Guest User

Untitled

a guest
Jan 28th, 2011
367
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #
  2. # Copyright (c) 1998-2004 Sendmail, Inc. and its suppliers.
  3. # All rights reserved.
  4. # Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved.
  5. # Copyright (c) 1988, 1993
  6. # The Regents of the University of California. All rights reserved.
  7. #
  8. # By using this file, you agree to the terms and conditions set
  9. # forth in the LICENSE file which can be found at the top level of
  10. # the sendmail distribution.
  11. #
  12. #
  13.  
  14. ######################################################################
  15. ######################################################################
  16. #####
  17. ##### SENDMAIL CONFIGURATION FILE
  18. #####
  19. ##### built by root@midas on Sun Jul 24 17:00:27 PDT 2005
  20. ##### in /tmp/sendmail-8.13.4/cf/cf
  21. ##### using ../ as configuration include directory
  22. #####
  23. ######################################################################
  24. #####
  25. ##### DO NOT EDIT THIS FILE! Only edit the source .mc file.
  26. #####
  27. ######################################################################
  28. ######################################################################
  29.  
  30. ##### $Id: cfhead.m4,v 8.116 2004/01/28 22:02:22 ca Exp $ #####
  31. ##### $Id: cf.m4,v 8.32 1999/02/07 07:26:14 gshapiro Exp $ #####
  32.  
  33. ##### default setup for Slackware Linux #####
  34. ##### $Id: linux.m4,v 8.13 2000/09/17 17:30:00 gshapiro Exp $ #####
  35.  
  36.  
  37.  
  38. ##### $Id: local_procmail.m4,v 8.22 2002/11/17 04:24:19 ca Exp $ #####
  39.  
  40.  
  41. ##### $Id: use_cw_file.m4,v 8.11 2001/08/26 20:58:57 gshapiro Exp $ #####
  42.  
  43.  
  44. ##### $Id: use_ct_file.m4,v 8.11 2001/08/26 20:58:57 gshapiro Exp $ #####
  45.  
  46.  
  47. ##### $Id: mailertable.m4,v 8.25 2002/06/27 23:23:57 gshapiro Exp $ #####
  48.  
  49. ##### $Id: virtusertable.m4,v 8.23 2002/06/27 23:23:57 gshapiro Exp $ #####
  50.  
  51. ##### $Id: access_db.m4,v 8.26 2004/06/24 18:10:02 ca Exp $ #####
  52.  
  53. ##### $Id: blacklist_recipients.m4,v 8.13 1999/04/02 02:25:13 gshapiro Exp $ #####
  54.  
  55. ##### $Id: local_procmail.m4,v 8.22 2002/11/17 04:24:19 ca Exp $ #####
  56.  
  57. ##### $Id: always_add_domain.m4,v 8.11 2000/09/12 22:00:53 ca Exp $ #####
  58.  
  59. ##### $Id: redirect.m4,v 8.15 1999/08/06 01:47:36 gshapiro Exp $ #####
  60.  
  61.  
  62. ##### $Id: proto.m4,v 8.711 2004/08/04 21:29:55 ca Exp $ #####
  63.  
  64. # level 10 config file format
  65. V10/Berkeley
  66.  
  67. # override file safeties - setting this option compromises system security,
  68. # addressing the actual file configuration problem is preferred
  69. # need to set this before any file actions are encountered in the cf file
  70. #O DontBlameSendmail=safe
  71.  
  72. # default LDAP map specification
  73. # need to set this now before any LDAP maps are defined
  74. #O LDAPDefaultSpec=-h localhost
  75.  
  76. ##################
  77. # local info #
  78. ##################
  79.  
  80. # my LDAP cluster
  81. # need to set this before any LDAP lookups are done (including classes)
  82. #D{sendmailMTACluster}$m
  83.  
  84. Cwlocalhost
  85. # file containing names of hosts for which we receive email
  86. Fw/etc/mail/local-host-names
  87.  
  88. # my official domain name
  89. # ... define this only if sendmail cannot automatically determine your domain
  90. Dj$w.zeno.biyg.org
  91.  
  92. # host/domain names ending with a token in class P are canonical
  93. CP.
  94.  
  95. # "Smart" relay host (may be null)
  96. DSsmtp-server.nycap.rr.com
  97.  
  98.  
  99. # operators that cannot be in local usernames (i.e., network indicators)
  100. CO @ % !
  101.  
  102. # a class with just dot (for identifying canonical names)
  103. C..
  104.  
  105. # a class with just a left bracket (for identifying domain literals)
  106. C[[
  107.  
  108. # access_db acceptance class
  109. C{Accept}OK RELAY
  110.  
  111.  
  112. # Resolve map (to check if a host exists in check_mail)
  113. Kresolve host -a<OKR> -T<TEMP>
  114. C{ResOk}OKR
  115.  
  116.  
  117. # Hosts for which relaying is permitted ($=R)
  118. FR-o /etc/mail/relay-domains
  119.  
  120. # arithmetic map
  121. Karith arith
  122. # macro storage map
  123. Kmacro macro
  124. # possible values for TLS_connection in access map
  125. C{Tls}VERIFY ENCR
  126.  
  127.  
  128.  
  129.  
  130.  
  131. # dequoting map
  132. Kdequote dequote
  133.  
  134. # class E: names that should be exposed as from this host, even if we masquerade
  135. # class L: names that should be delivered locally, even if we have a relay
  136. # class M: domains that should be converted to $M
  137. # class N: domains that should not be converted to $M
  138. #CL root
  139. C{E}root
  140. C{w}localhost.localdomain
  141.  
  142.  
  143.  
  144. # my name for error messages
  145. DnMAILER-DAEMON
  146.  
  147.  
  148. # Mailer table (overriding domains)
  149. Kmailertable hash -o /etc/mail/mailertable.db
  150.  
  151. # Virtual user table (maps incoming users)
  152. Kvirtuser hash -o /etc/mail/virtusertable.db
  153.  
  154. # Access list database (for spam stomping)
  155. Kaccess hash -T<TMPF> /etc/mail/access
  156.  
  157. CPREDIRECT
  158.  
  159. # Configuration version number
  160. DZ8.13.4
  161.  
  162.  
  163. ###############
  164. # Options #
  165. ###############
  166.  
  167. # strip message body to 7 bits on input?
  168. O SevenBitInput=False
  169.  
  170. # 8-bit data handling
  171. #O EightBitMode=pass8
  172.  
  173. # wait for alias file rebuild (default units: minutes)
  174. O AliasWait=10
  175.  
  176. # location of alias file
  177. O AliasFile=/etc/mail/aliases
  178.  
  179. # minimum number of free blocks on filesystem
  180. O MinFreeBlocks=100
  181.  
  182. # maximum message size
  183. #O MaxMessageSize=0
  184.  
  185. # substitution for space (blank) characters
  186. O BlankSub=.
  187.  
  188. # avoid connecting to "expensive" mailers on initial submission?
  189. O HoldExpensive=False
  190.  
  191. # checkpoint queue runs after every N successful deliveries
  192. #O CheckpointInterval=10
  193.  
  194. # default delivery mode
  195. O DeliveryMode=background
  196.  
  197. # error message header/file
  198. #O ErrorHeader=/etc/mail/error-header
  199.  
  200. # error mode
  201. #O ErrorMode=print
  202.  
  203. # save Unix-style "From_" lines at top of header?
  204. #O SaveFromLine=False
  205.  
  206. # queue file mode (qf files)
  207. #O QueueFileMode=0600
  208.  
  209. # temporary file mode
  210. O TempFileMode=0600
  211.  
  212. # match recipients against GECOS field?
  213. #O MatchGECOS=False
  214.  
  215. # maximum hop count
  216. #O MaxHopCount=25
  217.  
  218. # location of help file
  219. O HelpFile=/etc/mail/helpfile
  220.  
  221. # ignore dots as terminators in incoming messages?
  222. #O IgnoreDots=False
  223.  
  224. # name resolver options
  225. #O ResolverOptions=+AAONLY
  226.  
  227. # deliver MIME-encapsulated error messages?
  228. O SendMimeErrors=True
  229.  
  230. # Forward file search path
  231. O ForwardPath=$z/.forward.$w:$z/.forward
  232.  
  233. # open connection cache size
  234. O ConnectionCacheSize=2
  235.  
  236. # open connection cache timeout
  237. O ConnectionCacheTimeout=5m
  238.  
  239. # persistent host status directory
  240. #O HostStatusDirectory=.hoststat
  241.  
  242. # single thread deliveries (requires HostStatusDirectory)?
  243. #O SingleThreadDelivery=False
  244.  
  245. # use Errors-To: header?
  246. O UseErrorsTo=False
  247.  
  248. # log level
  249. O LogLevel=9
  250.  
  251. # send to me too, even in an alias expansion?
  252. #O MeToo=True
  253.  
  254. # verify RHS in newaliases?
  255. O CheckAliases=False
  256.  
  257. # default messages to old style headers if no special punctuation?
  258. O OldStyleHeaders=True
  259.  
  260. # SMTP daemon options
  261. O DaemonPortOptions=Name=MTA
  262. O DaemonPortOptions=Port=587, Name=MSA, M=E
  263.  
  264. # SMTP client options
  265. #O ClientPortOptions=Family=inet, Address=0.0.0.0
  266.  
  267. # Modifiers to define {daemon_flags} for direct submissions
  268. #O DirectSubmissionModifiers
  269.  
  270. # Use as mail submission program? See sendmail/SECURITY
  271. #O UseMSP
  272.  
  273. # privacy flags
  274. O PrivacyOptions=authwarnings,novrfy,noexpn,restrictqrun
  275.  
  276. # who (if anyone) should get extra copies of error messages
  277. #O PostmasterCopy=Postmaster
  278.  
  279. # slope of queue-only function
  280. #O QueueFactor=600000
  281.  
  282. # limit on number of concurrent queue runners
  283. #O MaxQueueChildren
  284.  
  285. # maximum number of queue-runners per queue-grouping with multiple queues
  286. #O MaxRunnersPerQueue=1
  287.  
  288. # priority of queue runners (nice(3))
  289. #O NiceQueueRun
  290.  
  291. # shall we sort the queue by hostname first?
  292. #O QueueSortOrder=priority
  293.  
  294. # minimum time in queue before retry
  295. #O MinQueueAge=30m
  296.  
  297. # how many jobs can you process in the queue?
  298. #O MaxQueueRunSize=10000
  299.  
  300. # perform initial split of envelope without checking MX records
  301. #O FastSplit=1
  302.  
  303. # queue directory
  304. O QueueDirectory=/var/spool/mqueue
  305.  
  306. # key for shared memory; 0 to turn off
  307. #O SharedMemoryKey=0
  308.  
  309.  
  310.  
