coolboarder Allons-y ! | Code :
- #
- # Copyright (c) 1998-2002 Sendmail, Inc. and its suppliers.
- # All rights reserved.
- # Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved.
- # Copyright (c) 1988, 1993
- # The Regents of the University of California. All rights reserved.
- #
- # By using this file, you agree to the terms and conditions set
- # forth in the LICENSE file which can be found at the top level of
- # the sendmail distribution.
- #
- #
- ######################################################################
- ######################################################################
- #####
- ##### SENDMAIL CONFIGURATION FILE
- #####
- ##### built by root@serve2 on lun mai 17 15:49:27 CEST 2004
- ##### in /etc/mail
- ##### using /usr/share/sendmail-cf/ as configuration include directory
- #####
- ######################################################################
- #####
- ##### DO NOT EDIT THIS FILE! Only edit the source .mc file.
- #####
- ######################################################################
- ######################################################################
- ##### $Id: cfhead.m4,v 8.108.2.1 2002/08/27 20:19:08 gshapiro Exp $ #####
- ##### $Id: cf.m4,v 8.32 1999/02/07 07:26:14 gshapiro Exp $ #####
- ##### setup for Red Hat Linux #####
- ##### $Id: linux.m4,v 8.13 2000/09/17 17:30:00 gshapiro Exp $ #####
- ##### $Id: local_procmail.m4,v 8.21.42.1 2002/11/17 04:25:07 ca Exp $ #####
- ##### $Id: no_default_msa.m4,v 8.2 2001/02/14 05:03:22 gshapiro Exp $ #####
- ##### $Id: smrsh.m4,v 8.14 1999/11/18 05:06:23 ca Exp $ #####
- ##### $Id: mailertable.m4,v 8.23 2001/03/16 00:51:26 gshapiro Exp $ #####
- ##### $Id: virtusertable.m4,v 8.21 2001/03/16 00:51:26 gshapiro Exp $ #####
- ##### $Id: redirect.m4,v 8.15 1999/08/06 01:47:36 gshapiro Exp $ #####
- ##### $Id: always_add_domain.m4,v 8.11 2000/09/12 22:00:53 ca Exp $ #####
- ##### $Id: use_cw_file.m4,v 8.11 2001/08/26 20:58:57 gshapiro Exp $ #####
- ##### $Id: use_ct_file.m4,v 8.11 2001/08/26 20:58:57 gshapiro Exp $ #####
- ##### $Id: local_procmail.m4,v 8.21.42.1 2002/11/17 04:25:07 ca Exp $ #####
- ##### $Id: access_db.m4,v 8.24 2002/03/06 21:50:25 ca Exp $ #####
- ##### $Id: blacklist_recipients.m4,v 8.13 1999/04/02 02:25:13 gshapiro Exp $ #####
- ##### $Id: accept_unresolvable_domains.m4,v 8.10 1999/02/07 07:26:07 gshapiro Exp $ #####
- ##### $Id: proto.m4,v 8.649.2.14 2002/12/30 15:46:02 ca Exp $ #####
- # level 10 config file format
- V10/Berkeley
- # override file safeties - setting this option compromises system security,
- # addressing the actual file configuration problem is preferred
- # need to set this before any file actions are encountered in the cf file
- #O DontBlameSendmail=safe
- # default LDAP map specification
- # need to set this now before any LDAP maps are defined
- #O LDAPDefaultSpec=-h localhost
- ##################
- # local info #
- ##################
- # my LDAP cluster
- # need to set this before any LDAP lookups are done (including classes)
- #D{sendmailMTACluster}$m
- Cwlocalhost
- # file containing names of hosts for which we receive email
- Fw/etc/mail/local-host-names
- # my official domain name
- # ... define this only if sendmail cannot automatically determine your domain
- #Dj$w.Foo.COM
- CP.
- # "Smart" relay host (may be null)
- DS
- # operators that cannot be in local usernames (i.e., network indicators)
- CO @ % !
- # a class with just dot (for identifying canonical names)
- C..
- # a class with just a left bracket (for identifying domain literals)
- C[[
- # access_db acceptance class
- C{Accept}OK RELAY
- C{ResOk}OKR
- # Hosts for which relaying is permitted ($=R)
- FR-o /etc/mail/relay-domains
- # arithmetic map
- Karith arith
- # macro storage map
- Kmacro macro
- # possible values for TLS_connection in access map
- C{tls}VERIFY ENCR
- # dequoting map
- Kdequote dequote
- # class E: names that should be exposed as from this host, even if we masquerade
- # class L: names that should be delivered locally, even if we have a relay
- # class M: domains that should be converted to $M
- # class N: domains that should not be converted to $M
- #CL root
- C{E}root
- C{w}localhost.localdomain
- # my name for error messages
- DnMAILER-DAEMON
- # Mailer table (overriding domains)
- Kmailertable hash -o /etc/mail/mailertable.db
- # Virtual user table (maps incoming users)
- Kvirtuser hash -o /etc/mail/virtusertable.db
- CPREDIRECT
- # Access list database (for spam stomping)
- Kaccess hash -T<TMPF> -o /etc/mail/access.db
- # Configuration version number
- DZ8.12.8
- ###############
- # Options #
- ###############
- # strip message body to 7 bits on input?
- O SevenBitInput=False
- # 8-bit data handling
- #O EightBitMode=pass8
- # wait for alias file rebuild (default units: minutes)
- O AliasWait=10
- # location of alias file
- O AliasFile=/etc/aliases
- # minimum number of free blocks on filesystem
- O MinFreeBlocks=100
- # maximum message size
- #O MaxMessageSize=1000000
- # substitution for space (blank) characters
- O BlankSub=.
- # avoid connecting to "expensive" mailers on initial submission?
- O HoldExpensive=False
- # checkpoint queue runs after every N successful deliveries
- #O CheckpointInterval=10
- # default delivery mode
- O DeliveryMode=background
- # error message header/file
- #O ErrorHeader=/etc/mail/error-header
- # error mode
- #O ErrorMode=print
- # save Unix-style "From_" lines at top of header?
- #O SaveFromLine=False
- # queue file mode (qf files)
- #O QueueFileMode=0600
- # temporary file mode
- O TempFileMode=0600
- # match recipients against GECOS field?
- #O MatchGECOS=False
- # maximum hop count
- #O MaxHopCount=25
- # location of help file
- O HelpFile=/etc/mail/helpfile
- # ignore dots as terminators in incoming messages?
- #O IgnoreDots=False
- # name resolver options
- #O ResolverOptions=+AAONLY
- # deliver MIME-encapsulated error messages?
- O SendMimeErrors=True
- # Forward file search path
- O ForwardPath=$z/.forward.$w:$z/.forward
- # open connection cache size
- O ConnectionCacheSize=2
- # open connection cache timeout
- O ConnectionCacheTimeout=5m
- # persistent host status directory
- #O HostStatusDirectory=.hoststat
- # single thread deliveries (requires HostStatusDirectory)?
- #O SingleThreadDelivery=False
- # use Errors-To: header?
- O UseErrorsTo=False
- # log level
- O LogLevel=9
- # send to me too, even in an alias expansion?
- #O MeToo=True
- # verify RHS in newaliases?
- O CheckAliases=False
- # default messages to old style headers if no special punctuation?
- O OldStyleHeaders=True
- # SMTP daemon options
- O DaemonPortOptions=Port=smtp,Addr=127.0.0.1, Name=MTA
- # SMTP client options
- #O ClientPortOptions=Family=inet, Address=0.0.0.0
- # Modifiers to define {daemon_flags} for direct submissions
- #O DirectSubmissionModifiers
- # Use as mail submission program? See sendmail/SECURITY
- #O UseMSP
- # privacy flags
- O PrivacyOptions=authwarnings,novrfy,noexpn,restrictqrun
- # who (if anyone) should get extra copies of error messages
- #O PostmasterCopy=Postmaster
- # slope of queue-only function
- #O QueueFactor=600000
- # limit on number of concurrent queue runners
- #O MaxQueueChildren
- # maximum number of queue-runners per queue-grouping with multiple queues
- #O MaxRunnersPerQueue=1
- # priority of queue runners (nice(3))
- #O NiceQueueRun
- # shall we sort the queue by hostname first?
- #O QueueSortOrder=priority
- # minimum time in queue before retry
- #O MinQueueAge=30m
- # how many jobs can you process in the queue?
