Mercurial > dnsbl
annotate test.cf @ 278:368572c57013
add limits on unique ip addresses per hour per authenticated user
author | Carl Byington <carl@five-ten-sg.com> |
---|---|
date | Tue, 17 Dec 2013 15:35:23 -0800 |
parents | e107ade3b1c0 |
children |
rev | line source |
---|---|
0 | 1 # |
90
962a1f8f1d9f
add verify statement to verify addresses with better mx host
carl
parents:
59
diff
changeset
|
2 # Copyright (c) 1998-2004 Sendmail, Inc. and its suppliers. |
0 | 3 # All rights reserved. |
4 # Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved. | |
5 # Copyright (c) 1988, 1993 | |
6 # The Regents of the University of California. All rights reserved. | |
7 # | |
8 # By using this file, you agree to the terms and conditions set | |
9 # forth in the LICENSE file which can be found at the top level of | |
10 # the sendmail distribution. | |
11 # | |
12 # | |
13 | |
14 ###################################################################### | |
15 ###################################################################### | |
16 ##### | |
17 ##### SENDMAIL CONFIGURATION FILE | |
18 ##### | |
90
962a1f8f1d9f
add verify statement to verify addresses with better mx host
carl
parents:
59
diff
changeset
|
19 ##### built by root@ns.five-ten-sg.com on Sat Sep 17 18:06:39 PDT 2005 |
962a1f8f1d9f
add verify statement to verify addresses with better mx host
carl
parents:
59
diff
changeset
|
20 ##### in /usr/usr/cvs/gpl/dnsbl |
0 | 21 ##### using /usr/share/sendmail-cf/ as configuration include directory |
22 ##### | |
23 ###################################################################### | |
24 ##### | |
25 ##### DO NOT EDIT THIS FILE! Only edit the source .mc file. | |
26 ##### | |
27 ###################################################################### | |
28 ###################################################################### | |
29 | |
30 ##### $Id$ ##### | |
31 ##### $Id$ ##### | |
94 | 32 |
33 ##### linux setup for Red Hat Linux ##### | |
0 | 34 |
35 ##### $Id$ ##### | |
36 | |
37 | |
38 | |
39 ##### $Id$ ##### | |
40 | |
94 | 41 |
42 | |
43 | |
44 | |
45 | |
46 | |
47 | |
48 | |
49 | |
50 | |
51 | |
52 | |
53 | |
54 | |
55 | |
56 | |
57 | |
58 | |
59 | |
60 | |
61 | |
62 | |
63 | |
64 | |
65 | |
66 | |
67 | |
68 | |
0 | 69 |
70 ##### $Id$ ##### | |
94 | 71 |
0 | 72 |
73 ##### $Id$ ##### | |
74 | |
75 ##### $Id$ ##### | |
94 | 76 |
77 | |
78 ##### $Id$ ##### | |
79 | |
80 | |
0 | 81 |
82 ##### $Id$ ##### | |
83 | |
94 | 84 |
85 | |
86 ##### $Id$ ##### | |
87 | |
88 | |
89 ##### $Id$ ##### | |
90 | |
0 | 91 |
92 ##### $Id$ ##### | |
93 | |
94 | |
95 ##### $Id$ ##### | |
94 | 96 |
0 | 97 |
98 ##### $Id$ ##### | |
99 | |
100 | |
101 ##### $Id$ ##### | |
102 | |
90
962a1f8f1d9f
add verify statement to verify addresses with better mx host
carl
parents:
59
diff
changeset
|
103 |
962a1f8f1d9f
add verify statement to verify addresses with better mx host
carl
parents:
59
diff
changeset
|
104 ##### $Id$ ##### |
962a1f8f1d9f
add verify statement to verify addresses with better mx host
carl
parents:
59
diff
changeset
|
105 |
0 | 106 |
107 | |
94 | 108 |
109 | |
110 | |
0 | 111 |
112 | |
113 ##### $Id$ ##### | |
114 | |
115 # level 10 config file format | |
116 V10/Berkeley | |
117 | |
118 # override file safeties - setting this option compromises system security, | |
119 # addressing the actual file configuration problem is preferred | |
120 # need to set this before any file actions are encountered in the cf file | |
121 #O DontBlameSendmail=safe | |
122 | |
123 # default LDAP map specification | |
124 # need to set this now before any LDAP maps are defined | |
125 #O LDAPDefaultSpec=-h localhost | |
126 | |
127 ################## | |
128 # local info # | |
129 ################## | |
130 | |
131 # my LDAP cluster | |
132 # need to set this before any LDAP lookups are done (including classes) | |
133 #D{sendmailMTACluster}$m | |
134 | |
135 Cwlocalhost | |
136 # file containing names of hosts for which we receive email | |
137 Fw/etc/mail/sendmail.cw | |
138 | |
139 # my official domain name | |
140 # ... define this only if sendmail cannot automatically determine your domain | |
141 #Dj$w.Foo.COM | |
142 | |
90
962a1f8f1d9f
add verify statement to verify addresses with better mx host
carl
parents:
59
diff
changeset
|
143 # host/domain names ending with a token in class P are canonical |
0 | 144 CP. |
145 | |
146 # "Smart" relay host (may be null) | |
147 DS | |
148 | |
149 | |
150 # operators that cannot be in local usernames (i.e., network indicators) | |
151 CO @ % ! | |
152 | |
153 # a class with just dot (for identifying canonical names) | |
154 C.. | |
155 | |
156 # a class with just a left bracket (for identifying domain literals) | |
157 C[[ | |
158 | |
159 # access_db acceptance class | |
160 C{Accept}OK RELAY | |
161 | |
162 | |
163 # Resolve map (to check if a host exists in check_mail) | |
164 Kresolve host -a<OKR> -T<TEMP> | |
165 C{ResOk}OKR | |
166 | |
167 | |
168 # Hosts for which relaying is permitted ($=R) | |
169 FR/etc/mail/relay-domains | |
170 | |
171 # arithmetic map | |
172 Karith arith | |
173 # macro storage map | |
174 Kmacro macro | |
175 # possible values for TLS_connection in access map | |
90
962a1f8f1d9f
add verify statement to verify addresses with better mx host
carl
parents:
59
diff
changeset
|
176 C{Tls}VERIFY ENCR |
0 | 177 |
178 | |
179 | |
180 | |
181 | |
182 # dequoting map | |
183 Kdequote dequote | |
184 | |
185 # class E: names that should be exposed as from this host, even if we masquerade | |
186 # class L: names that should be delivered locally, even if we have a relay | |
187 # class M: domains that should be converted to $M | |
188 # class N: domains that should not be converted to $M | |
189 #CL root | |
190 F{VirtHost}/etc/mail/virtual-host-domains | |
191 | |
192 C{TrustAuthMech}LOGIN PLAIN | |
193 CR$={VirtHost} | |
194 | |
195 | |
196 | |
197 # my name for error messages | |
198 DnMAILER-DAEMON | |
199 | |
200 | |
201 CPREDIRECT | |
202 | |
203 # Access list database (for spam stomping) | |
204 Kaccess hash -T<TMPF> /etc/mail/access.db | |
205 | |
206 # Mailer table (overriding domains) | |
207 Kmailertable hash /etc/mail/mailertable.db | |
208 | |
209 # Virtual user table (maps incoming users) | |
210 Kvirtuser hash /etc/mail/virtusertable.db | |
211 | |
212 # Generics table (mapping outgoing addresses) | |
213 Kgenerics hash /etc/mail/genericstable.db | |
214 | |
215 # Configuration version number | |
90
962a1f8f1d9f
add verify statement to verify addresses with better mx host
carl
parents:
59
diff
changeset
|
216 DZ8.13.1 |
0 | 217 |
218 | |
219 ############### | |
220 # Options # | |
221 ############### | |
222 | |
223 # strip message body to 7 bits on input? | |
224 O SevenBitInput=False | |
225 | |
226 # 8-bit data handling | |
227 #O EightBitMode=pass8 | |
228 | |
229 # wait for alias file rebuild (default units: minutes) | |
230 O AliasWait=10 | |
231 | |
232 # location of alias file | |
233 O AliasFile=/etc/mail/aliases | |
234 | |
235 # minimum number of free blocks on filesystem | |
236 O MinFreeBlocks=100 | |
237 | |
238 # maximum message size | |
239 O MaxMessageSize=30000000 | |
240 | |
241 # substitution for space (blank) characters | |
242 O BlankSub=. | |
243 | |
244 # avoid connecting to "expensive" mailers on initial submission? | |
245 O HoldExpensive=False | |
246 | |
247 # checkpoint queue runs after every N successful deliveries | |
248 #O CheckpointInterval=10 | |
249 | |
250 # default delivery mode | |
251 O DeliveryMode=background | |
252 | |
253 # error message header/file | |
254 #O ErrorHeader=/etc/mail/error-header | |
255 | |
256 # error mode | |
257 #O ErrorMode=print | |
258 | |
259 # save Unix-style "From_" lines at top of header? | |
260 #O SaveFromLine=False | |
261 | |
262 # queue file mode (qf files) | |
263 #O QueueFileMode=0600 | |
264 | |
265 # temporary file mode | |
266 O TempFileMode=0600 | |
267 | |
268 # match recipients against GECOS field? | |
269 #O MatchGECOS=False | |
270 | |
271 # maximum hop count | |
272 #O MaxHopCount=25 | |
273 | |
274 # location of help file | |
275 O HelpFile=/etc/mail/helpfile | |
276 | |
277 # ignore dots as terminators in incoming messages? | |
278 #O IgnoreDots=False | |
279 | |
280 # name resolver options | |
281 #O ResolverOptions=+AAONLY | |
282 | |
283 # deliver MIME-encapsulated error messages? | |
284 O SendMimeErrors=True | |
285 | |
286 # Forward file search path | |
287 O ForwardPath=$z/.forward.$w:$z/.forward | |
288 | |
289 # open connection cache size | |
290 O ConnectionCacheSize=2 | |
291 | |
292 # open connection cache timeout | |
293 O ConnectionCacheTimeout=5m | |
294 | |
295 # persistent host status directory | |
296 #O HostStatusDirectory=.hoststat | |
297 | |
298 # single thread deliveries (requires HostStatusDirectory)? | |
299 #O SingleThreadDelivery=False | |
300 | |
301 # use Errors-To: header? | |
302 O UseErrorsTo=False | |
303 | |
304 # log level | |
305 O LogLevel=20 | |
306 | |
307 # send to me too, even in an alias expansion? | |
308 O MeToo=true | |
309 | |
310 # verify RHS in newaliases? | |
311 O CheckAliases=False | |
312 | |
313 # default messages to old style headers if no special punctuation? | |
314 O OldStyleHeaders=True | |
315 | |
316 # SMTP daemon options | |
317 | |
318 O DaemonPortOptions=port=26 | |
319 | |
320 # SMTP client options | |
321 #O ClientPortOptions=Family=inet, Address=0.0.0.0 | |
322 | |
323 # Modifiers to define {daemon_flags} for direct submissions | |
324 #O DirectSubmissionModifiers | |
325 | |
326 # Use as mail submission program? See sendmail/SECURITY | |
327 #O UseMSP | |
328 | |
329 # privacy flags | |
330 O PrivacyOptions=goaway,nobodyreturn,noreceipts | |
331 | |
332 # who (if anyone) should get extra copies of error messages | |
333 #O PostmasterCopy=Postmaster | |
334 | |
335 # slope of queue-only function | |
336 #O QueueFactor=600000 | |
337 | |
338 # limit on number of concurrent queue runners | |
339 #O MaxQueueChildren | |
340 | |
341 # maximum number of queue-runners per queue-grouping with multiple queues | |
