comparison test.cf @ 1:45c8592d5d13

initial version
author carl
date Fri, 10 Mar 2006 10:35:25 -0800
parents
children 75e1a9bcbc2e
comparison
equal deleted inserted replaced
0:616666e2f34c 1:45c8592d5d13
1 #
2 # Copyright (c) 1998-2004 Sendmail, Inc. and its suppliers.
3 # All rights reserved.
4 # Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved.
5 # Copyright (c) 1988, 1993
6 # The Regents of the University of California. All rights reserved.
7 #
8 # By using this file, you agree to the terms and conditions set
9 # forth in the LICENSE file which can be found at the top level of
10 # the sendmail distribution.
11 #
12 #
13
14 ######################################################################
15 ######################################################################
16 #####
17 ##### SENDMAIL CONFIGURATION FILE
18 #####
19 ##### built by root@ns.five-ten-sg.com on Sat Sep 17 18:06:39 PDT 2005
20 ##### in /usr/usr/cvs/gpl/dnsbl
21 ##### using /usr/share/sendmail-cf/ as configuration include directory
22 #####
23 ######################################################################
24 #####
25 ##### DO NOT EDIT THIS FILE! Only edit the source .mc file.
26 #####
27 ######################################################################
28 ######################################################################
29
30 ##### $Id$ #####
31 ##### $Id$ #####
32
33 ##### linux setup for Red Hat Linux #####
34
35 ##### $Id$ #####
36
37
38
39 ##### $Id$ #####
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70 ##### $Id$ #####
71
72
73 ##### $Id$ #####
74
75 ##### $Id$ #####
76
77
78 ##### $Id$ #####
79
80
81
82 ##### $Id$ #####
83
84
85
86 ##### $Id$ #####
87
88
89 ##### $Id$ #####
90
91
92 ##### $Id$ #####
93
94
95 ##### $Id$ #####
96
97
98 ##### $Id$ #####
99
100
101 ##### $Id$ #####
102
103
104 ##### $Id$ #####
105
106
107
108
109
110
111
112
113 ##### $Id$ #####
114
115 # level 10 config file format
116 V10/Berkeley
117
118 # override file safeties - setting this option compromises system security,
119 # addressing the actual file configuration problem is preferred
120 # need to set this before any file actions are encountered in the cf file
121 #O DontBlameSendmail=safe
122
123 # default LDAP map specification
124 # need to set this now before any LDAP maps are defined
125 #O LDAPDefaultSpec=-h localhost
126
127 ##################
128 # local info #
129 ##################
130
131 # my LDAP cluster
132 # need to set this before any LDAP lookups are done (including classes)
133 #D{sendmailMTACluster}$m
134
135 Cwlocalhost
136 # file containing names of hosts for which we receive email
137 Fw/etc/mail/sendmail.cw
138
139 # my official domain name
140 # ... define this only if sendmail cannot automatically determine your domain
141 #Dj$w.Foo.COM
142
143 # host/domain names ending with a token in class P are canonical
144 CP.
145
146 # "Smart" relay host (may be null)
147 DS
148
149
150 # operators that cannot be in local usernames (i.e., network indicators)
151 CO @ % !
152
153 # a class with just dot (for identifying canonical names)
154 C..
155
156 # a class with just a left bracket (for identifying domain literals)
157 C[[
158
159 # access_db acceptance class
160 C{Accept}OK RELAY
161
162
163 # Resolve map (to check if a host exists in check_mail)
164 Kresolve host -a<OKR> -T<TEMP>
165 C{ResOk}OKR
166
167
168 # Hosts for which relaying is permitted ($=R)
169 FR/etc/mail/relay-domains
170
171 # arithmetic map
172 Karith arith
173 # macro storage map
174 Kmacro macro
175 # possible values for TLS_connection in access map
176 C{Tls}VERIFY ENCR
177
178
179
180
181
182 # dequoting map
183 Kdequote dequote
184
185 # class E: names that should be exposed as from this host, even if we masquerade
186 # class L: names that should be delivered locally, even if we have a relay
187 # class M: domains that should be converted to $M
188 # class N: domains that should not be converted to $M
189 #CL root
190 F{VirtHost}/etc/mail/virtual-host-domains
191
192 C{TrustAuthMech}LOGIN PLAIN
193 CR$={VirtHost}
194
195
196
197 # my name for error messages
198 DnMAILER-DAEMON
199
200
201 CPREDIRECT
202
203 # Access list database (for spam stomping)
204 Kaccess hash -T<TMPF> /etc/mail/access.db
205
206 # Mailer table (overriding domains)
207 Kmailertable hash /etc/mail/mailertable.db
208
209 # Virtual user table (maps incoming users)
210 Kvirtuser hash /etc/mail/virtusertable.db
211
212 # Generics table (mapping outgoing addresses)
213 Kgenerics hash /etc/mail/genericstable.db
214
215 # Configuration version number
216 DZ8.13.1
217
218
219 ###############
220 # Options #
221 ###############
222
223 # strip message body to 7 bits on input?
224 O SevenBitInput=False
225
226 # 8-bit data handling
227 #O EightBitMode=pass8
228
229 # wait for alias file rebuild (default units: minutes)
230 O AliasWait=10
231
232 # location of alias file
233 O AliasFile=/etc/mail/aliases
234
235 # minimum number of free blocks on filesystem
236 O MinFreeBlocks=100
237
238 # maximum message size
239 O MaxMessageSize=30000000
240
241 # substitution for space (blank) characters
242 O BlankSub=.
243
244 # avoid connecting to "expensive" mailers on initial submission?
245 O HoldExpensive=False
246
247 # checkpoint queue runs after every N successful deliveries
248 #O CheckpointInterval=10
249
250 # default delivery mode
251 O DeliveryMode=background
252
253 # error message header/file
254 #O ErrorHeader=/etc/mail/error-header
255
256 # error mode
257 #O ErrorMode=print
258
259 # save Unix-style "From_" lines at top of header?
260 #O SaveFromLine=False
261
262 # queue file mode (qf files)
263 #O QueueFileMode=0600
264
265 # temporary file mode
266 O TempFileMode=0600
267
268 # match recipients against GECOS field?
269 #O MatchGECOS=False
270
271 # maximum hop count
272 #O MaxHopCount=25
273
274 # location of help file
275 O HelpFile=/etc/mail/helpfile
276
277 # ignore dots as terminators in incoming messages?
278 #O IgnoreDots=False
279
280 # name resolver options
281 #O ResolverOptions=+AAONLY
282
283 # deliver MIME-encapsulated error messages?
284 O SendMimeErrors=True
285
286 # Forward file search path
287 O ForwardPath=$z/.forward.$w:$z/.forward
288
289 # open connection cache size
290 O ConnectionCacheSize=2
291
292 # open connection cache timeout
293 O ConnectionCacheTimeout=5m
294
295 # persistent host status directory
296 #O HostStatusDirectory=.hoststat
297
298 # single thread deliveries (requires HostStatusDirectory)?
299 #O SingleThreadDelivery=False
300
301 # use Errors-To: header?
302 O UseErrorsTo=False
303
304 # log level
305 O LogLevel=20
306
307 # send to me too, even in an alias expansion?
308 O MeToo=true
309
310 # verify RHS in newaliases?
311 O CheckAliases=False
312
313 # default messages to old style headers if no special punctuation?
314 O OldStyleHeaders=True
315
316 # SMTP daemon options
317
318 O DaemonPortOptions=port=26
319
320 # SMTP client options
321 #O ClientPortOptions=Family=inet, Address=0.0.0.0
322
323 # Modifiers to define {daemon_flags} for direct submissions
324 #O DirectSubmissionModifiers
325
326 # Use as mail submission program? See sendmail/SECURITY
327 #O UseMSP
328
329 # privacy flags
330 O PrivacyOptions=goaway,nobodyreturn,noreceipts
331
332 # who (if anyone) should get extra copies of error messages
333 #O PostmasterCopy=Postmaster
334
335 # slope of queue-only function
336 #O QueueFactor=600000
337
338 # limit on number of concurrent queue runners
339 #O MaxQueueChildren
340
341 # maximum number of queue-runners per queue-grouping with multiple queues
342 #O MaxRunnersPerQueue=1
343
344 # priority of queue runners (nice(3))
345 #O NiceQueueRun
346
347 # shall we sort the queue by hostname first?
348 #O QueueSortOrder=priority
349
350 # minimum time in queue before retry
351 #O MinQueueAge=30m
352
353 # how many jobs can you process in the queue?
354 #O MaxQueueRunSize=10000
355
356 # perform initial split of envelope without checking MX records
357 #O FastSplit=1
358
359 # queue directory
360 O QueueDirectory=/var/spool/mqueue
361
362 # key for shared memory; 0 to turn off
363 #O SharedMemoryKey=0
364
365
366
367 # timeouts (many of these)
368 #O Timeout.initial=5m
369 O Timeout.connect=1m
370 #O Timeout.aconnect=0s
371 #O Timeout.iconnect=5m
372 #O Timeout.helo=5m
373 #O Timeout.mail=10m
374 #O Timeout.rcpt=1h
375 #O Timeout.datainit=5m
376 #O Timeout.datablock=1h
377 #O Timeout.datafinal=1h
378 #O Timeout.rset=5m
379 #O Timeout.quit=2m
380 #O Timeout.misc=2m
381 #O Timeout.command=1h
382 O Timeout.ident=0
383 #O Timeout.fileopen=60s
384 #O Timeout.control=2m
385 O Timeout.queuereturn=5d
386 #O Timeout.queuereturn.normal=5d
387 #O Timeout.queuereturn.urgent=2d
388 #O Timeout.queuereturn.non-urgent=7d
389 #O Timeout.queuereturn.dsn=5d
390 O Timeout.queuewarn=4h
391 #O Timeout.queuewarn.normal=4h
392 #O Timeout.queuewarn.urgent=1h
393 #O Timeout.queuewarn.non-urgent=12h
394 #O Timeout.queuewarn.dsn=4h
395 #O Timeout.hoststatus=30m
396 #O Timeout.resolver.retrans=5s
397 #O Timeout.resolver.retrans.first=5s
398 #O Timeout.resolver.retrans.normal=5s
399 #O Timeout.resolver.retry=4
400 #O Timeout.resolver.retry.first=4
401 #O Timeout.resolver.retry.normal=4
402 #O Timeout.lhlo=2m
403 #O Timeout.auth=10m
404 #O Timeout.starttls=1h
405
406 # time for DeliverBy; extension disabled if less than 0
407 #O DeliverByMin=0
408
409 # should we not prune routes in route-addr syntax addresses?
