1 |
# |
2 |
# Copyright (c) 1998-2004 Sendmail, Inc. and its suppliers. |
3 |
# All rights reserved. |
4 |
# Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved. |
5 |
# Copyright (c) 1988, 1993 |
6 |
# The Regents of the University of California. All rights reserved. |
7 |
# |
8 |
# By using this file, you agree to the terms and conditions set |
9 |
# forth in the LICENSE file which can be found at the top level of |
10 |
# the sendmail distribution. |
11 |
# |
12 |
# |
13 |
|
14 |
###################################################################### |
15 |
###################################################################### |
16 |
##### |
17 |
##### SENDMAIL CONFIGURATION FILE |
18 |
##### |
19 |
##### built by root@antitrust on Thu Aug 5 06:45:13 PDT 2004 |
20 |
##### in /home/james/code/dev/c/sendmail-8.13.1.spf/cf/cf |
21 |
##### using ../ as configuration include directory |
22 |
##### |
23 |
###################################################################### |
24 |
##### |
25 |
##### DO NOT EDIT THIS FILE! Only edit the source .mc file. |
26 |
##### |
27 |
###################################################################### |
28 |
###################################################################### |
29 |
|
30 |
##### $Id: sendmail.cf,v 1.1.1.1 2004/08/28 17:53:34 jcouzens Exp $ ##### |
31 |
##### $Id: sendmail.cf,v 1.1.1.1 2004/08/28 17:53:34 jcouzens Exp $ ##### |
32 |
##### $Id: sendmail.cf,v 1.1.1.1 2004/08/28 17:53:34 jcouzens Exp $ ##### |
33 |
|
34 |
##### $Id: sendmail.cf,v 1.1.1.1 2004/08/28 17:53:34 jcouzens Exp $ ##### |
35 |
|
36 |
|
37 |
|
38 |
##### $Id: sendmail.cf,v 1.1.1.1 2004/08/28 17:53:34 jcouzens Exp $ ##### |
39 |
|
40 |
|
41 |
##### $Id: sendmail.cf,v 1.1.1.1 2004/08/28 17:53:34 jcouzens Exp $ ##### |
42 |
|
43 |
##### $Id: sendmail.cf,v 1.1.1.1 2004/08/28 17:53:34 jcouzens Exp $ ##### |
44 |
|
45 |
##### $Id: sendmail.cf,v 1.1.1.1 2004/08/28 17:53:34 jcouzens Exp $ ##### |
46 |
|
47 |
|
48 |
##### $Id: sendmail.cf,v 1.1.1.1 2004/08/28 17:53:34 jcouzens Exp $ ##### |
49 |
|
50 |
##### $Id: sendmail.cf,v 1.1.1.1 2004/08/28 17:53:34 jcouzens Exp $ ##### |
51 |
|
52 |
|
53 |
##### $Id: sendmail.cf,v 1.1.1.1 2004/08/28 17:53:34 jcouzens Exp $ ##### |
54 |
|
55 |
# level 10 config file format |
56 |
V10/Berkeley |
57 |
|
58 |
# override file safeties - setting this option compromises system security, |
59 |
# addressing the actual file configuration problem is preferred |
60 |
# need to set this before any file actions are encountered in the cf file |
61 |
#O DontBlameSendmail=safe |
62 |
|
63 |
# default LDAP map specification |
64 |
# need to set this now before any LDAP maps are defined |
65 |
#O LDAPDefaultSpec=-h localhost |
66 |
|
67 |
################## |
68 |
# local info # |
69 |
################## |
70 |
|
71 |
# my LDAP cluster |
72 |
# need to set this before any LDAP lookups are done (including classes) |
73 |
#D{sendmailMTACluster}$m |
74 |
|
75 |
Cwlocalhost |
76 |
# file containing names of hosts for which we receive email |
77 |
Fw/etc/mail/local-host-names |
78 |
|
79 |
# my official domain name |
80 |
# ... define this only if sendmail cannot automatically determine your domain |
81 |
#Dj$w.Foo.COM |
82 |
|
83 |
# host/domain names ending with a token in class P are canonical |
84 |
CP. |
85 |
|
86 |
# "Smart" relay host (may be null) |
87 |
DS |
88 |
|
89 |
|
90 |
# operators that cannot be in local usernames (i.e., network indicators) |
91 |
CO @ % ! |
92 |
|
93 |
# a class with just dot (for identifying canonical names) |
94 |
C.. |
95 |
|
96 |
# a class with just a left bracket (for identifying domain literals) |
97 |
C[[ |
98 |
|
99 |
|
100 |
# Resolve map (to check if a host exists in check_mail) |
101 |
Kresolve host -a<OKR> -T<TEMP> |
102 |
C{ResOk}OKR |
103 |
|
104 |
|
105 |
# Hosts for which relaying is permitted ($=R) |
106 |
FR-o /etc/mail/relay-domains |
107 |
|
108 |
# arithmetic map |
109 |
Karith arith |
110 |
|
111 |
|
112 |
|
113 |
|
114 |
|
115 |
# dequoting map |
116 |
Kdequote dequote |
117 |
|
118 |
# class E: names that should be exposed as from this host, even if we masquerade |
119 |
# class L: names that should be delivered locally, even if we have a relay |
120 |
# class M: domains that should be converted to $M |
121 |
# class N: domains that should not be converted to $M |
122 |
#CL root |
123 |
C{E}root |
124 |
|
125 |
|
126 |
|
127 |
# my name for error messages |
128 |
DnMAILER-DAEMON |
129 |
|
130 |
|
131 |
CPREDIRECT |
132 |
|
133 |
# Configuration version number |
134 |
DZ8.13.1 |
135 |
|
136 |
|
137 |
############### |
138 |
# Options # |
139 |
############### |
140 |
|
141 |
# strip message body to 7 bits on input? |
142 |
O SevenBitInput=False |
143 |
|
144 |
# 8-bit data handling |
145 |
#O EightBitMode=pass8 |
146 |
|
147 |
# wait for alias file rebuild (default units: minutes) |
148 |
O AliasWait=10 |
149 |
|
150 |
# location of alias file |
151 |
O AliasFile=/etc/mail/aliases |
152 |
|
153 |
# minimum number of free blocks on filesystem |
154 |
O MinFreeBlocks=100 |
155 |
|
156 |
# maximum message size |
157 |
#O MaxMessageSize=0 |
158 |
|
159 |
# substitution for space (blank) characters |
160 |
O BlankSub=. |
161 |
|
162 |
# avoid connecting to "expensive" mailers on initial submission? |
163 |
O HoldExpensive=False |
164 |
|
165 |
# checkpoint queue runs after every N successful deliveries |
166 |
#O CheckpointInterval=10 |
167 |
|
168 |
# default delivery mode |
169 |
O DeliveryMode=background |
170 |
|
171 |
# error message header/file |
172 |
#O ErrorHeader=/etc/mail/error-header |
173 |
|
174 |
# error mode |
175 |
#O ErrorMode=print |
176 |
|
177 |
# save Unix-style "From_" lines at top of header? |
178 |
#O SaveFromLine=False |
179 |
|
180 |
# queue file mode (qf files) |
181 |
#O QueueFileMode=0600 |
182 |
|
183 |
# temporary file mode |
184 |
O TempFileMode=0600 |
185 |
|
186 |
# match recipients against GECOS field? |
187 |
#O MatchGECOS=False |
188 |
|
189 |
# maximum hop count |
190 |
#O MaxHopCount=25 |
191 |
|
192 |
# location of help file |
193 |
O HelpFile=/etc/mail/helpfile |
194 |
|
195 |
# ignore dots as terminators in incoming messages? |
196 |
#O IgnoreDots=False |
197 |
|
198 |
# name resolver options |
199 |
#O ResolverOptions=+AAONLY |
200 |
|
201 |
# deliver MIME-encapsulated error messages? |
202 |
O SendMimeErrors=True |
203 |
|
204 |
# Forward file search path |
205 |
O ForwardPath=$z/.forward.$w+$h:$z/.forward+$h:$z/.forward.$w:$z/.forward |
206 |
|
207 |
# open connection cache size |
208 |
O ConnectionCacheSize=2 |
209 |
|
210 |
# open connection cache timeout |
211 |
O ConnectionCacheTimeout=5m |
212 |
|
213 |
# persistent host status directory |
214 |
#O HostStatusDirectory=.hoststat |
215 |
|
216 |
# single thread deliveries (requires HostStatusDirectory)? |
217 |
