Mercurial > dnsbl

comparison test.cf @ 90:962a1f8f1d9f stable-5-4

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
add verify statement to verify addresses with better mx host
author carl
date Sun, 18 Sep 2005 10:19:58 -0700
parents 510a511ad554
children e107ade3b1c0
comparison
equal deleted inserted replaced
89:946fc1bcfb2c 90:962a1f8f1d9f
1 # 1 #
2 # Copyright (c) 1998-2002 Sendmail, Inc. and its suppliers. 2 # Copyright (c) 1998-2004 Sendmail, Inc. and its suppliers.
3 # All rights reserved. 3 # All rights reserved.
4 # Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved. 4 # Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved.
5 # Copyright (c) 1988, 1993 5 # Copyright (c) 1988, 1993
6 # The Regents of the University of California. All rights reserved. 6 # The Regents of the University of California. All rights reserved.
7 # 7 #
14 ###################################################################### 14 ######################################################################
15 ###################################################################### 15 ######################################################################
16 ##### 16 #####
17 ##### SENDMAIL CONFIGURATION FILE 17 ##### SENDMAIL CONFIGURATION FILE
18 ##### 18 #####
19 ##### built by root@ns.five-ten-sg.com on Mon Jan 3 13:23:43 PST 2005 19 ##### built by root@ns.five-ten-sg.com on Sat Sep 17 18:06:39 PDT 2005
20 ##### in /usr/src/rh8/gpl/dnsbl 20 ##### in /usr/usr/cvs/gpl/dnsbl
21 ##### using /usr/share/sendmail-cf/ as configuration include directory 21 ##### using /usr/share/sendmail-cf/ as configuration include directory
22 ##### 22 #####
23 ###################################################################### 23 ######################################################################
24 ##### 24 #####
25 ##### DO NOT EDIT THIS FILE! Only edit the source .mc file. 25 ##### DO NOT EDIT THIS FILE! Only edit the source .mc file.
138 138
139 # my official domain name 139 # my official domain name
140 # ... define this only if sendmail cannot automatically determine your domain 140 # ... define this only if sendmail cannot automatically determine your domain
141 #Dj$w.Foo.COM 141 #Dj$w.Foo.COM
142 142
143 # host/domain names ending with a token in class P are canonical
143 CP. 144 CP.
144 145
145 # "Smart" relay host (may be null) 146 # "Smart" relay host (may be null)
146 DS 147 DS
147 148
170 # arithmetic map 171 # arithmetic map
171 Karith arith 172 Karith arith
172 # macro storage map 173 # macro storage map
173 Kmacro macro 174 Kmacro macro
174 # possible values for TLS_connection in access map 175 # possible values for TLS_connection in access map
175 C{tls}VERIFY ENCR 176 C{Tls}VERIFY ENCR
176 177
177 178
178 179
179 180
180 181
210 211
211 # Generics table (mapping outgoing addresses) 212 # Generics table (mapping outgoing addresses)
212 Kgenerics hash /etc/mail/genericstable.db 213 Kgenerics hash /etc/mail/genericstable.db
213 214
214 # Configuration version number 215 # Configuration version number
215 DZ8.12.8 216 DZ8.13.1
216 217
217 218
218 ############### 219 ###############
219 # Options # 220 # Options #
220 ############### 221 ###############
383 #O Timeout.control=2m 384 #O Timeout.control=2m
384 O Timeout.queuereturn=5d 385 O Timeout.queuereturn=5d
385 #O Timeout.queuereturn.normal=5d 386 #O Timeout.queuereturn.normal=5d
386 #O Timeout.queuereturn.urgent=2d 387 #O Timeout.queuereturn.urgent=2d
387 #O Timeout.queuereturn.non-urgent=7d 388 #O Timeout.queuereturn.non-urgent=7d
389 #O Timeout.queuereturn.dsn=5d
388 O Timeout.queuewarn=4h 390 O Timeout.queuewarn=4h
389 #O Timeout.queuewarn.normal=4h 391 #O Timeout.queuewarn.normal=4h
390 #O Timeout.queuewarn.urgent=1h 392 #O Timeout.queuewarn.urgent=1h
391 #O Timeout.queuewarn.non-urgent=12h 393 #O Timeout.queuewarn.non-urgent=12h
394 #O Timeout.queuewarn.dsn=4h
392 #O Timeout.hoststatus=30m 395 #O Timeout.hoststatus=30m
393 #O Timeout.resolver.retrans=5s 396 #O Timeout.resolver.retrans=5s
394 #O Timeout.resolver.retrans.first=5s 397 #O Timeout.resolver.retrans.first=5s
395 #O Timeout.resolver.retrans.normal=5s 398 #O Timeout.resolver.retrans.normal=5s
396 #O Timeout.resolver.retry=4 399 #O Timeout.resolver.retry=4
408 411
409 # queue up everything before forking? 412 # queue up everything before forking?