410 #O DontPruneRoutes=False
411
412 # queue up everything before forking?
413 O SuperSafe=True
414
415 # status file
416 O StatusFile=/usr/usr/cvs/gpl/dnsbl/sendmail.st
417
418 # time zone handling:
419 # if undefined, use system default
420 # if defined but null, use TZ envariable passed in
421 # if defined and non-null, use that info
422 #O TimeZoneSpec=
423
424 # default UID (can be username or userid:groupid)
425 O DefaultUser=8:12
426
427 # list of locations of user database file (null means no lookup)
428 #O UserDatabaseSpec=/etc/mail/userdb
429
430 # fallback MX host
431 #O FallbackMXhost=fall.back.host.net
432
433 # fallback smart host
434 #O FallbackSmartHost=fall.back.host.net
435
436 # if we are the best MX host for a site, try it directly instead of config err
437 #O TryNullMXList=False
438
439 # load average at which we just queue messages
440 O QueueLA=12
441
442 # load average at which we refuse connections
443 O RefuseLA=8
444
445 # log interval when refusing connections for this long
446 #O RejectLogInterval=3h
447
448 # load average at which we delay connections; 0 means no limit
449 #O DelayLA=0
450
451 # maximum number of children we allow at one time
452 O MaxDaemonChildren=20
453
454 # maximum number of new connections per second
455 O ConnectionRateThrottle=1
456
457 # Width of the window
458 #O ConnectionRateWindowSize=60s
459
460 # work recipient factor
461 #O RecipientFactor=30000
462
463 # deliver each queued job in a separate process?
464 #O ForkEachJob=False
465
466 # work class factor
467 #O ClassFactor=1800
468
469 # work time factor
470 #O RetryFactor=90000
471
472 # default character set
473 #O DefaultCharSet=iso-8859-1
474
475 # service switch file (name hardwired on Solaris, Ultrix, OSF/1, others)
476 #O ServiceSwitchFile=/etc/mail/service.switch
477
478 # hosts file (normally /etc/hosts)
479 #O HostsFile=/etc/hosts
480
481 # dialup line delay on connection failure
482 #O DialDelay=10s
483
484 # action to take if there are no recipients in the message
485 #O NoRecipientAction=add-to-undisclosed
486
487 # chrooted environment for writing to files
488 #O SafeFileEnvironment=/arch
489
490 # are colons OK in addresses?
491 #O ColonOkInAddr=True
492
493 # shall I avoid expanding CNAMEs (violates protocols)?
494 #O DontExpandCnames=False
495
496 # SMTP initial login message (old $e macro)
497 O SmtpGreetingMessage=$j Sendmail $v/$Z; $b
498
499 # UNIX initial From header format (old $l macro)
500 O UnixFromLine=From $g $d
501
502 # From: lines that have embedded newlines are unwrapped onto one line
503 #O SingleLineFromHeader=False
504
505 # Allow HELO SMTP command that does not include a host name
506 #O AllowBogusHELO=False
507
508 # Characters to be quoted in a full name phrase (@,;:\()[] are automatic)
509 #O MustQuoteChars=.
510
511 # delimiter (operator) characters (old $o macro)
512 O OperatorChars=.:%@!^/[]+
513
514 # shall I avoid calling initgroups(3) because of high NIS costs?
515 #O DontInitGroups=False
516
517 # are group-writable :include: and .forward files (un)trustworthy?
518 # True (the default) means they are not trustworthy.
519 #O UnsafeGroupWrites=True
520
521
522 # where do errors that occur when sending errors get sent?
523 O DoubleBounceAddress
524
525 # where to save bounces if all else fails
526 #O DeadLetterDrop=/var/tmp/dead.letter
527
528 # what user id do we assume for the majority of the processing?
529 #O RunAsUser=sendmail
530
531 # maximum number of recipients per SMTP envelope
532 #O MaxRecipientsPerMessage=0
533
534 # limit the rate recipients per SMTP envelope are accepted
535 # once the threshold number of recipients have been rejected
536 O BadRcptThrottle=2
537
538 # shall we get local names from our installed interfaces?
539 O DontProbeInterfaces=true
540
541 # Return-Receipt-To: header implies DSN request
542 #O RrtImpliesDsn=False
543
544 # override connection address (for testing)
545 #O ConnectOnlyTo=0.0.0.0
546
547 # Trusted user for file ownership and starting the daemon
548 #O TrustedUser=root
549
550 # Control socket for daemon management
551 #O ControlSocketName=/var/spool/mqueue/.control
552
553 # Maximum MIME header length to protect MUAs
554 #O MaxMimeHeaderLength=0/0
555
556 # Maximum length of the sum of all headers
557 #O MaxHeadersLength=32768
558
559 # Maximum depth of alias recursion
560 #O MaxAliasRecursion=10
561
562 # location of pid file
563 O PidFile=/var/run/sm-test.pid
564
565 # Prefix string for the process title shown on 'ps' listings
566 #O ProcessTitlePrefix=prefix
567
568 # Data file (df) memory-buffer file maximum size
569 #O DataFileBufferSize=4096
570
571 # Transcript file (xf) memory-buffer file maximum size
572 #O XscriptFileBufferSize=4096
573
574 # lookup type to find information about local mailboxes
575 #O MailboxDatabase=pw
576
577 # override compile time flag REQUIRES_DIR_FSYNC
578 #O RequiresDirfsync=true
579
580 # list of authentication mechanisms
581 O AuthMechanisms=LOGIN PLAIN
582
583 # Authentication realm
584 #O AuthRealm
585
586 # default authentication information for outgoing connections
587 #O DefaultAuthInfo=/etc/mail/default-auth-info
588
589 # SMTP AUTH flags
590 O AuthOptions=A
591
592 # SMTP AUTH maximum encryption strength
593 #O AuthMaxBits
594
595 # SMTP STARTTLS server options
596 #O TLSSrvOptions
597
598 # Input mail filters
599 O InputMailFilters=dnsbl
600
601 # Milter options
602 #O Milter.LogLevel
603 O Milter.macros.connect=j, _, {daemon_name}, {if_name}, {if_addr}
604 O Milter.macros.helo={tls_version}, {cipher}, {cipher_bits}, {cert_subject}, {cert_issuer}
605 O Milter.macros.envfrom=i, {auth_type}, {auth_authen}, {auth_ssf}, {auth_author}, {mail_mailer}, {mail_host}, {mail_addr}
606 O Milter.macros.envrcpt={rcpt_mailer}, {rcpt_host}, {rcpt_addr}
607 O Milter.macros.eom={msg_id}
608
609 # CA directory
610 #O CACertPath
611 # CA file
612 #O CACertFile
613 # Server Cert
614 #O ServerCertFile
615 # Server private key
616 #O ServerKeyFile
617 # Client Cert
618 #O ClientCertFile
619 # Client private key
620 #O ClientKeyFile
621 # File containing certificate revocation lists
622 #O CRLFile
623 # DHParameters (only required if DSA/DH is used)
624 #O DHParameters
625 # Random data source (required for systems without /dev/urandom under OpenSSL)
626 #O RandFile
627
628 ############################
629 # QUEUE GROUP DEFINITIONS #
630 ############################
631
632
633 ###########################
634 # Message precedences #
635 ###########################
636
637 Pfirst-class=0
638 Pspecial-delivery=100
639 Plist=-30
640 Pbulk=-60
641 Pjunk=-100
642
643 #####################
644 # Trusted users #
645 #####################
646
647 # this is equivalent to setting class "t"
648 Ft/etc/mail/sendmail.ct
649 Troot
650 Tdaemon
651 Tuucp
652
653 #########################
654 # Format of headers #
655 #########################
656
657 H?P?Return-Path: <$g>
658 HReceived: $?sfrom $s $.$?_($?s$|from $.$_)
659 $.$?{auth_type}(authenticated$?{auth_ssf} bits=${auth_ssf}$.)
660 $.by $j ($v/$Z)$?r with $r$. id $i$?{tls_version}
661 (version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify})$.$?u
662 for $u; $|;
663 $.$b
664 H?D?Resent-Date: $a
665 H?D?Date: $a
666 H?F?Resent-From: $?x$x <$g>$|$g$.
667 H?F?From: $?x$x <$g>$|$g$.
668 H?x?Full-Name: $x
669 # HPosted-Date: $a
670 # H?l?Received-Date: $b
671 H?M?Resent-Message-Id: <$t.$i@$j>
672 H?M?Message-Id: <$t.$i@$j>
673
674 #
675 ######################################################################
676 ######################################################################
677 #####
678 ##### REWRITING RULES
679 #####
680 ######################################################################
681 ######################################################################
682
683 ############################################
684 ### Ruleset 3 -- Name Canonicalization ###
685 ############################################
686 Scanonify=3
687
688 # handle null input (translate to <@> special case)