#O SingleThreadDelivery=False |
218 |
|
219 |
# use Errors-To: header? |
220 |
O UseErrorsTo=False |
221 |
|
222 |
# log level |
223 |
O LogLevel=9 |
224 |
|
225 |
# send to me too, even in an alias expansion? |
226 |
#O MeToo=True |
227 |
|
228 |
# verify RHS in newaliases? |
229 |
O CheckAliases=False |
230 |
|
231 |
# default messages to old style headers if no special punctuation? |
232 |
O OldStyleHeaders=True |
233 |
|
234 |
# SMTP daemon options |
235 |
O DaemonPortOptions=Name=MTA |
236 |
O DaemonPortOptions=Port=587, Name=MSA, M=E |
237 |
|
238 |
# SMTP client options |
239 |
#O ClientPortOptions=Family=inet, Address=0.0.0.0 |
240 |
|
241 |
# Modifiers to define {daemon_flags} for direct submissions |
242 |
#O DirectSubmissionModifiers |
243 |
|
244 |
# Use as mail submission program? See sendmail/SECURITY |
245 |
#O UseMSP |
246 |
|
247 |
# privacy flags |
248 |
O PrivacyOptions=authwarnings |
249 |
|
250 |
# who (if anyone) should get extra copies of error messages |
251 |
#O PostmasterCopy=Postmaster |
252 |
|
253 |
# slope of queue-only function |
254 |
#O QueueFactor=600000 |
255 |
|
256 |
# limit on number of concurrent queue runners |
257 |
#O MaxQueueChildren |
258 |
|
259 |
# maximum number of queue-runners per queue-grouping with multiple queues |
260 |
#O MaxRunnersPerQueue=1 |
261 |
|
262 |
# priority of queue runners (nice(3)) |
263 |
#O NiceQueueRun |
264 |
|
265 |
# shall we sort the queue by hostname first? |
266 |
#O QueueSortOrder=priority |
267 |
|
268 |
# minimum time in queue before retry |
269 |
#O MinQueueAge=30m |
270 |
|
271 |
# how many jobs can you process in the queue? |
272 |
#O MaxQueueRunSize=10000 |
273 |
|
274 |
# perform initial split of envelope without checking MX records |
275 |
#O FastSplit=1 |
276 |
|
277 |
# queue directory |
278 |
O QueueDirectory=/var/spool/mqueue |
279 |
|
280 |
# key for shared memory; 0 to turn off |
281 |
#O SharedMemoryKey=0 |
282 |
|
283 |
|
284 |
|
285 |
# timeouts (many of these) |
286 |
#O Timeout.initial=5m |
287 |
#O Timeout.connect=5m |
288 |
#O Timeout.aconnect=0s |
289 |
#O Timeout.iconnect=5m |
290 |
#O Timeout.helo=5m |
291 |
#O Timeout.mail=10m |
292 |
#O Timeout.rcpt=1h |
293 |
#O Timeout.datainit=5m |
294 |
#O Timeout.datablock=1h |
295 |
#O Timeout.datafinal=1h |
296 |
#O Timeout.rset=5m |
297 |
#O Timeout.quit=2m |
298 |
#O Timeout.misc=2m |
299 |
#O Timeout.command=1h |
300 |
#O Timeout.ident=5s |
301 |
#O Timeout.fileopen=60s |
302 |
#O Timeout.control=2m |
303 |
O Timeout.queuereturn=5d |
304 |
#O Timeout.queuereturn.normal=5d |
305 |
#O Timeout.queuereturn.urgent=2d |
306 |
#O Timeout.queuereturn.non-urgent=7d |
307 |
#O Timeout.queuereturn.dsn=5d |
308 |
O Timeout.queuewarn=4h |
309 |
#O Timeout.queuewarn.normal=4h |
310 |
#O Timeout.queuewarn.urgent=1h |
311 |
#O Timeout.queuewarn.non-urgent=12h |
312 |
#O Timeout.queuewarn.dsn=4h |
313 |
#O Timeout.hoststatus=30m |
314 |
#O Timeout.resolver.retrans=5s |
315 |
#O Timeout.resolver.retrans.first=5s |
316 |
#O Timeout.resolver.retrans.normal=5s |
317 |
#O Timeout.resolver.retry=4 |
318 |
#O Timeout.resolver.retry.first=4 |
319 |
#O Timeout.resolver.retry.normal=4 |
320 |
#O Timeout.lhlo=2m |
321 |
#O Timeout.auth=10m |
322 |
#O Timeout.starttls=1h |
323 |
|
324 |
# time for DeliverBy; extension disabled if less than 0 |
325 |
#O DeliverByMin=0 |
326 |
|
327 |
# should we not prune routes in route-addr syntax addresses? |
328 |
#O DontPruneRoutes=False |
329 |
|
330 |
# queue up everything before forking? |
331 |
O SuperSafe=True |
332 |
|
333 |
# status file |
334 |
O StatusFile=/etc/mail/statistics |
335 |
|
336 |
# time zone handling: |
337 |
# if undefined, use system default |
338 |
# if defined but null, use TZ envariable passed in |
339 |
# if defined and non-null, use that info |
340 |
#O TimeZoneSpec= |
341 |
|
342 |
# default UID (can be username or userid:groupid) |
343 |
#O DefaultUser=mailnull |
344 |
|
345 |
# list of locations of user database file (null means no lookup) |
346 |
#O UserDatabaseSpec=/etc/mail/userdb |
347 |
|
348 |
# fallback MX host |
349 |
#O FallbackMXhost=fall.back.host.net |
350 |
|
351 |
# fallback smart host |
352 |
#O FallbackSmartHost=fall.back.host.net |
353 |
|
354 |
# if we are the best MX host for a site, try it directly instead of config err |
355 |
#O TryNullMXList=False |
356 |
|
357 |
# load average at which we just queue messages |
358 |
#O QueueLA=8 |
359 |
|
360 |
# load average at which we refuse connections |
361 |
#O RefuseLA=12 |
362 |
|
363 |
# log interval when refusing connections for this long |
364 |
#O RejectLogInterval=3h |
365 |
|
366 |
# load average at which we delay connections; 0 means no limit |
367 |
#O DelayLA=0 |
368 |
|
369 |
# maximum number of children we allow at one time |
370 |
#O MaxDaemonChildren=0 |
371 |
|
372 |
# maximum number of new connections per second |
373 |
#O ConnectionRateThrottle=0 |
374 |
|
375 |
# Width of the window |
376 |
#O ConnectionRateWindowSize=60s |
377 |
|
378 |
# work recipient factor |
379 |
#O RecipientFactor=30000 |
380 |
|
381 |
# deliver each queued job in a separate process? |
382 |
#O ForkEachJob=False |
383 |
|
384 |
# work class factor |
385 |
#O ClassFactor=1800 |
386 |
|
387 |
# work time factor |
388 |
#O RetryFactor=90000 |
389 |
|
390 |
# default character set |
391 |
#O DefaultCharSet=iso-8859-1 |
392 |
|
393 |
# service switch file (name hardwired on Solaris, Ultrix, OSF/1, others) |
394 |
#O ServiceSwitchFile=/etc/mail/service.switch |
395 |
|
396 |
# hosts file (normally /etc/hosts) |
397 |
#O HostsFile=/etc/hosts |
398 |
|
399 |
# dialup line delay on connection failure |
400 |
#O DialDelay=10s |
401 |
|
402 |
# action to take if there are no recipients in the message |
403 |
#O NoRecipientAction=add-to-undisclosed |
404 |
|
405 |
# chrooted environment for writing to files |
406 |
#O SafeFileEnvironment=/arch |
407 |
|
408 |
# are colons OK in addresses? |
409 |
#O ColonOkInAddr=True |
410 |
|
411 |
# shall I avoid expanding CNAMEs (violates protocols)? |
412 |
#O DontExpandCnames=False |
413 |
|
414 |
# SMTP initial login message (old $e macro) |
415 |
O SmtpGreetingMessage=$j Sendmail $v/$Z; $b |
416 |
|
417 |
# UNIX initial From header format (old $l macro) |
418 |
O UnixFromLine=From $g $d |
419 |
|
420 |
# From: lines that have embedded newlines are unwrapped onto one line |
421 |
#O SingleLineFromHeader=False |
422 |
|
423 |
# Allow HELO SMTP command that does not include a host name |
424 |
#O AllowBogusHELO=False |
425 |
|
426 |
# Characters to be quoted in a full name phrase (@,;:\()[] are automatic) |
427 |
#O MustQuoteChars=. |
428 |
|
429 |
# delimiter (operator) characters (old $o macro) |
430 |
O OperatorChars=.:%@!^/[]+ |
431 |
|
432 |
# shall I avoid calling initgroups(3) because of high NIS costs? |
433 |
#O DontInitGroups=False |
434 |