- #O MaxQueueRunSize=10000
- # perform initial split of envelope without checking MX records
- #O FastSplit=1
- # queue directory
- O QueueDirectory=/var/spool/mqueue
- # key for shared memory; 0 to turn off
- #O SharedMemoryKey=0
- # timeouts (many of these)
- #O Timeout.initial=5m
- O Timeout.connect=1m
- #O Timeout.aconnect=0s
- #O Timeout.iconnect=5m
- #O Timeout.helo=5m
- #O Timeout.mail=10m
- #O Timeout.rcpt=1h
- #O Timeout.datainit=5m
- #O Timeout.datablock=1h
- #O Timeout.datafinal=1h
- #O Timeout.rset=5m
- #O Timeout.quit=2m
- #O Timeout.misc=2m
- #O Timeout.command=1h
- O Timeout.ident=0
- #O Timeout.fileopen=60s
- #O Timeout.control=2m
- O Timeout.queuereturn=5d
- #O Timeout.queuereturn.normal=5d
- #O Timeout.queuereturn.urgent=2d
- #O Timeout.queuereturn.non-urgent=7d
- O Timeout.queuewarn=4h
- #O Timeout.queuewarn.normal=4h
- #O Timeout.queuewarn.urgent=1h
- #O Timeout.queuewarn.non-urgent=12h
- #O Timeout.hoststatus=30m
- #O Timeout.resolver.retrans=5s
- #O Timeout.resolver.retrans.first=5s
- #O Timeout.resolver.retrans.normal=5s
- #O Timeout.resolver.retry=4
- #O Timeout.resolver.retry.first=4
- #O Timeout.resolver.retry.normal=4
- #O Timeout.lhlo=2m
- #O Timeout.auth=10m
- #O Timeout.starttls=1h
- # time for DeliverBy; extension disabled if less than 0
- #O DeliverByMin=0
- # should we not prune routes in route-addr syntax addresses?
- #O DontPruneRoutes=False
- # queue up everything before forking?
- O SuperSafe=True
- # status file
- O StatusFile=/etc/mail/statistics
- # time zone handling:
- # if undefined, use system default
- # if defined but null, use TZ envariable passed in
- # if defined and non-null, use that info
- #O TimeZoneSpec=
- # default UID (can be username or userid:groupid)
- O DefaultUser=8:12
- # list of locations of user database file (null means no lookup)
- O UserDatabaseSpec=/etc/mail/userdb.db
- # fallback MX host
- #O FallbackMXhost=fall.back.host.net
- # if we are the best MX host for a site, try it directly instead of config err
- O TryNullMXList=true
- # load average at which we just queue messages
- #O QueueLA=8
- # load average at which we refuse connections
- #O RefuseLA=12
- # load average at which we delay connections; 0 means no limit
- #O DelayLA=0
- # maximum number of children we allow at one time
- #O MaxDaemonChildren=0
- # maximum number of new connections per second
- #O ConnectionRateThrottle=0
- # work recipient factor
- #O RecipientFactor=30000
- # deliver each queued job in a separate process?
- #O ForkEachJob=False
- # work class factor
- #O ClassFactor=1800
- # work time factor
- #O RetryFactor=90000
- # default character set
- #O DefaultCharSet=iso-8859-1
- # service switch file (name hardwired on Solaris, Ultrix, OSF/1, others)
- #O ServiceSwitchFile=/etc/mail/service.switch
- # hosts file (normally /etc/hosts)
- #O HostsFile=/etc/hosts
- # dialup line delay on connection failure
- #O DialDelay=10s
- # action to take if there are no recipients in the message
- #O NoRecipientAction=add-to-undisclosed
- # chrooted environment for writing to files
- #O SafeFileEnvironment=/arch
- # are colons OK in addresses?
- #O ColonOkInAddr=True
- # shall I avoid expanding CNAMEs (violates protocols)?
- #O DontExpandCnames=False
- # SMTP initial login message (old $e macro)
- O SmtpGreetingMessage=$j Sendmail $v/$Z; $b
- # UNIX initial From header format (old $l macro)
- O UnixFromLine=From $g $d
- # From: lines that have embedded newlines are unwrapped onto one line
- #O SingleLineFromHeader=False
- # Allow HELO SMTP command that does not include a host name
- #O AllowBogusHELO=False
- # Characters to be quoted in a full name phrase (@,;:\()[] are automatic)
- #O MustQuoteChars=.
- # delimiter (operator) characters (old $o macro)
- O OperatorChars=.:%@!^/[]+
- # shall I avoid calling initgroups(3) because of high NIS costs?
- #O DontInitGroups=False
- # are group-writable :include: and .forward files (un)trustworthy?
- # True (the default) means they are not trustworthy.
- #O UnsafeGroupWrites=True
- # where do errors that occur when sending errors get sent?
- #O DoubleBounceAddress=postmaster
- # where to save bounces if all else fails
- #O DeadLetterDrop=/var/tmp/dead.letter
- # what user id do we assume for the majority of the processing?
- #O RunAsUser=sendmail
- # maximum number of recipients per SMTP envelope
- #O MaxRecipientsPerMessage=100
- # limit the rate recipients per SMTP envelope are accepted
- # once the threshold number of recipients have been rejected
- #O BadRcptThrottle=20
- # shall we get local names from our installed interfaces?
- O DontProbeInterfaces=true
- # Return-Receipt-To: header implies DSN request
- #O RrtImpliesDsn=False
- # override connection address (for testing)
- #O ConnectOnlyTo=0.0.0.0
- # Trusted user for file ownership and starting the daemon
- O TrustedUser=smmsp
- # Control socket for daemon management
- #O ControlSocketName=/var/spool/mqueue/.control
- # Maximum MIME header length to protect MUAs
- #O MaxMimeHeaderLength=0/0
- # Maximum length of the sum of all headers
- #O MaxHeadersLength=32768
- # Maximum depth of alias recursion
- #O MaxAliasRecursion=10
- # location of pid file
- #O PidFile=/var/run/sendmail.pid
- # Prefix string for the process title shown on 'ps' listings
- #O ProcessTitlePrefix=prefix
- # Data file (df) memory-buffer file maximum size
- #O DataFileBufferSize=4096
- # Transcript file (xf) memory-buffer file maximum size
- #O XscriptFileBufferSize=4096
- # lookup type to find information about local mailboxes
- #O MailboxDatabase=pw
- # list of authentication mechanisms
- #O AuthMechanisms=EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5
- # default authentication information for outgoing connections
- #O DefaultAuthInfo=/etc/mail/default-auth-info
- # SMTP AUTH flags
- O AuthOptions=A
- # SMTP AUTH maximum encryption strength
- #O AuthMaxBits
- # SMTP STARTTLS server options
- #O TLSSrvOptions
- # Input mail filters
- #O InputMailFilters
- # CA directory
- #O CACertPath
- # CA file
- #O CACertFile
- # Server Cert
- #O ServerCertFile
- # Server private key
- #O ServerKeyFile
- # Client Cert
- #O ClientCertFile
- # Client private key
- #O ClientKeyFile
- # DHParameters (only required if DSA/DH is used)
- #O DHParameters
- # Random data source (required for systems without /dev/urandom under OpenSSL)
- #O RandFile
- ############################
- # QUEUE GROUP DEFINITIONS #
- ############################
- ###########################
- # Message precedences #
- ###########################
- Pfirst-class=0
- Pspecial-delivery=100
- Plist=-30
- Pbulk=-60
- Pjunk=-100
- #####################
- # Trusted users #
- #####################
- # this is equivalent to setting class "t"
- Ft/etc/mail/trusted-users
- Troot
- Tdaemon
- Tuucp
- #########################
- # Format of headers #
- #########################
- H?P?Return-Path: <$g>
- HReceived: $?sfrom $s $.$?_($?s$|from $.$_)
- $.$?{auth_type}(authenticated$?{auth_ssf} bits=${auth_ssf}$.)
- $.by $j ($v/$Z)$?r with $r$. id $i$?{tls_version}
- (version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify})$.$?u
- for $u; $|;
- $.$b
- H?D?Resent-Date: $a
- H?D?Date: $a
- H?F?Resent-From: $?x$x <$g>$|$g$.
- H?F?From: $?x$x <$g>$|$g$.
- H?x?Full-Name: $x
- # HPosted-Date: $a
- # H?l?Received-Date: $b
- H?M?Resent-Message-Id: <$t.$i@$j>
- H?M?Message-Id: <$t.$i@$j>
- #�
- ######################################################################
- ######################################################################
- #####
- ##### REWRITING RULES
- #####
- ######################################################################
- ######################################################################
- ############################################
- ### Ruleset 3 -- Name Canonicalization ###
- ############################################
- Scanonify=3
- # handle null input (translate to <@> special case)
- R$@ $@ <@>
- # strip group: syntax (not inside angle brackets!) and trailing semicolon
- R$* $: $1 <@> mark addresses
- R$* < $* > $* <@> $: $1 < $2 > $3 unmark <addr>
- R@ $* <@> $: @ $1 unmark @host:...
- R$* [ IPv6 : $+ ] <@> $: $1 [ IPv6 : $2 ] unmark IPv6 addr
- R$* :: $* <@> $: $1 :: $2 unmark node::addr
- R:include: $* <@> $: :include: $1 unmark :include:...
