1c2aa98e2SPeter Wemmdivert(-1) 2c2aa98e2SPeter Wemm# 3323f6dcbSGregory Neil Shapiro# Copyright (c) 1998-2004 Sendmail, Inc. and its suppliers. 406f25ae9SGregory Neil Shapiro# All rights reserved. 5c2aa98e2SPeter Wemm# Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved. 6c2aa98e2SPeter Wemm# Copyright (c) 1988, 1993 7c2aa98e2SPeter Wemm# The Regents of the University of California. All rights reserved. 8c2aa98e2SPeter Wemm# 9c2aa98e2SPeter Wemm# By using this file, you agree to the terms and conditions set 10c2aa98e2SPeter Wemm# forth in the LICENSE file which can be found at the top level of 11c2aa98e2SPeter Wemm# the sendmail distribution. 12c2aa98e2SPeter Wemm# 13c2aa98e2SPeter Wemm# 14c2aa98e2SPeter Wemmdivert(0) 15c2aa98e2SPeter Wemm 16323f6dcbSGregory Neil ShapiroVERSIONID(`$Id: proto.m4,v 8.649.2.30 2004/01/11 17:54:06 ca Exp $') 17c2aa98e2SPeter Wemm 1806f25ae9SGregory Neil Shapiro# level CF_LEVEL config file format 1906f25ae9SGregory Neil ShapiroV`'CF_LEVEL/ifdef(`VENDOR_NAME', `VENDOR_NAME', `Berkeley') 20c2aa98e2SPeter Wemmdivert(-1) 21c2aa98e2SPeter Wemm 2240266059SGregory Neil Shapirodnl if MAILER(`local') not defined: do it ourself; be nice 2340266059SGregory Neil Shapirodnl maybe we should issue a warning? 2440266059SGregory Neil Shapiroifdef(`_MAILER_local_',`', `MAILER(local)') 2540266059SGregory Neil Shapiro 26c2aa98e2SPeter Wemm# do some sanity checking 27c2aa98e2SPeter Wemmifdef(`__OSTYPE__',, 2806f25ae9SGregory Neil Shapiro `errprint(`*** ERROR: No system type defined (use OSTYPE macro) 2906f25ae9SGregory Neil Shapiro')') 30c2aa98e2SPeter Wemm 31c2aa98e2SPeter Wemm# pick our default mailers 32c2aa98e2SPeter Wemmifdef(`confSMTP_MAILER',, `define(`confSMTP_MAILER', `esmtp')') 33c2aa98e2SPeter Wemmifdef(`confLOCAL_MAILER',, `define(`confLOCAL_MAILER', `local')') 34c2aa98e2SPeter Wemmifdef(`confRELAY_MAILER',, 35c2aa98e2SPeter Wemm `define(`confRELAY_MAILER', 36c2aa98e2SPeter Wemm `ifdef(`_MAILER_smtp_', `relay', 37c2aa98e2SPeter Wemm `ifdef(`_MAILER_uucp', `uucp-new', `unknown')')')') 38c2aa98e2SPeter Wemmifdef(`confUUCP_MAILER',, `define(`confUUCP_MAILER', `uucp-old')') 39c2aa98e2SPeter Wemmdefine(`_SMTP_', `confSMTP_MAILER')dnl for readability only 40c2aa98e2SPeter Wemmdefine(`_LOCAL_', `confLOCAL_MAILER')dnl for readability only 41c2aa98e2SPeter Wemmdefine(`_RELAY_', `confRELAY_MAILER')dnl for readability only 42c2aa98e2SPeter Wemmdefine(`_UUCP_', `confUUCP_MAILER')dnl for readability only 43c2aa98e2SPeter Wemm 44c2aa98e2SPeter Wemm# back compatibility with old config files 45c2aa98e2SPeter Wemmifdef(`confDEF_GROUP_ID', 4606f25ae9SGregory Neil Shapiro`errprint(`*** confDEF_GROUP_ID is obsolete. 4706f25ae9SGregory Neil Shapiro Use confDEF_USER_ID with a colon in the value instead. 4806f25ae9SGregory Neil Shapiro')') 49c2aa98e2SPeter Wemmifdef(`confREAD_TIMEOUT', 5006f25ae9SGregory Neil Shapiro`errprint(`*** confREAD_TIMEOUT is obsolete. 5106f25ae9SGregory Neil Shapiro Use individual confTO_<timeout> parameters instead. 5206f25ae9SGregory Neil Shapiro')') 53c2aa98e2SPeter Wemmifdef(`confMESSAGE_TIMEOUT', 54c2aa98e2SPeter Wemm `define(`_ARG_', index(confMESSAGE_TIMEOUT, /)) 55c2aa98e2SPeter Wemm ifelse(_ARG_, -1, 56c2aa98e2SPeter Wemm `define(`confTO_QUEUERETURN', confMESSAGE_TIMEOUT)', 57c2aa98e2SPeter Wemm `define(`confTO_QUEUERETURN', 58c2aa98e2SPeter Wemm substr(confMESSAGE_TIMEOUT, 0, _ARG_)) 59c2aa98e2SPeter Wemm define(`confTO_QUEUEWARN', 60c2aa98e2SPeter Wemm substr(confMESSAGE_TIMEOUT, eval(_ARG_+1)))')') 61c2aa98e2SPeter Wemmifdef(`confMIN_FREE_BLOCKS', `ifelse(index(confMIN_FREE_BLOCKS, /), -1,, 6206f25ae9SGregory Neil Shapiro`errprint(`*** compound confMIN_FREE_BLOCKS is obsolete. 6306f25ae9SGregory Neil Shapiro Use confMAX_MESSAGE_SIZE for the second part of the value. 6406f25ae9SGregory Neil Shapiro')')') 6506f25ae9SGregory Neil Shapiro 6606f25ae9SGregory Neil Shapiro 6706f25ae9SGregory Neil Shapiro# Sanity check on ldap_routing feature 6806f25ae9SGregory Neil Shapiro# If the user doesn't specify a new map, they better have given as a 6906f25ae9SGregory Neil Shapiro# default LDAP specification which has the LDAP base (and most likely the host) 7006f25ae9SGregory Neil Shapiroifdef(`confLDAP_DEFAULT_SPEC',, `ifdef(`_LDAP_ROUTING_WARN_', `errprint(` 7106f25ae9SGregory Neil ShapiroWARNING: Using default FEATURE(ldap_routing) map definition(s) 7206f25ae9SGregory Neil Shapirowithout setting confLDAP_DEFAULT_SPEC option. 7306f25ae9SGregory Neil Shapiro')')')dnl 74c2aa98e2SPeter Wemm 75c2aa98e2SPeter Wemm# clean option definitions below.... 7606f25ae9SGregory Neil Shapirodefine(`_OPTION', `ifdef(`$2', `O $1`'ifelse(defn(`$2'), `',, `=$2')', `#O $1`'ifelse(`$3', `',,`=$3')')')dnl 77c2aa98e2SPeter Wemm 7806f25ae9SGregory Neil Shapirodnl required to "rename" the check_* rulesets... 7906f25ae9SGregory Neil Shapirodefine(`_U_',ifdef(`_DELAY_CHECKS_',`',`_')) 8006f25ae9SGregory Neil Shapirodnl default relaying denied message 8140266059SGregory Neil Shapiroifdef(`confRELAY_MSG', `', `define(`confRELAY_MSG', 8240266059SGregory Neil Shapiroifdef(`_USE_AUTH_', `"550 Relaying denied. Proper authentication required."', `"550 Relaying denied"'))') 8340266059SGregory Neil Shapiroifdef(`confRCPTREJ_MSG', `', `define(`confRCPTREJ_MSG', `"550 Mailbox disabled for this recipient"')') 8440266059SGregory Neil Shapirodefine(`_CODE553', `553') 85c2aa98e2SPeter Wemmdivert(0)dnl 86c2aa98e2SPeter Wemm 8706f25ae9SGregory Neil Shapiro# override file safeties - setting this option compromises system security, 8806f25ae9SGregory Neil Shapiro# addressing the actual file configuration problem is preferred 8906f25ae9SGregory Neil Shapiro# need to set this before any file actions are encountered in the cf file 9006f25ae9SGregory Neil Shapiro_OPTION(DontBlameSendmail, `confDONT_BLAME_SENDMAIL', `safe') 9106f25ae9SGregory Neil Shapiro 9206f25ae9SGregory Neil Shapiro# default LDAP map specification 9306f25ae9SGregory Neil Shapiro# need to set this now before any LDAP maps are defined 9406f25ae9SGregory Neil Shapiro_OPTION(LDAPDefaultSpec, `confLDAP_DEFAULT_SPEC', `-h localhost') 95c2aa98e2SPeter Wemm 96c2aa98e2SPeter Wemm################## 97c2aa98e2SPeter Wemm# local info # 98c2aa98e2SPeter Wemm################## 99c2aa98e2SPeter Wemm 10040266059SGregory Neil Shapiro# my LDAP cluster 10140266059SGregory Neil Shapiro# need to set this before any LDAP lookups are done (including classes) 10240266059SGregory Neil Shapiroifdef(`confLDAP_CLUSTER', `D{sendmailMTACluster}`'confLDAP_CLUSTER', `#D{sendmailMTACluster}$m') 10340266059SGregory Neil Shapiro 104c2aa98e2SPeter WemmCwlocalhost 105c2aa98e2SPeter Wemmifdef(`USE_CW_FILE', 106c2aa98e2SPeter Wemm`# file containing names of hosts for which we receive email 107c2aa98e2SPeter WemmFw`'confCW_FILE', 108c2aa98e2SPeter Wemm `dnl') 109c2aa98e2SPeter Wemm 110c2aa98e2SPeter Wemm# my official domain name 111c2aa98e2SPeter Wemm# ... `define' this only if sendmail cannot automatically determine your domain 112c2aa98e2SPeter Wemmifdef(`confDOMAIN_NAME', `Dj`'confDOMAIN_NAME', `#Dj$w.Foo.COM') 113c2aa98e2SPeter Wemm 114323f6dcbSGregory Neil Shapiro# host/domain names ending with a token in class P are canonical 115c2aa98e2SPeter WemmCP. 116c2aa98e2SPeter Wemm 117c2aa98e2SPeter Wemmifdef(`UUCP_RELAY', 118c2aa98e2SPeter Wemm`# UUCP relay host 119c2aa98e2SPeter WemmDY`'UUCP_RELAY 120c2aa98e2SPeter WemmCPUUCP 121c2aa98e2SPeter Wemm 122c2aa98e2SPeter Wemm')dnl 123c2aa98e2SPeter Wemmifdef(`BITNET_RELAY', 124c2aa98e2SPeter Wemm`# BITNET relay host 125c2aa98e2SPeter WemmDB`'BITNET_RELAY 126c2aa98e2SPeter WemmCPBITNET 127c2aa98e2SPeter Wemm 128c2aa98e2SPeter Wemm')dnl 129c2aa98e2SPeter Wemmifdef(`DECNET_RELAY', 130c2aa98e2SPeter Wemm`define(`_USE_DECNET_SYNTAX_', 1)dnl 131c2aa98e2SPeter Wemm# DECnet relay host 132c2aa98e2SPeter WemmDC`'DECNET_RELAY 133c2aa98e2SPeter WemmCPDECNET 134c2aa98e2SPeter Wemm 135c2aa98e2SPeter Wemm')dnl 136c2aa98e2SPeter Wemmifdef(`FAX_RELAY', 137c2aa98e2SPeter Wemm`# FAX relay host 138c2aa98e2SPeter WemmDF`'FAX_RELAY 139c2aa98e2SPeter WemmCPFAX 140c2aa98e2SPeter Wemm 141c2aa98e2SPeter Wemm')dnl 142c2aa98e2SPeter Wemm# "Smart" relay host (may be null) 14340266059SGregory Neil ShapiroDS`'ifdef(`SMART_HOST', `SMART_HOST') 144c2aa98e2SPeter Wemm 145c2aa98e2SPeter Wemmifdef(`LUSER_RELAY', `dnl 146c2aa98e2SPeter Wemm# place to which unknown users should be forwarded 147c2aa98e2SPeter WemmKuser user -m -a<> 148c2aa98e2SPeter WemmDL`'LUSER_RELAY', 149c2aa98e2SPeter Wemm`dnl') 150c2aa98e2SPeter Wemm 151c2aa98e2SPeter Wemm# operators that cannot be in local usernames (i.e., network indicators) 152c2aa98e2SPeter WemmCO @ % ifdef(`_NO_UUCP_', `', `!') 153c2aa98e2SPeter Wemm 154c2aa98e2SPeter Wemm# a class with just dot (for identifying canonical names) 155c2aa98e2SPeter WemmC.. 156c2aa98e2SPeter Wemm 157c2aa98e2SPeter Wemm# a class with just a left bracket (for identifying domain literals) 158c2aa98e2SPeter WemmC[[ 159c2aa98e2SPeter Wemm 16006f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 16106f25ae9SGregory Neil Shapiro# access_db acceptance class 16206f25ae9SGregory Neil ShapiroC{Accept}OK RELAY 16340266059SGregory Neil Shapiroifdef(`_DELAY_COMPAT_8_10_',`dnl 16406f25ae9SGregory Neil Shapiroifdef(`_BLACKLIST_RCPT_',`dnl 16506f25ae9SGregory Neil Shapiro# possible access_db RHS for spam friends/haters 16606f25ae9SGregory Neil ShapiroC{SpamTag}SPAMFRIEND SPAMHATER')')', 167c2aa98e2SPeter Wemm`dnl') 168c2aa98e2SPeter Wemm 16940266059SGregory Neil Shapirodnl mark for "domain is ok" (resolved or accepted anyway) 17040266059SGregory Neil Shapirodefine(`_RES_OK_', `OKR')dnl 171c2aa98e2SPeter Wemmifdef(`_ACCEPT_UNRESOLVABLE_DOMAINS_',`dnl',`dnl 172c2aa98e2SPeter Wemm# Resolve map (to check if a host exists in check_mail) 17340266059SGregory Neil ShapiroKresolve host -a<_RES_OK_> -T<TEMP>') 17440266059SGregory Neil ShapiroC{ResOk}_RES_OK_ 175c2aa98e2SPeter Wemm 17613058a91SGregory Neil Shapiroifdef(`_NEED_MACRO_MAP_', `dnl 17713058a91SGregory Neil Shapiroifdef(`_MACRO_MAP_', `', `# macro storage map 17813058a91SGregory Neil Shapirodefine(`_MACRO_MAP_', `1')dnl 17913058a91SGregory Neil ShapiroKmacro macro')', `dnl') 18042e5d165SGregory Neil Shapiro 181c2aa98e2SPeter Wemmifdef(`confCR_FILE', `dnl 18242e5d165SGregory Neil Shapiro# Hosts for which relaying is permitted ($=R) 183c2aa98e2SPeter WemmFR`'confCR_FILE', 184c2aa98e2SPeter Wemm`dnl') 185c2aa98e2SPeter Wemm 18640266059SGregory Neil Shapirodefine(`TLS_SRV_TAG', `"TLS_Srv"')dnl 18740266059SGregory Neil Shapirodefine(`TLS_CLT_TAG', `"TLS_Clt"')dnl 18840266059SGregory Neil Shapirodefine(`TLS_RCPT_TAG', `"TLS_Rcpt"')dnl 18940266059SGregory Neil Shapirodefine(`TLS_TRY_TAG', `"Try_TLS"')dnl 19040266059SGregory Neil Shapirodefine(`SRV_FEAT_TAG', `"Srv_Features"')dnl 19106f25ae9SGregory Neil Shapirodnl this may be useful in other contexts too 19206f25ae9SGregory Neil Shapiroifdef(`_ARITH_MAP_', `', `# arithmetic map 19306f25ae9SGregory Neil Shapirodefine(`_ARITH_MAP_', `1')dnl 19406f25ae9SGregory Neil ShapiroKarith arith') 19506f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 19640266059SGregory Neil Shapiroifdef(`_MACRO_MAP_', `', `# macro storage map 19740266059SGregory Neil Shapirodefine(`_MACRO_MAP_', `1')dnl 19840266059SGregory Neil