  311. # timeouts (many of these)
  312. #O Timeout.initial=5m
  313. #O Timeout.connect=5m
  314. #O Timeout.aconnect=0s
  315. #O Timeout.iconnect=5m
  316. #O Timeout.helo=5m
  317. #O Timeout.mail=10m
  318. #O Timeout.rcpt=1h
  319. #O Timeout.datainit=5m
  320. #O Timeout.datablock=1h
  321. #O Timeout.datafinal=1h
  322. #O Timeout.rset=5m
  323. #O Timeout.quit=2m
  324. #O Timeout.misc=2m
  325. #O Timeout.command=1h
  326. O Timeout.ident=0
  327. #O Timeout.fileopen=60s
  328. #O Timeout.control=2m
  329. O Timeout.queuereturn=2d
  330. #O Timeout.queuereturn.normal=5d
  331. #O Timeout.queuereturn.urgent=2d
  332. #O Timeout.queuereturn.non-urgent=7d
  333. #O Timeout.queuereturn.dsn=5d
  334. O Timeout.queuewarn=4h
  335. #O Timeout.queuewarn.normal=4h
  336. #O Timeout.queuewarn.urgent=1h
  337. #O Timeout.queuewarn.non-urgent=12h
  338. #O Timeout.queuewarn.dsn=4h
  339. #O Timeout.hoststatus=30m
  340. #O Timeout.resolver.retrans=5s
  341. #O Timeout.resolver.retrans.first=5s
  342. #O Timeout.resolver.retrans.normal=5s
  343. #O Timeout.resolver.retry=4
  344. #O Timeout.resolver.retry.first=4
  345. #O Timeout.resolver.retry.normal=4
  346. #O Timeout.lhlo=2m
  347. #O Timeout.auth=10m
  348. #O Timeout.starttls=1h
  349.  
  350. # time for DeliverBy; extension disabled if less than 0
  351. #O DeliverByMin=0
  352.  
  353. # should we not prune routes in route-addr syntax addresses?
  354. #O DontPruneRoutes=False
  355.  
  356. # queue up everything before forking?
  357. O SuperSafe=True
  358.  
  359. # status file
  360. O StatusFile=/etc/mail/statistics
  361.  
  362. # time zone handling:
  363. # if undefined, use system default
  364. # if defined but null, use TZ envariable passed in
  365. # if defined and non-null, use that info
  366. #O TimeZoneSpec=
  367.  
  368. # default UID (can be username or userid:groupid)
  369. #O DefaultUser=mailnull
  370.  
  371. # list of locations of user database file (null means no lookup)
  372. #O UserDatabaseSpec=/etc/mail/userdb
  373.  
  374. # fallback MX host
  375. #O FallbackMXhost=fall.back.host.net
  376.  
  377. # fallback smart host
  378. #O FallbackSmartHost=fall.back.host.net
  379.  
  380. # if we are the best MX host for a site, try it directly instead of config err
  381. #O TryNullMXList=False
  382.  
  383. # load average at which we just queue messages
  384. #O QueueLA=8
  385.  
  386. # load average at which we refuse connections
  387. #O RefuseLA=12
  388.  
  389. # log interval when refusing connections for this long
  390. #O RejectLogInterval=3h
  391.  
  392. # load average at which we delay connections; 0 means no limit
  393. #O DelayLA=0
  394.  
  395. # maximum number of children we allow at one time
  396. #O MaxDaemonChildren=0
  397.  
  398. # maximum number of new connections per second
  399. #O ConnectionRateThrottle=0
  400.  
  401. # Width of the window
  402. #O ConnectionRateWindowSize=60s
  403.  
  404. # work recipient factor
  405. #O RecipientFactor=30000
  406.  
  407. # deliver each queued job in a separate process?
  408. #O ForkEachJob=False
  409.  
  410. # work class factor
  411. #O ClassFactor=1800
  412.  
  413. # work time factor
  414. #O RetryFactor=90000
  415.  
  416. # default character set
  417. #O DefaultCharSet=unknown-8bit
  418.  
  419. # service switch file (name hardwired on Solaris, Ultrix, OSF/1, others)
  420. #O ServiceSwitchFile=/etc/mail/service.switch
  421.  
  422. # hosts file (normally /etc/hosts)
  423. #O HostsFile=/etc/hosts
  424.  
  425. # dialup line delay on connection failure
  426. #O DialDelay=10s
  427.  
  428. # action to take if there are no recipients in the message
  429. #O NoRecipientAction=add-to-undisclosed
  430.  
  431. # chrooted environment for writing to files
  432. #O SafeFileEnvironment=/arch
  433.  
  434. # are colons OK in addresses?
  435. #O ColonOkInAddr=True
  436.  
  437. # shall I avoid expanding CNAMEs (violates protocols)?
  438. #O DontExpandCnames=False
  439.  
  440. # SMTP initial login message (old $e macro)
  441. O SmtpGreetingMessage=$j Sendmail $v/$Z; $b
  442.  
  443. # UNIX initial From header format (old $l macro)
  444. O UnixFromLine=From $g $d
  445.  
  446. # From: lines that have embedded newlines are unwrapped onto one line
  447. #O SingleLineFromHeader=False
  448.  
  449. # Allow HELO SMTP command that does not include a host name
  450. #O AllowBogusHELO=False
  451.  
  452. # Characters to be quoted in a full name phrase (@,;:\()[] are automatic)
  453. #O MustQuoteChars=.
  454.  
  455. # delimiter (operator) characters (old $o macro)
  456. O OperatorChars=.:%@!^/[]+
  457.  
  458. # shall I avoid calling initgroups(3) because of high NIS costs?
  459. #O DontInitGroups=False
  460.  
  461. # are group-writable :include: and .forward files (un)trustworthy?
  462. # True (the default) means they are not trustworthy.
  463. #O UnsafeGroupWrites=True
  464.  
  465.  
  466. # where do errors that occur when sending errors get sent?
  467. #O DoubleBounceAddress=postmaster
  468.  
  469. # where to save bounces if all else fails
  470. #O DeadLetterDrop=/var/tmp/dead.letter
  471.  
  472. # what user id do we assume for the majority of the processing?
  473. #O RunAsUser=sendmail
  474.  
  475. # maximum number of recipients per SMTP envelope
  476. #O MaxRecipientsPerMessage=0
  477.  
  478. # limit the rate recipients per SMTP envelope are accepted
  479. # once the threshold number of recipients have been rejected
  480. #O BadRcptThrottle=0
  481.  
  482. # shall we get local names from our installed interfaces?
  483. #O DontProbeInterfaces=False
  484.  
  485. # Return-Receipt-To: header implies DSN request
  486. #O RrtImpliesDsn=False
  487.  
  488. # override connection address (for testing)
  489. #O ConnectOnlyTo=0.0.0.0
  490.  
  491. # Trusted user for file ownership and starting the daemon
  492. #O TrustedUser=root
  493.  
  494. # Control socket for daemon management
  495. #O ControlSocketName=/var/spool/mqueue/.control
  496.  
  497. # Maximum MIME header length to protect MUAs
  498. #O MaxMimeHeaderLength=0/0
  499.  
  500. # Maximum length of the sum of all headers
  501. #O MaxHeadersLength=32768
  502.  
  503. # Maximum depth of alias recursion
  504. #O MaxAliasRecursion=10
  505.  
  506. # location of pid file
  507. #O PidFile=/var/run/sendmail.pid
  508.  
  509. # Prefix string for the process title shown on 'ps' listings
  510. #O ProcessTitlePrefix=prefix
  511.  
  512. # Data file (df) memory-buffer file maximum size
  513. #O DataFileBufferSize=4096
  514.  
  515. # Transcript file (xf) memory-buffer file maximum size
  516. #O XscriptFileBufferSize=4096
  517.  
  518. # lookup type to find information about local mailboxes
  519. #O MailboxDatabase=pw
  520.  
  521. # override compile time flag REQUIRES_DIR_FSYNC
  522. #O RequiresDirfsync=true
  523.  
  524. # list of authentication mechanisms
  525. #O AuthMechanisms=EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5
  526.  
  527. # Authentication realm
  528. #O AuthRealm
  529.  
  530. # default authentication information for outgoing connections
  531. #O DefaultAuthInfo=/etc/mail/default-auth-info
  532.  
  533. # SMTP AUTH flags
  534. #O AuthOptions
  535.  
  536. # SMTP AUTH maximum encryption strength
  537. #O AuthMaxBits
  538.  
  539. # SMTP STARTTLS server options
  540. #O TLSSrvOptions
  541.  
  542. # Input mail filters
  543. #O InputMailFilters
  544.  
  545.  
  546. # CA directory
  547. #O CACertPath
  548. # CA file
  549. #O CACertFile
  550. # Server Cert
  551. #O ServerCertFile
  552. # Server private key
  553. #O ServerKeyFile
  554. # Client Cert
  555. #O ClientCertFile
  556. # Client private key
  557. #O ClientKeyFile
  558. # File containing certificate revocation lists
  559. #O CRLFile
  560. # DHParameters (only required if DSA/DH is used)
  561. #O DHParameters
  562. # Random data source (required for systems without /dev/urandom under OpenSSL)
  563. #O RandFile
  564.  
  565. ############################
  566. # QUEUE GROUP DEFINITIONS #
  567. ############################
  568.  
  569.  
  570. ###########################
  571. # Message precedences #
  572. ###########################
  573.  
  574. Pfirst-class=0
  575. Pspecial-delivery=100
  576. Plist=-30
  577. Pbulk=-60
  578. Pjunk=-100
  579.  
  580. #####################
  581. # Trusted users #
  582. #####################
  583.  
  584. # this is equivalent to setting class "t"
  585. Ft/etc/mail/trusted-users
  586. Troot
  587. Tdaemon
  588. Tuucp
  589.  
  590. #########################
  591. # Format of headers #
  592. #########################
  593.  
  594. H?P?Return-Path: <$g>
  595. HReceived: $?sfrom $s $.$?_($?s$|from $.$_)
  596. $.$?{auth_type}(authenticated$?{auth_ssf} bits=${auth_ssf}$.)
  597. $.by $j ($v/$Z)$?r with $r$. id $i$?{tls_version}
  598. (version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify})$.$?u
  599. for $u; $|;
  600. $.$b
  601. H?D?Resent-Date: $a
  602. H?D?Date: $a
  603. H?F?Resent-From: $?x$x <$g>$|$g$.
  604. H?F?From: $?x$x <$g>$|$g$.
  605. H?x?Full-Name: $x
  606. # HPosted-Date: $a
  607. # H?l?Received-Date: $b
  608. H?M?Resent-Message-Id: <$t.$i@$j>
  609. H?M?Message-Id: <$t.$i@$j>
  610.  
  611. #
  612. ######################################################################
  613. ######################################################################
  614. #####
  615. ##### REWRITING RULES
  616. #####
  617. ######################################################################
  618. ######################################################################
  619.  
  620. ############################################
  621. ### Ruleset 3 -- Name Canonicalization ###
  622. ############################################
  623. Scanonify=3
  624.  
  625. # handle null input (translate to <@> special case)
  626. R$@ $@ <@>
  627.  