- R$* : $* [ $* ] $: $1 : $2 [ $3 ] <@> remark if leading colon
- R$* : $* <@> $: $2 strip colon if marked
- R$* <@> $: $1 unmark
- R$* ; $1 strip trailing semi
- R$* < $+ :; > $* $@ $2 :; <@> catch <list:;>
- R$* < $* ; > $1 < $2 > bogus bracketed semi
- # null input now results from list:; syntax
- R$@ $@ :; <@>
- # strip angle brackets -- note RFC733 heuristic to get innermost item
- R$* $: < $1 > housekeeping <>
- R$+ < $* > < $2 > strip excess on left
- R< $* > $+ < $1 > strip excess on right
- R<> $@ < @ > MAIL FROM:<> case
- R< $+ > $: $1 remove housekeeping <>
- # strip route address <@a,@b,@c:user@d> -> <user@d>
- R@ $+ , $+ $2
- R@ [ $* ] : $+ $2
- R@ $+ : $+ $2
- # find focus for list syntax
- R $+ : $* ; @ $+ $@ $>Canonify2 $1 : $2 ; < @ $3 > list syntax
- R $+ : $* ; $@ $1 : $2; list syntax
- # find focus for @ syntax addresses
- R$+ @ $+ $: $1 < @ $2 > focus on domain
- R$+ < $+ @ $+ > $1 $2 < @ $3 > move gaze right
- R$+ < @ $+ > $@ $>Canonify2 $1 < @ $2 > already canonical
- # convert old-style addresses to a domain-based address
- R$- ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > resolve uucp names
- R$+ . $- ! $+ $@ $>Canonify2 $3 < @ $1 . $2 > domain uucps
- R$+ ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > uucp subdomains
- # if we have % signs, take the rightmost one
- R$* % $* $1 @ $2 First make them all @s.
- R$* @ $* @ $* $1 % $2 @ $3 Undo all but the last.
- R$* @ $* $@ $>Canonify2 $1 < @ $2 > Insert < > and finish
- # else we must be a local name
- R$* $@ $>Canonify2 $1
- ################################################
- ### Ruleset 96 -- bottom half of ruleset 3 ###
- ################################################
- SCanonify2=96
- # handle special cases for local names
- R$* < @ localhost > $* $: $1 < @ $j . > $2 no domain at all
- R$* < @ localhost . $m > $* $: $1 < @ $j . > $2 local domain
- R$* < @ localhost . UUCP > $* $: $1 < @ $j . > $2 .UUCP domain
- # check for IPv4/IPv6 domain literal
- R$* < @ [ $+ ] > $* $: $1 < @@ [ $2 ] > $3 mark [addr]
- R$* < @@ $=w > $* $: $1 < @ $j . > $3 self-literal
- R$* < @@ $+ > $* $@ $1 < @ $2 > $3 canon IP addr
- # if really UUCP, handle it immediately
- # try UUCP traffic as a local address
- R$* < @ $+ . UUCP > $* $: $1 < @ $[ $2 $] . UUCP . > $3
- R$* < @ $+ . . UUCP . > $* $@ $1 < @ $2 . > $3
- # hostnames ending in class P are always canonical
- R$* < @ $* $=P > $* $: $1 < @ $2 $3 . > $4
- R$* < @ $* $~P > $* $: $&{daemon_flags} $| $1 < @ $2 $3 > $4
- R$* CC $* $| $* < @ $+.$+ > $* $: $3 < @ $4.$5 . > $6
- R$* CC $* $| $* $: $3
- # pass to name server to make hostname canonical
- R$* $| $* < @ $* > $* $: $2 < @ $[ $3 $] > $4
- R$* $| $* $: $2
- # local host aliases and pseudo-domains are always canonical
- R$* < @ $=w > $* $: $1 < @ $2 . > $3
- R$* < @ $=M > $* $: $1 < @ $2 . > $3
- R$* < @ $={VirtHost} > $* $: $1 < @ $2 . > $3
- R$* < @ $* . . > $* $1 < @ $2 . > $3
- ##################################################
- ### Ruleset 4 -- Final Output Post-rewriting ###
- ##################################################
- Sfinal=4
- R$+ :; <@> $@ $1 : handle <list:;>
- R$* <@> $@ handle <> and list:;
- # strip trailing dot off possibly canonical name
- R$* < @ $+ . > $* $1 < @ $2 > $3
- # eliminate internal code
- R$* < @ *LOCAL* > $* $1 < @ $j > $2
- # externalize local domain info
- R$* < $+ > $* $1 $2 $3 defocus
- R@ $+ : @ $+ : $+ @ $1 , @ $2 : $3 <route-addr> canonical
- R@ $* $@ @ $1 ... and exit
- # UUCP must always be presented in old form
- R$+ @ $- . UUCP $2!$1 u@h.UUCP => h!u
- # delete duplicate local names
- R$+ % $=w @ $=w $1 @ $2 u%host@host => u@host
- ##############################################################
- ### Ruleset 97 -- recanonicalize and call ruleset zero ###
- ### (used for recursive calls) ###
- ##############################################################
- SRecurse=97
- R$* $: $>canonify $1
- R$* $@ $>parse $1
- ######################################
- ### Ruleset 0 -- Parse Address ###
- ######################################
- Sparse=0
- R$* $: $>Parse0 $1 initial parsing
- R<@> $#local $: <@> special case error msgs
- R$* $: $>ParseLocal $1 handle local hacks
- R$* $: $>Parse1 $1 final parsing
- #
- # Parse0 -- do initial syntax checking and eliminate local addresses.
- # This should either return with the (possibly modified) input
- # or return with a #error mailer. It should not return with a
- # #mailer other than the #error mailer.
- #
- SParse0
- R<@> $@ <@> special case error msgs
- R$* : $* ; <@> $#error $@ 5.1.3 $: "553 List:; syntax illegal for recipient addresses"
- R@ <@ $* > < @ $1 > catch "@@host" bogosity
- R<@ $+> $#error $@ 5.1.3 $: "553 User address required"
- R$+ <@> $#error $@ 5.1.3 $: "553 Hostname required"
- R$* $: <> $1
- R<> $* < @ [ $* ] : $+ > $* $1 < @ [ $2 ] : $3 > $4
- R<> $* < @ [ $* ] , $+ > $* $1 < @ [ $2 ] , $3 > $4
- R<> $* < @ [ $* ] $+ > $* $#error $@ 5.1.2 $: "553 Invalid address"
- R<> $* < @ [ $+ ] > $* $1 < @ [ $2 ] > $3
- R<> $* <$* : $* > $* $#error $@ 5.1.3 $: "553 Colon illegal in host name part"
- R<> $* $1
- R$* < @ . $* > $* $#error $@ 5.1.2 $: "553 Invalid host name"
- R$* < @ $* .. $* > $* $#error $@ 5.1.2 $: "553 Invalid host name"
- R$* < @ $* @ > $* $#error $@ 5.1.2 $: "553 Invalid route address"
- R$* @ $* < @ $* > $* $#error $@ 5.1.3 $: "553 Invalid route address"
- R$* , $~O $* $#error $@ 5.1.3 $: "553 Invalid route address"
- # now delete the local info -- note $=O to find characters that cause forwarding
- R$* < @ > $* $@ $>Parse0 $>canonify $1 user@ => user
- R< @ $=w . > : $* $@ $>Parse0 $>canonify $2 @here:... -> ...
- R$- < @ $=w . > $: $(dequote $1 $) < @ $2 . > dequote "foo"@here
- R< @ $+ > $#error $@ 5.1.3 $: "553 User address required"
- R$* $=O $* < @ $=w . > $@ $>Parse0 $>canonify $1 $2 $3 ...@here -> ...
- R$- $: $(dequote $1 $) < @ *LOCAL* > dequote "foo"
- R< @ *LOCAL* > $#error $@ 5.1.3 $: "553 User address required"
- R$* $=O $* < @ *LOCAL* >
- $@ $>Parse0 $>canonify $1 $2 $3 ...@*LOCAL* -> ...
- R$* < @ *LOCAL* > $: $1
- #
- # Parse1 -- the bottom half of ruleset 0.