410 O SuperSafe=True 413 O SuperSafe=True
411 414
412 # status file 415 # status file
413 O StatusFile=/usr/src/rh8/gpl/dnsbl/sendmail.st 416 O StatusFile=/usr/usr/cvs/gpl/dnsbl/sendmail.st
414 417
415 # time zone handling: 418 # time zone handling:
416 # if undefined, use system default 419 # if undefined, use system default
417 # if defined but null, use TZ envariable passed in 420 # if defined but null, use TZ envariable passed in
418 # if defined and non-null, use that info 421 # if defined and non-null, use that info
425 #O UserDatabaseSpec=/etc/mail/userdb 428 #O UserDatabaseSpec=/etc/mail/userdb
426 429
427 # fallback MX host 430 # fallback MX host
428 #O FallbackMXhost=fall.back.host.net 431 #O FallbackMXhost=fall.back.host.net
429 432
433 # fallback smart host
434 #O FallbackSmartHost=fall.back.host.net
435
430 # if we are the best MX host for a site, try it directly instead of config err 436 # if we are the best MX host for a site, try it directly instead of config err
431 #O TryNullMXList=False 437 #O TryNullMXList=False
432 438
433 # load average at which we just queue messages 439 # load average at which we just queue messages
434 O QueueLA=12 440 O QueueLA=12
435 441
436 # load average at which we refuse connections 442 # load average at which we refuse connections
437 O RefuseLA=8 443 O RefuseLA=8
438 444
445 # log interval when refusing connections for this long
446 #O RejectLogInterval=3h
447
439 # load average at which we delay connections; 0 means no limit 448 # load average at which we delay connections; 0 means no limit
440 #O DelayLA=0 449 #O DelayLA=0
441 450
442 # maximum number of children we allow at one time 451 # maximum number of children we allow at one time
443 O MaxDaemonChildren=20 452 O MaxDaemonChildren=20
444 453
445 # maximum number of new connections per second 454 # maximum number of new connections per second
446 O ConnectionRateThrottle=1 455 O ConnectionRateThrottle=1
456
457 # Width of the window
458 #O ConnectionRateWindowSize=60s
447 459
448 # work recipient factor 460 # work recipient factor
449 #O RecipientFactor=30000 461 #O RecipientFactor=30000
450 462
451 # deliver each queued job in a separate process? 463 # deliver each queued job in a separate process?
515 527
516 # what user id do we assume for the majority of the processing? 528 # what user id do we assume for the majority of the processing?
