0
|
1 #
|
|
2 # Copyright (c) 1998-2002 Sendmail, Inc. and its suppliers.
|
|
3 # All rights reserved.
|
|
4 # Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved.
|
|
5 # Copyright (c) 1988, 1993
|
|
6 # The Regents of the University of California. All rights reserved.
|
|
7 #
|
|
8 # By using this file, you agree to the terms and conditions set
|
|
9 # forth in the LICENSE file which can be found at the top level of
|
|
10 # the sendmail distribution.
|
|
11 #
|
|
12 #
|
|
13
|
|
14 ######################################################################
|
|
15 ######################################################################
|
|
16 #####
|
|
17 ##### SENDMAIL CONFIGURATION FILE
|
|
18 #####
|
|
19 ##### built by root@ns.five-ten-sg.com on Wed Apr 14 20:41:48 PDT 2004
|
|
20 ##### in /usr/src/rh8/dnsbl
|
|
21 ##### using /usr/share/sendmail-cf/ as configuration include directory
|
|
22 #####
|
|
23 ######################################################################
|
|
24 #####
|
|
25 ##### DO NOT EDIT THIS FILE! Only edit the source .mc file.
|
|
26 #####
|
|
27 ######################################################################
|
|
28 ######################################################################
|
|
29
|
|
30 ##### $Id$ #####
|
|
31 ##### $Id$ #####
|
|
32
|
|
33 ##### linux setup for Red Hat Linux #####
|
|
34
|
|
35 ##### $Id$ #####
|
|
36
|
|
37
|
|
38
|
|
39 ##### $Id$ #####
|
|
40
|
|
41
|
|
42
|
|
43
|
|
44
|
|
45
|
|
46
|
|
47
|
|
48
|
|
49
|
|
50
|
|
51
|
|
52
|
|
53
|
|
54
|
|
55
|
|
56
|
|
57
|
|
58
|
|
59
|
|
60
|
|
61
|
|
62
|
|
63
|
|
64
|
|
65
|
|
66
|
|
67
|
|
68
|
|
69
|
|
70 ##### $Id$ #####
|
|
71
|
|
72
|
|
73 ##### $Id$ #####
|
|
74
|
|
75 ##### $Id$ #####
|
|
76
|
|
77
|
|
78 ##### $Id$ #####
|
|
79
|
|
80
|
|
81
|
|
82 ##### $Id$ #####
|
|
83
|
|
84
|
|
85
|
|
86 ##### $Id$ #####
|
|
87
|
|
88
|
|
89 ##### $Id$ #####
|
|
90
|
|
91
|
|
92 ##### $Id$ #####
|
|
93
|
|
94
|
|
95 ##### $Id$ #####
|
|
96
|
|
97
|
|
98 ##### $Id$ #####
|
|
99
|
|
100
|
|
101 ##### $Id$ #####
|
|
102
|
|
103
|
|
104 ##### $Id$ #####
|
|
105
|
|
106
|
|
107
|
|
108
|
|
109
|
|
110
|
|
111
|
|
112
|
|
113 ##### $Id$ #####
|
|
114
|
|
115 # level 10 config file format
|
|
116 V10/Berkeley
|
|
117
|
|
118 # override file safeties - setting this option compromises system security,
|
|
119 # addressing the actual file configuration problem is preferred
|
|
120 # need to set this before any file actions are encountered in the cf file
|
|
121 #O DontBlameSendmail=safe
|
|
122
|
|
123 # default LDAP map specification
|
|
124 # need to set this now before any LDAP maps are defined
|
|
125 #O LDAPDefaultSpec=-h localhost
|
|
126
|
|
127 ##################
|
|
128 # local info #
|
|
129 ##################
|
|
130
|
|
131 # my LDAP cluster
|
|
132 # need to set this before any LDAP lookups are done (including classes)
|
|
133 #D{sendmailMTACluster}$m
|
|
134
|
|
135 Cwlocalhost
|
|
136 # file containing names of hosts for which we receive email
|
|
137 Fw/etc/mail/sendmail.cw
|
|
138
|
|
139 # my official domain name
|
|
140 # ... define this only if sendmail cannot automatically determine your domain
|
|
141 #Dj$w.Foo.COM
|
|
142
|
|
143 CP.
|
|
144
|
|
145 # "Smart" relay host (may be null)
|
|
146 DS
|
|
147
|
|
148
|
|
149 # operators that cannot be in local usernames (i.e., network indicators)
|
|
150 CO @ % !
|
|
151
|
|
152 # a class with just dot (for identifying canonical names)
|
|
153 C..
|
|
154
|
|
155 # a class with just a left bracket (for identifying domain literals)
|
|
156 C[[
|
|
157
|
|
158 # access_db acceptance class
|
|
159 C{Accept}OK RELAY
|
|
160
|
|
161
|
|
162 # Resolve map (to check if a host exists in check_mail)
|
|
163 Kresolve host -a<OKR> -T<TEMP>
|
|
164 C{ResOk}OKR
|
|
165
|
|
166
|
|
167 # Hosts for which relaying is permitted ($=R)
|
|
168 FR/etc/mail/relay-domains
|
|
169
|
|
170 # arithmetic map
|
|
171 Karith arith
|
|
172 # macro storage map
|
|
173 Kmacro macro
|
|
174 # possible values for TLS_connection in access map
|
|
175 C{tls}VERIFY ENCR
|
|
176
|
|
177
|
|
178
|
|
179
|
|
180
|
|
181 # dequoting map
|
|
182 Kdequote dequote
|
|
183
|
|
184 # class E: names that should be exposed as from this host, even if we masquerade
|
|
185 # class L: names that should be delivered locally, even if we have a relay
|
|
186 # class M: domains that should be converted to $M
|
|
187 # class N: domains that should not be converted to $M
|
|
188 #CL root
|
|
189 F{VirtHost}/etc/mail/virtual-host-domains
|
|
190
|
|
191 C{TrustAuthMech}LOGIN PLAIN
|
|
192 CR$={VirtHost}
|
|
193
|
|
194
|
|
195
|
|
196 # my name for error messages
|
|
197 DnMAILER-DAEMON
|
|
198
|
|
199
|
|
200 CPREDIRECT
|
|
201
|
|
202 # Access list database (for spam stomping)
|
|
203 Kaccess hash -T<TMPF> /etc/mail/access.db
|
|
204
|
|
205 # Mailer table (overriding domains)
|
|
206 Kmailertable hash /etc/mail/mailertable.db
|
|
207
|
|
208 # Virtual user table (maps incoming users)
|
|
209 Kvirtuser hash /etc/mail/virtusertable.db
|
|
210
|
|
211 # Generics table (mapping outgoing addresses)
|
|
212 Kgenerics hash /etc/mail/genericstable.db
|
|
213
|
|
214 # Configuration version number
|
|
215 DZ8.12.8
|
|
216
|
|
217
|
|
218 ###############
|
|
219 # Options #
|
|
220 ###############
|
|
221
|
|
222 # strip message body to 7 bits on input?
|
|
223 O SevenBitInput=False
|
|
224
|
|
225 # 8-bit data handling
|
|
226 #O EightBitMode=pass8
|
|
227
|
|
228 # wait for alias file rebuild (default units: minutes)
|
|
229 O AliasWait=10
|
|
230
|
|
231 # location of alias file
|
|
232 O AliasFile=/etc/mail/aliases
|
|
233
|
|
234 # minimum number of free blocks on filesystem
|
|
235 O MinFreeBlocks=100
|
|
236
|
|
237 # maximum message size
|
|
238 O MaxMessageSize=30000000
|
|
239
|
|
240 # substitution for space (blank) characters
|
|
241 O BlankSub=.
|
|
242
|
|
243 # avoid connecting to "expensive" mailers on initial submission?
|
|
244 O HoldExpensive=False
|
|
245
|
|
246 # checkpoint queue runs after every N successful deliveries
|
|
247 #O CheckpointInterval=10
|
|
248
|
|
249 # default delivery mode
|
|
250 O DeliveryMode=background
|
|
251
|
|
252 # error message header/file
|
|
253 #O ErrorHeader=/etc/mail/error-header
|
|
254
|
|
255 # error mode
|
|
256 #O ErrorMode=print
|
|
257
|
|
258 # save Unix-style "From_" lines at top of header?
|
|
259 #O SaveFromLine=False
|
|
260
|
|
261 # queue file mode (qf files)
|
|
262 #O QueueFileMode=0600
|
|
263
|
|
264 # temporary file mode
|
|
265 O TempFileMode=0600
|
|
266
|
|
267 # match recipients against GECOS field?
|
|
268 #O MatchGECOS=False
|
|
269
|
|
270 # maximum hop count
|
|
271 #O MaxHopCount=25
|
|
272
|
|
273 # location of help file
|
|
274 O HelpFile=/etc/mail/helpfile
|
|
275
|
|
276 # ignore dots as terminators in incoming messages?
|
|
277 #O IgnoreDots=False
|
|
278
|
|
279 # name resolver options
|
|
280 #O ResolverOptions=+AAONLY
|
|
281
|
|
282 # deliver MIME-encapsulated error messages?
|
|
283 O SendMimeErrors=True
|
|
284
|
|
285 # Forward file search path
|
|
286 O ForwardPath=$z/.forward.$w:$z/.forward
|
|
287
|
|
288 # open connection cache size
|
|
289 O ConnectionCacheSize=2
|
|
290
|
|
291 # open connection cache timeout
|
|
292 O ConnectionCacheTimeout=5m
|
|
293
|
|
294 # persistent host status directory
|
|
295 #O HostStatusDirectory=.hoststat
|
|
296
|
|
297 # single thread deliveries (requires HostStatusDirectory)?
|
|
298 #O SingleThreadDelivery=False
|
|
299
|
|
300 # use Errors-To: header?
|
|
301 O UseErrorsTo=False
|
|
302
|
|
303 # log level
|
|
304 O LogLevel=20
|
|
305
|
|
306 # send to me too, even in an alias expansion?
|
|
307 O MeToo=true
|
|
308
|
|
309 # verify RHS in newaliases?
|
|
310 O CheckAliases=False
|
|
311
|
|
312 # default messages to old style headers if no special punctuation?
|
|
313 O OldStyleHeaders=True
|
|
314
|
|
315 # SMTP daemon options
|
|
316
|
|
317 O DaemonPortOptions=port=26
|
|
318
|
|
319 # SMTP client options
|
|
320 #O ClientPortOptions=Family=inet, Address=0.0.0.0
|
|
321
|
|
322 # Modifiers to define {daemon_flags} for direct submissions
|
|
323 #O DirectSubmissionModifiers
|
|
324
|
|
325 # Use as mail submission program? See sendmail/SECURITY
|
|
326 #O UseMSP
|
|
327
|
|
328 # privacy flags
|
|
329 O PrivacyOptions=goaway,nobodyreturn,noreceipts
|
|
330
|
|
331 # who (if anyone) should get extra copies of error messages
|
|
332 #O PostmasterCopy=Postmaster
|
|
333
|
|
334 # slope of queue-only function
|
|
335 #O QueueFactor=600000
|
|
336
|
|
337 # limit on number of concurrent queue runners
|
|
338 #O MaxQueueChildren
|
|
339
|
|
340 # maximum number of queue-runners per queue-grouping with multiple queues
|
|
341 #O MaxRunnersPerQueue=1
|
|
342
|
|
343 # priority of queue runners (nice(3))
|
|
344 #O NiceQueueRun
|
|
345
|
|
346 # shall we sort the queue by hostname first?
|
|
347 #O QueueSortOrder=priority
|
|
348
|
|
349 # minimum time in queue before retry
|
|
350 #O MinQueueAge=30m
|
|
351
|
|
352 # how many jobs can you process in the queue?