342 #O MaxRunnersPerQueue=1 | |
343 | |
344 # priority of queue runners (nice(3)) | |
345 #O NiceQueueRun | |
346 | |
347 # shall we sort the queue by hostname first? | |
348 #O QueueSortOrder=priority | |
349 | |
350 # minimum time in queue before retry | |
351 #O MinQueueAge=30m | |
352 | |
353 # how many jobs can you process in the queue? | |
354 #O MaxQueueRunSize=10000 | |
355 | |
356 # perform initial split of envelope without checking MX records | |
357 #O FastSplit=1 | |
358 | |
359 # queue directory | |
360 O QueueDirectory=/var/spool/mqueue | |
361 | |
362 # key for shared memory; 0 to turn off | |
363 #O SharedMemoryKey=0 | |
364 | |
365 | |
366 | |
367 # timeouts (many of these) | |
368 #O Timeout.initial=5m | |
369 O Timeout.connect=1m | |
370 #O Timeout.aconnect=0s | |
371 #O Timeout.iconnect=5m | |
372 #O Timeout.helo=5m | |
373 #O Timeout.mail=10m | |
374 #O Timeout.rcpt=1h | |
375 #O Timeout.datainit=5m | |
376 #O Timeout.datablock=1h | |
377 #O Timeout.datafinal=1h | |
378 #O Timeout.rset=5m | |
379 #O Timeout.quit=2m | |
380 #O Timeout.misc=2m | |
381 #O Timeout.command=1h | |
382 O Timeout.ident=0 | |
383 #O Timeout.fileopen=60s | |
384 #O Timeout.control=2m | |
385 O Timeout.queuereturn=5d | |
386 #O Timeout.queuereturn.normal=5d | |
387 #O Timeout.queuereturn.urgent=2d | |
388 #O Timeout.queuereturn.non-urgent=7d | |
90
962a1f8f1d9f
add verify statement to verify addresses with better mx host
carl
parents:
59
diff
changeset
|
389 #O Timeout.queuereturn.dsn=5d |
0 | 390 O Timeout.queuewarn=4h |
391 #O Timeout.queuewarn.normal=4h | |
392 #O Timeout.queuewarn.urgent=1h | |
393 #O Timeout.queuewarn.non-urgent=12h | |
90
962a1f8f1d9f
add verify statement to verify addresses with better mx host
carl
parents:
59
diff
changeset
|
394 #O Timeout.queuewarn.dsn=4h |
0 | 395 #O Timeout.hoststatus=30m |
396 #O Timeout.resolver.retrans=5s | |
397 #O Timeout.resolver.retrans.first=5s | |
398 #O Timeout.resolver.retrans.normal=5s | |
399 #O Timeout.resolver.retry=4 | |
400 #O Timeout.resolver.retry.first=4 | |
401 #O Timeout.resolver.retry.normal=4 | |
402 #O Timeout.lhlo=2m | |
403 #O Timeout.auth=10m | |
404 #O Timeout.starttls=1h | |
405 | |
406 # time for DeliverBy; extension disabled if less than 0 | |
407 #O DeliverByMin=0 | |
408 | |
409 # should we not prune routes in route-addr syntax addresses? | |
410 #O DontPruneRoutes=False | |
411 | |
412 # queue up everything before forking? | |
413 O SuperSafe=True | |
414 | |
415 # status file | |
90
962a1f8f1d9f
add verify statement to verify addresses with better mx host
carl
parents:
59
diff
changeset
|
416 O StatusFile=/usr/usr/cvs/gpl/dnsbl/sendmail.st |
0 | 417 |
418 # time zone handling: | |
419 # if undefined, use system default | |
420 # if defined but null, use TZ envariable passed in | |
421 # if defined and non-null, use that info | |
422 #O TimeZoneSpec= | |
423 | |
424 # default UID (can be username or userid:groupid) | |
425 O DefaultUser=8:12 | |
426 | |
427 # list of locations of user database file (null means no lookup) | |
428 #O UserDatabaseSpec=/etc/mail/userdb | |
429 | |
430 # fallback MX host | |
431 #O FallbackMXhost=fall.back.host.net | |
432 | |
90
962a1f8f1d9f
add verify statement to verify addresses with better mx host
carl
parents:
59
diff
changeset
|
433 # fallback smart host |
962a1f8f1d9f
add verify statement to verify addresses with better mx host
carl
parents:
59
diff
changeset
|
434 #O FallbackSmartHost=fall.back.host.net |
962a1f8f1d9f
add verify statement to verify addresses with better mx host
carl
parents:
59
diff
changeset
|
435 |
0 | 436 # if we are the best MX host for a site, try it directly instead of config err |
437 #O TryNullMXList=False | |
438 | |
439 # load average at which we just queue messages | |
440 O QueueLA=12 | |
441 | |
442 # load average at which we refuse connections | |
443 O RefuseLA=8 | |
444 | |
90
962a1f8f1d9f
add verify statement to verify addresses with better mx host
carl
parents:
59
diff
changeset
|
445 # log interval when refusing connections for this long |
962a1f8f1d9f
add verify statement to verify addresses with better mx host
carl
parents:
59
diff
changeset
|
446 #O RejectLogInterval=3h |
962a1f8f1d9f
add verify statement to verify addresses with better mx host
carl
parents:
59
diff
changeset
|
447 |
0 | 448 # load average at which we delay connections; 0 means no limit |
449 #O DelayLA=0 | |
450 | |
451 # maximum number of children we allow at one time | |
452 O MaxDaemonChildren=20 | |
453 | |
454 # maximum number of new connections per second | |
455 O ConnectionRateThrottle=1 | |
456 | |
90
962a1f8f1d9f
add verify statement to verify addresses with better mx host
carl
parents:
59
diff
changeset
|
457 # Width of the window |
962a1f8f1d9f
add verify statement to verify addresses with better mx host
carl
parents:
59
diff
changeset
|
458 #O ConnectionRateWindowSize=60s |
962a1f8f1d9f
add verify statement to verify addresses with better mx host
carl
parents:
59
diff
changeset
|
459 |
0 | 460 # work recipient factor |
461 #O RecipientFactor=30000 | |
462 | |
463 # deliver each queued job in a separate process? | |
464 #O ForkEachJob=False | |
465 | |
466 # work class factor | |
467 #O ClassFactor=1800 | |
468 | |
469 # work time factor | |
470 #O RetryFactor=90000 | |
471 | |
472 # default character set | |
473 #O DefaultCharSet=iso-8859-1 | |
474 | |
475 # service switch file (name hardwired on Solaris, Ultrix, OSF/1, others) | |
476 #O ServiceSwitchFile=/etc/mail/service.switch | |
477 | |
478 # hosts file (normally /etc/hosts) | |
479 #O HostsFile=/etc/hosts | |
480 | |
481 # dialup line delay on connection failure | |
482 #O DialDelay=10s | |
483 | |
484 # action to take if there are no recipients in the message | |
485 #O NoRecipientAction=add-to-undisclosed | |
486 | |
487 # chrooted environment for writing to files | |
488 #O SafeFileEnvironment=/arch | |
489 | |
490 # are colons OK in addresses? | |
491 #O ColonOkInAddr=True | |
492 | |
493 # shall I avoid expanding CNAMEs (violates protocols)? | |
494 #O DontExpandCnames=False | |
495 | |
496 # SMTP initial login message (old $e macro) | |
497 O SmtpGreetingMessage=$j Sendmail $v/$Z; $b | |
498 | |
499 # UNIX initial From header format (old $l macro) | |
500 O UnixFromLine=From $g $d | |
501 | |
502 # From: lines that have embedded newlines are unwrapped onto one line | |
503 #O SingleLineFromHeader=False | |
504 | |
505 # Allow HELO SMTP command that does not include a host name | |
506 #O AllowBogusHELO=False | |
507 | |
508 # Characters to be quoted in a full name phrase (@,;:\()[] are automatic) | |
509 #O MustQuoteChars=. | |
510 | |
511 # delimiter (operator) characters (old $o macro) | |
512 O OperatorChars=.:%@!^/[]+ | |
513 | |
514 # shall I avoid calling initgroups(3) because of high NIS costs? | |
515 #O DontInitGroups=False | |
516 | |
517 # are group-writable :include: and .forward files (un)trustworthy? | |
518 # True (the default) means they are not trustworthy. | |
519 #O UnsafeGroupWrites=True | |
520 | |
521 | |
522 # where do errors that occur when sending errors get sent? | |
523 O DoubleBounceAddress | |
524 | |
525 # where to save bounces if all else fails | |
526 #O DeadLetterDrop=/var/tmp/dead.letter | |
527 | |
528 # what user id do we assume for the majority of the processing? | |
529 #O RunAsUser=sendmail | |
530 | |
531 # maximum number of recipients per SMTP envelope | |
90
962a1f8f1d9f
add verify statement to verify addresses with better mx host
carl
parents:
59
diff
changeset
|
532 #O MaxRecipientsPerMessage=0 |
0 | 533 |
534 # limit the rate recipients per SMTP envelope are accepted | |
535 # once the threshold number of recipients have been rejected | |
536 O BadRcptThrottle=2 | |
537 | |
538 # shall we get local names from our installed interfaces? | |
539 O DontProbeInterfaces=true | |
540 | |
541 # Return-Receipt-To: header implies DSN request | |
542 #O RrtImpliesDsn=False | |
543 | |
544 # override connection address (for testing) | |
545 #O ConnectOnlyTo=0.0.0.0 | |
546 | |
547 # Trusted user for file ownership and starting the daemon | |
548 #O TrustedUser=root | |
549 | |
550 # Control socket for daemon management | |
551 #O ControlSocketName=/var/spool/mqueue/.control | |
552 | |
553 # Maximum MIME header length to protect MUAs | |
554 #O MaxMimeHeaderLength=0/0 | |
555 | |
556 # Maximum length of the sum of all headers | |
557 #O MaxHeadersLength=32768 | |
558 | |
559 # Maximum depth of alias recursion | |
560 #O MaxAliasRecursion=10 | |
561 | |
562 # location of pid file | |
563 O PidFile=/var/run/sm-test.pid | |
564 | |
565 # Prefix string for the process title shown on 'ps' listings | |
566 #O ProcessTitlePrefix=prefix | |
567 | |
568 # Data file (df) memory-buffer file maximum size | |
569 #O DataFileBufferSize=4096 | |
570 | |
571 # Transcript file (xf) memory-buffer file maximum size | |
572 #O XscriptFileBufferSize=4096 | |
573 | |
574 # lookup type to find information about local mailboxes | |
575 #O MailboxDatabase=pw | |
576 | |
90
962a1f8f1d9f
add verify statement to verify addresses with better mx host
carl
parents:
59
diff
changeset
|
577 # override compile time flag REQUIRES_DIR_FSYNC |
962a1f8f1d9f
add verify statement to verify addresses with better mx host
carl
parents:
59
diff
changeset
|
578 #O RequiresDirfsync=true |
962a1f8f1d9f
add verify statement to verify addresses with better mx host
carl
parents:
59
diff
changeset
|
579 |
0 | 580 # list of authentication mechanisms |
581 O AuthMechanisms=LOGIN PLAIN | |
582 | |
90
962a1f8f1d9f
add verify statement to verify addresses with better mx host
carl
parents:
59
diff
changeset
|
583 # Authentication realm |
962a1f8f1d9f
add verify statement to verify addresses with better mx host
carl
parents:
59
diff
changeset
|
584 #O AuthRealm |
962a1f8f1d9f
add verify statement to verify addresses with better mx host
carl
parents:
59
diff
changeset
|
585 |
0 | 586 # default authentication information for outgoing connections |
587 #O DefaultAuthInfo=/etc/mail/default-auth-info | |
588 | |
589 # SMTP AUTH flags | |