517 #O RunAsUser=sendmail 529 #O RunAsUser=sendmail
518 530
519 # maximum number of recipients per SMTP envelope 531 # maximum number of recipients per SMTP envelope
520 #O MaxRecipientsPerMessage=100 532 #O MaxRecipientsPerMessage=0
521 533
522 # limit the rate recipients per SMTP envelope are accepted 534 # limit the rate recipients per SMTP envelope are accepted
523 # once the threshold number of recipients have been rejected 535 # once the threshold number of recipients have been rejected
524 O BadRcptThrottle=2 536 O BadRcptThrottle=2
525 537
560 #O XscriptFileBufferSize=4096 572 #O XscriptFileBufferSize=4096
561 573
562 # lookup type to find information about local mailboxes 574 # lookup type to find information about local mailboxes
563 #O MailboxDatabase=pw 575 #O MailboxDatabase=pw
564 576
577 # override compile time flag REQUIRES_DIR_FSYNC
578 #O RequiresDirfsync=true
579
565 # list of authentication mechanisms 580 # list of authentication mechanisms
566 O AuthMechanisms=LOGIN PLAIN 581 O AuthMechanisms=LOGIN PLAIN
582
583 # Authentication realm
584 #O AuthRealm
567 585
568 # default authentication information for outgoing connections 586 # default authentication information for outgoing connections
569 #O DefaultAuthInfo=/etc/mail/default-auth-info 587 #O DefaultAuthInfo=/etc/mail/default-auth-info
570 588
571 # SMTP AUTH flags 589 # SMTP AUTH flags
584 #O Milter.LogLevel 602 #O Milter.LogLevel
585 O Milter.macros.connect=j, _, {daemon_name}, {if_name}, {if_addr} 603 O Milter.macros.connect=j, _, {daemon_name}, {if_name}, {if_addr}
586 O Milter.macros.helo={tls_version}, {cipher}, {cipher_bits}, {cert_subject}, {cert_issuer} 604 O Milter.macros.helo={tls_version}, {cipher}, {cipher_bits}, {cert_subject}, {cert_issuer}
587 O Milter.macros.envfrom=i, {auth_type}, {auth_authen}, {auth_ssf}, {auth_author}, {mail_mailer}, {mail_host}, {mail_addr} 605 O Milter.macros.envfrom=i, {auth_type}, {auth_authen}, {auth_ssf}, {auth_author}, {mail_mailer}, {mail_host}, {mail_addr}
588 O Milter.macros.envrcpt={rcpt_mailer}, {rcpt_host}, {rcpt_addr} 606 O Milter.macros.envrcpt={rcpt_mailer}, {rcpt_host}, {rcpt_addr}
607 O Milter.macros.eom={msg_id}
589 608
590 # CA directory 609 # CA directory
591 #O CACertPath 610 #O CACertPath
592 # CA file 611 # CA file
593 #O CACertFile 612 #O CACertFile
597 #O ServerKeyFile 616 #O ServerKeyFile
598 # Client Cert 617 # Client Cert
599 #O ClientCertFile 618 #O ClientCertFile
600 # Client private key 619 # Client private key
601 #O ClientKeyFile 620 #O ClientKeyFile
621 # File containing certificate revocation lists
622 #O CRLFile
602 # DHParameters (only required if DSA/DH is used) 623 # DHParameters (only required if DSA/DH is used)
603 #O DHParameters 624 #O DHParameters
604 # Random data source (required for systems without /dev/urandom under OpenSSL) 625 # Random data source (required for systems without /dev/urandom under OpenSSL)
605 #O RandFile 626 #O RandFile
606 627
856 877
857 SParse1 878 SParse1
858 879
859 # handle numeric address spec 880 # handle numeric address spec
860 R$* < @ [ $+ ] > $* $: $>ParseLocal $1 < @ [ $2 ] > $3 numeric internet spec 881 R$* < @ [ $+ ] > $* $: $>ParseLocal $1 < @ [ $2 ] > $3 numeric internet spec