ShapiroKmacro macro') 19940266059SGregory Neil Shapiro# possible values for TLS_connection in access map 20006f25ae9SGregory Neil ShapiroC{tls}VERIFY ENCR', `dnl') 20106f25ae9SGregory Neil Shapiroifdef(`_CERT_REGEX_ISSUER_', `dnl 20206f25ae9SGregory Neil Shapiro# extract relevant part from cert issuer 20306f25ae9SGregory Neil ShapiroKCERTIssuer regex _CERT_REGEX_ISSUER_', `dnl') 20406f25ae9SGregory Neil Shapiroifdef(`_CERT_REGEX_SUBJECT_', `dnl 20506f25ae9SGregory Neil Shapiro# extract relevant part from cert subject 20606f25ae9SGregory Neil ShapiroKCERTSubject regex _CERT_REGEX_SUBJECT_', `dnl') 20706f25ae9SGregory Neil Shapiro 20840266059SGregory Neil Shapiroifdef(`LOCAL_RELAY', `dnl 209fabecb74SGregory Neil Shapiro# who I send unqualified names to if `FEATURE(stickyhost)' is used 21013bd1963SGregory Neil Shapiro# (null means deliver locally) 21140266059SGregory Neil ShapiroDR`'LOCAL_RELAY') 212c2aa98e2SPeter Wemm 21340266059SGregory Neil Shapiroifdef(`MAIL_HUB', `dnl 21413bd1963SGregory Neil Shapiro# who gets all local email traffic 215fabecb74SGregory Neil Shapiro# ($R has precedence for unqualified names if `FEATURE(stickyhost)' is used) 21640266059SGregory Neil ShapiroDH`'MAIL_HUB') 217c2aa98e2SPeter Wemm 218c2aa98e2SPeter Wemm# dequoting map 21940266059SGregory Neil ShapiroKdequote dequote`'ifdef(`confDEQUOTE_OPTS', ` confDEQUOTE_OPTS', `') 220c2aa98e2SPeter Wemm 221c2aa98e2SPeter Wemmdivert(0)dnl # end of nullclient diversion 222c2aa98e2SPeter Wemm# class E: names that should be exposed as from this host, even if we masquerade 22306f25ae9SGregory Neil Shapiro# class L: names that should be delivered locally, even if we have a relay 224c2aa98e2SPeter Wemm# class M: domains that should be converted to $M 22506f25ae9SGregory Neil Shapiro# class N: domains that should not be converted to $M 226c2aa98e2SPeter Wemm#CL root 227c2aa98e2SPeter Wemmundivert(5)dnl 22806f25ae9SGregory Neil Shapiroifdef(`_VIRTHOSTS_', `CR$={VirtHost}', `dnl') 229c2aa98e2SPeter Wemm 23040266059SGregory Neil Shapiroifdef(`MASQUERADE_NAME', `dnl 231c2aa98e2SPeter Wemm# who I masquerade as (null for no masquerading) (see also $=M) 23240266059SGregory Neil ShapiroDM`'MASQUERADE_NAME') 233c2aa98e2SPeter Wemm 234c2aa98e2SPeter Wemm# my name for error messages 235c2aa98e2SPeter Wemmifdef(`confMAILER_NAME', `Dn`'confMAILER_NAME', `#DnMAILER-DAEMON') 236c2aa98e2SPeter Wemm 23706f25ae9SGregory Neil Shapiroundivert(6)dnl LOCAL_CONFIG 238c2aa98e2SPeter Wemminclude(_CF_DIR_`m4/version.m4') 239c2aa98e2SPeter Wemm 240c2aa98e2SPeter Wemm############### 241c2aa98e2SPeter Wemm# Options # 242c2aa98e2SPeter Wemm############### 24340266059SGregory Neil Shapiroifdef(`confAUTO_REBUILD', 24440266059SGregory Neil Shapiro`errprint(WARNING: `confAUTO_REBUILD' is no longer valid. 24540266059SGregory Neil Shapiro There was a potential for a denial of service attack if this is set. 24640266059SGregory Neil Shapiro)')dnl 247c2aa98e2SPeter Wemm 248c2aa98e2SPeter Wemm# strip message body to 7 bits on input? 24906f25ae9SGregory Neil Shapiro_OPTION(SevenBitInput, `confSEVEN_BIT_INPUT', `False') 250c2aa98e2SPeter Wemm 251c2aa98e2SPeter Wemm# 8-bit data handling 2528774250cSGregory Neil Shapiro_OPTION(EightBitMode, `confEIGHT_BIT_HANDLING', `pass8') 253c2aa98e2SPeter Wemm 254c2aa98e2SPeter Wemm# wait for alias file rebuild (default units: minutes) 25506f25ae9SGregory Neil Shapiro_OPTION(AliasWait, `confALIAS_WAIT', `5m') 256c2aa98e2SPeter Wemm 257c2aa98e2SPeter Wemm# location of alias file 25806f25ae9SGregory Neil Shapiro_OPTION(AliasFile, `ALIAS_FILE', `MAIL_SETTINGS_DIR`'aliases') 25906f25ae9SGregory Neil Shapiro 260c2aa98e2SPeter Wemm# minimum number of free blocks on filesystem 26106f25ae9SGregory Neil Shapiro_OPTION(MinFreeBlocks, `confMIN_FREE_BLOCKS', `100') 262c2aa98e2SPeter Wemm 263c2aa98e2SPeter Wemm# maximum message size 26406f25ae9SGregory Neil Shapiro_OPTION(MaxMessageSize, `confMAX_MESSAGE_SIZE', `1000000') 265c2aa98e2SPeter Wemm 266c2aa98e2SPeter Wemm# substitution for space (blank) characters 26706f25ae9SGregory Neil Shapiro_OPTION(BlankSub, `confBLANK_SUB', `_') 268c2aa98e2SPeter Wemm 269c2aa98e2SPeter Wemm# avoid connecting to "expensive" mailers on initial submission? 27006f25ae9SGregory Neil Shapiro_OPTION(HoldExpensive, `confCON_EXPENSIVE', `False') 271c2aa98e2SPeter Wemm 272c2aa98e2SPeter Wemm# checkpoint queue runs after every N successful deliveries 27306f25ae9SGregory Neil Shapiro_OPTION(CheckpointInterval, `confCHECKPOINT_INTERVAL', `10') 274c2aa98e2SPeter Wemm 275c2aa98e2SPeter Wemm# default delivery mode 27606f25ae9SGregory Neil Shapiro_OPTION(DeliveryMode, `confDELIVERY_MODE', `background') 277c2aa98e2SPeter Wemm 278c2aa98e2SPeter Wemm# error message header/file 27906f25ae9SGregory Neil Shapiro_OPTION(ErrorHeader, `confERROR_MESSAGE', `MAIL_SETTINGS_DIR`'error-header') 280c2aa98e2SPeter Wemm 281c2aa98e2SPeter Wemm# error mode 28206f25ae9SGregory Neil Shapiro_OPTION(ErrorMode, `confERROR_MODE', `print') 283c2aa98e2SPeter Wemm 284c2aa98e2SPeter Wemm# save Unix-style "From_" lines at top of header? 28506f25ae9SGregory Neil Shapiro_OPTION(SaveFromLine, `confSAVE_FROM_LINES', `False') 286c2aa98e2SPeter Wemm 28740266059SGregory Neil Shapiro# queue file mode (qf files) 28840266059SGregory Neil Shapiro_OPTION(QueueFileMode, `confQUEUE_FILE_MODE', `0600') 28940266059SGregory Neil Shapiro 290c2aa98e2SPeter Wemm# temporary file mode 29106f25ae9SGregory Neil Shapiro_OPTION(TempFileMode, `confTEMP_FILE_MODE', `0600') 292c2aa98e2SPeter Wemm 293c2aa98e2SPeter Wemm# match recipients against GECOS field? 29406f25ae9SGregory Neil Shapiro_OPTION(MatchGECOS, `confMATCH_GECOS', `False') 295c2aa98e2SPeter Wemm 296c2aa98e2SPeter Wemm# maximum hop count 29740266059SGregory Neil Shapiro_OPTION(MaxHopCount, `confMAX_HOP', `25') 298c2aa98e2SPeter Wemm 299c2aa98e2SPeter Wemm# location of help file 30006f25ae9SGregory Neil ShapiroO HelpFile=ifdef(`HELP_FILE', HELP_FILE, `MAIL_SETTINGS_DIR`'helpfile') 301c2aa98e2SPeter Wemm 302c2aa98e2SPeter Wemm# ignore dots as terminators in incoming messages? 30306f25ae9SGregory Neil Shapiro_OPTION(IgnoreDots, `confIGNORE_DOTS', `False') 304c2aa98e2SPeter Wemm 305c2aa98e2SPeter Wemm# name resolver options 30606f25ae9SGregory Neil Shapiro_OPTION(ResolverOptions, `confBIND_OPTS', `+AAONLY') 307c2aa98e2SPeter Wemm 308c2aa98e2SPeter Wemm# deliver MIME-encapsulated error messages? 30906f25ae9SGregory Neil Shapiro_OPTION(SendMimeErrors, `confMIME_FORMAT_ERRORS', `True') 310c2aa98e2SPeter Wemm 311c2aa98e2SPeter Wemm# Forward file search path 31206f25ae9SGregory Neil Shapiro_OPTION(ForwardPath, `confFORWARD_PATH', `/var/forward/$u:$z/.forward.$w:$z/.forward') 313c2aa98e2SPeter Wemm 314c2aa98e2SPeter Wemm# open connection cache size 31506f25ae9SGregory Neil Shapiro_OPTION(ConnectionCacheSize, `confMCI_CACHE_SIZE', `2') 316c2aa98e2SPeter Wemm 317c2aa98e2SPeter Wemm# open connection cache timeout 31806f25ae9SGregory Neil Shapiro_OPTION(ConnectionCacheTimeout, `confMCI_CACHE_TIMEOUT', `5m') 319c2aa98e2SPeter Wemm 320c2aa98e2SPeter Wemm# persistent host status directory 32106f25ae9SGregory Neil Shapiro_OPTION(HostStatusDirectory, `confHOST_STATUS_DIRECTORY', `.hoststat') 322c2aa98e2SPeter Wemm 323c2aa98e2SPeter Wemm# single thread deliveries (requires HostStatusDirectory)? 32406f25ae9SGregory Neil Shapiro_OPTION(SingleThreadDelivery, `confSINGLE_THREAD_DELIVERY', `False') 325c2aa98e2SPeter Wemm 326c2aa98e2SPeter Wemm# use Errors-To: header? 32706f25ae9SGregory Neil Shapiro_OPTION(UseErrorsTo, `confUSE_ERRORS_TO', `False') 328c2aa98e2SPeter Wemm 329c2aa98e2SPeter Wemm# log level 33006f25ae9SGregory Neil Shapiro_OPTION(LogLevel, `confLOG_LEVEL', `10') 331c2aa98e2SPeter Wemm 332c2aa98e2SPeter Wemm# send to me too, even in an alias expansion? 33306f25ae9SGregory Neil Shapiro_OPTION(MeToo, `confME_TOO', `True') 334c2aa98e2SPeter Wemm 335c2aa98e2SPeter Wemm# verify RHS in newaliases? 33606f25ae9SGregory Neil Shapiro_OPTION(CheckAliases, `confCHECK_ALIASES', `False') 337c2aa98e2SPeter Wemm 338c2aa98e2SPeter Wemm# default messages to old style headers if no special punctuation? 33906f25ae9SGregory Neil Shapiro_OPTION(OldStyleHeaders, `confOLD_STYLE_HEADERS', `False') 340c2aa98e2SPeter Wemm 341c2aa98e2SPeter Wemm# SMTP daemon options 34206f25ae9SGregory Neil Shapiroifelse(defn(`confDAEMON_OPTIONS'), `', `dnl', 343605302a5SGregory Neil Shapiro`errprint(WARNING: `confDAEMON_OPTIONS' is no longer valid. 344605302a5SGregory Neil Shapiro Use `DAEMON_OPTIONS()'; see cf/README. 34506f25ae9SGregory Neil Shapiro)'dnl 34606f25ae9SGregory Neil Shapiro`DAEMON_OPTIONS(`confDAEMON_OPTIONS')') 34742e5d165SGregory Neil Shapiroifelse(defn(`_DPO_'), `', 34840266059SGregory Neil Shapiro`ifdef(`_NETINET6_', `O DaemonPortOptions=Name=MTA-v4, Family=inet 34940266059SGregory Neil ShapiroO DaemonPortOptions=Name=MTA-v6, Family=inet6',`O DaemonPortOptions=Name=MTA')', `_DPO_') 35006f25ae9SGregory Neil Shapiroifdef(`_NO_MSA_', `dnl', `O DaemonPortOptions=Port=587, Name=MSA, M=E') 35106f25ae9SGregory Neil Shapiro 35206f25ae9SGregory Neil Shapiro# SMTP client options 35340266059SGregory Neil Shapiroifelse(defn(`confCLIENT_OPTIONS'), `', `dnl', 35440266059SGregory Neil Shapiro`errprint(WARNING: `confCLIENT_OPTIONS' is no longer valid. See cf/README for more information. 35540266059SGregory Neil Shapiro)'dnl 35640266059SGregory Neil Shapiro`CLIENT_OPTIONS(`confCLIENT_OPTIONS')') 35740266059SGregory Neil Shapiroifelse(defn(`_CPO_'), `', 35840266059SGregory Neil Shapiro`#O ClientPortOptions=Family=inet, Address=0.0.0.0', `_CPO_') 35940266059SGregory Neil Shapiro 36040266059SGregory Neil Shapiro# Modifiers to `define' {daemon_flags} for direct submissions 36140266059SGregory Neil Shapiro_OPTION(DirectSubmissionModifiers, `confDIRECT_SUBMISSION_MODIFIERS', `') 36240266059SGregory Neil Shapiro 36340266059SGregory Neil Shapiro# Use as mail submission program? See sendmail/SECURITY 36440266059SGregory Neil Shapiro_OPTION(UseMSP, `confUSE_MSP', `') 365c2aa98e2SPeter Wemm 366c2aa98e2SPeter Wemm# privacy flags 36706f25ae9SGregory Neil Shapiro_OPTION(PrivacyOptions, `confPRIVACY_FLAGS', `authwarnings') 368c2aa98e2SPeter Wemm 369c2aa98e2SPeter Wemm# who (if anyone) should get extra copies of error messages 37006f25ae9SGregory Neil Shapiro_OPTION(PostmasterCopy, `confCOPY_ERRORS_TO', `Postmaster') 371c2aa98e2SPeter Wemm 372c2aa98e2SPeter Wemm# slope of queue-only function 37306f25ae9SGregory Neil Shapiro_OPTION(QueueFactor, `confQUEUE_FACTOR', `600000') 374c2aa98e2SPeter Wemm 37540266059SGregory Neil Shapiro# limit on number of concurrent queue runners 37640266059SGregory Neil Shapiro_OPTION(MaxQueueChildren, `confMAX_QUEUE_CHILDREN', `') 37740266059SGregory Neil Shapiro 37840266059SGregory Neil Shapiro# maximum number of queue-runners per queue-grouping with multiple queues 37940266059SGregory Neil Shapiro_OPTION(MaxRunnersPerQueue, `confMAX_RUNNERS_PER_QUEUE', `1') 38040266059SGregory Neil Shapiro 38140266059SGregory Neil Shapiro# priority of queue runners (nice(3)) 38240266059SGregory Neil Shapiro_OPTION(NiceQueueRun, `confNICE_QUEUE_RUN', `') 38340266059SGregory Neil Shapiro 38440266059SGregory Neil Shapiro# shall we sort the queue by hostname first? 