- #
- SParse1
- # handle numeric address spec
- R$* < @ [ $+ ] > $* $: $>ParseLocal $1 < @ [ $2 ] > $3 numeric internet spec
- R$* < @ [ $+ ] > $* $1 < @ [ $2 ] : $S > $3 Add smart host to path
- R$* < @ [ $+ ] : > $* $#esmtp $@ [$2] $: $1 < @ [$2] > $3 no smarthost: send
- R$* < @ [ $+ ] : $- : $*> $* $#$3 $@ $4 $: $1 < @ [$2] > $5 smarthost with mailer
- R$* < @ [ $+ ] : $+ > $* $#esmtp $@ $3 $: $1 < @ [$2] > $4 smarthost without mailer
- # handle virtual users
- R$+ $: <!> $1 Mark for lookup
- R<!> $+ < @ $={VirtHost} . > $: < $(virtuser $1 @ $2 $@ $1 $: @ $) > $1 < @ $2 . >
- R<!> $+ < @ $=w . > $: < $(virtuser $1 @ $2 $@ $1 $: @ $) > $1 < @ $2 . >
- R<@> $+ + $+ < @ $* . >
- $: < $(virtuser $1 + + @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . >
- R<@> $+ + $* < @ $* . >
- $: < $(virtuser $1 + * @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . >
- R<@> $+ + $* < @ $* . >
- $: < $(virtuser $1 @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . >
- R<@> $+ + $+ < @ $+ . > $: < $(virtuser + + @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . >
- R<@> $+ + $* < @ $+ . > $: < $(virtuser + * @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . >
- R<@> $+ + $* < @ $+ . > $: < $(virtuser @ $3 $@ $1 $@ $2 $@ +$2 $: ! $) > $1 + $2 < @ $3 . >
- R<@> $+ < @ $+ . > $: < $(virtuser @ $2 $@ $1 $: @ $) > $1 < @ $2 . >
- R<@> $+ $: $1
- R<!> $+ $: $1
- R< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4
- R< error : $- $+ > $* $#error $@ $(dequote $1 $) $: $2
- R< $+ > $+ < @ $+ > $: $>Recurse $1
- # short circuit local delivery so forwarded email works
- R$=L < @ $=w . > $#local $: @ $1 special local names
- R$+ < @ $=w . > $#local $: $1 regular local name
- # not local -- try mailer table lookup
- R$* <@ $+ > $* $: < $2 > $1 < @ $2 > $3 extract host name
- R< $+ . > $* $: < $1 > $2 strip trailing dot
- R< $+ > $* $: < $(mailertable $1 $) > $2 lookup
- R< $~[ : $* > $* $>MailerToTriple < $1 : $2 > $3 check -- resolved?
- R< $+ > $* $: $>Mailertable <$1> $2 try domain
- # resolve remotely connected UUCP links (if any)
- # resolve fake top level domains by forwarding to other hosts
- # pass names that still have a host to a smarthost (if defined)
- R$* < @ $* > $* $: $>MailerToTriple < $S > $1 < @ $2 > $3 glue on smarthost name
- # deal with other remote names
- R$* < @$* > $* $#esmtp $@ $2 $: $1 < @ $2 > $3 user@host.domain
- # handle locally delivered names
- R$=L $#local $: @ $1 special local names
- R$+ $#local $: $1 regular local names
- ###########################################################################
- ### Ruleset 5 -- special rewriting after aliases have been expanded ###
- ###########################################################################
- SLocal_localaddr
- Slocaladdr=5
- R$+ $: $1 $| $>"Local_localaddr" $1
- R$+ $| $#ok $@ $1 no change
- R$+ $| $#$* $#$2
- R$+ $| $* $: $1
- # deal with plussed users so aliases work nicely
- R$+ + * $#local $@ $&h $: $1
- R$+ + $* $#local $@ + $2 $: $1 + *
- # prepend an empty "forward host" on the front
- R$+ $: <> $1
- R< > $+ $: < > < $1 <> $&h > nope, restore +detail
- R< > < $+ <> + $* > $: < > < $1 + $2 > check whether +detail
- R< > < $+ <> $* > $: < > < $1 > else discard
- R< > < $+ + $* > $* < > < $1 > + $2 $3 find the user part
- R< > < $+ > + $* $#local $@ $2 $: @ $1 strip the extra +
- R< > < $+ > $@ $1 no +detail
- R$+ $: $1 <> $&h add +detail back in
- R$+ <> + $* $: $1 + $2 check whether +detail
- R$+ <> $* $: $1 else discard
- R< local : $* > $* $: $>MailerToTriple < local : $1 > $2 no host extension
- R< error : $* > $* $: $>MailerToTriple < error : $1 > $2 no host extension
- R< $~[ : $+ > $+ $: $>MailerToTriple < $1 : $2 > $3 < @ $2 >
- R< $+ > $+ $@ $>MailerToTriple < $1 > $2 < @ $1 >
- ###################################################################
- ### Ruleset 90 -- try domain part of mailertable entry ###
- ###################################################################
- SMailertable=90
- R$* <$- . $+ > $* $: $1$2 < $(mailertable .$3 $@ $1$2 $@ $2 $) > $4
- R$* <$~[ : $* > $* $>MailerToTriple < $2 : $3 > $4 check -- resolved?
- R$* < . $+ > $* $@ $>Mailertable $1 . <$2> $3 no -- strip & try again
- R$* < $* > $* $: < $(mailertable . $@ $1$2 $) > $3 try "."
- R< $~[ : $* > $* $>MailerToTriple < $1 : $2 > $3 "." found?
- R< $* > $* $@ $2 no mailertable match
- ###################################################################
- ### Ruleset 95 -- canonify mailer:[user@]host syntax to triple ###
- ###################################################################
- SMailerToTriple=95
- R< > $* $@ $1 strip off null relay
- R< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4
- R< error : $- $+ > $* $#error $@ $(dequote $1 $) $: $2
- R< local : $* > $* $>CanonLocal < $1 > $2
- R< $~[ : $+ @ $+ > $*<$*>$* $# $1 $@ $3 $: $2<@$3> use literal user
- R< $~[ : $+ > $* $# $1 $@ $2 $: $3 try qualified mailer
- R< $=w > $* $@ $2 delete local host
- R< $+ > $* $#relay $@ $1 $: $2 use unqualified mailer
- ###################################################################
- ### Ruleset CanonLocal -- canonify local: syntax ###
- ###################################################################
- SCanonLocal
- # strip local host from routed addresses
- R< $* > < @ $+ > : $+ $@ $>Recurse $3
- R< $* > $+ $=O $+ < @ $+ > $@ $>Recurse $2 $3 $4
- # strip trailing dot from any host name that may appear
- R< $* > $* < @ $* . > $: < $1 > $2 < @ $3 >
- # handle local: syntax -- use old user, either with or without host
- R< > $* < @ $* > $* $#local $@ $1@$2 $: $1
- R< > $+ $#local $@ $1 $: $1
- # handle local:user@host syntax -- ignore host part
- R< $+ @ $+ > $* < @ $* > $: < $1 > $3 < @ $4 >
- # handle local:user syntax
- R< $+ > $* <@ $* > $* $#local $@ $2@$3 $: $1
- R< $+ > $* $#local $@ $2 $: $1
- ###################################################################
- ### Ruleset 93 -- convert header names to masqueraded form ###
- ###################################################################
- SMasqHdr=93
- # do not masquerade anything in class N
- R$* < @ $* $=N . > $@ $1 < @ $2 $3 . >
- R$* < @ *LOCAL* > $@ $1 < @ $j . >
- ###################################################################
- ### Ruleset 94 -- convert envelope names to masqueraded form ###
- ###################################################################
- SMasqEnv=94
- R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
- ###################################################################
- ### Ruleset 98 -- local part of ruleset zero (can be null) ###
- ###################################################################
- SParseLocal=98
- # addresses sent to foo@host.REDIRECT will give a 551 error code
- R$* < @ $+ .REDIRECT. > $: $1 < @ $2 . REDIRECT . > < ${opMode} >
- R$* < @ $+ .REDIRECT. > <i> $: $1 < @ $2 . REDIRECT. >
- R$* < @ $+ .REDIRECT. > < $- > $#error $@ 5.1.1 $: "551 User has moved; please try " <$1@$2>
- ######################################################################
- ### D: LookUpDomain -- search for domain in access database
- ###
- ### Parameters:
- ### <$1> -- key (domain name)
- ### <$2> -- default (what to return if not found in db)
- ### <$3> -- mark (must be <(!|+) single-token> )
- ### ! does lookup only with tag
- ### + does lookup with and without tag
- ### <$4> -- passthru (additional data passed unchanged through)
- ######################################################################
- SD
- R<$*> <$+> <$- $-> <$*> $: < $(access $4:$1 $: ? $) > <$1> <$2> <$3 $4> <$5>
- R<?> <$+> <$+> <+ $-> <$*> $: < $(access $1 $: ? $) > <$1> <$2> <+ $3> <$4>
- R<?> <[$+.$-]> <$+> <$- $-> <$*> $@ $>D <[$1]> <$3> <$4 $5> <$6>
- R<?> <[$+::$-]> <$+> <$- $-> <$*> $: $>D <[$1]> <$3> <$4 $5> <$6>
- R<?> <[$+:$-]> <$+> <$- $-> <$*> $: $>D <[$1]> <$3> <$4 $5> <$6>
- R<?> <$+.$+> <$+> <$- $-> <$*> $@ $>D <$2> <$3> <$4 $5> <$6>
- R<?> <$+> <$+> <$- $-> <$*> $@ <$2> <$5>
- R<$* <TMPF>> <$+> <$+> <$- $-> <$*> $@ <<TMPF>> <$6>
- R<$*> <$+> <$+> <$- $-> <$*> $@ <$1> <$6>
- ######################################################################
- ### A: LookUpAddress -- search for host address in access database
- ###
- ### Parameters:
- ### <$1> -- key (dot quadded host address)
- ### <$2> -- default (what to return if not found in db)
- ### <$3> -- mark (must be <(!|+) single-token> )
- ### ! does lookup only with tag
- ### + does lookup with and without tag
- ### <$4> -- passthru (additional data passed through)
- ######################################################################
- SA
- R<$+> <$+> <$- $-> <$*> $: < $(access $4:$1 $: ? $) > <$1> <$2> <$3 $4> <$5>
- R<?> <$+> <$+> <+ $-> <$*> $: < $(access $1 $: ? $) > <$1> <$2> <+ $3> <$4>
- R<?> <$+::$-> <$+> <$- $-> <$*> $@ $>A <$1> <$3> <$4 $5> <$6>
- R<?> <$+:$-> <$+> <$- $-> <$*> $@ $>A <$1> <$3> <$4 $5> <$6>
- R<?> <$+.$-> <$+> <$- $-> <$*> $@ $>A <$1> <$3> <$4 $5> <$6>
- R<?> <$+> <$+> <$- $-> <$*> $@ <$2> <$5>
- R<$* <TMPF>> <$+> <$+> <$- $-> <$*> $@ <<TMPF>> <$6>
- R<$*> <$+> <$+> <$- $-> <$*> $@ <$1> <$6>
- ######################################################################
- ### CanonAddr -- Convert an address into a standard form for
- ### relay checking. Route address syntax is
- ### crudely converted into a %-hack address.