|
435 |
# are group-writable :include: and .forward files (un)trustworthy? |
436 |
# True (the default) means they are not trustworthy. |
437 |
#O UnsafeGroupWrites=True |
438 |
|
439 |
|
440 |
# where do errors that occur when sending errors get sent? |
441 |
#O DoubleBounceAddress=postmaster |
442 |
|
443 |
# where to save bounces if all else fails |
444 |
#O DeadLetterDrop=/var/tmp/dead.letter |
445 |
|
446 |
# what user id do we assume for the majority of the processing? |
447 |
#O RunAsUser=sendmail |
448 |
|
449 |
# maximum number of recipients per SMTP envelope |
450 |
#O MaxRecipientsPerMessage=0 |
451 |
|
452 |
# limit the rate recipients per SMTP envelope are accepted |
453 |
# once the threshold number of recipients have been rejected |
454 |
#O BadRcptThrottle=0 |
455 |
|
456 |
# shall we get local names from our installed interfaces? |
457 |
#O DontProbeInterfaces=False |
458 |
|
459 |
# Return-Receipt-To: header implies DSN request |
460 |
#O RrtImpliesDsn=False |
461 |
|
462 |
# override connection address (for testing) |
463 |
#O ConnectOnlyTo=0.0.0.0 |
464 |
|
465 |
# Trusted user for file ownership and starting the daemon |
466 |
#O TrustedUser=root |
467 |
|
468 |
# Control socket for daemon management |
469 |
#O ControlSocketName=/var/spool/mqueue/.control |
470 |
|
471 |
# Maximum MIME header length to protect MUAs |
472 |
#O MaxMimeHeaderLength=0/0 |
473 |
|
474 |
# Maximum length of the sum of all headers |
475 |
O MaxHeadersLength=32768 |
476 |
|
477 |
# Maximum depth of alias recursion |
478 |
#O MaxAliasRecursion=10 |
479 |
|
480 |
# location of pid file |
481 |
#O PidFile=/var/run/sendmail.pid |
482 |
|
483 |
# Prefix string for the process title shown on 'ps' listings |
484 |
#O ProcessTitlePrefix=prefix |
485 |
|
486 |
# Data file (df) memory-buffer file maximum size |
487 |
#O DataFileBufferSize=4096 |
488 |
|
489 |
# Transcript file (xf) memory-buffer file maximum size |
490 |
#O XscriptFileBufferSize=4096 |
491 |
|
492 |
# lookup type to find information about local mailboxes |
493 |
#O MailboxDatabase=pw |
494 |
|
495 |
# override compile time flag REQUIRES_DIR_FSYNC |
496 |
#O RequiresDirfsync=true |
497 |
|
498 |
# list of authentication mechanisms |
499 |
#O AuthMechanisms=EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5 |
500 |
|
501 |
# Authentication realm |
502 |
#O AuthRealm |
503 |
|
504 |
# default authentication information for outgoing connections |
505 |
#O DefaultAuthInfo=/etc/mail/default-auth-info |
506 |
|
507 |
# SMTP AUTH flags |
508 |
#O AuthOptions |
509 |
|
510 |
# SMTP AUTH maximum encryption strength |
511 |
#O AuthMaxBits |
512 |
|
513 |
# SMTP STARTTLS server options |
514 |
#O TLSSrvOptions |
515 |
|
516 |
# Input mail filters |
517 |
#O InputMailFilters |
518 |
|
519 |
# SPFAction |
520 |
O SPFAction=2 |
521 |
|
522 |
# SPFHeaderState |
523 |
O SPFHeaderState=True |
524 |
|
525 |
# SPFBestGuessState |
526 |
O SPFBestGuessState=0 |
527 |
|
528 |
# SPFTrustedForwarderState |
529 |
O SPFTrustedForwarderState=0 |
530 |
|
531 |
# SPFExplainState |
532 |
O SPFExplainState=True |
533 |
|
534 |
# SPFBestGuess |
535 |
O SPFBestGuess=v=spf1 a/24 mx/24 ptr |
536 |
|
537 |
# SPFTrustedForwarder |
538 |
O SPFTrustedForwarder=v=spf1 include:spf.trusted-forwarder.org |
539 |
|
540 |
# SPFExplain |
541 |
O SPFExplain=See http://spf.pobox.com/why.html?sender=%{S}&ip=%{I}&receiver=%{xR} |
542 |
|
543 |
|
544 |
# CA directory |
545 |
#O CACertPath |
546 |
# CA file |
547 |
#O CACertFile |
548 |
# Server Cert |
549 |
#O ServerCertFile |
550 |
# Server private key |
551 |
#O ServerKeyFile |
552 |
# Client Cert |
553 |
#O ClientCertFile |
554 |
# Client private key |
555 |
#O ClientKeyFile |
556 |
# File containing certificate revocation lists |
557 |
#O CRLFile |
558 |
# DHParameters (only required if DSA/DH is used) |
559 |
#O DHParameters |
560 |
# Random data source (required for systems without /dev/urandom under OpenSSL) |
561 |
#O RandFile |
562 |
|
563 |
############################ |
564 |
# QUEUE GROUP DEFINITIONS # |
565 |
############################ |
566 |
|
567 |
|
568 |
########################### |
569 |
# Message precedences # |
570 |
########################### |
571 |
|
572 |
Pfirst-class=0 |
573 |
Pspecial-delivery=100 |
574 |
Plist=-30 |
575 |
Pbulk=-60 |
576 |
Pjunk=-100 |
577 |
|
578 |
##################### |
579 |
# Trusted users # |
580 |
##################### |
581 |
|
582 |
# this is equivalent to setting class "t" |
583 |
#Ft/etc/mail/trusted-users |
584 |
Troot |
585 |
Tdaemon |
586 |
Tuucp |
587 |
|
588 |
######################### |
589 |
# Format of headers # |
590 |
######################### |
591 |
|
592 |
H?P?Return-Path: <$g> |
593 |
HReceived-SPF: ${spfheader} |
594 |
HReceived: $?sfrom $s $.$?_($?s$|from $.$_) |
595 |
$.$?{auth_type}(authenticated$?{auth_ssf} bits=${auth_ssf}$.) |
596 |
$.by $j ($v/$Z)$?r with $r$. id $i$?{tls_version} |
597 |
(version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify})$.$?u |
598 |
for $u; $|; |
599 |
$.$b |
600 |
H?D?Resent-Date: $a |
601 |
H?D?Date: $a |
602 |
H?F?Resent-From: $?x$x <$g>$|$g$. |
603 |
H?F?From: $?x$x <$g>$|$g$. |
604 |
H?x?Full-Name: $x |
605 |
# HPosted-Date: $a |
606 |
# H?l?Received-Date: $b |
607 |
H?M?Resent-Message-Id: <$t.$i@$j> |
608 |
H?M?Message-Id: <$t.$i@$j> |
609 |
|
610 |
# |
611 |
###################################################################### |
612 |
###################################################################### |
613 |
##### |
614 |
##### REWRITING RULES |
615 |
##### |
616 |
###################################################################### |
617 |
###################################################################### |
618 |
|
619 |
############################################ |
620 |
### Ruleset 3 -- Name Canonicalization ### |
621 |
############################################ |
622 |
Scanonify=3 |
623 |
|
624 |
# handle null input (translate to <@> special case) |
625 |
R$@ $@ <@> |
626 |
|
627 |
# strip group: syntax (not inside angle brackets!) and trailing semicolon |
628 |
R$* $: $1 <@> mark addresses |
629 |
R$* < $* > $* <@> $: $1 < $2 > $3 unmark <addr> |
630 |
R@ $* <@> $: @ $1 unmark @host:... |
631 |
R$* [ IPv6 : $+ ] <@> $: $1 [ IPv6 : $2 ] unmark IPv6 addr |
632 |
R$* :: $* <@> $: $1 :: $2 unmark node::addr |
633 |
R:include: $* <@> $: :include: $1 unmark :include:... |
634 |
R$* : $* [ $* ] $: $1 : $2 [ $3 ] <@> remark if leading colon |
635 |
R$* : $* <@> $: $2 strip colon if marked |
636 |
R$* <@> $: $1 unmark |
637 |
R$* ; $1 strip trailing semi |
638 |
R$* < $+ :; > $* $@ $2 :; <@> catch <list:;> |
639 |
R$* < $* ; > $1 < $2 > bogus bracketed semi |
640 |
|
641 |
# null input now results from list:; syntax |
642 |
R$@ $@ :; <@> |
643 |
|
644 |
# strip angle brackets -- note RFC733 heuristic to get innermost item |
645 |