861 R$* < @ [ $+ ] > $* $1 < @ [ $2 ] : $S > $3 Add smart host to path 882 R$* < @ [ $+ ] > $* $: $1 < @ [ $2 ] : $S > $3 Add smart host to path
862 R$* < @ [ $+ ] : > $* $#esmtp $@ [$2] $: $1 < @ [$2] > $3 no smarthost: send 883 R$* < @ [ $+ ] : > $* $#esmtp $@ [$2] $: $1 < @ [$2] > $3 no smarthost: send
863 R$* < @ [ $+ ] : $- : $*> $* $#$3 $@ $4 $: $1 < @ [$2] > $5 smarthost with mailer 884 R$* < @ [ $+ ] : $- : $*> $* $#$3 $@ $4 $: $1 < @ [$2] > $5 smarthost with mailer
864 R$* < @ [ $+ ] : $+ > $* $#esmtp $@ $3 $: $1 < @ [$2] > $4 smarthost without mailer 885 R$* < @ [ $+ ] : $+ > $* $#esmtp $@ $3 $: $1 < @ [$2] > $4 smarthost without mailer
865 886
866 # handle virtual users 887 # handle virtual users
971 ################################################################### 992 ###################################################################
972 993
973 SMailerToTriple=95 994 SMailerToTriple=95
974 R< > $* $@ $1 strip off null relay 995 R< > $* $@ $1 strip off null relay
975 R< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4 996 R< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4
976 R< error : $- $+ > $* $#error $@ $(dequote $1 $) $: $2 997 R< error : $- : $+ > $* $#error $@ $(dequote $1 $) $: $2
998 R< error : $+ > $* $#error $: $1
977 R< local : $* > $* $>CanonLocal < $1 > $2 999 R< local : $* > $* $>CanonLocal < $1 > $2
978 R< $~[ : $+ @ $+ > $*<$*>$* $# $1 $@ $3 $: $2<@$3> use literal user 1000 R< $~[ : $+ @ $+ > $*<$*>$* $# $1 $@ $3 $: $2<@$3> use literal user
979 R< $~[ : $+ > $* $# $1 $@ $2 $: $3 try qualified mailer 1001 R< $~[ : $+ > $* $# $1 $@ $2 $: $3 try qualified mailer
980 R< $=w > $* $@ $2 delete local host 1002 R< $=w > $* $@ $2 delete local host
981 R< $+ > $* $#relay $@ $1 $: $2 use unqualified mailer 1003 R< $+ > $* $#relay $@ $1 $: $2 use unqualified mailer
1147 1169
1148 ###################################################################### 1170 ######################################################################
1149 ### check_relay -- check hostname/address on SMTP startup 1171 ### check_relay -- check hostname/address on SMTP startup
1150 ###################################################################### 1172 ######################################################################
1151 1173
1174
1175
1152 SLocal_check_relay 1176 SLocal_check_relay
1153 Scheckrelay 1177 Scheckrelay
1154 R$* $: $1 $| $>"Local_check_relay" $1 1178 R$* $: $1 $| $>"Local_check_relay" $1
1155 R$* $| $* $| $#$* $#$3 1179 R$* $| $* $| $#$* $#$3
1156 R$* $| $* $| $* $@ $>"Basic_check_relay" $1 $| $2 1180 R$* $| $* $| $* $@ $>"Basic_check_relay" $1 $| $2
1166 R<?> <$+> $: $>A < $1 > <?> <+ Connect> <> no: another lookup 1190 R<?> <$+> $: $>A < $1 > <?> <+ Connect> <> no: another lookup
1167 R<?> <$*> $: OK found nothing 1191 R<?> <$*> $: OK found nothing
1168 R<$={Accept}> <$*> $@ $1 return value of lookup 1192 R<$={Accept}> <$*> $@ $1 return value of lookup
1169 R<REJECT> <$*> $#error $@ 5.7.1 $: "550 Access denied" 1193 R<REJECT> <$*> $#error $@ 5.7.1 $: "550 Access denied"
1170 R<DISCARD> <$*> $#discard $: discard 1194 R<DISCARD> <$*> $#discard $: discard