- ###
- ### Parameters:
- ### $1 -- full recipient address
- ###
- ### Returns:
- ### parsed address, not in source route form
- ######################################################################
- SCanonAddr
- R$* $: $>Parse0 $>canonify $1 make domain canonical
- ######################################################################
- ### ParseRecipient -- Strip off hosts in $=R as well as possibly
- ### $* $=m or the access database.
- ### Check user portion for host separators.
- ###
- ### Parameters:
- ### $1 -- full recipient address
- ###
- ### Returns:
- ### parsed, non-local-relaying address
- ######################################################################
- SParseRecipient
- R$* $: <?> $>CanonAddr $1
- R<?> $* < @ $* . > <?> $1 < @ $2 > strip trailing dots
- R<?> $- < @ $* > $: <?> $(dequote $1 $) < @ $2 > dequote local part
- # if no $=O character, no host in the user portion, we are done
- R<?> $* $=O $* < @ $* > $: <NO> $1 $2 $3 < @ $4>
- R<?> $* $@ $1
- R<NO> $* < @ $* $=R > $: <RELAY> $1 < @ $2 $3 >
- R<NO> $* < @ $+ > $: $>D <$2> <NO> <+ To> <$1 < @ $2 >>
- R<$+> <$+> $: <$1> $2
- R<RELAY> $* < @ $* > $@ $>ParseRecipient $1
- R<$+> $* $@ $2
- ######################################################################
- ### check_relay -- check hostname/address on SMTP startup
- ######################################################################
- SLocal_check_relay
- Scheck_relay
- R$* $: $1 $| $>"Local_check_relay" $1
- R$* $| $* $| $#$* $#$3
- R$* $| $* $| $* $@ $>"Basic_check_relay" $1 $| $2
- SBasic_check_relay
- # check for deferred delivery mode
- R$* $: < $&{deliveryMode} > $1
- R< d > $* $@ deferred
- R< $* > $* $: $2
- R$+ $| $+ $: $>D < $1 > <?> <+ Connect> < $2 >
- R $| $+ $: $>A < $1 > <?> <+ Connect> <> empty client_name
- R<?> <$+> $: $>A < $1 > <?> <+ Connect> <> no: another lookup
- R<?> <$*> $: OK found nothing
- R<$={Accept}> <$*> $@ $1 return value of lookup
- R<REJECT> <$*> $#error $@ 5.7.1 $: "550 Access denied"
- R<DISCARD> <$*> $#discard $: discard
- R<ERROR:$-.$-.$-:$+> <$*> $#error $@ $1.$2.$3 $: $4
- R<ERROR:$+> <$*> $#error $: $1
- R<$* <TMPF>> <$*> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
- R<$+> <$*> $#error $: $1
- ######################################################################
- ### check_mail -- check SMTP `MAIL FROM:' command argument
- ######################################################################
- SLocal_check_mail
- Scheck_mail
- R$* $: $1 $| $>"Local_check_mail" $1
- R$* $| $#$* $#$2
- R$* $| $* $@ $>"Basic_check_mail" $1
- SBasic_check_mail
- # check for deferred delivery mode
- R$* $: < $&{deliveryMode} > $1
- R< d > $* $@ deferred
- R< $* > $* $: $2
- # authenticated?
- R$* $: $1 $| $>"tls_client" $&{verify} $| MAIL
- R$* $| $#$+ $#$2
- R$* $| $* $: $1
- R<> $@ <OK> we MUST accept <> (RFC 1123)
- R$+ $: <?> $1
- R<?><$+> $: <@> <$1>
- R<?>$+ $: <@> <$1>
- R$* $: $&{daemon_flags} $| $1
- R$* f $* $| <@> < $* @ $- > $: < ? $&{client_name} > < $3 @ $4 >
- R$* u $* $| <@> < $* > $: <?> < $3 >
- R$* $| $* $: $2
- # handle case of @localhost on address
- R<@> < $* @ localhost > $: < ? $&{client_name} > < $1 @ localhost >
- R<@> < $* @ [127.0.0.1] >
- $: < ? $&{client_name} > < $1 @ [127.0.0.1] >
- R<@> < $* @ localhost.$m >
- $: < ? $&{client_name} > < $1 @ localhost.$m >
- R<@> < $* @ localhost.UUCP >
- $: < ? $&{client_name} > < $1 @ localhost.UUCP >
- R<@> $* $: $1 no localhost as domain
- R<? $=w> $* $: $2 local client: ok
- R<? $+> <$+> $#error $@ 5.5.4 $: "553 Real domain name required for sender address"
- R<?> $* $: $1
- R$* $: <?> $>CanonAddr $1 canonify sender address and mark it
- R<?> $* < @ $+ . > <?> $1 < @ $2 > strip trailing dots
- # handle non-DNS hostnames (*.bitnet, *.decnet, *.uucp, etc)
- R<?> $* < @ $* $=P > $: <OKR> $1 < @ $2 $3 >
- R<?> $* < @ $j > $: <OKR> $1 < @ $j >
- R<?> $* < @ $+ > $: <OKR> $1 < @ $2 > ... unresolvable OK
- # check sender address: user@address, user@, address
- R<$+> $+ < @ $* > $: @<$1> <$2 < @ $3 >> $| <F:$2@$3> <U:$2@> <D:$3>
- R<$+> $+ $: @<$1> <$2> $| <U:$2@>
- R@ <$+> <$*> $| <$+> $: <@> <$1> <$2> $| $>SearchList <+ From> $| <$3> <>
- R<@> <$+> <$*> $| <$*> $: <$3> <$1> <$2> reverse result
- # retransform for further use
- R<?> <$+> <$*> $: <$1> $2 no match
- R<$+> <$+> <$*> $: <$1> $3 relevant result, keep it
- # handle case of no @domain on address
- R<?> $* $: $&{daemon_flags} $| <?> $1
- R$* u $* $| <?> $* $: <OKR> $3
- R$* $| $* $: $2
- R<?> $* $: < ? $&{client_addr} > $1
- R<?> $* $@ <OKR> ...local unqualed ok
- R<? $+> $* $#error $@ 5.5.4 $: "553 Domain name required for sender address " $&f
- ...remote is not
- # check results
- R<?> $* $: @ $1 mark address: nothing known about it
- R<$={ResOk}> $* $@ <OKR> domain ok: stop
- R<TEMP> $* $#error $@ 4.1.8 $: "451 Domain of sender address " $&f " does not resolve"
- R<PERM> $* $#error $@ 5.1.8 $: "553 Domain of sender address " $&f " does not exist"
- R<$={Accept}> $* $# $1 accept from access map
- R<DISCARD> $* $#discard $: discard
- R<REJECT> $* $#error $@ 5.7.1 $: "550 Access denied"
- R<ERROR:$-.$-.$-:$+> $* $#error $@ $1.$2.$3 $: $4
- R<ERROR:$+> $* $#error $: $1
- R<<TMPF>> $* $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
- R<$+> $* $#error $: $1 error from access db
- ######################################################################
- ### check_rcpt -- check SMTP `RCPT TO:' command argument
- ######################################################################
- SLocal_check_rcpt
- Scheck_rcpt
- R$* $: $1 $| $>"Local_check_rcpt" $1
- R$* $| $#$* $#$2
- R$* $| $* $@ $>"Basic_check_rcpt" $1
- SBasic_check_rcpt
- # empty address?
- R<> $#error $@ nouser $: "553 User address required"
- R$@ $#error $@ nouser $: "553 User address required"
- # check for deferred delivery mode
- R$* $: < $&{deliveryMode} > $1
- R< d > $* $@ deferred
- R< $* > $* $: $2
- ######################################################################
- R$* $: $1 $| @ $>"Rcpt_ok" $1
- R$* $| @ $#TEMP $+ $: $1 $| T $2
- R$* $| @ $#$* $#$2
- R$* $| @ RELAY $@ RELAY
- R$* $| @ $* $: O $| $>"Relay_ok" $1
- R$* $| T $+ $: T $2 $| $>"Relay_ok" $1
- R$* $| $#TEMP $+ $#error $2
- R$* $| $#$* $#$2
- R$* $| RELAY $@ RELAY
- R T $+ $| $* $#error $1
- # anything else is bogus
- R$* $#error $@ 5.7.1 $: "550 Relaying denied"
- ######################################################################
- ### Rcpt_ok: is the recipient ok?