689 R$@ $@ <@>
690
691 # strip group: syntax (not inside angle brackets!) and trailing semicolon
692 R$* $: $1 <@> mark addresses
693 R$* < $* > $* <@> $: $1 < $2 > $3 unmark <addr>
694 R@ $* <@> $: @ $1 unmark @host:...
695 R$* [ IPv6 : $+ ] <@> $: $1 [ IPv6 : $2 ] unmark IPv6 addr
696 R$* :: $* <@> $: $1 :: $2 unmark node::addr
697 R:include: $* <@> $: :include: $1 unmark :include:...
698 R$* : $* [ $* ] $: $1 : $2 [ $3 ] <@> remark if leading colon
699 R$* : $* <@> $: $2 strip colon if marked
700 R$* <@> $: $1 unmark
701 R$* ; $1 strip trailing semi
702 R$* < $+ :; > $* $@ $2 :; <@> catch <list:;>
703 R$* < $* ; > $1 < $2 > bogus bracketed semi
704
705 # null input now results from list:; syntax
706 R$@ $@ :; <@>
707
708 # strip angle brackets -- note RFC733 heuristic to get innermost item
709 R$* $: < $1 > housekeeping <>
710 R$+ < $* > < $2 > strip excess on left
711 R< $* > $+ < $1 > strip excess on right
712 R<> $@ < @ > MAIL FROM:<> case
713 R< $+ > $: $1 remove housekeeping <>
714
715 # strip route address <@a,@b,@c:user@d> -> <user@d>
716 R@ $+ , $+ $2
717 R@ [ $* ] : $+ $2
718 R@ $+ : $+ $2
719
720 # find focus for list syntax
721 R $+ : $* ; @ $+ $@ $>Canonify2 $1 : $2 ; < @ $3 > list syntax
722 R $+ : $* ; $@ $1 : $2; list syntax
723
724 # find focus for @ syntax addresses
725 R$+ @ $+ $: $1 < @ $2 > focus on domain
726 R$+ < $+ @ $+ > $1 $2 < @ $3 > move gaze right
727 R$+ < @ $+ > $@ $>Canonify2 $1 < @ $2 > already canonical
728
729
730 # convert old-style addresses to a domain-based address
731 R$- ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > resolve uucp names
732 R$+ . $- ! $+ $@ $>Canonify2 $3 < @ $1 . $2 > domain uucps
733 R$+ ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > uucp subdomains
734
735 # if we have % signs, take the rightmost one
736 R$* % $* $1 @ $2 First make them all @s.
737 R$* @ $* @ $* $1 % $2 @ $3 Undo all but the last.
738 R$* @ $* $@ $>Canonify2 $1 < @ $2 > Insert < > and finish
739
740 # else we must be a local name
741 R$* $@ $>Canonify2 $1
742
743
744 ################################################
745 ### Ruleset 96 -- bottom half of ruleset 3 ###
746 ################################################
747
748 SCanonify2=96
749
750 # handle special cases for local names
751 R$* < @ localhost > $* $: $1 < @ $j . > $2 no domain at all
752 R$* < @ localhost . $m > $* $: $1 < @ $j . > $2 local domain
753 R$* < @ localhost . UUCP > $* $: $1 < @ $j . > $2 .UUCP domain
754
755 # check for IPv4/IPv6 domain literal
756 R$* < @ [ $+ ] > $* $: $1 < @@ [ $2 ] > $3 mark [addr]
757 R$* < @@ $=w > $* $: $1 < @ $j . > $3 self-literal
758 R$* < @@ $+ > $* $@ $1 < @ $2 > $3 canon IP addr
759
760
761
762
763
764 # if really UUCP, handle it immediately
765
766 # try UUCP traffic as a local address
767 R$* < @ $+ . UUCP > $* $: $1 < @ $[ $2 $] . UUCP . > $3
768 R$* < @ $+ . . UUCP . > $* $@ $1 < @ $2 . > $3
769
770 # hostnames ending in class P are always canonical
771 R$* < @ $* $=P > $* $: $1 < @ $2 $3 . > $4
772 R$* < @ $* $~P > $* $: $&{daemon_flags} $| $1 < @ $2 $3 > $4
773 R$* CC $* $| $* < @ $+.$+ > $* $: $3 < @ $4.$5 . > $6
774 R$* CC $* $| $* $: $3
775 # pass to name server to make hostname canonical
776 R$* $| $* < @ $* > $* $: $2 < @ $[ $3 $] > $4
777 R$* $| $* $: $2
778
779 # local host aliases and pseudo-domains are always canonical
780 R$* < @ $=w > $* $: $1 < @ $2 . > $3
781 R$* < @ $=M > $* $: $1 < @ $2 . > $3
782 R$* < @ $={VirtHost} > $* $: $1 < @ $2 . > $3
783 R$* < @ $=G > $* $: $1 < @ $2 . > $3
784 R$* < @ $* . . > $* $1 < @ $2 . > $3
785
786
787 ##################################################
788 ### Ruleset 4 -- Final Output Post-rewriting ###
789 ##################################################
790 Sfinal=4
791
792 R$+ :; <@> $@ $1 : handle <list:;>
793 R$* <@> $@ handle <> and list:;
794
795 # strip trailing dot off possibly canonical name
796 R$* < @ $+ . > $* $1 < @ $2 > $3
797
798 # eliminate internal code
799 R$* < @ *LOCAL* > $* $1 < @ $j > $2
800
801 # externalize local domain info
802 R$* < $+ > $* $1 $2 $3 defocus
803 R@ $+ : @ $+ : $+ @ $1 , @ $2 : $3 <route-addr> canonical
804 R@ $* $@ @ $1 ... and exit
805
806 # UUCP must always be presented in old form
807 R$+ @ $- . UUCP $2!$1 u@h.UUCP => h!u
808
809 # delete duplicate local names
810 R$+ % $=w @ $=w $1 @ $2 u%host@host => u@host
811
812
813
814 ##############################################################
815 ### Ruleset 97 -- recanonicalize and call ruleset zero ###
816 ### (used for recursive calls) ###
817 ##############################################################
818
819 SRecurse=97
820 R$* $: $>canonify $1
821 R$* $@ $>parse $1
822
823
824 ######################################
825 ### Ruleset 0 -- Parse Address ###
826 ######################################
827
828 Sparse=0
829
830 R$* $: $>Parse0 $1 initial parsing
831 R<@> $#local $: <@> special case error msgs
832 R$* $: $>ParseLocal $1 handle local hacks
833 R$* $: $>Parse1 $1 final parsing
834
835 #
836 # Parse0 -- do initial syntax checking and eliminate local addresses.
837 # This should either return with the (possibly modified) input
838 # or return with a #error mailer. It should not return with a
839 # #mailer other than the #error mailer.
840 #
841
842 SParse0
843 R<@> $@ <@> special case error msgs
844 R$* : $* ; <@> $#error $@ 5.1.3 $: "553 List:; syntax illegal for recipient addresses"
845 R@ <@ $* > < @ $1 > catch "@@host" bogosity
846 R<@ $+> $#error $@ 5.1.3 $: "553 User address required"
847 R$+ <@> $#error $@ 5.1.3 $: "553 Hostname required"
848 R$* $: <> $1
849 R<> $* < @ [ $* ] : $+ > $* $1 < @ [ $2 ] : $3 > $4
850 R<> $* < @ [ $* ] , $+ > $* $1 < @ [ $2 ] , $3 > $4
851 R<> $* < @ [ $* ] $+ > $* $#error $@ 5.1.2 $: "553 Invalid address"
852 R<> $* < @ [ $+ ] > $* $1 < @ [ $2 ] > $3
853 R<> $* <$* : $* > $* $#error $@ 5.1.3 $: "553 Colon illegal in host name part"
854 R<> $* $1
855 R$* < @ . $* > $* $#error $@ 5.1.2 $: "553 Invalid host name"
856 R$* < @ $* .. $* > $* $#error $@ 5.1.2 $: "553 Invalid host name"
857 R$* < @ $* @ > $* $#error $@ 5.1.2 $: "553 Invalid route address"
858 R$* @ $* < @ $* > $* $#error $@ 5.1.3 $: "553 Invalid route address"
859 R$* , $~O $* $#error $@ 5.1.3 $: "553 Invalid route address"
860
861
862 # now delete the local info -- note $=O to find characters that cause forwarding
863 R$* < @ > $* $@ $>Parse0 $>canonify $1 user@ => user
864 R< @ $=w . > : $* $@ $>Parse0 $>canonify $2 @here:... -> ...
865 R$- < @ $=w . > $: $(dequote $1 $) < @ $2 . > dequote "foo"@here
866 R< @ $+ > $#error $@ 5.1.3 $: "553 User address required"
867 R$* $=O $* < @ $=w . > $@ $>Parse0 $>canonify $1 $2 $3 ...@here -> ...
868 R$- $: $(dequote $1 $) < @ *LOCAL* > dequote "foo"
869 R< @ *LOCAL* > $#error $@ 5.1.3 $: "553 User address required"
870 R$* $=O $* < @ *LOCAL* >
871 $@ $>Parse0 $>canonify $1 $2 $3 ...@*LOCAL* -> ...
872 R$* < @ *LOCAL* > $: $1
873
874 #
875 # Parse1 -- the bottom half of ruleset 0.
876 #
877
878 SParse1
879
880 # handle numeric address spec
881 R$* < @ [ $+ ] > $* $: $>ParseLocal $1 < @ [ $2 ] > $3 numeric internet spec
882 R$* < @ [ $+ ] > $* $: $1 < @ [ $2 ] : $S > $3 Add smart host to path
883 R$* < @ [ $+ ] : > $* $#esmtp $@ [$2] $: $1 < @ [$2] > $3 no smarthost: send
884 R$* < @ [ $+ ] : $- : $*> $* $#$3 $@ $4 $: $1 < @ [$2] > $5 smarthost with mailer
885 R$* < @ [ $+ ] : $+ > $* $#esmtp $@ $3 $: $1 < @ [$2] > $4 smarthost without mailer
886
887 # handle virtual users
888 R$+ $: <!> $1 Mark for lookup
889 R<!> $+ < @ $={VirtHost} . > $: < $(virtuser $1 @ $2 $@ $1 $: @ $) > $1 < @ $2 . >
890 R<!> $+ < @ $=w . > $: < $(virtuser $1 @ $2 $@ $1 $: @ $) > $1 < @ $2 . >
891 R<@> $+ + $+ < @ $* . >
892 $: < $(virtuser $1 + + @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . >
893 R<@> $+ + $* < @ $* . >
894 $: < $(virtuser $1 + * @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . >
895 R<@> $+ + $* < @ $* . >
896 $: < $(virtuser $1 @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . >
897 R<@> $+ + $+ < @ $+ . > $: < $(virtuser + + @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . >
898 R<@> $+ + $* < @ $+ . > $: < $(virtuser + * @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . >
899 R<@> $+ + $* < @ $+ . > $: < $(virtuser @ $3 $@ $1 $@ $2 $@ +$2 $: ! $) > $1 + $2 < @ $3 . >
900 R<@> $+ < @ $+ . > $: < $(virtuser @ $2 $@ $1 $: @ $) > $1 < @ $2 . >
901 R<@> $+ $: $1
902 R<!> $+ $: $1
903 R< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4
904 R< error : $- $+ > $* $#error $@ $(dequote $1 $) $: $2
905 R< $+ > $+ < @ $+ > $: $>Recurse $1
906
907 # short circuit local delivery so forwarded email works
908
909
910 R$=L < @ $=w . > $#local $: @ $1 special local names
911 R$+ < @ $=w . > $#local $: $1 regular local name
912
913 # not local -- try mailer table lookup
914 R$* <@ $+ > $* $: < $2 > $1 < @ $2 > $3 extract host name
915 R< $+ . > $* $: < $1 > $2 strip trailing dot
916 R< $+ > $* $: < $(mailertable $1 $) > $2 lookup
917 R< $~[ : $* > $* $>MailerToTriple < $1 : $2 > $3 check -- resolved?
918 R< $+ > $* $: $>Mailertable <$1> $2 try domain
919
920 # resolve remotely connected UUCP links (if any)
921
922 # resolve fake top level domains by forwarding to other hosts
923
924
925
926 # pass names that still have a host to a smarthost (if defined)
927 R$* < @ $* > $* $: $>MailerToTriple < $S > $1 < @ $2 > $3 glue on smarthost name
928
929 # deal with other remote names
930 R$* < @$* > $* $#esmtp $@ $2 $: $1 < @ $2 > $3 user@host.domain
931
932 # handle locally delivered names
933 R$=L $#local $: @ $1 special local names
934 R$+ $#local $: $1 regular local names
935
936 ###########################################################################
937 ### Ruleset 5 -- special rewriting after aliases have been expanded ###
938 ###########################################################################
939
940 SLocal_localaddr
941 Slocaladdr=5
942 R$+ $: $1 $| $>"Local_localaddr" $1
943 R$+ $| $#ok $@ $1 no change
944 R$+ $| $#$* $#$2
945 R$+ $| $* $: $1
946
947
948
949
950 # deal with plussed users so aliases work nicely
951 R$+ + * $#local $@ $&h $: $1
952 R$+ + $* $#local $@ + $2 $: $1 + *
953
954 # prepend an empty "forward host" on the front
955 R$+ $: <> $1
956
957
958
959 R< > $+ $: < > < $1 <> $&h > nope, restore +detail
960
961 R< > < $+ <> + $* > $: < > < $1 + $2 > check whether +detail
962 R< > < $+ <> $* > $: < > < $1 > else discard
963 R< > < $+ + $* > $* < > < $1 > + $2 $3 find the user part
964 R< > < $+ > + $* $#local $@ $2 $: @ $1 strip the extra +
965 R< > < $+ > $@ $1 no +detail
966 R$+ $: $1 <> $&h add +detail back in
967
968 R$+ <> + $* $: $1 + $2 check whether +detail
969 R$+ <> $* $: $1 else discard
970 R< local : $* > $* $: $>MailerToTriple < local : $1 > $2 no host extension
971 R< error : $* > $* $: $>MailerToTriple < error : $1 > $2 no host extension
972
973 R< $~[ : $+ > $+ $: $>MailerToTriple < $1 : $2 > $3 < @ $2 >
974
975 R< $+ > $+ $@ $>MailerToTriple < $1 > $2 < @ $1 >
976
977
978 ###################################################################
979 ### Ruleset 90 -- try domain part of mailertable entry ###
980 ###################################################################
981
982 SMailertable=90
983 R$* <$- . $+ > $* $: $1$2 < $(mailertable .$3 $@ $1$2 $@ $2 $) > $4
984 R$* <$~[ : $* > $* $>MailerToTriple < $2 : $3 > $4 check -- resolved?
985 R$* < . $+ > $* $@ $>Mailertable $1 . <$2> $3 no -- strip & try again
986 R$* < $* > $* $: < $(mailertable . $@ $1$2 $) > $3 try "."
987 R< $~[ : $* > $* $>MailerToTriple < $1 : $2 > $3 "." found?
988 R< $* > $* $@ $2 no mailertable match
989
990 ###################################################################
991 ### Ruleset 95 -- canonify mailer:[user@]host syntax to triple ###
992 ###################################################################
993
994 SMailerToTriple=95
995 R< > $* $@ $1 strip off null relay
996 R< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4
997 R< error : $- : $+ > $* $#error $@ $(dequote $1 $) $: $2
998 R< error : $+ > $* $#error $: $1
999 R< local : $* > $* $>CanonLocal < $1 > $2
1000 R< $~[ : $+ @ $+ > $*<$*>$* $# $1 $@ $3 $: $2<@$3> use literal user
1001 R< $~[ : $+ > $* $# $1 $@ $2 $: $3 try qualified mailer
1002 R< $=w > $* $@ $2 delete local host
1003 R< $+ > $* $#relay $@ $1 $: $2 use unqualified mailer
1004
1005 ###################################################################
1006 ### Ruleset CanonLocal -- canonify local: syntax ###
1007 ###################################################################
1008
1009 SCanonLocal
1010 # strip local host from routed addresses
1011 R< $* > < @ $+ > : $+ $@ $>Recurse $3
1012 R< $* > $+ $=O $+ < @ $+ > $@ $>Recurse $2 $3 $4
1013
1014 # strip trailing dot from any host name that may appear
1015 R< $* > $* < @ $* . > $: < $1 > $2 < @ $3 >
1016
1017 # handle local: syntax -- use old user, either with or without host
1018 R< > $* < @ $* > $* $#local $@ $1@$2 $: $1
1019 R< > $+ $#local $@ $1 $: $1
1020
1021 # handle local:user@host syntax -- ignore host part
1022 R< $+ @ $+ > $* < @ $* > $: < $1 > $3 < @ $4 >
1023
1024 # handle local:user syntax
1025 R< $+ > $* <@ $* > $* $#local $@ $2@$3 $: $1
1026 R< $+ > $* $#local $@ $2 $: $1
1027
1028 ###################################################################
1029 ### Ruleset 93 -- convert header names to masqueraded form ###
1030 ###################################################################
1031
1032 SMasqHdr=93
1033
1034 # handle generics database
1035 R$+ < @ $=G . > $: < $1@$2 > $1 < @ $2 . > @ mark
1036 R$+ < @ *LOCAL* > $: < $1@$j > $1 < @ *LOCAL* > @ mark
1037 R< $+ > $+ < $* > @ $: < $(generics $1 $: @ $1 $) > $2 < $3 >
1038 R<@$+ + $* @ $+> $+ < @ $+ >
1039 $: < $(generics $1+*@$3 $@ $2 $:@$1 + $2@$3 $) > $4 < @ $5 >
1040 R<@$+ + $* @ $+> $+ < @ $+ >
1041 $: < $(generics $1@$3 $: $) > $4 < @ $5 >
1042 R<@$+ > $+ < @ $+ > $: < > $2 < @ $3 >
1043 R< > $+ < @ $+ . > $: < $(generics @$2 $@ $1 $: $) > $1 < @ $2 . >
1044 R< > $+ < @ $+ > $: < $(generics $1 $: $) > $1 < @ $2 >
1045 R< > $+ + $* < @ $+ > $: < $(generics $1+* $@ $2 $: $) > $1 + $2 < @ $3 >
1046 R< > $+ + $* < @ $+ > $: < $(generics $1 $: $) > $1 + $2 < @ $3 >
1047 R< $* @ $* > $* < $* > $@ $>canonify $1 @ $2 found qualified
1048 R< $+ > $* < $* > $: $>canonify $1 @ *LOCAL* found unqualified
1049 R< > $* $: $1 not found
1050
1051 # do not masquerade anything in class N
1052 R$* < @ $* $=N . > $@ $1 < @ $2 $3 . >
1053
1054 R$* < @ *LOCAL* > $@ $1 < @ $j . >
1055
1056 ###################################################################
1057 ### Ruleset 94 -- convert envelope names to masqueraded form ###
1058 ###################################################################
1059
1060 SMasqEnv=94
1061 R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
1062
1063 ###################################################################
1064 ### Ruleset 98 -- local part of ruleset zero (can be null) ###
1065 ###################################################################
1066
1067 SParseLocal=98
1068
1069 # addresses sent to foo@host.REDIRECT will give a 551 error code
1070 R$* < @ $+ .REDIRECT. > $: $1 < @ $2 . REDIRECT . > < ${opMode} >
1071 R$* < @ $+ .REDIRECT. > <i> $: $1 < @ $2 . REDIRECT. >
1072 R$* < @ $+ .REDIRECT. > < $- > $#error $@ 5.1.1 $: "551 User has moved; please try " <$1@$2>
1073
1074
1075
1076
1077 ######################################################################
1078 ### D: LookUpDomain -- search for domain in access database
1079 ###
1080 ### Parameters:
1081 ### <$1> -- key (domain name)
1082 ### <$2> -- default (what to return if not found in db)
1083 ### <$3> -- mark (must be <(!|+) single-token>)
1084 ### ! does lookup only with tag
1085 ### + does lookup with and without tag
1086 ### <$4> -- passthru (additional data passed unchanged through)
1087 ######################################################################
1088
1089 SD
1090 R<$*> <$+> <$- $-> <$*> $: < $(access $4:$1 $: ? $) > <$1> <$2> <$3 $4> <$5>
1091 R<?> <$+> <$+> <+ $-> <$*> $: < $(access $1 $: ? $) > <$1> <$2> <+ $3> <$4>
1092 R<?> <[$+.$-]> <$+> <$- $-> <$*> $@ $>D <[$1]> <$3> <$4 $5> <$6>
1093 R<?> <[$+::$-]> <$+> <$- $-> <$*> $: $>D <[$1]> <$3> <$4 $5> <$6>
1094 R<?> <[$+:$-]> <$+> <$- $-> <$*> $: $>D <[$1]> <$3> <$4 $5> <$6>
1095 R<?> <$+.$+> <$+> <$- $-> <$*> $@ $>D <$2> <$3> <$4 $5> <$6>
1096 R<?> <$+> <$+> <$- $-> <$*> $@ <$2> <$5>
1097 R<$* <TMPF>> <$+> <$+> <$- $-> <$*> $@ <<TMPF>> <$6>
1098 R<$*> <$+> <$+> <$- $-> <$*> $@ <$1> <$6>
1099
1100 ######################################################################
1101 ### A: LookUpAddress -- search for host address in access database
1102 ###
1103 ### Parameters:
1104 ### <$1> -- key (dot quadded host address)
1105 ### <$2> -- default (what to return if not found in db)
1106 ### <$3> -- mark (must be <(!|+) single-token>)
1107 ### ! does lookup only with tag
1108 ### + does lookup with and without tag
1109 ### <$4> -- passthru (additional data passed through)
1110 ######################################################################
1111
1112 SA
1113 R<$+> <$+> <$- $-> <$*> $: < $(access $4:$1 $: ? $) > <$1> <$2> <$3 $4> <$5>
1114 R<?> <$+> <$+> <+ $-> <$*> $: < $(access $1 $: ? $) > <$1> <$2> <+ $3> <$4>
1115 R<?> <$+::$-> <$+> <$- $-> <$*> $@ $>A <$1> <$3> <$4 $5> <$6>
1116 R<?> <$+:$-> <$+> <$- $-> <$*> $@ $>A <$1> <$3> <$4 $5> <$6>
1117 R<?> <$+.$-> <$+> <$- $-> <$*> $@ $>A <$1> <$3> <$4 $5> <$6>
1118 R<?> <$+> <$+> <$- $-> <$*> $@ <$2> <$5>
1119 R<$* <TMPF>> <$+> <$+> <$- $-> <$*> $@ <<TMPF>> <$6>
1120 R<$*> <$+> <$+> <$- $-> <$*> $@ <$1> <$6>
1121
1122 ######################################################################
1123 ### CanonAddr -- Convert an address into a standard form for
1124 ### relay checking. Route address syntax is
1125 ### crudely converted into a %-hack address.