1195 R<QUARANTINE:$+> <$*> $#error $@ quarantine $: $1
1171 R<ERROR:$-.$-.$-:$+> <$*> $#error $@ $1.$2.$3 $: $4 1196 R<ERROR:$-.$-.$-:$+> <$*> $#error $@ $1.$2.$3 $: $4
1172 R<ERROR:$+> <$*> $#error $: $1 1197 R<ERROR:$+> <$*> $#error $: $1
1173 R<$* <TMPF>> <$*> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later." 1198 R<$* <TMPF>> <$*> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
1174 R<$+> <$*> $#error $: $1 1199 R<$+> <$*> $#error $: $1
1175 1200
1247 R<$={ResOk}> $* $@ <OKR> domain ok: stop 1272 R<$={ResOk}> $* $@ <OKR> domain ok: stop
1248 R<TEMP> $* $#error $@ 4.1.8 $: "451 Domain of sender address " $&f " does not resolve" 1273 R<TEMP> $* $#error $@ 4.1.8 $: "451 Domain of sender address " $&f " does not resolve"
1249 R<PERM> $* $#error $@ 5.1.8 $: "553 Domain of sender address " $&f " does not exist" 1274 R<PERM> $* $#error $@ 5.1.8 $: "553 Domain of sender address " $&f " does not exist"
1250 R<$={Accept}> $* $# $1 accept from access map 1275 R<$={Accept}> $* $# $1 accept from access map
1251 R<DISCARD> $* $#discard $: discard 1276 R<DISCARD> $* $#discard $: discard
1277 R<QUARANTINE:$+> $* $#error $@ quarantine $: $1
1252 R<REJECT> $* $#error $@ 5.7.1 $: "550 Access denied" 1278 R<REJECT> $* $#error $@ 5.7.1 $: "550 Access denied"
1253 R<ERROR:$-.$-.$-:$+> $* $#error $@ $1.$2.$3 $: $4 1279 R<ERROR:$-.$-.$-:$+> $* $#error $@ $1.$2.$3 $: $4
1254 R<ERROR:$+> $* $#error $: $1 1280 R<ERROR:$+> $* $#error $: $1
1255 R<<TMPF>> $* $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later." 1281 R<<TMPF>> $* $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
1256 R<$+> $* $#error $: $1 error from access db 1282 R<$+> $* $#error $: $1 error from access db
1350 R$=w $@ RELAY ... and see if it is local 1376 R$=w $@ RELAY ... and see if it is local
1351 1377
1352 1378
1353 # check client name: first: did it resolve? 1379 # check client name: first: did it resolve?
1354 R$* $: < $&{client_resolve} > 1380 R$* $: < $&{client_resolve} >
1355 R<TEMP> $#TEMP $@ 4.7.1 $: "450 Relaying temporarily denied. Cannot resolve PTR record for " $&{client_addr} 1381 R<TEMP> $#TEMP $@ 4.4.0 $: "450 Relaying temporarily denied. Cannot resolve PTR record for " $&{client_addr}
1356 R<FORGED> $#error $@ 5.7.1 $: "550 Relaying denied. IP name possibly forged " $&{client_name} 1382 R<FORGED> $#error $@ 5.7.1 $: "550 Relaying denied. IP name possibly forged " $&{client_name}
1357 R<FAIL> $#error $@ 5.7.1 $: "550 Relaying denied. IP name lookup failed " $&{client_name} 1383 R<FAIL> $#error $@ 5.7.1 $: "550 Relaying denied. IP name lookup failed " $&{client_name}
1358 R$* $: <@> $&{client_name} 1384 R$* $: <@> $&{client_name}
1359 # pass to name server to make hostname canonical 1385 # pass to name server to make hostname canonical
1360 R<@> $* $=P $:<?> $1 $2 1386 R<@> $* $=P $:<?> $1 $2
1373 SFullAddr 1399 SFullAddr
1374 R$* <@ $+ . > $1 <@ $2 > 1400 R$* <@ $+ . > $1 <@ $2 >
1375 R$* <@ $* > $@ $1 <@ $2 > 1401 R$* <@ $* > $@ $1 <@ $2 >
1376 R$+ $@ $1 <@ $j > 1402 R$+ $@ $1 <@ $j >
1377 1403
1378 SDelay_TLS_Client 1404 SDelay_TLS_Clt
1379 # authenticated? 1405 # authenticated?
