+ . > <?> $1 < @ $2 > strip trailing dots# handle non-DNS hostnames (*.bitnet, *.decnet, *.uucp, etc)R<?> $* < @ $* $=P > $: <OKR> $1 < @ $2 $3 >R<?> $* < @ $j > $: <OKR> $1 < @ $j >R<?> $* < @ $+ > $: <OKR> $1 < @ $2 > ... unresolvable OK# check sender address: user@address, user@, addressR<$+> $+ < @ $* > $: @<$1> <$2 < @ $3 >> $| <F:$2@$3> <U:$2@> <D:$3>R<$+> $+ $: @<$1> <$2> $| <U:$2@>R@ <$+> <$*> $| <$+> $: <@> <$1> <$2> $| $>SearchList <+ From> $| <$3> <>R<@> <$+> <$*> $| <$*> $: <$3> <$1> <$2> reverse result# retransform for further useR<?> <$+> <$*> $: <$1> $2 no matchR<$+> <$+> <$*> $: <$1> $3 relevant result, keep it# handle case of no @domain on addressR<?> $* $: $&{daemon_flags} $| <?> $1R$* u $* $| <?> $* $: <OKR> $3R$* $| $* $: $2R<?> $* $: < ? $&{client_addr} > $1R<?> $* $@ <OKR> ...local unqualed okR<? $+> $* $#error $@ 5.5.4 $: "553 Domain name required for sender address " $&f...remote is not# check resultsR<?> $* $: @ $1 mark address: nothing known about itR<$={ResOk}> $* $@ <OKR> domain ok: stopR<TEMP> $* $#error $@ 4.1.8 $: "451 Domain of sender address " $&f " does not resolve"R<PERM> $* $#error $@ 5.1.8 $: "553 Domain of sender address " $&f " does not exist"R<$={Accept}> $* $# $1 accept from access mapR<DISCARD> $* $#discard $: discardR<QUARANTINE:$+> $* $#error $@ quarantine $: $1R<REJECT> $* $#error $@ 5.7.1 $: "550 Access denied"R<ERROR:$-.$-.$-:$+> $* $#error $@ $1.$2.$3 $: $4R<ERROR:$+> $* $#error $: $1R<<TMPF>> $* $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."R<$+> $* $#error $: $1 error from access db######################################################################### check_rcpt -- check SMTP `RCPT TO:' command argument######################################################################SLocal_check_rcptScheck_rcptR$* $: $1 $| $>"Local_check_rcpt" $1R$* $| $#$* $#$2R$* $| $* $@ $>"Basic_check_rcpt" $1SBasic_check_rcpt# empty address?R<> $#error $@ nouser $: "553 User address required"R$@ $#error $@ nouser $: "553 User address required"# check for deferred delivery modeR$* $: < $&{deliveryMode} > $1R< d > $* $@ deferredR< $* > $* $: $2######################################################################R$* $: $1 $| @ $>"Rcpt_ok" $1R$* $| @ $#TEMP $+ $: $1 $| T $2R$* $| @ $#$* $#$2R$* $| @ RELAY $@ RELAYR$* $| @ $* $: O $| $>"Relay_ok" $1R$* $| T $+ $: T $2 $| $>"Relay_ok" $1R$* $| $#TEMP $+ $#error $2R$* $| $#$* $#$2R$* $| RELAY $@ RELAYR T $+ $| $* $#error $1# anything else is bogusR$* $#error $@ 5.7.1 $: "550 Relaying denied"######################################################################### Rcpt_ok: is the recipient ok?######################################################################SRcpt_okR$* $: $>ParseRecipient $1 strip relayable hosts# blacklist local users or any host from receiving mailR$* $: <?> $1R<?> $+ < @ $=w > $: <> <$1 < @ $2 >> $| <F:$1@$2> <U:$1@> <D:$2>R<?> $+ < @ $* > $: <> <$1 < @ $2 >> $| <F:$1@$2> <D:$2>R<?> $+ $: <> <$1> $| <U:$1@>R<> <$*> $| <$+> $: <@> <$1> $| $>SearchList <+ To> $| <$2> <>R<@> <$*> $| <$*> $: <$2> <$1> reverse resultR<?