1126 ###
1127 ### Parameters:
1128 ### $1 -- full recipient address
1129 ###
1130 ### Returns:
1131 ### parsed address, not in source route form
1132 ######################################################################
1133
1134 SCanonAddr
1135 R$* $: $>Parse0 $>canonify $1 make domain canonical
1136
1137
1138 ######################################################################
1139 ### ParseRecipient -- Strip off hosts in $=R as well as possibly
1140 ### $* $=m or the access database.
1141 ### Check user portion for host separators.
1142 ###
1143 ### Parameters:
1144 ### $1 -- full recipient address
1145 ###
1146 ### Returns:
1147 ### parsed, non-local-relaying address
1148 ######################################################################
1149
1150 SParseRecipient
1151 R$* $: <?> $>CanonAddr $1
1152 R<?> $* < @ $* . > <?> $1 < @ $2 > strip trailing dots
1153 R<?> $- < @ $* > $: <?> $(dequote $1 $) < @ $2 > dequote local part
1154
1155 # if no $=O character, no host in the user portion, we are done
1156 R<?> $* $=O $* < @ $* > $: <NO> $1 $2 $3 < @ $4>
1157 R<?> $* $@ $1
1158
1159
1160 R<NO> $* < @ $=R > $: <RELAY> $1 < @ $2 >
1161 R<NO> $* < @ $+ > $: <$(access To:$2 $: NO $)> $1 < @ $2 >
1162 R<NO> $* < @ $+ > $: <$(access $2 $: NO $)> $1 < @ $2 >
1163
1164
1165
1166 R<RELAY> $* < @ $* > $@ $>ParseRecipient $1
1167 R<$+> $* $@ $2
1168
1169
1170 ######################################################################
1171 ### check_relay -- check hostname/address on SMTP startup
1172 ######################################################################
1173
1174
1175
1176 SLocal_check_relay
1177 Scheckrelay
1178 R$* $: $1 $| $>"Local_check_relay" $1
1179 R$* $| $* $| $#$* $#$3
1180 R$* $| $* $| $* $@ $>"Basic_check_relay" $1 $| $2
1181
1182 SBasic_check_relay
1183 # check for deferred delivery mode
1184 R$* $: < $&{deliveryMode} > $1
1185 R< d > $* $@ deferred
1186 R< $* > $* $: $2
1187
1188 R$+ $| $+ $: $>D < $1 > <?> <+ Connect> < $2 >
1189 R $| $+ $: $>A < $1 > <?> <+ Connect> <> empty client_name
1190 R<?> <$+> $: $>A < $1 > <?> <+ Connect> <> no: another lookup
1191 R<?> <$*> $: OK found nothing
1192 R<$={Accept}> <$*> $@ $1 return value of lookup
1193 R<REJECT> <$*> $#error $@ 5.7.1 $: "550 Access denied"
1194 R<DISCARD> <$*> $#discard $: discard
1195 R<QUARANTINE:$+> <$*> $#error $@ quarantine $: $1
1196 R<ERROR:$-.$-.$-:$+> <$*> $#error $@ $1.$2.$3 $: $4
1197 R<ERROR:$+> <$*> $#error $: $1
1198 R<$* <TMPF>> <$*> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
1199 R<$+> <$*> $#error $: $1
1200
1201
1202
1203 ######################################################################
1204 ### check_mail -- check SMTP `MAIL FROM:' command argument
1205 ######################################################################
1206
1207 SLocal_check_mail
1208 Scheckmail
1209 R$* $: $1 $| $>"Local_check_mail" $1
1210 R$* $| $#$* $#$2
1211 R$* $| $* $@ $>"Basic_check_mail" $1
1212
1213 SBasic_check_mail
1214 # check for deferred delivery mode
1215 R$* $: < $&{deliveryMode} > $1
1216 R< d > $* $@ deferred
1217 R< $* > $* $: $2
1218
1219 # authenticated?
1220 R$* $: $1 $| $>"tls_client" $&{verify} $| MAIL
1221 R$* $| $#$+ $#$2
1222 R$* $| $* $: $1
1223
1224 R<> $@ <OK> we MUST accept <> (RFC 1123)
1225 R$+ $: <?> $1
1226 R<?><$+> $: <@> <$1>
1227 R<?>$+ $: <@> <$1>
1228 R$* $: $&{daemon_flags} $| $1
1229 R$* f $* $| <@> < $* @ $- > $: < ? $&{client_name} > < $3 @ $4 >
1230 R$* u $* $| <@> < $* > $: <?> < $3 >
1231 R$* $| $* $: $2
1232 # handle case of @localhost on address
1233 R<@> < $* @ localhost > $: < ? $&{client_name} > < $1 @ localhost >
1234 R<@> < $* @ [127.0.0.1] >
1235 $: < ? $&{client_name} > < $1 @ [127.0.0.1] >
1236 R<@> < $* @ localhost.$m >
1237 $: < ? $&{client_name} > < $1 @ localhost.$m >
1238 R<@> < $* @ localhost.UUCP >
1239 $: < ? $&{client_name} > < $1 @ localhost.UUCP >
1240 R<@> $* $: $1 no localhost as domain
1241 R<? $=w> $* $: $2 local client: ok
1242 R<? $+> <$+> $#error $@ 5.5.4 $: "553 Real domain name required for sender address"
1243 R<?> $* $: $1
1244 R$* $: <?> $>CanonAddr $1 canonify sender address and mark it
1245 R<?> $* < @ $+ . > <?> $1 < @ $2 > strip trailing dots
1246 # handle non-DNS hostnames (*.bitnet, *.decnet, *.uucp, etc)
1247 R<?> $* < @ $* $=P > $: <OKR> $1 < @ $2 $3 >
1248 R<?> $* < @ $j > $: <OKR> $1 < @ $j >
1249 R<?> $* < @ $+ > $: <? $(resolve $2 $: $2 <PERM> $) > $1 < @ $2 >
1250 R<? $* <$->> $* < @ $+ >
1251 $: <$2> $3 < @ $4 >
1252
1253 # check sender address: user@address, user@, address
1254 R<$+> $+ < @ $* > $: @<$1> <$2 < @ $3 >> $| <F:$2@$3> <U:$2@> <D:$3>
1255 R<$+> $+ $: @<$1> <$2> $| <U:$2@>
1256 R@ <$+> <$*> $| <$+> $: <@> <$1> <$2> $| $>SearchList <+ From> $| <$3> <>
1257 R<@> <$+> <$*> $| <$*> $: <$3> <$1> <$2> reverse result
1258 # retransform for further use
1259 R<?> <$+> <$*> $: <$1> $2 no match
1260 R<$+> <$+> <$*> $: <$1> $3 relevant result, keep it
1261
1262 # handle case of no @domain on address
1263 R<?> $* $: $&{daemon_flags} $| <?> $1
1264 R$* u $* $| <?> $* $: <OKR> $3
1265 R$* $| $* $: $2
1266 R<?> $* $: < ? $&{client_addr} > $1
1267 R<?> $* $@ <OKR> ...local unqualed ok
1268 R<? $+> $* $#error $@ 5.5.4 $: "553 Domain name required for sender address " $&f
1269 ...remote is not
1270 # check results
1271 R<?> $* $: @ $1 mark address: nothing known about it
1272 R<$={ResOk}> $* $@ <OKR> domain ok: stop
1273 R<TEMP> $* $#error $@ 4.1.8 $: "451 Domain of sender address " $&f " does not resolve"
1274 R<PERM> $* $#error $@ 5.1.8 $: "553 Domain of sender address " $&f " does not exist"
1275 R<$={Accept}> $* $# $1 accept from access map
1276 R<DISCARD> $* $#discard $: discard
1277 R<QUARANTINE:$+> $* $#error $@ quarantine $: $1
1278 R<REJECT> $* $#error $@ 5.7.1 $: "550 Access denied"
1279 R<ERROR:$-.$-.$-:$+> $* $#error $@ $1.$2.$3 $: $4
1280 R<ERROR:$+> $* $#error $: $1
1281 R<<TMPF>> $* $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
1282 R<$+> $* $#error $: $1 error from access db
1283
1284 ######################################################################
1285 ### check_rcpt -- check SMTP `RCPT TO:' command argument
1286 ######################################################################
1287
1288 SLocal_check_rcpt
1289 Scheckrcpt
1290 R$* $: $1 $| $>"Local_check_rcpt" $1
1291 R$* $| $#$* $#$2
1292 R$* $| $* $@ $>"Basic_check_rcpt" $1
1293
1294 SBasic_check_rcpt
1295 # empty address?
1296 R<> $#error $@ nouser $: "553 User address required"
1297 R$@ $#error $@ nouser $: "553 User address required"
1298 # check for deferred delivery mode
1299 R$* $: < $&{deliveryMode} > $1
1300 R< d > $* $@ deferred
1301 R< $* > $* $: $2
1302
1303
1304 ######################################################################
1305 R$* $: $1 $| @ $>"Rcpt_ok" $1
1306 R$* $| @ $#TEMP $+ $: $1 $| T $2
1307 R$* $| @ $#$* $#$2
1308 R$* $| @ RELAY $@ RELAY
1309 R$* $| @ $* $: O $| $>"Relay_ok" $1
1310 R$* $| T $+ $: T $2 $| $>"Relay_ok" $1
1311 R$* $| $#TEMP $+ $#error $2
1312 R$* $| $#$* $#$2
1313 R$* $| RELAY $@ RELAY
1314 R T $+ $| $* $#error $1
1315 # anything else is bogus
1316 R$* $#error $@ 5.7.1 $: "550 Relaying denied. Proper authentication required."
1317
1318
1319 ######################################################################
1320 ### Rcpt_ok: is the recipient ok?