38540266059SGregory Neil Shapiro_OPTION(QueueSortOrder, `confQUEUE_SORT_ORDER', `priority') 38640266059SGregory Neil Shapiro 38740266059SGregory Neil Shapiro# minimum time in queue before retry 38840266059SGregory Neil Shapiro_OPTION(MinQueueAge, `confMIN_QUEUE_AGE', `30m') 38940266059SGregory Neil Shapiro 39040266059SGregory Neil Shapiro# how many jobs can you process in the queue? 39140266059SGregory Neil Shapiro_OPTION(MaxQueueRunSize, `confMAX_QUEUE_RUN_SIZE', `10000') 39240266059SGregory Neil Shapiro 39340266059SGregory Neil Shapiro# perform initial split of envelope without checking MX records 39440266059SGregory Neil Shapiro_OPTION(FastSplit, `confFAST_SPLIT', `1') 39540266059SGregory Neil Shapiro 396c2aa98e2SPeter Wemm# queue directory 39706f25ae9SGregory Neil ShapiroO QueueDirectory=ifdef(`QUEUE_DIR', QUEUE_DIR, `/var/spool/mqueue') 398c2aa98e2SPeter Wemm 39940266059SGregory Neil Shapiro# key for shared memory; 0 to turn off 40040266059SGregory Neil Shapiro_OPTION(SharedMemoryKey, `confSHARED_MEMORY_KEY', `0') 40140266059SGregory Neil Shapiro 402605302a5SGregory Neil Shapiroifdef(`confSHARED_MEMORY_KEY_FILE', `dnl 403605302a5SGregory Neil Shapiro# file to store key for shared memory (if SharedMemoryKey = -1) 404605302a5SGregory Neil ShapiroO SharedMemoryKeyFile=confSHARED_MEMORY_KEY_FILE') 405605302a5SGregory Neil Shapiro 406c2aa98e2SPeter Wemm# timeouts (many of these) 40706f25ae9SGregory Neil Shapiro_OPTION(Timeout.initial, `confTO_INITIAL', `5m') 40806f25ae9SGregory Neil Shapiro_OPTION(Timeout.connect, `confTO_CONNECT', `5m') 40940266059SGregory Neil Shapiro_OPTION(Timeout.aconnect, `confTO_ACONNECT', `0s') 41006f25ae9SGregory Neil Shapiro_OPTION(Timeout.iconnect, `confTO_ICONNECT', `5m') 41106f25ae9SGregory Neil Shapiro_OPTION(Timeout.helo, `confTO_HELO', `5m') 41206f25ae9SGregory Neil Shapiro_OPTION(Timeout.mail, `confTO_MAIL', `10m') 41306f25ae9SGregory Neil Shapiro_OPTION(Timeout.rcpt, `confTO_RCPT', `1h') 41406f25ae9SGregory Neil Shapiro_OPTION(Timeout.datainit, `confTO_DATAINIT', `5m') 41506f25ae9SGregory Neil Shapiro_OPTION(Timeout.datablock, `confTO_DATABLOCK', `1h') 41606f25ae9SGregory Neil Shapiro_OPTION(Timeout.datafinal, `confTO_DATAFINAL', `1h') 41706f25ae9SGregory Neil Shapiro_OPTION(Timeout.rset, `confTO_RSET', `5m') 41806f25ae9SGregory Neil Shapiro_OPTION(Timeout.quit, `confTO_QUIT', `2m') 41906f25ae9SGregory Neil Shapiro_OPTION(Timeout.misc, `confTO_MISC', `2m') 42006f25ae9SGregory Neil Shapiro_OPTION(Timeout.command, `confTO_COMMAND', `1h') 42106f25ae9SGregory Neil Shapiro_OPTION(Timeout.ident, `confTO_IDENT', `5s') 42206f25ae9SGregory Neil Shapiro_OPTION(Timeout.fileopen, `confTO_FILEOPEN', `60s') 42306f25ae9SGregory Neil Shapiro_OPTION(Timeout.control, `confTO_CONTROL', `2m') 42406f25ae9SGregory Neil Shapiro_OPTION(Timeout.queuereturn, `confTO_QUEUERETURN', `5d') 42506f25ae9SGregory Neil Shapiro_OPTION(Timeout.queuereturn.normal, `confTO_QUEUERETURN_NORMAL', `5d') 42606f25ae9SGregory Neil Shapiro_OPTION(Timeout.queuereturn.urgent, `confTO_QUEUERETURN_URGENT', `2d') 42706f25ae9SGregory Neil Shapiro_OPTION(Timeout.queuereturn.non-urgent, `confTO_QUEUERETURN_NONURGENT', `7d') 4285ef517c0SGregory Neil Shapiroifdef(`confTO_QUEUERETURN_DSN', `dnl 4295ef517c0SGregory Neil ShapiroO Timeout.queuereturn.dsn=confTO_QUEUERETURN_DSN') 43006f25ae9SGregory Neil Shapiro_OPTION(Timeout.queuewarn, `confTO_QUEUEWARN', `4h') 43106f25ae9SGregory Neil Shapiro_OPTION(Timeout.queuewarn.normal, `confTO_QUEUEWARN_NORMAL', `4h') 43206f25ae9SGregory Neil Shapiro_OPTION(Timeout.queuewarn.urgent, `confTO_QUEUEWARN_URGENT', `1h') 43306f25ae9SGregory Neil Shapiro_OPTION(Timeout.queuewarn.non-urgent, `confTO_QUEUEWARN_NONURGENT', `12h') 4345ef517c0SGregory Neil Shapiroifdef(`confTO_QUEUEWARN_DSN', `dnl 4355ef517c0SGregory Neil ShapiroO Timeout.queuewarn.dsn=confTO_QUEUEWARN_DSN') 43606f25ae9SGregory Neil Shapiro_OPTION(Timeout.hoststatus, `confTO_HOSTSTATUS', `30m') 43706f25ae9SGregory Neil Shapiro_OPTION(Timeout.resolver.retrans, `confTO_RESOLVER_RETRANS', `5s') 43806f25ae9SGregory Neil Shapiro_OPTION(Timeout.resolver.retrans.first, `confTO_RESOLVER_RETRANS_FIRST', `5s') 43906f25ae9SGregory Neil Shapiro_OPTION(Timeout.resolver.retrans.normal, `confTO_RESOLVER_RETRANS_NORMAL', `5s') 44006f25ae9SGregory Neil Shapiro_OPTION(Timeout.resolver.retry, `confTO_RESOLVER_RETRY', `4') 44106f25ae9SGregory Neil Shapiro_OPTION(Timeout.resolver.retry.first, `confTO_RESOLVER_RETRY_FIRST', `4') 44206f25ae9SGregory Neil Shapiro_OPTION(Timeout.resolver.retry.normal, `confTO_RESOLVER_RETRY_NORMAL', `4') 44340266059SGregory Neil Shapiro_OPTION(Timeout.lhlo, `confTO_LHLO', `2m') 44440266059SGregory Neil Shapiro_OPTION(Timeout.auth, `confTO_AUTH', `10m') 44540266059SGregory Neil Shapiro_OPTION(Timeout.starttls, `confTO_STARTTLS', `1h') 44640266059SGregory Neil Shapiro 44740266059SGregory Neil Shapiro# time for DeliverBy; extension disabled if less than 0 44840266059SGregory Neil Shapiro_OPTION(DeliverByMin, `confDELIVER_BY_MIN', `0') 449c2aa98e2SPeter Wemm 450c2aa98e2SPeter Wemm# should we not prune routes in route-addr syntax addresses? 45106f25ae9SGregory Neil Shapiro_OPTION(DontPruneRoutes, `confDONT_PRUNE_ROUTES', `False') 452c2aa98e2SPeter Wemm 453c2aa98e2SPeter Wemm# queue up everything before forking? 45406f25ae9SGregory Neil Shapiro_OPTION(SuperSafe, `confSAFE_QUEUE', `True') 455c2aa98e2SPeter Wemm 456c2aa98e2SPeter Wemm# status file 45706f25ae9SGregory Neil ShapiroO StatusFile=ifdef(`STATUS_FILE', `STATUS_FILE', `MAIL_SETTINGS_DIR`'statistics') 458c2aa98e2SPeter Wemm 459c2aa98e2SPeter Wemm# time zone handling: 460c2aa98e2SPeter Wemm# if undefined, use system default 461c2aa98e2SPeter Wemm# if defined but null, use TZ envariable passed in 462c2aa98e2SPeter Wemm# if defined and non-null, use that info 463c2aa98e2SPeter Wemmifelse(confTIME_ZONE, `USE_SYSTEM', `#O TimeZoneSpec=', 464c2aa98e2SPeter Wemm confTIME_ZONE, `USE_TZ', `O TimeZoneSpec=', 465c2aa98e2SPeter Wemm `O TimeZoneSpec=confTIME_ZONE') 466c2aa98e2SPeter Wemm 467c2aa98e2SPeter Wemm# default UID (can be username or userid:groupid) 46806f25ae9SGregory Neil Shapiro_OPTION(DefaultUser, `confDEF_USER_ID', `mailnull') 469c2aa98e2SPeter Wemm 470c2aa98e2SPeter Wemm# list of locations of user database file (null means no lookup) 47106f25ae9SGregory Neil Shapiro_OPTION(UserDatabaseSpec, `confUSERDB_SPEC', `MAIL_SETTINGS_DIR`'userdb') 472c2aa98e2SPeter Wemm 473c2aa98e2SPeter Wemm# fallback MX host 47406f25ae9SGregory Neil Shapiro_OPTION(FallbackMXhost, `confFALLBACK_MX', `fall.back.host.net') 475c2aa98e2SPeter Wemm 476c2aa98e2SPeter Wemm# if we are the best MX host for a site, try it directly instead of config err 47706f25ae9SGregory Neil Shapiro_OPTION(TryNullMXList, `confTRY_NULL_MX_LIST', `False') 478c2aa98e2SPeter Wemm 479c2aa98e2SPeter Wemm# load average at which we just queue messages 48006f25ae9SGregory Neil Shapiro_OPTION(QueueLA, `confQUEUE_LA', `8') 481c2aa98e2SPeter Wemm 482c2aa98e2SPeter Wemm# load average at which we refuse connections 48306f25ae9SGregory Neil Shapiro_OPTION(RefuseLA, `confREFUSE_LA', `12') 484c2aa98e2SPeter Wemm 48540266059SGregory Neil Shapiro# load average at which we delay connections; 0 means no limit 48640266059SGregory Neil Shapiro_OPTION(DelayLA, `confDELAY_LA', `0') 48740266059SGregory Neil Shapiro 488c2aa98e2SPeter Wemm# maximum number of children we allow at one time 489739ac4d4SGregory Neil Shapiro_OPTION(MaxDaemonChildren, `confMAX_DAEMON_CHILDREN', `0') 490c2aa98e2SPeter Wemm 491c2aa98e2SPeter Wemm# maximum number of new connections per second 492193538b7SGregory Neil Shapiro_OPTION(ConnectionRateThrottle, `confCONNECTION_RATE_THROTTLE', `0') 493c2aa98e2SPeter Wemm 494c2aa98e2SPeter Wemm# work recipient factor 49506f25ae9SGregory Neil Shapiro_OPTION(RecipientFactor, `confWORK_RECIPIENT_FACTOR', `30000') 496c2aa98e2SPeter Wemm 497c2aa98e2SPeter Wemm# deliver each queued job in a separate process? 49806f25ae9SGregory Neil Shapiro_OPTION(ForkEachJob, `confSEPARATE_PROC', `False') 499c2aa98e2SPeter Wemm 500c2aa98e2SPeter Wemm# work class factor 50106f25ae9SGregory Neil Shapiro_OPTION(ClassFactor, `confWORK_CLASS_FACTOR', `1800') 502c2aa98e2SPeter Wemm 503c2aa98e2SPeter Wemm# work time factor 50406f25ae9SGregory Neil Shapiro_OPTION(RetryFactor, `confWORK_TIME_FACTOR', `90000') 505c2aa98e2SPeter Wemm 506c2aa98e2SPeter Wemm# default character set 50706f25ae9SGregory Neil Shapiro_OPTION(DefaultCharSet, `confDEF_CHAR_SET', `iso-8859-1') 508c2aa98e2SPeter Wemm 50940266059SGregory Neil Shapiro# service switch file (name hardwired on Solaris, Ultrix, OSF/1, others) 51006f25ae9SGregory Neil Shapiro_OPTION(ServiceSwitchFile, `confSERVICE_SWITCH_FILE', `MAIL_SETTINGS_DIR`'service.switch') 511c2aa98e2SPeter Wemm 512c2aa98e2SPeter Wemm# hosts file (normally /etc/hosts) 51306f25ae9SGregory Neil Shapiro_OPTION(HostsFile, `confHOSTS_FILE', `/etc/hosts') 514c2aa98e2SPeter Wemm 515c2aa98e2SPeter Wemm# dialup line delay on connection failure 51606f25ae9SGregory Neil Shapiro_OPTION(DialDelay, `confDIAL_DELAY', `10s') 517c2aa98e2SPeter Wemm 518c2aa98e2SPeter Wemm# action to take if there are no recipients in the message 51906f25ae9SGregory Neil Shapiro_OPTION(NoRecipientAction, `confNO_RCPT_ACTION', `add-to-undisclosed') 520c2aa98e2SPeter Wemm 521c2aa98e2SPeter Wemm# chrooted environment for writing to files 52206f25ae9SGregory Neil Shapiro_OPTION(SafeFileEnvironment, `confSAFE_FILE_ENV', `/arch') 523c2aa98e2SPeter Wemm 524c2aa98e2SPeter Wemm# are colons OK in addresses? 52506f25ae9SGregory Neil Shapiro_OPTION(ColonOkInAddr, `confCOLON_OK_IN_ADDR', `True') 526c2aa98e2SPeter Wemm 527c2aa98e2SPeter Wemm# shall I avoid expanding CNAMEs (violates protocols)? 52806f25ae9SGregory Neil Shapiro_OPTION(DontExpandCnames, `confDONT_EXPAND_CNAMES', `False') 529c2aa98e2SPeter Wemm 530c2aa98e2SPeter Wemm# SMTP initial login message (old $e macro) 53106f25ae9SGregory Neil Shapiro_OPTION(SmtpGreetingMessage, `confSMTP_LOGIN_MSG', `$j Sendmail $v ready at $b') 532c2aa98e2SPeter Wemm 533c2aa98e2SPeter Wemm# UNIX initial From header format (old $l macro) 53406f25ae9SGregory Neil Shapiro_OPTION(UnixFromLine, `confFROM_LINE', `From $g $d') 535c2aa98e2SPeter Wemm 536c2aa98e2SPeter Wemm# From: lines that have embedded newlines are unwrapped onto one line 53706f25ae9SGregory Neil Shapiro_OPTION(SingleLineFromHeader, `confSINGLE_LINE_FROM_HEADER', `False') 538c2aa98e2SPeter Wemm 539c2aa98e2SPeter Wemm# Allow HELO SMTP command that does not `include' a host name 54006f25ae9SGregory Neil Shapiro_OPTION(AllowBogusHELO, `confALLOW_BOGUS_HELO', `False') 541c2aa98e2SPeter Wemm 542c2aa98e2SPeter Wemm# Characters to be quoted in a full name phrase (@,;:\()[] are automatic) 54306f25ae9SGregory Neil Shapiro_OPTION(MustQuoteChars, `confMUST_QUOTE_CHARS', `.') 544c2aa98e2SPeter Wemm 545c2aa98e2SPeter Wemm# delimiter (operator) characters (old $o macro) 54606f25ae9SGregory Neil Shapiro_OPTION(OperatorChars, `confOPERATORS', `.:@[]') 547c2aa98e2SPeter Wemm 548c2aa98e2SPeter Wemm# shall I avoid calling initgroups(3) because of high NIS costs? 54906f25ae9SGregory Neil Shapiro_OPTION(DontInitGroups, `confDONT_INIT_GROUPS', `False') 550c2aa98e2SPeter Wemm 551c2aa98e2SPeter Wemm# are group-writable `:include:' and .forward files (un)trustworthy? 