|
|
353 #O MaxQueueRunSize=10000
|
|
354
|
|
355 # perform initial split of envelope without checking MX records
|
|
356 #O FastSplit=1
|
|
357
|
|
358 # queue directory
|
|
359 O QueueDirectory=/var/spool/mqueue
|
|
360
|
|
361 # key for shared memory; 0 to turn off
|
|
362 #O SharedMemoryKey=0
|
|
363
|
|
364
|
|
365
|
|
366 # timeouts (many of these)
|
|
367 #O Timeout.initial=5m
|
|
368 O Timeout.connect=1m
|
|
369 #O Timeout.aconnect=0s
|
|
370 #O Timeout.iconnect=5m
|
|
371 #O Timeout.helo=5m
|
|
372 #O Timeout.mail=10m
|
|
373 #O Timeout.rcpt=1h
|
|
374 #O Timeout.datainit=5m
|
|
375 #O Timeout.datablock=1h
|
|
376 #O Timeout.datafinal=1h
|
|
377 #O Timeout.rset=5m
|
|
378 #O Timeout.quit=2m
|
|
379 #O Timeout.misc=2m
|
|
380 #O Timeout.command=1h
|
|
381 O Timeout.ident=0
|
|
382 #O Timeout.fileopen=60s
|
|
383 #O Timeout.control=2m
|
|
384 O Timeout.queuereturn=5d
|
|
385 #O Timeout.queuereturn.normal=5d
|
|
386 #O Timeout.queuereturn.urgent=2d
|
|
387 #O Timeout.queuereturn.non-urgent=7d
|
|
388 O Timeout.queuewarn=4h
|
|
389 #O Timeout.queuewarn.normal=4h
|
|
390 #O Timeout.queuewarn.urgent=1h
|
|
391 #O Timeout.queuewarn.non-urgent=12h
|
|
392 #O Timeout.hoststatus=30m
|
|
393 #O Timeout.resolver.retrans=5s
|
|
394 #O Timeout.resolver.retrans.first=5s
|
|
395 #O Timeout.resolver.retrans.normal=5s
|
|
396 #O Timeout.resolver.retry=4
|
|
397 #O Timeout.resolver.retry.first=4
|
|
398 #O Timeout.resolver.retry.normal=4
|
|
399 #O Timeout.lhlo=2m
|
|
400 #O Timeout.auth=10m
|
|
401 #O Timeout.starttls=1h
|
|
402
|
|
403 # time for DeliverBy; extension disabled if less than 0
|
|
404 #O DeliverByMin=0
|
|
405
|
|
406 # should we not prune routes in route-addr syntax addresses?
|
|
407 #O DontPruneRoutes=False
|
|
408
|
|
409 # queue up everything before forking?
|
|
410 O SuperSafe=True
|
|
411
|
|
412 # status file
|
|
413 O StatusFile=/usr/src/rh8/dnsbl/sendmail.st
|
|
414
|
|
415 # time zone handling:
|
|
416 # if undefined, use system default
|
|
417 # if defined but null, use TZ envariable passed in
|
|
418 # if defined and non-null, use that info
|
|
419 #O TimeZoneSpec=
|
|
420
|
|
421 # default UID (can be username or userid:groupid)
|
|
422 O DefaultUser=8:12
|
|
423
|
|
424 # list of locations of user database file (null means no lookup)
|
|
425 #O UserDatabaseSpec=/etc/mail/userdb
|
|
426
|
|
427 # fallback MX host
|
|
428 #O FallbackMXhost=fall.back.host.net
|
|
429
|
|
430 # if we are the best MX host for a site, try it directly instead of config err
|
|
431 #O TryNullMXList=False
|
|
432
|
|
433 # load average at which we just queue messages
|
|
434 O QueueLA=12
|
|
435
|
|
436 # load average at which we refuse connections
|
|
437 O RefuseLA=8
|
|
438
|
|
439 # load average at which we delay connections; 0 means no limit
|
|
440 #O DelayLA=0
|
|
441
|
|
442 # maximum number of children we allow at one time
|
|
443 O MaxDaemonChildren=20
|
|
444
|
|
445 # maximum number of new connections per second
|
|
446 O ConnectionRateThrottle=1
|
|
447
|
|
448 # work recipient factor
|
|
449 #O RecipientFactor=30000
|
|
450
|
|
451 # deliver each queued job in a separate process?
|
|
452 #O ForkEachJob=False
|
|
453
|
|
454 # work class factor
|
|
455 #O ClassFactor=1800
|
|
456
|
|
457 # work time factor
|
|
458 #O RetryFactor=90000
|
|
459
|
|
460 # default character set
|
|
461 #O DefaultCharSet=iso-8859-1
|
|
462
|
|
463 # service switch file (name hardwired on Solaris, Ultrix, OSF/1, others)
|
|
464 #O ServiceSwitchFile=/etc/mail/service.switch
|
|
465
|
|
466 # hosts file (normally /etc/hosts)
|
|
467 #O HostsFile=/etc/hosts
|
|
468
|
|
469 # dialup line delay on connection failure
|
|
470 #O DialDelay=10s
|
|
471
|
|
472 # action to take if there are no recipients in the message
|
|
473 #O NoRecipientAction=add-to-undisclosed
|
|
474
|
|
475 # chrooted environment for writing to files
|
|
476 #O SafeFileEnvironment=/arch
|
|
477
|
|
478 # are colons OK in addresses?
|
|
479 #O ColonOkInAddr=True
|
|
480
|
|
481 # shall I avoid expanding CNAMEs (violates protocols)?
|
|
482 #O DontExpandCnames=False
|
|
483
|
|
484 # SMTP initial login message (old $e macro)
|
|
485 O SmtpGreetingMessage=$j Sendmail $v/$Z; $b
|
|
486
|
|
487 # UNIX initial From header format (old $l macro)
|
|
488 O UnixFromLine=From $g $d
|
|
489
|
|
490 # From: lines that have embedded newlines are unwrapped onto one line
|
|
491 #O SingleLineFromHeader=False
|
|
492
|
|
493 # Allow HELO SMTP command that does not include a host name
|
|
494 #O AllowBogusHELO=False
|
|
495
|
|
496 # Characters to be quoted in a full name phrase (@,;:\()[] are automatic)
|
|
497 #O MustQuoteChars=.
|
|
498
|
|
499 # delimiter (operator) characters (old $o macro)
|
|
500 O OperatorChars=.:%@!^/[]+
|
|
501
|
|
502 # shall I avoid calling initgroups(3) because of high NIS costs?
|
|
503 #O DontInitGroups=False
|
|
504
|
|
505 # are group-writable :include: and .forward files (un)trustworthy?
|
|
506 # True (the default) means they are not trustworthy.
|
|
507 #O UnsafeGroupWrites=True
|
|
508
|
|
509
|
|
510 # where do errors that occur when sending errors get sent?
|
|
511 O DoubleBounceAddress
|
|
512
|
|
513 # where to save bounces if all else fails
|
|
514 #O DeadLetterDrop=/var/tmp/dead.letter
|
|
515
|
|
516 # what user id do we assume for the majority of the processing?
|
|
517 #O RunAsUser=sendmail
|
|
518
|
|
519 # maximum number of recipients per SMTP envelope
|
|
520 #O MaxRecipientsPerMessage=100
|
|
521
|
|
522 # limit the rate recipients per SMTP envelope are accepted
|
|
523 # once the threshold number of recipients have been rejected
|
|
524 O BadRcptThrottle=2
|
|
525
|
|
526 # shall we get local names from our installed interfaces?
|
|
527 O DontProbeInterfaces=true
|
|
528
|
|
529 # Return-Receipt-To: header implies DSN request
|
|
530 #O RrtImpliesDsn=False
|
|
531
|
|
532 # override connection address (for testing)
|
|
533 #O ConnectOnlyTo=0.0.0.0
|
|
534
|
|
535 # Trusted user for file ownership and starting the daemon
|
|
536 #O TrustedUser=root
|
|
537
|
|
538 # Control socket for daemon management
|
|
539 #O ControlSocketName=/var/spool/mqueue/.control
|
|
540
|
|
541 # Maximum MIME header length to protect MUAs
|
|
542 #O MaxMimeHeaderLength=0/0
|
|
543
|
|
544 # Maximum length of the sum of all headers
|
|
545 #O MaxHeadersLength=32768
|
|
546
|
|
547 # Maximum depth of alias recursion
|
|
548 #O MaxAliasRecursion=10
|
|
549
|
|
550 # location of pid file
|
|
551 O PidFile=/var/run/sm-test.pid
|
|
552
|
|
553 # Prefix string for the process title shown on 'ps' listings
|
|
554 #O ProcessTitlePrefix=prefix
|
|
555
|
|
556 # Data file (df) memory-buffer file maximum size
|
|
557 #O DataFileBufferSize=4096
|
|
558
|
|
559 # Transcript file (xf) memory-buffer file maximum size
|
|
560 #O XscriptFileBufferSize=4096
|
|
561
|
|
562 # lookup type to find information about local mailboxes
|
|
563 #O MailboxDatabase=pw
|
|
564
|
|
565 # list of authentication mechanisms
|
|
566 O AuthMechanisms=LOGIN PLAIN
|
|
567
|
|
568 # default authentication information for outgoing connections
|
|
569 #O DefaultAuthInfo=/etc/mail/default-auth-info
|
|
570
|
|
571 # SMTP AUTH flags
|
|
572 O AuthOptions=A
|
|
573
|
|
574 # SMTP AUTH maximum encryption strength
|
|
575 #O AuthMaxBits
|
|
576
|
|
577 # SMTP STARTTLS server options
|
|
578 #O TLSSrvOptions
|
|
579
|
|
580 # Input mail filters
|
|
581 O InputMailFilters=dnsbl
|
|
582
|
|
583 # Milter options
|
|
584 #O Milter.LogLevel
|
|
585 O Milter.macros.connect=j, _, {daemon_name}, {if_name}, {if_addr}
|
|
586 O Milter.macros.helo={tls_version}, {cipher}, {cipher_bits}, {cert_subject}, {cert_issuer}
|
|
587 O Milter.macros.envfrom=i, {auth_type}, {auth_authen}, {auth_ssf}, {auth_author}, {mail_mailer}, {mail_host}, {mail_addr}
|
|
588 O Milter.macros.envrcpt={rcpt_mailer}, {rcpt_host}, {rcpt_addr}
|
|
589
|
|
590 # CA directory
|
|
591 #O CACertPath
|
|
592 # CA file
|
|
593 #O CACertFile
|
|
594 # Server Cert
|
|
595 #O ServerCertFile
|
|
596 # Server private key
|
|
597 #O ServerKeyFile
|
|
598 # Client Cert
|
|
599 #O ClientCertFile
|
|
600 # Client private key
|
|
601 #O ClientKeyFile
|
|
602 # DHParameters (only required if DSA/DH is used)
|
|
603 #O DHParameters
|
|
604 # Random data source (required for systems without /dev/urandom under OpenSSL)
|
|
605 #O RandFile
|
|
606
|
|
607 ############################
|
|
608 # QUEUE GROUP DEFINITIONS #
|
|
609 ############################
|
|
610
|
|
611
|
|
612 ###########################
|
|
613 # Message precedences #
|
|
614 ###########################
|
|
615
|
|
616 Pfirst-class=0
|
|
617 Pspecial-delivery=100
|
|
618 Plist=-30
|
|
619 Pbulk=-60
|
|
620 Pjunk=-100
|
|
621
|
|
622 #####################
|
|
623 # Trusted users #
|
|
624 #####################
|
|
625
|
|
626 # this is equivalent to setting class "t"
|
|
627 Ft/etc/mail/sendmail.ct
|
|
628 Troot
|
|
629 Tdaemon
|
|
630 Tuucp
|
|
631
|
|
632 #########################
|
|
633 # Format of headers #
|
|
634 #########################
|
|
635
|
|
636 H?P?Return-Path: <$g>
|
|
637 HReceived: $?sfrom $s $.$?_($?s$|from $.$_)
|
|
638 $.$?{auth_type}(authenticated$?{auth_ssf} bits=${auth_ssf}$.)