> <$*> $: @ $1 mark address as no matchR<$={Accept}> <$*> $: @ $2 mark address as no matchR<REJECT> $* $#error $@ 5.2.1 $: "550 Mailbox disabled for this recipient"R<DISCARD> $* $#discard $: discardR<QUARANTINE:$+> $* $#error $@ quarantine $: $1R<ERROR:$-.$-.$-:$+> $* $#error $@ $1.$2.$3 $: $4R<ERROR:$+> $* $#error $: $1R<<TMPF>> $* $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."R<$+> $* $#error $: $1 error from access dbR@ $* $1 remove mark# authenticated via TLS?R$* $: $1 $| $>RelayTLS client authenticated?R$* $| $# $+ $# $2 error/ok?R$* $| $* $: $1 noR$* $: $1 $| $>"Local_Relay_Auth" $&{auth_type}R$* $| $# $* $# $2R$* $| NO $: $1R$* $| $* $: $1 $| $&{auth_type}R$* $| $: $1R$* $| $={TrustAuthMech} $# RELAYR$* $| $* $: $1# anything terminating locally is okR$+ < @ $=w > $@ RELAYR$+ < @ $* $=R > $@ RELAYR$+ < @ $+ > $: $>D <$2> <?> <+ To> <$1 < @ $2 >>R<RELAY> $* $@ RELAYR<$* <TMPF>> $* $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."R<$*> <$*> $: $2# check for local user (i.e. unqualified address)R$* $: <?> $1R<?> $* < @ $+ > $: <REMOTE> $1 < @ $2 ># local user is okR<?> $+ $@ RELAYR<$+> $* $: $2######################################################################### Relay_ok: is the relay/sender ok?######################################################################SRelay_ok# anything originating locally is ok# check IP addressR$* $: $&{client_addr}R$@ $@ RELAY originated locallyR0 $@ RELAY originated locallyR127.0.0.1 $@ RELAY originated locallyRIPv6:::1 $@ RELAY originated locallyR$=R $* $@ RELAY relayable IP addressR$* $: $>A <$1> <?> <+ Connect> <$1>R<RELAY> $* $@ RELAY relayable IP addressR<<TMPF>> $* $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."R<$*> <$*> $: $2R$* $: [ $1 ] put brackets around it...R$=w $@ RELAY ... and see if it is local# check client name: first: did it resolve?R$* $: < $&{client_resolve} >R<TEMP> $#TEMP $@ 4.4.0 $: "450 Relaying temporarily denied. Cannot resolve PTR record for " $&{client_addr}R<FORGED> $#error $@ 5.7.1 $: "550 Relaying denied. IP name possibly forged " $&{client_name}R<FAIL> $#error $@ 5.7.1 $: "550 Relaying denied. IP name lookup failed " $&{client_name}R$* $: <@> $&{client_name}# pass to name server to make hostname canonicalR<@> $* $=P $:<?> $1 $2R<@> $+ $:<?> $[ $1 $]R$* . $1 strip trailing dotsR<?> $=w $@ RELAYR<?> $* $=R $@ RELAYR<?> $* $: $>D <$1> <?> <+ Connect> <$1>R<RELAY> $* $@ RELAYR<$* <TMPF>> $* $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."R<$*> <$*> $: $2######################################################################### F: LookUpFull -- search for an entry in access database###### lookup of full key (which should be an address) and### variations if +detail exists: +* and without +detail###### Parameters:### <$1> -- key### <$2> -- default (what to return if not found in db)### <$3> -- mark (must be <(!|+) single-token>)### ! does lookup only with tag### + does lookup with and without tag### <$4> -- passthru (additional data passed unchanged through)######################################################################SFR<$+> <$*> <$- $-> <$*> $: <$(access $4:$1 $: ? $)> <$1> <$2> <$3 $4> <$5>R<?> <$+> <$*> <+ $-> <$*> $: <$(access $1 $: ? $)> <$1> <$2> <+ $3> <$4>R<?> <$+ + $* @ $+> <$*> <$- $-> <$*>$: <$(access $6:$1+*@$3 $: ? $)> <$1+$2@$3> <$4> <$5 $6> <$7>R<?