55240266059SGregory Neil Shapiro# True (the default) means they are not trustworthy. 55306f25ae9SGregory Neil Shapiro_OPTION(UnsafeGroupWrites, `confUNSAFE_GROUP_WRITES', `True') 55440266059SGregory Neil Shapiroifdef(`confUNSAFE_GROUP_WRITES', 55540266059SGregory Neil Shapiro`errprint(`WARNING: confUNSAFE_GROUP_WRITES is deprecated; use confDONT_BLAME_SENDMAIL. 55640266059SGregory Neil Shapiro')') 557c2aa98e2SPeter Wemm 558c2aa98e2SPeter Wemm# where do errors that occur when sending errors get sent? 55906f25ae9SGregory Neil Shapiro_OPTION(DoubleBounceAddress, `confDOUBLE_BOUNCE_ADDRESS', `postmaster') 56006f25ae9SGregory Neil Shapiro 56106f25ae9SGregory Neil Shapiro# where to save bounces if all else fails 56206f25ae9SGregory Neil Shapiro_OPTION(DeadLetterDrop, `confDEAD_LETTER_DROP', `/var/tmp/dead.letter') 563c2aa98e2SPeter Wemm 564c2aa98e2SPeter Wemm# what user id do we assume for the majority of the processing? 56506f25ae9SGregory Neil Shapiro_OPTION(RunAsUser, `confRUN_AS_USER', `sendmail') 566c2aa98e2SPeter Wemm 567c2aa98e2SPeter Wemm# maximum number of recipients per SMTP envelope 56806f25ae9SGregory Neil Shapiro_OPTION(MaxRecipientsPerMessage, `confMAX_RCPTS_PER_MESSAGE', `100') 569c2aa98e2SPeter Wemm 57040266059SGregory Neil Shapiro# limit the rate recipients per SMTP envelope are accepted 57140266059SGregory Neil Shapiro# once the threshold number of recipients have been rejected 57240266059SGregory Neil Shapiro_OPTION(BadRcptThrottle, `confBAD_RCPT_THROTTLE', `20') 57340266059SGregory Neil Shapiro 574c2aa98e2SPeter Wemm# shall we get local names from our installed interfaces? 57506f25ae9SGregory Neil Shapiro_OPTION(DontProbeInterfaces, `confDONT_PROBE_INTERFACES', `False') 576c2aa98e2SPeter Wemm 57706f25ae9SGregory Neil Shapiro# Return-Receipt-To: header implies DSN request 57806f25ae9SGregory Neil Shapiro_OPTION(RrtImpliesDsn, `confRRT_IMPLIES_DSN', `False') 57906f25ae9SGregory Neil Shapiro 58006f25ae9SGregory Neil Shapiro# override connection address (for testing) 58106f25ae9SGregory Neil Shapiro_OPTION(ConnectOnlyTo, `confCONNECT_ONLY_TO', `0.0.0.0') 58206f25ae9SGregory Neil Shapiro 58306f25ae9SGregory Neil Shapiro# Trusted user for file ownership and starting the daemon 58406f25ae9SGregory Neil Shapiro_OPTION(TrustedUser, `confTRUSTED_USER', `root') 58506f25ae9SGregory Neil Shapiro 58606f25ae9SGregory Neil Shapiro# Control socket for daemon management 58706f25ae9SGregory Neil Shapiro_OPTION(ControlSocketName, `confCONTROL_SOCKET_NAME', `/var/spool/mqueue/.control') 58806f25ae9SGregory Neil Shapiro 58906f25ae9SGregory Neil Shapiro# Maximum MIME header length to protect MUAs 5905ef517c0SGregory Neil Shapiro_OPTION(MaxMimeHeaderLength, `confMAX_MIME_HEADER_LENGTH', `2048/1024') 59106f25ae9SGregory Neil Shapiro 59206f25ae9SGregory Neil Shapiro# Maximum length of the sum of all headers 59306f25ae9SGregory Neil Shapiro_OPTION(MaxHeadersLength, `confMAX_HEADERS_LENGTH', `32768') 59406f25ae9SGregory Neil Shapiro 59506f25ae9SGregory Neil Shapiro# Maximum depth of alias recursion 59606f25ae9SGregory Neil Shapiro_OPTION(MaxAliasRecursion, `confMAX_ALIAS_RECURSION', `10') 59706f25ae9SGregory Neil Shapiro 59806f25ae9SGregory Neil Shapiro# location of pid file 59906f25ae9SGregory Neil Shapiro_OPTION(PidFile, `confPID_FILE', `/var/run/sendmail.pid') 60006f25ae9SGregory Neil Shapiro 60106f25ae9SGregory Neil Shapiro# Prefix string for the process title shown on 'ps' listings 60206f25ae9SGregory Neil Shapiro_OPTION(ProcessTitlePrefix, `confPROCESS_TITLE_PREFIX', `prefix') 60306f25ae9SGregory Neil Shapiro 60406f25ae9SGregory Neil Shapiro# Data file (df) memory-buffer file maximum size 60506f25ae9SGregory Neil Shapiro_OPTION(DataFileBufferSize, `confDF_BUFFER_SIZE', `4096') 60606f25ae9SGregory Neil Shapiro 60706f25ae9SGregory Neil Shapiro# Transcript file (xf) memory-buffer file maximum size 60806f25ae9SGregory Neil Shapiro_OPTION(XscriptFileBufferSize, `confXF_BUFFER_SIZE', `4096') 60906f25ae9SGregory Neil Shapiro 61040266059SGregory Neil Shapiro# lookup type to find information about local mailboxes 61140266059SGregory Neil Shapiro_OPTION(MailboxDatabase, `confMAILBOX_DATABASE', `pw') 61240266059SGregory Neil Shapiro 61306f25ae9SGregory Neil Shapiro# list of authentication mechanisms 61440266059SGregory Neil Shapiro_OPTION(AuthMechanisms, `confAUTH_MECHANISMS', `EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5') 61506f25ae9SGregory Neil Shapiro 61606f25ae9SGregory Neil Shapiro# default authentication information for outgoing connections 61706f25ae9SGregory Neil Shapiro_OPTION(DefaultAuthInfo, `confDEF_AUTH_INFO', `MAIL_SETTINGS_DIR`'default-auth-info') 61806f25ae9SGregory Neil Shapiro 61906f25ae9SGregory Neil Shapiro# SMTP AUTH flags 62006f25ae9SGregory Neil Shapiro_OPTION(AuthOptions, `confAUTH_OPTIONS', `') 62106f25ae9SGregory Neil Shapiro 62240266059SGregory Neil Shapiro# SMTP AUTH maximum encryption strength 62340266059SGregory Neil Shapiro_OPTION(AuthMaxBits, `confAUTH_MAX_BITS', `') 62440266059SGregory Neil Shapiro 62540266059SGregory Neil Shapiro# SMTP STARTTLS server options 62640266059SGregory Neil Shapiro_OPTION(TLSSrvOptions, `confTLS_SRV_OPTIONS', `') 62740266059SGregory Neil Shapiro 62806f25ae9SGregory Neil Shapiro# Input mail filters 62906f25ae9SGregory Neil Shapiro_OPTION(InputMailFilters, `confINPUT_MAIL_FILTERS', `') 63006f25ae9SGregory Neil Shapiro 631739ac4d4SGregory Neil Shapiroifelse(len(X`'_MAIL_FILTERS_DEF), `1', `dnl', `dnl 63206f25ae9SGregory Neil Shapiro# Milter options 63340266059SGregory Neil Shapiro_OPTION(Milter.LogLevel, `confMILTER_LOG_LEVEL', `') 63406f25ae9SGregory Neil Shapiro_OPTION(Milter.macros.connect, `confMILTER_MACROS_CONNECT', `') 63506f25ae9SGregory Neil Shapiro_OPTION(Milter.macros.helo, `confMILTER_MACROS_HELO', `') 63606f25ae9SGregory Neil Shapiro_OPTION(Milter.macros.envfrom, `confMILTER_MACROS_ENVFROM', `') 637323f6dcbSGregory Neil Shapiro_OPTION(Milter.macros.envrcpt, `confMILTER_MACROS_ENVRCPT', `') 638323f6dcbSGregory Neil Shapiro') 63906f25ae9SGregory Neil Shapiro 64006f25ae9SGregory Neil Shapiro# CA directory 64113bd1963SGregory Neil Shapiro_OPTION(CACertPath, `confCACERT_PATH', `') 64206f25ae9SGregory Neil Shapiro# CA file 64313bd1963SGregory Neil Shapiro_OPTION(CACertFile, `confCACERT', `') 64406f25ae9SGregory Neil Shapiro# Server Cert 64506f25ae9SGregory Neil Shapiro_OPTION(ServerCertFile, `confSERVER_CERT', `') 64606f25ae9SGregory Neil Shapiro# Server private key 64706f25ae9SGregory Neil Shapiro_OPTION(ServerKeyFile, `confSERVER_KEY', `') 64806f25ae9SGregory Neil Shapiro# Client Cert 64906f25ae9SGregory Neil Shapiro_OPTION(ClientCertFile, `confCLIENT_CERT', `') 65006f25ae9SGregory Neil Shapiro# Client private key 65106f25ae9SGregory Neil Shapiro_OPTION(ClientKeyFile, `confCLIENT_KEY', `') 65206f25ae9SGregory Neil Shapiro# DHParameters (only required if DSA/DH is used) 65306f25ae9SGregory Neil Shapiro_OPTION(DHParameters, `confDH_PARAMETERS', `') 65406f25ae9SGregory Neil Shapiro# Random data source (required for systems without /dev/urandom under OpenSSL) 65506f25ae9SGregory Neil Shapiro_OPTION(RandFile, `confRAND_FILE', `') 65606f25ae9SGregory Neil Shapiro 65740266059SGregory Neil Shapiro############################ 65840266059SGregory Neil Shapiro`# QUEUE GROUP DEFINITIONS #' 65940266059SGregory Neil Shapiro############################ 66040266059SGregory Neil Shapiro_QUEUE_GROUP_ 661065a643dSPeter Wemm 662c2aa98e2SPeter Wemm########################### 663c2aa98e2SPeter Wemm# Message precedences # 664c2aa98e2SPeter Wemm########################### 665c2aa98e2SPeter Wemm 666c2aa98e2SPeter WemmPfirst-class=0 667c2aa98e2SPeter WemmPspecial-delivery=100 668c2aa98e2SPeter WemmPlist=-30 669c2aa98e2SPeter WemmPbulk=-60 670c2aa98e2SPeter WemmPjunk=-100 671c2aa98e2SPeter Wemm 672c2aa98e2SPeter Wemm##################### 673c2aa98e2SPeter Wemm# Trusted users # 674c2aa98e2SPeter Wemm##################### 675c2aa98e2SPeter Wemm 676c2aa98e2SPeter Wemm# this is equivalent to setting class "t" 67706f25ae9SGregory Neil Shapiroifdef(`_USE_CT_FILE_', `', `#')Ft`'ifdef(`confCT_FILE', confCT_FILE, `MAIL_SETTINGS_DIR`'trusted-users') 678c2aa98e2SPeter WemmTroot 679c2aa98e2SPeter WemmTdaemon 680c2aa98e2SPeter Wemmifdef(`_NO_UUCP_', `dnl', `Tuucp') 681c2aa98e2SPeter Wemmifdef(`confTRUSTED_USERS', `T`'confTRUSTED_USERS', `dnl') 682c2aa98e2SPeter Wemm 683c2aa98e2SPeter Wemm######################### 684c2aa98e2SPeter Wemm# Format of headers # 685c2aa98e2SPeter Wemm######################### 686c2aa98e2SPeter Wemm 687c2aa98e2SPeter Wemmifdef(`confFROM_HEADER',, `define(`confFROM_HEADER', `$?x$x <$g>$|$g$.')')dnl 688c2aa98e2SPeter WemmH?P?Return-Path: <$g> 689c2aa98e2SPeter WemmHReceived: confRECEIVED_HEADER 690c2aa98e2SPeter WemmH?D?Resent-Date: $a 691c2aa98e2SPeter WemmH?D?Date: $a 692c2aa98e2SPeter WemmH?F?Resent-From: confFROM_HEADER 693c2aa98e2SPeter WemmH?F?From: confFROM_HEADER 694c2aa98e2SPeter WemmH?x?Full-Name: $x 695c2aa98e2SPeter Wemm# HPosted-Date: $a 696c2aa98e2SPeter Wemm# H?l?Received-Date: $b 697c2aa98e2SPeter WemmH?M?Resent-Message-Id: <$t.$i@$j> 698c2aa98e2SPeter WemmH?M?Message-Id: <$t.$i@$j> 69906f25ae9SGregory Neil Shapiro 700c2aa98e2SPeter Wemm# 701c2aa98e2SPeter Wemm###################################################################### 702c2aa98e2SPeter Wemm###################################################################### 703c2aa98e2SPeter Wemm##### 704c2aa98e2SPeter Wemm##### REWRITING RULES 705c2aa98e2SPeter Wemm##### 706c2aa98e2SPeter Wemm###################################################################### 707c2aa98e2SPeter Wemm###################################################################### 708c2aa98e2SPeter Wemm 709c2aa98e2SPeter Wemm############################################ 710c2aa98e2SPeter Wemm### Ruleset 3 -- Name Canonicalization ### 711c2aa98e2SPeter Wemm############################################ 71206f25ae9SGregory Neil ShapiroScanonify=3 713c2aa98e2SPeter Wemm 714c2aa98e2SPeter Wemm# handle null input (translate to <@> special case) 715c2aa98e2SPeter WemmR$@ $@ <@> 716c2aa98e2SPeter Wemm 717c2aa98e2SPeter Wemm# strip group: syntax (not inside angle brackets!) and trailing semicolon 718c2aa98e2SPeter WemmR$* $: $1 <@> mark addresses 719c2aa98e2SPeter WemmR$* < $* > $* <@> $: $1 < $2 > $3 unmark <addr> 720c2aa98e2SPeter WemmR@ $* <@> $: @ $1 unmark @host:... 72140266059SGregory Neil ShapiroR$* [ IPv6 : $+ ] <@> $: $1 [ IPv6 : $2 ] unmark IPv6 addr 722c2aa98e2SPeter WemmR$* :: $* <@> $: $1 :: $2 unmark node::addr 723c2aa98e2SPeter WemmR:`include': $* <@> $: :`include': $1 unmark :`include':... 