1321 ######################################################################
1322 SRcpt_ok
1323 R$* $: $>ParseRecipient $1 strip relayable hosts
1324
1325
1326
1327
1328 # authenticated via TLS?
1329 R$* $: $1 $| $>RelayTLS client authenticated?
1330 R$* $| $# $+ $# $2 error/ok?
1331 R$* $| $* $: $1 no
1332
1333 R$* $: $1 $| $>"Local_Relay_Auth" $&{auth_type}
1334 R$* $| $# $* $# $2
1335 R$* $| NO $: $1
1336 R$* $| $* $: $1 $| $&{auth_type}
1337 R$* $| $: $1
1338 R$* $| $={TrustAuthMech} $# RELAY
1339 R$* $| $* $: $1
1340 # anything terminating locally is ok
1341 R$+ < @ $=w > $@ RELAY
1342 R$+ < @ $=R > $@ RELAY
1343 R$+ < @ $+ > $: <$(access To:$2 $: ? $)> <$1 < @ $2 >>
1344 R<?> <$+ < @ $+ >> $: <$(access $2 $: ? $)> <$1 < @ $2 >>
1345 R<RELAY> $* $@ RELAY
1346 R<$* <TMPF>> $* $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
1347 R<$*> <$*> $: $2
1348
1349
1350
1351 # check for local user (i.e. unqualified address)
1352 R$* $: <?> $1
1353 R<?> $* < @ $+ > $: <REMOTE> $1 < @ $2 >
1354 # local user is ok
1355 R<?> $+ $@ RELAY
1356 R<$+> $* $: $2
1357
1358 ######################################################################
1359 ### Relay_ok: is the relay/sender ok?
1360 ######################################################################
1361 SRelay_ok
1362 # anything originating locally is ok
1363 # check IP address
1364 R$* $: $&{client_addr}
1365 R$@ $@ RELAY originated locally
1366 R0 $@ RELAY originated locally
1367 R127.0.0.1 $@ RELAY originated locally
1368 RIPv6:::1 $@ RELAY originated locally
1369 R$=R $* $@ RELAY relayable IP address
1370 R$* $: $>A <$1> <?> <+ Connect> <$1>
1371 R<RELAY> $* $@ RELAY relayable IP address
1372
1373 R<<TMPF>> $* $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
1374 R<$*> <$*> $: $2
1375 R$* $: [ $1 ] put brackets around it...
1376 R$=w $@ RELAY ... and see if it is local
1377
1378
1379 # check client name: first: did it resolve?
1380 R$* $: < $&{client_resolve} >
1381 R<TEMP> $#TEMP $@ 4.4.0 $: "450 Relaying temporarily denied. Cannot resolve PTR record for " $&{client_addr}
1382 R<FORGED> $#error $@ 5.7.1 $: "550 Relaying denied. IP name possibly forged " $&{client_name}
1383 R<FAIL> $#error $@ 5.7.1 $: "550 Relaying denied. IP name lookup failed " $&{client_name}
1384 R$* $: <@> $&{client_name}
1385 # pass to name server to make hostname canonical
1386 R<@> $* $=P $:<?> $1 $2
1387 R<@> $+ $:<?> $[ $1 $]
1388 R$* . $1 strip trailing dots
1389 R<?> $=w $@ RELAY
1390 R<?> $=R $@ RELAY
1391 R<?> $* $: <$(access Connect:$1 $: ? $)> <$1>
1392 R<?> <$*> $: <$(access $1 $: ? $)> <$1>
1393 R<RELAY> $* $@ RELAY
1394 R<$* <TMPF>> $* $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
1395 R<$*> <$*> $: $2
1396
1397 # turn a canonical address in the form user<@domain>
1398 # qualify unqual. addresses with $j
1399 SFullAddr
1400 R$* <@ $+ . > $1 <@ $2 >
1401 R$* <@ $* > $@ $1 <@ $2 >
1402 R$+ $@ $1 <@ $j >
1403
1404 SDelay_TLS_Clt
1405 # authenticated?
1406 R$* $: $1 $| $>"tls_client" $&{verify} $| MAIL
1407 R$* $| $#$+ $#$2
1408 R$* $| $* $# $1
1409 R$* $# $1
1410
1411 SDelay_TLS_Clt2
1412 # authenticated?
1413 R$* $: $1 $| $>"tls_client" $&{verify} $| MAIL
1414 R$* $| $#$+ $#$2
1415 R$* $| $* $@ $1
1416 R$* $@ $1
1417
1418 # call all necessary rulesets
1419 Scheck_rcpt
1420 # R$@ $#error $@ 5.1.3 $: "553 Recipient address required"
1421
1422 R$+ $: $1 $| $>checkrcpt $1
1423 R$+ $| $#error $* $#error $2
1424 R$+ $| $#discard $* $#discard $2
1425 R$+ $| $#$* $@ $>"Delay_TLS_Clt" $2
1426 R$+ $| $* $: <?> $>FullAddr $>CanonAddr $1
1427 R<?> $+ < @ $=w > $: <> $1 < @ $2 > $| <F: $1@$2 > <D: $2 > <U: $1@>
1428 R<?> $+ < @ $* > $: <> $1 < @ $2 > $| <F: $1@$2 > <D: $2 >
1429 # lookup the addresses only with Spam tag
1430 R<> $* $| <$+> $: <@> $1 $| $>SearchList <! Spam> $| <$2> <>
1431 R<@> $* $| $* $: $2 $1 reverse result
1432 # is the recipient a spam friend?
1433 R<FRIEND> $+ $@ $>"Delay_TLS_Clt2" SPAMFRIEND
1434 R<$*> $+ $: $2
1435 R$* $: $1 $| $>checkmail <$&f>
1436 R$* $| $#$* $#$2
1437 R$* $| $* $: $1 $| $>checkrelay $&{client_name} $| $&{client_addr}
1438 R$* $| $#$* $#$2
1439 R$* $| $* $: $1
1440
1441
1442 ######################################################################
1443 ### F: LookUpFull -- search for an entry in access database
1444 ###
1445 ### lookup of full key (which should be an address) and
1446 ### variations if +detail exists: +* and without +detail
1447 ###
1448 ### Parameters:
1449 ### <$1> -- key
1450 ### <$2> -- default (what to return if not found in db)
1451 ### <$3> -- mark (must be <(!|+) single-token>)
1452 ### ! does lookup only with tag
1453 ### + does lookup with and without tag
1454 ### <$4> -- passthru (additional data passed unchanged through)
1455 ######################################################################
1456
1457 SF
1458 R<$+> <$*> <$- $-> <$*> $: <$(access $4:$1 $: ? $)> <$1> <$2> <$3 $4> <$5>
1459 R<?> <$+> <$*> <+ $-> <$*> $: <$(access $1 $: ? $)> <$1> <$2> <+ $3> <$4>
1460 R<?> <$+ + $* @ $+> <$*> <$- $-> <$*>
1461 $: <$(access $6:$1+*@$3 $: ? $)> <$1+$2@$3> <$4> <$5 $6> <$7>
1462 R<?> <$+ + $* @ $+> <$*> <+ $-> <$*>
1463 $: <$(access $1+*@$3 $: ? $)> <$1+$2@$3> <$4> <+ $5> <$6>
1464 R<?> <$+ + $* @ $+> <$*> <$- $-> <$*>
1465 $: <$(access $6:$1@$3 $: ? $)> <$1+$2@$3> <$4> <$5 $6> <$7>
1466 R<?> <$+ + $* @ $+> <$*> <+ $-> <$*>
1467 $: <$(access $1@$3 $: ? $)> <$1+$2@$3> <$4> <+ $5> <$6>
1468 R<?> <$+> <$*> <$- $-> <$*> $@ <$2> <$5>
1469 R<$+ <TMPF>> <$*> <$- $-> <$*> $@ <<TMPF>> <$5>
1470 R<$+> <$*> <$- $-> <$*> $@ <$1> <$5>
1471
1472 ######################################################################
1473 ### E: LookUpExact -- search for an entry in access database
1474 ###
1475 ### Parameters:
1476 ### <$1> -- key
1477 ### <$2> -- default (what to return if not found in db)
1478 ### <$3> -- mark (must be <(!|+) single-token>)
1479 ### ! does lookup only with tag
1480 ### + does lookup with and without tag
1481 ### <$4> -- passthru (additional data passed unchanged through)
1482 ######################################################################
1483
1484 SE
1485 R<$*> <$*> <$- $-> <$*> $: <$(access $4:$1 $: ? $)> <$1> <$2> <$3 $4> <$5>
1486 R<?> <$+> <$*> <+ $-> <$*> $: <$(access $1 $: ? $)> <$1> <$2> <+ $3> <$4>
1487 R<?> <$+> <$*> <$- $-> <$*> $@ <$2> <$5>
1488 R<$+ <TMPF>> <$*> <$- $-> <$*> $@ <<TMPF>> <$5>
1489 R<$+> <$*> <$- $-> <$*> $@ <$1> <$5>
1490
1491 ######################################################################
1492 ### U: LookUpUser -- search for an entry in access database
1493 ###
1494 ### lookup of key (which should be a local part) and
1495 ### variations if +detail exists: +* and without +detail
1496 ###
1497 ### Parameters:
1498 ### <$1> -- key (user@)
1499 ### <$2> -- default (what to return if not found in db)
1500 ### <$3> -- mark (must be <(!|+) single-token>)
1501 ### ! does lookup only with tag
1502 ### + does lookup with and without tag
1503 ### <$4> -- passthru (additional data passed unchanged through)
1504 ######################################################################
1505
1506 SU
1507 R<$+> <$*> <$- $-> <$*> $: <$(access $4:$1 $: ? $)> <$1> <$2> <$3 $4> <$5>
1508 R<?> <$+> <$*> <+ $-> <$*> $: <$(access $1 $: ? $)> <$1> <$2> <+ $3> <$4>
1509 R<?> <$+ + $* @> <$*> <$- $-> <$*>
1510 $: <$(access $5:$1+*@ $: ? $)> <$1+$2@> <$3> <$4 $5> <$6>
1511 R<?> <$+ + $* @> <$*> <+ $-> <$*>
1512 $: <$(access $1+*@ $: ? $)> <$1+$2@> <$3> <+ $4> <$5>
1513 R<?> <$+ + $* @> <$*> <$- $-> <$*>
1514 $: <$(access $5:$1@ $: ? $)> <$1+$2@> <$3> <$4 $5> <$6>
1515 R<?> <$+ + $* @> <$*> <+ $-> <$*>
1516 $: <$(access $1@ $: ? $)> <$1+$2@> <$3> <+ $4> <$5>
1517 R<?> <$+> <$*> <$- $-> <$*> $@ <$2> <$5>
1518 R<$+ <TMPF>> <$*> <$- $-> <$*> $@ <<TMPF>> <$5>
1519 R<$+> <$*> <$- $-> <$*> $@ <$1> <$5>
1520
1521 ######################################################################
1522 ### SearchList: search a list of items in the access map
1523 ### Parameters:
1524 ### <exact tag> $| <mark:address> <mark:address> ... <>
1525 ### where "exact" is either "+" or "!":
1526 ### <+ TAG> lookup with and w/o tag
1527 ### <! TAG> lookup with tag
1528 ### possible values for "mark" are:
1529 ### D: recursive host lookup (LookUpDomain)
1530 ### E: exact lookup, no modifications
1531 ### F: full lookup, try user+ext@domain and user@domain
1532 ### U: user lookup, try user+ext and user (input must have trailing @)
1533 ### return: <RHS of lookup> or <?> (not found)
1534 ######################################################################
1535
1536 # class with valid marks for SearchList
1537 C{Src}E F D U
1538 SSearchList
1539 # just call the ruleset with the name of the tag... nice trick...