> <$+ + $* @ $+> <$*> <+ $-> <$*>$: <$(access $1+*@$3 $: ? $)> <$1+$2@$3> <$4> <+ $5> <$6>R<?> <$+ + $* @ $+> <$*> <$- $-> <$*>$: <$(access $6:$1@$3 $: ? $)> <$1+$2@$3> <$4> <$5 $6> <$7>R<?> <$+ + $* @ $+> <$*> <+ $-> <$*>$: <$(access $1@$3 $: ? $)> <$1+$2@$3> <$4> <+ $5> <$6>R<?> <$+> <$*> <$- $-> <$*> $@ <$2> <$5>R<$+ <TMPF>> <$*> <$- $-> <$*> $@ <<TMPF>> <$5>R<$+> <$*> <$- $-> <$*> $@ <$1> <$5>######################################################################### E: LookUpExact -- search for an entry in access database###### Parameters:### <$1> -- key### <$2> -- default (what to return if not found in db)### <$3> -- mark (must be <(!|+) single-token>)### ! does lookup only with tag### + does lookup with and without tag### <$4> -- passthru (additional data passed unchanged through)######################################################################SER<$*> <$*> <$- $-> <$*> $: <$(access $4:$1 $: ? $)> <$1> <$2> <$3 $4> <$5>R<?> <$+> <$*> <+ $-> <$*> $: <$(access $1 $: ? $)> <$1> <$2> <+ $3> <$4>R<?> <$+> <$*> <$- $-> <$*> $@ <$2> <$5>R<$+ <TMPF>> <$*> <$- $-> <$*> $@ <<TMPF>> <$5>R<$+> <$*> <$- $-> <$*> $@ <$1> <$5>######################################################################### U: LookUpUser -- search for an entry in access database###### lookup of key (which should be a local part) and### variations if +detail exists: +* and without +detail###### Parameters:### <$1> -- key (user@)### <$2> -- default (what to return if not found in db)### <$3> -- mark (must be <(!|+) single-token>)### ! does lookup only with tag### + does lookup with and without tag### <$4> -- passthru (additional data passed unchanged through)######################################################################SUR<$+> <$*> <$- $-> <$*> $: <$(access $4:$1 $: ? $)> <$1> <$2> <$3 $4> <$5>R<?> <$+> <$*> <+ $-> <$*> $: <$(access $1 $: ? $)> <$1> <$2> <+ $3> <$4>R<?> <$+ + $* @> <$*> <$- $-> <$*>$: <$(access $5:$1+*@ $: ? $)> <$1+$2@> <$3> <$4 $5> <$6>R<?> <$+ + $* @> <$*> <+ $-> <$*>$: <$(access $1+*@ $: ? $)> <$1+$2@> <$3> <+ $4> <$5>R<?> <$+ + $* @> <$*> <$- $-> <$*>$: <$(access $5:$1@ $: ? $)> <$1+$2@> <$3> <$4 $5> <$6>R<?> <$+ + $* @> <$*> <+ $-> <$*>$: <$(access $1@ $: ? $)> <$1+$2@> <$3> <+ $4> <$5>R<?> <$+> <$*> <$- $-> <$*> $@ <$2> <$5>R<$+ <TMPF>> <$*> <$- $-> <$*> $@ <<TMPF>> <$5>R<$+> <$*> <$- $-> <$*> $@ <$1> <$5>######################################################################### SearchList: search a list of items in the access map### Parameters:### <exact tag> $| <mark:address> <mark:address> ... <>### where "exact" is either "+" or "!":### <+ TAG> lookup with and w/o tag### <! TAG> lookup with tag### possible values for "mark" are:### D: recursive host lookup (LookUpDomain)### E: exact lookup, no modifications### F: full lookup, try user+ext@domain and user@domain### U: user lookup, try user+ext and user (input must have trailing @)### return: <RHS of lookup> or <?> (not found)####################################################################### class with valid marks for SearchListC{Src}E F D USSearchList# just call the ruleset with the name of the tag... nice trick...R<$+> $| <$={Src}:$*> <$*> $: <$1> $| <$4> $| $>$2 <$3> <?> <$1> <>R<$+> $| <> $| <?