  628. # strip group: syntax (not inside angle brackets!) and trailing semicolon
  629. R$* $: $1 <@> mark addresses
  630. R$* < $* > $* <@> $: $1 < $2 > $3 unmark <addr>
  631. R@ $* <@> $: @ $1 unmark @host:...
  632. R$* [ IPv6 : $+ ] <@> $: $1 [ IPv6 : $2 ] unmark IPv6 addr
  633. R$* :: $* <@> $: $1 :: $2 unmark node::addr
  634. R:include: $* <@> $: :include: $1 unmark :include:...
  635. R$* : $* [ $* ] $: $1 : $2 [ $3 ] <@> remark if leading colon
  636. R$* : $* <@> $: $2 strip colon if marked
  637. R$* <@> $: $1 unmark
  638. R$* ; $1 strip trailing semi
  639. R$* < $+ :; > $* $@ $2 :; <@> catch <list:;>
  640. R$* < $* ; > $1 < $2 > bogus bracketed semi
  641.  
  642. # null input now results from list:; syntax
  643. R$@ $@ :; <@>
  644.  
  645. # strip angle brackets -- note RFC733 heuristic to get innermost item
  646. R$* $: < $1 > housekeeping <>
  647. R$+ < $* > < $2 > strip excess on left
  648. R< $* > $+ < $1 > strip excess on right
  649. R<> $@ < @ > MAIL FROM:<> case
  650. R< $+ > $: $1 remove housekeeping <>
  651.  
  652. # strip route address <@a,@b,@c:user@d> -> <user@d>
  653. R@ $+ , $+ $2
  654. R@ [ $* ] : $+ $2
  655. R@ $+ : $+ $2
  656.  
  657. # find focus for list syntax
  658. R $+ : $* ; @ $+ $@ $>Canonify2 $1 : $2 ; < @ $3 > list syntax
  659. R $+ : $* ; $@ $1 : $2; list syntax
  660.  
  661. # find focus for @ syntax addresses
  662. R$+ @ $+ $: $1 < @ $2 > focus on domain
  663. R$+ < $+ @ $+ > $1 $2 < @ $3 > move gaze right
  664. R$+ < @ $+ > $@ $>Canonify2 $1 < @ $2 > already canonical
  665.  
  666.  
  667. # convert old-style addresses to a domain-based address
  668. R$- ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > resolve uucp names
  669. R$+ . $- ! $+ $@ $>Canonify2 $3 < @ $1 . $2 > domain uucps
  670. R$+ ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > uucp subdomains
  671.  
  672. # if we have % signs, take the rightmost one
  673. R$* % $* $1 @ $2 First make them all @s.
  674. R$* @ $* @ $* $1 % $2 @ $3 Undo all but the last.
  675. R$* @ $* $@ $>Canonify2 $1 < @ $2 > Insert < > and finish
  676.  
  677. # else we must be a local name
  678. R$* $@ $>Canonify2 $1
  679.  
  680.  
  681. ################################################
  682. ### Ruleset 96 -- bottom half of ruleset 3 ###
  683. ################################################
  684.  
  685. SCanonify2=96
  686.  
  687. # handle special cases for local names
  688. R$* < @ localhost > $* $: $1 < @ $j . > $2 no domain at all
  689. R$* < @ localhost . $m > $* $: $1 < @ $j . > $2 local domain
  690. R$* < @ localhost . UUCP > $* $: $1 < @ $j . > $2 .UUCP domain
  691.  
  692. # check for IPv4/IPv6 domain literal
  693. R$* < @ [ $+ ] > $* $: $1 < @@ [ $2 ] > $3 mark [addr]
  694. R$* < @@ $=w > $* $: $1 < @ $j . > $3 self-literal
  695. R$* < @@ $+ > $* $@ $1 < @ $2 > $3 canon IP addr
  696.  
  697.  
  698.  
  699.  
  700.  
  701. # if really UUCP, handle it immediately
  702.  
  703. # try UUCP traffic as a local address
  704. R$* < @ $+ . UUCP > $* $: $1 < @ $[ $2 $] . UUCP . > $3
  705. R$* < @ $+ . . UUCP . > $* $@ $1 < @ $2 . > $3
  706.  
  707. # hostnames ending in class P are always canonical
  708. R$* < @ $* $=P > $* $: $1 < @ $2 $3 . > $4
  709. R$* < @ $* $~P > $* $: $&{daemon_flags} $| $1 < @ $2 $3 > $4
  710. R$* CC $* $| $* < @ $+.$+ > $* $: $3 < @ $4.$5 . > $6
  711. R$* CC $* $| $* $: $3
  712. # pass to name server to make hostname canonical
  713. R$* $| $* < @ $* > $* $: $2 < @ $[ $3 $] > $4
  714. R$* $| $* $: $2
  715.  
  716. # local host aliases and pseudo-domains are always canonical
  717. R$* < @ $=w > $* $: $1 < @ $2 . > $3
  718. R$* < @ $=M > $* $: $1 < @ $2 . > $3
  719. R$* < @ $={VirtHost} > $* $: $1 < @ $2 . > $3
  720. R$* < @ $* . . > $* $1 < @ $2 . > $3
  721.  
  722.  
  723. ##################################################
  724. ### Ruleset 4 -- Final Output Post-rewriting ###
  725. ##################################################
  726. Sfinal=4
  727.  
  728. R$+ :; <@> $@ $1 : handle <list:;>
  729. R$* <@> $@ handle <> and list:;
  730.  
  731. # strip trailing dot off possibly canonical name
  732. R$* < @ $+ . > $* $1 < @ $2 > $3
  733.  
  734. # eliminate internal code
  735. R$* < @ *LOCAL* > $* $1 < @ $j > $2
  736.  
  737. # externalize local domain info
  738. R$* < $+ > $* $1 $2 $3 defocus
  739. R@ $+ : @ $+ : $+ @ $1 , @ $2 : $3 <route-addr> canonical
  740. R@ $* $@ @ $1 ... and exit
  741.  
  742. # UUCP must always be presented in old form
  743. R$+ @ $- . UUCP $2!$1 u@h.UUCP => h!u
  744.  
  745. # delete duplicate local names
  746. R$+ % $=w @ $=w $1 @ $2 u%host@host => u@host
  747.  
  748.  
  749.  
  750. ##############################################################
  751. ### Ruleset 97 -- recanonicalize and call ruleset zero ###
  752. ### (used for recursive calls) ###
  753. ##############################################################
  754.  
  755. SRecurse=97
  756. R$* $: $>canonify $1
  757. R$* $@ $>parse $1
  758.  
  759.  
  760. ######################################
  761. ### Ruleset 0 -- Parse Address ###
  762. ######################################
  763.  
  764. Sparse=0
  765.  
  766. R$* $: $>Parse0 $1 initial parsing
  767. R<@> $#local $: <@> special case error msgs
  768. R$* $: $>ParseLocal $1 handle local hacks
  769. R$* $: $>Parse1 $1 final parsing
  770.  
  771. #
  772. # Parse0 -- do initial syntax checking and eliminate local addresses.
  773. # This should either return with the (possibly modified) input
  774. # or return with a #error mailer. It should not return with a
  775. # #mailer other than the #error mailer.
  776. #
  777.  
  778. SParse0
  779. R<@> $@ <@> special case error msgs
  780. R$* : $* ; <@> $#error $@ 5.1.3 $: "553 List:; syntax illegal for recipient addresses"
  781. R@ <@ $* > < @ $1 > catch "@@host" bogosity
  782. R<@ $+> $#error $@ 5.1.3 $: "553 User address required"
  783. R$+ <@> $#error $@ 5.1.3 $: "553 Hostname required"
  784. R$* $: <> $1
  785. R<> $* < @ [ $* ] : $+ > $* $1 < @ [ $2 ] : $3 > $4
  786. R<> $* < @ [ $* ] , $+ > $* $1 < @ [ $2 ] , $3 > $4
  787. R<> $* < @ [ $* ] $+ > $* $#error $@ 5.1.2 $: "553 Invalid address"
  788. R<> $* < @ [ $+ ] > $* $1 < @ [ $2 ] > $3
  789. R<> $* <$* : $* > $* $#error $@ 5.1.3 $: "553 Colon illegal in host name part"
  790. R<> $* $1
  791. R$* < @ . $* > $* $#error $@ 5.1.2 $: "553 Invalid host name"
  792. R$* < @ $* .. $* > $* $#error $@ 5.1.2 $: "553 Invalid host name"
  793. R$* < @ $* @ > $* $#error $@ 5.1.2 $: "553 Invalid route address"
  794. R$* @ $* < @ $* > $* $#error $@ 5.1.3 $: "553 Invalid route address"
  795. R$* , $~O $* $#error $@ 5.1.3 $: "553 Invalid route address"
  796.  
  797.  
  798. # now delete the local info -- note $=O to find characters that cause forwarding
  799. R$* < @ > $* $@ $>Parse0 $>canonify $1 user@ => user
  800. R< @ $=w . > : $* $@ $>Parse0 $>canonify $2 @here:... -> ...
  801. R$- < @ $=w . > $: $(dequote $1 $) < @ $2 . > dequote "foo"@here
  802. R< @ $+ > $#error $@ 5.1.3 $: "553 User address required"
  803. R$* $=O $* < @ $=w . > $@ $>Parse0 $>canonify $1 $2 $3 ...@here -> ...
  804. R$- $: $(dequote $1 $) < @ *LOCAL* > dequote "foo"
  805. R< @ *LOCAL* > $#error $@ 5.1.3 $: "553 User address required"
  806. R$* $=O $* < @ *LOCAL* >
  807. $@ $>Parse0 $>canonify $1 $2 $3 ...@*LOCAL* -> ...
  808. R$* < @ *LOCAL* > $: $1
  809.  
  810. #
  811. # Parse1 -- the bottom half of ruleset 0.
  812. #
  813.  
  814. SParse1
  815.  
  816. # handle numeric address spec
  817. R$* < @ [ $+ ] > $* $: $>ParseLocal $1 < @ [ $2 ] > $3 numeric internet spec
  818. R$* < @ [ $+ ] > $* $: $1 < @ [ $2 ] : $S > $3 Add smart host to path
  819. R$* < @ [ $+ ] : > $* $#esmtp $@ [$2] $: $1 < @ [$2] > $3 no smarthost: send
  820. R$* < @ [ $+ ] : $- : $*> $* $#$3 $@ $4 $: $1 < @ [$2] > $5 smarthost with mailer
  821. R$* < @ [ $+ ] : $+ > $* $#esmtp $@ $3 $: $1 < @ [$2] > $4 smarthost without mailer
  822.  
  823. # handle virtual users
  824. R$+ $: <!> $1 Mark for lookup
  825. R<!> $+ < @ $={VirtHost} . > $: < $(virtuser $1 @ $2 $@ $1 $: @ $) > $1 < @ $2 . >
  826. R<!> $+ < @ $=w . > $: < $(virtuser $1 @ $2 $@ $1 $: @ $) > $1 < @ $2 . >
  827. R<@> $+ + $+ < @ $* . >
  828. $: < $(virtuser $1 + + @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . >
  829. R<@> $+ + $* < @ $* . >
  830. $: < $(virtuser $1 + * @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . >
  831. R<@> $+ + $* < @ $* . >
  832. $: < $(virtuser $1 @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . >
  833. R<@> $+ + $+ < @ $+ . > $: < $(virtuser + + @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . >
  834. R<@> $+ + $* < @ $+ . > $: < $(virtuser + * @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . >
  835. R<@> $+ + $* < @ $+ . > $: < $(virtuser @ $3 $@ $1 $@ $2 $@ +$2 $: ! $) > $1 + $2 < @ $3 . >
  836. R<@> $+ < @ $+ . > $: < $(virtuser @ $2 $@ $1 $: @ $) > $1 < @ $2 . >
  837. R<@> $+ $: $1
  838. R<!> $+ $: $1
  839. R< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4
  840. R< error : $- $+ > $* $#error $@ $(dequote $1 $) $: $2
  841. R< $+ > $+ < @ $+ > $: $>Recurse $1
  842.  