590 O AuthOptions=A | |
591 | |
592 # SMTP AUTH maximum encryption strength | |
593 #O AuthMaxBits | |
594 | |
595 # SMTP STARTTLS server options | |
596 #O TLSSrvOptions | |
597 | |
598 # Input mail filters | |
599 O InputMailFilters=dnsbl | |
600 | |
601 # Milter options | |
602 #O Milter.LogLevel | |
603 O Milter.macros.connect=j, _, {daemon_name}, {if_name}, {if_addr} | |
604 O Milter.macros.helo={tls_version}, {cipher}, {cipher_bits}, {cert_subject}, {cert_issuer} | |
605 O Milter.macros.envfrom=i, {auth_type}, {auth_authen}, {auth_ssf}, {auth_author}, {mail_mailer}, {mail_host}, {mail_addr} | |
606 O Milter.macros.envrcpt={rcpt_mailer}, {rcpt_host}, {rcpt_addr} | |
90
962a1f8f1d9f
add verify statement to verify addresses with better mx host
carl
parents:
59
diff
changeset
|
607 O Milter.macros.eom={msg_id} |
0 | 608 |
609 # CA directory | |
610 #O CACertPath | |
611 # CA file | |
612 #O CACertFile | |
613 # Server Cert | |
614 #O ServerCertFile | |
615 # Server private key | |
616 #O ServerKeyFile | |
617 # Client Cert | |
618 #O ClientCertFile | |
619 # Client private key | |
620 #O ClientKeyFile | |
90
962a1f8f1d9f
add verify statement to verify addresses with better mx host
carl
parents:
59
diff
changeset
|
621 # File containing certificate revocation lists |
962a1f8f1d9f
add verify statement to verify addresses with better mx host
carl
parents:
59
diff
changeset
|
622 #O CRLFile |
0 | 623 # DHParameters (only required if DSA/DH is used) |
624 #O DHParameters | |
625 # Random data source (required for systems without /dev/urandom under OpenSSL) | |
626 #O RandFile | |
627 | |
628 ############################ | |
629 # QUEUE GROUP DEFINITIONS # | |
630 ############################ | |
631 | |
632 | |
633 ########################### | |
634 # Message precedences # | |
635 ########################### | |
636 | |
637 Pfirst-class=0 | |
638 Pspecial-delivery=100 | |
639 Plist=-30 | |
640 Pbulk=-60 | |
641 Pjunk=-100 | |
642 | |
643 ##################### | |
644 # Trusted users # | |
645 ##################### | |
646 | |
647 # this is equivalent to setting class "t" | |
648 Ft/etc/mail/sendmail.ct | |
649 Troot | |
650 Tdaemon | |
651 Tuucp | |
652 | |
653 ######################### | |
654 # Format of headers # | |
655 ######################### | |
656 | |
657 H?P?Return-Path: <$g> | |
658 HReceived: $?sfrom $s $.$?_($?s$|from $.$_) | |
659 $.$?{auth_type}(authenticated$?{auth_ssf} bits=${auth_ssf}$.) | |
660 $.by $j ($v/$Z)$?r with $r$. id $i$?{tls_version} | |
661 (version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify})$.$?u | |
662 for $u; $|; | |
663 $.$b | |
664 H?D?Resent-Date: $a | |
665 H?D?Date: $a | |
666 H?F?Resent-From: $?x$x <$g>$|$g$. | |
667 H?F?From: $?x$x <$g>$|$g$. | |
668 H?x?Full-Name: $x | |
669 # HPosted-Date: $a | |
670 # H?l?Received-Date: $b | |
671 H?M?Resent-Message-Id: <$t.$i@$j> | |
672 H?M?Message-Id: <$t.$i@$j> | |
673 | |
674 # | |
675 ###################################################################### | |
676 ###################################################################### | |
677 ##### | |
678 ##### REWRITING RULES | |
679 ##### | |
680 ###################################################################### | |
681 ###################################################################### | |
682 | |
683 ############################################ | |
684 ### Ruleset 3 -- Name Canonicalization ### | |
685 ############################################ | |
686 Scanonify=3 | |
687 | |
688 # handle null input (translate to <@> special case) | |
689 R$@ $@ <@> | |
690 | |
691 # strip group: syntax (not inside angle brackets!) and trailing semicolon | |
692 R$* $: $1 <@> mark addresses | |
693 R$* < $* > $* <@> $: $1 < $2 > $3 unmark <addr> | |
694 R@ $* <@> $: @ $1 unmark @host:... | |
695 R$* [ IPv6 : $+ ] <@> $: $1 [ IPv6 : $2 ] unmark IPv6 addr | |
696 R$* :: $* <@> $: $1 :: $2 unmark node::addr | |
697 R:include: $* <@> $: :include: $1 unmark :include:... | |
698 R$* : $* [ $* ] $: $1 : $2 [ $3 ] <@> remark if leading colon | |
699 R$* : $* <@> $: $2 strip colon if marked | |
700 R$* <@> $: $1 unmark | |
701 R$* ; $1 strip trailing semi | |
702 R$* < $+ :; > $* $@ $2 :; <@> catch <list:;> | |
703 R$* < $* ; > $1 < $2 > bogus bracketed semi | |
704 | |
705 # null input now results from list:; syntax | |
706 R$@ $@ :; <@> | |
707 | |
708 # strip angle brackets -- note RFC733 heuristic to get innermost item | |
709 R$* $: < $1 > housekeeping <> | |
710 R$+ < $* > < $2 > strip excess on left | |
711 R< $* > $+ < $1 > strip excess on right | |
712 R<> $@ < @ > MAIL FROM:<> case | |
713 R< $+ > $: $1 remove housekeeping <> | |
714 | |
715 # strip route address <@a,@b,@c:user@d> -> <user@d> | |
716 R@ $+ , $+ $2 | |
717 R@ [ $* ] : $+ $2 | |
718 R@ $+ : $+ $2 | |
719 | |
720 # find focus for list syntax | |
721 R $+ : $* ; @ $+ $@ $>Canonify2 $1 : $2 ; < @ $3 > list syntax | |
722 R $+ : $* ; $@ $1 : $2; list syntax | |
723 | |
724 # find focus for @ syntax addresses | |
725 R$+ @ $+ $: $1 < @ $2 > focus on domain | |
726 R$+ < $+ @ $+ > $1 $2 < @ $3 > move gaze right | |
727 R$+ < @ $+ > $@ $>Canonify2 $1 < @ $2 > already canonical | |
728 | |
729 | |
730 # convert old-style addresses to a domain-based address | |
731 R$- ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > resolve uucp names | |
732 R$+ . $- ! $+ $@ $>Canonify2 $3 < @ $1 . $2 > domain uucps | |
733 R$+ ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > uucp subdomains | |
734 | |
735 # if we have % signs, take the rightmost one | |
736 R$* % $* $1 @ $2 First make them all @s. | |
737 R$* @ $* @ $* $1 % $2 @ $3 Undo all but the last. | |
738 R$* @ $* $@ $>Canonify2 $1 < @ $2 > Insert < > and finish | |
739 | |
740 # else we must be a local name | |
741 R$* $@ $>Canonify2 $1 | |
742 | |
743 | |
744 ################################################ | |
745 ### Ruleset 96 -- bottom half of ruleset 3 ### | |
746 ################################################ | |
747 | |
748 SCanonify2=96 | |
749 | |
750 # handle special cases for local names | |
751 R$* < @ localhost > $* $: $1 < @ $j . > $2 no domain at all | |
752 R$* < @ localhost . $m > $* $: $1 < @ $j . > $2 local domain | |
753 R$* < @ localhost . UUCP > $* $: $1 < @ $j . > $2 .UUCP domain | |
754 | |
755 # check for IPv4/IPv6 domain literal | |
756 R$* < @ [ $+ ] > $* $: $1 < @@ [ $2 ] > $3 mark [addr] | |
757 R$* < @@ $=w > $* $: $1 < @ $j . > $3 self-literal | |
758 R$* < @@ $+ > $* $@ $1 < @ $2 > $3 canon IP addr | |
759 | |
760 | |
761 | |
762 | |
763 | |
764 # if really UUCP, handle it immediately | |
765 | |
766 # try UUCP traffic as a local address | |
767 R$* < @ $+ . UUCP > $* $: $1 < @ $[ $2 $] . UUCP . > $3 | |
768 R$* < @ $+ . . UUCP . > $* $@ $1 < @ $2 . > $3 | |
769 | |
770 # hostnames ending in class P are always canonical | |
771 R$* < @ $* $=P > $* $: $1 < @ $2 $3 . > $4 | |
772 R$* < @ $* $~P > $* $: $&{daemon_flags} $| $1 < @ $2 $3 > $4 | |
773 R$* CC $* $| $* < @ $+.$+ > $* $: $3 < @ $4.$5 . > $6 | |
774 R$* CC $* $| $* $: $3 | |
775 # pass to name server to make hostname canonical | |
776 R$* $| $* < @ $* > $* $: $2 < @ $[ $3 $] > $4 | |
777 R$* $| $* $: $2 | |
778 | |
779 # local host aliases and pseudo-domains are always canonical | |
780 R$* < @ $=w > $* $: $1 < @ $2 . > $3 | |
781 R$* < @ $=M > $* $: $1 < @ $2 . > $3 | |
782 R$* < @ $={VirtHost} > $* $: $1 < @ $2 . > $3 | |
783 R$* < @ $=G > $* $: $1 < @ $2 . > $3 | |
784 R$* < @ $* . . > $* $1 < @ $2 . > $3 | |
785 | |
786 | |
787 ################################################## | |
788 ### Ruleset 4 -- Final Output Post-rewriting ### | |
789 ################################################## | |
790 Sfinal=4 | |
791 | |
792 R$+ :; <@> $@ $1 : handle <list:;> | |
793 R$* <@> $@ handle <> and list:; | |
794 | |
795 # strip trailing dot off possibly canonical name | |
796 R$* < @ $+ . > $* $1 < @ $2 > $3 | |
797 | |
798 # eliminate internal code | |
799 R$* < @ *LOCAL* > $* $1 < @ $j > $2 | |
800 | |
801 # externalize local domain info | |
802 R$* < $+ > $* $1 $2 $3 defocus | |
803 R@ $+ : @ $+ : $+ @ $1 , @ $2 : $3 <route-addr> canonical | |
804 R@ $* $@ @ $1 ... and exit | |
805 | |
806 # UUCP must always be presented in old form | |
807 R$+ @ $- . UUCP $2!$1 u@h.UUCP => h!u | |
808 | |
809 # delete duplicate local names | |
810 R$+ % $=w @ $=w $1 @ $2 u%host@host => u@host | |
811 | |
812 | |
813 | |
814 ############################################################## | |
815 ### Ruleset 97 -- recanonicalize and call ruleset zero ### | |
816 ### (used for recursive calls) ### | |
817 ############################################################## | |
818 | |
819 SRecurse=97 | |
820 R$* $: $>canonify $1 | |
821 R$* $@ $>parse $1 | |
822 | |
823 | |
824 ###################################### | |
825 ### Ruleset 0 -- Parse Address ### | |
826 ###################################### | |
827 | |
828 Sparse=0 | |
829 | |
830 R$* $: $>Parse0 $1 initial parsing | |
831 R<@> $#local $: <@> special case error msgs | |
832 R$* $: $>ParseLocal $1 handle local hacks | |
833 R$* $: $>Parse1 $1 final parsing | |
834 | |
835 # | |
836 # Parse0 -- do initial syntax checking and eliminate local addresses. | |
837 # This should either return with the (possibly modified) input | |
838 # or return with a #error mailer. It should not return with a | |
839 # #mailer other than the #error mailer. | |
840 # | |
841 | |
842 SParse0 | |
843 R<@> $@ <@> special case error msgs | |
844 R$* : $* ; <@> $#error $@ 5.1.3 $: "553 List:; syntax illegal for recipient addresses" | |
845 R@ <@ $* > < @ $1 > catch "@@host" bogosity | |
846 R<@ $+> $#error $@ 5.1.3 $: "553 User address required" | |
847 R$+ <@> $#error $@ 5.1.3 $: "553 Hostname required" | |
848 R$* $: <> $1 | |
849 R<> $* < @ [ $* ] : $+ > $* $1 < @ [ $2 ] : $3 > $4 | |
850 R<> $* < @ [ $* ] , $+ > $* $1 < @ [ $2 ] , $3 > $4 | |
851 R<> $* < @ [ $* ] $+ > $* $#error $@ 5.1.2 $: "553 Invalid address" | |
852 R<> $* < @ [ $+ ] > $* $1 < @ [ $2 ] > $3 | |
853 R<> $* <$* : $* > $* $#error $@ 5.1.3 $: "553 Colon illegal in host name part" | |