> <> $@ <?>R<$+> $| <$+> $| <?> <> $@ $>SearchList <$1> $| <$2>R<$+> $| <$*> $| <$+> <> $@ <$3>R<$+> $| <$+> $@ <$2>######################################################################### trust_auth: is user trusted to authenticate as someone else?###### Parameters:### $1: AUTH= parameter from MAIL command######################################################################SLocal_trust_authStrust_authR$* $: $&{auth_type} $| $1# required by RFC 2554 section 4.R$@ $| $* $#error $@ 5.7.1 $: "550 not authenticated"R$* $| $&{auth_authen} $@ identicalR$* $| <$&{auth_authen}> $@ identicalR$* $| $* $: $1 $| $>"Local_trust_auth" $2R$* $| $#$* $#$2R$* $#error $@ 5.7.1 $: "550 " $&{auth_authen} " not allowed to act as " $&{auth_author}######################################################################### Relay_Auth: allow relaying based on authentication?###### Parameters:### $1: ${auth_type}######################################################################SLocal_Relay_Auth######################################################################### srv_features: which features to offer to a client?### (done in server)######################################################################Ssrv_featuresR$* $: $>D <$&{client_name}> <?> <! "Srv_Features"> <>R<?>$* $: $>A <$&{client_addr}> <?> <! "Srv_Features"> <>R<?>$* $: <$(access "Srv_Features": $: ? $)>R<?>$* $@ OKR<$* <TMPF>>$* $#tempR<$+>$* $# $1######################################################################### try_tls: try to use STARTTLS?### (done in client)######################################################################Stry_tlsR$* $: $>D <$&{server_name}> <?> <! "Try_TLS"> <>R<?>$* $: $>A <$&{server_addr}> <?> <! "Try_TLS"> <>R<?>$* $: <$(access "Try_TLS": $: ? $)>R<?>$* $@ OKR<$* <TMPF>>$* $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."R<NO>$* $#error $@ 5.7.1 $: "550 do not try TLS with " $&{server_name} " ["$&{server_addr}"]"######################################################################### tls_rcpt: is connection with server "good" enough?### (done in client, per recipient)###### Parameters:### $1: recipient######################################################################Stls_rcptR$* $: $(macro {TLS_Name} $@ $&{server_name} $) $1R$+ $: <?> $>CanonAddr $1R<?> $+ < @ $+ . > <?> $1 <@ $2 >R<?> $+ < @ $+ > $: $1 <@ $2 > $| <F:$1@$2> <U:$1@> <D:$2> <E:>R<?> $+ $: $1 $| <U:$1@> <E:>R$* $| $+ $: $1 $| $>SearchList <! "TLS_Rcpt"> $| $2 <>R$* $| <?> $@ OKR$* $| <$* <TMPF>> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."R$* $| <$+> $@ $>"TLS_connection" $&{verify} $| <$2>######################################################################### tls_client: is connection with client "good" enough?### (done in server)###### Parameters:### ${verify} $| (MAIL|STARTTLS)######################################################################Stls_clientR$* $: $(macro {TLS_Name} $@ $&{server_name} $) $1R$* $| $* $: $1 $| $>D <$&{client_name}> <?> <! "TLS_Clt"> <>R$* $| <?>$* $: $1 $| $>A <$&{client_addr}> <?> <! "TLS_Clt"> <>R$* $| <?