1380 R$* $: $1 $| $>"tls_client" $&{verify} $| MAIL 1406 R$* $: $1 $| $>"tls_client" $&{verify} $| MAIL
1381 R$* $| $#$+ $#$2 1407 R$* $| $#$+ $#$2
1408 R$* $| $* $# $1
1382 R$* $# $1 1409 R$* $# $1
1383 1410
1384 SDelay_TLS_Client2 1411 SDelay_TLS_Clt2
1385 # authenticated? 1412 # authenticated?
1386 R$* $: $1 $| $>"tls_client" $&{verify} $| MAIL 1413 R$* $: $1 $| $>"tls_client" $&{verify} $| MAIL
1387 R$* $| $#$+ $#$2 1414 R$* $| $#$+ $#$2
1415 R$* $| $* $@ $1
1388 R$* $@ $1 1416 R$* $@ $1
1389 1417
1390 # call all necessary rulesets 1418 # call all necessary rulesets
1391 Scheck_rcpt 1419 Scheck_rcpt
1392 # R$@ $#error $@ 5.1.3 $: "553 Recipient address required" 1420 # R$@ $#error $@ 5.1.3 $: "553 Recipient address required"
1393 1421
1394 R$+ $: $1 $| $>checkrcpt $1 1422 R$+ $: $1 $| $>checkrcpt $1
1395 R$+ $| $#error $* $#error $2 1423 R$+ $| $#error $* $#error $2
1396 R$+ $| $#discard $* $#discard $2 1424 R$+ $| $#discard $* $#discard $2
1397 R$+ $| $#$* $@ $>"Delay_TLS_Client" $2 1425 R$+ $| $#$* $@ $>"Delay_TLS_Clt" $2
1398 R$+ $| $* $: <?> $>FullAddr $>CanonAddr $1 1426 R$+ $| $* $: <?> $>FullAddr $>CanonAddr $1
1399 R<?> $+ < @ $=w > $: <> $1 < @ $2 > $| <F: $1@$2 > <D: $2 > <U: $1@> 1427 R<?> $+ < @ $=w > $: <> $1 < @ $2 > $| <F: $1@$2 > <D: $2 > <U: $1@>
1400 R<?> $+ < @ $* > $: <> $1 < @ $2 > $| <F: $1@$2 > <D: $2 > 1428 R<?> $+ < @ $* > $: <> $1 < @ $2 > $| <F: $1@$2 > <D: $2 >
1401 # lookup the addresses only with Spam tag 1429 # lookup the addresses only with Spam tag
1402 R<> $* $| <$+> $: <@> $1 $| $>SearchList <! Spam> $| <$2> <> 1430 R<> $* $| <$+> $: <@> $1 $| $>SearchList <! Spam> $| <$2> <>
1403 R<@> $* $| $* $: $2 $1 reverse result 1431 R<@> $* $| $* $: $2 $1 reverse result
1404 # is the recipient a spam friend? 1432 # is the recipient a spam friend?
1405 R<FRIEND> $+ $@ $>"Delay_TLS_Client2" SPAMFRIEND 1433 R<FRIEND> $+ $@ $>"Delay_TLS_Clt2" SPAMFRIEND
1406 R<$*> $+ $: $2 1434 R<$*> $+ $: $2
1407 R$* $: $1 $| $>checkmail <$&f> 1435 R$* $: $1 $| $>checkmail <$&f>
1408 R$* $| $#$* $#$2 1436 R$* $| $#$* $#$2
1409 R$* $| $* $: $1 $| $>checkrelay $&{client_name} $| $&{client_addr} 1437 R$* $| $* $: $1 $| $>checkrelay $&{client_name} $| $&{client_addr}
1410 R$* $| $#$* $#$2 1438 R$* $| $#$* $#$2
1504 ### U: user lookup, try user+ext and user (input must have trailing @) 1532 ### U: user lookup, try user+ext and user (input must have trailing @)
1505 ### return: <RHS of lookup> or <?> (not found) 1533 ### return: <RHS of lookup> or <?> (not found)
1506 ###################################################################### 1534 ######################################################################
1507 1535
1508 # class with valid marks for SearchList 1536 # class with valid marks for SearchList
1509 C{src}E F D U 1537 C{Src}E F D U
1510 SSearchList 1538 SSearchList
1511 # just call the ruleset with the name of the tag... nice trick... 1539 # just call the ruleset with the name of the tag... nice trick...