854 R<> $* $1 | |
855 R$* < @ . $* > $* $#error $@ 5.1.2 $: "553 Invalid host name" | |
856 R$* < @ $* .. $* > $* $#error $@ 5.1.2 $: "553 Invalid host name" | |
857 R$* < @ $* @ > $* $#error $@ 5.1.2 $: "553 Invalid route address" | |
858 R$* @ $* < @ $* > $* $#error $@ 5.1.3 $: "553 Invalid route address" | |
859 R$* , $~O $* $#error $@ 5.1.3 $: "553 Invalid route address" | |
860 | |
861 | |
862 # now delete the local info -- note $=O to find characters that cause forwarding | |
863 R$* < @ > $* $@ $>Parse0 $>canonify $1 user@ => user | |
864 R< @ $=w . > : $* $@ $>Parse0 $>canonify $2 @here:... -> ... | |
865 R$- < @ $=w . > $: $(dequote $1 $) < @ $2 . > dequote "foo"@here | |
866 R< @ $+ > $#error $@ 5.1.3 $: "553 User address required" | |
867 R$* $=O $* < @ $=w . > $@ $>Parse0 $>canonify $1 $2 $3 ...@here -> ... | |
868 R$- $: $(dequote $1 $) < @ *LOCAL* > dequote "foo" | |
869 R< @ *LOCAL* > $#error $@ 5.1.3 $: "553 User address required" | |
870 R$* $=O $* < @ *LOCAL* > | |
871 $@ $>Parse0 $>canonify $1 $2 $3 ...@*LOCAL* -> ... | |
872 R$* < @ *LOCAL* > $: $1 | |
873 | |
874 # | |
875 # Parse1 -- the bottom half of ruleset 0. | |
876 # | |
877 | |
878 SParse1 | |
879 | |
880 # handle numeric address spec | |
881 R$* < @ [ $+ ] > $* $: $>ParseLocal $1 < @ [ $2 ] > $3 numeric internet spec | |
90
962a1f8f1d9f
add verify statement to verify addresses with better mx host
carl
parents:
59
diff
changeset
|
882 R$* < @ [ $+ ] > $* $: $1 < @ [ $2 ] : $S > $3 Add smart host to path |
0 | 883 R$* < @ [ $+ ] : > $* $#esmtp $@ [$2] $: $1 < @ [$2] > $3 no smarthost: send |
884 R$* < @ [ $+ ] : $- : $*> $* $#$3 $@ $4 $: $1 < @ [$2] > $5 smarthost with mailer | |
885 R$* < @ [ $+ ] : $+ > $* $#esmtp $@ $3 $: $1 < @ [$2] > $4 smarthost without mailer | |
886 | |
887 # handle virtual users | |
888 R$+ $: <!> $1 Mark for lookup | |
889 R<!> $+ < @ $={VirtHost} . > $: < $(virtuser $1 @ $2 $@ $1 $: @ $) > $1 < @ $2 . > | |
890 R<!> $+ < @ $=w . > $: < $(virtuser $1 @ $2 $@ $1 $: @ $) > $1 < @ $2 . > | |
891 R<@> $+ + $+ < @ $* . > | |
892 $: < $(virtuser $1 + + @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . > | |
893 R<@> $+ + $* < @ $* . > | |
894 $: < $(virtuser $1 + * @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . > | |
895 R<@> $+ + $* < @ $* . > | |
896 $: < $(virtuser $1 @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . > | |
897 R<@> $+ + $+ < @ $+ . > $: < $(virtuser + + @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . > | |
898 R<@> $+ + $* < @ $+ . > $: < $(virtuser + * @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . > | |
899 R<@> $+ + $* < @ $+ . > $: < $(virtuser @ $3 $@ $1 $@ $2 $@ +$2 $: ! $) > $1 + $2 < @ $3 . > | |
900 R<@> $+ < @ $+ . > $: < $(virtuser @ $2 $@ $1 $: @ $) > $1 < @ $2 . > | |
901 R<@> $+ $: $1 | |
902 R<!> $+ $: $1 | |
903 R< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4 | |
904 R< error : $- $+ > $* $#error $@ $(dequote $1 $) $: $2 | |
905 R< $+ > $+ < @ $+ > $: $>Recurse $1 | |
906 | |
907 # short circuit local delivery so forwarded email works | |
908 | |
909 | |
910 R$=L < @ $=w . > $#local $: @ $1 special local names | |
911 R$+ < @ $=w . > $#local $: $1 regular local name | |
912 | |
913 # not local -- try mailer table lookup | |
914 R$* <@ $+ > $* $: < $2 > $1 < @ $2 > $3 extract host name | |
915 R< $+ . > $* $: < $1 > $2 strip trailing dot | |
916 R< $+ > $* $: < $(mailertable $1 $) > $2 lookup | |
917 R< $~[ : $* > $* $>MailerToTriple < $1 : $2 > $3 check -- resolved? | |
918 R< $+ > $* $: $>Mailertable <$1> $2 try domain | |
919 | |
920 # resolve remotely connected UUCP links (if any) | |
921 | |
922 # resolve fake top level domains by forwarding to other hosts | |
923 | |
924 | |
925 | |
926 # pass names that still have a host to a smarthost (if defined) | |
927 R$* < @ $* > $* $: $>MailerToTriple < $S > $1 < @ $2 > $3 glue on smarthost name | |
928 | |
929 # deal with other remote names | |
930 R$* < @$* > $* $#esmtp $@ $2 $: $1 < @ $2 > $3 user@host.domain | |
931 | |
932 # handle locally delivered names | |
933 R$=L $#local $: @ $1 special local names | |
934 R$+ $#local $: $1 regular local names | |
935 | |
936 ########################################################################### | |
937 ### Ruleset 5 -- special rewriting after aliases have been expanded ### | |
938 ########################################################################### | |
939 | |
940 SLocal_localaddr | |
941 Slocaladdr=5 | |
942 R$+ $: $1 $| $>"Local_localaddr" $1 | |
943 R$+ $| $#ok $@ $1 no change | |
944 R$+ $| $#$* $#$2 | |
945 R$+ $| $* $: $1 | |
946 | |
947 | |
948 | |
949 | |
950 # deal with plussed users so aliases work nicely | |
951 R$+ + * $#local $@ $&h $: $1 | |
952 R$+ + $* $#local $@ + $2 $: $1 + * | |
953 | |
954 # prepend an empty "forward host" on the front | |
955 R$+ $: <> $1 | |
956 | |
957 | |
958 | |
959 R< > $+ $: < > < $1 <> $&h > nope, restore +detail | |
960 | |
961 R< > < $+ <> + $* > $: < > < $1 + $2 > check whether +detail | |
962 R< > < $+ <> $* > $: < > < $1 > else discard | |
963 R< > < $+ + $* > $* < > < $1 > + $2 $3 find the user part | |
964 R< > < $+ > + $* $#local $@ $2 $: @ $1 strip the extra + | |
965 R< > < $+ > $@ $1 no +detail | |
966 R$+ $: $1 <> $&h add +detail back in | |
967 | |
968 R$+ <> + $* $: $1 + $2 check whether +detail | |
969 R$+ <> $* $: $1 else discard | |
970 R< local : $* > $* $: $>MailerToTriple < local : $1 > $2 no host extension | |
971 R< error : $* > $* $: $>MailerToTriple < error : $1 > $2 no host extension | |
972 | |
973 R< $~[ : $+ > $+ $: $>MailerToTriple < $1 : $2 > $3 < @ $2 > | |
974 | |
975 R< $+ > $+ $@ $>MailerToTriple < $1 > $2 < @ $1 > | |
976 | |
977 | |
978 ################################################################### | |
979 ### Ruleset 90 -- try domain part of mailertable entry ### | |
980 ################################################################### | |
981 | |
982 SMailertable=90 | |
983 R$* <$- . $+ > $* $: $1$2 < $(mailertable .$3 $@ $1$2 $@ $2 $) > $4 | |
984 R$* <$~[ : $* > $* $>MailerToTriple < $2 : $3 > $4 check -- resolved? | |
985 R$* < . $+ > $* $@ $>Mailertable $1 . <$2> $3 no -- strip & try again | |
986 R$* < $* > $* $: < $(mailertable . $@ $1$2 $) > $3 try "." | |
987 R< $~[ : $* > $* $>MailerToTriple < $1 : $2 > $3 "." found? | |
988 R< $* > $* $@ $2 no mailertable match | |
989 | |
990 ################################################################### | |
991 ### Ruleset 95 -- canonify mailer:[user@]host syntax to triple ### | |
992 ################################################################### | |
993 | |
994 SMailerToTriple=95 | |
995 R< > $* $@ $1 strip off null relay | |
996 R< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4 | |
90
962a1f8f1d9f
add verify statement to verify addresses with better mx host
carl
parents:
59
diff
changeset
|
997 R< error : $- : $+ > $* $#error $@ $(dequote $1 $) $: $2 |
962a1f8f1d9f
add verify statement to verify addresses with better mx host
carl
parents:
59
diff
changeset
|
998 R< error : $+ > $* $#error $: $1 |
0 | 999 R< local : $* > $* $>CanonLocal < $1 > $2 |
1000 R< $~[ : $+ @ $+ > $*<$*>$* $# $1 $@ $3 $: $2<@$3> use literal user | |
1001 R< $~[ : $+ > $* $# $1 $@ $2 $: $3 try qualified mailer | |
1002 R< $=w > $* $@ $2 delete local host | |
1003 R< $+ > $* $#relay $@ $1 $: $2 use unqualified mailer | |
1004 | |
1005 ################################################################### | |
1006 ### Ruleset CanonLocal -- canonify local: syntax ### | |
1007 ################################################################### | |
1008 | |
1009 SCanonLocal | |
1010 # strip local host from routed addresses | |
1011 R< $* > < @ $+ > : $+ $@ $>Recurse $3 | |
1012 R< $* > $+ $=O $+ < @ $+ > $@ $>Recurse $2 $3 $4 | |
1013 | |
1014 # strip trailing dot from any host name that may appear | |
1015 R< $* > $* < @ $* . > $: < $1 > $2 < @ $3 > | |
1016 | |
1017 # handle local: syntax -- use old user, either with or without host | |
1018 R< > $* < @ $* > $* $#local $@ $1@$2 $: $1 | |
1019 R< > $+ $#local $@ $1 $: $1 | |
1020 | |
1021 # handle local:user@host syntax -- ignore host part | |
1022 R< $+ @ $+ > $* < @ $* > $: < $1 > $3 < @ $4 > | |
1023 | |
1024 # handle local:user syntax | |
1025 R< $+ > $* <@ $* > $* $#local $@ $2@$3 $: $1 | |
1026 R< $+ > $* $#local $@ $2 $: $1 | |
1027 | |
1028 ################################################################### | |
1029 ### Ruleset 93 -- convert header names to masqueraded form ### | |
1030 ################################################################### | |
1031 | |
1032 SMasqHdr=93 | |
1033 | |
1034 # handle generics database | |
1035 R$+ < @ $=G . > $: < $1@$2 > $1 < @ $2 . > @ mark | |
1036 R$+ < @ *LOCAL* > $: < $1@$j > $1 < @ *LOCAL* > @ mark | |
1037 R< $+ > $+ < $* > @ $: < $(generics $1 $: @ $1 $) > $2 < $3 > | |
1038 R<@$+ + $* @ $+> $+ < @ $+ > | |
1039 $: < $(generics $1+*@$3 $@ $2 $:@$1 + $2@$3 $) > $4 < @ $5 > | |
1040 R<@$+ + $* @ $+> $+ < @ $+ > | |
1041 $: < $(generics $1@$3 $: $) > $4 < @ $5 > | |
1042 R<@$+ > $+ < @ $+ > $: < > $2 < @ $3 > | |
1043 R< > $+ < @ $+ . > $: < $(generics @$2 $@ $1 $: $) > $1 < @ $2 . > | |
1044 R< > $+ < @ $+ > $: < $(generics $1 $: $) > $1 < @ $2 > | |
1045 R< > $+ + $* < @ $+ > $: < $(generics $1+* $@ $2 $: $) > $1 + $2 < @ $3 > | |
1046 R< > $+ + $* < @ $+ > $: < $(generics $1 $: $) > $1 + $2 < @ $3 > | |
1047 R< $* @ $* > $* < $* > $@ $>canonify $1 @ $2 found qualified | |
1048 R< $+ > $* < $* > $: $>canonify $1 @ *LOCAL* found unqualified | |
1049 R< > $* $: $1 not found | |
1050 | |
1051 # do not masquerade anything in class N | |
1052 R$* < @ $* $=N . > $@ $1 < @ $2 $3 . > | |
1053 | |
1054 R$* < @ *LOCAL* > $@ $1 < @ $j . > | |
1055 | |
1056 ################################################################### | |
1057 ### Ruleset 94 -- convert envelope names to masqueraded form ### | |
1058 ################################################################### | |
1059 | |
1060 SMasqEnv=94 | |
1061 R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2 | |
1062 | |