>$* $: $1 $| <$(access "TLS_Clt": $: ? $)>R$* $| <$* <TMPF>> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."R$* $@ $>"TLS_connection" $1######################################################################### tls_server: is connection with server "good" enough?### (done in client)###### Parameter:### ${verify}######################################################################Stls_serverR$* $: $(macro {TLS_Name} $@ $&{server_name} $) $1R$* $: $1 $| $>D <$&{server_name}> <?> <! "TLS_Srv"> <>R$* $| <?>$* $: $1 $| $>A <$&{server_addr}> <?> <! "TLS_Srv"> <>R$* $| <?>$* $: $1 $| <$(access "TLS_Srv": $: ? $)>R$* $| <$* <TMPF>> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."R$* $@ $>"TLS_connection" $1######################################################################### TLS_connection: is TLS connection "good" enough?###### Parameters:### ${verify} $| <Requirement> [<>]### Requirement: RHS from access map, may be ? for none.######################################################################STLS_connectionR$* $| <$*>$* $: $1 $| <$2># create the appropriate error codesR$* $| <PERM + $={Tls} $*> $: $1 $| <503:5.7.0> <$2 $3>R$* $| <TEMP + $={Tls} $*> $: $1 $| <403:4.7.0> <$2 $3>R$* $| <$={Tls} $*> $: $1 $| <403:4.7.0> <$2 $3># deal with TLS handshake failures: abortRSOFTWARE $| <$-:$+> $* $#error $@ $2 $: $1 " TLS handshake failed."RSOFTWARE $| $* $#error $@ 4.7.0 $: "403 TLS handshake failed."# deal with TLS protocol errors: abortRPROTOCOL $| <$-:$+> $* $#error $@ $2 $: $1 " STARTTLS failed."RPROTOCOL $| $* $#error $@ 4.7.0 $: "403 STARTTLS failed."R$* $| <$*> <VERIFY> $: <$2> <VERIFY> <> $1R$* $| <$*> <VERIFY + $+> $: <$2> <VERIFY> <$3> $1R$* $| <$*> <$={Tls}:$->$* $: <$2> <$3:$4> <> $1R$* $| <$*> <$={Tls}:$- + $+>$* $: <$2> <$3:$4> <$5> $1R$* $| $* $@ OK# authentication required: give appropriate error# other side did authenticate (via STARTTLS)R<$*><VERIFY> <> OK $@ OKR<$*><VERIFY> <$+> OK $: <$1> <REQ:0> <$2>R<$*><VERIFY:$-> <$*> OK $: <$1> <REQ:$2> <$3>R<$*><ENCR:$-> <$*> $* $: <$1> <REQ:$2> <$3>R<$-:$+><VERIFY $*> <$*> $#error $@ $2 $: $1 " authentication required"R<$-:$+><VERIFY $*> <$*> FAIL $#error $@ $2 $: $1 " authentication failed"R<$-:$+><VERIFY $*> <$*> NO $#error $@ $2 $: $1 " not authenticated"R<$-:$+><VERIFY $*> <$*> NOT $#error $@ $2 $: $1 " no authentication requested"R<$-:$+><VERIFY $*> <$*> NONE $#error $@ $2 $: $1 " other side does not support STARTTLS"R<$-:$+><VERIFY $*> <$*> $+ $#error $@ $2 $: $1 " authentication failure " $4R<$*><REQ:$-> <$*> $: <$1> <REQ:$2> <$3> $>max $&{cipher_bits} : $&{auth_ssf}R<$*><REQ:$-> <$*> $- $: <$1> <$2:$4> <$3> $(arith l $@ $4 $@ $2 $)R<$-:$+><$-:$-> <$*> TRUE $#error $@ $2 $: $1 " encryption too weak " $4 " less than " $3R<$-:$+><$-:$-> <$*> $* $: <$1:$2 ++ $5>R<$-:$+ ++ > $@ OKR<$-:$+ ++ $+ > $: <$1:$2> <$3>R<$-:$+> < $+ ++ $+ > <$1:$2> <$3> <$4>R<$-:$+> $+ $@ $>"TLS_req" $3 $| <$1:$2>######################################################################### TLS_req: check additional TLS requirements###### Parameters: [<list> <of> <req>] $| <$-:$+>### $-: SMTP reply code### $+: Enhanced Status Code######################################################################STLS_reqR $| $+ $@ OKR<CN> $* $| <$+> $: <CN:$&{TLS_Name}> $1 $| <$2>R<CN:$&{cn_subject}> $* $| <$+> $@ $>"TLS_req" $1 $| <$2>R<CN:$+> $* $| <$-:$+> $#error $@ $4 $: $3 " CN " $&{cn_subject} " does not match " $1R<CS:$&{cert_subject}> $* $| <$+> $@ $>"TLS_req" $1 $| <$2>R<CS:$+> $* $| <$-:$+> $#error $@ $4 $: $3 " Cert Subject " $&{cert_subject} " does not match " $1R<CI:$&{cert_issuer}> $* $| <$+> $@ $>"TLS_req" $1 $| <$2>R<CI:$+> $* $| <$-:$+> $#error $@ $4 $: $3 " Cert Issuer " $&{cert_issuer} " does not match " $1ROK $@ OK######################################################################### max: return the maximum of two values separated by :###### Parameters: [$-]:[$-]######################################################################SmaxR: $: 0R:$- $: $1R$-: $: $1R$-:$- $: $(arith l $@ $1 $@ $2 $) : $1 : $2RTRUE:$-:$- $: $2R$-:$-:$- $: $2######################################################################### RelayTLS: allow relaying based on TLS authentication###### Parameters:### none######################################################################SRelayTLS# authenticated?R$* $: <?> $&{verify}R<?> OK $: OK authenticated: continueR<?> $* $@ NO not authenticatedR$* $: $&{cert_issuer}R$+ $: $(access CERTISSUER:$1 $)RRELAY $# RELAYRSUBJECT $: <@> $&{cert_subject}R<@> $+ $: <@> $(access CERTSUBJECT:$1 $)R<@> RELAY $# RELAYR$* $: NO######################################################################### authinfo: lookup authinfo in the access map###### Parameters:### $1: {server_name}### $2: {server_addr}######################################################################SauthinfoR$* $: $1 $| $>D <$&{server_name}> <?> <! AuthInfo> <>R$* $| <?>$* $: $1 $| $>A <$&{server_addr}> <?> <! AuthInfo> <>R$* $| <?>$* $: $1 $| <$(access AuthInfo: $: ? $)> <>R$* $| <?>$* $@ no no authinfo availableR$* $| <$*> <> $# $2####################################################################################################################################################### MAIL FILTER DEFINITIONS######################################################################################################################################################################################################################################################################################################## MAILER DEFINITIONS######################################################################################################################################################################################### SMTP Mailer specification ############################################# $Id: smtp.m4,v 8.64 2001/04/03 01:52:54 gshapiro Exp $ ####### common sender and masquerading recipient rewriting#SMasqSMTPR$* < @ $* > $* $@ $1 < @ $2 > $3 already fully qualifiedR$+ $@ $1 < @ *LOCAL* > add local qualification## convert pseudo-domain addresses to real domain addresses#SPseudoToReal# pass <route-addr>s throughR< @ $+ > $* $@ < @ $1 > $2 resolve <route-addr># output fake domains as user%fake@relay# do UUCP heuristics; note that these are shared with UUCP mailersR$+ < @ $+ .UUCP. > $: < $2 ! > $1 convert to UUCP formR$+ < @ $* > $* $@ $1 < @ $2 > $3 not UUCP form# leave these in .UUCP form to avoid further tamperingR< $&h ! > $- ! $+ $@ $2 < @ $1 .UUCP. >R< $&h ! > $-.$+ ! $+ $@ $3 < @ $1.