  843. # short circuit local delivery so forwarded email works
  844.  
  845.  
  846. R$=L < @ $=w . > $#local $: @ $1 special local names
  847. R$+ < @ $=w . > $#local $: $1 regular local name
  848.  
  849. # not local -- try mailer table lookup
  850. R$* <@ $+ > $* $: < $2 > $1 < @ $2 > $3 extract host name
  851. R< $+ . > $* $: < $1 > $2 strip trailing dot
  852. R< $+ > $* $: < $(mailertable $1 $) > $2 lookup
  853. R< $~[ : $* > $* $>MailerToTriple < $1 : $2 > $3 check -- resolved?
  854. R< $+ > $* $: $>Mailertable <$1> $2 try domain
  855.  
  856. # resolve remotely connected UUCP links (if any)
  857.  
  858. # resolve fake top level domains by forwarding to other hosts
  859.  
  860.  
  861.  
  862. # pass names that still have a host to a smarthost (if defined)
  863. R$* < @ $* > $* $: $>MailerToTriple < $S > $1 < @ $2 > $3 glue on smarthost name
  864.  
  865. # deal with other remote names
  866. R$* < @$* > $* $#esmtp $@ $2 $: $1 < @ $2 > $3 user@host.domain
  867.  
  868. # handle locally delivered names
  869. R$=L $#local $: @ $1 special local names
  870. R$+ $#local $: $1 regular local names
  871.  
  872. ###########################################################################
  873. ### Ruleset 5 -- special rewriting after aliases have been expanded ###
  874. ###########################################################################
  875.  
  876. SLocal_localaddr
  877. Slocaladdr=5
  878. R$+ $: $1 $| $>"Local_localaddr" $1
  879. R$+ $| $#ok $@ $1 no change
  880. R$+ $| $#$* $#$2
  881. R$+ $| $* $: $1
  882.  
  883.  
  884.  
  885.  
  886. # deal with plussed users so aliases work nicely
  887. R$+ + * $#local $@ $&h $: $1
  888. R$+ + $* $#local $@ + $2 $: $1 + *
  889.  
  890. # prepend an empty "forward host" on the front
  891. R$+ $: <> $1
  892.  
  893.  
  894.  
  895. R< > $+ $: < > < $1 <> $&h > nope, restore +detail
  896.  
  897. R< > < $+ <> + $* > $: < > < $1 + $2 > check whether +detail
  898. R< > < $+ <> $* > $: < > < $1 > else discard
  899. R< > < $+ + $* > $* < > < $1 > + $2 $3 find the user part
  900. R< > < $+ > + $* $#local $@ $2 $: @ $1 strip the extra +
  901. R< > < $+ > $@ $1 no +detail
  902. R$+ $: $1 <> $&h add +detail back in
  903.  
  904. R$+ <> + $* $: $1 + $2 check whether +detail
  905. R$+ <> $* $: $1 else discard
  906. R< local : $* > $* $: $>MailerToTriple < local : $1 > $2 no host extension
  907. R< error : $* > $* $: $>MailerToTriple < error : $1 > $2 no host extension
  908.  
  909. R< $~[ : $+ > $+ $: $>MailerToTriple < $1 : $2 > $3 < @ $2 >
  910.  
  911. R< $+ > $+ $@ $>MailerToTriple < $1 > $2 < @ $1 >
  912.  
  913.  
  914. ###################################################################
  915. ### Ruleset 90 -- try domain part of mailertable entry ###
  916. ###################################################################
  917.  
  918. SMailertable=90
  919. R$* <$- . $+ > $* $: $1$2 < $(mailertable .$3 $@ $1$2 $@ $2 $) > $4
  920. R$* <$~[ : $* > $* $>MailerToTriple < $2 : $3 > $4 check -- resolved?
  921. R$* < . $+ > $* $@ $>Mailertable $1 . <$2> $3 no -- strip & try again
  922. R$* < $* > $* $: < $(mailertable . $@ $1$2 $) > $3 try "."
  923. R< $~[ : $* > $* $>MailerToTriple < $1 : $2 > $3 "." found?
  924. R< $* > $* $@ $2 no mailertable match
  925.  
  926. ###################################################################
  927. ### Ruleset 95 -- canonify mailer:[user@]host syntax to triple ###
  928. ###################################################################
  929.  
  930. SMailerToTriple=95
  931. R< > $* $@ $1 strip off null relay
  932. R< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4
  933. R< error : $- : $+ > $* $#error $@ $(dequote $1 $) $: $2
  934. R< error : $+ > $* $#error $: $1
  935. R< local : $* > $* $>CanonLocal < $1 > $2
  936. R< $~[ : $+ @ $+ > $*<$*>$* $# $1 $@ $3 $: $2<@$3> use literal user
  937. R< $~[ : $+ > $* $# $1 $@ $2 $: $3 try qualified mailer
  938. R< $=w > $* $@ $2 delete local host
  939. R< $+ > $* $#relay $@ $1 $: $2 use unqualified mailer
  940.  
  941. ###################################################################
  942. ### Ruleset CanonLocal -- canonify local: syntax ###
  943. ###################################################################
  944.  
  945. SCanonLocal
  946. # strip local host from routed addresses
  947. R< $* > < @ $+ > : $+ $@ $>Recurse $3
  948. R< $* > $+ $=O $+ < @ $+ > $@ $>Recurse $2 $3 $4
  949.  
  950. # strip trailing dot from any host name that may appear
  951. R< $* > $* < @ $* . > $: < $1 > $2 < @ $3 >
  952.  
  953. # handle local: syntax -- use old user, either with or without host
  954. R< > $* < @ $* > $* $#local $@ $1@$2 $: $1
  955. R< > $+ $#local $@ $1 $: $1
  956.  
  957. # handle local:user@host syntax -- ignore host part
  958. R< $+ @ $+ > $* < @ $* > $: < $1 > $3 < @ $4 >
  959.  
  960. # handle local:user syntax
  961. R< $+ > $* <@ $* > $* $#local $@ $2@$3 $: $1
  962. R< $+ > $* $#local $@ $2 $: $1
  963.  
  964. ###################################################################
  965. ### Ruleset 93 -- convert header names to masqueraded form ###
  966. ###################################################################
  967.  
  968. SMasqHdr=93
  969.  
  970.  
  971. # do not masquerade anything in class N
  972. R$* < @ $* $=N . > $@ $1 < @ $2 $3 . >
  973.  
  974. R$* < @ *LOCAL* > $@ $1 < @ $j . >
  975.  
  976. ###################################################################
  977. ### Ruleset 94 -- convert envelope names to masqueraded form ###
  978. ###################################################################
  979.  
  980. SMasqEnv=94
  981. R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
  982.  
  983. ###################################################################
  984. ### Ruleset 98 -- local part of ruleset zero (can be null) ###
  985. ###################################################################
  986.  
  987. SParseLocal=98
  988.  
  989. # addresses sent to foo@host.REDIRECT will give a 551 error code
  990. R$* < @ $+ .REDIRECT. > $: $1 < @ $2 . REDIRECT . > < ${opMode} >
  991. R$* < @ $+ .REDIRECT. > <i> $: $1 < @ $2 . REDIRECT. >
  992. R$* < @ $+ .REDIRECT. > < $- > $#error $@ 5.1.1 $: "551 User has moved; please try " <$1@$2>
  993.  
  994.  
  995.  
  996.  
  997. ######################################################################
  998. ### D: LookUpDomain -- search for domain in access database
  999. ###
  1000. ### Parameters:
  1001. ### <$1> -- key (domain name)
  1002. ### <$2> -- default (what to return if not found in db)
  1003. ### <$3> -- mark (must be <(!|+) single-token>)
  1004. ### ! does lookup only with tag
  1005. ### + does lookup with and without tag
  1006. ### <$4> -- passthru (additional data passed unchanged through)
  1007. ######################################################################
  1008.  
  1009. SD
  1010. R<$*> <$+> <$- $-> <$*> $: < $(access $4:$1 $: ? $) > <$1> <$2> <$3 $4> <$5>
  1011. R<?> <$+> <$+> <+ $-> <$*> $: < $(access $1 $: ? $) > <$1> <$2> <+ $3> <$4>
  1012. R<?> <[$+.$-]> <$+> <$- $-> <$*> $@ $>D <[$1]> <$3> <$4 $5> <$6>
  1013. R<?> <[$+::$-]> <$+> <$- $-> <$*> $: $>D <[$1]> <$3> <$4 $5> <$6>
  1014. R<?> <[$+:$-]> <$+> <$- $-> <$*> $: $>D <[$1]> <$3> <$4 $5> <$6>
  1015. R<?> <$+.$+> <$+> <$- $-> <$*> $@ $>D <$2> <$3> <$4 $5> <$6>
  1016. R<?> <$+> <$+> <$- $-> <$*> $@ <$2> <$5>
  1017. R<$* <TMPF>> <$+> <$+> <$- $-> <$*> $@ <<TMPF>> <$6>
  1018. R<$*> <$+> <$+> <$- $-> <$*> $@ <$1> <$6>
  1019.  
  1020. ######################################################################
  1021. ### A: LookUpAddress -- search for host address in access database
  1022. ###
  1023. ### Parameters:
  1024. ### <$1> -- key (dot quadded host address)
  1025. ### <$2> -- default (what to return if not found in db)
  1026. ### <$3> -- mark (must be <(!|+) single-token>)
  1027. ### ! does lookup only with tag
  1028. ### + does lookup with and without tag
  1029. ### <$4> -- passthru (additional data passed through)
  1030. ######################################################################
  1031.  
  1032. SA
  1033. R<$+> <$+> <$- $-> <$*> $: < $(access $4:$1 $: ? $) > <$1> <$2> <$3 $4> <$5>
  1034. R<?> <$+> <$+> <+ $-> <$*> $: < $(access $1 $: ? $) > <$1> <$2> <+ $3> <$4>
  1035. R<?> <$+::$-> <$+> <$- $-> <$*> $@ $>A <$1> <$3> <$4 $5> <$6>
  1036. R<?> <$+:$-> <$+> <$- $-> <$*> $@ $>A <$1> <$3> <$4 $5> <$6>
  1037. R<?> <$+.$-> <$+> <$- $-> <$*> $@ $>A <$1> <$3> <$4 $5> <$6>
  1038. R<?> <$+> <$+> <$- $-> <$*> $@ <$2> <$5>
  1039. R<$* <TMPF>> <$+> <$+> <$- $-> <$*> $@ <<TMPF>> <$6>
  1040. R<$*> <$+> <$+> <$- $-> <$*> $@ <$1> <$6>
  1041.  