1063 ################################################################### | |
1064 ### Ruleset 98 -- local part of ruleset zero (can be null) ### | |
1065 ################################################################### | |
1066 | |
1067 SParseLocal=98 | |
1068 | |
1069 # addresses sent to foo@host.REDIRECT will give a 551 error code | |
1070 R$* < @ $+ .REDIRECT. > $: $1 < @ $2 . REDIRECT . > < ${opMode} > | |
1071 R$* < @ $+ .REDIRECT. > <i> $: $1 < @ $2 . REDIRECT. > | |
1072 R$* < @ $+ .REDIRECT. > < $- > $#error $@ 5.1.1 $: "551 User has moved; please try " <$1@$2> | |
1073 | |
1074 | |
1075 | |
1076 | |
1077 ###################################################################### | |
1078 ### D: LookUpDomain -- search for domain in access database | |
1079 ### | |
1080 ### Parameters: | |
1081 ### <$1> -- key (domain name) | |
1082 ### <$2> -- default (what to return if not found in db) | |
1083 ### <$3> -- mark (must be <(!|+) single-token>) | |
1084 ### ! does lookup only with tag | |
1085 ### + does lookup with and without tag | |
1086 ### <$4> -- passthru (additional data passed unchanged through) | |
1087 ###################################################################### | |
1088 | |
1089 SD | |
1090 R<$*> <$+> <$- $-> <$*> $: < $(access $4:$1 $: ? $) > <$1> <$2> <$3 $4> <$5> | |
1091 R<?> <$+> <$+> <+ $-> <$*> $: < $(access $1 $: ? $) > <$1> <$2> <+ $3> <$4> | |
1092 R<?> <[$+.$-]> <$+> <$- $-> <$*> $@ $>D <[$1]> <$3> <$4 $5> <$6> | |
1093 R<?> <[$+::$-]> <$+> <$- $-> <$*> $: $>D <[$1]> <$3> <$4 $5> <$6> | |
1094 R<?> <[$+:$-]> <$+> <$- $-> <$*> $: $>D <[$1]> <$3> <$4 $5> <$6> | |
1095 R<?> <$+.$+> <$+> <$- $-> <$*> $@ $>D <$2> <$3> <$4 $5> <$6> | |
1096 R<?> <$+> <$+> <$- $-> <$*> $@ <$2> <$5> | |
1097 R<$* <TMPF>> <$+> <$+> <$- $-> <$*> $@ <<TMPF>> <$6> | |
1098 R<$*> <$+> <$+> <$- $-> <$*> $@ <$1> <$6> | |
1099 | |
1100 ###################################################################### | |
1101 ### A: LookUpAddress -- search for host address in access database | |
1102 ### | |
1103 ### Parameters: | |
1104 ### <$1> -- key (dot quadded host address) | |
1105 ### <$2> -- default (what to return if not found in db) | |
1106 ### <$3> -- mark (must be <(!|+) single-token>) | |
1107 ### ! does lookup only with tag | |
1108 ### + does lookup with and without tag | |
1109 ### <$4> -- passthru (additional data passed through) | |
1110 ###################################################################### | |
1111 | |
1112 SA | |
1113 R<$+> <$+> <$- $-> <$*> $: < $(access $4:$1 $: ? $) > <$1> <$2> <$3 $4> <$5> | |
1114 R<?> <$+> <$+> <+ $-> <$*> $: < $(access $1 $: ? $) > <$1> <$2> <+ $3> <$4> | |
1115 R<?> <$+::$-> <$+> <$- $-> <$*> $@ $>A <$1> <$3> <$4 $5> <$6> | |
1116 R<?> <$+:$-> <$+> <$- $-> <$*> $@ $>A <$1> <$3> <$4 $5> <$6> | |
1117 R<?> <$+.$-> <$+> <$- $-> <$*> $@ $>A <$1> <$3> <$4 $5> <$6> | |
1118 R<?> <$+> <$+> <$- $-> <$*> $@ <$2> <$5> | |
1119 R<$* <TMPF>> <$+> <$+> <$- $-> <$*> $@ <<TMPF>> <$6> | |
1120 R<$*> <$+> <$+> <$- $-> <$*> $@ <$1> <$6> | |
1121 | |
1122 ###################################################################### | |
1123 ### CanonAddr -- Convert an address into a standard form for | |
1124 ### relay checking. Route address syntax is | |
1125 ### crudely converted into a %-hack address. | |
1126 ### | |
1127 ### Parameters: | |
1128 ### $1 -- full recipient address | |
1129 ### | |
1130 ### Returns: | |
1131 ### parsed address, not in source route form | |
1132 ###################################################################### | |
1133 | |
1134 SCanonAddr | |
1135 R$* $: $>Parse0 $>canonify $1 make domain canonical | |
1136 | |
1137 | |
1138 ###################################################################### | |
1139 ### ParseRecipient -- Strip off hosts in $=R as well as possibly | |
1140 ### $* $=m or the access database. | |
1141 ### Check user portion for host separators. | |
1142 ### | |
1143 ### Parameters: | |
1144 ### $1 -- full recipient address | |
1145 ### | |
1146 ### Returns: | |
1147 ### parsed, non-local-relaying address | |
1148 ###################################################################### | |
1149 | |
1150 SParseRecipient | |
1151 R$* $: <?> $>CanonAddr $1 | |
1152 R<?> $* < @ $* . > <?> $1 < @ $2 > strip trailing dots | |
1153 R<?> $- < @ $* > $: <?> $(dequote $1 $) < @ $2 > dequote local part | |
1154 | |
1155 # if no $=O character, no host in the user portion, we are done | |
1156 R<?> $* $=O $* < @ $* > $: <NO> $1 $2 $3 < @ $4> | |
1157 R<?> $* $@ $1 | |
1158 | |
1159 | |
1160 R<NO> $* < @ $=R > $: <RELAY> $1 < @ $2 > | |
1161 R<NO> $* < @ $+ > $: <$(access To:$2 $: NO $)> $1 < @ $2 > | |
1162 R<NO> $* < @ $+ > $: <$(access $2 $: NO $)> $1 < @ $2 > | |
1163 | |
1164 | |
1165 | |
1166 R<RELAY> $* < @ $* > $@ $>ParseRecipient $1 | |
1167 R<$+> $* $@ $2 | |
1168 | |
1169 | |
1170 ###################################################################### | |
1171 ### check_relay -- check hostname/address on SMTP startup | |
1172 ###################################################################### | |
1173 | |
90
962a1f8f1d9f
add verify statement to verify addresses with better mx host
carl
parents:
59
diff
changeset
|
1174 |
962a1f8f1d9f
add verify statement to verify addresses with better mx host
carl
parents:
59
diff
changeset
|
1175 |
0 | 1176 SLocal_check_relay |
1177 Scheckrelay | |
1178 R$* $: $1 $| $>"Local_check_relay" $1 | |
1179 R$* $| $* $| $#$* $#$3 | |
1180 R$* $| $* $| $* $@ $>"Basic_check_relay" $1 $| $2 | |
1181 | |
1182 SBasic_check_relay | |
1183 # check for deferred delivery mode | |
1184 R$* $: < $&{deliveryMode} > $1 | |
1185 R< d > $* $@ deferred | |
1186 R< $* > $* $: $2 | |
1187 | |
1188 R$+ $| $+ $: $>D < $1 > <?> <+ Connect> < $2 > | |
1189 R $| $+ $: $>A < $1 > <?> <+ Connect> <> empty client_name | |
1190 R<?> <$+> $: $>A < $1 > <?> <+ Connect> <> no: another lookup | |
1191 R<?> <$*> $: OK found nothing | |
1192 R<$={Accept}> <$*> $@ $1 return value of lookup | |
1193 R<REJECT> <$*> $#error $@ 5.7.1 $: "550 Access denied" | |
1194 R<DISCARD> <$*> $#discard $: discard | |
90
962a1f8f1d9f
add verify statement to verify addresses with better mx host
carl
parents:
59
diff
changeset
|
1195 R<QUARANTINE:$+> <$*> $#error $@ quarantine $: $1 |
0 | 1196 R<ERROR:$-.$-.$-:$+> <$*> $#error $@ $1.$2.$3 $: $4 |
1197 R<ERROR:$+> <$*> $#error $: $1 | |
1198 R<$* <TMPF>> <$*> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later." | |
1199 R<$+> <$*> $#error $: $1 | |
1200 | |
1201 | |
1202 | |
1203 ###################################################################### | |
1204 ### check_mail -- check SMTP `MAIL FROM:' command argument | |
1205 ###################################################################### | |
1206 | |
1207 SLocal_check_mail | |
1208 Scheckmail | |
1209 R$* $: $1 $| $>"Local_check_mail" $1 | |
1210 R$* $| $#$* $#$2 | |
1211 R$* $| $* $@ $>"Basic_check_mail" $1 | |
1212 | |
1213 SBasic_check_mail | |
1214 # check for deferred delivery mode | |
1215 R$* $: < $&{deliveryMode} > $1 | |
1216 R< d > $* $@ deferred | |
1217 R< $* > $* $: $2 | |
1218 | |
1219 # authenticated? | |
1220 R$* $: $1 $| $>"tls_client" $&{verify} $| MAIL | |
1221 R$* $| $#$+ $#$2 | |
1222 R$* $| $* $: $1 | |
1223 | |
1224 R<> $@ <OK> we MUST accept <> (RFC 1123) | |
1225 R$+ $: <?> $1 | |
1226 R<?><$+> $: <@> <$1> | |
1227 R<?>$+ $: <@> <$1> | |
1228 R$* $: $&{daemon_flags} $| $1 | |
1229 R$* f $* $| <@> < $* @ $- > $: < ? $&{client_name} > < $3 @ $4 > | |
1230 R$* u $* $| <@> < $* > $: <?> < $3 > | |
1231 R$* $| $* $: $2 | |
1232 # handle case of @localhost on address | |
1233 R<@> < $* @ localhost > $: < ? $&{client_name} > < $1 @ localhost > | |
1234 R<@> < $* @ [127.0.0.1] > | |
1235 $: < ? $&{client_name} > < $1 @ [127.0.0.1] > | |
1236 R<@> < $* @ localhost.$m > | |
1237 $: < ? $&{client_name} > < $1 @ localhost.$m > | |
1238 R<@> < $* @ localhost.UUCP > | |
1239 $: < ? $&{client_name} > < $1 @ localhost.UUCP > | |
1240 R<@> $* $: $1 no localhost as domain | |
1241 R<? $=w> $* $: $2 local client: ok | |
1242 R<? $+> <$+> $#error $@ 5.5.4 $: "553 Real domain name required for sender address" | |
1243 R<?> $* $: $1 | |
1244 R$* $: <?> $>CanonAddr $1 canonify sender address and mark it | |
1245 R<?> $* < @ $+ . > <?> $1 < @ $2 > strip trailing dots | |
1246 # handle non-DNS hostnames (*.bitnet, *.decnet, *.uucp, etc) | |
1247 R<?> $* < @ $* $=P > $: <OKR> $1 < @ $2 $3 > | |
1248 R<?> $* < @ $j > $: <OKR> $1 < @ $j > | |
1249 R<?> $* < @ $+ > $: <? $(resolve $2 $: $2 <PERM> $) > $1 < @ $2 > | |
1250 R<? $* <$->> $* < @ $+ > | |
1251 $: <$2> $3 < @ $4 > | |
1252 | |
1253 # check sender address: user@address, user@, address | |
1254 R<$+> $+ < @ $* > $: @<$1> <$2 < @ $3 >> $| <F:$2@$3> <U:$2@> <D:$3> | |
1255 R<$+> $+ $: @<$1> <$2> $| <U:$2@> | |
1256 R@ <$+> <$*> $| <$+> $: <@> <$1> <$2> $| $>SearchList <+ From> $| <$3> <> | |
1257 R<@> <$+> <$*> $| <$*> $: <$3> <$1> <$2> reverse result | |
1258 # retransform for further use | |
1259 R<?> <$+> <$*> $: <$1> $2 no match | |
1260 R<$+> <$+> <$*> $: <$1> $3 relevant result, keep it | |
1261 | |
1262 # handle case of no @domain on address | |
1263 R<?> $* $: $&{daemon_flags} $| <?> $1 | |
1264 R$* u $* $| <?> $* $: <OKR> $3 | |
1265 R$* $| $* $: $2 | |
1266 R<?> $* $: < ? $&{client_addr} > $1 | |
1267 R<?> $* $@ <OKR> ...local unqualed ok | |
1268 R<? $+> $* $#error $@ 5.5.4 $: "553 Domain name required for sender address " $&f | |
1269 ...remote is not | |
1270 # check results | |
1271 R<?> $* $: @ $1 mark address: nothing known about it | |
1272 R<$={ResOk}> $* $@ <OKR> domain ok: stop | |
1273 R<TEMP> $* $#error $@ 4.1.8 $: "451 Domain of sender address " $&f " does not resolve" | |
1274 R<PERM> $* $#error $@ 5.1.8 $: "553 Domain of sender address " $&f " does not exist" | |
1275 R<$={Accept}> $* $# $1 accept from access map | |
1276 R<DISCARD> $* $#discard $: discard | |
90
962a1f8f1d9f
add verify statement to verify addresses with better mx host
carl
parents:
59
diff
changeset
|
1277 R<QUARANTINE:$+> $* $#error $@ quarantine $: $1 |
0 | 1278 R<REJECT> $* $#error $@ 5.7.1 $: "550 Access denied" |