1512 R<$+> $| <$={src}:$*> <$*> $: <$1> $| <$4> $| $>$2 <$3> <?> <$1> <> 1540 R<$+> $| <$={Src}:$*> <$*> $: <$1> $| <$4> $| $>$2 <$3> <?> <$1> <>
1513 R<$+> $| <> $| <?> <> $@ <?> 1541 R<$+> $| <> $| <?> <> $@ <?>
1514 R<$+> $| <$+> $| <?> <> $@ $>SearchList <$1> $| <$2> 1542 R<$+> $| <$+> $| <?> <> $@ $>SearchList <$1> $| <$2>
1515 R<$+> $| <$*> $| <$+> <> $@ <$3> 1543 R<$+> $| <$*> $| <$+> <> $@ <$3>
1516 R<$+> $| <$+> $@ <$2> 1544 R<$+> $| <$+> $@ <$2>
1517 1545
1528 R$* $: $&{auth_type} $| $1 1556 R$* $: $&{auth_type} $| $1
1529 # required by RFC 2554 section 4. 1557 # required by RFC 2554 section 4.
1530 R$@ $| $* $#error $@ 5.7.1 $: "550 not authenticated" 1558 R$@ $| $* $#error $@ 5.7.1 $: "550 not authenticated"
1531 R$* $| $&{auth_authen} $@ identical 1559 R$* $| $&{auth_authen} $@ identical
1532 R$* $| <$&{auth_authen}> $@ identical 1560 R$* $| <$&{auth_authen}> $@ identical
1533 R$* $| $* $: $1 $| $>"Local_trust_auth" $1 1561 R$* $| $* $: $1 $| $>"Local_trust_auth" $2
1534 R$* $| $#$* $#$2 1562 R$* $| $#$* $#$2
1535 R$* $#error $@ 5.7.1 $: "550 " $&{auth_authen} " not allowed to act as " $&{auth_author} 1563 R$* $#error $@ 5.7.1 $: "550 " $&{auth_authen} " not allowed to act as " $&{auth_author}
1536 1564
1537 ###################################################################### 1565 ######################################################################
1538 ### Relay_Auth: allow relaying based on authentication? 1566 ### Relay_Auth: allow relaying based on authentication?
1563 R<?>$* $: $>A <$&{server_addr}> <?> <! "Try_TLS"> <> 1591 R<?>$* $: $>A <$&{server_addr}> <?> <! "Try_TLS"> <>
1564 R<?>$* $: <$(access "Try_TLS": $: ? $)> 1592 R<?>$* $: <$(access "Try_TLS": $: ? $)>
1565 R<?>$* $@ OK 1593 R<?>$* $@ OK
1566 R<$* <TMPF>>$* $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later." 1594 R<$* <TMPF>>$* $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
1567 R<NO>$* $#error $@ 5.7.1 $: "550 do not try TLS with " $&{server_name} " ["$&{server_addr}"]" 1595 R<NO>$* $#error $@ 5.7.1 $: "550 do not try TLS with " $&{server_name} " ["$&{server_addr}"]"
1568 1596
1569 ###################################################################### 1597 ######################################################################
1570 ### tls_rcpt: is connection with server "good" enough? 1598 ### tls_rcpt: is connection with server "good" enough?
1571 ### (done in client, per recipient) 1599 ### (done in client, per recipient)
1572 ### 1600 ###
1573 ### Parameters: 1601 ### Parameters:
1622 ### Requirement: RHS from access map, may be ? for none. 1650 ### Requirement: RHS from access map, may be ? for none.