  1042. ######################################################################
  1043. ### CanonAddr -- Convert an address into a standard form for
  1044. ### relay checking. Route address syntax is
  1045. ### crudely converted into a %-hack address.
  1046. ###
  1047. ### Parameters:
  1048. ### $1 -- full recipient address
  1049. ###
  1050. ### Returns:
  1051. ### parsed address, not in source route form
  1052. ######################################################################
  1053.  
  1054. SCanonAddr
  1055. R$* $: $>Parse0 $>canonify $1 make domain canonical
  1056.  
  1057.  
  1058. ######################################################################
  1059. ### ParseRecipient -- Strip off hosts in $=R as well as possibly
  1060. ### $* $=m or the access database.
  1061. ### Check user portion for host separators.
  1062. ###
  1063. ### Parameters:
  1064. ### $1 -- full recipient address
  1065. ###
  1066. ### Returns:
  1067. ### parsed, non-local-relaying address
  1068. ######################################################################
  1069.  
  1070. SParseRecipient
  1071. R$* $: <?> $>CanonAddr $1
  1072. R<?> $* < @ $* . > <?> $1 < @ $2 > strip trailing dots
  1073. R<?> $- < @ $* > $: <?> $(dequote $1 $) < @ $2 > dequote local part
  1074.  
  1075. # if no $=O character, no host in the user portion, we are done
  1076. R<?> $* $=O $* < @ $* > $: <NO> $1 $2 $3 < @ $4>
  1077. R<?> $* $@ $1
  1078.  
  1079.  
  1080. R<NO> $* < @ $* $=R > $: <RELAY> $1 < @ $2 $3 >
  1081. R<NO> $* < @ $+ > $: $>D <$2> <NO> <+ To> <$1 < @ $2 >>
  1082. R<$+> <$+> $: <$1> $2
  1083.  
  1084.  
  1085.  
  1086. R<RELAY> $* < @ $* > $@ $>ParseRecipient $1
  1087. R<$+> $* $@ $2
  1088.  
  1089.  
  1090. ######################################################################
  1091. ### check_relay -- check hostname/address on SMTP startup
  1092. ######################################################################
  1093.  
  1094.  
  1095.  
  1096. SLocal_check_relay
  1097. Scheck_relay
  1098. R$* $: $1 $| $>"Local_check_relay" $1
  1099. R$* $| $* $| $#$* $#$3
  1100. R$* $| $* $| $* $@ $>"Basic_check_relay" $1 $| $2
  1101.  
  1102. SBasic_check_relay
  1103. # check for deferred delivery mode
  1104. R$* $: < $&{deliveryMode} > $1
  1105. R< d > $* $@ deferred
  1106. R< $* > $* $: $2
  1107.  
  1108. R$+ $| $+ $: $>D < $1 > <?> <+ Connect> < $2 >
  1109. R $| $+ $: $>A < $1 > <?> <+ Connect> <> empty client_name
  1110. R<?> <$+> $: $>A < $1 > <?> <+ Connect> <> no: another lookup
  1111. R<?> <$*> $: OK found nothing
  1112. R<$={Accept}> <$*> $@ $1 return value of lookup
  1113. R<REJECT> <$*> $#error $@ 5.7.1 $: "550 Access denied"
  1114. R<DISCARD> <$*> $#discard $: discard
  1115. R<QUARANTINE:$+> <$*> $#error $@ quarantine $: $1
  1116. R<ERROR:$-.$-.$-:$+> <$*> $#error $@ $1.$2.$3 $: $4
  1117. R<ERROR:$+> <$*> $#error $: $1
  1118. R<$* <TMPF>> <$*> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
  1119. R<$+> <$*> $#error $: $1
  1120.  
  1121.  
  1122.  
  1123. ######################################################################
  1124. ### check_mail -- check SMTP `MAIL FROM:' command argument
  1125. ######################################################################
  1126.  
  1127. SLocal_check_mail
  1128. Scheck_mail
  1129. R$* $: $1 $| $>"Local_check_mail" $1
  1130. R$* $| $#$* $#$2
  1131. R$* $| $* $@ $>"Basic_check_mail" $1
  1132.  
  1133. SBasic_check_mail
  1134. # check for deferred delivery mode
  1135. R$* $: < $&{deliveryMode} > $1
  1136. R< d > $* $@ deferred
  1137. R< $* > $* $: $2
  1138.  
  1139. # authenticated?
  1140. R$* $: $1 $| $>"tls_client" $&{verify} $| MAIL
  1141. R$* $| $#$+ $#$2
  1142. R$* $| $* $: $1
  1143.  
  1144. R<> $@ <OK> we MUST accept <> (RFC 1123)
  1145. R$+ $: <?> $1
  1146. R<?><$+> $: <@> <$1>
  1147. R<?>$+ $: <@> <$1>
  1148. R$* $: $&{daemon_flags} $| $1
  1149. R$* f $* $| <@> < $* @ $- > $: < ? $&{client_name} > < $3 @ $4 >
  1150. R$* u $* $| <@> < $* > $: <?> < $3 >
  1151. R$* $| $* $: $2
  1152. # handle case of @localhost on address
  1153. R<@> < $* @ localhost > $: < ? $&{client_name} > < $1 @ localhost >
  1154. R<@> < $* @ [127.0.0.1] >
  1155. $: < ? $&{client_name} > < $1 @ [127.0.0.1] >
  1156. R<@> < $* @ localhost.$m >
  1157. $: < ? $&{client_name} > < $1 @ localhost.$m >
  1158. R<@> < $* @ localhost.UUCP >
  1159. $: < ? $&{client_name} > < $1 @ localhost.UUCP >
  1160. R<@> $* $: $1 no localhost as domain
  1161. R<? $=w> $* $: $2 local client: ok
  1162. R<? $+> <$+> $#error $@ 5.5.4 $: "553 Real domain name required for sender address"
  1163. R<?> $* $: $1
  1164. R$* $: <?> $>CanonAddr $1 canonify sender address and mark it
  1165. R<?> $* < @ $+ . > <?> $1 < @ $2 > strip trailing dots
  1166. # handle non-DNS hostnames (*.bitnet, *.decnet, *.uucp, etc)
  1167. R<?> $* < @ $* $=P > $: <OKR> $1 < @ $2 $3 >
  1168. R<?> $* < @ $j > $: <OKR> $1 < @ $j >
  1169. R<?> $* < @ $+ > $: <? $(resolve $2 $: $2 <PERM> $) > $1 < @ $2 >
  1170. R<? $* <$->> $* < @ $+ >
  1171. $: <$2> $3 < @ $4 >
  1172.  
  1173. # check sender address: user@address, user@, address
  1174. R<$+> $+ < @ $* > $: @<$1> <$2 < @ $3 >> $| <F:$2@$3> <U:$2@> <D:$3>
  1175. R<$+> $+ $: @<$1> <$2> $| <U:$2@>
  1176. R@ <$+> <$*> $| <$+> $: <@> <$1> <$2> $| $>SearchList <+ From> $| <$3> <>
  1177. R<@> <$+> <$*> $| <$*> $: <$3> <$1> <$2> reverse result
  1178. # retransform for further use
  1179. R<?> <$+> <$*> $: <$1> $2 no match
  1180. R<$+> <$+> <$*> $: <$1> $3 relevant result, keep it
  1181.  
  1182. # handle case of no @domain on address
  1183. R<?> $* $: $&{daemon_flags} $| <?> $1
  1184. R$* u $* $| <?> $* $: <OKR> $3
  1185. R$* $| $* $: $2
  1186. R<?> $* $: < ? $&{client_addr} > $1
  1187. R<?> $* $@ <OKR> ...local unqualed ok
  1188. R<? $+> $* $#error $@ 5.5.4 $: "553 Domain name required for sender address " $&f
  1189. ...remote is not
  1190. # check results
  1191. R<?> $* $: @ $1 mark address: nothing known about it
  1192. R<$={ResOk}> $* $@ <OKR> domain ok: stop
  1193. R<TEMP> $* $#error $@ 4.1.8 $: "451 Domain of sender address " $&f " does not resolve"
  1194. R<PERM> $* $#error $@ 5.1.8 $: "553 Domain of sender address " $&f " does not exist"
  1195. R<$={Accept}> $* $# $1 accept from access map
  1196. R<DISCARD> $* $#discard $: discard
  1197. R<QUARANTINE:$+> $* $#error $@ quarantine $: $1
  1198. R<REJECT> $* $#error $@ 5.7.1 $: "550 Access denied"
  1199. R<ERROR:$-.$-.$-:$+> $* $#error $@ $1.$2.$3 $: $4
  1200. R<ERROR:$+> $* $#error $: $1
  1201. R<<TMPF>> $* $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
  1202. R<$+> $* $#error $: $1 error from access db
  1203.  
  1204. ######################################################################
  1205. ### check_rcpt -- check SMTP `RCPT TO:' command argument
  1206. ######################################################################
  1207.  
  1208. SLocal_check_rcpt
  1209. Scheck_rcpt
  1210. R$* $: $1 $| $>"Local_check_rcpt" $1
  1211. R$* $| $#$* $#$2
  1212. R$* $| $* $@ $>"Basic_check_rcpt" $1
  1213.  
  1214. SBasic_check_rcpt
  1215. # empty address?
  1216. R<> $#error $@ nouser $: "553 User address required"
  1217. R$@ $#error $@ nouser $: "553 User address required"
  1218. # check for deferred delivery mode
  1219. R$* $: < $&{deliveryMode} > $1
  1220. R< d > $* $@ deferred
  1221. R< $* > $* $: $2
  1222.  
  1223.  
  1224. ######################################################################
  1225. R$* $: $1 $| @ $>"Rcpt_ok" $1
  1226. R$* $| @ $#TEMP $+ $: $1 $| T $2
  1227. R$* $| @ $#$* $#$2
  1228. R$* $| @ RELAY $@ RELAY
  1229. R$* $| @ $* $: O $| $>"Relay_ok" $1
  1230. R$* $| T $+ $: T $2 $| $>"Relay_ok" $1
  1231. R$* $| $#TEMP $+ $#error $2
  1232. R$* $| $#$* $#$2
  1233. R$* $| RELAY $@ RELAY
  1234. R T $+ $| $* $#error $1
  1235. # anything else is bogus
  1236. R$* $#error $@ 5.7.1 $: "550 Relaying denied"
  1237.  
  1238.  
  1239. ######################################################################
  1240. ### Rcpt_ok: is the recipient ok?
  1241. ######################################################################
  1242. SRcpt_ok
  1243. R$* $: $>ParseRecipient $1 strip relayable hosts
  1244.  
  1245.  
  1246.  
  1247. # blacklist local users or any host from receiving mail
  1248. R$* $: <?> $1
  1249. R<?> $+ < @ $=w > $: <> <$1 < @ $2 >> $| <F:$1@$2> <U:$1@> <D:$2>
  1250. R<?> $+ < @ $* > $: <> <$1 < @ $2 >> $| <F:$1@$2> <D:$2>
  1251. R<?> $+ $: <> <$1> $| <U:$1@>
  1252. R<> <$*> $| <$+> $: <@> <$1> $| $>SearchList <+ To> $| <$2> <>
  1253. R<@> <$*> $| <$*> $: <$2> <$1> reverse result
  1254. R<?> <$*> $: @ $1 mark address as no match
  1255. R<$={Accept}> <$*> $: @ $2 mark address as no match
  1256.  