1279 R<ERROR:$-.$-.$-:$+> $* $#error $@ $1.$2.$3 $: $4 | |
1280 R<ERROR:$+> $* $#error $: $1 | |
1281 R<<TMPF>> $* $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later." | |
1282 R<$+> $* $#error $: $1 error from access db | |
1283 | |
1284 ###################################################################### | |
1285 ### check_rcpt -- check SMTP `RCPT TO:' command argument | |
1286 ###################################################################### | |
1287 | |
1288 SLocal_check_rcpt | |
1289 Scheckrcpt | |
1290 R$* $: $1 $| $>"Local_check_rcpt" $1 | |
1291 R$* $| $#$* $#$2 | |
1292 R$* $| $* $@ $>"Basic_check_rcpt" $1 | |
1293 | |
1294 SBasic_check_rcpt | |
1295 # empty address? | |
1296 R<> $#error $@ nouser $: "553 User address required" | |
1297 R$@ $#error $@ nouser $: "553 User address required" | |
1298 # check for deferred delivery mode | |
1299 R$* $: < $&{deliveryMode} > $1 | |
1300 R< d > $* $@ deferred | |
1301 R< $* > $* $: $2 | |
1302 | |
1303 | |
1304 ###################################################################### | |
1305 R$* $: $1 $| @ $>"Rcpt_ok" $1 | |
1306 R$* $| @ $#TEMP $+ $: $1 $| T $2 | |
1307 R$* $| @ $#$* $#$2 | |
1308 R$* $| @ RELAY $@ RELAY | |
1309 R$* $| @ $* $: O $| $>"Relay_ok" $1 | |
1310 R$* $| T $+ $: T $2 $| $>"Relay_ok" $1 | |
1311 R$* $| $#TEMP $+ $#error $2 | |
1312 R$* $| $#$* $#$2 | |
1313 R$* $| RELAY $@ RELAY | |
1314 R T $+ $| $* $#error $1 | |
1315 # anything else is bogus | |
1316 R$* $#error $@ 5.7.1 $: "550 Relaying denied. Proper authentication required." | |
1317 | |
1318 | |
1319 ###################################################################### | |
1320 ### Rcpt_ok: is the recipient ok? | |
1321 ###################################################################### | |
1322 SRcpt_ok | |
1323 R$* $: $>ParseRecipient $1 strip relayable hosts | |
1324 | |
1325 | |
1326 | |
1327 | |
1328 # authenticated via TLS? | |
1329 R$* $: $1 $| $>RelayTLS client authenticated? | |
1330 R$* $| $# $+ $# $2 error/ok? | |
1331 R$* $| $* $: $1 no | |
1332 | |
1333 R$* $: $1 $| $>"Local_Relay_Auth" $&{auth_type} | |
1334 R$* $| $# $* $# $2 | |
1335 R$* $| NO $: $1 | |
1336 R$* $| $* $: $1 $| $&{auth_type} | |
1337 R$* $| $: $1 | |
1338 R$* $| $={TrustAuthMech} $# RELAY | |
1339 R$* $| $* $: $1 | |
1340 # anything terminating locally is ok | |
1341 R$+ < @ $=w > $@ RELAY | |
1342 R$+ < @ $=R > $@ RELAY | |
1343 R$+ < @ $+ > $: <$(access To:$2 $: ? $)> <$1 < @ $2 >> | |
1344 R<?> <$+ < @ $+ >> $: <$(access $2 $: ? $)> <$1 < @ $2 >> | |
1345 R<RELAY> $* $@ RELAY | |
1346 R<$* <TMPF>> $* $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later." | |
1347 R<$*> <$*> $: $2 | |
1348 | |
1349 | |
1350 | |
1351 # check for local user (i.e. unqualified address) | |
1352 R$* $: <?> $1 | |
1353 R<?> $* < @ $+ > $: <REMOTE> $1 < @ $2 > | |
1354 # local user is ok | |
1355 R<?> $+ $@ RELAY | |
1356 R<$+> $* $: $2 | |
1357 | |
1358 ###################################################################### | |
1359 ### Relay_ok: is the relay/sender ok? | |
1360 ###################################################################### | |
1361 SRelay_ok | |
1362 # anything originating locally is ok | |
1363 # check IP address | |
1364 R$* $: $&{client_addr} | |
1365 R$@ $@ RELAY originated locally | |
1366 R0 $@ RELAY originated locally | |
1367 R127.0.0.1 $@ RELAY originated locally | |
1368 RIPv6:::1 $@ RELAY originated locally | |
1369 R$=R $* $@ RELAY relayable IP address | |
1370 R$* $: $>A <$1> <?> <+ Connect> <$1> | |
1371 R<RELAY> $* $@ RELAY relayable IP address | |
1372 | |
1373 R<<TMPF>> $* $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later." | |
1374 R<$*> <$*> $: $2 | |
1375 R$* $: [ $1 ] put brackets around it... | |
1376 R$=w $@ RELAY ... and see if it is local | |
1377 | |
1378 | |
1379 # check client name: first: did it resolve? | |
1380 R$* $: < $&{client_resolve} > | |
90
962a1f8f1d9f
add verify statement to verify addresses with better mx host
carl
parents:
59
diff
changeset
|
1381 R<TEMP> $#TEMP $@ 4.4.0 $: "450 Relaying temporarily denied. Cannot resolve PTR record for " $&{client_addr} |
0 | 1382 R<FORGED> $#error $@ 5.7.1 $: "550 Relaying denied. IP name possibly forged " $&{client_name} |
1383 R<FAIL> $#error $@ 5.7.1 $: "550 Relaying denied. IP name lookup failed " $&{client_name} | |
1384 R$* $: <@> $&{client_name} | |
1385 # pass to name server to make hostname canonical | |
1386 R<@> $* $=P $:<?> $1 $2 | |
1387 R<@> $+ $:<?> $[ $1 $] | |
1388 R$* . $1 strip trailing dots | |
1389 R<?> $=w $@ RELAY | |
1390 R<?> $=R $@ RELAY | |
1391 R<?> $* $: <$(access Connect:$1 $: ? $)> <$1> | |
1392 R<?> <$*> $: <$(access $1 $: ? $)> <$1> | |
1393 R<RELAY> $* $@ RELAY | |
1394 R<$* <TMPF>> $* $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later." | |
1395 R<$*> <$*> $: $2 | |
1396 | |
1397 # turn a canonical address in the form user<@domain> | |
1398 # qualify unqual. addresses with $j | |
1399 SFullAddr | |
1400 R$* <@ $+ . > $1 <@ $2 > | |
1401 R$* <@ $* > $@ $1 <@ $2 > | |
1402 R$+ $@ $1 <@ $j > | |
1403 | |
90
962a1f8f1d9f
add verify statement to verify addresses with better mx host
carl
parents:
59
diff
changeset
|
1404 SDelay_TLS_Clt |
0 | 1405 # authenticated? |
1406 R$* $: $1 $| $>"tls_client" $&{verify} $| MAIL | |
1407 R$* $| $#$+ $#$2 | |
90
962a1f8f1d9f
add verify statement to verify addresses with better mx host
carl
parents:
59
diff
changeset
|
1408 R$* $| $* $# $1 |
0 | 1409 R$* $# $1 |
1410 | |
90
962a1f8f1d9f
add verify statement to verify addresses with better mx host
carl
parents:
59
diff
changeset
|
1411 SDelay_TLS_Clt2 |
0 | 1412 # authenticated? |
1413 R$* $: $1 $| $>"tls_client" $&{verify} $| MAIL | |
1414 R$* $| $#$+ $#$2 | |
90
962a1f8f1d9f
add verify statement to verify addresses with better mx host
carl
parents:
59
diff
changeset
|
1415 R$* $| $* $@ $1 |
0 | 1416 R$* $@ $1 |
1417 | |
1418 # call all necessary rulesets | |
1419 Scheck_rcpt | |
1420 # R$@ $#error $@ 5.1.3 $: "553 Recipient address required" | |
1421 | |
1422 R$+ $: $1 $| $>checkrcpt $1 | |
1423 R$+ $| $#error $* $#error $2 | |
1424 R$+ $| $#discard $* $#discard $2 | |
90
962a1f8f1d9f
add verify statement to verify addresses with better mx host
carl
parents:
59
diff
changeset
|
1425 R$+ $| $#$* $@ $>"Delay_TLS_Clt" $2 |
0 | 1426 R$+ $| $* $: <?> $>FullAddr $>CanonAddr $1 |
1427 R<?> $+ < @ $=w > $: <> $1 < @ $2 > $| <F: $1@$2 > <D: $2 > <U: $1@> | |
1428 R<?> $+ < @ $* > $: <> $1 < @ $2 > $| <F: $1@$2 > <D: $2 > | |
1429 # lookup the addresses only with Spam tag | |
1430 R<> $* $| <$+> $: <@> $1 $| $>SearchList <! Spam> $| <$2> <> | |
1431 R<@> $* $| $* $: $2 $1 reverse result | |
1432 # is the recipient a spam friend? | |
90
962a1f8f1d9f
add verify statement to verify addresses with better mx host
carl
parents:
59
diff
changeset
|
1433 R<FRIEND> $+ $@ $>"Delay_TLS_Clt2" SPAMFRIEND |
0 | 1434 R<$*> $+ $: $2 |
1435 R$* $: $1 $| $>checkmail <$&f> | |
1436 R$* $| $#$* $#$2 | |
1437 R$* $| $* $: $1 $| $>checkrelay $&{client_name} $| $&{client_addr} | |
1438 R$* $| $#$* $#$2 | |
1439 R$* $| $* $: $1 | |
1440 | |
1441 | |
1442 ###################################################################### | |
1443 ### F: LookUpFull -- search for an entry in access database | |
1444 ### | |
1445 ### lookup of full key (which should be an address) and | |
1446 ### variations if +detail exists: +* and without +detail | |
1447 ### | |
1448 ### Parameters: | |
1449 ### <$1> -- key | |
1450 ### <$2> -- default (what to return if not found in db) | |
1451 ### <$3> -- mark (must be <(!|+) single-token>) | |
1452 ### ! does lookup only with tag | |
1453 ### + does lookup with and without tag | |
1454 ### <$4> -- passthru (additional data passed unchanged through) | |
1455 ###################################################################### | |
1456 | |
1457 SF | |
1458 R<$+> <$*> <$- $-> <$*> $: <$(access $4:$1 $: ? $)> <$1> <$2> <$3 $4> <$5> | |
1459 R<?> <$+> <$*> <+ $-> <$*> $: <$(access $1 $: ? $)> <$1> <$2> <+ $3> <$4> | |
1460 R<?> <$+ + $* @ $+> <$*> <$- $-> <$*> | |
1461 $: <$(access $6:$1+*@$3 $: ? $)> <$1+$2@$3> <$4> <$5 $6> <$7> | |
1462 R<?> <$+ + $* @ $+> <$*> <+ $-> <$*> | |
1463 $: <$(access $1+*@$3 $: ? $)> <$1+$2@$3> <$4> <+ $5> <$6> | |
1464 R<?> <$+ + $* @ $+> <$*> <$- $-> <$*> | |
1465 $: <$(access $6:$1@$3 $: ? $)> <$1+$2@$3> <$4> <$5 $6> <$7> | |
1466 R<?> <$+ + $* @ $+> <$*> <+ $-> <$*> | |
1467 $: <$(access $1@$3 $: ? $)> <$1+$2@$3> <$4> <+ $5> <$6> | |
1468 R<?> <$+> <$*> <$- $-> <$*> $@ <$2> <$5> | |
1469 R<$+ <TMPF>> <$*> <$- $-> <$*> $@ <<TMPF>> <$5> | |
1470 R<$+> <$*> <$- $-> <$*> $@ <$1> <$5> | |
1471 | |
1472 ###################################################################### | |
1473 ### E: LookUpExact -- search for an entry in access database | |
1474 ### | |
1475 ### Parameters: | |
1476 ### <$1> -- key | |
1477 ### <$2> -- default (what to return if not found in db) | |
1478 ### <$3> -- mark (must be <(!|+) single-token>) | |
1479 ### ! does lookup only with tag | |
1480 ### + does lookup with and without tag | |
1481 ### <$4> -- passthru (additional data passed unchanged through) | |
1482 ###################################################################### | |
1483 | |
1484 SE | |
1485 R<$*> <$*> <$- $-> <$*> $: <$(access $4:$1 $: ? $)> <$1> <$2> <$3 $4> <$5> | |
1486 R<?> <$+> <$*> <+ $-> <$*> $: <$(access $1 $: ? $)> <$1> <$2> <+ $3> <$4> | |
1487 R<?> <$+> <$*> <$- $-> <$*> $@ <$2> <$5> | |
1488 R<$+ <TMPF>> <$*> <$- $-> <$*> $@ <<TMPF>> <$5> | |
1489 R<$+> <$*> <$- $-> <$*> $@ <$1> <$5> | |
1490 | |
1491 ###################################################################### | |
1492 ### U: LookUpUser -- search for an entry in access database | |
1493 ### | |
1494 ### lookup of key (which should be a local part) and | |
1495 ### variations if +detail exists: +* and without +detail | |
1496 ### | |
1497 ### Parameters: | |
1498 ### <$1> -- key (user@) | |
1499 ### <$2> -- default (what to return if not found in db) | |
1500 ### <$3> -- mark (must be <(!|+) single-token>) | |
1501 ### ! does lookup only with tag | |