|
|
639 $.by $j ($v/$Z)$?r with $r$. id $i$?{tls_version}
|
|
640 (version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify})$.$?u
|
|
641 for $u; $|;
|
|
642 $.$b
|
|
643 H?D?Resent-Date: $a
|
|
644 H?D?Date: $a
|
|
645 H?F?Resent-From: $?x$x <$g>$|$g$.
|
|
646 H?F?From: $?x$x <$g>$|$g$.
|
|
647 H?x?Full-Name: $x
|
|
648 # HPosted-Date: $a
|
|
649 # H?l?Received-Date: $b
|
|
650 H?M?Resent-Message-Id: <$t.$i@$j>
|
|
651 H?M?Message-Id: <$t.$i@$j>
|
|
652
|
|
653 #
|
|
654 ######################################################################
|
|
655 ######################################################################
|
|
656 #####
|
|
657 ##### REWRITING RULES
|
|
658 #####
|
|
659 ######################################################################
|
|
660 ######################################################################
|
|
661
|
|
662 ############################################
|
|
663 ### Ruleset 3 -- Name Canonicalization ###
|
|
664 ############################################
|
|
665 Scanonify=3
|
|
666
|
|
667 # handle null input (translate to <@> special case)
|
|
668 R$@ $@ <@>
|
|
669
|
|
670 # strip group: syntax (not inside angle brackets!) and trailing semicolon
|
|
671 R$* $: $1 <@> mark addresses
|
|
672 R$* < $* > $* <@> $: $1 < $2 > $3 unmark <addr>
|
|
673 R@ $* <@> $: @ $1 unmark @host:...
|
|
674 R$* [ IPv6 : $+ ] <@> $: $1 [ IPv6 : $2 ] unmark IPv6 addr
|
|
675 R$* :: $* <@> $: $1 :: $2 unmark node::addr
|
|
676 R:include: $* <@> $: :include: $1 unmark :include:...
|
|
677 R$* : $* [ $* ] $: $1 : $2 [ $3 ] <@> remark if leading colon
|
|
678 R$* : $* <@> $: $2 strip colon if marked
|
|
679 R$* <@> $: $1 unmark
|
|
680 R$* ; $1 strip trailing semi
|
|
681 R$* < $+ :; > $* $@ $2 :; <@> catch <list:;>
|
|
682 R$* < $* ; > $1 < $2 > bogus bracketed semi
|
|
683
|
|
684 # null input now results from list:; syntax
|
|
685 R$@ $@ :; <@>
|
|
686
|
|
687 # strip angle brackets -- note RFC733 heuristic to get innermost item
|
|
688 R$* $: < $1 > housekeeping <>
|
|
689 R$+ < $* > < $2 > strip excess on left
|
|
690 R< $* > $+ < $1 > strip excess on right
|
|
691 R<> $@ < @ > MAIL FROM:<> case
|
|
692 R< $+ > $: $1 remove housekeeping <>
|
|
693
|
|
694 # strip route address <@a,@b,@c:user@d> -> <user@d>
|
|
695 R@ $+ , $+ $2
|
|
696 R@ [ $* ] : $+ $2
|
|
697 R@ $+ : $+ $2
|
|
698
|
|
699 # find focus for list syntax
|
|
700 R $+ : $* ; @ $+ $@ $>Canonify2 $1 : $2 ; < @ $3 > list syntax
|
|
701 R $+ : $* ; $@ $1 : $2; list syntax
|
|
702
|
|
703 # find focus for @ syntax addresses
|
|
704 R$+ @ $+ $: $1 < @ $2 > focus on domain
|
|
705 R$+ < $+ @ $+ > $1 $2 < @ $3 > move gaze right
|
|
706 R$+ < @ $+ > $@ $>Canonify2 $1 < @ $2 > already canonical
|
|
707
|
|
708
|
|
709 # convert old-style addresses to a domain-based address
|
|
710 R$- ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > resolve uucp names
|
|
711 R$+ . $- ! $+ $@ $>Canonify2 $3 < @ $1 . $2 > domain uucps
|
|
712 R$+ ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > uucp subdomains
|
|
713
|
|
714 # if we have % signs, take the rightmost one
|
|
715 R$* % $* $1 @ $2 First make them all @s.
|
|
716 R$* @ $* @ $* $1 % $2 @ $3 Undo all but the last.
|
|
717 R$* @ $* $@ $>Canonify2 $1 < @ $2 > Insert < > and finish
|
|
718
|
|
719 # else we must be a local name
|
|
720 R$* $@ $>Canonify2 $1
|
|
721
|
|
722
|
|
723 ################################################
|
|
724 ### Ruleset 96 -- bottom half of ruleset 3 ###
|
|
725 ################################################
|
|
726
|
|
727 SCanonify2=96
|
|
728
|
|
729 # handle special cases for local names
|
|
730 R$* < @ localhost > $* $: $1 < @ $j . > $2 no domain at all
|
|
731 R$* < @ localhost . $m > $* $: $1 < @ $j . > $2 local domain
|
|
732 R$* < @ localhost . UUCP > $* $: $1 < @ $j . > $2 .UUCP domain
|
|
733
|
|
734 # check for IPv4/IPv6 domain literal
|
|
735 R$* < @ [ $+ ] > $* $: $1 < @@ [ $2 ] > $3 mark [addr]
|
|
736 R$* < @@ $=w > $* $: $1 < @ $j . > $3 self-literal
|
|
737 R$* < @@ $+ > $* $@ $1 < @ $2 > $3 canon IP addr
|
|
738
|
|
739
|
|
740
|
|
741
|
|
742
|
|
743 # if really UUCP, handle it immediately
|
|
744
|
|
745 # try UUCP traffic as a local address
|
|
746 R$* < @ $+ . UUCP > $* $: $1 < @ $[ $2 $] . UUCP . > $3
|
|
747 R$* < @ $+ . . UUCP . > $* $@ $1 < @ $2 . > $3
|
|
748
|
|
749 # hostnames ending in class P are always canonical
|
|
750 R$* < @ $* $=P > $* $: $1 < @ $2 $3 . > $4
|
|
751 R$* < @ $* $~P > $* $: $&{daemon_flags} $| $1 < @ $2 $3 > $4
|
|
752 R$* CC $* $| $* < @ $+.$+ > $* $: $3 < @ $4.$5 . > $6
|
|
753 R$* CC $* $| $* $: $3
|
|
754 # pass to name server to make hostname canonical
|
|
755 R$* $| $* < @ $* > $* $: $2 < @ $[ $3 $] > $4
|
|
756 R$* $| $* $: $2
|
|
757
|
|
758 # local host aliases and pseudo-domains are always canonical
|
|
759 R$* < @ $=w > $* $: $1 < @ $2 . > $3
|
|
760 R$* < @ $=M > $* $: $1 < @ $2 . > $3
|
|
761 R$* < @ $={VirtHost} > $* $: $1 < @ $2 . > $3
|
|
762 R$* < @ $=G > $* $: $1 < @ $2 . > $3
|
|
763 R$* < @ $* . . > $* $1 < @ $2 . > $3
|
|
764
|
|
765
|
|
766 ##################################################
|
|
767 ### Ruleset 4 -- Final Output Post-rewriting ###
|
|
768 ##################################################
|
|
769 Sfinal=4
|
|
770
|
|
771 R$+ :; <@> $@ $1 : handle <list:;>
|
|
772 R$* <@> $@ handle <> and list:;
|
|
773
|
|
774 # strip trailing dot off possibly canonical name
|
|
775 R$* < @ $+ . > $* $1 < @ $2 > $3
|
|
776
|
|
777 # eliminate internal code
|
|
778 R$* < @ *LOCAL* > $* $1 < @ $j > $2
|
|
779
|
|
780 # externalize local domain info
|
|
781 R$* < $+ > $* $1 $2 $3 defocus
|
|
782 R@ $+ : @ $+ : $+ @ $1 , @ $2 : $3 <route-addr> canonical
|
|
783 R@ $* $@ @ $1 ... and exit
|
|
784
|
|
785 # UUCP must always be presented in old form
|
|
786 R$+ @ $- . UUCP $2!$1 u@h.UUCP => h!u
|
|
787
|
|
788 # delete duplicate local names
|
|
789 R$+ % $=w @ $=w $1 @ $2 u%host@host => u@host
|
|
790
|
|
791
|
|
792
|
|
793 ##############################################################
|
|
794 ### Ruleset 97 -- recanonicalize and call ruleset zero ###
|
|
795 ### (used for recursive calls) ###
|
|
796 ##############################################################
|
|
797
|
|
798 SRecurse=97
|
|
799 R$* $: $>canonify $1
|
|
800 R$* $@ $>parse $1
|
|
801
|
|
802
|
|
803 ######################################
|
|
804 ### Ruleset 0 -- Parse Address ###
|
|
805 ######################################
|
|
806
|
|
807 Sparse=0
|
|
808
|
|
809 R$* $: $>Parse0 $1 initial parsing
|
|
810 R<@> $#local $: <@> special case error msgs
|
|
811 R$* $: $>ParseLocal $1 handle local hacks
|
|
812 R$* $: $>Parse1 $1 final parsing
|
|
813
|
|
814 #
|
|
815 # Parse0 -- do initial syntax checking and eliminate local addresses.
|
|
816 # This should either return with the (possibly modified) input
|
|
817 # or return with a #error mailer. It should not return with a
|
|
818 # #mailer other than the #error mailer.
|
|
819 #
|
|
820
|
|
821 SParse0
|
|
822 R<@> $@ <@> special case error msgs
|
|
823 R$* : $* ; <@> $#error $@ 5.1.3 $: "553 List:; syntax illegal for recipient addresses"
|
|
824 R@ <@ $* > < @ $1 > catch "@@host" bogosity
|
|
825 R<@ $+> $#error $@ 5.1.3 $: "553 User address required"
|
|
826 R$+ <@> $#error $@ 5.1.3 $: "553 Hostname required"
|
|
827 R$* $: <> $1
|
|
828 R<> $* < @ [ $* ] : $+ > $* $1 < @ [ $2 ] : $3 > $4
|
|
829 R<> $* < @ [ $* ] , $+ > $* $1 < @ [ $2 ] , $3 > $4
|
|
830 R<> $* < @ [ $* ] $+ > $* $#error $@ 5.1.2 $: "553 Invalid address"
|
|
831 R<> $* < @ [ $+ ] > $* $1 < @ [ $2 ] > $3
|
|
832 R<> $* <$* : $* > $* $#error $@ 5.1.3 $: "553 Colon illegal in host name part"
|
|
833 R<> $* $1
|
|
834 R$* < @ . $* > $* $#error $@ 5.1.2 $: "553 Invalid host name"
|
|
835 R$* < @ $* .. $* > $* $#error $@ 5.1.2 $: "553 Invalid host name"
|
|
836 R$* < @ $* @ > $* $#error $@ 5.1.2 $: "553 Invalid route address"
|
|
837 R$* @ $* < @ $* > $* $#error $@ 5.1.3 $: "553 Invalid route address"
|
|
838 R$* , $~O $* $#error $@ 5.1.3 $: "553 Invalid route address"
|
|
839
|
|
840
|
|
841 # now delete the local info -- note $=O to find characters that cause forwarding
|
|
842 R$* < @ > $* $@ $>Parse0 $>canonify $1 user@ => user
|
|
843 R< @ $=w . > : $* $@ $>Parse0 $>canonify $2 @here:... -> ...
|
|
844 R$- < @ $=w . > $: $(dequote $1 $) < @ $2 . > dequote "foo"@here
|
|
845 R< @ $+ > $#error $@ 5.1.3 $: "553 User address required"
|
|
846 R$* $=O $* < @ $=w . > $@ $>Parse0 $>canonify $1 $2 $3 ...@here -> ...
|
|
847 R$- $: $(dequote $1 $) < @ *LOCAL* > dequote "foo"
|
|
848 R< @ *LOCAL* > $#error $@ 5.1.3 $: "553 User address required"
|
|
849 R$* $=O $* < @ *LOCAL* >
|
|
850 $@ $>Parse0 $>canonify $1 $2 $3 ...@*LOCAL* -> ...
|
|
851 R$* < @ *LOCAL* > $: $1
|
|
852
|
|
853 #
|
|
854 # Parse1 -- the bottom half of ruleset 0.