R$* $: < $1 > housekeeping <> |
646 |
R$+ < $* > < $2 > strip excess on left |
647 |
R< $* > $+ < $1 > strip excess on right |
648 |
R<> $@ < @ > MAIL FROM:<> case |
649 |
R< $+ > $: $1 remove housekeeping <> |
650 |
|
651 |
# strip route address <@a,@b,@c:user@d> -> <user@d> |
652 |
R@ $+ , $+ $2 |
653 |
R@ [ $* ] : $+ $2 |
654 |
R@ $+ : $+ $2 |
655 |
|
656 |
# find focus for list syntax |
657 |
R $+ : $* ; @ $+ $@ $>Canonify2 $1 : $2 ; < @ $3 > list syntax |
658 |
R $+ : $* ; $@ $1 : $2; list syntax |
659 |
|
660 |
# find focus for @ syntax addresses |
661 |
R$+ @ $+ $: $1 < @ $2 > focus on domain |
662 |
R$+ < $+ @ $+ > $1 $2 < @ $3 > move gaze right |
663 |
R$+ < @ $+ > $@ $>Canonify2 $1 < @ $2 > already canonical |
664 |
|
665 |
|
666 |
# convert old-style addresses to a domain-based address |
667 |
R$- ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > resolve uucp names |
668 |
R$+ . $- ! $+ $@ $>Canonify2 $3 < @ $1 . $2 > domain uucps |
669 |
R$+ ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > uucp subdomains |
670 |
|
671 |
# if we have % signs, take the rightmost one |
672 |
R$* % $* $1 @ $2 First make them all @s. |
673 |
R$* @ $* @ $* $1 % $2 @ $3 Undo all but the last. |
674 |
R$* @ $* $@ $>Canonify2 $1 < @ $2 > Insert < > and finish |
675 |
|
676 |
# else we must be a local name |
677 |
R$* $@ $>Canonify2 $1 |
678 |
|
679 |
|
680 |
################################################ |
681 |
### Ruleset 96 -- bottom half of ruleset 3 ### |
682 |
################################################ |
683 |
|
684 |
SCanonify2=96 |
685 |
|
686 |
# handle special cases for local names |
687 |
R$* < @ localhost > $* $: $1 < @ $j . > $2 no domain at all |
688 |
R$* < @ localhost . $m > $* $: $1 < @ $j . > $2 local domain |
689 |
R$* < @ localhost . UUCP > $* $: $1 < @ $j . > $2 .UUCP domain |
690 |
|
691 |
# check for IPv4/IPv6 domain literal |
692 |
R$* < @ [ $+ ] > $* $: $1 < @@ [ $2 ] > $3 mark [addr] |
693 |
R$* < @@ $=w > $* $: $1 < @ $j . > $3 self-literal |
694 |
R$* < @@ $+ > $* $@ $1 < @ $2 > $3 canon IP addr |
695 |
|
696 |
|
697 |
|
698 |
|
699 |
|
700 |
# if really UUCP, handle it immediately |
701 |
|
702 |
# try UUCP traffic as a local address |
703 |
R$* < @ $+ . UUCP > $* $: $1 < @ $[ $2 $] . UUCP . > $3 |
704 |
R$* < @ $+ . . UUCP . > $* $@ $1 < @ $2 . > $3 |
705 |
|
706 |
# hostnames ending in class P are always canonical |
707 |
R$* < @ $* $=P > $* $: $1 < @ $2 $3 . > $4 |
708 |
R$* < @ $* $~P > $* $: $&{daemon_flags} $| $1 < @ $2 $3 > $4 |
709 |
R$* CC $* $| $* < @ $+.$+ > $* $: $3 < @ $4.$5 . > $6 |
710 |
R$* CC $* $| $* $: $3 |
711 |
# pass to name server to make hostname canonical |
712 |
R$* $| $* < @ $* > $* $: $2 < @ $[ $3 $] > $4 |
713 |
R$* $| $* $: $2 |
714 |
|
715 |
# local host aliases and pseudo-domains are always canonical |
716 |
R$* < @ $=w > $* $: $1 < @ $2 . > $3 |
717 |
R$* < @ $=M > $* $: $1 < @ $2 . > $3 |
718 |
R$* < @ $* . . > $* $1 < @ $2 . > $3 |
719 |
|
720 |
|
721 |
################################################## |
722 |
### Ruleset 4 -- Final Output Post-rewriting ### |
723 |
################################################## |
724 |
Sfinal=4 |
725 |
|
726 |
R$+ :; <@> $@ $1 : handle <list:;> |
727 |
R$* <@> $@ handle <> and list:; |
728 |
|
729 |
# strip trailing dot off possibly canonical name |
730 |
R$* < @ $+ . > $* $1 < @ $2 > $3 |
731 |
|
732 |
# eliminate internal code |
733 |
R$* < @ *LOCAL* > $* $1 < @ $j > $2 |
734 |
|
735 |
# externalize local domain info |
736 |
R$* < $+ > $* $1 $2 $3 defocus |
737 |
R@ $+ : @ $+ : $+ @ $1 , @ $2 : $3 <route-addr> canonical |
738 |
R@ $* $@ @ $1 ... and exit |
739 |
|
740 |
# UUCP must always be presented in old form |
741 |
R$+ @ $- . UUCP $2!$1 u@h.UUCP => h!u |
742 |
|
743 |
# delete duplicate local names |
744 |
R$+ % $=w @ $=w $1 @ $2 u%host@host => u@host |
745 |
|
746 |
|
747 |
|
748 |
############################################################## |
749 |
### Ruleset 97 -- recanonicalize and call ruleset zero ### |
750 |
### (used for recursive calls) ### |
751 |
############################################################## |
752 |
|
753 |
SRecurse=97 |
754 |
R$* $: $>canonify $1 |
755 |
R$* $@ $>parse $1 |
756 |
|
757 |
|
758 |
###################################### |
759 |
### Ruleset 0 -- Parse Address ### |
760 |
###################################### |
761 |
|
762 |
Sparse=0 |
763 |
|
764 |
R$* $: $>Parse0 $1 initial parsing |
765 |
R<@> $#local $: <@> special case error msgs |
766 |
R$* $: $>ParseLocal $1 handle local hacks |
767 |
R$* $: $>Parse1 $1 final parsing |
768 |
|
769 |
# |
770 |
# Parse0 -- do initial syntax checking and eliminate local addresses. |
771 |
# This should either return with the (possibly modified) input |
772 |
# or return with a #error mailer. It should not return with a |
773 |
# #mailer other than the #error mailer. |
774 |
# |
775 |
|
776 |
SParse0 |
777 |
R<@> $@ <@> special case error msgs |
778 |
R$* : $* ; <@> $#error $@ 5.1.3 $: "553 List:; syntax illegal for recipient addresses" |
779 |
R@ <@ $* > < @ $1 > catch "@@host" bogosity |
780 |
R<@ $+> $#error $@ 5.1.3 $: "553 User address required" |
781 |
R$+ <@> $#error $@ 5.1.3 $: "553 Hostname required" |
782 |
R$* $: <> $1 |
783 |
R<> $* < @ [ $* ] : $+ > $* $1 < @ [ $2 ] : $3 > $4 |
784 |
R<> $* < @ [ $* ] , $+ > $* $1 < @ [ $2 ] , $3 > $4 |
785 |
R<> $* < @ [ $* ] $+ > $* $#error $@ 5.1.2 $: "553 Invalid address" |
786 |
R<> $* < @ [ $+ ] > $* $1 < @ [ $2 ] > $3 |
787 |
R<> $* <$* : $* > $* $#error $@ 5.1.3 $: "553 Colon illegal in host name part" |
788 |
R<> $* $1 |
789 |
R$* < @ . $* > $* $#error $@ 5.1.2 $: "553 Invalid host name" |
790 |
R$* < @ $* .. $* > $* $#error $@ 5.1.2 $: "553 Invalid host name" |
791 |
R$* < @ $* @ > $* $#error $@ 5.1.2 $: "553 Invalid route address" |
792 |
R$* @ $* < @ $* > $* $#error $@ 5.1.3 $: "553 Invalid route address" |
793 |
R$* , $~O $* $#error $@ 5.1.3 $: "553 Invalid route address" |
794 |
|
795 |
|
796 |
# now delete the local info -- note $=O to find characters that cause forwarding |
797 |
R$* < @ > $* $@ $>Parse0 $>canonify $1 user@ => user |
798 |
R< @ $=w . > : $* $@ $>Parse0 $>canonify $2 @here:... -> ... |
799 |
R$- < @ $=w . > $: $(dequote $1 $) < @ $2 . > dequote "foo"@here |
800 |
R< @ $+ > $#error $@ 5.1.3 $: "553 User address required" |
801 |
R$* $=O $* < @ $=w . > $@ $>Parse0 $>canonify $1 $2 $3 ...@here -> ... |
802 |
R$- $: $(dequote $1 $) < @ *LOCAL* > dequote "foo" |
803 |
R< @ *LOCAL* > $#error $@ 5.1.3 $: "553 User address required" |
804 |
R$* $=O $* < @ *LOCAL* > |
805 |
$@ $>Parse0 $>canonify $1 $2 $3 ...@*LOCAL* -> ... |
806 |
R$* < @ *LOCAL* > $: $1 |
807 |
|
808 |
# |
809 |
# Parse1 -- the bottom half of ruleset 0. |
810 |
# |
811 |
|
812 |
SParse1 |
813 |
|
814 |
# handle numeric address spec |
815 |