1502 ### + does lookup with and without tag | |
1503 ### <$4> -- passthru (additional data passed unchanged through) | |
1504 ###################################################################### | |
1505 | |
1506 SU | |
1507 R<$+> <$*> <$- $-> <$*> $: <$(access $4:$1 $: ? $)> <$1> <$2> <$3 $4> <$5> | |
1508 R<?> <$+> <$*> <+ $-> <$*> $: <$(access $1 $: ? $)> <$1> <$2> <+ $3> <$4> | |
1509 R<?> <$+ + $* @> <$*> <$- $-> <$*> | |
1510 $: <$(access $5:$1+*@ $: ? $)> <$1+$2@> <$3> <$4 $5> <$6> | |
1511 R<?> <$+ + $* @> <$*> <+ $-> <$*> | |
1512 $: <$(access $1+*@ $: ? $)> <$1+$2@> <$3> <+ $4> <$5> | |
1513 R<?> <$+ + $* @> <$*> <$- $-> <$*> | |
1514 $: <$(access $5:$1@ $: ? $)> <$1+$2@> <$3> <$4 $5> <$6> | |
1515 R<?> <$+ + $* @> <$*> <+ $-> <$*> | |
1516 $: <$(access $1@ $: ? $)> <$1+$2@> <$3> <+ $4> <$5> | |
1517 R<?> <$+> <$*> <$- $-> <$*> $@ <$2> <$5> | |
1518 R<$+ <TMPF>> <$*> <$- $-> <$*> $@ <<TMPF>> <$5> | |
1519 R<$+> <$*> <$- $-> <$*> $@ <$1> <$5> | |
1520 | |
1521 ###################################################################### | |
1522 ### SearchList: search a list of items in the access map | |
1523 ### Parameters: | |
1524 ### <exact tag> $| <mark:address> <mark:address> ... <> | |
1525 ### where "exact" is either "+" or "!": | |
1526 ### <+ TAG> lookup with and w/o tag | |
1527 ### <! TAG> lookup with tag | |
1528 ### possible values for "mark" are: | |
1529 ### D: recursive host lookup (LookUpDomain) | |
1530 ### E: exact lookup, no modifications | |
1531 ### F: full lookup, try user+ext@domain and user@domain | |
1532 ### U: user lookup, try user+ext and user (input must have trailing @) | |
1533 ### return: <RHS of lookup> or <?> (not found) | |
1534 ###################################################################### | |
1535 | |
1536 # class with valid marks for SearchList | |
90
962a1f8f1d9f
add verify statement to verify addresses with better mx host
carl
parents:
59
diff
changeset
|
1537 C{Src}E F D U |
0 | 1538 SSearchList |
1539 # just call the ruleset with the name of the tag... nice trick... | |
90
962a1f8f1d9f
add verify statement to verify addresses with better mx host
carl
parents:
59
diff
changeset
|
1540 R<$+> $| <$={Src}:$*> <$*> $: <$1> $| <$4> $| $>$2 <$3> <?> <$1> <> |
0 | 1541 R<$+> $| <> $| <?> <> $@ <?> |
1542 R<$+> $| <$+> $| <?> <> $@ $>SearchList <$1> $| <$2> | |
1543 R<$+> $| <$*> $| <$+> <> $@ <$3> | |
1544 R<$+> $| <$+> $@ <$2> | |
1545 | |
1546 | |
1547 ###################################################################### | |
1548 ### trust_auth: is user trusted to authenticate as someone else? | |
1549 ### | |
1550 ### Parameters: | |
1551 ### $1: AUTH= parameter from MAIL command | |
1552 ###################################################################### | |
1553 | |
1554 SLocal_trust_auth | |
1555 Strust_auth | |
1556 R$* $: $&{auth_type} $| $1 | |
1557 # required by RFC 2554 section 4. | |
1558 R$@ $| $* $#error $@ 5.7.1 $: "550 not authenticated" | |
1559 R$* $| $&{auth_authen} $@ identical | |
1560 R$* $| <$&{auth_authen}> $@ identical | |
90
962a1f8f1d9f
add verify statement to verify addresses with better mx host
carl
parents:
59
diff
changeset
|
1561 R$* $| $* $: $1 $| $>"Local_trust_auth" $2 |
0 | 1562 R$* $| $#$* $#$2 |
1563 R$* $#error $@ 5.7.1 $: "550 " $&{auth_authen} " not allowed to act as " $&{auth_author} | |
1564 | |
1565 ###################################################################### | |
1566 ### Relay_Auth: allow relaying based on authentication? | |
1567 ### | |
1568 ### Parameters: | |
1569 ### $1: ${auth_type} | |
1570 ###################################################################### | |
1571 SLocal_Relay_Auth | |
1572 | |
1573 ###################################################################### | |
1574 ### srv_features: which features to offer to a client? | |
1575 ### (done in server) | |
1576 ###################################################################### | |
1577 Ssrv_features | |
1578 R$* $: $>D <$&{client_name}> <?> <! "Srv_Features"> <> | |
1579 R<?>$* $: $>A <$&{client_addr}> <?> <! "Srv_Features"> <> | |
1580 R<?>$* $: <$(access "Srv_Features": $: ? $)> | |
1581 R<?>$* $@ OK | |
1582 R<$* <TMPF>>$* $#temp | |
1583 R<$+>$* $# $1 | |
1584 | |
1585 ###################################################################### | |
1586 ### try_tls: try to use STARTTLS? | |
1587 ### (done in client) | |
1588 ###################################################################### | |
1589 Stry_tls | |
1590 R$* $: $>D <$&{server_name}> <?> <! "Try_TLS"> <> | |
1591 R<?>$* $: $>A <$&{server_addr}> <?> <! "Try_TLS"> <> | |
1592 R<?>$* $: <$(access "Try_TLS": $: ? $)> | |
1593 R<?>$* $@ OK | |
1594 R<$* <TMPF>>$* $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later." | |
1595 R<NO>$* $#error $@ 5.7.1 $: "550 do not try TLS with " $&{server_name} " ["$&{server_addr}"]" | |
90
962a1f8f1d9f
add verify statement to verify addresses with better mx host
carl
parents:
59
diff
changeset
|
1596 |
0 | 1597 ###################################################################### |
1598 ### tls_rcpt: is connection with server "good" enough? | |
1599 ### (done in client, per recipient) | |
1600 ### | |
1601 ### Parameters: | |
1602 ### $1: recipient | |
1603 ###################################################################### | |
1604 Stls_rcpt | |
1605 R$* $: $(macro {TLS_Name} $@ $&{server_name} $) $1 | |
1606 R$+ $: <?> $>CanonAddr $1 | |
1607 R<?> $+ < @ $+ . > <?> $1 <@ $2 > | |
1608 R<?> $+ < @ $+ > $: $1 <@ $2 > $| <F:$1@$2> <U:$1@> <D:$2> <E:> | |
1609 R<?> $+ $: $1 $| <U:$1@> <E:> | |
1610 R$* $| $+ $: $1 $| $>SearchList <! "TLS_Rcpt"> $| $2 <> | |
1611 R$* $| <?> $@ OK | |
1612 R$* $| <$* <TMPF>> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later." | |
1613 R$* $| <$+> $@ $>"TLS_connection" $&{verify} $| <$2> | |
1614 | |
1615 ###################################################################### | |
1616 ### tls_client: is connection with client "good" enough? | |
1617 ### (done in server) | |
1618 ### | |
1619 ### Parameters: | |
1620 ### ${verify} $| (MAIL|STARTTLS) | |
1621 ###################################################################### | |
1622 Stls_client | |
1623 R$* $: $(macro {TLS_Name} $@ $&{server_name} $) $1 | |
1624 R$* $| $* $: $1 $| $>D <$&{client_name}> <?> <! "TLS_Clt"> <> | |
1625 R$* $| <?>$* $: $1 $| $>A <$&{client_addr}> <?> <! "TLS_Clt"> <> | |
1626 R$* $| <?>$* $: $1 $| <$(access "TLS_Clt": $: ? $)> | |
1627 R$* $| <$* <TMPF>> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later." | |
1628 R$* $@ $>"TLS_connection" $1 | |
1629 | |
1630 ###################################################################### | |
1631 ### tls_server: is connection with server "good" enough? | |
1632 ### (done in client) | |
1633 ### | |
1634 ### Parameter: | |
1635 ### ${verify} | |
1636 ###################################################################### | |
1637 Stls_server | |
1638 R$* $: $(macro {TLS_Name} $@ $&{server_name} $) $1 | |
1639 R$* $: $1 $| $>D <$&{server_name}> <?> <! "TLS_Srv"> <> | |
1640 R$* $| <?>$* $: $1 $| $>A <$&{server_addr}> <?> <! "TLS_Srv"> <> | |
1641 R$* $| <?>$* $: $1 $| <$(access "TLS_Srv": $: ? $)> | |
1642 R$* $| <$* <TMPF>> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later." | |
1643 R$* $@ $>"TLS_connection" $1 | |
1644 | |
1645 ###################################################################### | |
1646 ### TLS_connection: is TLS connection "good" enough? | |
1647 ### | |
1648 ### Parameters: | |
1649 ### ${verify} $| <Requirement> [<>] | |
1650 ### Requirement: RHS from access map, may be ? for none. | |
1651 ###################################################################### | |
1652 STLS_connection | |
1653 R$* $| <$*>$* $: $1 $| <$2> | |
1654 # create the appropriate error codes | |
90
962a1f8f1d9f
add verify statement to verify addresses with better mx host
carl
parents:
59
diff
changeset
|
1655 R$* $| <PERM + $={Tls} $*> $: $1 $| <503:5.7.0> <$2 $3> |
962a1f8f1d9f
add verify statement to verify addresses with better mx host
carl
parents:
59
diff
changeset
|
1656 R$* $| <TEMP + $={Tls} $*> $: $1 $| <403:4.7.0> <$2 $3> |
962a1f8f1d9f
add verify statement to verify addresses with better mx host
carl
parents:
59
diff
changeset
|
1657 R$* $| <$={Tls} $*> $: $1 $| <403:4.7.0> <$2 $3> |
0 | 1658 # deal with TLS handshake failures: abort |
1659 RSOFTWARE $| <$-:$+> $* $#error $@ $2 $: $1 " TLS handshake failed." | |
1660 RSOFTWARE $| $* $#error $@ 4.7.0 $: "403 TLS handshake failed." | |
1661 R$* $| <$*> <VERIFY> $: <$2> <VERIFY> <> $1 | |
1662 R$* $| <$*> <VERIFY + $+> $: <$2> <VERIFY> <$3> $1 | |
90
962a1f8f1d9f
add verify statement to verify addresses with better mx host
carl
parents:
59
diff
changeset
|
1663 R$* $| <$*> <$={Tls}:$->$* $: <$2> <$3:$4> <> $1 |
962a1f8f1d9f
add verify statement to verify addresses with better mx host
carl
parents:
59
diff
changeset
|
1664 R$* $| <$*> <$={Tls}:$- + $+>$* $: <$2> <$3:$4> <$5> $1 |
0 | 1665 R$* $| $* $@ OK |
1666 # authentication required: give appropriate error | |
1667 # other side did authenticate (via STARTTLS) | |
1668 R<$*><VERIFY> <> OK $@ OK | |
1669 R<$*><VERIFY> <$+> OK $: <$1> <REQ:0> <$2> | |
1670 R<$*><VERIFY:$-> <$*> OK $: <$1> <REQ:$2> <$3> | |
1671 R<$*><ENCR:$-> <$*> $* $: <$1> <REQ:$2> <$3> | |
1672 R<$-:$+><VERIFY $*> <$*> $#error $@ $2 $: $1 " authentication required" | |
1673 R<$-:$+><VERIFY $*> <$*> FAIL $#error $@ $2 $: $1 " authentication failed" | |
1674 R<$-:$+><VERIFY $*> <$*> NO $#error $@ $2 $: $1 " not authenticated" | |
1675 R<$-:$+><VERIFY $*> <$*> NOT $#error $@ $2 $: $1 " no authentication requested" | |
1676 R<$-:$+><VERIFY $*> <$*> NONE $#error $@ $2 $: $1 " other side does not support STARTTLS" | |
1677 R<$-:$+><VERIFY $*> <$*> $+ $#error $@ $2 $: $1 " authentication failure " $4 | |
1678 R<$*><REQ:$-> <$*> $: <$1> <REQ:$2> <$3> $>max $&{cipher_bits} : $&{auth_ssf} | |
1679 R<$*><REQ:$-> <$*> $- $: <$1> <$2:$4> <$3> $(arith l $@ $4 $@ $2 $) | |
1680 R<$-:$+><$-:$-> <$*> TRUE $#error $@ $2 $: $1 " encryption too weak " $4 " less than " $3 | |