|
|
855 #
|
|
856
|
|
857 SParse1
|
|
858
|
|
859 # handle numeric address spec
|
|
860 R$* < @ [ $+ ] > $* $: $>ParseLocal $1 < @ [ $2 ] > $3 numeric internet spec
|
|
861 R$* < @ [ $+ ] > $* $1 < @ [ $2 ] : $S > $3 Add smart host to path
|
|
862 R$* < @ [ $+ ] : > $* $#esmtp $@ [$2] $: $1 < @ [$2] > $3 no smarthost: send
|
|
863 R$* < @ [ $+ ] : $- : $*> $* $#$3 $@ $4 $: $1 < @ [$2] > $5 smarthost with mailer
|
|
864 R$* < @ [ $+ ] : $+ > $* $#esmtp $@ $3 $: $1 < @ [$2] > $4 smarthost without mailer
|
|
865
|
|
866 # handle virtual users
|
|
867 R$+ $: <!> $1 Mark for lookup
|
|
868 R<!> $+ < @ $={VirtHost} . > $: < $(virtuser $1 @ $2 $@ $1 $: @ $) > $1 < @ $2 . >
|
|
869 R<!> $+ < @ $=w . > $: < $(virtuser $1 @ $2 $@ $1 $: @ $) > $1 < @ $2 . >
|
|
870 R<@> $+ + $+ < @ $* . >
|
|
871 $: < $(virtuser $1 + + @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . >
|
|
872 R<@> $+ + $* < @ $* . >
|
|
873 $: < $(virtuser $1 + * @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . >
|
|
874 R<@> $+ + $* < @ $* . >
|
|
875 $: < $(virtuser $1 @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . >
|
|
876 R<@> $+ + $+ < @ $+ . > $: < $(virtuser + + @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . >
|
|
877 R<@> $+ + $* < @ $+ . > $: < $(virtuser + * @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . >
|
|
878 R<@> $+ + $* < @ $+ . > $: < $(virtuser @ $3 $@ $1 $@ $2 $@ +$2 $: ! $) > $1 + $2 < @ $3 . >
|
|
879 R<@> $+ < @ $+ . > $: < $(virtuser @ $2 $@ $1 $: @ $) > $1 < @ $2 . >
|
|
880 R<@> $+ $: $1
|
|
881 R<!> $+ $: $1
|
|
882 R< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4
|
|
883 R< error : $- $+ > $* $#error $@ $(dequote $1 $) $: $2
|
|
884 R< $+ > $+ < @ $+ > $: $>Recurse $1
|
|
885
|
|
886 # short circuit local delivery so forwarded email works
|
|
887
|
|
888
|
|
889 R$=L < @ $=w . > $#local $: @ $1 special local names
|
|
890 R$+ < @ $=w . > $#local $: $1 regular local name
|
|
891
|
|
892 # not local -- try mailer table lookup
|
|
893 R$* <@ $+ > $* $: < $2 > $1 < @ $2 > $3 extract host name
|
|
894 R< $+ . > $* $: < $1 > $2 strip trailing dot
|
|
895 R< $+ > $* $: < $(mailertable $1 $) > $2 lookup
|
|
896 R< $~[ : $* > $* $>MailerToTriple < $1 : $2 > $3 check -- resolved?
|
|
897 R< $+ > $* $: $>Mailertable <$1> $2 try domain
|
|
898
|
|
899 # resolve remotely connected UUCP links (if any)
|
|
900
|
|
901 # resolve fake top level domains by forwarding to other hosts
|
|
902
|
|
903
|
|
904
|
|
905 # pass names that still have a host to a smarthost (if defined)
|
|
906 R$* < @ $* > $* $: $>MailerToTriple < $S > $1 < @ $2 > $3 glue on smarthost name
|
|
907
|
|
908 # deal with other remote names
|
|
909 R$* < @$* > $* $#esmtp $@ $2 $: $1 < @ $2 > $3 user@host.domain
|
|
910
|
|
911 # handle locally delivered names
|
|
912 R$=L $#local $: @ $1 special local names
|
|
913 R$+ $#local $: $1 regular local names
|
|
914
|
|
915 ###########################################################################
|
|
916 ### Ruleset 5 -- special rewriting after aliases have been expanded ###
|
|
917 ###########################################################################
|
|
918
|
|
919 SLocal_localaddr
|
|
920 Slocaladdr=5
|
|
921 R$+ $: $1 $| $>"Local_localaddr" $1
|
|
922 R$+ $| $#ok $@ $1 no change
|
|
923 R$+ $| $#$* $#$2
|
|
924 R$+ $| $* $: $1
|
|
925
|
|
926
|
|
927
|
|
928
|
|
929 # deal with plussed users so aliases work nicely
|
|
930 R$+ + * $#local $@ $&h $: $1
|
|
931 R$+ + $* $#local $@ + $2 $: $1 + *
|
|
932
|
|
933 # prepend an empty "forward host" on the front
|
|
934 R$+ $: <> $1
|
|
935
|
|
936
|
|
937
|
|
938 R< > $+ $: < > < $1 <> $&h > nope, restore +detail
|
|
939
|
|
940 R< > < $+ <> + $* > $: < > < $1 + $2 > check whether +detail
|
|
941 R< > < $+ <> $* > $: < > < $1 > else discard
|
|
942 R< > < $+ + $* > $* < > < $1 > + $2 $3 find the user part
|
|
943 R< > < $+ > + $* $#local $@ $2 $: @ $1 strip the extra +
|
|
944 R< > < $+ > $@ $1 no +detail
|
|
945 R$+ $: $1 <> $&h add +detail back in
|
|
946
|
|
947 R$+ <> + $* $: $1 + $2 check whether +detail
|
|
948 R$+ <> $* $: $1 else discard
|
|
949 R< local : $* > $* $: $>MailerToTriple < local : $1 > $2 no host extension
|
|
950 R< error : $* > $* $: $>MailerToTriple < error : $1 > $2 no host extension
|
|
951
|
|
952 R< $~[ : $+ > $+ $: $>MailerToTriple < $1 : $2 > $3 < @ $2 >
|
|
953
|
|
954 R< $+ > $+ $@ $>MailerToTriple < $1 > $2 < @ $1 >
|
|
955
|
|
956
|
|
957 ###################################################################
|
|
958 ### Ruleset 90 -- try domain part of mailertable entry ###
|
|
959 ###################################################################
|
|
960
|
|
961 SMailertable=90
|
|
962 R$* <$- . $+ > $* $: $1$2 < $(mailertable .$3 $@ $1$2 $@ $2 $) > $4
|
|
963 R$* <$~[ : $* > $* $>MailerToTriple < $2 : $3 > $4 check -- resolved?
|
|
964 R$* < . $+ > $* $@ $>Mailertable $1 . <$2> $3 no -- strip & try again
|
|
965 R$* < $* > $* $: < $(mailertable . $@ $1$2 $) > $3 try "."
|
|
966 R< $~[ : $* > $* $>MailerToTriple < $1 : $2 > $3 "." found?
|
|
967 R< $* > $* $@ $2 no mailertable match
|
|
968
|
|
969 ###################################################################
|
|
970 ### Ruleset 95 -- canonify mailer:[user@]host syntax to triple ###
|
|
971 ###################################################################
|
|
972
|
|
973 SMailerToTriple=95
|
|
974 R< > $* $@ $1 strip off null relay
|
|
975 R< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4
|
|
976 R< error : $- $+ > $* $#error $@ $(dequote $1 $) $: $2
|
|
977 R< local : $* > $* $>CanonLocal < $1 > $2
|
|
978 R< $~[ : $+ @ $+ > $*<$*>$* $# $1 $@ $3 $: $2<@$3> use literal user
|
|
979 R< $~[ : $+ > $* $# $1 $@ $2 $: $3 try qualified mailer
|
|
980 R< $=w > $* $@ $2 delete local host
|
|
981 R< $+ > $* $#relay $@ $1 $: $2 use unqualified mailer
|
|
982
|
|
983 ###################################################################
|
|
984 ### Ruleset CanonLocal -- canonify local: syntax ###
|
|
985 ###################################################################
|
|
986
|
|
987 SCanonLocal
|
|
988 # strip local host from routed addresses
|
|
989 R< $* > < @ $+ > : $+ $@ $>Recurse $3
|
|
990 R< $* > $+ $=O $+ < @ $+ > $@ $>Recurse $2 $3 $4
|
|
991
|
|
992 # strip trailing dot from any host name that may appear
|
|
993 R< $* > $* < @ $* . > $: < $1 > $2 < @ $3 >
|
|
994
|
|
995 # handle local: syntax -- use old user, either with or without host
|
|
996 R< > $* < @ $* > $* $#local $@ $1@$2 $: $1
|
|
997 R< > $+ $#local $@ $1 $: $1
|
|
998
|
|
999 # handle local:user@host syntax -- ignore host part
|
|
1000 R< $+ @ $+ > $* < @ $* > $: < $1 > $3 < @ $4 >
|
|
1001
|
|
1002 # handle local:user syntax
|
|
1003 R< $+ > $* <@ $* > $* $#local $@ $2@$3 $: $1
|
|
1004 R< $+ > $* $#local $@ $2 $: $1
|
|
1005
|
|
1006 ###################################################################
|
|
1007 ### Ruleset 93 -- convert header names to masqueraded form ###
|
|
1008 ###################################################################
|
|
1009
|
|
1010 SMasqHdr=93
|
|
1011
|
|
1012 # handle generics database
|
|
1013 R$+ < @ $=G . > $: < $1@$2 > $1 < @ $2 . > @ mark
|
|
1014 R$+ < @ *LOCAL* > $: < $1@$j > $1 < @ *LOCAL* > @ mark
|
|
1015 R< $+ > $+ < $* > @ $: < $(generics $1 $: @ $1 $) > $2 < $3 >
|
|
1016 R<@$+ + $* @ $+> $+ < @ $+ >
|
|
1017 $: < $(generics $1+*@$3 $@ $2 $:@$1 + $2@$3 $) > $4 < @ $5 >
|
|
1018 R<@$+ + $* @ $+> $+ < @ $+ >
|
|
1019 $: < $(generics $1@$3 $: $) > $4 < @ $5 >
|
|
1020 R<@$+ > $+ < @ $+ > $: < > $2 < @ $3 >
|
|
1021 R< > $+ < @ $+ . > $: < $(generics @$2 $@ $1 $: $) > $1 < @ $2 . >
|
|
1022 R< > $+ < @ $+ > $: < $(generics $1 $: $) > $1 < @ $2 >
|
|
1023 R< > $+ + $* < @ $+ > $: < $(generics $1+* $@ $2 $: $) > $1 + $2 < @ $3 >
|
|
1024 R< > $+ + $* < @ $+ > $: < $(generics $1 $: $) > $1 + $2 < @ $3 >
|
|
1025 R< $* @ $* > $* < $* > $@ $>canonify $1 @ $2 found qualified
|
|
1026 R< $+ > $* < $* > $: $>canonify $1 @ *LOCAL* found unqualified
|
|
1027 R< > $* $: $1 not found
|
|
1028
|
|
1029 # do not masquerade anything in class N
|
|
1030 R$* < @ $* $=N . > $@ $1 < @ $2 $3 . >
|
|
1031
|
|
1032 R$* < @ *LOCAL* > $@ $1 < @ $j . >
|
|
1033
|
|
1034 ###################################################################
|
|
1035 ### Ruleset 94 -- convert envelope names to masqueraded form ###
|
|
1036 ###################################################################
|
|
1037
|
|
1038 SMasqEnv=94
|
|
1039 R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
|
|
1040
|
|
1041 ###################################################################
|
|
1042 ### Ruleset 98 -- local part of ruleset zero (can be null) ###
|
|
1043 ###################################################################
|
|
1044
|
|
1045 SParseLocal=98
|
|
1046
|
|
1047 # addresses sent to foo@host.REDIRECT will give a 551 error code
|
|
1048 R$* < @ $+ .REDIRECT. > $: $1 < @ $2 . REDIRECT . > < ${opMode} >
|
|
1049 R$* < @ $+ .REDIRECT. > <i> $: $1 < @ $2 . REDIRECT. >
|
|
1050 R$* < @ $+ .REDIRECT. > < $- > $#error $@ 5.1.1 $: "551 User has moved; please try " <$1@$2>
|
|
1051
|
|
1052
|
|
1053
|
|
1054
|
|
1055 ######################################################################
|
|
1056 ### D: LookUpDomain -- search for domain in access database
|
|
1057 ###
|
|
1058 ### Parameters:
|
|
1059 ### <$1> -- key (domain name)
|
|
1060 ### <$2> -- default (what to return if not found in db)
|
|
1061 ### <$3> -- mark (must be <(!|+) single-token>)
|
|
1062 ### ! does lookup only with tag
|
|
1063 ### + does lookup with and without tag
|
|
1064 ### <$4> -- passthru (additional data passed unchanged through)
|
|
1065 ######################################################################
|
|
1066
|
|
1067 SD
|
|
1068 R<$*> <$+> <$- $-> <$*> $: < $(access $4:$1 $: ? $) > <$1> <$2> <$3 $4> <$5>
|
|
1069 R<?> <$+> <$+> <+ $-> <$*> $: < $(access $1 $: ? $) > <$1> <$2> <+ $3> <$4>
|
|
1070 R<?> <[$+.$-]> <$+> <$- $-> <$*> $@ $>D <[$1]> <$3> <$4 $5> <$6>
|
|
1071 R<?> <[$+::$-]> <$+> <$- $-> <$*> $: $>D <[$1]> <$3> <$4 $5> <$6>
|
|
1072 R<?> <[$+:$-]> <$+> <$- $-> <$*> $: $>D <[$1]> <$3> <$4 $5> <$6>
|
|
1073 R<?> <$+.$+> <$+> <$- $-> <$*> $@ $>D <$2> <$3> <$4 $5> <$6>
|
|
1074 R<?> <$+> <$+> <$- $-> <$*> $@ <$2> <$5>
|
|
1075 R<$* <TMPF>> <$+> <$+> <$- $-> <$*> $@ <<TMPF>> <$6>
|
|
1076 R<$*> <$+> <$+> <$- $-> <$*> $@ <$1> <$6>
|
|
1077
|
|
1078 ######################################################################
|
|
1079 ### A: LookUpAddress -- search for host address in access database
|
|
1080 ###
|
|
1081 ### Parameters:
|
|
1082 ### <$1> -- key (dot quadded host address)
|
|
1083 ### <$2> -- default (what to return if not found in db)
|
|
1084 ### <$3> -- mark (must be <(!|+) single-token>)
|
|
1085 ### ! does lookup only with tag
|
|
1086 ### + does lookup with and without tag
|
|
1087 ### <$4> -- passthru (additional data passed through)
|
|
1088 ######################################################################
|
|
1089
|
|
1090 SA
|
|
1091 R<$+> <$+> <$- $-> <$*> $: < $(access $4:$1 $: ? $) > <$1> <$2> <$3 $4> <$5>
|
|
1092 R<?> <$+> <$+> <+ $-> <$*> $: < $(access $1 $: ? $) > <$1> <$2> <+ $3> <$4>
|
|
1093 R<?> <$+::$-> <$+> <$- $-> <$*> $@ $>A <$1> <$3> <$4 $5> <$6>
|
|
1094 R<?> <$+:$-> <$+> <$- $-> <$*> $@ $>A <$1> <$3> <$4 $5> <$6>
|
|
1095 R<?> <$+.$-> <$+> <$- $-> <$*> $@ $>A <$1> <$3> <$4 $5> <$6>
|
|
1096 R<?> <$+> <$+> <$- $-> <$*> $@ <$2> <$5>
|
|
1097 R<$* <TMPF>> <$+> <$+> <$- $-> <$*> $@ <<TMPF>> <$6>
|
|
1098 R<$*> <$+> <$+> <$- $-> <$*> $@ <$1> <$6>
|
|
1099
|
|
1100 ######################################################################
|
|
1101 ### CanonAddr -- Convert an address into a standard form for
|
|
1102 ### relay checking. Route address syntax is
|
|
1103 ### crudely converted into a %-hack address.