R$* < @ [ $+ ] > $* $: $>ParseLocal $1 < @ [ $2 ] > $3 numeric internet spec |
816 |
R$* < @ [ $+ ] > $* $: $1 < @ [ $2 ] : $S > $3 Add smart host to path |
817 |
R$* < @ [ $+ ] : > $* $#esmtp $@ [$2] $: $1 < @ [$2] > $3 no smarthost: send |
818 |
R$* < @ [ $+ ] : $- : $*> $* $#$3 $@ $4 $: $1 < @ [$2] > $5 smarthost with mailer |
819 |
R$* < @ [ $+ ] : $+ > $* $#esmtp $@ $3 $: $1 < @ [$2] > $4 smarthost without mailer |
820 |
|
821 |
|
822 |
# short circuit local delivery so forwarded email works |
823 |
|
824 |
|
825 |
R$=L < @ $=w . > $#local $: @ $1 special local names |
826 |
R$+ < @ $=w . > $#local $: $1 regular local name |
827 |
|
828 |
|
829 |
# resolve remotely connected UUCP links (if any) |
830 |
|
831 |
# resolve fake top level domains by forwarding to other hosts |
832 |
|
833 |
|
834 |
|
835 |
# pass names that still have a host to a smarthost (if defined) |
836 |
R$* < @ $* > $* $: $>MailerToTriple < $S > $1 < @ $2 > $3 glue on smarthost name |
837 |
|
838 |
# deal with other remote names |
839 |
R$* < @$* > $* $#esmtp $@ $2 $: $1 < @ $2 > $3 user@host.domain |
840 |
|
841 |
# handle locally delivered names |
842 |
R$=L $#local $: @ $1 special local names |
843 |
R$+ $#local $: $1 regular local names |
844 |
|
845 |
########################################################################### |
846 |
### Ruleset 5 -- special rewriting after aliases have been expanded ### |
847 |
########################################################################### |
848 |
|
849 |
SLocal_localaddr |
850 |
Slocaladdr=5 |
851 |
R$+ $: $1 $| $>"Local_localaddr" $1 |
852 |
R$+ $| $#ok $@ $1 no change |
853 |
R$+ $| $#$* $#$2 |
854 |
R$+ $| $* $: $1 |
855 |
|
856 |
|
857 |
|
858 |
|
859 |
# deal with plussed users so aliases work nicely |
860 |
R$+ + * $#local $@ $&h $: $1 |
861 |
R$+ + $* $#local $@ + $2 $: $1 + * |
862 |
|
863 |
# prepend an empty "forward host" on the front |
864 |
R$+ $: <> $1 |
865 |
|
866 |
|
867 |
|
868 |
R< > $+ $: < > < $1 <> $&h > nope, restore +detail |
869 |
|
870 |
R< > < $+ <> + $* > $: < > < $1 + $2 > check whether +detail |
871 |
R< > < $+ <> $* > $: < > < $1 > else discard |
872 |
R< > < $+ + $* > $* < > < $1 > + $2 $3 find the user part |
873 |
R< > < $+ > + $* $#local $@ $2 $: @ $1 strip the extra + |
874 |
R< > < $+ > $@ $1 no +detail |
875 |
R$+ $: $1 <> $&h add +detail back in |
876 |
|
877 |
R$+ <> + $* $: $1 + $2 check whether +detail |
878 |
R$+ <> $* $: $1 else discard |
879 |
R< local : $* > $* $: $>MailerToTriple < local : $1 > $2 no host extension |
880 |
R< error : $* > $* $: $>MailerToTriple < error : $1 > $2 no host extension |
881 |
|
882 |
R< $~[ : $+ > $+ $: $>MailerToTriple < $1 : $2 > $3 < @ $2 > |
883 |
|
884 |
R< $+ > $+ $@ $>MailerToTriple < $1 > $2 < @ $1 > |
885 |
|
886 |
|
887 |
################################################################### |
888 |
### Ruleset 95 -- canonify mailer:[user@]host syntax to triple ### |
889 |
################################################################### |
890 |
|
891 |
SMailerToTriple=95 |
892 |
R< > $* $@ $1 strip off null relay |
893 |
R< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4 |
894 |
R< error : $- : $+ > $* $#error $@ $(dequote $1 $) $: $2 |
895 |
R< error : $+ > $* $#error $: $1 |
896 |
R< local : $* > $* $>CanonLocal < $1 > $2 |
897 |
R< $~[ : $+ @ $+ > $*<$*>$* $# $1 $@ $3 $: $2<@$3> use literal user |
898 |
R< $~[ : $+ > $* $# $1 $@ $2 $: $3 try qualified mailer |
899 |
R< $=w > $* $@ $2 delete local host |
900 |
R< $+ > $* $#relay $@ $1 $: $2 use unqualified mailer |
901 |
|
902 |
################################################################### |
903 |
### Ruleset CanonLocal -- canonify local: syntax ### |
904 |
################################################################### |
905 |
|
906 |
SCanonLocal |
907 |
# strip local host from routed addresses |
908 |
R< $* > < @ $+ > : $+ $@ $>Recurse $3 |
909 |
R< $* > $+ $=O $+ < @ $+ > $@ $>Recurse $2 $3 $4 |
910 |
|
911 |
# strip trailing dot from any host name that may appear |
912 |
R< $* > $* < @ $* . > $: < $1 > $2 < @ $3 > |
913 |
|
914 |
# handle local: syntax -- use old user, either with or without host |
915 |
R< > $* < @ $* > $* $#local $@ $1@$2 $: $1 |
916 |
R< > $+ $#local $@ $1 $: $1 |
917 |
|
918 |
# handle local:user@host syntax -- ignore host part |
919 |
R< $+ @ $+ > $* < @ $* > $: < $1 > $3 < @ $4 > |
920 |
|
921 |
# handle local:user syntax |
922 |
R< $+ > $* <@ $* > $* $#local $@ $2@$3 $: $1 |
923 |
R< $+ > $* $#local $@ $2 $: $1 |
924 |
|
925 |
################################################################### |
926 |
### Ruleset 93 -- convert header names to masqueraded form ### |
927 |
################################################################### |
928 |
|
929 |
SMasqHdr=93 |
930 |
|
931 |
|
932 |
# do not masquerade anything in class N |
933 |
R$* < @ $* $=N . > $@ $1 < @ $2 $3 . > |
934 |
|
935 |
R$* < @ *LOCAL* > $@ $1 < @ $j . > |
936 |
|
937 |
################################################################### |
938 |
### Ruleset 94 -- convert envelope names to masqueraded form ### |
939 |
################################################################### |
940 |
|
941 |
SMasqEnv=94 |
942 |
R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2 |
943 |
|
944 |
################################################################### |
945 |
### Ruleset 98 -- local part of ruleset zero (can be null) ### |
946 |
################################################################### |
947 |
|
948 |
SParseLocal=98 |
949 |
|
950 |
# addresses sent to foo@host.REDIRECT will give a 551 error code |
951 |
R$* < @ $+ .REDIRECT. > $: $1 < @ $2 . REDIRECT . > < ${opMode} > |
952 |
R$* < @ $+ .REDIRECT. > <i> $: $1 < @ $2 . REDIRECT. > |
953 |
R$* < @ $+ .REDIRECT. > < $- > $#error $@ 5.1.1 $: "551 User has moved; please try " <$1@$2> |
954 |
|
955 |
|
956 |
|
957 |
|
958 |
|
959 |
###################################################################### |
960 |
### CanonAddr -- Convert an address into a standard form for |
961 |
### relay checking. Route address syntax is |
962 |
### crudely converted into a %-hack address. |
963 |
### |
964 |
### Parameters: |
965 |
### $1 -- full recipient address |
966 |
### |
967 |
### Returns: |
968 |
### parsed address, not in source route form |
969 |
###################################################################### |
970 |
|
971 |
SCanonAddr |
972 |
R$* $: $>Parse0 $>canonify $1 make domain canonical |
973 |
|
974 |
|
975 |
###################################################################### |
976 |
### ParseRecipient -- Strip off hosts in $=R as well as possibly |
977 |
### $* $=m or the access database. |
978 |
### Check user portion for host separators. |
979 |
### |
980 |
### Parameters: |
981 |
### $1 -- full recipient address |
982 |
### |
983 |
### Returns: |
984 |
### parsed, non-local-relaying address |
985 |