- ######################################################################
- SRcpt_ok
- R$* $: $>ParseRecipient $1 strip relayable hosts
- # blacklist local users or any host from receiving mail
- R$* $: <?> $1
- R<?> $+ < @ $=w > $: <> <$1 < @ $2 >> $| <F:$1@$2> <U:$1@> <D:$2>
- R<?> $+ < @ $* > $: <> <$1 < @ $2 >> $| <F:$1@$2> <D:$2>
- R<?> $+ $: <> <$1> $| <U:$1@>
- R<> <$*> $| <$+> $: <@> <$1> $| $>SearchList <+ To> $| <$2> <>
- R<@> <$*> $| <$*> $: <$2> <$1> reverse result
- R<?> <$*> $: @ $1 mark address as no match
- R<$={Accept}> <$*> $: @ $2 mark address as no match
- R<REJECT> $* $#error $@ 5.2.1 $: "550 Mailbox disabled for this recipient"
- R<DISCARD> $* $#discard $: discard
- R<ERROR:$-.$-.$-:$+> $* $#error $@ $1.$2.$3 $: $4
- R<ERROR:$+> $* $#error $: $1
- R<<TMPF>> $* $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
- R<$+> $* $#error $: $1 error from access db
- R@ $* $1 remove mark
- # authenticated via TLS?
- R$* $: $1 $| $>RelayTLS client authenticated?
- R$* $| $# $+ $# $2 error/ok?
- R$* $| $* $: $1 no
- R$* $: $1 $| $>"Local_Relay_Auth" $&{auth_type}
- R$* $| $# $* $# $2
- R$* $| NO $: $1
- R$* $| $* $: $1 $| $&{auth_type}
- R$* $| $: $1
- R$* $| $={TrustAuthMech} $# RELAY
- R$* $| $* $: $1
- # anything terminating locally is ok
- R$+ < @ $=w > $@ RELAY
- R$+ < @ $* $=R > $@ RELAY
- R$+ < @ $+ > $: $>D <$2> <?> <+ To> <$1 < @ $2 >>
- R<RELAY> $* $@ RELAY
- R<$* <TMPF>> $* $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
- R<$*> <$*> $: $2
- # check for local user (i.e. unqualified address)
- R$* $: <?> $1
- R<?> $* < @ $+ > $: <REMOTE> $1 < @ $2 >
- # local user is ok
- R<?> $+ $@ RELAY
- R<$+> $* $: $2
- ######################################################################
- ### Relay_ok: is the relay/sender ok?
- ######################################################################
- SRelay_ok
- # anything originating locally is ok
- # check IP address
- R$* $: $&{client_addr}
- R$@ $@ RELAY originated locally
- R0 $@ RELAY originated locally
- R127.0.0.1 $@ RELAY originated locally
- RIPv6:::1 $@ RELAY originated locally
- R$=R $* $@ RELAY relayable IP address
- R$* $: $>A <$1> <?> <+ Connect> <$1>
- R<RELAY> $* $@ RELAY relayable IP address
- R<<TMPF>> $* $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
- R<$*> <$*> $: $2
- R$* $: [ $1 ] put brackets around it...
- R$=w $@ RELAY ... and see if it is local
- # check client name: first: did it resolve?
- R$* $: < $&{client_resolve} >
- R<TEMP> $#TEMP $@ 4.7.1 $: "450 Relaying temporarily denied. Cannot resolve PTR record for " $&{client_addr}
- R<FORGED> $#error $@ 5.7.1 $: "550 Relaying denied. IP name possibly forged " $&{client_name}
- R<FAIL> $#error $@ 5.7.1 $: "550 Relaying denied. IP name lookup failed " $&{client_name}
- R$* $: <@> $&{client_name}
- # pass to name server to make hostname canonical
- R<@> $* $=P $:<?> $1 $2
- R<@> $+ $:<?> $[ $1 $]
- R$* . $1 strip trailing dots
- R<?> $=w $@ RELAY
- R<?> $* $=R $@ RELAY
- R<?> $* $: $>D <$1> <?> <+ Connect> <$1>
- R<RELAY> $* $@ RELAY
- R<$* <TMPF>> $* $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
- R<$*> <$*> $: $2
- ######################################################################
- ### F: LookUpFull -- search for an entry in access database
- ###
- ### lookup of full key (which should be an address) and
- ### variations if +detail exists: +* and without +detail
- ###
- ### Parameters:
- ### <$1> -- key
- ### <$2> -- default (what to return if not found in db)
- ### <$3> -- mark (must be <(!|+) single-token> )
- ### ! does lookup only with tag
- ### + does lookup with and without tag
- ### <$4> -- passthru (additional data passed unchanged through)
- ######################################################################
- SF
- R<$+> <$*> <$- $-> <$*> $: <$(access $4:$1 $: ? $)> <$1> <$2> <$3 $4> <$5>
- R<?> <$+> <$*> <+ $-> <$*> $: <$(access $1 $: ? $)> <$1> <$2> <+ $3> <$4>
- R<?> <$+ + $* @ $+> <$*> <$- $-> <$*>
- $: <$(access $6:$1+*@$3 $: ? $)> <$1+$2@$3> <$4> <$5 $6> <$7>
- R<?> <$+ + $* @ $+> <$*> <+ $-> <$*>
- $: <$(access $1+*@$3 $: ? $)> <$1+$2@$3> <$4> <+ $5> <$6>
- R<?> <$+ + $* @ $+> <$*> <$- $-> <$*>
- $: <$(access $6:$1@$3 $: ? $)> <$1+$2@$3> <$4> <$5 $6> <$7>
- R<?> <$+ + $* @ $+> <$*> <+ $-> <$*>
- $: <$(access $1@$3 $: ? $)> <$1+$2@$3> <$4> <+ $5> <$6>
- R<?> <$+> <$*> <$- $-> <$*> $@ <$2> <$5>
- R<$+ <TMPF>> <$*> <$- $-> <$*> $@ <<TMPF>> <$5>
- R<$+> <$*> <$- $-> <$*> $@ <$1> <$5>
- ######################################################################
- ### E: LookUpExact -- search for an entry in access database
- ###
- ### Parameters:
- ### <$1> -- key
- ### <$2> -- default (what to return if not found in db)
- ### <$3> -- mark (must be <(!|+) single-token> )
- ### ! does lookup only with tag
- ### + does lookup with and without tag
- ### <$4> -- passthru (additional data passed unchanged through)
- ######################################################################
- SE
- R<$*> <$*> <$- $-> <$*> $: <$(access $4:$1 $: ? $)> <$1> <$2> <$3 $4> <$5>
- R<?> <$+> <$*> <+ $-> <$*> $: <$(access $1 $: ? $)> <$1> <$2> <+ $3> <$4>
- R<?> <$+> <$*> <$- $-> <$*> $@ <$2> <$5>
- R<$+ <TMPF>> <$*> <$- $-> <$*> $@ <<TMPF>> <$5>
- R<$+> <$*> <$- $-> <$*> $@ <$1> <$5>
- ######################################################################
- ### U: LookUpUser -- search for an entry in access database
- ###
- ### lookup of key (which should be a local part) and
- ### variations if +detail exists: +* and without +detail
- ###
- ### Parameters:
- ### <$1> -- key (user@)
- ### <$2> -- default (what to return if not found in db)
- ### <$3> -- mark (must be <(!|+) single-token> )
- ### ! does lookup only with tag
- ### + does lookup with and without tag
- ### <$4> -- passthru (additional data passed unchanged through)
- ######################################################################
- SU
- R<$+> <$*> <$- $-> <$*> $: <$(access $4:$1 $: ? $)> <$1> <$2> <$3 $4> <$5>
- R<?> <$+> <$*> <+ $-> <$*> $: <$(access $1 $: ? $)> <$1> <$2> <+ $3> <$4>
- R<?> <$+ + $* @> <$*> <$- $-> <$*>
- $: <$(access $5:$1+*@ $: ? $)> <$1+$2@> <$3> <$4 $5> <$6>
- R<?> <$+ + $* @> <$*> <+ $-> <$*>
- $: <$(access $1+*@ $: ? $)> <$1+$2@> <$3> <+ $4> <$5>
- R<?> <$+ + $* @> <$*> <$- $-> <$*>
- $: <$(access $5:$1@ $: ? $)> <$1+$2@> <$3> <$4 $5> <$6>
- R<?> <$+ + $* @> <$*> <+ $-> <$*>
- $: <$(access $1@ $: ? $)> <$1+$2@> <$3> <+ $4> <$5>
- R<?> <$+> <$*> <$- $-> <$*> $@ <$2> <$5>
- R<$+ <TMPF>> <$*> <$- $-> <$*> $@ <<TMPF>> <$5>
- R<$+> <$*> <$- $-> <$*> $@ <$1> <$5>
- ######################################################################
- ### SearchList: search a list of items in the access map
- ### Parameters:
- ### <exact tag> $| <mark:address> <mark:address> ... <>
- ### where "exact" is either "+" or "!":
- ### <+ TAG> lookup with and w/o tag
- ### <! TAG> lookup with tag
- ### possible values for "mark" are:
- ### D: recursive host lookup (LookUpDomain)
- ### E: exact lookup, no modifications
- ### F: full lookup, try user+ext@domain and user@domain
- ### U: user lookup, try user+ext and user (input must have trailing @)
- ### return: <RHS of lookup> or <?> (not found)
- ######################################################################
- # class with valid marks for SearchList
- C{src}E F D U
- SSearchList
- # just call the ruleset with the name of the tag... nice trick...