  1257. R<REJECT> $* $#error $@ 5.2.1 $: "550 Mailbox disabled for this recipient"
  1258. R<DISCARD> $* $#discard $: discard
  1259. R<QUARANTINE:$+> $* $#error $@ quarantine $: $1
  1260. R<ERROR:$-.$-.$-:$+> $* $#error $@ $1.$2.$3 $: $4
  1261. R<ERROR:$+> $* $#error $: $1
  1262. R<<TMPF>> $* $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
  1263. R<$+> $* $#error $: $1 error from access db
  1264. R@ $* $1 remove mark
  1265.  
  1266. # authenticated via TLS?
  1267. R$* $: $1 $| $>RelayTLS client authenticated?
  1268. R$* $| $# $+ $# $2 error/ok?
  1269. R$* $| $* $: $1 no
  1270.  
  1271. R$* $: $1 $| $>"Local_Relay_Auth" $&{auth_type}
  1272. R$* $| $# $* $# $2
  1273. R$* $| NO $: $1
  1274. R$* $| $* $: $1 $| $&{auth_type}
  1275. R$* $| $: $1
  1276. R$* $| $={TrustAuthMech} $# RELAY
  1277. R$* $| $* $: $1
  1278. # anything terminating locally is ok
  1279. R$+ < @ $=w > $@ RELAY
  1280. R$+ < @ $* $=R > $@ RELAY
  1281. R$+ < @ $+ > $: $>D <$2> <?> <+ To> <$1 < @ $2 >>
  1282. R<RELAY> $* $@ RELAY
  1283. R<$* <TMPF>> $* $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
  1284. R<$*> <$*> $: $2
  1285.  
  1286.  
  1287.  
  1288. # check for local user (i.e. unqualified address)
  1289. R$* $: <?> $1
  1290. R<?> $* < @ $+ > $: <REMOTE> $1 < @ $2 >
  1291. # local user is ok
  1292. R<?> $+ $@ RELAY
  1293. R<$+> $* $: $2
  1294.  
  1295. ######################################################################
  1296. ### Relay_ok: is the relay/sender ok?
  1297. ######################################################################
  1298. SRelay_ok
  1299. # anything originating locally is ok
  1300. # check IP address
  1301. R$* $: $&{client_addr}
  1302. R$@ $@ RELAY originated locally
  1303. R0 $@ RELAY originated locally
  1304. R127.0.0.1 $@ RELAY originated locally
  1305. RIPv6:::1 $@ RELAY originated locally
  1306. R$=R $* $@ RELAY relayable IP address
  1307. R$* $: $>A <$1> <?> <+ Connect> <$1>
  1308. R<RELAY> $* $@ RELAY relayable IP address
  1309.  
  1310. R<<TMPF>> $* $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
  1311. R<$*> <$*> $: $2
  1312. R$* $: [ $1 ] put brackets around it...
  1313. R$=w $@ RELAY ... and see if it is local
  1314.  
  1315.  
  1316. # check client name: first: did it resolve?
  1317. R$* $: < $&{client_resolve} >
  1318. R<TEMP> $#TEMP $@ 4.4.0 $: "450 Relaying temporarily denied. Cannot resolve PTR record for " $&{client_addr}
  1319. R<FORGED> $#error $@ 5.7.1 $: "550 Relaying denied. IP name possibly forged " $&{client_name}
  1320. R<FAIL> $#error $@ 5.7.1 $: "550 Relaying denied. IP name lookup failed " $&{client_name}
  1321. R$* $: <@> $&{client_name}
  1322. # pass to name server to make hostname canonical
  1323. R<@> $* $=P $:<?> $1 $2
  1324. R<@> $+ $:<?> $[ $1 $]
  1325. R$* . $1 strip trailing dots
  1326. R<?> $=w $@ RELAY
  1327. R<?> $* $=R $@ RELAY
  1328. R<?> $* $: $>D <$1> <?> <+ Connect> <$1>
  1329. R<RELAY> $* $@ RELAY
  1330. R<$* <TMPF>> $* $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
  1331. R<$*> <$*> $: $2
  1332.  
  1333.  
  1334. ######################################################################
  1335. ### F: LookUpFull -- search for an entry in access database
  1336. ###
  1337. ### lookup of full key (which should be an address) and
  1338. ### variations if +detail exists: +* and without +detail
  1339. ###
  1340. ### Parameters:
  1341. ### <$1> -- key
  1342. ### <$2> -- default (what to return if not found in db)
  1343. ### <$3> -- mark (must be <(!|+) single-token>)
  1344. ### ! does lookup only with tag
  1345. ### + does lookup with and without tag
  1346. ### <$4> -- passthru (additional data passed unchanged through)
  1347. ######################################################################
  1348.  
  1349. SF
  1350. R<$+> <$*> <$- $-> <$*> $: <$(access $4:$1 $: ? $)> <$1> <$2> <$3 $4> <$5>
  1351. R<?> <$+> <$*> <+ $-> <$*> $: <$(access $1 $: ? $)> <$1> <$2> <+ $3> <$4>
  1352. R<?> <$+ + $* @ $+> <$*> <$- $-> <$*>
  1353. $: <$(access $6:$1+*@$3 $: ? $)> <$1+$2@$3> <$4> <$5 $6> <$7>
  1354. R<?> <$+ + $* @ $+> <$*> <+ $-> <$*>
  1355. $: <$(access $1+*@$3 $: ? $)> <$1+$2@$3> <$4> <+ $5> <$6>
  1356. R<?> <$+ + $* @ $+> <$*> <$- $-> <$*>
  1357. $: <$(access $6:$1@$3 $: ? $)> <$1+$2@$3> <$4> <$5 $6> <$7>
  1358. R<?> <$+ + $* @ $+> <$*> <+ $-> <$*>
  1359. $: <$(access $1@$3 $: ? $)> <$1+$2@$3> <$4> <+ $5> <$6>
  1360. R<?> <$+> <$*> <$- $-> <$*> $@ <$2> <$5>
  1361. R<$+ <TMPF>> <$*> <$- $-> <$*> $@ <<TMPF>> <$5>
  1362. R<$+> <$*> <$- $-> <$*> $@ <$1> <$5>
  1363.  
  1364. ######################################################################
  1365. ### E: LookUpExact -- search for an entry in access database
  1366. ###
  1367. ### Parameters:
  1368. ### <$1> -- key
  1369. ### <$2> -- default (what to return if not found in db)
  1370. ### <$3> -- mark (must be <(!|+) single-token>)
  1371. ### ! does lookup only with tag
  1372. ### + does lookup with and without tag
  1373. ### <$4> -- passthru (additional data passed unchanged through)
  1374. ######################################################################
  1375.  
  1376. SE
  1377. R<$*> <$*> <$- $-> <$*> $: <$(access $4:$1 $: ? $)> <$1> <$2> <$3 $4> <$5>
  1378. R<?> <$+> <$*> <+ $-> <$*> $: <$(access $1 $: ? $)> <$1> <$2> <+ $3> <$4>
  1379. R<?> <$+> <$*> <$- $-> <$*> $@ <$2> <$5>
  1380. R<$+ <TMPF>> <$*> <$- $-> <$*> $@ <<TMPF>> <$5>
  1381. R<$+> <$*> <$- $-> <$*> $@ <$1> <$5>
  1382.  
  1383. ######################################################################
  1384. ### U: LookUpUser -- search for an entry in access database
  1385. ###
  1386. ### lookup of key (which should be a local part) and
  1387. ### variations if +detail exists: +* and without +detail
  1388. ###
  1389. ### Parameters:
  1390. ### <$1> -- key (user@)
  1391. ### <$2> -- default (what to return if not found in db)
  1392. ### <$3> -- mark (must be <(!|+) single-token>)
  1393. ### ! does lookup only with tag
  1394. ### + does lookup with and without tag
  1395. ### <$4> -- passthru (additional data passed unchanged through)
  1396. ######################################################################
  1397.  
  1398. SU
  1399. R<$+> <$*> <$- $-> <$*> $: <$(access $4:$1 $: ? $)> <$1> <$2> <$3 $4> <$5>
  1400. R<?> <$+> <$*> <+ $-> <$*> $: <$(access $1 $: ? $)> <$1> <$2> <+ $3> <$4>
  1401. R<?> <$+ + $* @> <$*> <$- $-> <$*>
  1402. $: <$(access $5:$1+*@ $: ? $)> <$1+$2@> <$3> <$4 $5> <$6>
  1403. R<?> <$+ + $* @> <$*> <+ $-> <$*>
  1404. $: <$(access $1+*@ $: ? $)> <$1+$2@> <$3> <+ $4> <$5>
  1405. R<?> <$+ + $* @> <$*> <$- $-> <$*>
  1406. $: <$(access $5:$1@ $: ? $)> <$1+$2@> <$3> <$4 $5> <$6>
  1407. R<?> <$+ + $* @> <$*> <+ $-> <$*>
  1408. $: <$(access $1@ $: ? $)> <$1+$2@> <$3> <+ $4> <$5>
  1409. R<?> <$+> <$*> <$- $-> <$*> $@ <$2> <$5>
  1410. R<$+ <TMPF>> <$*> <$- $-> <$*> $@ <<TMPF>> <$5>
  1411. R<$+> <$*> <$- $-> <$*> $@ <$1> <$5>
  1412.  
  1413. ######################################################################
  1414. ### SearchList: search a list of items in the access map
  1415. ### Parameters:
  1416. ### <exact tag> $| <mark:address> <mark:address> ... <>
  1417. ### where "exact" is either "+" or "!":
  1418. ### <+ TAG> lookup with and w/o tag
  1419. ### <! TAG> lookup with tag
  1420. ### possible values for "mark" are:
  1421. ### D: recursive host lookup (LookUpDomain)
  1422. ### E: exact lookup, no modifications
  1423. ### F: full lookup, try user+ext@domain and user@domain
  1424. ### U: user lookup, try user+ext and user (input must have trailing @)
  1425. ### return: <RHS of lookup> or <?> (not found)
  1426. ######################################################################
  1427.  
  1428. # class with valid marks for SearchList
  1429. C{Src}E F D U
  1430. SSearchList
  1431. # just call the ruleset with the name of the tag... nice trick...
  1432. R<$+> $| <$={Src}:$*> <$*> $: <$1> $| <$4> $| $>$2 <$3> <?> <$1> <>
  1433. R<$+> $| <> $| <?> <> $@ <?>
  1434. R<$+> $| <$+> $| <?> <> $@ $>SearchList <$1> $| <$2>
  1435. R<$+> $| <$*> $| <$+> <> $@ <$3>
  1436. R<$+> $| <$+> $@ <$2>
  1437.  
  1438.  
  1439. ######################################################################
  1440. ### trust_auth: is user trusted to authenticate as someone else?
  1441. ###
  1442. ### Parameters:
  1443. ### $1: AUTH= parameter from MAIL command
  1444. ######################################################################
  1445.  