###################################################################### |
986 |
|
987 |
SParseRecipient |
988 |
R$* $: <?> $>CanonAddr $1 |
989 |
R<?> $* < @ $* . > <?> $1 < @ $2 > strip trailing dots |
990 |
R<?> $- < @ $* > $: <?> $(dequote $1 $) < @ $2 > dequote local part |
991 |
|
992 |
# if no $=O character, no host in the user portion, we are done |
993 |
R<?> $* $=O $* < @ $* > $: <NO> $1 $2 $3 < @ $4> |
994 |
R<?> $* $@ $1 |
995 |
|
996 |
|
997 |
R<NO> $* < @ $* $=R > $: <RELAY> $1 < @ $2 $3 > |
998 |
|
999 |
|
1000 |
|
1001 |
R<RELAY> $* < @ $* > $@ $>ParseRecipient $1 |
1002 |
R<$+> $* $@ $2 |
1003 |
|
1004 |
|
1005 |
###################################################################### |
1006 |
### check_relay -- check hostname/address on SMTP startup |
1007 |
###################################################################### |
1008 |
|
1009 |
|
1010 |
|
1011 |
SLocal_check_relay |
1012 |
Scheckrelay |
1013 |
R$* $: $1 $| $>"Local_check_relay" $1 |
1014 |
R$* $| $* $| $#$* $#$3 |
1015 |
R$* $| $* $| $* $@ $>"Basic_check_relay" $1 $| $2 |
1016 |
|
1017 |
SBasic_check_relay |
1018 |
# check for deferred delivery mode |
1019 |
R$* $: < $&{deliveryMode} > $1 |
1020 |
R< d > $* $@ deferred |
1021 |
R< $* > $* $: $2 |
1022 |
|
1023 |
|
1024 |
|
1025 |
# Checks the SPF records of sending domain |
1026 |
R$* $: $1 $| <?>$&{spfreject}<?> |
1027 |
R$* $| <?>1<?> $#error $@ 5.7.1 $: "550 Mail from [" $&{client_addr} "] Rejected. " $&{spfexplain} |
1028 |
R$* $| <?>$* $: $1 |
1029 |
|
1030 |
|
1031 |
###################################################################### |
1032 |
### check_mail -- check SMTP `MAIL FROM:' command argument |
1033 |
###################################################################### |
1034 |
|
1035 |
SLocal_check_mail |
1036 |
Scheckmail |
1037 |
R$* $: $1 $| $>"Local_check_mail" $1 |
1038 |
R$* $| $#$* $#$2 |
1039 |
R$* $| $* $@ $>"Basic_check_mail" $1 |
1040 |
|
1041 |
SBasic_check_mail |
1042 |
# check for deferred delivery mode |
1043 |
R$* $: < $&{deliveryMode} > $1 |
1044 |
R< d > $* $@ deferred |
1045 |
R< $* > $* $: $2 |
1046 |
|
1047 |
# authenticated? |
1048 |
R$* $: $1 $| $>"tls_client" $&{verify} $| MAIL |
1049 |
R$* $| $#$+ $#$2 |
1050 |
R$* $| $* $: $1 |
1051 |
|
1052 |
R<> $@ <OK> we MUST accept <> (RFC 1123) |
1053 |
R$+ $: <?> $1 |
1054 |
R<?><$+> $: <@> <$1> |
1055 |
R<?>$+ $: <@> <$1> |
1056 |
R$* $: $&{daemon_flags} $| $1 |
1057 |
R$* f $* $| <@> < $* @ $- > $: < ? $&{client_name} > < $3 @ $4 > |
1058 |
R$* u $* $| <@> < $* > $: <?> < $3 > |
1059 |
R$* $| $* $: $2 |
1060 |
# handle case of @localhost on address |
1061 |
R<@> < $* @ localhost > $: < ? $&{client_name} > < $1 @ localhost > |
1062 |
R<@> < $* @ [127.0.0.1] > |
1063 |
$: < ? $&{client_name} > < $1 @ [127.0.0.1] > |
1064 |
R<@> < $* @ localhost.$m > |
1065 |
$: < ? $&{client_name} > < $1 @ localhost.$m > |
1066 |
R<@> < $* @ localhost.UUCP > |
1067 |
$: < ? $&{client_name} > < $1 @ localhost.UUCP > |
1068 |
R<@> $* $: $1 no localhost as domain |
1069 |
R<? $=w> $* $: $2 local client: ok |
1070 |
R<? $+> <$+> $#error $@ 5.5.4 $: "553 Real domain name required for sender address" |
1071 |
R<?> $* $: $1 |
1072 |
R$* $: <?> $>CanonAddr $1 canonify sender address and mark it |
1073 |
R<?> $* < @ $+ . > <?> $1 < @ $2 > strip trailing dots |
1074 |
# handle non-DNS hostnames (*.bitnet, *.decnet, *.uucp, etc) |
1075 |
R<?> $* < @ $* $=P > $: <OKR> $1 < @ $2 $3 > |
1076 |
R<?> $* < @ $j > $: <OKR> $1 < @ $j > |
1077 |
R<?> $* < @ $+ > $: <? $(resolve $2 $: $2 <PERM> $) > $1 < @ $2 > |
1078 |
R<? $* <$->> $* < @ $+ > |
1079 |
$: <$2> $3 < @ $4 > |
1080 |
|
1081 |
|
1082 |
# handle case of no @domain on address |
1083 |
R<?> $* $: $&{daemon_flags} $| <?> $1 |
1084 |
R$* u $* $| <?> $* $: <OKR> $3 |
1085 |
R$* $| $* $: $2 |
1086 |
R<?> $* $: < ? $&{client_addr} > $1 |
1087 |
R<?> $* $@ <OKR> ...local unqualed ok |
1088 |
R<? $+> $* $#error $@ 5.5.4 $: "553 Domain name required for sender address " $&f |
1089 |
...remote is not |
1090 |
# check results |
1091 |
R<?> $* $: @ $1 mark address: nothing known about it |
1092 |
R<$={ResOk}> $* $@ <OKR> domain ok: stop |
1093 |
R<TEMP> $* $#error $@ 4.1.8 $: "451 Domain of sender address " $&f " does not resolve" |
1094 |
R<PERM> $* $#error $@ 5.1.8 $: "553 Domain of sender address " $&f " does not exist" |
1095 |
|
1096 |
###################################################################### |
1097 |
### check_rcpt -- check SMTP `RCPT TO:' command argument |
1098 |
###################################################################### |
1099 |
|
1100 |
SLocal_check_rcpt |
1101 |
Scheckrcpt |
1102 |
R$* $: $1 $| $>"Local_check_rcpt" $1 |
1103 |
R$* $| $#$* $#$2 |
1104 |
R$* $| $* $@ $>"Basic_check_rcpt" $1 |
1105 |
|
1106 |
SBasic_check_rcpt |
1107 |
# empty address? |
1108 |
R<> $#error $@ nouser $: "553 User address required" |
1109 |
R$@ $#error $@ nouser $: "553 User address required" |
1110 |
# check for deferred delivery mode |
1111 |
R$* $: < $&{deliveryMode} > $1 |
1112 |
R< d > $* $@ deferred |
1113 |
R< $* > $* $: $2 |
1114 |
|
1115 |
|
1116 |
###################################################################### |
1117 |
R$* $: $1 $| @ $>"Rcpt_ok" $1 |
1118 |
R$* $| @ $#TEMP $+ $: $1 $| T $2 |
1119 |
R$* $| @ $#$* $#$2 |
1120 |
R$* $| @ RELAY $@ RELAY |
1121 |
R$* $| @ $* $: O $| $>"Relay_ok" $1 |
1122 |
R$* $| T $+ $: T $2 $| $>"Relay_ok" $1 |
1123 |
R$* $| $#TEMP $+ $#error $2 |
1124 |
R$* $| $#$* $#$2 |
1125 |
R$* $| RELAY $@ RELAY |
1126 |
R T $+ $| $* $#error $1 |
1127 |
# anything else is bogus |
1128 |
R$* $#error $@ 5.7.1 $: "550 Relaying denied" |
1129 |
|
1130 |
|
1131 |
###################################################################### |
1132 |
### Rcpt_ok: is the recipient ok? |
1133 |
###################################################################### |
1134 |
SRcpt_ok |
1135 |
R$* $: $>ParseRecipient $1 strip relayable hosts |
1136 |
|
1137 |
|
1138 |
|
1139 |
|
1140 |
# authenticated via TLS? |
1141 |
R$* $: $1 $| $>RelayTLS client authenticated? |
1142 |
R$* $| $# $+ $# $2 error/ok? |
1143 |
R$* $| $* $: $1 no |
1144 |
|
1145 |
R$* $: $1 $| $>"Local_Relay_Auth" $&{auth_type} |
1146 |
R$* $| $# $* $# $2 |
1147 |
R$* $| NO $: $1 |
1148 |
R$* $| $* $: $1 $| $&{auth_type} |
1149 |
R$* $| $: $1 |
1150 |
R$* $| $={TrustAuthMech} $# RELAY |
1151 |
R$* $| $* $: $1 |
1152 |
# anything terminating locally is ok |
1153 |
R$+ < @ $=w > $@ RELAY |
1154 |
R$+ < @ $* $=R > $@ RELAY |
1155 |
|
1156 |
|
1157 |
|
1158 |
|
1159 |
# check for local user (i.e. unqualified address) |
1160 |
R$* $: <?> $1 |
1161 |
R<?> $* < @ $+ > $: <REMOTE> $1 < @ $2 > |
1162 |
# local user is ok |
1163 |
R<?> $+ $@ RELAY |
1164 |
R<$+> $* $: $2 |
1165 |
|
1166 |
###################################################################### |
1167 |