|
|
1104 ###
|
|
1105 ### Parameters:
|
|
1106 ### $1 -- full recipient address
|
|
1107 ###
|
|
1108 ### Returns:
|
|
1109 ### parsed address, not in source route form
|
|
1110 ######################################################################
|
|
1111
|
|
1112 SCanonAddr
|
|
1113 R$* $: $>Parse0 $>canonify $1 make domain canonical
|
|
1114
|
|
1115
|
|
1116 ######################################################################
|
|
1117 ### ParseRecipient -- Strip off hosts in $=R as well as possibly
|
|
1118 ### $* $=m or the access database.
|
|
1119 ### Check user portion for host separators.
|
|
1120 ###
|
|
1121 ### Parameters:
|
|
1122 ### $1 -- full recipient address
|
|
1123 ###
|
|
1124 ### Returns:
|
|
1125 ### parsed, non-local-relaying address
|
|
1126 ######################################################################
|
|
1127
|
|
1128 SParseRecipient
|
|
1129 R$* $: <?> $>CanonAddr $1
|
|
1130 R<?> $* < @ $* . > <?> $1 < @ $2 > strip trailing dots
|
|
1131 R<?> $- < @ $* > $: <?> $(dequote $1 $) < @ $2 > dequote local part
|
|
1132
|
|
1133 # if no $=O character, no host in the user portion, we are done
|
|
1134 R<?> $* $=O $* < @ $* > $: <NO> $1 $2 $3 < @ $4>
|
|
1135 R<?> $* $@ $1
|
|
1136
|
|
1137
|
|
1138 R<NO> $* < @ $=R > $: <RELAY> $1 < @ $2 >
|
|
1139 R<NO> $* < @ $+ > $: <$(access To:$2 $: NO $)> $1 < @ $2 >
|
|
1140 R<NO> $* < @ $+ > $: <$(access $2 $: NO $)> $1 < @ $2 >
|
|
1141
|
|
1142
|
|
1143
|
|
1144 R<RELAY> $* < @ $* > $@ $>ParseRecipient $1
|
|
1145 R<$+> $* $@ $2
|
|
1146
|
|
1147
|
|
1148 ######################################################################
|
|
1149 ### check_relay -- check hostname/address on SMTP startup
|
|
1150 ######################################################################
|
|
1151
|
|
1152 SLocal_check_relay
|
|
1153 Scheckrelay
|
|
1154 R$* $: $1 $| $>"Local_check_relay" $1
|
|
1155 R$* $| $* $| $#$* $#$3
|
|
1156 R$* $| $* $| $* $@ $>"Basic_check_relay" $1 $| $2
|
|
1157
|
|
1158 SBasic_check_relay
|
|
1159 # check for deferred delivery mode
|
|
1160 R$* $: < $&{deliveryMode} > $1
|
|
1161 R< d > $* $@ deferred
|
|
1162 R< $* > $* $: $2
|
|
1163
|
|
1164 R$+ $| $+ $: $>D < $1 > <?> <+ Connect> < $2 >
|
|
1165 R $| $+ $: $>A < $1 > <?> <+ Connect> <> empty client_name
|
|
1166 R<?> <$+> $: $>A < $1 > <?> <+ Connect> <> no: another lookup
|
|
1167 R<?> <$*> $: OK found nothing
|
|
1168 R<$={Accept}> <$*> $@ $1 return value of lookup
|
|
1169 R<REJECT> <$*> $#error $@ 5.7.1 $: "550 Access denied"
|
|
1170 R<DISCARD> <$*> $#discard $: discard
|
|
1171 R<ERROR:$-.$-.$-:$+> <$*> $#error $@ $1.$2.$3 $: $4
|
|
1172 R<ERROR:$+> <$*> $#error $: $1
|
|
1173 R<$* <TMPF>> <$*> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
|
|
1174 R<$+> <$*> $#error $: $1
|
|
1175
|
|
1176
|
|
1177
|
|
1178 ######################################################################
|
|
1179 ### check_mail -- check SMTP `MAIL FROM:' command argument
|
|
1180 ######################################################################
|
|
1181
|
|
1182 SLocal_check_mail
|
|
1183 Scheckmail
|
|
1184 R$* $: $1 $| $>"Local_check_mail" $1
|
|
1185 R$* $| $#$* $#$2
|
|
1186 R$* $| $* $@ $>"Basic_check_mail" $1
|
|
1187
|
|
1188 SBasic_check_mail
|
|
1189 # check for deferred delivery mode
|
|
1190 R$* $: < $&{deliveryMode} > $1
|
|
1191 R< d > $* $@ deferred
|
|
1192 R< $* > $* $: $2
|
|
1193
|
|
1194 # authenticated?
|
|
1195 R$* $: $1 $| $>"tls_client" $&{verify} $| MAIL
|
|
1196 R$* $| $#$+ $#$2
|
|
1197 R$* $| $* $: $1
|
|
1198
|
|
1199 R<> $@ <OK> we MUST accept <> (RFC 1123)
|
|
1200 R$+ $: <?> $1
|
|
1201 R<?><$+> $: <@> <$1>
|
|
1202 R<?>$+ $: <@> <$1>
|
|
1203 R$* $: $&{daemon_flags} $| $1
|
|
1204 R$* f $* $| <@> < $* @ $- > $: < ? $&{client_name} > < $3 @ $4 >
|
|
1205 R$* u $* $| <@> < $* > $: <?> < $3 >
|
|
1206 R$* $| $* $: $2
|
|
1207 # handle case of @localhost on address
|
|
1208 R<@> < $* @ localhost > $: < ? $&{client_name} > < $1 @ localhost >
|
|
1209 R<@> < $* @ [127.0.0.1] >
|
|
1210 $: < ? $&{client_name} > < $1 @ [127.0.0.1] >
|
|
1211 R<@> < $* @ localhost.$m >
|
|
1212 $: < ? $&{client_name} > < $1 @ localhost.$m >
|
|
1213 R<@> < $* @ localhost.UUCP >
|
|
1214 $: < ? $&{client_name} > < $1 @ localhost.UUCP >
|
|
1215 R<@> $* $: $1 no localhost as domain
|
|
1216 R<? $=w> $* $: $2 local client: ok
|
|
1217 R<? $+> <$+> $#error $@ 5.5.4 $: "553 Real domain name required for sender address"
|
|
1218 R<?> $* $: $1
|
|
1219 R$* $: <?> $>CanonAddr $1 canonify sender address and mark it
|
|
1220 R<?> $* < @ $+ . > <?> $1 < @ $2 > strip trailing dots
|
|
1221 # handle non-DNS hostnames (*.bitnet, *.decnet, *.uucp, etc)
|
|
1222 R<?> $* < @ $* $=P > $: <OKR> $1 < @ $2 $3 >
|
|
1223 R<?> $* < @ $j > $: <OKR> $1 < @ $j >
|
|
1224 R<?> $* < @ $+ > $: <? $(resolve $2 $: $2 <PERM> $) > $1 < @ $2 >
|
|
1225 R<? $* <$->> $* < @ $+ >
|
|
1226 $: <$2> $3 < @ $4 >
|
|
1227
|
|
1228 # check sender address: user@address, user@, address
|
|
1229 R<$+> $+ < @ $* > $: @<$1> <$2 < @ $3 >> $| <F:$2@$3> <U:$2@> <D:$3>
|
|
1230 R<$+> $+ $: @<$1> <$2> $| <U:$2@>
|
|
1231 R@ <$+> <$*> $| <$+> $: <@> <$1> <$2> $| $>SearchList <+ From> $| <$3> <>
|
|
1232 R<@> <$+> <$*> $| <$*> $: <$3> <$1> <$2> reverse result
|
|
1233 # retransform for further use
|
|
1234 R<?> <$+> <$*> $: <$1> $2 no match
|
|
1235 R<$+> <$+> <$*> $: <$1> $3 relevant result, keep it
|
|
1236
|
|
1237 # handle case of no @domain on address
|
|
1238 R<?> $* $: $&{daemon_flags} $| <?> $1
|
|
1239 R$* u $* $| <?> $* $: <OKR> $3
|
|
1240 R$* $| $* $: $2
|
|
1241 R<?> $* $: < ? $&{client_addr} > $1
|
|
1242 R<?> $* $@ <OKR> ...local unqualed ok
|
|
1243 R<? $+> $* $#error $@ 5.5.4 $: "553 Domain name required for sender address " $&f
|
|
1244 ...remote is not
|
|
1245 # check results
|
|
1246 R<?> $* $: @ $1 mark address: nothing known about it
|
|
1247 R<$={ResOk}> $* $@ <OKR> domain ok: stop
|
|
1248 R<TEMP> $* $#error $@ 4.1.8 $: "451 Domain of sender address " $&f " does not resolve"
|
|
1249 R<PERM> $* $#error $@ 5.1.8 $: "553 Domain of sender address " $&f " does not exist"
|
|
1250 R<$={Accept}> $* $# $1 accept from access map
|
|
1251 R<DISCARD> $* $#discard $: discard
|
|
1252 R<REJECT> $* $#error $@ 5.7.1 $: "550 Access denied"
|
|
1253 R<ERROR:$-.$-.$-:$+> $* $#error $@ $1.$2.$3 $: $4
|
|
1254 R<ERROR:$+> $* $#error $: $1
|
|
1255 R<<TMPF>> $* $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
|
|
1256 R<$+> $* $#error $: $1 error from access db
|
|
1257
|
|
1258 ######################################################################
|
|
1259 ### check_rcpt -- check SMTP `RCPT TO:' command argument
|
|
1260 ######################################################################
|
|
1261
|
|
1262 SLocal_check_rcpt
|
|
1263 Scheckrcpt
|
|
1264 R$* $: $1 $| $>"Local_check_rcpt" $1
|
|
1265 R$* $| $#$* $#$2
|
|
1266 R$* $| $* $@ $>"Basic_check_rcpt" $1
|
|
1267
|
|
1268 SBasic_check_rcpt
|
|
1269 # empty address?