  1446. SLocal_trust_auth
  1447. Strust_auth
  1448. R$* $: $&{auth_type} $| $1
  1449. # required by RFC 2554 section 4.
  1450. R$@ $| $* $#error $@ 5.7.1 $: "550 not authenticated"
  1451. R$* $| $&{auth_authen} $@ identical
  1452. R$* $| <$&{auth_authen}> $@ identical
  1453. R$* $| $* $: $1 $| $>"Local_trust_auth" $2
  1454. R$* $| $#$* $#$2
  1455. R$* $#error $@ 5.7.1 $: "550 " $&{auth_authen} " not allowed to act as " $&{auth_author}
  1456.  
  1457. ######################################################################
  1458. ### Relay_Auth: allow relaying based on authentication?
  1459. ###
  1460. ### Parameters:
  1461. ### $1: ${auth_type}
  1462. ######################################################################
  1463. SLocal_Relay_Auth
  1464.  
  1465. ######################################################################
  1466. ### srv_features: which features to offer to a client?
  1467. ### (done in server)
  1468. ######################################################################
  1469. Ssrv_features
  1470. R$* $: $>D <$&{client_name}> <?> <! "Srv_Features"> <>
  1471. R<?>$* $: $>A <$&{client_addr}> <?> <! "Srv_Features"> <>
  1472. R<?>$* $: <$(access "Srv_Features": $: ? $)>
  1473. R<?>$* $@ OK
  1474. R<$* <TMPF>>$* $#temp
  1475. R<$+>$* $# $1
  1476.  
  1477. ######################################################################
  1478. ### try_tls: try to use STARTTLS?
  1479. ### (done in client)
  1480. ######################################################################
  1481. Stry_tls
  1482. R$* $: $>D <$&{server_name}> <?> <! "Try_TLS"> <>
  1483. R<?>$* $: $>A <$&{server_addr}> <?> <! "Try_TLS"> <>
  1484. R<?>$* $: <$(access "Try_TLS": $: ? $)>
  1485. R<?>$* $@ OK
  1486. R<$* <TMPF>>$* $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
  1487. R<NO>$* $#error $@ 5.7.1 $: "550 do not try TLS with " $&{server_name} " ["$&{server_addr}"]"
  1488.  
  1489. ######################################################################
  1490. ### tls_rcpt: is connection with server "good" enough?
  1491. ### (done in client, per recipient)
  1492. ###
  1493. ### Parameters:
  1494. ### $1: recipient
  1495. ######################################################################
  1496. Stls_rcpt
  1497. R$* $: $(macro {TLS_Name} $@ $&{server_name} $) $1
  1498. R$+ $: <?> $>CanonAddr $1
  1499. R<?> $+ < @ $+ . > <?> $1 <@ $2 >
  1500. R<?> $+ < @ $+ > $: $1 <@ $2 > $| <F:$1@$2> <U:$1@> <D:$2> <E:>
  1501. R<?> $+ $: $1 $| <U:$1@> <E:>
  1502. R$* $| $+ $: $1 $| $>SearchList <! "TLS_Rcpt"> $| $2 <>
  1503. R$* $| <?> $@ OK
  1504. R$* $| <$* <TMPF>> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
  1505. R$* $| <$+> $@ $>"TLS_connection" $&{verify} $| <$2>
  1506.  
  1507. ######################################################################
  1508. ### tls_client: is connection with client "good" enough?
  1509. ### (done in server)
  1510. ###
  1511. ### Parameters:
  1512. ### ${verify} $| (MAIL|STARTTLS)
  1513. ######################################################################
  1514. Stls_client
  1515. R$* $: $(macro {TLS_Name} $@ $&{server_name} $) $1
  1516. R$* $| $* $: $1 $| $>D <$&{client_name}> <?> <! "TLS_Clt"> <>
  1517. R$* $| <?>$* $: $1 $| $>A <$&{client_addr}> <?> <! "TLS_Clt"> <>
  1518. R$* $| <?>$* $: $1 $| <$(access "TLS_Clt": $: ? $)>
  1519. R$* $| <$* <TMPF>> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
  1520. R$* $@ $>"TLS_connection" $1
  1521.  
  1522. ######################################################################
  1523. ### tls_server: is connection with server "good" enough?
  1524. ### (done in client)
  1525. ###
  1526. ### Parameter:
  1527. ### ${verify}
  1528. ######################################################################
  1529. Stls_server
  1530. R$* $: $(macro {TLS_Name} $@ $&{server_name} $) $1
  1531. R$* $: $1 $| $>D <$&{server_name}> <?> <! "TLS_Srv"> <>
  1532. R$* $| <?>$* $: $1 $| $>A <$&{server_addr}> <?> <! "TLS_Srv"> <>
  1533. R$* $| <?>$* $: $1 $| <$(access "TLS_Srv": $: ? $)>
  1534. R$* $| <$* <TMPF>> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
  1535. R$* $@ $>"TLS_connection" $1
  1536.  
  1537. ######################################################################
  1538. ### TLS_connection: is TLS connection "good" enough?
  1539. ###
  1540. ### Parameters:
  1541. ### ${verify} $| <Requirement> [<>]
  1542. ### Requirement: RHS from access map, may be ? for none.
  1543. ######################################################################
  1544. STLS_connection
  1545. R$* $| <$*>$* $: $1 $| <$2>
  1546. # create the appropriate error codes
  1547. R$* $| <PERM + $={Tls} $*> $: $1 $| <503:5.7.0> <$2 $3>
  1548. R$* $| <TEMP + $={Tls} $*> $: $1 $| <403:4.7.0> <$2 $3>
  1549. R$* $| <$={Tls} $*> $: $1 $| <403:4.7.0> <$2 $3>
  1550. # deal with TLS handshake failures: abort
  1551. RSOFTWARE $| <$-:$+> $* $#error $@ $2 $: $1 " TLS handshake failed."
  1552. RSOFTWARE $| $* $#error $@ 4.7.0 $: "403 TLS handshake failed."
  1553. R$* $| <$*> <VERIFY> $: <$2> <VERIFY> <> $1
  1554. R$* $| <$*> <VERIFY + $+> $: <$2> <VERIFY> <$3> $1
  1555. R$* $| <$*> <$={Tls}:$->$* $: <$2> <$3:$4> <> $1
  1556. R$* $| <$*> <$={Tls}:$- + $+>$* $: <$2> <$3:$4> <$5> $1
  1557. R$* $| $* $@ OK
  1558. # authentication required: give appropriate error
  1559. # other side did authenticate (via STARTTLS)
  1560. R<$*><VERIFY> <> OK $@ OK
  1561. R<$*><VERIFY> <$+> OK $: <$1> <REQ:0> <$2>
  1562. R<$*><VERIFY:$-> <$*> OK $: <$1> <REQ:$2> <$3>
  1563. R<$*><ENCR:$-> <$*> $* $: <$1> <REQ:$2> <$3>
  1564. R<$-:$+><VERIFY $*> <$*> $#error $@ $2 $: $1 " authentication required"
  1565. R<$-:$+><VERIFY $*> <$*> FAIL $#error $@ $2 $: $1 " authentication failed"
  1566. R<$-:$+><VERIFY $*> <$*> NO $#error $@ $2 $: $1 " not authenticated"
  1567. R<$-:$+><VERIFY $*> <$*> NOT $#error $@ $2 $: $1 " no authentication requested"
  1568. R<$-:$+><VERIFY $*> <$*> NONE $#error $@ $2 $: $1 " other side does not support STARTTLS"
  1569. R<$-:$+><VERIFY $*> <$*> $+ $#error $@ $2 $: $1 " authentication failure " $4
  1570. R<$*><REQ:$-> <$*> $: <$1> <REQ:$2> <$3> $>max $&{cipher_bits} : $&{auth_ssf}
  1571. R<$*><REQ:$-> <$*> $- $: <$1> <$2:$4> <$3> $(arith l $@ $4 $@ $2 $)
  1572. R<$-:$+><$-:$-> <$*> TRUE $#error $@ $2 $: $1 " encryption too weak " $4 " less than " $3
  1573. R<$-:$+><$-:$-> <$*> $* $: <$1:$2 ++ $5>
  1574. R<$-:$+ ++ > $@ OK
  1575. R<$-:$+ ++ $+ > $: <$1:$2> <$3>
  1576. R<$-:$+> < $+ ++ $+ > <$1:$2> <$3> <$4>
  1577. R<$-:$+> $+ $@ $>"TLS_req" $3 $| <$1:$2>
  1578.  
  1579. ######################################################################
  1580. ### TLS_req: check additional TLS requirements
  1581. ###
  1582. ### Parameters: [<list> <of> <req>] $| <$-:$+>
  1583. ### $-: SMTP reply code
  1584. ### $+: Enhanced Status Code
  1585. ######################################################################
  1586. STLS_req
  1587. R $| $+ $@ OK
  1588. R<CN> $* $| <$+> $: <CN:$&{TLS_Name}> $1 $| <$2>
  1589. R<CN:$&{cn_subject}> $* $| <$+> $@ $>"TLS_req" $1 $| <$2>
  1590. R<CN:$+> $* $| <$-:$+> $#error $@ $4 $: $3 " CN " $&{cn_subject} " does not match " $1
  1591. R<CS:$&{cert_subject}> $* $| <$+> $@ $>"TLS_req" $1 $| <$2>
  1592. R<CS:$+> $* $| <$-:$+> $#error $@ $4 $: $3 " Cert Subject " $&{cert_subject} " does not match " $1
  1593. R<CI:$&{cert_issuer}> $* $| <$+> $@ $>"TLS_req" $1 $| <$2>
  1594. R<CI:$+> $* $| <$-:$+> $#error $@ $4 $: $3 " Cert Issuer " $&{cert_issuer} " does not match " $1
  1595. ROK $@ OK
  1596.  
  1597. ######################################################################
  1598. ### max: return the maximum of two values separated by :
  1599. ###
  1600. ### Parameters: [$-]:[$-]
  1601. ######################################################################
  1602. Smax
  1603. R: $: 0
  1604. R:$- $: $1
  1605. R$-: $: $1
  1606. R$-:$- $: $(arith l $@ $1 $@ $2 $) : $1 : $2
  1607. RTRUE:$-:$- $: $2
  1608. R$-:$-:$- $: $2
  1609.  
  1610.  
  1611. ######################################################################
  1612. ### RelayTLS: allow relaying based on TLS authentication
  1613. ###
  1614. ### Parameters:
  1615. ### none
  1616. ######################################################################
  1617. SRelayTLS
  1618. # authenticated?
  1619. R$* $: <?> $&{verify}
  1620. R<?> OK $: OK authenticated: continue
  1621. R<?> $* $@ NO not authenticated
  1622. R$* $: $&{cert_issuer}
  1623. R$+ $: $(access CERTISSUER:$1 $)
  1624. RRELAY $# RELAY
  1625. RSUBJECT $: <@> $&{cert_subject}
  1626. R<@> $+ $: <@> $(access CERTSUBJECT:$1 $)
  1627. R<@> RELAY $# RELAY
  1628. R$* $: NO
  1629.  