### Relay_ok: is the relay/sender ok? |
1168 |
###################################################################### |
1169 |
SRelay_ok |
1170 |
# anything originating locally is ok |
1171 |
# check IP address |
1172 |
R$* $: $&{client_addr} |
1173 |
R$@ $@ RELAY originated locally |
1174 |
R0 $@ RELAY originated locally |
1175 |
R127.0.0.1 $@ RELAY originated locally |
1176 |
RIPv6:::1 $@ RELAY originated locally |
1177 |
R$=R $* $@ RELAY relayable IP address |
1178 |
R$* $: [ $1 ] put brackets around it... |
1179 |
R$=w $@ RELAY ... and see if it is local |
1180 |
|
1181 |
|
1182 |
# check client name: first: did it resolve? |
1183 |
R$* $: < $&{client_resolve} > |
1184 |
R<TEMP> $#TEMP $@ 4.4.0 $: "450 Relaying temporarily denied. Cannot resolve PTR record for " $&{client_addr} |
1185 |
R<FORGED> $#error $@ 5.7.1 $: "550 Relaying denied. IP name possibly forged " $&{client_name} |
1186 |
R<FAIL> $#error $@ 5.7.1 $: "550 Relaying denied. IP name lookup failed " $&{client_name} |
1187 |
R$* $: <@> $&{client_name} |
1188 |
# pass to name server to make hostname canonical |
1189 |
R<@> $* $=P $:<?> $1 $2 |
1190 |
R<@> $+ $:<?> $[ $1 $] |
1191 |
R$* . $1 strip trailing dots |
1192 |
R<?> $=w $@ RELAY |
1193 |
R<?> $* $=R $@ RELAY |
1194 |
|
1195 |
# turn a canonical address in the form user<@domain> |
1196 |
# qualify unqual. addresses with $j |
1197 |
SFullAddr |
1198 |
R$* <@ $+ . > $1 <@ $2 > |
1199 |
R$* <@ $* > $@ $1 <@ $2 > |
1200 |
R$+ $@ $1 <@ $j > |
1201 |
|
1202 |
SDelay_TLS_Clt |
1203 |
# authenticated? |
1204 |
R$* $: $1 $| $>"tls_client" $&{verify} $| MAIL |
1205 |
R$* $| $#$+ $#$2 |
1206 |
R$* $| $* $# $1 |
1207 |
R$* $# $1 |
1208 |
|
1209 |
SDelay_TLS_Clt2 |
1210 |
# authenticated? |
1211 |
R$* $: $1 $| $>"tls_client" $&{verify} $| MAIL |
1212 |
R$* $| $#$+ $#$2 |
1213 |
R$* $| $* $@ $1 |
1214 |
R$* $@ $1 |
1215 |
|
1216 |
# call all necessary rulesets |
1217 |
Scheck_rcpt |
1218 |
# R$@ $#error $@ 5.1.3 $: "553 Recipient address required" |
1219 |
|
1220 |
R$+ $: $1 $| $>checkrcpt $1 |
1221 |
R$+ $| $#error $* $#error $2 |
1222 |
R$+ $| $#discard $* $#discard $2 |
1223 |
R$+ $| $#$* $@ $>"Delay_TLS_Clt" $2 |
1224 |
R$+ $| $* $: <?> $>FullAddr $>CanonAddr $1 |
1225 |
R$* $: $1 $| $>checkmail <$&f> |
1226 |
R$* $| $#$* $#$2 |
1227 |
R$* $| $* $: $1 $| $>checkrelay $&{client_name} $| $&{client_addr} |
1228 |
R$* $| $#$* $#$2 |
1229 |
R$* $| $* $: $1 |
1230 |
|
1231 |
|
1232 |
|
1233 |
|
1234 |
###################################################################### |
1235 |
### trust_auth: is user trusted to authenticate as someone else? |
1236 |
### |
1237 |
### Parameters: |
1238 |
### $1: AUTH= parameter from MAIL command |
1239 |
###################################################################### |
1240 |
|
1241 |
SLocal_trust_auth |
1242 |
Strust_auth |
1243 |
R$* $: $&{auth_type} $| $1 |
1244 |
# required by RFC 2554 section 4. |
1245 |
R$@ $| $* $#error $@ 5.7.1 $: "550 not authenticated" |
1246 |
R$* $| $&{auth_authen} $@ identical |
1247 |
R$* $| <$&{auth_authen}> $@ identical |
1248 |
R$* $| $* $: $1 $| $>"Local_trust_auth" $2 |
1249 |
R$* $| $#$* $#$2 |
1250 |
R$* $#error $@ 5.7.1 $: "550 " $&{auth_authen} " not allowed to act as " $&{auth_author} |
1251 |
|
1252 |
###################################################################### |
1253 |
### Relay_Auth: allow relaying based on authentication? |
1254 |
### |
1255 |
### Parameters: |
1256 |
### $1: ${auth_type} |
1257 |
###################################################################### |
1258 |
SLocal_Relay_Auth |
1259 |
|
1260 |
###################################################################### |
1261 |
### srv_features: which features to offer to a client? |
1262 |
### (done in server) |
1263 |
###################################################################### |
1264 |
Ssrv_features |
1265 |
|
1266 |
|
1267 |
###################################################################### |
1268 |
### try_tls: try to use STARTTLS? |
1269 |
### (done in client) |
1270 |
###################################################################### |
1271 |
Stry_tls |
1272 |
|
1273 |
|
1274 |
###################################################################### |
1275 |
### tls_rcpt: is connection with server "good" enough? |
1276 |
### (done in client, per recipient) |
1277 |
### |
1278 |
### Parameters: |
1279 |
### $1: recipient |
1280 |
###################################################################### |
1281 |
Stls_rcpt |
1282 |
|
1283 |
|
1284 |
###################################################################### |
1285 |
### tls_client: is connection with client "good" enough? |
1286 |
### (done in server) |
1287 |
### |
1288 |
### Parameters: |
1289 |
### ${verify} $| (MAIL|STARTTLS) |
1290 |
###################################################################### |
1291 |
Stls_client |
1292 |
R$* $| $* $@ $>"TLS_connection" $1 |
1293 |
|
1294 |
###################################################################### |
1295 |
### tls_server: is connection with server "good" enough? |
1296 |
### (done in client) |
1297 |
### |
1298 |
### Parameter: |
1299 |
### ${verify} |
1300 |
###################################################################### |
1301 |
Stls_server |
1302 |
R$* $@ $>"TLS_connection" $1 |
1303 |
|
1304 |
###################################################################### |
1305 |
### TLS_connection: is TLS connection "good" enough? |
1306 |
### |
1307 |
### Parameters: |
1308 |
### ${verify} |
1309 |
### Requirement: RHS from access map, may be ? for none. |
1310 |
###################################################################### |
1311 |
STLS_connection |
1312 |
RSOFTWARE $#error $@ 4.7.0 $: "403 TLS handshake." |
1313 |
|
1314 |
|
1315 |
###################################################################### |
1316 |
### RelayTLS: allow relaying based on TLS authentication |
1317 |
### |
1318 |
### Parameters: |
1319 |
### none |
1320 |
###################################################################### |
1321 |
SRelayTLS |
1322 |
# authenticated? |
1323 |
|
1324 |
###################################################################### |
1325 |
### authinfo: lookup authinfo in the access map |
1326 |
### |
1327 |
### Parameters: |
1328 |
### $1: {server_name} |
1329 |
### $2: {server_addr} |
1330 |
###################################################################### |
1331 |
Sauthinfo |
1332 |
|
1333 |
|
1334 |
|
1335 |
|
1336 |
|
1337 |
# |
1338 |
###################################################################### |
1339 |
###################################################################### |
1340 |
##### |
1341 |
##### MAIL FILTER DEFINITIONS |
1342 |
##### |
1343 |
###################################################################### |
1344 |
###################################################################### |