1681 R<$-:$+><$-:$-> <$*> $* $: <$1:$2 ++ $5> | |
1682 R<$-:$+ ++ > $@ OK | |
1683 R<$-:$+ ++ $+ > $: <$1:$2> <$3> | |
1684 R<$-:$+> < $+ ++ $+ > <$1:$2> <$3> <$4> | |
1685 R<$-:$+> $+ $@ $>"TLS_req" $3 $| <$1:$2> | |
1686 | |
1687 ###################################################################### | |
1688 ### TLS_req: check additional TLS requirements | |
1689 ### | |
1690 ### Parameters: [<list> <of> <req>] $| <$-:$+> | |
1691 ### $-: SMTP reply code | |
1692 ### $+: Enhanced Status Code | |
1693 ###################################################################### | |
1694 STLS_req | |
1695 R $| $+ $@ OK | |
1696 R<CN> $* $| <$+> $: <CN:$&{TLS_Name}> $1 $| <$2> | |
1697 R<CN:$&{cn_subject}> $* $| <$+> $@ $>"TLS_req" $1 $| <$2> | |
1698 R<CN:$+> $* $| <$-:$+> $#error $@ $4 $: $3 " CN " $&{cn_subject} " does not match " $1 | |
1699 R<CS:$&{cert_subject}> $* $| <$+> $@ $>"TLS_req" $1 $| <$2> | |
1700 R<CS:$+> $* $| <$-:$+> $#error $@ $4 $: $3 " Cert Subject " $&{cert_subject} " does not match " $1 | |
1701 R<CI:$&{cert_issuer}> $* $| <$+> $@ $>"TLS_req" $1 $| <$2> | |
1702 R<CI:$+> $* $| <$-:$+> $#error $@ $4 $: $3 " Cert Issuer " $&{cert_issuer} " does not match " $1 | |
1703 ROK $@ OK | |
1704 | |
1705 ###################################################################### | |
1706 ### max: return the maximum of two values separated by : | |
1707 ### | |
1708 ### Parameters: [$-]:[$-] | |
1709 ###################################################################### | |
1710 Smax | |
1711 R: $: 0 | |
1712 R:$- $: $1 | |
1713 R$-: $: $1 | |
1714 R$-:$- $: $(arith l $@ $1 $@ $2 $) : $1 : $2 | |
1715 RTRUE:$-:$- $: $2 | |
1716 R$-:$-:$- $: $2 | |
1717 | |
1718 | |
1719 ###################################################################### | |
1720 ### RelayTLS: allow relaying based on TLS authentication | |
1721 ### | |
1722 ### Parameters: | |
1723 ### none | |
1724 ###################################################################### | |
1725 SRelayTLS | |
1726 # authenticated? | |
1727 R$* $: <?> $&{verify} | |
1728 R<?> OK $: OK authenticated: continue | |
1729 R<?> $* $@ NO not authenticated | |
1730 R$* $: $&{cert_issuer} | |
1731 R$+ $: $(access CERTISSUER:$1 $) | |
1732 RRELAY $# RELAY | |
1733 RSUBJECT $: <@> $&{cert_subject} | |
1734 R<@> $+ $: <@> $(access CERTSUBJECT:$1 $) | |
1735 R<@> RELAY $# RELAY | |
1736 R$* $: NO | |
1737 | |
1738 ###################################################################### | |
1739 ### authinfo: lookup authinfo in the access map | |
1740 ### | |
1741 ### Parameters: | |
1742 ### $1: {server_name} | |
1743 ### $2: {server_addr} | |
1744 ###################################################################### | |
1745 Sauthinfo | |
1746 R$* $: $1 $| $>D <$&{server_name}> <?> <! AuthInfo> <> | |
1747 R$* $| <?>$* $: $1 $| $>A <$&{server_addr}> <?> <! AuthInfo> <> | |
1748 R$* $| <?>$* $: $1 $| <$(access AuthInfo: $: ? $)> <> | |
1749 R$* $| <?>$* $@ no no authinfo available | |
1750 R$* $| <$*> <> $# $2 | |
1751 | |
90
962a1f8f1d9f
add verify statement to verify addresses with better mx host
carl
parents:
59
diff
changeset
|
1752 |
962a1f8f1d9f
add verify statement to verify addresses with better mx host
carl
parents:
59
diff
changeset
|
1753 |
962a1f8f1d9f
add verify statement to verify addresses with better mx host
carl
parents:
59
diff
changeset
|
1754 |
962a1f8f1d9f
add verify statement to verify addresses with better mx host
carl
parents:
59
diff
changeset
|
1755 |
0 | 1756 # |
1757 ###################################################################### | |
1758 ###################################################################### | |
1759 ##### | |
1760 ##### MAIL FILTER DEFINITIONS | |
1761 ##### | |
1762 ###################################################################### | |
1763 ###################################################################### | |
1764 | |
59
510a511ad554
Add resolver processes to allow better performance on busy machines
carl
parents:
4
diff
changeset
|
1765 Xdnsbl, S=local:/var/run/dnsbl/dnsbl.sock2, F=T, T=S:30s;R:30s;E:30s |
0 | 1766 # |
1767 ###################################################################### | |
1768 ###################################################################### | |
1769 ##### | |
1770 ##### MAILER DEFINITIONS | |
1771 ##### | |
1772 ###################################################################### | |
1773 ###################################################################### | |
1774 | |
1775 ##################################### | |
1776 ### SMTP Mailer specification ### | |
1777 ##################################### | |
1778 | |
1779 ##### $Id$ ##### | |
1780 | |
1781 # | |
1782 # common sender and masquerading recipient rewriting | |
1783 # | |
1784 SMasqSMTP | |
1785 R$* < @ $* > $* $@ $1 < @ $2 > $3 already fully qualified | |
1786 R$+ $@ $1 < @ *LOCAL* > add local qualification | |
1787 | |
1788 # | |
1789 # convert pseudo-domain addresses to real domain addresses | |
1790 # | |
1791 SPseudoToReal | |
1792 | |
1793 # pass <route-addr>s through | |
1794 R< @ $+ > $* $@ < @ $1 > $2 resolve <route-addr> | |
1795 | |
1796 # output fake domains as user%fake@relay | |
1797 | |
1798 # do UUCP heuristics; note that these are shared with UUCP mailers | |
1799 R$+ < @ $+ .UUCP. > $: < $2 ! > $1 convert to UUCP form | |
1800 R$+ < @ $* > $* $@ $1 < @ $2 > $3 not UUCP form | |
1801 | |
1802 # leave these in .UUCP form to avoid further tampering | |
1803 R< $&h ! > $- ! $+ $@ $2 < @ $1 .UUCP. > | |
1804 R< $&h ! > $-.$+ ! $+ $@ $3 < @ $1.$2 > | |
1805 R< $&h ! > $+ $@ $1 < @ $&h .UUCP. > | |
1806 R< $+ ! > $+ $: $1 ! $2 < @ $Y > use UUCP_RELAY | |
1807 R$+ < @ $~[ $* : $+ > $@ $1 < @ $4 > strip mailer: part | |
1808 R$+ < @ > $: $1 < @ *LOCAL* > if no UUCP_RELAY | |
1809 | |
1810 | |
1811 # | |
1812 # envelope sender rewriting | |
1813 # | |
1814 SEnvFromSMTP | |
1815 R$+ $: $>PseudoToReal $1 sender/recipient common | |
1816 R$* :; <@> $@ list:; special case | |
1817 R$* $: $>MasqSMTP $1 qualify unqual'ed names | |
1818 R$+ $: $>MasqEnv $1 do masquerading | |
1819 | |
1820 | |
1821 # | |
1822 # envelope recipient rewriting -- | |
1823 # also header recipient if not masquerading recipients | |
1824 # | |
1825 SEnvToSMTP | |
1826 R$+ $: $>PseudoToReal $1 sender/recipient common | |
1827 R$+ $: $>MasqSMTP $1 qualify unqual'ed names | |
1828 R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2 | |
1829 | |
1830 # | |
1831 # header sender and masquerading header recipient rewriting | |
1832 # | |
1833 SHdrFromSMTP | |
1834 R$+ $: $>PseudoToReal $1 sender/recipient common | |
1835 R:; <@> $@ list:; special case | |
1836 | |
1837 # do special header rewriting | |
1838 R$* <@> $* $@ $1 <@> $2 pass null host through | |
1839 R< @ $* > $* $@ < @ $1 > $2 pass route-addr through | |
1840 R$* $: $>MasqSMTP $1 qualify unqual'ed names | |
1841 R$+ $: $>MasqHdr $1 do masquerading | |
1842 | |
1843 | |
1844 # | |
1845 # relay mailer header masquerading recipient rewriting | |
1846 # | |
1847 SMasqRelay | |
1848 R$+ $: $>MasqSMTP $1 | |
1849 R$+ $: $>MasqHdr $1 | |
1850 | |
1851 Msmtp, P=[IPC], F=mDFMuX, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990, | |
1852 T=DNS/RFC822/SMTP, | |
1853 A=TCP $h | |
1854 Mesmtp, P=[IPC], F=mDFMuXa, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990, | |
1855 T=DNS/RFC822/SMTP, | |
1856 A=TCP $h | |
1857 Msmtp8, P=[IPC], F=mDFMuX8, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990, | |
1858 T=DNS/RFC822/SMTP, | |
1859 A=TCP $h | |
1860 Mdsmtp, P=[IPC], F=mDFMuXa%, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990, | |
1861 T=DNS/RFC822/SMTP, | |
1862 A=TCP $h | |
1863 Mrelay, P=[IPC], F=mDFMuXa8, S=EnvFromSMTP/HdrFromSMTP, R=MasqSMTP, E=\r\n, L=2040, | |
1864 T=DNS/RFC822/SMTP, | |
1865 A=TCP $h | |
1866 | |
1867 | |
1868 ######################*****############## | |
1869 ### PROCMAIL Mailer specification ### | |
1870 ##################*****################## | |
1871 | |
1872 ##### $Id$ ##### | |
1873 | |
1874 Mprocmail, P=/usr/bin/procmail, F=DFMSPhnu9, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP/HdrFromSMTP, | |
1875 T=DNS/RFC822/X-Unix, | |
1876 A=procmail -Y -m $h $f $u | |
1877 | |
1878 | |
1879 ################################################## | |
1880 ### Local and Program Mailer specification ### | |
1881 ################################################## | |
1882 | |
1883 ##### $Id$ ##### | |
1884 | |
1885 # | |
1886 # Envelope sender rewriting | |
1887 # | |
1888 SEnvFromL | |
1889 R<@> $n errors to mailer-daemon | |
1890 R@ <@ $*> $n temporarily bypass Sun bogosity | |
1891 R$+ $: $>AddDomain $1 add local domain if needed | |
1892 R$* $: $>MasqEnv $1 do masquerading | |
1893 | |
1894 # | |
1895 # Envelope recipient rewriting | |
1896 # | |
1897 SEnvToL | |
1898 R$+ < @ $* > $: $1 strip host part | |
1899 R$+ + $* $: < $&{addr_type} > $1 + $2 mark with addr type | |
1900 R<e s> $+ + $* $: $1 remove +detail for sender | |
1901 R< $* > $+ $: $2 else remove mark | |
1902 | |
1903 # | |
1904 # Header sender rewriting | |
1905 # | |
1906 SHdrFromL | |
1907 R<@> $n errors to mailer-daemon | |
1908 R@ <@ $*> $n temporarily bypass Sun bogosity | |
1909 R$+ $: $>AddDomain $1 add local domain if needed | |
1910 R$* $: $>MasqHdr $1 do masquerading | |
1911 | |
1912 # | |
1913 # Header recipient rewriting | |
1914 # | |
1915 SHdrToL | |
1916 R$+ $: $>AddDomain $1 add local domain if needed | |
1917 R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2 | |
1918 | |
1919 # | |
1920 # Common code to add local domain name (only if always-add-domain) | |
1921 # | |
1922 SAddDomain | |
1923 R$* < @ $* > $* $@ $1 < @ $2 > $3 already fully qualified | |
1924 | |
1925 R$+ $@ $1 < @ *LOCAL* > add local qualification | |
1926 | |
1927 Mlocal, P=/usr/bin/procmail, F=lsDFMAw5:/|@qSPfhn9, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL, | |
1928 T=DNS/RFC822/X-Unix, | |
1929 A=procmail -t -Y -a $h -d $u | |
1930 Mprog, P=/bin/sh, F=lsDFMoqeu9, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL, D=$z:/, | |
1931 T=X-Unix/X-Unix/X-Unix, | |
1932 A=sh -c $u | |
1933 |