1540 R<$+> $| <$={Src}:$*> <$*> $: <$1> $| <$4> $| $>$2 <$3> <?> <$1> <>
1541 R<$+> $| <> $| <?> <> $@ <?>
1542 R<$+> $| <$+> $| <?> <> $@ $>SearchList <$1> $| <$2>
1543 R<$+> $| <$*> $| <$+> <> $@ <$3>
1544 R<$+> $| <$+> $@ <$2>
1545
1546
1547 ######################################################################
1548 ### trust_auth: is user trusted to authenticate as someone else?
1549 ###
1550 ### Parameters:
1551 ### $1: AUTH= parameter from MAIL command
1552 ######################################################################
1553
1554 SLocal_trust_auth
1555 Strust_auth
1556 R$* $: $&{auth_type} $| $1
1557 # required by RFC 2554 section 4.
1558 R$@ $| $* $#error $@ 5.7.1 $: "550 not authenticated"
1559 R$* $| $&{auth_authen} $@ identical
1560 R$* $| <$&{auth_authen}> $@ identical
1561 R$* $| $* $: $1 $| $>"Local_trust_auth" $2
1562 R$* $| $#$* $#$2
1563 R$* $#error $@ 5.7.1 $: "550 " $&{auth_authen} " not allowed to act as " $&{auth_author}
1564
1565 ######################################################################
1566 ### Relay_Auth: allow relaying based on authentication?
1567 ###
1568 ### Parameters:
1569 ### $1: ${auth_type}
1570 ######################################################################
1571 SLocal_Relay_Auth
1572
1573 ######################################################################
1574 ### srv_features: which features to offer to a client?
1575 ### (done in server)
1576 ######################################################################
1577 Ssrv_features
1578 R$* $: $>D <$&{client_name}> <?> <! "Srv_Features"> <>
1579 R<?>$* $: $>A <$&{client_addr}> <?> <! "Srv_Features"> <>
1580 R<?>$* $: <$(access "Srv_Features": $: ? $)>
1581 R<?>$* $@ OK
1582 R<$* <TMPF>>$* $#temp
1583 R<$+>$* $# $1
1584
1585 ######################################################################
1586 ### try_tls: try to use STARTTLS?
1587 ### (done in client)
1588 ######################################################################
1589 Stry_tls
1590 R$* $: $>D <$&{server_name}> <?> <! "Try_TLS"> <>
1591 R<?>$* $: $>A <$&{server_addr}> <?> <! "Try_TLS"> <>
1592 R<?>$* $: <$(access "Try_TLS": $: ? $)>
1593 R<?>$* $@ OK
1594 R<$* <TMPF>>$* $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
1595 R<NO>$* $#error $@ 5.7.1 $: "550 do not try TLS with " $&{server_name} " ["$&{server_addr}"]"
1596
1597 ######################################################################
1598 ### tls_rcpt: is connection with server "good" enough?
1599 ### (done in client, per recipient)
1600 ###
1601 ### Parameters:
1602 ### $1: recipient
1603 ######################################################################
1604 Stls_rcpt
1605 R$* $: $(macro {TLS_Name} $@ $&{server_name} $) $1
1606 R$+ $: <?> $>CanonAddr $1
1607 R<?> $+ < @ $+ . > <?> $1 <@ $2 >
1608 R<?> $+ < @ $+ > $: $1 <@ $2 > $| <F:$1@$2> <U:$1@> <D:$2> <E:>
1609 R<?> $+ $: $1 $| <U:$1@> <E:>
1610 R$* $| $+ $: $1 $| $>SearchList <! "TLS_Rcpt"> $| $2 <>
1611 R$* $| <?> $@ OK
1612 R$* $| <$* <TMPF>> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
1613 R$* $| <$+> $@ $>"TLS_connection" $&{verify} $| <$2>
1614
1615 ######################################################################
1616 ### tls_client: is connection with client "good" enough?
1617 ### (done in server)
1618 ###
1619 ### Parameters:
1620 ### ${verify} $| (MAIL|STARTTLS)
1621 ######################################################################
1622 Stls_client
1623 R$* $: $(macro {TLS_Name} $@ $&{server_name} $) $1
1624 R$* $| $* $: $1 $| $>D <$&{client_name}> <?> <! "TLS_Clt"> <>
1625 R$* $| <?>$* $: $1 $| $>A <$&{client_addr}> <?> <! "TLS_Clt"> <>
1626 R$* $| <?>$* $: $1 $| <$(access "TLS_Clt": $: ? $)>
1627 R$* $| <$* <TMPF>> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
1628 R$* $@ $>"TLS_connection" $1
1629
1630 ######################################################################
1631 ### tls_server: is connection with server "good" enough?
1632 ### (done in client)
1633 ###
1634 ### Parameter:
1635 ### ${verify}
1636 ######################################################################
1637 Stls_server
1638 R$* $: $(macro {TLS_Name} $@ $&{server_name} $) $1
1639 R$* $: $1 $| $>D <$&{server_name}> <?> <! "TLS_Srv"> <>
1640 R$* $| <?>$* $: $1 $| $>A <$&{server_addr}> <?> <! "TLS_Srv"> <>
1641 R$* $| <?>$* $: $1 $| <$(access "TLS_Srv": $: ? $)>
1642 R$* $| <$* <TMPF>> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
1643 R$* $@ $>"TLS_connection" $1
1644
1645 ######################################################################
1646 ### TLS_connection: is TLS connection "good" enough?
1647 ###
1648 ### Parameters:
1649 ### ${verify} $| <Requirement> [<>]
1650 ### Requirement: RHS from access map, may be ? for none.
1651 ######################################################################
1652 STLS_connection
1653 R$* $| <$*>$* $: $1 $| <$2>
1654 # create the appropriate error codes
1655 R$* $| <PERM + $={Tls} $*> $: $1 $| <503:5.7.0> <$2 $3>
1656 R$* $| <TEMP + $={Tls} $*> $: $1 $| <403:4.7.0> <$2 $3>
1657 R$* $| <$={Tls} $*> $: $1 $| <403:4.7.0> <$2 $3>
1658 # deal with TLS handshake failures: abort
1659 RSOFTWARE $| <$-:$+> $* $#error $@ $2 $: $1 " TLS handshake failed."
1660 RSOFTWARE $| $* $#error $@ 4.7.0 $: "403 TLS handshake failed."
1661 R$* $| <$*> <VERIFY> $: <$2> <VERIFY> <> $1
1662 R$* $| <$*> <VERIFY + $+> $: <$2> <VERIFY> <$3> $1
1663 R$* $| <$*> <$={Tls}:$->$* $: <$2> <$3:$4> <> $1
1664 R$* $| <$*> <$={Tls}:$- + $+>$* $: <$2> <$3:$4> <$5> $1
1665 R$* $| $* $@ OK
1666 # authentication required: give appropriate error
1667 # other side did authenticate (via STARTTLS)
1668 R<$*><VERIFY> <> OK $@ OK
1669 R<$*><VERIFY> <$+> OK $: <$1> <REQ:0> <$2>
1670 R<$*><VERIFY:$-> <$*> OK $: <$1> <REQ:$2> <$3>
1671 R<$*><ENCR:$-> <$*> $* $: <$1> <REQ:$2> <$3>
1672 R<$-:$+><VERIFY $*> <$*> $#error $@ $2 $: $1 " authentication required"
1673 R<$-:$+><VERIFY $*> <$*> FAIL $#error $@ $2 $: $1 " authentication failed"
1674 R<$-:$+><VERIFY $*> <$*> NO $#error $@ $2 $: $1 " not authenticated"
1675 R<$-:$+><VERIFY $*> <$*> NOT $#error $@ $2 $: $1 " no authentication requested"
1676 R<$-:$+><VERIFY $*> <$*> NONE $#error $@ $2 $: $1 " other side does not support STARTTLS"
1677 R<$-:$+><VERIFY $*> <$*> $+ $#error $@ $2 $: $1 " authentication failure " $4
1678 R<$*><REQ:$-> <$*> $: <$1> <REQ:$2> <$3> $>max $&{cipher_bits} : $&{auth_ssf}
1679 R<$*><REQ:$-> <$*> $- $: <$1> <$2:$4> <$3> $(arith l $@ $4 $@ $2 $)
1680 R<$-:$+><$-:$-> <$*> TRUE $#error $@ $2 $: $1 " encryption too weak " $4 " less than " $3
1681 R<$-:$+><$-:$-> <$*> $* $: <$1:$2 ++ $5>
1682 R<$-:$+ ++ > $@ OK
1683 R<$-:$+ ++ $+ > $: <$1:$2> <$3>
1684 R<$-:$+> < $+ ++ $+ > <$1:$2> <$3> <$4>
1685 R<$-:$+> $+ $@ $>"TLS_req" $3 $| <$1:$2>
1686
1687 ######################################################################
1688 ### TLS_req: check additional TLS requirements
1689 ###
1690 ### Parameters: [<list> <of> <req>] $| <$-:$+>
1691 ### $-: SMTP reply code
1692 ### $+: Enhanced Status Code
1693 ######################################################################
1694 STLS_req
1695 R $| $+ $@ OK
1696 R<CN> $* $| <$+> $: <CN:$&{TLS_Name}> $1 $| <$2>
1697 R<CN:$&{cn_subject}> $* $| <$+> $@ $>"TLS_req" $1 $| <$2>
1698 R<CN:$+> $* $| <$-:$+> $#error $@ $4 $: $3 " CN " $&{cn_subject} " does not match " $1
1699 R<CS:$&{cert_subject}> $* $| <$+> $@ $>"TLS_req" $1 $| <$2>
1700 R<CS:$+> $* $| <$-:$+> $#error $@ $4 $: $3 " Cert Subject " $&{cert_subject} " does not match " $1
1701 R<CI:$&{cert_issuer}> $* $| <$+> $@ $>"TLS_req" $1 $| <$2>
1702 R<CI:$+> $* $| <$-:$+> $#error $@ $4 $: $3 " Cert Issuer " $&{cert_issuer} " does not match " $1
1703 ROK $@ OK
1704
1705 ######################################################################
1706 ### max: return the maximum of two values separated by :
1707 ###
1708 ### Parameters: [$-]:[$-]
1709 ######################################################################
1710 Smax
1711 R: $: 0
1712 R:$- $: $1
1713 R$-: $: $1
1714 R$-:$- $: $(arith l $@ $1 $@ $2 $) : $1 : $2
1715 RTRUE:$-:$- $: $2
1716 R$-:$-:$- $: $2
1717
1718
1719 ######################################################################
1720 ### RelayTLS: allow relaying based on TLS authentication
1721 ###
1722 ### Parameters:
1723 ### none
1724 ######################################################################
1725 SRelayTLS
1726 # authenticated?