|
|
1270 R<> $#error $@ nouser $: "553 User address required"
|
|
1271 R$@ $#error $@ nouser $: "553 User address required"
|
|
1272 # check for deferred delivery mode
|
|
1273 R$* $: < $&{deliveryMode} > $1
|
|
1274 R< d > $* $@ deferred
|
|
1275 R< $* > $* $: $2
|
|
1276
|
|
1277
|
|
1278 ######################################################################
|
|
1279 R$* $: $1 $| @ $>"Rcpt_ok" $1
|
|
1280 R$* $| @ $#TEMP $+ $: $1 $| T $2
|
|
1281 R$* $| @ $#$* $#$2
|
|
1282 R$* $| @ RELAY $@ RELAY
|
|
1283 R$* $| @ $* $: O $| $>"Relay_ok" $1
|
|
1284 R$* $| T $+ $: T $2 $| $>"Relay_ok" $1
|
|
1285 R$* $| $#TEMP $+ $#error $2
|
|
1286 R$* $| $#$* $#$2
|
|
1287 R$* $| RELAY $@ RELAY
|
|
1288 R T $+ $| $* $#error $1
|
|
1289 # anything else is bogus
|
|
1290 R$* $#error $@ 5.7.1 $: "550 Relaying denied. Proper authentication required."
|
|
1291
|
|
1292
|
|
1293 ######################################################################
|
|
1294 ### Rcpt_ok: is the recipient ok?
|
|
1295 ######################################################################
|
|
1296 SRcpt_ok
|
|
1297 R$* $: $>ParseRecipient $1 strip relayable hosts
|
|
1298
|
|
1299
|
|
1300
|
|
1301
|
|
1302 # authenticated via TLS?
|
|
1303 R$* $: $1 $| $>RelayTLS client authenticated?
|
|
1304 R$* $| $# $+ $# $2 error/ok?
|
|
1305 R$* $| $* $: $1 no
|
|
1306
|
|
1307 R$* $: $1 $| $>"Local_Relay_Auth" $&{auth_type}
|
|
1308 R$* $| $# $* $# $2
|
|
1309 R$* $| NO $: $1
|
|
1310 R$* $| $* $: $1 $| $&{auth_type}
|
|
1311 R$* $| $: $1
|
|
1312 R$* $| $={TrustAuthMech} $# RELAY
|
|
1313 R$* $| $* $: $1
|
|
1314 # anything terminating locally is ok
|
|
1315 R$+ < @ $=w > $@ RELAY
|
|
1316 R$+ < @ $=R > $@ RELAY
|
|
1317 R$+ < @ $+ > $: <$(access To:$2 $: ? $)> <$1 < @ $2 >>
|
|
1318 R<?> <$+ < @ $+ >> $: <$(access $2 $: ? $)> <$1 < @ $2 >>
|
|
1319 R<RELAY> $* $@ RELAY
|
|
1320 R<$* <TMPF>> $* $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
|
|
1321 R<$*> <$*> $: $2
|
|
1322
|
|
1323
|
|
1324
|
|
1325 # check for local user (i.e. unqualified address)
|
|
1326 R$* $: <?> $1
|
|
1327 R<?> $* < @ $+ > $: <REMOTE> $1 < @ $2 >
|
|
1328 # local user is ok
|
|
1329 R<?> $+ $@ RELAY
|
|
1330 R<$+> $* $: $2
|
|
1331
|
|
1332 ######################################################################
|
|
1333 ### Relay_ok: is the relay/sender ok?
|
|
1334 ######################################################################
|
|
1335 SRelay_ok
|
|
1336 # anything originating locally is ok
|
|
1337 # check IP address
|
|
1338 R$* $: $&{client_addr}
|
|
1339 R$@ $@ RELAY originated locally
|
|
1340 R0 $@ RELAY originated locally
|
|
1341 R127.0.0.1 $@ RELAY originated locally
|
|
1342 RIPv6:::1 $@ RELAY originated locally
|
|
1343 R$=R $* $@ RELAY relayable IP address
|
|
1344 R$* $: $>A <$1> <?> <+ Connect> <$1>
|
|
1345 R<RELAY> $* $@ RELAY relayable IP address
|
|
1346
|
|
1347 R<<TMPF>> $* $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
|
|
1348 R<$*> <$*> $: $2
|
|
1349 R$* $: [ $1 ] put brackets around it...
|
|
1350 R$=w $@ RELAY ... and see if it is local
|
|
1351
|
|
1352
|
|
1353 # check client name: first: did it resolve?
|
|
1354 R$* $: < $&{client_resolve} >
|
|
1355 R<TEMP> $#TEMP $@ 4.7.1 $: "450 Relaying temporarily denied. Cannot resolve PTR record for " $&{client_addr}
|
|
1356 R<FORGED> $#error $@ 5.7.1 $: "550 Relaying denied. IP name possibly forged " $&{client_name}
|
|
1357 R<FAIL> $#error $@ 5.7.1 $: "550 Relaying denied. IP name lookup failed " $&{client_name}
|
|
1358 R$* $: <@> $&{client_name}
|
|
1359 # pass to name server to make hostname canonical
|
|
1360 R<@> $* $=P $:<?> $1 $2
|
|
1361 R<@> $+ $:<?> $[ $1 $]
|
|
1362 R$* . $1 strip trailing dots
|
|
1363 R<?> $=w $@ RELAY
|
|
1364 R<?> $=R $@ RELAY
|
|
1365 R<?> $* $: <$(access Connect:$1 $: ? $)> <$1>
|
|
1366 R<?> <$*> $: <$(access $1 $: ? $)> <$1>
|
|
1367 R<RELAY> $* $@ RELAY
|
|
1368 R<$* <TMPF>> $* $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
|
|
1369 R<$*> <$*> $: $2
|
|
1370
|
|
1371 # turn a canonical address in the form user<@domain>
|
|
1372 # qualify unqual. addresses with $j
|
|
1373 SFullAddr
|
|
1374 R$* <@ $+ . > $1 <@ $2 >
|
|
1375 R$* <@ $* > $@ $1 <@ $2 >
|
|
1376 R$+ $@ $1 <@ $j >
|
|
1377
|
|
1378 SDelay_TLS_Client
|
|
1379 # authenticated?
|
|
1380 R$* $: $1 $| $>"tls_client" $&{verify} $| MAIL
|
|
1381 R$* $| $#$+ $#$2
|
|
1382 R$* $# $1
|
|
1383
|
|
1384 SDelay_TLS_Client2
|
|
1385 # authenticated?
|
|
1386 R$* $: $1 $| $>"tls_client" $&{verify} $| MAIL
|
|
1387 R$* $| $#$+ $#$2
|
|
1388 R$* $@ $1
|
|
1389
|
|
1390 # call all necessary rulesets
|
|
1391 Scheck_rcpt
|
|
1392 # R$@ $#error $@ 5.1.3 $: "553 Recipient address required"
|
|
1393
|
|
1394 R$+ $: $1 $| $>checkrcpt $1
|
|
1395 R$+ $| $#error $* $#error $2
|
|
1396 R$+ $| $#discard $* $#discard $2
|
|
1397 R$+ $| $#$* $@ $>"Delay_TLS_Client" $2
|
|
1398 R$+ $| $* $: <?> $>FullAddr $>CanonAddr $1
|
|
1399 R<?> $+ < @ $=w > $: <> $1 < @ $2 > $| <F: $1@$2 > <D: $2 > <U: $1@>
|
|
1400 R<?> $+ < @ $* > $: <> $1 < @ $2 > $| <F: $1@$2 > <D: $2 >
|
|
1401 # lookup the addresses only with Spam tag
|
|
1402 R<> $* $| <$+> $: <@> $1 $| $>SearchList <! Spam> $| <$2> <>
|
|
1403 R<@> $* $| $* $: $2 $1 reverse result
|
|
1404 # is the recipient a spam friend?
|
|
1405 R<FRIEND> $+ $@ $>"Delay_TLS_Client2" SPAMFRIEND
|
|
1406 R<$*> $+ $: $2
|
|
1407 R$* $: $1 $| $>checkmail <$&f>
|
|
1408 R$* $| $#$* $#$2
|
|
1409 R$* $| $* $: $1 $| $>checkrelay $&{client_name} $| $&{client_addr}
|
|
1410 R$* $| $#$* $#$2
|
|
1411 R$* $| $* $: $1
|
|
1412
|
|
1413
|
|
1414 ######################################################################
|
|
1415 ### F: LookUpFull -- search for an entry in access database
|
|
1416 ###
|
|
1417 ### lookup of full key (which should be an address) and
|
|
1418 ### variations if +detail exists: +* and without +detail
|
|
1419 ###
|
|
1420 ### Parameters:
|
|
1421 ### <$1> -- key
|
|
1422 ### <$2> -- default (what to return if not found in db)
|
|
1423 ### <$3> -- mark (must be <(!|+) single-token>)
|
|
1424 ### ! does lookup only with tag
|
|
1425 ### + does lookup with and without tag
|
|
1426 ### <$4> -- passthru (additional data passed unchanged through)
|
|
1427 ######################################################################
|
|
1428
|
|
1429 SF
|
|
1430 R<$+> <$*> <$- $-> <$*> $: <$(access $4:$1 $: ? $)> <$1> <$2> <$3 $4> <$5>
|
|
1431 R<?> <$+> <$*> <+ $-> <$*> $: <$(access $1 $: ? $)> <$1> <$2> <+ $3> <$4>
|
|
1432 R<?> <$+ + $* @ $+> <$*> <$- $-> <$*>
|
|
1433 $: <$(access $6:$1+*@$3 $: ? $)> <$1+$2@$3> <$4> <$5 $6> <$7>
|
|
1434 R<?> <$+ + $* @ $+> <$*> <+ $-> <$*>
|
|
1435 $: <$(access $1+*@$3 $: ? $)> <$1+$2@$3> <$4> <+ $5> <$6>
|
|
1436 R<?> <$+ + $* @ $+> <$*> <$- $-> <$*>
|
|
1437 $: <$(access $6:$1@$3 $: ? $)> <$1+$2@$3> <$4> <$5 $6> <$7>
|
|
1438 R<?> <$+ + $* @ $+> <$*> <+ $-> <$*>
|
|
1439 $: <$(access $1@$3 $: ? $)> <$1+$2@$3> <$4> <+ $5> <$6>
|
|
1440 R<?> <$+> <$*> <$- $-> <$*> $@ <$2> <$5>
|
|
1441 R<$+ <TMPF>> <$*> <$- $-> <$*> $@ <<TMPF>> <$5>
|
|
1442 R<$+> <$*> <$- $-> <$*> $@ <$1> <$5>
|
|
1443
|
|
1444 ######################################################################
|
|
1445 ### E: LookUpExact -- search for an entry in access database
|
|
1446 ###
|
|
1447 ### Parameters:
|
|
1448 ### <$1> -- key
|
|
1449 ### <$2> -- default (what to return if not found in db)
|
|
1450 ### <$3> -- mark (must be <(!|+) single-token>)
|
|
1451 ### ! does lookup only with tag
|
|
1452 ### + does lookup with and without tag
|
|
1453 ### <$4> -- passthru (additional data passed unchanged through)
|
|
1454 ######################################################################
|
|
1455
|
|
1456 SE
|
|
1457 R<$*> <$*> <$- $-> <$*> $: <$(access $4:$1 $: ? $)> <$1> <$2> <$3 $4> <$5>
|
|
1458 R<?> <$+> <$*> <+ $-> <$*> $: <$(access $1 $: ? $)> <$1> <$2> <+ $3> <$4>
|
|
1459 R<?> <$+> <$*> <$- $-> <$*> $@ <$2> <$5>
|
|
1460 R<$+ <TMPF>> <$*> <$- $-> <$*> $@ <<TMPF>> <$5>
|
|
1461 R<$+> <$*> <$- $-> <$*> $@ <$1> <$5>
|
|
1462
|
|
1463 ######################################################################
|
|
1464 ### U: LookUpUser -- search for an entry in access database
|
|
1465 ###
|
|
1466 ### lookup of key (which should be a local part) and
|
|
1467 ### variations if +detail exists: +* and without +detail
|
|
1468 ###
|
|
1469 ### Parameters:
|
|
1470 ### <$1> -- key (user@)
|
|
1471 ### <$2> -- default (what to return if not found in db)
|
|
1472 ### <$3> -- mark (must be <(!|+) single-token>)
|
|
1473 ### ! does lookup only with tag
|
|
1474 ### + does lookup with and without tag
|
|
1475 ### <$4> -- passthru (additional data passed unchanged through)
|
|
1476 ######################################################################
|
|
1477
|
|
1478 SU
|
|
1479 R<$+> <$*> <$- $-> <$*> $: <$(access $4:$1 $: ? $)> <$1> <$2> <$3 $4> <$5>
|
|
1480 R<?> <$+> <$*> <+ $-> <$*> $: <$(access $1 $: ? $)> <$1> <$2> <+ $3> <$4>
|
|
1481 R<?> <$+ + $* @> <$*> <$- $-> <$*>
|
|
1482 $: <$(access $5:$1+*@ $: ? $)> <$1+$2@> <$3> <$4 $5> <$6>
|
|
1483 R<?> <$+ + $* @> <$*> <+ $-> <$*>
|
|
1484 $: <$(access $1+*@ $: ? $)> <$1+$2@> <$3> <+ $4> <$5>
|
|
1485 R<?> <$+ + $* @> <$*> <$- $-> <$*>
|
|
1486 $: <$(access $5:$1@ $: ? $)> <$1+$2@> <$3> <$4 $5> <$6>
|
|
1487 R<?> <$+ + $* @> <$*> <+ $-> <$*>
|
|
1488 $: <$(access $1@ $: ? $)> <$1+$2@> <$3> <+ $4> <$5>
|
|
1489 R<?> <$+> <$*> <$- $-> <$*> $@ <$2> <$5>
|
|
1490 R<$+ <TMPF>> <$*> <$- $-> <$*> $@ <<TMPF>> <$5>
|
|
1491 R<$+> <$*> <$- $-> <$*> $@ <$1> <$5>
|
|
1492
|
|
1493 ######################################################################
|
|
1494 ### SearchList: search a list of items in the access map
|
|
1495 ### Parameters:
|
|
1496 ### <exact tag> $| <mark:address> <mark:address> ... <>
|
|
1497 ### where "exact" is either "+" or "!":
|
|
1498 ### <+ TAG> lookup with and w/o tag
|
|
1499 ### <! TAG> lookup with tag
|
|
1500 ### possible values for "mark" are:
|
|
1501 ### D: recursive host lookup (LookUpDomain)
|
|
1502 ### E: exact lookup, no modifications
|
|
1503 ### F: full lookup, try user+ext@domain and user@domain
|
|
1504 ### U: user lookup, try user+ext and user (input must have trailing @)
|
|
1505 ### return: <RHS of lookup> or <?> (not found)
|
|
1506 ######################################################################
|
|
1507
|
|
1508 # class with valid marks for SearchList
|
|
1509 C{src}E F D U
|
|
1510 SSearchList
|
|
1511 # just call the ruleset with the name of the tag... nice trick...