724c2aa98e2SPeter WemmR$* : $* [ $* ] $: $1 : $2 [ $3 ] <@> remark if leading colon 725c2aa98e2SPeter WemmR$* : $* <@> $: $2 strip colon if marked 726c2aa98e2SPeter WemmR$* <@> $: $1 unmark 727c2aa98e2SPeter WemmR$* ; $1 strip trailing semi 728193538b7SGregory Neil ShapiroR$* < $+ :; > $* $@ $2 :; <@> catch <list:;> 729c2aa98e2SPeter WemmR$* < $* ; > $1 < $2 > bogus bracketed semi 730c2aa98e2SPeter Wemm 731c2aa98e2SPeter Wemm# null input now results from list:; syntax 732c2aa98e2SPeter WemmR$@ $@ :; <@> 733c2aa98e2SPeter Wemm 734c2aa98e2SPeter Wemm# strip angle brackets -- note RFC733 heuristic to get innermost item 735c2aa98e2SPeter WemmR$* $: < $1 > housekeeping <> 736c2aa98e2SPeter WemmR$+ < $* > < $2 > strip excess on left 737c2aa98e2SPeter WemmR< $* > $+ < $1 > strip excess on right 738c2aa98e2SPeter WemmR<> $@ < @ > MAIL FROM:<> case 739c2aa98e2SPeter WemmR< $+ > $: $1 remove housekeeping <> 740c2aa98e2SPeter Wemm 74106f25ae9SGregory Neil Shapiroifdef(`_USE_DEPRECATED_ROUTE_ADDR_',`dnl 742c2aa98e2SPeter Wemm# make sure <@a,@b,@c:user@d> syntax is easy to parse -- undone later 743c2aa98e2SPeter WemmR@ $+ , $+ @ $1 : $2 change all "," to ":" 744c2aa98e2SPeter Wemm 745c2aa98e2SPeter Wemm# localize and dispose of route-based addresses 74640266059SGregory Neil Shapirodnl XXX: IPv6 colon conflict 74740266059SGregory Neil Shapiroifdef(`NO_NETINET6', `dnl', 74840266059SGregory Neil Shapiro`R@ [$+] : $+ $@ $>Canonify2 < @ [$1] > : $2 handle <route-addr>') 74906f25ae9SGregory Neil ShapiroR@ $+ : $+ $@ $>Canonify2 < @$1 > : $2 handle <route-addr> 75006f25ae9SGregory Neil Shapirodnl',`dnl 75106f25ae9SGregory Neil Shapiro# strip route address <@a,@b,@c:user@d> -> <user@d> 75206f25ae9SGregory Neil ShapiroR@ $+ , $+ $2 75340266059SGregory Neil Shapiroifdef(`NO_NETINET6', `dnl', 75440266059SGregory Neil Shapiro`R@ [ $* ] : $+ $2') 75506f25ae9SGregory Neil ShapiroR@ $+ : $+ $2 75606f25ae9SGregory Neil Shapirodnl') 757c2aa98e2SPeter Wemm 758c2aa98e2SPeter Wemm# find focus for list syntax 75906f25ae9SGregory Neil ShapiroR $+ : $* ; @ $+ $@ $>Canonify2 $1 : $2 ; < @ $3 > list syntax 760c2aa98e2SPeter WemmR $+ : $* ; $@ $1 : $2; list syntax 761c2aa98e2SPeter Wemm 762c2aa98e2SPeter Wemm# find focus for @ syntax addresses 763c2aa98e2SPeter WemmR$+ @ $+ $: $1 < @ $2 > focus on domain 764c2aa98e2SPeter WemmR$+ < $+ @ $+ > $1 $2 < @ $3 > move gaze right 76506f25ae9SGregory Neil ShapiroR$+ < @ $+ > $@ $>Canonify2 $1 < @ $2 > already canonical 766c2aa98e2SPeter Wemm 76740266059SGregory Neil Shapirodnl This is flagged as an error in S0; no need to silently fix it here. 76840266059SGregory Neil Shapirodnl # do some sanity checking 76940266059SGregory Neil Shapirodnl R$* < @ $~[ $* : $* > $* $1 < @ $2 $3 > $4 nix colons in addrs 770c2aa98e2SPeter Wemm 771c2aa98e2SPeter Wemmifdef(`_NO_UUCP_', `dnl', 772c2aa98e2SPeter Wemm`# convert old-style addresses to a domain-based address 77306f25ae9SGregory Neil ShapiroR$- ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > resolve uucp names 77406f25ae9SGregory Neil ShapiroR$+ . $- ! $+ $@ $>Canonify2 $3 < @ $1 . $2 > domain uucps 77506f25ae9SGregory Neil ShapiroR$+ ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > uucp subdomains 776c2aa98e2SPeter Wemm') 777c2aa98e2SPeter Wemmifdef(`_USE_DECNET_SYNTAX_', 778c2aa98e2SPeter Wemm`# convert node::user addresses into a domain-based address 77906f25ae9SGregory Neil ShapiroR$- :: $+ $@ $>Canonify2 $2 < @ $1 .DECNET > resolve DECnet names 78006f25ae9SGregory Neil ShapiroR$- . $- :: $+ $@ $>Canonify2 $3 < @ $1.$2 .DECNET > numeric DECnet addr 781c2aa98e2SPeter Wemm', 782c2aa98e2SPeter Wemm `dnl') 783c2aa98e2SPeter Wemm# if we have % signs, take the rightmost one 784c2aa98e2SPeter WemmR$* % $* $1 @ $2 First make them all @s. 785c2aa98e2SPeter WemmR$* @ $* @ $* $1 % $2 @ $3 Undo all but the last. 78606f25ae9SGregory Neil ShapiroR$* @ $* $@ $>Canonify2 $1 < @ $2 > Insert < > and finish 787c2aa98e2SPeter Wemm 788c2aa98e2SPeter Wemm# else we must be a local name 78906f25ae9SGregory Neil ShapiroR$* $@ $>Canonify2 $1 790c2aa98e2SPeter Wemm 791c2aa98e2SPeter Wemm 792c2aa98e2SPeter Wemm################################################ 793c2aa98e2SPeter Wemm### Ruleset 96 -- bottom half of ruleset 3 ### 794c2aa98e2SPeter Wemm################################################ 795c2aa98e2SPeter Wemm 79606f25ae9SGregory Neil ShapiroSCanonify2=96 797c2aa98e2SPeter Wemm 798c2aa98e2SPeter Wemm# handle special cases for local names 799c2aa98e2SPeter WemmR$* < @ localhost > $* $: $1 < @ $j . > $2 no domain at all 800c2aa98e2SPeter WemmR$* < @ localhost . $m > $* $: $1 < @ $j . > $2 local domain 801c2aa98e2SPeter Wemmifdef(`_NO_UUCP_', `dnl', 802c2aa98e2SPeter Wemm`R$* < @ localhost . UUCP > $* $: $1 < @ $j . > $2 .UUCP domain') 80306f25ae9SGregory Neil Shapiro 80440266059SGregory Neil Shapiro# check for IPv4/IPv6 domain literal 80540266059SGregory Neil ShapiroR$* < @ [ $+ ] > $* $: $1 < @@ [ $2 ] > $3 mark [addr] 806c2aa98e2SPeter WemmR$* < @@ $=w > $* $: $1 < @ $j . > $3 self-literal 807c2aa98e2SPeter WemmR$* < @@ $+ > $* $@ $1 < @ $2 > $3 canon IP addr 808c2aa98e2SPeter Wemm 80906f25ae9SGregory Neil Shapiroifdef(`_DOMAIN_TABLE_', `dnl 810c2aa98e2SPeter Wemm# look up domains in the domain table 811c2aa98e2SPeter WemmR$* < @ $+ > $* $: $1 < @ $(domaintable $2 $) > $3', `dnl') 812c2aa98e2SPeter Wemm 81306f25ae9SGregory Neil Shapiroundivert(2)dnl LOCAL_RULE_3 814c2aa98e2SPeter Wemm 81506f25ae9SGregory Neil Shapiroifdef(`_BITDOMAIN_TABLE_', `dnl 816c2aa98e2SPeter Wemm# handle BITNET mapping 817c2aa98e2SPeter WemmR$* < @ $+ .BITNET > $* $: $1 < @ $(bitdomain $2 $: $2.BITNET $) > $3', `dnl') 818c2aa98e2SPeter Wemm 81906f25ae9SGregory Neil Shapiroifdef(`_UUDOMAIN_TABLE_', `dnl 820c2aa98e2SPeter Wemm# handle UUCP mapping 821c2aa98e2SPeter WemmR$* < @ $+ .UUCP > $* $: $1 < @ $(uudomain $2 $: $2.UUCP $) > $3', `dnl') 822c2aa98e2SPeter Wemm 823c2aa98e2SPeter Wemmifdef(`_NO_UUCP_', `dnl', 824c2aa98e2SPeter Wemm`ifdef(`UUCP_RELAY', 825c2aa98e2SPeter Wemm`# pass UUCP addresses straight through 826c2aa98e2SPeter WemmR$* < @ $+ . UUCP > $* $@ $1 < @ $2 . UUCP . > $3', 827c2aa98e2SPeter Wemm`# if really UUCP, handle it immediately 828c2aa98e2SPeter Wemmifdef(`_CLASS_U_', 829c2aa98e2SPeter Wemm`R$* < @ $=U . UUCP > $* $@ $1 < @ $2 . UUCP . > $3', `dnl') 830c2aa98e2SPeter Wemmifdef(`_CLASS_V_', 831c2aa98e2SPeter Wemm`R$* < @ $=V . UUCP > $* $@ $1 < @ $2 . UUCP . > $3', `dnl') 832c2aa98e2SPeter Wemmifdef(`_CLASS_W_', 833c2aa98e2SPeter Wemm`R$* < @ $=W . UUCP > $* $@ $1 < @ $2 . UUCP . > $3', `dnl') 834c2aa98e2SPeter Wemmifdef(`_CLASS_X_', 835c2aa98e2SPeter Wemm`R$* < @ $=X . UUCP > $* $@ $1 < @ $2 . UUCP . > $3', `dnl') 836c2aa98e2SPeter Wemmifdef(`_CLASS_Y_', 837c2aa98e2SPeter Wemm`R$* < @ $=Y . UUCP > $* $@ $1 < @ $2 . UUCP . > $3', `dnl') 838c2aa98e2SPeter Wemm 839c2aa98e2SPeter Wemmifdef(`_NO_CANONIFY_', `dnl', `dnl 840c2aa98e2SPeter Wemm# try UUCP traffic as a local address 841c2aa98e2SPeter WemmR$* < @ $+ . UUCP > $* $: $1 < @ $[ $2 $] . UUCP . > $3 842c2aa98e2SPeter WemmR$* < @ $+ . . UUCP . > $* $@ $1 < @ $2 . > $3') 843c2aa98e2SPeter Wemm')') 84406f25ae9SGregory Neil Shapiro# hostnames ending in class P are always canonical 84506f25ae9SGregory Neil ShapiroR$* < @ $* $=P > $* $: $1 < @ $2 $3 . > $4 84606f25ae9SGregory Neil Shapirodnl apply the next rule only for hostnames not in class P 84706f25ae9SGregory Neil Shapirodnl this even works for phrases in class P since . is in class P 84806f25ae9SGregory Neil Shapirodnl which daemon flags are set? 84906f25ae9SGregory Neil ShapiroR$* < @ $* $~P > $* $: $&{daemon_flags} $| $1 < @ $2 $3 > $4 85006f25ae9SGregory Neil Shapirodnl the other rules in this section only apply if the hostname 85106f25ae9SGregory Neil Shapirodnl does not end in class P hence no further checks are done here 85206f25ae9SGregory Neil Shapirodnl if this ever changes make sure the lookups are "protected" again! 85306f25ae9SGregory Neil Shapiroifdef(`_NO_CANONIFY_', `dnl 85406f25ae9SGregory Neil Shapirodnl do not canonify unless: 85506f25ae9SGregory Neil Shapirodnl domain ends in class {Canonify} (this does not work if the intersection 85606f25ae9SGregory Neil Shapirodnl with class P is non-empty) 85706f25ae9SGregory Neil Shapirodnl or {daemon_flags} has c set 85806f25ae9SGregory Neil Shapiro# pass to name server to make hostname canonical if in class {Canonify} 85906f25ae9SGregory Neil ShapiroR$* $| $* < @ $* $={Canonify} > $* $: $2 < @ $[ $3 $4 $] > $5 86006f25ae9SGregory Neil Shapiro# pass to name server to make hostname canonical if requested 86106f25ae9SGregory Neil ShapiroR$* c $* $| $* < @ $* > $* $: $3 < @ $[ $4 $] > $5 86206f25ae9SGregory Neil Shapirodnl trailing dot? -> do not apply _CANONIFY_HOSTS_ 86306f25ae9SGregory Neil ShapiroR$* $| $* < @ $+ . > $* $: $2 < @ $3 . > $4 86406f25ae9SGregory Neil Shapiro# add a trailing dot to qualified hostnames so other rules will work 86506f25ae9SGregory Neil ShapiroR$* $| $* < @ $+.$+ > $* $: $2 < @ $3.$4 . > $5 86606f25ae9SGregory Neil Shapiroifdef(`_CANONIFY_HOSTS_', `dnl 86706f25ae9SGregory Neil Shapirodnl this should only apply to unqualified hostnames 86806f25ae9SGregory Neil Shapirodnl but if a valid character inside an unqualified hostname is an OperatorChar 86906f25ae9SGregory Neil Shapirodnl then $- does not work. 87006f25ae9SGregory Neil Shapiro# lookup unqualified hostnames 87106f25ae9SGregory Neil ShapiroR$* $| $* < @ $* > $* $: $2 < @ $[ $3 $] > $4', `dnl')', `dnl 87206f25ae9SGregory Neil Shapirodnl _NO_CANONIFY_ is not set: canonify unless: 87306f25ae9SGregory Neil Shapirodnl {daemon_flags} contains CC (do not canonify) 874193538b7SGregory Neil Shapirodnl but add a trailing dot to qualified hostnames so other rules will work 875193538b7SGregory Neil Shapirodnl should we do this for every hostname: even unqualified? 876193538b7SGregory Neil ShapiroR$* CC $* $| $* < @ $+.$+ > $* $: $3 < @ $4.$5 . > $6 87706f25ae9SGregory Neil ShapiroR$* CC $* $| $* $: $3 87840266059SGregory Neil Shapiroifdef(`_FFR_NOCANONIFY_HEADERS', `dnl 87940266059SGregory Neil Shapiro# do not canonify header addresses 88040266059SGregory Neil ShapiroR$* $| $* < @ $* $~P > $* $: $&{addr_type} $| $2 < @ $3 $4 > $5 88140266059SGregory Neil ShapiroR$* h $* $| $* < @ $+.$+ > $* $: $3 < @ $4.$5 . > $6 88240266059SGregory Neil ShapiroR$* h $* $| $* $: $3', `dnl') 883c2aa98e2SPeter Wemm# pass to name server to make hostname canonical 88406f25ae9SGregory Neil ShapiroR$* $| $* < @ $* > $* $: $2 < @ $[ $3 $] > $4') 88506f25ae9SGregory Neil Shapirodnl remove {daemon_flags} for other cases 88606f25ae9SGregory Neil ShapiroR$* $| $* $: $2 887c2aa98e2SPeter Wemm 888c2aa98e2SPeter Wemm# local host aliases and pseudo-domains are always canonical 889c2aa98e2SPeter WemmR$* < @ $=w > $* $: $1 < @ $2 . > $3 890c2aa98e2SPeter Wemmifdef(`_MASQUERADE_ENTIRE_DOMAIN_', 891c2aa98e2SPeter Wemm`R$* < @ $* $=M > $* $: $1 < @ $2 $3 . > $4', 892c2aa98e2SPeter Wemm`R$* < @ $=M > $* $: $1 < @ $2 . > $3') 89306f25ae9SGregory Neil Shapiroifdef(`_VIRTUSER_TABLE_', `dnl 89406f25ae9SGregory Neil Shapirodnl virtual hosts are also canonical 89506f25ae9SGregory Neil Shapiroifdef(`_VIRTUSER_ENTIRE_DOMAIN_', 89606f25ae9SGregory Neil Shapiro`R$* < @ $* $={VirtHost} > $* $: $1 < @ $2 $3 . > $4', 89706f25ae9SGregory Neil Shapiro`R$* < @ $={VirtHost} > $* $: $1 < @ $2 . > $3')', 89806f25ae9SGregory Neil Shapiro`dnl') 89940266059SGregory Neil Shapiroifdef(`_GENERICS_TABLE_', `dnl 90040266059SGregory Neil Shapirodnl hosts for genericstable are also canonical 90140266059SGregory Neil Shapiroifdef(`_GENERICS_ENTIRE_DOMAIN_', 90240266059SGregory Neil Shapiro`R$* < @ $* $=G > $* $: $1 < @ $2 $3 . > $4', 90340266059SGregory Neil Shapiro`R$* < @ $=G > $* $: $1 < @ $2 . > $3')', 90440266059SGregory Neil Shapiro`dnl') 90506f25ae9SGregory Neil Shapirodnl remove superfluous dots (maybe repeatedly) which may have been added 90606f25ae9SGregory Neil Shapirodnl by one of the rules before 907c2aa98e2SPeter WemmR$* < @ $* . . > $* $1 < @ $2 . > $3 908c2aa98e2SPeter Wemm 909c2aa98e2SPeter Wemm 910c2aa98e2SPeter Wemm################################################## 911c2aa98e2SPeter Wemm### Ruleset 4 -- Final Output Post-rewriting ### 912c2aa98e2SPeter Wemm################################################## 91306f25ae9SGregory Neil ShapiroSfinal=4 914c2aa98e2SPeter Wemm 915193538b7SGregory Neil ShapiroR$+ :; <@> $@ $1 : handle <list:;> 916c2aa98e2SPeter WemmR$* <@> $@ handle <> and list:; 917c2aa98e2SPeter Wemm 918c2aa98e2SPeter Wemm# strip trailing dot off possibly canonical name 919c2aa98e2SPeter WemmR$* < @ $+ . > $* $1 < @ $2 > $3 920c2aa98e2SPeter Wemm 92106f25ae9SGregory Neil Shapiro# eliminate internal code 922c2aa98e2SPeter WemmR$* < @ *LOCAL* > $* $1 < @ $j > $2 923c2aa98e2SPeter Wemm 924c2aa98e2SPeter Wemm# externalize local domain info 925c2aa98e2SPeter WemmR$* < $+ > $* $1 $2 $3 defocus 926c2aa98e2SPeter WemmR@ $+ : @ $+ : $+ @ $1 , @ $2 : $3 <route-addr> canonical 927c2aa98e2SPeter WemmR@ $* $@ @ $1 ... and exit 928c2aa98e2SPeter Wemm 929c2aa98e2SPeter Wemmifdef(`_NO_UUCP_', `dnl', 930c2aa98e2SPeter Wemm`# UUCP must always be presented in old form 931c2aa98e2SPeter WemmR$+ @ $- . UUCP $2!