$2 >R< $&h ! > $+ $@ $1 < @ $&h .UUCP. >R< $+ ! > $+ $: $1 ! $2 < @ $Y > use UUCP_RELAYR$+ < @ $~[ $* : $+ > $@ $1 < @ $4 > strip mailer: partR$+ < @ > $: $1 < @ *LOCAL* > if no UUCP_RELAY## envelope sender rewriting#SEnvFromSMTPR$+ $: $>PseudoToReal $1 sender/recipient commonR$* :; <@> $@ list:; special caseR$* $: $>MasqSMTP $1 qualify unqual'ed namesR$+ $: $>MasqEnv $1 do masquerading## envelope recipient rewriting --# also header recipient if not masquerading recipients#SEnvToSMTPR$+ $: $>PseudoToReal $1 sender/recipient commonR$+ $: $>MasqSMTP $1 qualify unqual'ed namesR$* < @ *LOCAL* > $* $: $1 < @ $j . > $2## header sender and masquerading header recipient rewriting#SHdrFromSMTPR$+ $: $>PseudoToReal $1 sender/recipient commonR:; <@> $@ list:; special case# do special header rewritingR$* <@> $* $@ $1 <@> $2 pass null host throughR< @ $* > $* $@ < @ $1 > $2 pass route-addr throughR$* $: $>MasqSMTP $1 qualify unqual'ed namesR$+ $: $>MasqHdr $1 do masquerading## relay mailer header masquerading recipient rewriting#SMasqRelayR$+ $: $>MasqSMTP $1R$+ $: $>MasqHdr $1Msmtp, P=[IPC], F=mDFMuX, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,T=DNS/RFC822/SMTP,A=TCP $hMesmtp, P=[IPC], F=mDFMuXa, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,T=DNS/RFC822/SMTP,A=TCP $hMsmtp8, P=[IPC], F=mDFMuX8, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,T=DNS/RFC822/SMTP,A=TCP $hMdsmtp, P=[IPC], F=mDFMuXa%, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,T=DNS/RFC822/SMTP,A=TCP $hMrelay, P=[IPC], F=mDFMuXa8, S=EnvFromSMTP/HdrFromSMTP, R=MasqSMTP, E=\r\n, L=2040,T=DNS/RFC822/SMTP,A=TCP $h######################*****################# PROCMAIL Mailer specification #####################*****####################### $Id: procmail.m4,v 8.22 2001/11/12 23:11:34 ca Exp $ #####Mprocmail, P=/usr/bin/procmail, F=DFMSPhnu9, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP/HdrFromSMTP,T=DNS/RFC822/X-Unix,A=procmail -Y -m $h $f $u##################################################### Local and Program Mailer specification ########################################################## $Id: local.m4,v 8.59 2004/11/23 00:37:25 ca Exp $ ####### Envelope sender rewriting#SEnvFromLR<@> $n errors to mailer-daemonR@ <@ $*> $n temporarily bypass Sun bogosityR$+ $: $>AddDomain $1 add local domain if neededR$* $: $>MasqEnv $1 do masquerading## Envelope recipient rewriting#SEnvToLR$+ < @ $* > $: $1 strip host part## Header sender rewriting#SHdrFromLR<@> $n errors to mailer-daemonR@ <@ $*> $n temporarily bypass Sun bogosityR$+ $: $>AddDomain $1 add local domain if neededR$* $: $>MasqHdr $1 do masquerading## Header recipient rewriting#SHdrToLR$+ $: $>AddDomain $1 add local domain if neededR$* < @ *LOCAL* > $* $: $1 < @ $j . > $2## Common code to add local domain name (only if always-add-domain)#SAddDomainR$* < @ $* > $* $@ $1 < @ $2 > $3 already fully qualifiedR$+ $@ $1 < @ *LOCAL* > add local qualificationMlocal, P=/usr/bin/procmail, F=lsDFMAw5:/|@qSPfhn9, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL,T=DNS/RFC822/X-Unix,A=procmail -t -Y -a $h -d $uMprog, P=/usr/sbin/smrsh, F=lsDFMoqeu9, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL, D=$z:/,T=X-Unix/X-Unix/X-Unix,A=smrsh -c $u