  1630. ######################################################################
  1631. ### authinfo: lookup authinfo in the access map
  1632. ###
  1633. ### Parameters:
  1634. ### $1: {server_name}
  1635. ### $2: {server_addr}
  1636. ######################################################################
  1637. Sauthinfo
  1638. R$* $: $1 $| $>D <$&{server_name}> <?> <! AuthInfo> <>
  1639. R$* $| <?>$* $: $1 $| $>A <$&{server_addr}> <?> <! AuthInfo> <>
  1640. R$* $| <?>$* $: $1 $| <$(access AuthInfo: $: ? $)> <>
  1641. R$* $| <?>$* $@ no no authinfo available
  1642. R$* $| <$*> <> $# $2
  1643.  
  1644.  
  1645.  
  1646.  
  1647.  
  1648. #
  1649. ######################################################################
  1650. ######################################################################
  1651. #####
  1652. ##### MAIL FILTER DEFINITIONS
  1653. #####
  1654. ######################################################################
  1655. ######################################################################
  1656.  
  1657. #
  1658. ######################################################################
  1659. ######################################################################
  1660. #####
  1661. ##### MAILER DEFINITIONS
  1662. #####
  1663. ######################################################################
  1664. ######################################################################
  1665.  
  1666.  
  1667. ##################################################
  1668. ### Local and Program Mailer specification ###
  1669. ##################################################
  1670.  
  1671. ##### $Id: local.m4,v 8.59 2004/11/23 00:37:25 ca Exp $ #####
  1672.  
  1673. #
  1674. # Envelope sender rewriting
  1675. #
  1676. SEnvFromL
  1677. R<@> $n errors to mailer-daemon
  1678. R@ <@ $*> $n temporarily bypass Sun bogosity
  1679. R$+ $: $>AddDomain $1 add local domain if needed
  1680. R$* $: $>MasqEnv $1 do masquerading
  1681.  
  1682. #
  1683. # Envelope recipient rewriting
  1684. #
  1685. SEnvToL
  1686. R$+ < @ $* > $: $1 strip host part
  1687. R$+ + $* $: < $&{addr_type} > $1 + $2 mark with addr type
  1688. R<e s> $+ + $* $: $1 remove +detail for sender
  1689. R< $* > $+ $: $2 else remove mark
  1690.  
  1691. #
  1692. # Header sender rewriting
  1693. #
  1694. SHdrFromL
  1695. R<@> $n errors to mailer-daemon
  1696. R@ <@ $*> $n temporarily bypass Sun bogosity
  1697. R$+ $: $>AddDomain $1 add local domain if needed
  1698. R$* $: $>MasqHdr $1 do masquerading
  1699.  
  1700. #
  1701. # Header recipient rewriting
  1702. #
  1703. SHdrToL
  1704. R$+ $: $>AddDomain $1 add local domain if needed
  1705. R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
  1706.  
  1707. #
  1708. # Common code to add local domain name (only if always-add-domain)
  1709. #
  1710. SAddDomain
  1711. R$* < @ $* > $* $@ $1 < @ $2 > $3 already fully qualified
  1712.  
  1713. R$+ $@ $1 < @ *LOCAL* > add local qualification
  1714.  
  1715. Mlocal, P=/usr/bin/procmail, F=lsDFMAw5:/|@qSPfhn9, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL,
  1716. T=DNS/RFC822/X-Unix,
  1717. A=procmail -t -Y -a $h -d $u
  1718. Mprog, P=/bin/sh, F=lsDFMoqeu9, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL, D=$z:/,
  1719. T=X-Unix/X-Unix/X-Unix,
  1720. A=sh -c $u
  1721.  
  1722. #####################################
  1723. ### SMTP Mailer specification ###
  1724. #####################################
  1725.  
  1726. ##### $Id: smtp.m4,v 8.64 2001/04/03 01:52:54 gshapiro Exp $ #####
  1727.  
  1728. #
  1729. # common sender and masquerading recipient rewriting
  1730. #
  1731. SMasqSMTP
  1732. R$* < @ $* > $* $@ $1 < @ $2 > $3 already fully qualified
  1733. R$+ $@ $1 < @ *LOCAL* > add local qualification
  1734.  
  1735. #
  1736. # convert pseudo-domain addresses to real domain addresses
  1737. #
  1738. SPseudoToReal
  1739.  
  1740. # pass <route-addr>s through
  1741. R< @ $+ > $* $@ < @ $1 > $2 resolve <route-addr>
  1742.  
  1743. # output fake domains as user%fake@relay
  1744.  
  1745. # do UUCP heuristics; note that these are shared with UUCP mailers
  1746. R$+ < @ $+ .UUCP. > $: < $2 ! > $1 convert to UUCP form
  1747. R$+ < @ $* > $* $@ $1 < @ $2 > $3 not UUCP form
  1748.  
  1749. # leave these in .UUCP form to avoid further tampering
  1750. R< $&h ! > $- ! $+ $@ $2 < @ $1 .UUCP. >
  1751. R< $&h ! > $-.$+ ! $+ $@ $3 < @ $1.$2 >
  1752. R< $&h ! > $+ $@ $1 < @ $&h .UUCP. >
  1753. R< $+ ! > $+ $: $1 ! $2 < @ $Y > use UUCP_RELAY
  1754. R$+ < @ $~[ $* : $+ > $@ $1 < @ $4 > strip mailer: part
  1755. R$+ < @ > $: $1 < @ *LOCAL* > if no UUCP_RELAY
  1756.  
  1757.  
  1758. #
  1759. # envelope sender rewriting
  1760. #
  1761. SEnvFromSMTP
  1762. R$+ $: $>PseudoToReal $1 sender/recipient common
  1763. R$* :; <@> $@ list:; special case
  1764. R$* $: $>MasqSMTP $1 qualify unqual'ed names
  1765. R$+ $: $>MasqEnv $1 do masquerading
  1766.  
  1767.  
  1768. #
  1769. # envelope recipient rewriting --
  1770. # also header recipient if not masquerading recipients
  1771. #
  1772. SEnvToSMTP
  1773. R$+ $: $>PseudoToReal $1 sender/recipient common
  1774. R$+ $: $>MasqSMTP $1 qualify unqual'ed names
  1775. R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
  1776.  
  1777. #
  1778. # header sender and masquerading header recipient rewriting
  1779. #
  1780. SHdrFromSMTP
  1781. R$+ $: $>PseudoToReal $1 sender/recipient common
  1782. R:; <@> $@ list:; special case
  1783.  
  1784. # do special header rewriting
  1785. R$* <@> $* $@ $1 <@> $2 pass null host through
  1786. R< @ $* > $* $@ < @ $1 > $2 pass route-addr through
  1787. R$* $: $>MasqSMTP $1 qualify unqual'ed names
  1788. R$+ $: $>MasqHdr $1 do masquerading
  1789.  
  1790.  
  1791. #
  1792. # relay mailer header masquerading recipient rewriting
  1793. #
  1794. SMasqRelay
  1795. R$+ $: $>MasqSMTP $1
  1796. R$+ $: $>MasqHdr $1
  1797.  
  1798. Msmtp, P=[IPC], F=mDFMuX, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
  1799. T=DNS/RFC822/SMTP,
  1800. A=TCP $h
  1801. Mesmtp, P=[IPC], F=mDFMuXa, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
  1802. T=DNS/RFC822/SMTP,
  1803. A=TCP $h
  1804. Msmtp8, P=[IPC], F=mDFMuX8, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
  1805. T=DNS/RFC822/SMTP,
  1806. A=TCP $h
  1807. Mdsmtp, P=[IPC], F=mDFMuXa%, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
  1808. T=DNS/RFC822/SMTP,
  1809. A=TCP $h
  1810. Mrelay, P=[IPC], F=mDFMuXa8, S=EnvFromSMTP/HdrFromSMTP, R=MasqSMTP, E=\r\n, L=2040,
  1811. T=DNS/RFC822/SMTP,
  1812. A=TCP $h
  1813.  
  1814.  
  1815. ######################*****##############
  1816. ### PROCMAIL Mailer specification ###
  1817. ##################*****##################
  1818.  
  1819. ##### $Id: procmail.m4,v 8.22 2001/11/12 23:11:34 ca Exp $ #####
  1820.  
  1821. Mprocmail, P=/usr/bin/procmail, F=DFMSPhnu9, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP/HdrFromSMTP,
  1822. T=DNS/RFC822/X-Unix,
  1823. A=procmail -Y -m $h $f $u
  1824.  
  1825. ### config.mc ###
  1826. # dnl# This is the default sendmail .mc file for Slackware. To generate
  1827. # dnl# the sendmail.cf file from this (perhaps after making some changes),
  1828. # dnl# use the m4 files in /usr/share/sendmail/cf like this:
  1829. # dnl#
  1830. # dnl# cp sendmail-slackware.mc /usr/share/sendmail/cf/config.mc
  1831. # dnl# cd /usr/share/sendmail/cf
  1832. # dnl# sh Build config.cf
  1833. # dnl#
  1834. # dnl# You may then install the resulting .cf file:
  1835. # dnl# cp config.cf /etc/mail/sendmail.cf
  1836. # dnl#
  1837. # include(`../m4/cf.m4')
  1838. # VERSIONID(`default setup for Slackware Linux')dnl
  1839. # OSTYPE(`linux')dnl
  1840. # dnl# These settings help protect against people verifying email addresses
  1841. # dnl# at your site in order to send you email that you probably don't want:
  1842. # define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
  1843. # dnl# Uncomment the line below to send outgoing mail through an external server:
  1844. # dnl define(`SMART_HOST',`mailserver.example.com')
  1845. # dnl# No timeout for ident:
  1846. # define(`confTO_IDENT', `0')dnl
  1847. # dnl# Enable the line below to use smrsh to restrict what sendmail can run:
  1848. # dnl FEATURE(`smrsh',`/usr/sbin/smrsh')dnl
  1849. # dnl# See the README in /usr/share/sendmail/cf for a ton of information on
  1850. # dnl# how these options work:
  1851. # FEATURE(`use_cw_file')dnl
  1852. # FEATURE(`use_ct_file')dnl
  1853. # FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl
  1854. # FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl
  1855. # FEATURE(`access_db', `hash -T<TMPF> /etc/mail/access')dnl
  1856. # FEATURE(`blacklist_recipients')dnl
  1857. # FEATURE(`local_procmail',`',`procmail -t -Y -a $h -d $u')dnl
  1858. # FEATURE(`always_add_domain')dnl
  1859. # FEATURE(`redirect')dnl
  1860. # dnl# Turn this feature on if you don't always have DNS, or enjoy junk mail:
  1861. # dnl FEATURE(`accept_unresolvable_domains')dnl
  1862. # EXPOSED_USER(`root')dnl
  1863. # dnl# Also accept mail for localhost.localdomain:
  1864. # LOCAL_DOMAIN(`localhost.localdomain')dnl
  1865. # MAILER(local)dnl
  1866. # MAILER(smtp)dnl
  1867. # MAILER(procmail)dnl
  1868. O MatchGECOS=False
  1869. O PostMasterCopy=zeno@biyg.org
RAW Paste Data