$1 u@h.UUCP => h!u') 932c2aa98e2SPeter Wemm 933c2aa98e2SPeter Wemmifdef(`_USE_DECNET_SYNTAX_', 934c2aa98e2SPeter Wemm`# put DECnet back in :: form 935c2aa98e2SPeter WemmR$+ @ $+ . DECNET $2 :: $1 u@h.DECNET => h::u', 936c2aa98e2SPeter Wemm `dnl') 937c2aa98e2SPeter Wemm# delete duplicate local names 938c2aa98e2SPeter WemmR$+ % $=w @ $=w $1 @ $2 u%host@host => u@host 939c2aa98e2SPeter Wemm 940c2aa98e2SPeter Wemm 941c2aa98e2SPeter Wemm 942c2aa98e2SPeter Wemm############################################################## 943c2aa98e2SPeter Wemm### Ruleset 97 -- recanonicalize and call ruleset zero ### 944c2aa98e2SPeter Wemm### (used for recursive calls) ### 945c2aa98e2SPeter Wemm############################################################## 946c2aa98e2SPeter Wemm 94706f25ae9SGregory Neil ShapiroSRecurse=97 94806f25ae9SGregory Neil ShapiroR$* $: $>canonify $1 94906f25ae9SGregory Neil ShapiroR$* $@ $>parse $1 950c2aa98e2SPeter Wemm 951c2aa98e2SPeter Wemm 952c2aa98e2SPeter Wemm###################################### 953c2aa98e2SPeter Wemm### Ruleset 0 -- Parse Address ### 954c2aa98e2SPeter Wemm###################################### 955c2aa98e2SPeter Wemm 95606f25ae9SGregory Neil ShapiroSparse=0 957c2aa98e2SPeter Wemm 958c2aa98e2SPeter WemmR$* $: $>Parse0 $1 initial parsing 959c2aa98e2SPeter WemmR<@> $#_LOCAL_ $: <@> special case error msgs 96006f25ae9SGregory Neil ShapiroR$* $: $>ParseLocal $1 handle local hacks 961c2aa98e2SPeter WemmR$* $: $>Parse1 $1 final parsing 962c2aa98e2SPeter Wemm 963c2aa98e2SPeter Wemm# 964c2aa98e2SPeter Wemm# Parse0 -- do initial syntax checking and eliminate local addresses. 965c2aa98e2SPeter Wemm# This should either return with the (possibly modified) input 966c2aa98e2SPeter Wemm# or return with a #error mailer. It should not return with a 967c2aa98e2SPeter Wemm# #mailer other than the #error mailer. 968c2aa98e2SPeter Wemm# 969c2aa98e2SPeter Wemm 970c2aa98e2SPeter WemmSParse0 971c2aa98e2SPeter WemmR<@> $@ <@> special case error msgs 97240266059SGregory Neil ShapiroR$* : $* ; <@> $#error $@ 5.1.3 $: "_CODE553 List:; syntax illegal for recipient addresses" 97306f25ae9SGregory Neil ShapiroR@ <@ $* > < @ $1 > catch "@@host" bogosity 97440266059SGregory Neil ShapiroR<@ $+> $#error $@ 5.1.3 $: "_CODE553 User address required" 97540266059SGregory Neil ShapiroR$+ <@> $#error $@ 5.1.3 $: "_CODE553 Hostname required" 976c2aa98e2SPeter WemmR$* $: <> $1 97740266059SGregory Neil Shapirodnl allow tricks like [host1]:[host2] 97840266059SGregory Neil ShapiroR<> $* < @ [ $* ] : $+ > $* $1 < @ [ $2 ] : $3 > $4 97940266059SGregory Neil ShapiroR<> $* < @ [ $* ] , $+ > $* $1 < @ [ $2 ] , $3 > $4 98040266059SGregory Neil Shapirodnl but no a@[b]c 98140266059SGregory Neil ShapiroR<> $* < @ [ $* ] $+ > $* $#error $@ 5.1.2 $: "_CODE553 Invalid address" 982c2aa98e2SPeter WemmR<> $* < @ [ $+ ] > $* $1 < @ [ $2 ] > $3 98340266059SGregory Neil ShapiroR<> $* <$* : $* > $* $#error $@ 5.1.3 $: "_CODE553 Colon illegal in host name part" 984c2aa98e2SPeter WemmR<> $* $1 98540266059SGregory Neil ShapiroR$* < @ . $* > $* $#error $@ 5.1.2 $: "_CODE553 Invalid host name" 98640266059SGregory Neil ShapiroR$* < @ $* .. $* > $* $#error $@ 5.1.2 $: "_CODE553 Invalid host name" 98740266059SGregory Neil Shapirodnl no a@b@ 98840266059SGregory Neil ShapiroR$* < @ $* @ > $* $#error $@ 5.1.2 $: "_CODE553 Invalid route address" 98940266059SGregory Neil Shapirodnl no a@b@c 99040266059SGregory Neil ShapiroR$* @ $* < @ $* > $* $#error $@ 5.1.3 $: "_CODE553 Invalid route address" 99106f25ae9SGregory Neil Shapirodnl comma only allowed before @; this check is not complete 99240266059SGregory Neil ShapiroR$* , $~O $* $#error $@ 5.1.3 $: "_CODE553 Invalid route address" 99340266059SGregory Neil Shapiro 99440266059SGregory Neil Shapiroifdef(`_STRICT_RFC821_', `# more RFC 821 checks 99540266059SGregory Neil ShapiroR$* . < @ $* > $* $#error $@ 5.1.2 $: "_CODE553 Local part must not end with a dot" 99640266059SGregory Neil ShapiroR. $* < @ $* > $* $#error $@ 5.1.2 $: "_CODE553 Local part must not begin with a dot" 99740266059SGregory Neil Shapirodnl', `dnl') 998c2aa98e2SPeter Wemm 999c2aa98e2SPeter Wemm# now delete the local info -- note $=O to find characters that cause forwarding 100006f25ae9SGregory Neil ShapiroR$* < @ > $* $@ $>Parse0 $>canonify $1 user@ => user 100106f25ae9SGregory Neil ShapiroR< @ $=w . > : $* $@ $>Parse0 $>canonify $2 @here:... -> ... 1002c2aa98e2SPeter WemmR$- < @ $=w . > $: $(dequote $1 $) < @ $2 . > dequote "foo"@here 100340266059SGregory Neil ShapiroR< @ $+ > $#error $@ 5.1.3 $: "_CODE553 User address required" 100406f25ae9SGregory Neil ShapiroR$* $=O $* < @ $=w . > $@ $>Parse0 $>canonify $1 $2 $3 ...@here -> ... 1005c2aa98e2SPeter WemmR$- $: $(dequote $1 $) < @ *LOCAL* > dequote "foo" 100640266059SGregory Neil ShapiroR< @ *LOCAL* > $#error $@ 5.1.3 $: "_CODE553 User address required" 1007c2aa98e2SPeter WemmR$* $=O $* < @ *LOCAL* > 100806f25ae9SGregory Neil Shapiro $@ $>Parse0 $>canonify $1 $2 $3 ...@*LOCAL* -> ... 1009c2aa98e2SPeter WemmR$* < @ *LOCAL* > $: $1 1010c2aa98e2SPeter Wemm 1011c2aa98e2SPeter Wemm# 1012c2aa98e2SPeter Wemm# Parse1 -- the bottom half of ruleset 0. 1013c2aa98e2SPeter Wemm# 1014c2aa98e2SPeter Wemm 1015c2aa98e2SPeter WemmSParse1 101606f25ae9SGregory Neil Shapiroifdef(`_LDAP_ROUTING_', `dnl 101706f25ae9SGregory Neil Shapiro# handle LDAP routing for hosts in $={LDAPRoute} 101840266059SGregory Neil ShapiroR$+ < @ $={LDAPRoute} . > $: $>LDAPExpand <$1 < @ $2 . >> <$1 @ $2> <> 101940266059SGregory Neil ShapiroR$+ < @ $={LDAPRouteEquiv} . > $: $>LDAPExpand <$1 < @ $2 . >> <$1 @ $M> <>', 1020c2aa98e2SPeter Wemm`dnl') 1021c2aa98e2SPeter Wemm 102206f25ae9SGregory Neil Shapiroifdef(`_MAILER_smtp_', 102306f25ae9SGregory Neil Shapiro`# handle numeric address spec 102406f25ae9SGregory Neil Shapirodnl there is no check whether this is really an IP number 102506f25ae9SGregory Neil ShapiroR$* < @ [ $+ ] > $* $: $>ParseLocal $1 < @ [ $2 ] > $3 numeric internet spec 10265ef517c0SGregory Neil ShapiroR$* < @ [ $+ ] > $* $: $1 < @ [ $2 ] : $S > $3 Add smart host to path 102706f25ae9SGregory Neil ShapiroR$* < @ [ $+ ] : > $* $#_SMTP_ $@ [$2] $: $1 < @ [$2] > $3 no smarthost: send 102806f25ae9SGregory Neil ShapiroR$* < @ [ $+ ] : $- : $*> $* $#$3 $@ $4 $: $1 < @ [$2] > $5 smarthost with mailer 102906f25ae9SGregory Neil ShapiroR$* < @ [ $+ ] : $+ > $* $#_SMTP_ $@ $3 $: $1 < @ [$2] > $4 smarthost without mailer', 103006f25ae9SGregory Neil Shapiro `dnl') 103106f25ae9SGregory Neil Shapiro 103206f25ae9SGregory Neil Shapiroifdef(`_VIRTUSER_TABLE_', `dnl 1033c2aa98e2SPeter Wemm# handle virtual users 103440266059SGregory Neil Shapiroifdef(`_VIRTUSER_STOP_ONE_LEVEL_RECURSION_',`dnl 103540266059SGregory Neil Shapirodnl this is not a documented option 103640266059SGregory Neil Shapirodnl it stops looping in virtusertable mapping if input and output 103740266059SGregory Neil Shapirodnl are identical, i.e., if address A is mapped to A. 103840266059SGregory Neil Shapirodnl it does not deal with multi-level recursion 103940266059SGregory Neil Shapiro# handle full domains in RHS of virtusertable 104040266059SGregory Neil ShapiroR$+ < @ $+ > $: $(macro {RecipientAddress} $) $1 < @ $2 > 104140266059SGregory Neil ShapiroR$+ < @ $+ > $: <?> $1 < @ $2 > $| $>final $1 < @ $2 > 104240266059SGregory Neil ShapiroR<?> $+ $| $+ $: $1 $(macro {RecipientAddress} $@ $2 $) 104340266059SGregory Neil ShapiroR<?> $+ $| $* $: $1', 104440266059SGregory Neil Shapiro`dnl') 104506f25ae9SGregory Neil ShapiroR$+ $: <!> $1 Mark for lookup 104640266059SGregory Neil Shapirodnl input: <!> local<@domain> 104706f25ae9SGregory Neil Shapiroifdef(`_VIRTUSER_ENTIRE_DOMAIN_', 104806f25ae9SGregory Neil Shapiro`R<!> $+ < @ $* $={VirtHost} . > $: < $(virtuser $1 @ $2 $3 $@ $1 $: @ $) > $1 < @ $2 $3 . >', 104906f25ae9SGregory Neil Shapiro`R<!> $+ < @ $={VirtHost} . > $: < $(virtuser $1 @ $2 $@ $1 $: @ $) > $1 < @ $2 . >') 105040266059SGregory Neil Shapirodnl input: <result-of-lookup | @> local<@domain> | <!> local<@domain> 105106f25ae9SGregory Neil ShapiroR<!> $+ < @ $=w . > $: < $(virtuser $1 @ $2 $@ $1 $: @ $) > $1 < @ $2 . > 105240266059SGregory Neil Shapirodnl if <@> local<@domain>: no match but try lookup 105340266059SGregory Neil Shapirodnl user+detail: try user++@domain if detail not empty 105440266059SGregory Neil ShapiroR<@> $+ + $+ < @ $* . > 105540266059SGregory Neil Shapiro $: < $(virtuser $1 + + @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . > 105640266059SGregory Neil Shapirodnl user+detail: try user+*@domain 1057c2aa98e2SPeter WemmR<@> $+ + $* < @ $* . > 105840266059SGregory Neil Shapiro $: < $(virtuser $1 + * @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . > 105940266059SGregory Neil Shapirodnl user+detail: try user@domain 1060c2aa98e2SPeter WemmR<@> $+ + $* < @ $* . > 106140266059SGregory Neil Shapiro $: < $(virtuser $1 @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . > 106206f25ae9SGregory Neil Shapirodnl try default entry: @domain 106340266059SGregory Neil Shapirodnl ++@domain 106440266059SGregory Neil ShapiroR<@> $+ + $+ < @ $+ . > $: < $(virtuser + + @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . > 106506f25ae9SGregory Neil Shapirodnl +*@domain 106640266059SGregory Neil ShapiroR<@> $+ + $* < @ $+ . > $: < $(virtuser + * @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . > 106706f25ae9SGregory Neil Shapirodnl @domain if +detail exists 106894c01205SGregory Neil Shapirodnl if no match, change marker to prevent a second @domain lookup 106994c01205SGregory Neil ShapiroR<@> $+ + $* < @ $+ . > $: < $(virtuser @ $3 $@ $1 $@ $2 $@ +$2 $: ! $) > $1 + $2 < @ $3 . > 107094c01205SGregory Neil Shapirodnl without +detail 1071c2aa98e2SPeter WemmR<@> $+ < @ $+ . > $: < $(virtuser @ $2 $@ $1 $: @ $) > $1 < @ $2 . > 107240266059SGregory Neil Shapirodnl no match 1073c2aa98e2SPeter WemmR<@> $+ $: $1 107440266059SGregory Neil Shapirodnl remove mark 107506f25ae9SGregory Neil ShapiroR<!