- R<$+> $| <$={src}:$*> <$*> $: <$1> $| <$4> $| $>$2 <$3> <?> <$1> <>
- R<$+> $| <> $| <?> <> $@ <?>
- R<$+> $| <$+> $| <?> <> $@ $>SearchList <$1> $| <$2>
- R<$+> $| <$*> $| <$+> <> $@ <$3>
- R<$+> $| <$+> $@ <$2>
- ######################################################################
- ### trust_auth: is user trusted to authenticate as someone else?
- ###
- ### Parameters:
- ### $1: AUTH= parameter from MAIL command
- ######################################################################
- SLocal_trust_auth
- Strust_auth
- R$* $: $&{auth_type} $| $1
- # required by RFC 2554 section 4.
- R$@ $| $* $#error $@ 5.7.1 $: "550 not authenticated"
- R$* $| $&{auth_authen} $@ identical
- R$* $| <$&{auth_authen}> $@ identical
- R$* $| $* $: $1 $| $>"Local_trust_auth" $1
- R$* $| $#$* $#$2
- R$* $#error $@ 5.7.1 $: "550 " $&{auth_authen} " not allowed to act as " $&{auth_author}
- ######################################################################
- ### Relay_Auth: allow relaying based on authentication?
- ###
- ### Parameters:
- ### $1: ${auth_type}
- ######################################################################
- SLocal_Relay_Auth
- ######################################################################
- ### srv_features: which features to offer to a client?
- ### (done in server)
- ######################################################################
- Ssrv_features
- R$* $: $>D <$&{client_name}> <?> <! "Srv_Features"> <>
- R<?>$* $: $>A <$&{client_addr}> <?> <! "Srv_Features"> <>
- R<?>$* $: <$(access "Srv_Features": $: ? $)>
- R<?>$* $@ OK
- R<$* <TMPF>>$* $#temp
- R<$+>$* $# $1
- ######################################################################
- ### try_tls: try to use STARTTLS?
- ### (done in client)
- ######################################################################
- Stry_tls
- R$* $: $>D <$&{server_name}> <?> <! "Try_TLS"> <>
- R<?>$* $: $>A <$&{server_addr}> <?> <! "Try_TLS"> <>
- R<?>$* $: <$(access "Try_TLS": $: ? $)>
- R<?>$* $@ OK
- R<$* <TMPF>>$* $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
- R<NO>$* $#error $@ 5.7.1 $: "550 do not try TLS with " $&{server_name} " ["$&{server_addr}"]"
- ######################################################################
- ### tls_rcpt: is connection with server "good" enough?
- ### (done in client, per recipient)
- ###
- ### Parameters:
- ### $1: recipient
- ######################################################################
- Stls_rcpt
- R$* $: $(macro {TLS_Name} $@ $&{server_name} $) $1
- R$+ $: <?> $>CanonAddr $1
- R<?> $+ < @ $+ . > <?> $1 <@ $2 >
- R<?> $+ < @ $+ > $: $1 <@ $2 > $| <F:$1@$2> <U:$1@> <D:$2> <E:>
- R<?> $+ $: $1 $| <U:$1@> <E:>
- R$* $| $+ $: $1 $| $>SearchList <! "TLS_Rcpt"> $| $2 <>
- R$* $| <?> $@ OK
- R$* $| <$* <TMPF>> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
- R$* $| <$+> $@ $>"TLS_connection" $&{verify} $| <$2>
- ######################################################################
- ### tls_client: is connection with client "good" enough?
- ### (done in server)
- ###
- ### Parameters:
- ### ${verify} $| (MAIL|STARTTLS)
- ######################################################################
- Stls_client
- R$* $: $(macro {TLS_Name} $@ $&{server_name} $) $1
- R$* $| $* $: $1 $| $>D <$&{client_name}> <?> <! "TLS_Clt"> <>
- R$* $| <?>$* $: $1 $| $>A <$&{client_addr}> <?> <! "TLS_Clt"> <>
- R$* $| <?>$* $: $1 $| <$(access "TLS_Clt": $: ? $)>
- R$* $| <$* <TMPF>> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
- R$* $@ $>"TLS_connection" $1
- ######################################################################
- ### tls_server: is connection with server "good" enough?
- ### (done in client)
- ###
- ### Parameter:
- ### ${verify}
- ######################################################################
- Stls_server
- R$* $: $(macro {TLS_Name} $@ $&{server_name} $) $1
- R$* $: $1 $| $>D <$&{server_name}> <?> <! "TLS_Srv"> <>
- R$* $| <?>$* $: $1 $| $>A <$&{server_addr}> <?> <! "TLS_Srv"> <>
- R$* $| <?>$* $: $1 $| <$(access "TLS_Srv": $: ? $)>
- R$* $| <$* <TMPF>> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
- R$* $@ $>"TLS_connection" $1
- ######################################################################
- ### TLS_connection: is TLS connection "good" enough?
- ###
- ### Parameters:
- ### ${verify} $| <Requirement> [<>]
- ### Requirement: RHS from access map, may be ? for none.
- ######################################################################
- STLS_connection
- R$* $| <$*>$* $: $1 $| <$2>
- # create the appropriate error codes
- R$* $| <PERM + $={tls} $*> $: $1 $| <503:5.7.0> <$2 $3>
- R$* $| <TEMP + $={tls} $*> $: $1 $| <403:4.7.0> <$2 $3>
- R$* $| <$={tls} $*> $: $1 $| <403:4.7.0> <$2 $3>
- # deal with TLS handshake failures: abort
- RSOFTWARE $| <$-:$+> $* $#error $@ $2 $: $1 " TLS handshake failed."
- RSOFTWARE $| $* $#error $@ 4.7.0 $: "403 TLS handshake failed."
- R$* $| <$*> <VERIFY> $: <$2> <VERIFY> <> $1
- R$* $| <$*> <VERIFY + $+> $: <$2> <VERIFY> <$3> $1
- R$* $| <$*> <$={tls}:$->$* $: <$2> <$3:$4> <> $1
- R$* $| <$*> <$={tls}:$- + $+>$* $: <$2> <$3:$4> <$5> $1
- R$* $| $* $@ OK
- # authentication required: give appropriate error
- # other side did authenticate (via STARTTLS)
- R<$*><VERIFY> <> OK $@ OK
- R<$*><VERIFY> <$+> OK $: <$1> <REQ:0> <$2>
- R<$*><VERIFY:$-> <$*> OK $: <$1> <REQ:$2> <$3>
- R<$*><ENCR:$-> <$*> $* $: <$1> <REQ:$2> <$3>
- R<$-:$+><VERIFY $*> <$*> $#error $@ $2 $: $1 " authentication required"
- R<$-:$+><VERIFY $*> <$*> FAIL $#error $@ $2 $: $1 " authentication failed"
- R<$-:$+><VERIFY $*> <$*> NO $#error $@ $2 $: $1 " not authenticated"
- R<$-:$+><VERIFY $*> <$*> NOT $#error $@ $2 $: $1 " no authentication requested"
- R<$-:$+><VERIFY $*> <$*> NONE $#error $@ $2 $: $1 " other side does not support STARTTLS"
- R<$-:$+><VERIFY $*> <$*> $+ $#error $@ $2 $: $1 " authentication failure " $4
- R<$*><REQ:$-> <$*> $: <$1> <REQ:$2> <$3> $>max $&{cipher_bits} : $&{auth_ssf}
- R<$*><REQ:$-> <$*> $- $: <$1> <$2:$4> <$3> $(arith l $@ $4 $@ $2 $)
- R<$-:$+><$-:$-> <$*> TRUE $#error $@ $2 $: $1 " encryption too weak " $4 " less than " $3
- R<$-:$+><$-:$-> <$*> $* $: <$1:$2 ++ $5>
- R<$-:$+ ++ > $@ OK
- R<$-:$+ ++ $+ > $: <$1:$2> <$3>
- R<$-:$+> < $+ ++ $+ > <$1:$2> <$3> <$4>
- R<$-:$+> $+ $@ $>"TLS_req" $3 $| <$1:$2>
- ######################################################################
- ### TLS_req: check additional TLS requirements
- ###
- ### Parameters: [<list> <of> <req>] $| <$-:$+>
- ### $-: SMTP reply code
- ### $+: Enhanced Status Code
- ######################################################################
- STLS_req
- R $| $+ $@ OK
- R<CN> $* $| <$+> $: <CN:$&{TLS_Name}> $1 $| <$2>
- R<CN:$&{cn_subject}> $* $| <$+> $@ $>"TLS_req" $1 $| <$2>
- R<CN:$+> $* $| <$-:$+> $#error $@ $4 $: $3 " CN " $&{cn_subject} " does not match " $1
- R<CS:$&{cert_subject}> $* $| <$+> $@ $>"TLS_req" $1 $| <$2>
- R<CS:$+> $* $| <$-:$+> $#error $@ $4 $: $3 " Cert Subject " $&{cert_subject} " does not match " $1
- R<CI:$&{cert_issuer}> $* $| <$+> $@ $>"TLS_req" $1 $| <$2>
- R<CI:$+> $* $| <$-:$+> $#error $@ $4 $: $3 " Cert Issuer " $&{cert_issuer} " does not match " $1
- ROK $@ OK
- ######################################################################
- ### max: return the maximum of two values separated by :
- ###
- ### Parameters: [$-]:[$-]
- ######################################################################
- Smax
- R: $: 0
- R:$- $: $1
- R$-: $: $1
- R$-:$- $: $(arith l $@ $1 $@ $2 $) : $1 : $2
- RTRUE:$-:$- $: $2
- R$-:$-:$- $: $2
- ######################################################################
- ### RelayTLS: allow relaying based on TLS authentication
- ###
- ### Parameters:
- ### none
- ######################################################################
- SRelayTLS
- # authenticated?