|
|
1512 R<$+> $| <$={src}:$*> <$*> $: <$1> $| <$4> $| $>$2 <$3> <?> <$1> <>
|
|
1513 R<$+> $| <> $| <?> <> $@ <?>
|
|
1514 R<$+> $| <$+> $| <?> <> $@ $>SearchList <$1> $| <$2>
|
|
1515 R<$+> $| <$*> $| <$+> <> $@ <$3>
|
|
1516 R<$+> $| <$+> $@ <$2>
|
|
1517
|
|
1518
|
|
1519 ######################################################################
|
|
1520 ### trust_auth: is user trusted to authenticate as someone else?
|
|
1521 ###
|
|
1522 ### Parameters:
|
|
1523 ### $1: AUTH= parameter from MAIL command
|
|
1524 ######################################################################
|
|
1525
|
|
1526 SLocal_trust_auth
|
|
1527 Strust_auth
|
|
1528 R$* $: $&{auth_type} $| $1
|
|
1529 # required by RFC 2554 section 4.
|
|
1530 R$@ $| $* $#error $@ 5.7.1 $: "550 not authenticated"
|
|
1531 R$* $| $&{auth_authen} $@ identical
|
|
1532 R$* $| <$&{auth_authen}> $@ identical
|
|
1533 R$* $| $* $: $1 $| $>"Local_trust_auth" $1
|
|
1534 R$* $| $#$* $#$2
|
|
1535 R$* $#error $@ 5.7.1 $: "550 " $&{auth_authen} " not allowed to act as " $&{auth_author}
|
|
1536
|
|
1537 ######################################################################
|
|
1538 ### Relay_Auth: allow relaying based on authentication?
|
|
1539 ###
|
|
1540 ### Parameters:
|
|
1541 ### $1: ${auth_type}
|
|
1542 ######################################################################
|
|
1543 SLocal_Relay_Auth
|
|
1544
|
|
1545 ######################################################################
|
|
1546 ### srv_features: which features to offer to a client?
|
|
1547 ### (done in server)
|
|
1548 ######################################################################
|
|
1549 Ssrv_features
|
|
1550 R$* $: $>D <$&{client_name}> <?> <! "Srv_Features"> <>
|
|
1551 R<?>$* $: $>A <$&{client_addr}> <?> <! "Srv_Features"> <>
|
|
1552 R<?>$* $: <$(access "Srv_Features": $: ? $)>
|
|
1553 R<?>$* $@ OK
|
|
1554 R<$* <TMPF>>$* $#temp
|
|
1555 R<$+>$* $# $1
|
|
1556
|
|
1557 ######################################################################
|
|
1558 ### try_tls: try to use STARTTLS?
|
|
1559 ### (done in client)
|
|
1560 ######################################################################
|
|
1561 Stry_tls
|
|
1562 R$* $: $>D <$&{server_name}> <?> <! "Try_TLS"> <>
|
|
1563 R<?>$* $: $>A <$&{server_addr}> <?> <! "Try_TLS"> <>
|
|
1564 R<?>$* $: <$(access "Try_TLS": $: ? $)>
|
|
1565 R<?>$* $@ OK
|
|
1566 R<$* <TMPF>>$* $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
|
|
1567 R<NO>$* $#error $@ 5.7.1 $: "550 do not try TLS with " $&{server_name} " ["$&{server_addr}"]"
|
|
1568
|
|
1569 ######################################################################
|
|
1570 ### tls_rcpt: is connection with server "good" enough?
|
|
1571 ### (done in client, per recipient)
|
|
1572 ###
|
|
1573 ### Parameters:
|
|
1574 ### $1: recipient
|
|
1575 ######################################################################
|
|
1576 Stls_rcpt
|
|
1577 R$* $: $(macro {TLS_Name} $@ $&{server_name} $) $1
|
|
1578 R$+ $: <?> $>CanonAddr $1
|
|
1579 R<?> $+ < @ $+ . > <?> $1 <@ $2 >
|
|
1580 R<?> $+ < @ $+ > $: $1 <@ $2 > $| <F:$1@$2> <U:$1@> <D:$2> <E:>
|
|
1581 R<?> $+ $: $1 $| <U:$1@> <E:>
|
|
1582 R$* $| $+ $: $1 $| $>SearchList <! "TLS_Rcpt"> $| $2 <>
|
|
1583 R$* $| <?> $@ OK
|
|
1584 R$* $| <$* <TMPF>> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
|
|
1585 R$* $| <$+> $@ $>"TLS_connection" $&{verify} $| <$2>
|
|
1586
|
|
1587 ######################################################################
|
|
1588 ### tls_client: is connection with client "good" enough?
|
|
1589 ### (done in server)
|
|
1590 ###
|
|
1591 ### Parameters:
|
|
1592 ### ${verify} $| (MAIL|STARTTLS)
|
|
1593 ######################################################################
|
|
1594 Stls_client
|
|
1595 R$* $: $(macro {TLS_Name} $@ $&{server_name} $) $1
|
|
1596 R$* $| $* $: $1 $| $>D <$&{client_name}> <?> <! "TLS_Clt"> <>
|
|
1597 R$* $| <?>$* $: $1 $| $>A <$&{client_addr}> <?> <! "TLS_Clt"> <>
|
|
1598 R$* $| <?>$* $: $1 $| <$(access "TLS_Clt": $: ? $)>
|
|
1599 R$* $| <$* <TMPF>> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
|
|
1600 R$* $@ $>"TLS_connection" $1
|
|
1601
|
|
1602 ######################################################################
|
|
1603 ### tls_server: is connection with server "good" enough?
|
|
1604 ### (done in client)
|
|
1605 ###
|
|
1606 ### Parameter:
|
|
1607 ### ${verify}
|
|
1608 ######################################################################
|
|
1609 Stls_server
|
|
1610 R$* $: $(macro {TLS_Name} $@ $&{server_name} $) $1
|
|
1611 R$* $: $1 $| $>D <$&{server_name}> <?> <! "TLS_Srv"> <>
|
|
1612 R$* $| <?>$* $: $1 $| $>A <$&{server_addr}> <?> <! "TLS_Srv"> <>
|
|
1613 R$* $| <?>$* $: $1 $| <$(access "TLS_Srv": $: ? $)>
|
|
1614 R$* $| <$* <TMPF>> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
|
|
1615 R$* $@ $>"TLS_connection" $1
|
|
1616
|
|
1617 ######################################################################
|
|
1618 ### TLS_connection: is TLS connection "good" enough?
|
|
1619 ###
|
|
1620 ### Parameters:
|
|
1621 ### ${verify} $| <Requirement> [<>]
|
|
1622 ### Requirement: RHS from access map, may be ? for none.
|
|
1623 ######################################################################
|
|
1624 STLS_connection
|
|
1625 R$* $| <$*>$* $: $1 $| <$2>
|
|
1626 # create the appropriate error codes
|
|
1627 R$* $| <PERM + $={tls} $*> $: $1 $| <503:5.7.0> <$2 $3>
|
|
1628 R$* $| <TEMP + $={tls} $*> $: $1 $| <403:4.7.0> <$2 $3>
|
|
1629 R$* $| <$={tls} $*> $: $1 $| <403:4.7.0> <$2 $3>
|
|
1630 # deal with TLS handshake failures: abort
|
|
1631 RSOFTWARE $| <$-:$+> $* $#error $@ $2 $: $1 " TLS handshake failed."
|
|
1632 RSOFTWARE $| $* $#error $@ 4.7.0 $: "403 TLS handshake failed."
|
|
1633 R$* $| <$*> <VERIFY> $: <$2> <VERIFY> <> $1
|
|
1634 R$* $| <$*> <VERIFY + $+> $: <$2> <VERIFY> <$3> $1
|
|
1635 R$* $| <$*> <$={tls}:$->$* $: <$2> <$3:$4> <> $1
|
|
1636 R$* $| <$*> <$={tls}:$- + $+>$* $: <$2> <$3:$4> <$5> $1
|
|
1637 R$* $| $* $@ OK
|
|
1638 # authentication required: give appropriate error
|
|
1639 # other side did authenticate (via STARTTLS)
|
|
1640 R<$*><VERIFY> <> OK $@ OK
|
|
1641 R<$*><VERIFY> <$+> OK $: <$1> <REQ:0> <$2>
|
|
1642 R<$*><VERIFY:$-> <$*> OK $: <$1> <REQ:$2> <$3>
|
|
1643 R<$*><ENCR:$-> <$*> $* $: <$1> <REQ:$2> <$3>
|
|
1644 R<$-:$+><VERIFY $*> <$*> $#error $@ $2 $: $1 " authentication required"
|
|
1645 R<$-:$+><VERIFY $*> <$*> FAIL $#error $@ $2 $: $1 " authentication failed"
|
|
1646 R<$-:$+><VERIFY $*> <$*> NO $#error $@ $2 $: $1 " not authenticated"
|
|
1647 R<$-:$+><VERIFY $*> <$*> NOT $#error $@ $2 $: $1 " no authentication requested"
|
|
1648 R<$-:$+><VERIFY $*> <$*> NONE $#error $@ $2 $: $1 " other side does not support STARTTLS"
|
|
1649 R<$-:$+><VERIFY $*> <$*> $+ $#error $@ $2 $: $1 " authentication failure " $4
|
|
1650 R<$*><REQ:$-> <$*> $: <$1> <REQ:$2> <$3> $>max $&{cipher_bits} : $&{auth_ssf}
|
|
1651 R<$*><REQ:$-> <$*> $- $: <$1> <$2:$4> <$3> $(arith l $@ $4 $@ $2 $)
|
|
1652 R<$-:$+><$-:$-> <$*> TRUE $#error $@ $2 $: $1 " encryption too weak " $4 " less than " $3
|
|
1653 R<$-:$+><$-:$-> <$*> $* $: <$1:$2 ++ $5>
|
|
1654 R<$-:$+ ++ > $@ OK
|
|
1655 R<$-:$+ ++ $+ > $: <$1:$2> <$3>
|
|
1656 R<$-:$+> < $+ ++ $+ > <$1:$2> <$3> <$4>
|
|
1657 R<$-:$+> $+ $@ $>"TLS_req" $3 $| <$1:$2>
|
|
1658
|
|
1659 ######################################################################
|
|
1660 ### TLS_req: check additional TLS requirements
|
|
1661 ###
|
|
1662 ### Parameters: [<list> <of> <req>] $| <$-:$+>
|
|
1663 ### $-: SMTP reply code
|
|
1664 ### $+: Enhanced Status Code
|
|
1665 ######################################################################
|
|
1666 STLS_req
|
|
1667 R $| $+ $@ OK
|
|
1668 R<CN> $* $| <$+> $: <CN:$&{TLS_Name}> $1 $| <$2>
|
|
1669 R<CN:$&{cn_subject}> $* $| <$+> $@ $>"TLS_req" $1 $| <$2>
|
|
1670 R<CN:$+> $* $| <$-:$+> $#error $@ $4 $: $3 " CN " $&{cn_subject} " does not match " $1
|
|
1671 R<CS:$&{cert_subject}> $* $| <$+> $@ $>"TLS_req" $1 $| <$2>
|
|
1672 R<CS:$+> $* $| <$-:$+> $#error $@ $4 $: $3 " Cert Subject " $&{cert_subject} " does not match " $1
|
|
1673 R<CI:$&{cert_issuer}> $* $| <$+> $@ $>"TLS_req" $1 $| <$2>
|
|
1674 R<CI:$+> $* $| <$-:$+> $#error $@ $4 $: $3 " Cert Issuer " $&{cert_issuer} " does not match " $1
|
|
1675 ROK $@ OK
|
|
1676
|
|
1677 ######################################################################
|
|
1678 ### max: return the maximum of two values separated by :
|
|
1679 ###
|
|
1680 ### Parameters: [$-]:[$-]
|
|
1681 ######################################################################
|
|
1682 Smax
|
|
1683 R: $: 0
|
|
1684 R:$- $: $1
|
|
1685 R$-: $: $1
|
|
1686 R$-:$- $: $(arith l $@ $1 $@ $2 $) : $1 : $2
|
|
1687 RTRUE:$-:$- $: $2
|
|
1688 R$-:$-:$- $: $2
|
|
1689
|
|
1690
|
|
1691 ######################################################################
|
|
1692 ### RelayTLS: allow relaying based on TLS authentication
|
|
1693 ###
|
|
1694 ### Parameters:
|
|
1695 ### none
|
|
1696 ######################################################################
|
|
1697 SRelayTLS
|
|
1698 # authenticated?