> $+ $: $1 107606f25ae9SGregory Neil ShapiroR< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4 1077c2aa98e2SPeter WemmR< error : $- $+ > $* $#error $@ $(dequote $1 $) $: $2 107840266059SGregory Neil Shapiroifdef(`_VIRTUSER_STOP_ONE_LEVEL_RECURSION_',`dnl 107940266059SGregory Neil Shapiro# check virtuser input address against output address, if same, skip recursion 108040266059SGregory Neil ShapiroR< $+ > $+ < @ $+ > $: < $1 > $2 < @ $3 > $| $1 108140266059SGregory Neil Shapiro# it is the same: stop now 108240266059SGregory Neil ShapiroR< $+ > $+ < @ $+ > $| $&{RecipientAddress} $: $>ParseLocal $>Parse0 $>canonify $1 108340266059SGregory Neil ShapiroR< $+ > $+ < @ $+ > $| $* $: < $1 > $2 < @ $3 > 108440266059SGregory Neil Shapirodnl', `dnl') 108513058a91SGregory Neil Shapirodnl this is not a documented option 108613058a91SGregory Neil Shapirodnl it performs no looping at all for virtusertable 10878774250cSGregory Neil Shapiroifdef(`_NO_VIRTUSER_RECURSION_', 10888774250cSGregory Neil Shapiro`R< $+ > $+ < @ $+ > $: $>ParseLocal $>Parse0 $>canonify $1', 10898774250cSGregory Neil Shapiro`R< $+ > $+ < @ $+ > $: $>Recurse $1') 10908774250cSGregory Neil Shapirodnl', `dnl') 1091c2aa98e2SPeter Wemm 1092c2aa98e2SPeter Wemm# short circuit local delivery so forwarded email works 1093c2aa98e2SPeter Wemmifdef(`_MAILER_usenet_', `dnl 109406f25ae9SGregory Neil ShapiroR$+ . USENET < @ $=w . > $#usenet $@ usenet $: $1 handle usenet specially', `dnl') 109542e5d165SGregory Neil Shapiro 109642e5d165SGregory Neil Shapiro 1097c2aa98e2SPeter Wemmifdef(`_STICKY_LOCAL_DOMAIN_', 1098c2aa98e2SPeter Wemm`R$+ < @ $=w . > $: < $H > $1 < @ $2 . > first try hub 109906f25ae9SGregory Neil ShapiroR< $+ > $+ < $+ > $>MailerToTriple < $1 > $2 < $3 > yep .... 110006f25ae9SGregory Neil Shapirodnl $H empty (but @$=w.) 1101c2aa98e2SPeter WemmR< > $+ + $* < $+ > $#_LOCAL_ $: $1 + $2 plussed name? 1102c2aa98e2SPeter WemmR< > $+ < $+ > $#_LOCAL_ $: @ $1 nope, local address', 1103c2aa98e2SPeter Wemm`R$=L < @ $=w . > $#_LOCAL_ $: @ $1 special local names 1104c2aa98e2SPeter WemmR$+ < @ $=w . > $#_LOCAL_ $: $1 regular local name') 1105c2aa98e2SPeter Wemm 110606f25ae9SGregory Neil Shapiroifdef(`_MAILER_TABLE_', `dnl 1107c2aa98e2SPeter Wemm# not local -- try mailer table lookup 1108c2aa98e2SPeter WemmR$* <@ $+ > $* $: < $2 > $1 < @ $2 > $3 extract host name 1109c2aa98e2SPeter WemmR< $+ . > $* $: < $1 > $2 strip trailing dot 1110c2aa98e2SPeter WemmR< $+ > $* $: < $(mailertable $1 $) > $2 lookup 111106f25ae9SGregory Neil Shapirodnl it is $~[ instead of $- to avoid matches on IPv6 addresses 111206f25ae9SGregory Neil ShapiroR< $~[ : $* > $* $>MailerToTriple < $1 : $2 > $3 check -- resolved? 111306f25ae9SGregory Neil ShapiroR< $+ > $* $: $>Mailertable <$1> $2 try domain', 1114c2aa98e2SPeter Wemm`dnl') 111506f25ae9SGregory Neil Shapiroundivert(4)dnl UUCP rules from `MAILER(uucp)' 1116c2aa98e2SPeter Wemm 1117c2aa98e2SPeter Wemmifdef(`_NO_UUCP_', `dnl', 1118c2aa98e2SPeter Wemm`# resolve remotely connected UUCP links (if any) 1119c2aa98e2SPeter Wemmifdef(`_CLASS_V_', 112006f25ae9SGregory Neil Shapiro`R$* < @ $=V . UUCP . > $* $: $>MailerToTriple < $V > $1 <@$2.UUCP.> $3', 1121c2aa98e2SPeter Wemm `dnl') 1122c2aa98e2SPeter Wemmifdef(`_CLASS_W_', 112306f25ae9SGregory Neil Shapiro`R$* < @ $=W . UUCP . > $* $: $>MailerToTriple < $W > $1 <@$2.UUCP.> $3', 1124c2aa98e2SPeter Wemm `dnl') 1125c2aa98e2SPeter Wemmifdef(`_CLASS_X_', 112606f25ae9SGregory Neil Shapiro`R$* < @ $=X . UUCP . > $* $: $>MailerToTriple < $X > $1 <@$2.UUCP.> $3', 1127c2aa98e2SPeter Wemm `dnl')') 1128c2aa98e2SPeter Wemm 1129c2aa98e2SPeter Wemm# resolve fake top level domains by forwarding to other hosts 1130c2aa98e2SPeter Wemmifdef(`BITNET_RELAY', 113106f25ae9SGregory Neil Shapiro`R$*<@$+.BITNET.>$* $: $>MailerToTriple < $B > $1 <@$2.BITNET.> $3 user@host.BITNET', 1132c2aa98e2SPeter Wemm `dnl') 1133c2aa98e2SPeter Wemmifdef(`DECNET_RELAY', 113406f25ae9SGregory Neil Shapiro`R$*<@$+.DECNET.>$* $: $>MailerToTriple < $C > $1 <@$2.DECNET.> $3 user@host.DECNET', 1135c2aa98e2SPeter Wemm `dnl') 1136c2aa98e2SPeter Wemmifdef(`_MAILER_pop_', 1137c2aa98e2SPeter Wemm`R$+ < @ POP. > $#pop $: $1 user@POP', 1138c2aa98e2SPeter Wemm `dnl') 1139c2aa98e2SPeter Wemmifdef(`_MAILER_fax_', 1140c2aa98e2SPeter Wemm`R$+ < @ $+ .FAX. > $#fax $@ $2 $: $1 user@host.FAX', 1141c2aa98e2SPeter Wemm`ifdef(`FAX_RELAY', 114206f25ae9SGregory Neil Shapiro`R$*<@$+.FAX.>$* $: $>MailerToTriple < $F > $1 <@$2.FAX.> $3 user@host.FAX', 1143c2aa98e2SPeter Wemm `dnl')') 1144c2aa98e2SPeter Wemm 1145c2aa98e2SPeter Wemmifdef(`UUCP_RELAY', 1146c2aa98e2SPeter Wemm`# forward non-local UUCP traffic to our UUCP relay 114706f25ae9SGregory Neil ShapiroR$*<@$*.UUCP.>$* $: $>MailerToTriple < $Y > $1 <@$2.UUCP.> $3 uucp mail', 1148c2aa98e2SPeter Wemm`ifdef(`_MAILER_uucp_', 1149c2aa98e2SPeter Wemm`# forward other UUCP traffic straight to UUCP 1150c2aa98e2SPeter WemmR$* < @ $+ .UUCP. > $* $#_UUCP_ $@ $2 $: $1 < @ $2 .UUCP. > $3 user@host.UUCP', 1151c2aa98e2SPeter Wemm `dnl')') 1152c2aa98e2SPeter Wemmifdef(`_MAILER_usenet_', ` 1153c2aa98e2SPeter Wemm# addresses sent to net.group.USENET will get forwarded to a newsgroup 115406f25ae9SGregory Neil ShapiroR$+ . USENET $#usenet $@ usenet $: $1', 1155c2aa98e2SPeter Wemm `dnl') 1156c2aa98e2SPeter Wemm 1157c2aa98e2SPeter Wemmifdef(`_LOCAL_RULES_', 1158c2aa98e2SPeter Wemm`# figure out what should stay in our local mail system 1159c2aa98e2SPeter Wemmundivert(1)', `dnl') 1160c2aa98e2SPeter Wemm 1161c2aa98e2SPeter Wemm# pass names that still have a host to a smarthost (if defined) 116206f25ae9SGregory Neil ShapiroR$* < @ $* > $* $: $>MailerToTriple < $S > $1 < @ $2 > $3 glue on smarthost name 1163c2aa98e2SPeter Wemm 1164c2aa98e2SPeter Wemm# deal with other remote names 1165c2aa98e2SPeter Wemmifdef(`_MAILER_smtp_', 1166c2aa98e2SPeter Wemm`R$* < @$* > $* $#_SMTP_ $@ $2 $: $1 < @ $2 > $3 user@host.domain', 116740266059SGregory Neil Shapiro`R$* < @$* > $* $#error $@ 5.1.2 $: "_CODE553 Unrecognized host name " $2') 1168c2aa98e2SPeter Wemm 1169c2aa98e2SPeter Wemm# handle locally delivered names 1170c2aa98e2SPeter WemmR$=L $#_LOCAL_ $: @ $1 special local names 1171c2aa98e2SPeter WemmR$+ $#_LOCAL_ $: $1 regular local names 1172c2aa98e2SPeter Wemm 1173c2aa98e2SPeter Wemm########################################################################### 1174c2aa98e2SPeter Wemm### Ruleset 5 -- special rewriting after aliases have been expanded ### 1175c2aa98e2SPeter Wemm########################################################################### 1176c2aa98e2SPeter Wemm 117706f25ae9SGregory Neil ShapiroSLocal_localaddr 117806f25ae9SGregory Neil ShapiroSlocaladdr=5 117906f25ae9SGregory Neil ShapiroR$+ $: $1 $| $>"Local_localaddr" $1 118040266059SGregory Neil ShapiroR$+ $| $#ok $@ $1 no change 118106f25ae9SGregory Neil ShapiroR$+ $| $#$* $#$2 118206f25ae9SGregory Neil ShapiroR$+ $| $* $: $1 1183c2aa98e2SPeter Wemm 118440266059SGregory Neil Shapiroifdef(`_PRESERVE_LUSER_HOST_', `dnl 118540266059SGregory Neil Shapiro# Preserve rcpt_host in {Host} 118640266059SGregory Neil ShapiroR$+ $: $1 $| $&h $| $&{Host} check h and {Host} 118740266059SGregory Neil ShapiroR$+ $| $| $: $(macro {Host} $@ $) $1 no h or {Host} 118840266059SGregory Neil ShapiroR$+ $| $| $+ $: $1 h not set, {Host} set 118940266059SGregory Neil ShapiroR$+ $| +$* $| $* $: $1 h is +detail, {Host} set 11906a2f2ff3SGregory Neil ShapiroR$+ $| $* @ $+ $| $* $: $(macro {Host} $@ @$3 $) $1 set {Host} to host in h 119140266059SGregory Neil ShapiroR$+ $| $+ $| $* $: $(macro {Host} $@ @$2 $) $1 set {Host} to h 119240266059SGregory Neil Shapiro')dnl 119340266059SGregory Neil Shapiro 119440266059SGregory Neil Shapiroifdef(`_FFR_5_', `dnl 119542e5d165SGregory Neil Shapiro# Preserve host in a macro 119642e5d165SGregory Neil ShapiroR$+ $: $(macro {LocalAddrHost} $) $1 119742e5d165SGregory Neil ShapiroR$+ @ $+ $: $(macro {LocalAddrHost} $@ @ $2 $) $1') 1198c2aa98e2SPeter Wemm 119940266059SGregory Neil Shapiroifdef(`_PRESERVE_LOCAL_PLUS_DETAIL_', `', `dnl 120042e5d165SGregory Neil Shapiro# deal with plussed users so aliases work nicely 120142e5d165SGregory Neil ShapiroR$+ + * $#_LOCAL_ $@ $&h $: $1`'ifdef(`_FFR_5_', ` $&{LocalAddrHost}') 120242e5d165SGregory Neil ShapiroR$+ + $* $#_LOCAL_ $@ + $2 $: $1 + *`'ifdef(`_FFR_5_', ` $&{LocalAddrHost}') 120342e5d165SGregory Neil Shapiro') 1204c2aa98e2SPeter Wemm# prepend an empty "forward host" on the front 1205c2aa98e2SPeter WemmR$+ $: <> $1 1206c2aa98e2SPeter Wemm 1207c2aa98e2SPeter Wemmifdef(`LUSER_RELAY', `dnl 1208c2aa98e2SPeter Wemm# send unrecognized local users to a relay host 120940266059SGregory Neil Shapiroifdef(`_PRESERVE_LOCAL_PLUS_DETAIL_', `dnl 121042e5d165SGregory Neil ShapiroR< > $+ + $* $: < ? $L > <+ $2> $(user $1 $) look up user+ 121142e5d165SGregory Neil ShapiroR< > $+ $: < ? $L > < > $(user $1 $) look up user 121242e5d165SGregory Neil ShapiroR< ? $* > < $* > $+ <> $: < > $3 $2 found; strip $L 121342e5d165SGregory Neil ShapiroR< ? $* > < $* > $+ $: < $1 > $3 $2 not found', ` 121406f25ae9SGregory Neil ShapiroR< > $+ $: < $L > $(user $1 $) look up user 121540266059SGregory Neil ShapiroR< $* > $+ <> $: < > $2 found; strip $L') 121640266059SGregory Neil Shapiroifdef(`_PRESERVE_LUSER_HOST_', `dnl 121740266059SGregory Neil ShapiroR< $+ > $+ $: < $1 > $2 $&{Host}') 121840266059SGregory Neil Shapirodnl') 1219c2aa98e2SPeter Wemm 122040266059SGregory Neil Shapiroifdef(`MAIL_HUB', `dnl 122140266059SGregory Neil ShapiroR< > $+ $: < $H > $1 try hub', `dnl') 122240266059SGregory Neil Shapiroifdef(`LOCAL_RELAY', `dnl 122340266059SGregory Neil ShapiroR< > $+ $: < $R > $1 try relay', `dnl') 122440266059SGregory Neil Shapiroifdef(`_PRESERVE_LOCAL_PLUS_DETAIL_', `dnl 122540266059SGregory Neil ShapiroR< > $+ $@ $1', `dnl 122606f25ae9SGregory Neil ShapiroR< > $+ $: < > < $1 <> $&h > nope, restore +detail 122740266059SGregory Neil Shapiroifdef(`_PRESERVE_LUSER_HOST_', `dnl 122840266059SGregory Neil ShapiroR< > < $+ @ $+ <> + $* > $: < > < $1 + $3 @ $2 > check whether +detail') 122906f25ae9SGregory Neil ShapiroR< > < $+ <> + $* > $: < > < $1 + $2 > check whether +detail 123006f25ae9SGregory Neil ShapiroR< > < $+ <> $* > $: < > < $1 > else discard 1231c2aa98e2SPeter WemmR< > < $+ + $* > $* < > < $1 > + $2 $3 find the user part 123242e5d165SGregory Neil ShapiroR< > < $+ > + $* $#_LOCAL_ $@ $2 $: @ $1`'ifdef(`_FFR_5_', ` $&{LocalAddrHost}') strip the extra + 1233c2aa98e2SPeter WemmR< > < $+ > $@ $1 no +detail 12342e43090eSPeter WemmR$+ $: $1 <> $&h add +detail back in 123540266059SGregory Neil Shapiroifdef(`_PRESERVE_LUSER_HOST_', `dnl 123640266059SGregory Neil ShapiroR$+ @ $+ <> + $* $: $1 + $3 @ $2 check whether +detail') 12372e43090eSPeter WemmR$+ <> + $* $: $1 + $2 check whether +detail 123842e5d165SGregory Neil ShapiroR$+ <> $* $: $1 else discard') 123906f25ae9SGregory Neil ShapiroR< local : $* > $* $: $>MailerToTriple < local : $1 > $2 no host extension 124006f25ae9SGregory Neil ShapiroR< error : $* > $* $: $>MailerToTriple < error : $1 > $2 no host extension 124140266059SGregory Neil Shapiroifdef(`_PRESERVE_LUSER_HOST_', `dnl 124240266059SGregory Neil Shapirodnl it is $~[ instead of $- to avoid matches on IPv6 addresses 124340266059SGregory Neil ShapiroR< $~[ : $+ > $+ @ $+ $: $>MailerToTriple < $1 : $2 > $3 < @ $4 >') 124440266059SGregory Neil ShapiroR< $~[ : $+ > $+ $: $>MailerToTriple < $1 : $2 > $3 < @ $2 > 124540266059SGregory Neil Shapiroifdef(`_PRESERVE_LUSER_HOST_', `dnl 124640266059SGregory Neil ShapiroR< $+ > $+ @ $+ $@ $>MailerToTriple < $1 > $2 < @ $3 >') 124706f25ae9SGregory Neil ShapiroR< $+ > $+ $@ $>MailerToTriple < $1 > $2 < @ $1 > 1248c2aa98e2SPeter Wemm 124906f25ae9SGregory Neil Shapiroifdef(`_MAILER_TABLE_', `dnl 125040266059SGregory Neil Shapiroifdef(`_LDAP_ROUTING_', `dnl 125140266059SGregory Neil Shapiro################################################################### 125240266059SGregory Neil Shapiro### Ruleset LDAPMailertable -- mailertable lookup for LDAP ### 125340266059SGregory Neil Shapirodnl input: <Domain> FullAddress 125440266059SGregory Neil Shapiro################################################################### 125540266059SGregory Neil Shapiro 125640266059SGregory Neil ShapiroSLDAPMailertable 125740266059SGregory Neil ShapiroR< $+ > $* $: < $(mailertable $1 $) > $2 lookup 125840266059SGregory Neil ShapiroR< $~[ : $* > $* $>MailerToTriple < $1 : $2 > $3 check resolved? 