1727 R$* $: <?> $&{verify}
1728 R<?> OK $: OK authenticated: continue
1729 R<?> $* $@ NO not authenticated
1730 R$* $: $&{cert_issuer}
1731 R$+ $: $(access CERTISSUER:$1 $)
1732 RRELAY $# RELAY
1733 RSUBJECT $: <@> $&{cert_subject}
1734 R<@> $+ $: <@> $(access CERTSUBJECT:$1 $)
1735 R<@> RELAY $# RELAY
1736 R$* $: NO
1737
1738 ######################################################################
1739 ### authinfo: lookup authinfo in the access map
1740 ###
1741 ### Parameters:
1742 ### $1: {server_name}
1743 ### $2: {server_addr}
1744 ######################################################################
1745 Sauthinfo
1746 R$* $: $1 $| $>D <$&{server_name}> <?> <! AuthInfo> <>
1747 R$* $| <?>$* $: $1 $| $>A <$&{server_addr}> <?> <! AuthInfo> <>
1748 R$* $| <?>$* $: $1 $| <$(access AuthInfo: $: ? $)> <>
1749 R$* $| <?>$* $@ no no authinfo available
1750 R$* $| <$*> <> $# $2
1751
1752
1753
1754
1755
1756 #
1757 ######################################################################
1758 ######################################################################
1759 #####
1760 ##### MAIL FILTER DEFINITIONS
1761 #####
1762 ######################################################################
1763 ######################################################################
1764
1765 Xdnsbl, S=local:/var/run/dnsbl/dnsbl.sock2, F=T, T=S:30s;R:30s;E:30s
1766 #
1767 ######################################################################
1768 ######################################################################
1769 #####
1770 ##### MAILER DEFINITIONS
1771 #####
1772 ######################################################################
1773 ######################################################################
1774
1775 #####################################
1776 ### SMTP Mailer specification ###
1777 #####################################
1778
1779 ##### $Id$ #####
1780
1781 #
1782 # common sender and masquerading recipient rewriting
1783 #
1784 SMasqSMTP
1785 R$* < @ $* > $* $@ $1 < @ $2 > $3 already fully qualified
1786 R$+ $@ $1 < @ *LOCAL* > add local qualification
1787
1788 #
1789 # convert pseudo-domain addresses to real domain addresses
1790 #
1791 SPseudoToReal
1792
1793 # pass <route-addr>s through
1794 R< @ $+ > $* $@ < @ $1 > $2 resolve <route-addr>
1795
1796 # output fake domains as user%fake@relay
1797
1798 # do UUCP heuristics; note that these are shared with UUCP mailers
1799 R$+ < @ $+ .UUCP. > $: < $2 ! > $1 convert to UUCP form
1800 R$+ < @ $* > $* $@ $1 < @ $2 > $3 not UUCP form
1801
1802 # leave these in .UUCP form to avoid further tampering
1803 R< $&h ! > $- ! $+ $@ $2 < @ $1 .UUCP. >
1804 R< $&h ! > $-.$+ ! $+ $@ $3 < @ $1.$2 >
1805 R< $&h ! > $+ $@ $1 < @ $&h .UUCP. >
1806 R< $+ ! > $+ $: $1 ! $2 < @ $Y > use UUCP_RELAY
1807 R$+ < @ $~[ $* : $+ > $@ $1 < @ $4 > strip mailer: part
1808 R$+ < @ > $: $1 < @ *LOCAL* > if no UUCP_RELAY
1809
1810
1811 #
1812 # envelope sender rewriting
1813 #
1814 SEnvFromSMTP
1815 R$+ $: $>PseudoToReal $1 sender/recipient common
1816 R$* :; <@> $@ list:; special case
1817 R$* $: $>MasqSMTP $1 qualify unqual'ed names
1818 R$+ $: $>MasqEnv $1 do masquerading
1819
1820
1821 #
1822 # envelope recipient rewriting --
1823 # also header recipient if not masquerading recipients
1824 #
1825 SEnvToSMTP
1826 R$+ $: $>PseudoToReal $1 sender/recipient common
1827 R$+ $: $>MasqSMTP $1 qualify unqual'ed names
1828 R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
1829
1830 #
1831 # header sender and masquerading header recipient rewriting
1832 #
1833 SHdrFromSMTP
1834 R$+ $: $>PseudoToReal $1 sender/recipient common
1835 R:; <@> $@ list:; special case
1836
1837 # do special header rewriting
1838 R$* <@> $* $@ $1 <@> $2 pass null host through
1839 R< @ $* > $* $@ < @ $1 > $2 pass route-addr through
1840 R$* $: $>MasqSMTP $1 qualify unqual'ed names
1841 R$+ $: $>MasqHdr $1 do masquerading
1842
1843
1844 #
1845 # relay mailer header masquerading recipient rewriting
1846 #
1847 SMasqRelay
1848 R$+ $: $>MasqSMTP $1
1849 R$+ $: $>MasqHdr $1
1850
1851 Msmtp, P=[IPC], F=mDFMuX, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
1852 T=DNS/RFC822/SMTP,
1853 A=TCP $h
1854 Mesmtp, P=[IPC], F=mDFMuXa, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
1855 T=DNS/RFC822/SMTP,
1856 A=TCP $h
1857 Msmtp8, P=[IPC], F=mDFMuX8, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
1858 T=DNS/RFC822/SMTP,
1859 A=TCP $h
1860 Mdsmtp, P=[IPC], F=mDFMuXa%, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
1861 T=DNS/RFC822/SMTP,
1862 A=TCP $h
1863 Mrelay, P=[IPC], F=mDFMuXa8, S=EnvFromSMTP/HdrFromSMTP, R=MasqSMTP, E=\r\n, L=2040,
1864 T=DNS/RFC822/SMTP,
1865 A=TCP $h
1866
1867
1868 ######################*****##############
1869 ### PROCMAIL Mailer specification ###
1870 ##################*****##################
1871
1872 ##### $Id$ #####
1873
1874 Mprocmail, P=/usr/bin/procmail, F=DFMSPhnu9, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP/HdrFromSMTP,
1875 T=DNS/RFC822/X-Unix,
1876 A=procmail -Y -m $h $f $u
1877
1878
1879 ##################################################
1880 ### Local and Program Mailer specification ###
1881 ##################################################
1882
1883 ##### $Id$ #####
1884
1885 #
1886 # Envelope sender rewriting
1887 #
1888 SEnvFromL
1889 R<@> $n errors to mailer-daemon
1890 R@ <@ $*> $n temporarily bypass Sun bogosity
1891 R$+ $: $>AddDomain $1 add local domain if needed
1892 R$* $: $>MasqEnv $1 do masquerading
1893
1894 #
1895 # Envelope recipient rewriting
1896 #
1897 SEnvToL
1898 R$+ < @ $* > $: $1 strip host part
1899 R$+ + $* $: < $&{addr_type} > $1 + $2 mark with addr type
1900 R<e s> $+ + $* $: $1 remove +detail for sender
1901 R< $* > $+ $: $2 else remove mark
1902
1903 #
1904 # Header sender rewriting
1905 #
1906 SHdrFromL
1907 R<@> $n errors to mailer-daemon
1908 R@ <@ $*> $n temporarily bypass Sun bogosity
1909 R$+ $: $>AddDomain $1 add local domain if needed
1910 R$* $: $>MasqHdr $1 do masquerading
1911
1912 #
1913 # Header recipient rewriting
1914 #
1915 SHdrToL
1916 R$+ $: $>AddDomain $1 add local domain if needed
1917 R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
1918
1919 #
1920 # Common code to add local domain name (only if always-add-domain)
1921 #
1922 SAddDomain
1923 R$* < @ $* > $* $@ $1 < @ $2 > $3 already fully qualified
1924
1925 R$+ $@ $1 < @ *LOCAL* > add local qualification
1926
1927 Mlocal, P=/usr/bin/procmail, F=lsDFMAw5:/|@qSPfhn9, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL,
1928 T=DNS/RFC822/X-Unix,
1929 A=procmail -t -Y -a $h -d $u
1930 Mprog, P=/bin/sh, F=lsDFMoqeu9, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL, D=$z:/,
1931 T=X-Unix/X-Unix/X-Unix,
1932 A=sh -c $u
1933