|
|
1699 R$* $: <?> $&{verify}
|
|
1700 R<?> OK $: OK authenticated: continue
|
|
1701 R<?> $* $@ NO not authenticated
|
|
1702 R$* $: $&{cert_issuer}
|
|
1703 R$+ $: $(access CERTISSUER:$1 $)
|
|
1704 RRELAY $# RELAY
|
|
1705 RSUBJECT $: <@> $&{cert_subject}
|
|
1706 R<@> $+ $: <@> $(access CERTSUBJECT:$1 $)
|
|
1707 R<@> RELAY $# RELAY
|
|
1708 R$* $: NO
|
|
1709
|
|
1710 ######################################################################
|
|
1711 ### authinfo: lookup authinfo in the access map
|
|
1712 ###
|
|
1713 ### Parameters:
|
|
1714 ### $1: {server_name}
|
|
1715 ### $2: {server_addr}
|
|
1716 ######################################################################
|
|
1717 Sauthinfo
|
|
1718 R$* $: $1 $| $>D <$&{server_name}> <?> <! AuthInfo> <>
|
|
1719 R$* $| <?>$* $: $1 $| $>A <$&{server_addr}> <?> <! AuthInfo> <>
|
|
1720 R$* $| <?>$* $: $1 $| <$(access AuthInfo: $: ? $)> <>
|
|
1721 R$* $| <?>$* $@ no no authinfo available
|
|
1722 R$* $| <$*> <> $# $2
|
|
1723
|
|
1724 #
|
|
1725 ######################################################################
|
|
1726 ######################################################################
|
|
1727 #####
|
|
1728 ##### MAIL FILTER DEFINITIONS
|
|
1729 #####
|
|
1730 ######################################################################
|
|
1731 ######################################################################
|
|
1732
|
|
1733 Xdnsbl, S=local:/var/run/dnsbl/dnsbl.sock, F=T, T=S:30s;R:30s;E:30s
|
|
1734 #
|
|
1735 ######################################################################
|
|
1736 ######################################################################
|
|
1737 #####
|
|
1738 ##### MAILER DEFINITIONS
|
|
1739 #####
|
|
1740 ######################################################################
|
|
1741 ######################################################################
|
|
1742
|
|
1743 #####################################
|
|
1744 ### SMTP Mailer specification ###
|
|
1745 #####################################
|
|
1746
|
|
1747 ##### $Id$ #####
|
|
1748
|
|
1749 #
|
|
1750 # common sender and masquerading recipient rewriting
|
|
1751 #
|
|
1752 SMasqSMTP
|
|
1753 R$* < @ $* > $* $@ $1 < @ $2 > $3 already fully qualified
|
|
1754 R$+ $@ $1 < @ *LOCAL* > add local qualification
|
|
1755
|
|
1756 #
|
|
1757 # convert pseudo-domain addresses to real domain addresses
|
|
1758 #
|
|
1759 SPseudoToReal
|
|
1760
|
|
1761 # pass <route-addr>s through
|
|
1762 R< @ $+ > $* $@ < @ $1 > $2 resolve <route-addr>
|
|
1763
|
|
1764 # output fake domains as user%fake@relay
|
|
1765
|
|
1766 # do UUCP heuristics; note that these are shared with UUCP mailers
|
|
1767 R$+ < @ $+ .UUCP. > $: < $2 ! > $1 convert to UUCP form
|
|
1768 R$+ < @ $* > $* $@ $1 < @ $2 > $3 not UUCP form
|
|
1769
|
|
1770 # leave these in .UUCP form to avoid further tampering
|
|
1771 R< $&h ! > $- ! $+ $@ $2 < @ $1 .UUCP. >
|
|
1772 R< $&h ! > $-.$+ ! $+ $@ $3 < @ $1.$2 >
|
|
1773 R< $&h ! > $+ $@ $1 < @ $&h .UUCP. >
|
|
1774 R< $+ ! > $+ $: $1 ! $2 < @ $Y > use UUCP_RELAY
|
|
1775 R$+ < @ $~[ $* : $+ > $@ $1 < @ $4 > strip mailer: part
|
|
1776 R$+ < @ > $: $1 < @ *LOCAL* > if no UUCP_RELAY
|
|
1777
|
|
1778
|
|
1779 #
|
|
1780 # envelope sender rewriting
|
|
1781 #
|
|
1782 SEnvFromSMTP
|
|
1783 R$+ $: $>PseudoToReal $1 sender/recipient common
|
|
1784 R$* :; <@> $@ list:; special case
|
|
1785 R$* $: $>MasqSMTP $1 qualify unqual'ed names
|
|
1786 R$+ $: $>MasqEnv $1 do masquerading
|
|
1787
|
|
1788
|
|
1789 #
|
|
1790 # envelope recipient rewriting --
|
|
1791 # also header recipient if not masquerading recipients
|
|
1792 #
|
|
1793 SEnvToSMTP
|
|
1794 R$+ $: $>PseudoToReal $1 sender/recipient common
|
|
1795 R$+ $: $>MasqSMTP $1 qualify unqual'ed names
|
|
1796 R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
|
|
1797
|
|
1798 #
|
|
1799 # header sender and masquerading header recipient rewriting
|
|
1800 #
|
|
1801 SHdrFromSMTP
|
|
1802 R$+ $: $>PseudoToReal $1 sender/recipient common
|
|
1803 R:; <@> $@ list:; special case
|
|
1804
|
|
1805 # do special header rewriting
|
|
1806 R$* <@> $* $@ $1 <@> $2 pass null host through
|
|
1807 R< @ $* > $* $@ < @ $1 > $2 pass route-addr through
|
|
1808 R$* $: $>MasqSMTP $1 qualify unqual'ed names
|
|
1809 R$+ $: $>MasqHdr $1 do masquerading
|
|
1810
|
|
1811
|
|
1812 #
|
|
1813 # relay mailer header masquerading recipient rewriting
|
|
1814 #
|
|
1815 SMasqRelay
|
|
1816 R$+ $: $>MasqSMTP $1
|
|
1817 R$+ $: $>MasqHdr $1
|
|
1818
|
|
1819 Msmtp, P=[IPC], F=mDFMuX, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
|
|
1820 T=DNS/RFC822/SMTP,
|
|
1821 A=TCP $h
|
|
1822 Mesmtp, P=[IPC], F=mDFMuXa, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
|
|
1823 T=DNS/RFC822/SMTP,
|
|
1824 A=TCP $h
|
|
1825 Msmtp8, P=[IPC], F=mDFMuX8, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
|
|
1826 T=DNS/RFC822/SMTP,
|
|
1827 A=TCP $h
|
|
1828 Mdsmtp, P=[IPC], F=mDFMuXa%, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
|
|
1829 T=DNS/RFC822/SMTP,
|
|
1830 A=TCP $h
|
|
1831 Mrelay, P=[IPC], F=mDFMuXa8, S=EnvFromSMTP/HdrFromSMTP, R=MasqSMTP, E=\r\n, L=2040,
|
|
1832 T=DNS/RFC822/SMTP,
|
|
1833 A=TCP $h
|
|
1834
|
|
1835
|
|
1836 ######################*****##############
|
|
1837 ### PROCMAIL Mailer specification ###
|
|
1838 ##################*****##################
|
|
1839
|
|
1840 ##### $Id$ #####
|
|
1841
|
|
1842 Mprocmail, P=/usr/bin/procmail, F=DFMSPhnu9, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP/HdrFromSMTP,
|
|
1843 T=DNS/RFC822/X-Unix,
|
|
1844 A=procmail -Y -m $h $f $u
|
|
1845
|
|
1846
|
|
1847 ##################################################
|
|
1848 ### Local and Program Mailer specification ###
|
|
1849 ##################################################
|
|
1850
|
|
1851 ##### $Id$ #####
|
|
1852
|
|
1853 #
|
|
1854 # Envelope sender rewriting
|
|
1855 #
|
|
1856 SEnvFromL
|
|
1857 R<@> $n errors to mailer-daemon
|
|
1858 R@ <@ $*> $n temporarily bypass Sun bogosity
|
|
1859 R$+ $: $>AddDomain $1 add local domain if needed
|
|
1860 R$* $: $>MasqEnv $1 do masquerading
|
|
1861
|
|
1862 #
|
|
1863 # Envelope recipient rewriting
|
|
1864 #
|
|
1865 SEnvToL
|
|
1866 R$+ < @ $* > $: $1 strip host part
|
|
1867 R$+ + $* $: < $&{addr_type} > $1 + $2 mark with addr type
|
|
1868 R<e s> $+ + $* $: $1 remove +detail for sender
|
|
1869 R< $* > $+ $: $2 else remove mark
|
|
1870
|
|
1871 #
|
|
1872 # Header sender rewriting
|
|
1873 #
|
|
1874 SHdrFromL
|
|
1875 R<@> $n errors to mailer-daemon
|
|
1876 R@ <@ $*> $n temporarily bypass Sun bogosity
|
|
1877 R$+ $: $>AddDomain $1 add local domain if needed
|
|
1878 R$* $: $>MasqHdr $1 do masquerading
|
|
1879
|
|
1880 #
|
|
1881 # Header recipient rewriting
|
|
1882 #
|
|
1883 SHdrToL
|
|
1884 R$+ $: $>AddDomain $1 add local domain if needed
|
|
1885 R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
|
|
1886
|
|
1887 #
|
|
1888 # Common code to add local domain name (only if always-add-domain)
|
|
1889 #
|
|
1890 SAddDomain
|
|
1891 R$* < @ $* > $* $@ $1 < @ $2 > $3 already fully qualified
|
|
1892
|
|
1893 R$+ $@ $1 < @ *LOCAL* > add local qualification
|
|
1894
|
|
1895 Mlocal, P=/usr/bin/procmail, F=lsDFMAw5:/|@qSPfhn9, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL,
|
|
1896 T=DNS/RFC822/X-Unix,
|
|
1897 A=procmail -t -Y -a $h -d $u
|
|
1898 Mprog, P=/bin/sh, F=lsDFMoqeu9, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL, D=$z:/,
|
|
1899 T=X-Unix/X-Unix/X-Unix,
|
|
1900 A=sh -c $u
|
|
1901
|