1623 ###################################################################### 1651 ######################################################################
1624 STLS_connection 1652 STLS_connection
1625 R$* $| <$*>$* $: $1 $| <$2> 1653 R$* $| <$*>$* $: $1 $| <$2>
1626 # create the appropriate error codes 1654 # create the appropriate error codes
1627 R$* $| <PERM + $={tls} $*> $: $1 $| <503:5.7.0> <$2 $3> 1655 R$* $| <PERM + $={Tls} $*> $: $1 $| <503:5.7.0> <$2 $3>
1628 R$* $| <TEMP + $={tls} $*> $: $1 $| <403:4.7.0> <$2 $3> 1656 R$* $| <TEMP + $={Tls} $*> $: $1 $| <403:4.7.0> <$2 $3>
1629 R$* $| <$={tls} $*> $: $1 $| <403:4.7.0> <$2 $3> 1657 R$* $| <$={Tls} $*> $: $1 $| <403:4.7.0> <$2 $3>
1630 # deal with TLS handshake failures: abort 1658 # deal with TLS handshake failures: abort
1631 RSOFTWARE $| <$-:$+> $* $#error $@ $2 $: $1 " TLS handshake failed." 1659 RSOFTWARE $| <$-:$+> $* $#error $@ $2 $: $1 " TLS handshake failed."
1632 RSOFTWARE $| $* $#error $@ 4.7.0 $: "403 TLS handshake failed." 1660 RSOFTWARE $| $* $#error $@ 4.7.0 $: "403 TLS handshake failed."
1633 R$* $| <$*> <VERIFY> $: <$2> <VERIFY> <> $1 1661 R$* $| <$*> <VERIFY> $: <$2> <VERIFY> <> $1
1634 R$* $| <$*> <VERIFY + $+> $: <$2> <VERIFY> <$3> $1 1662 R$* $| <$*> <VERIFY + $+> $: <$2> <VERIFY> <$3> $1
1635 R$* $| <$*> <$={tls}:$->$* $: <$2> <$3:$4> <> $1 1663 R$* $| <$*> <$={Tls}:$->$* $: <$2> <$3:$4> <> $1
1636 R$* $| <$*> <$={tls}:$- + $+>$* $: <$2> <$3:$4> <$5> $1 1664 R$* $| <$*> <$={Tls}:$- + $+>$* $: <$2> <$3:$4> <$5> $1
1637 R$* $| $* $@ OK 1665 R$* $| $* $@ OK
1638 # authentication required: give appropriate error 1666 # authentication required: give appropriate error
1639 # other side did authenticate (via STARTTLS) 1667 # other side did authenticate (via STARTTLS)
1640 R<$*><VERIFY> <> OK $@ OK 1668 R<$*><VERIFY> <> OK $@ OK
1641 R<$*><VERIFY> <$+> OK $: <$1> <REQ:0> <$2> 1669 R<$*><VERIFY> <$+> OK $: <$1> <REQ:0> <$2>
1719 R$* $| <?>$* $: $1 $| $>A <$&{server_addr}> <?> <! AuthInfo> <> 1747 R$* $| <?>$* $: $1 $| $>A <$&{server_addr}> <?> <! AuthInfo> <>
1720 R$* $| <?>$* $: $1 $| <$(access AuthInfo: $: ? $)> <> 1748 R$* $| <?>$* $: $1 $| <$(access AuthInfo: $: ? $)> <>
1721 R$* $| <?>$* $@ no no authinfo available 1749 R$* $| <?>$* $@ no no authinfo available
1722 R$* $| <$*> <> $# $2 1750 R$* $| <$*> <> $# $2
1723 1751
1752
1753
1754
1755
1724 # 1756 #
1725 ###################################################################### 1757 ######################################################################
1726 ###################################################################### 1758 ######################################################################
1727 ##### 1759 #####
1728 ##### MAIL FILTER DEFINITIONS 1760 ##### MAIL FILTER DEFINITIONS