- R$* $: <?> $&{verify}
- R<?> OK $: OK authenticated: continue
- R<?> $* $@ NO not authenticated
- R$* $: $&{cert_issuer}
- R$+ $: $(access CERTISSUER:$1 $)
- RRELAY $# RELAY
- RSUBJECT $: <@> $&{cert_subject}
- R<@> $+ $: <@> $(access CERTSUBJECT:$1 $)
- R<@> RELAY $# RELAY
- R$* $: NO
- ######################################################################
- ### authinfo: lookup authinfo in the access map
- ###
- ### Parameters:
- ### $1: {server_name}
- ### $2: {server_addr}
- ######################################################################
- Sauthinfo
- R$* $: $1 $| $>D <$&{server_name}> <?> <! AuthInfo> <>
- R$* $| <?>$* $: $1 $| $>A <$&{server_addr}> <?> <! AuthInfo> <>
- R$* $| <?>$* $: $1 $| <$(access AuthInfo: $: ? $)> <>
- R$* $| <?>$* $@ no no authinfo available
- R$* $| <$*> <> $# $2
- #�
- ######################################################################
- ######################################################################
- #####
- ##### MAIL FILTER DEFINITIONS
- #####
- ######################################################################
- ######################################################################
- #�
- ######################################################################
- ######################################################################
- #####
- ##### MAILER DEFINITIONS
- #####
- ######################################################################
- ######################################################################
- #####################################
- ### SMTP Mailer specification ###
- #####################################
- ##### $Id: smtp.m4,v 8.64 2001/04/03 01:52:54 gshapiro Exp $ #####
- #
- # common sender and masquerading recipient rewriting
- #
- SMasqSMTP
- R$* < @ $* > $* $@ $1 < @ $2 > $3 already fully qualified
- R$+ $@ $1 < @ *LOCAL* > add local qualification
- #
- # convert pseudo-domain addresses to real domain addresses
- #
- SPseudoToReal
- # pass <route-addr>s through
- R< @ $+ > $* $@ < @ $1 > $2 resolve <route-addr>
- # output fake domains as user%fake@relay
- # do UUCP heuristics; note that these are shared with UUCP mailers
- R$+ < @ $+ .UUCP. > $: < $2 ! > $1 convert to UUCP form
- R$+ < @ $* > $* $@ $1 < @ $2 > $3 not UUCP form
- # leave these in .UUCP form to avoid further tampering
- R< $&h ! > $- ! $+ $@ $2 < @ $1 .UUCP. >
- R< $&h ! > $-.$+ ! $+ $@ $3 < @ $1.$2 >
- R< $&h ! > $+ $@ $1 < @ $&h .UUCP. >
- R< $+ ! > $+ $: $1 ! $2 < @ $Y > use UUCP_RELAY
- R$+ < @ $~[ $* : $+ > $@ $1 < @ $4 > strip mailer: part
- R$+ < @ > $: $1 < @ *LOCAL* > if no UUCP_RELAY
- #
- # envelope sender rewriting
- #
- SEnvFromSMTP
- R$+ $: $>PseudoToReal $1 sender/recipient common
- R$* :; <@> $@ list:; special case
- R$* $: $>MasqSMTP $1 qualify unqual'ed names
- R$+ $: $>MasqEnv $1 do masquerading
- #
- # envelope recipient rewriting --
- # also header recipient if not masquerading recipients
- #
- SEnvToSMTP
- R$+ $: $>PseudoToReal $1 sender/recipient common
- R$+ $: $>MasqSMTP $1 qualify unqual'ed names
- R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
- #
- # header sender and masquerading header recipient rewriting
- #
- SHdrFromSMTP
- R$+ $: $>PseudoToReal $1 sender/recipient common
- R:; <@> $@ list:; special case
- # do special header rewriting
- R$* <@> $* $@ $1 <@> $2 pass null host through
- R< @ $* > $* $@ < @ $1 > $2 pass route-addr through
- R$* $: $>MasqSMTP $1 qualify unqual'ed names
- R$+ $: $>MasqHdr $1 do masquerading
- #
- # relay mailer header masquerading recipient rewriting
- #
- SMasqRelay
- R$+ $: $>MasqSMTP $1
- R$+ $: $>MasqHdr $1
- Msmtp, P=[IPC], F=mDFMuX, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
- T=DNS/RFC822/SMTP,
- A=TCP $h
- Mesmtp, P=[IPC], F=mDFMuXa, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
- T=DNS/RFC822/SMTP,
- A=TCP $h
- Msmtp8, P=[IPC], F=mDFMuX8, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
- T=DNS/RFC822/SMTP,
- A=TCP $h
- Mdsmtp, P=[IPC], F=mDFMuXa%, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
- T=DNS/RFC822/SMTP,
- A=TCP $h
- Mrelay, P=[IPC], F=mDFMuXa8, S=EnvFromSMTP/HdrFromSMTP, R=MasqSMTP, E=\r\n, L=2040,
- T=DNS/RFC822/SMTP,
- A=TCP $h
- ######################*****##############
- ### PROCMAIL Mailer specification ###
- ##################*****##################
- ##### $Id: procmail.m4,v 8.22 2001/11/12 23:11:34 ca Exp $ #####
- Mprocmail, P=/usr/bin/procmail, F=DFMSPhnu9, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP/HdrFromSMTP,
- T=DNS/RFC822/X-Unix,
- A=procmail -Y -m $h $f $u
- ##################################################
- ### Local and Program Mailer specification ###
- ##################################################
- ##### $Id: local.m4,v 8.58 2000/10/26 01:58:29 ca Exp $ #####
- #
- # Envelope sender rewriting
- #
- SEnvFromL
- R<@> $n errors to mailer-daemon
- R@ <@ $*> $n temporarily bypass Sun bogosity
- R$+ $: $>AddDomain $1 add local domain if needed
- R$* $: $>MasqEnv $1 do masquerading
- #
- # Envelope recipient rewriting
- #
- SEnvToL
- R$+ < @ $* > $: $1 strip host part
- #
- # Header sender rewriting
- #
- SHdrFromL
- R<@> $n errors to mailer-daemon
- R@ <@ $*> $n temporarily bypass Sun bogosity
- R$+ $: $>AddDomain $1 add local domain if needed
- R$* $: $>MasqHdr $1 do masquerading
- #
- # Header recipient rewriting
- #
- SHdrToL
- R$+ $: $>AddDomain $1 add local domain if needed
- R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
- #
- # Common code to add local domain name (only if always-add-domain)
- #
- SAddDomain
- R$* < @ $* > $* $@ $1 < @ $2 > $3 already fully qualified
- R$+ $@ $1 < @ *LOCAL* > add local qualification
- Mlocal, P=/usr/bin/procmail, F=lsDFMAw5:/|@qSPfhn9, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL,
- T=DNS/RFC822/X-Unix,
- A=procmail -t -Y -a $h -d $u
- Mprog, P=/usr/sbin/smrsh, F=lsDFMoqeu9, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL, D=$z:/,
- T=X-Unix/X-Unix/X-Unix,
- A=smrsh -c $u
|
---------------
“You want weapons? We’re in a library! Books! The best weapons in the world!”
|
FORUM HardWare.fr