1345 |
|
1346 |
# |
1347 |
###################################################################### |
1348 |
###################################################################### |
1349 |
##### |
1350 |
##### MAILER DEFINITIONS |
1351 |
##### |
1352 |
###################################################################### |
1353 |
###################################################################### |
1354 |
|
1355 |
|
1356 |
################################################## |
1357 |
### Local and Program Mailer specification ### |
1358 |
################################################## |
1359 |
|
1360 |
##### $Id: sendmail.cf,v 1.1.1.1 2004/08/28 17:53:34 jcouzens Exp $ ##### |
1361 |
|
1362 |
# |
1363 |
# Envelope sender rewriting |
1364 |
# |
1365 |
SEnvFromL |
1366 |
R<@> $n errors to mailer-daemon |
1367 |
R@ <@ $*> $n temporarily bypass Sun bogosity |
1368 |
R$+ $: $>AddDomain $1 add local domain if needed |
1369 |
R$* $: $>MasqEnv $1 do masquerading |
1370 |
|
1371 |
# |
1372 |
# Envelope recipient rewriting |
1373 |
# |
1374 |
SEnvToL |
1375 |
R$+ < @ $* > $: $1 strip host part |
1376 |
R$+ + $* $: < $&{addr_type} > $1 + $2 mark with addr type |
1377 |
R<e s> $+ + $* $: $1 remove +detail for sender |
1378 |
R< $* > $+ $: $2 else remove mark |
1379 |
|
1380 |
# |
1381 |
# Header sender rewriting |
1382 |
# |
1383 |
SHdrFromL |
1384 |
R<@> $n errors to mailer-daemon |
1385 |
R@ <@ $*> $n temporarily bypass Sun bogosity |
1386 |
R$+ $: $>AddDomain $1 add local domain if needed |
1387 |
R$* $: $>MasqHdr $1 do masquerading |
1388 |
|
1389 |
# |
1390 |
# Header recipient rewriting |
1391 |
# |
1392 |
SHdrToL |
1393 |
R$+ $: $>AddDomain $1 add local domain if needed |
1394 |
R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2 |
1395 |
|
1396 |
# |
1397 |
# Common code to add local domain name (only if always-add-domain) |
1398 |
# |
1399 |
SAddDomain |
1400 |
|
1401 |
Mlocal, P=/usr/bin/procmail, F=lsDFMAw5:/|@qSPfhn9, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL, |
1402 |
T=DNS/RFC822/X-Unix, |
1403 |
A=procmail -Y -a $h -d $u |
1404 |
Mprog, P=/bin/sh, F=lsDFMoqeu9, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL, D=$z:/, |
1405 |
T=X-Unix/X-Unix/X-Unix, |
1406 |
A=sh -c $u |
1407 |
|
1408 |
##################################### |
1409 |
### SMTP Mailer specification ### |
1410 |
##################################### |
1411 |
|
1412 |
##### $Id: sendmail.cf,v 1.1.1.1 2004/08/28 17:53:34 jcouzens Exp $ ##### |
1413 |
|
1414 |
# |
1415 |
# common sender and masquerading recipient rewriting |
1416 |
# |
1417 |
SMasqSMTP |
1418 |
R$* < @ $* > $* $@ $1 < @ $2 > $3 already fully qualified |
1419 |
R$+ $@ $1 < @ *LOCAL* > add local qualification |
1420 |
|
1421 |
# |
1422 |
# convert pseudo-domain addresses to real domain addresses |
1423 |
# |
1424 |
SPseudoToReal |
1425 |
|
1426 |
# pass <route-addr>s through |
1427 |
R< @ $+ > $* $@ < @ $1 > $2 resolve <route-addr> |
1428 |
|
1429 |
# output fake domains as user%fake@relay |
1430 |
|
1431 |
# do UUCP heuristics; note that these are shared with UUCP mailers |
1432 |
R$+ < @ $+ .UUCP. > $: < $2 ! > $1 convert to UUCP form |
1433 |
R$+ < @ $* > $* $@ $1 < @ $2 > $3 not UUCP form |
1434 |
|
1435 |
# leave these in .UUCP form to avoid further tampering |
1436 |
R< $&h ! > $- ! $+ $@ $2 < @ $1 .UUCP. > |
1437 |
R< $&h ! > $-.$+ ! $+ $@ $3 < @ $1.$2 > |
1438 |
R< $&h ! > $+ $@ $1 < @ $&h .UUCP. > |
1439 |
R< $+ ! > $+ $: $1 ! $2 < @ $Y > use UUCP_RELAY |
1440 |
R$+ < @ $~[ $* : $+ > $@ $1 < @ $4 > strip mailer: part |
1441 |
R$+ < @ > $: $1 < @ *LOCAL* > if no UUCP_RELAY |
1442 |
|
1443 |
|
1444 |
# |
1445 |
# envelope sender rewriting |
1446 |
# |
1447 |
SEnvFromSMTP |
1448 |
R$+ $: $>PseudoToReal $1 sender/recipient common |
1449 |
R$* :; <@> $@ list:; special case |
1450 |
R$* $: $>MasqSMTP $1 qualify unqual'ed names |
1451 |
R$+ $: $>MasqEnv $1 do masquerading |
1452 |
|
1453 |
|
1454 |
# |
1455 |
# envelope recipient rewriting -- |
1456 |
# also header recipient if not masquerading recipients |
1457 |
# |
1458 |
SEnvToSMTP |
1459 |
R$+ $: $>PseudoToReal $1 sender/recipient common |
1460 |
R$+ $: $>MasqSMTP $1 qualify unqual'ed names |
1461 |
R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2 |
1462 |
|
1463 |
# |
1464 |
# header sender and masquerading header recipient rewriting |
1465 |
# |
1466 |
SHdrFromSMTP |
1467 |
R$+ $: $>PseudoToReal $1 sender/recipient common |
1468 |
R:; <@> $@ list:; special case |
1469 |
|
1470 |
# do special header rewriting |
1471 |
R$* <@> $* $@ $1 <@> $2 pass null host through |
1472 |
R< @ $* > $* $@ < @ $1 > $2 pass route-addr through |
1473 |
R$* $: $>MasqSMTP $1 qualify unqual'ed names |
1474 |
R$+ $: $>MasqHdr $1 do masquerading |
1475 |
|
1476 |
|
1477 |
# |
1478 |
# relay mailer header masquerading recipient rewriting |
1479 |
# |
1480 |
SMasqRelay |
1481 |
R$+ $: $>MasqSMTP $1 |
1482 |
R$+ $: $>MasqHdr $1 |
1483 |
|
1484 |
Msmtp, P=[IPC], F=mDFMuX, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990, |
1485 |
T=DNS/RFC822/SMTP, |
1486 |
A=TCP $h |
1487 |
Mesmtp, P=[IPC], F=mDFMuXa, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990, |
1488 |
T=DNS/RFC822/SMTP, |
1489 |
A=TCP $h |
1490 |
Msmtp8, P=[IPC], F=mDFMuX8, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990, |
1491 |
T=DNS/RFC822/SMTP, |
1492 |
A=TCP $h |
1493 |
Mdsmtp, P=[IPC], F=mDFMuXa%, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990, |
1494 |
T=DNS/RFC822/SMTP, |
1495 |
A=TCP $h |
1496 |
Mrelay, P=[IPC], F=mDFMuXa8, S=EnvFromSMTP/HdrFromSMTP, R=MasqSMTP, E=\r\n, L=2040, |
1497 |
T=DNS/RFC822/SMTP, |
1498 |
A=TCP $h |
1499 |
|
1500 |
### sendmail.mc ### |
1501 |
# divert(-1) |
1502 |
# # |
1503 |
# # Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers. |
1504 |
# # All rights reserved. |
1505 |
# # Copyright (c) 1983 Eric P. Allman. All rights reserved. |
1506 |
# # Copyright (c) 1988, 1993 |
1507 |
# # The Regents of the University of California. All rights reserved. |
1508 |
# # |
1509 |
# # By using this file, you agree to the terms and conditions set |
1510 |
# # forth in the LICENSE file which can be found at the top level of |
1511 |
# # the sendmail distribution. |
1512 |
# # |
1513 |
# # |
1514 |
# |
1515 |
# # |
1516 |
# # This is a generic configuration file for Linux. |
1517 |
# # It has support for local and SMTP mail only. If you want to |
1518 |
# # customize it, copy it to a name appropriate for your environment |
1519 |
# # and do the modifications there. |
1520 |
# # |
1521 |
# |
1522 |
# divert(0)dnl |
1523 |
# VERSIONID(`$Id: sendmail.cf,v 1.1.1.1 2004/08/28 17:53:34 jcouzens Exp $') |
1524 |
# OSTYPE(linux)dnl |
1525 |
# DOMAIN(generic)dnl |
1526 |
# FEATURE(`spf', 2)dnl |
1527 |
# FEATURE(`delay_checks')dnl |
1528 |
# MAILER(local)dnl |
1529 |
# MAILER(smtp)dnl |