125940266059SGregory Neil ShapiroR< $+ > $* $: < $1 > $>Mailertable <$1> $2 try domain 126040266059SGregory Neil ShapiroR< $+ > $#$* $#$2 found 126140266059SGregory Neil ShapiroR< $+ > $* $#_RELAY_ $@ $1 $: $2 not found, direct relay', 126240266059SGregory Neil Shapiro`dnl') 126340266059SGregory Neil Shapiro 1264c2aa98e2SPeter Wemm################################################################### 1265c2aa98e2SPeter Wemm### Ruleset 90 -- try domain part of mailertable entry ### 126606f25ae9SGregory Neil Shapirodnl input: LeftPartOfDomain <RightPartOfDomain> FullAddress 1267c2aa98e2SPeter Wemm################################################################### 1268c2aa98e2SPeter Wemm 126906f25ae9SGregory Neil ShapiroSMailertable=90 127006f25ae9SGregory Neil Shapirodnl shift and check 127106f25ae9SGregory Neil Shapirodnl %2 is not documented in cf/README 1272c2aa98e2SPeter WemmR$* <$- . $+ > $* $: $1$2 < $(mailertable .$3 $@ $1$2 $@ $2 $) > $4 127306f25ae9SGregory Neil Shapirodnl it is $~[ instead of $- to avoid matches on IPv6 addresses 127406f25ae9SGregory Neil ShapiroR$* <$~[ : $* > $* $>MailerToTriple < $2 : $3 > $4 check -- resolved? 127506f25ae9SGregory Neil ShapiroR$* < . $+ > $* $@ $>Mailertable $1 . <$2> $3 no -- strip & try again 127606f25ae9SGregory Neil Shapirodnl is $2 always empty? 1277c2aa98e2SPeter WemmR$* < $* > $* $: < $(mailertable . $@ $1$2 $) > $3 try "." 127806f25ae9SGregory Neil ShapiroR< $~[ : $* > $* $>MailerToTriple < $1 : $2 > $3 "." found? 127906f25ae9SGregory Neil Shapirodnl return full address 1280c2aa98e2SPeter WemmR< $* > $* $@ $2 no mailertable match', 1281c2aa98e2SPeter Wemm`dnl') 1282c2aa98e2SPeter Wemm 1283c2aa98e2SPeter Wemm################################################################### 1284c2aa98e2SPeter Wemm### Ruleset 95 -- canonify mailer:[user@]host syntax to triple ### 128506f25ae9SGregory Neil Shapirodnl input: in general: <[mailer:]host> lp<@domain>rest 128606f25ae9SGregory Neil Shapirodnl <> address -> address 128706f25ae9SGregory Neil Shapirodnl <error:d.s.n:text> -> error 1288a7ec597cSGregory Neil Shapirodnl <error:keyword:text> -> error 128906f25ae9SGregory Neil Shapirodnl <error:text> -> error 129006f25ae9SGregory Neil Shapirodnl <mailer:user@host> lp<@domain>rest -> mailer host user 129106f25ae9SGregory Neil Shapirodnl <mailer:host> address -> mailer host address 129206f25ae9SGregory Neil Shapirodnl <localdomain> address -> address 129306f25ae9SGregory Neil Shapirodnl <host> address -> relay host address 1294c2aa98e2SPeter Wemm################################################################### 1295c2aa98e2SPeter Wemm 129606f25ae9SGregory Neil ShapiroSMailerToTriple=95 1297c2aa98e2SPeter WemmR< > $* $@ $1 strip off null relay 129806f25ae9SGregory Neil ShapiroR< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4 1299a7ec597cSGregory Neil ShapiroR< error : $- : $+ > $* $#error $@ $(dequote $1 $) $: $2 1300a7ec597cSGregory Neil ShapiroR< error : $+ > $* $#error $: $1 1301c2aa98e2SPeter WemmR< local : $* > $* $>CanonLocal < $1 > $2 130240266059SGregory Neil Shapirodnl it is $~[ instead of $- to avoid matches on IPv6 addresses 130340266059SGregory Neil ShapiroR< $~[ : $+ @ $+ > $*<$*>$* $# $1 $@ $3 $: $2<@$3> use literal user 130440266059SGregory Neil ShapiroR< $~[ : $+ > $* $# $1 $@ $2 $: $3 try qualified mailer 1305c2aa98e2SPeter WemmR< $=w > $* $@ $2 delete local host 1306c2aa98e2SPeter WemmR< $+ > $* $#_RELAY_ $@ $1 $: $2 use unqualified mailer 1307c2aa98e2SPeter Wemm 1308c2aa98e2SPeter Wemm################################################################### 1309c2aa98e2SPeter Wemm### Ruleset CanonLocal -- canonify local: syntax ### 131006f25ae9SGregory Neil Shapirodnl input: <user> address 131106f25ae9SGregory Neil Shapirodnl <x> <@host> : rest -> Recurse rest 131206f25ae9SGregory Neil Shapirodnl <x> p1 $=O p2 <@host> -> Recurse p1 $=O p2 131306f25ae9SGregory Neil Shapirodnl <> user <@host> rest -> local user@host user 131406f25ae9SGregory Neil Shapirodnl <> user -> local user user 131506f25ae9SGregory Neil Shapirodnl <user@host> lp <@domain> rest -> <user> lp <@host> [cont] 131606f25ae9SGregory Neil Shapirodnl <user> lp <@host> rest -> local lp@host user 131706f25ae9SGregory Neil Shapirodnl <user> lp -> local lp user 1318c2aa98e2SPeter Wemm################################################################### 1319c2aa98e2SPeter Wemm 1320c2aa98e2SPeter WemmSCanonLocal 13212e43090eSPeter Wemm# strip local host from routed addresses 132206f25ae9SGregory Neil ShapiroR< $* > < @ $+ > : $+ $@ $>Recurse $3 132306f25ae9SGregory Neil ShapiroR< $* > $+ $=O $+ < @ $+ > $@ $>Recurse $2 $3 $4 13242e43090eSPeter Wemm 1325c2aa98e2SPeter Wemm# strip trailing dot from any host name that may appear 1326c2aa98e2SPeter WemmR< $* > $* < @ $* . > $: < $1 > $2 < @ $3 > 1327c2aa98e2SPeter Wemm 1328c2aa98e2SPeter Wemm# handle local: syntax -- use old user, either with or without host 1329c2aa98e2SPeter WemmR< > $* < @ $* > $* $#_LOCAL_ $@ $1@$2 $: $1 1330c2aa98e2SPeter WemmR< > $+ $#_LOCAL_ $@ $1 $: $1 1331c2aa98e2SPeter Wemm 1332c2aa98e2SPeter Wemm# handle local:user@host syntax -- ignore host part 1333c2aa98e2SPeter WemmR< $+ @ $+ > $* < @ $* > $: < $1 > $3 < @ $4 > 1334c2aa98e2SPeter Wemm 1335c2aa98e2SPeter Wemm# handle local:user syntax 1336c2aa98e2SPeter WemmR< $+ > $* <@ $* > $* $#_LOCAL_ $@ $2@$3 $: $1 1337c2aa98e2SPeter WemmR< $+ > $* $#_LOCAL_ $@ $2 $: $1 1338c2aa98e2SPeter Wemm 1339c2aa98e2SPeter Wemm################################################################### 1340c2aa98e2SPeter Wemm### Ruleset 93 -- convert header names to masqueraded form ### 1341c2aa98e2SPeter Wemm################################################################### 1342c2aa98e2SPeter Wemm 134306f25ae9SGregory Neil ShapiroSMasqHdr=93 1344c2aa98e2SPeter Wemm 134506f25ae9SGregory Neil Shapiroifdef(`_GENERICS_TABLE_', `dnl 1346c2aa98e2SPeter Wemm# handle generics database 1347c2aa98e2SPeter Wemmifdef(`_GENERICS_ENTIRE_DOMAIN_', 134806f25ae9SGregory Neil Shapirodnl if generics should be applied add a @ as mark 1349c2aa98e2SPeter Wemm`R$+ < @ $* $=G . > $: < $1@$2$3 > $1 < @ $2$3 . > @ mark', 1350c2aa98e2SPeter Wemm`R$+ < @ $=G . > $: < $1@$2 > $1 < @ $2 . > @ mark') 1351c2aa98e2SPeter WemmR$+ < @ *LOCAL* > $: < $1@$j > $1 < @ *LOCAL* > @ mark 135206f25ae9SGregory Neil Shapirodnl workspace: either user<@domain> or <user@domain> user <@domain> @ 135306f25ae9SGregory Neil Shapirodnl ignore the first case for now 135406f25ae9SGregory Neil Shapirodnl if it has the mark lookup full address 135540266059SGregory Neil Shapirodnl broken: %1 is full address not just detail 135606f25ae9SGregory Neil ShapiroR< $+ > $+ < $* > @ $: < $(generics $1 $: @ $1 $) > $2 < $3 > 135706f25ae9SGregory Neil Shapirodnl workspace: ... or <match|@user@domain> user <@domain> 135806f25ae9SGregory Neil Shapirodnl no match, try user+detail@domain 135906f25ae9SGregory Neil ShapiroR<@$+ + $* @ $+> $+ < @ $+ > 136006f25ae9SGregory Neil Shapiro $: < $(generics $1+*@$3 $@ $2 $:@$1 + $2@$3 $) > $4 < @ $5 > 136106f25ae9SGregory Neil ShapiroR<@$+ + $* @ $+> $+ < @ $+ > 136206f25ae9SGregory Neil Shapiro $: < $(generics $1@$3 $: $) > $4 < @ $5 > 136306f25ae9SGregory Neil Shapirodnl no match, remove mark 136406f25ae9SGregory Neil ShapiroR<@$+ > $+ < @ $+ > $: < > $2 < @ $3 > 136506f25ae9SGregory Neil Shapirodnl no match, try @domain for exceptions 136606f25ae9SGregory Neil ShapiroR< > $+ < @ $+ . > $: < $(generics @$2 $@ $1 $: $) > $1 < @ $2 . > 136706f25ae9SGregory Neil Shapirodnl workspace: ... or <match> user <@domain> 136806f25ae9SGregory Neil Shapirodnl no match, try local part 1369c2aa98e2SPeter WemmR< > $+ < @ $+ > $: < $(generics $1 $: $) > $1 < @ $2 > 137006f25ae9SGregory Neil ShapiroR< > $+ + $* < @ $+ > $: < $(generics $1+* $@ $2 $: $) > $1 + $2 < @ $3 > 137106f25ae9SGregory Neil ShapiroR< > $+ + $* < @ $+ > $: < $(generics $1 $: $) > $1 + $2 < @ $3 > 137206f25ae9SGregory Neil ShapiroR< $* @ $* > $* < $* > $@ $>canonify $1 @ $2 found qualified 137306f25ae9SGregory Neil ShapiroR< $+ > $* < $* > $: $>canonify $1 @ *LOCAL* found unqualified 1374c2aa98e2SPeter WemmR< > $* $: $1 not found', 1375c2aa98e2SPeter Wemm`dnl') 1376c2aa98e2SPeter Wemm 137706f25ae9SGregory Neil Shapiro# do not masquerade anything in class N 137806f25ae9SGregory Neil ShapiroR$* < @ $* $=N . > $@ $1 < @ $2 $3 . > 137906f25ae9SGregory Neil Shapiro 138040266059SGregory Neil Shapiroifdef(`MASQUERADE_NAME', `dnl 1381c2aa98e2SPeter Wemm# special case the users that should be exposed 1382c2aa98e2SPeter WemmR$=E < @ *LOCAL* > $@ $1 < @ $j . > leave exposed 1383c2aa98e2SPeter Wemmifdef(`_MASQUERADE_ENTIRE_DOMAIN_', 1384c2aa98e2SPeter Wemm`R$=E < @ $* $=M . > $@ $1 < @ $2 $3 . >', 1385c2aa98e2SPeter Wemm`R$=E < @ $=M . > $@ $1 < @ $2 . >') 1386c2aa98e2SPeter Wemmifdef(`_LIMITED_MASQUERADE_', `dnl', 1387c2aa98e2SPeter Wemm`R$=E < @ $=w . > $@ $1 < @ $2 . >') 1388c2aa98e2SPeter Wemm 1389c2aa98e2SPeter Wemm# handle domain-specific masquerading 1390c2aa98e2SPeter Wemmifdef(`_MASQUERADE_ENTIRE_DOMAIN_', 1391c2aa98e2SPeter Wemm`R$* < @ $* $=M . > $* $: $1 < @ $2 $3 . @ $M > $4 convert masqueraded doms', 1392c2aa98e2SPeter Wemm`R$* < @ $=M . > $* $: $1 < @ $2 . @ $M > $3 convert masqueraded doms') 1393c2aa98e2SPeter Wemmifdef(`_LIMITED_MASQUERADE_', `dnl', 1394c2aa98e2SPeter Wemm`R$* < @ $=w . > $* $: $1 < @ $2 . @ $M > $3') 1395c2aa98e2SPeter WemmR$* < @ *LOCAL* > $* $: $1 < @ $j . @ $M > $2 1396c2aa98e2SPeter WemmR$* < @ $+ @ > $* $: $1 < @ $2 > $3 $M is null 1397c2aa98e2SPeter WemmR$* < @ $+ @ $+ > $* $: $1 < @ $3 . > $4 $M is not null 139840266059SGregory Neil Shapirodnl', `dnl no masquerading 139940266059SGregory Neil Shapirodnl just fix *LOCAL* leftovers 140040266059SGregory Neil ShapiroR$* < @ *LOCAL* > $@ $1 < @ $j . >') 1401c2aa98e2SPeter Wemm 1402c2aa98e2SPeter Wemm################################################################### 1403c2aa98e2SPeter Wemm### Ruleset 94 -- convert envelope names to masqueraded form ### 1404c2aa98e2SPeter Wemm################################################################### 1405c2aa98e2SPeter Wemm 140606f25ae9SGregory Neil ShapiroSMasqEnv=94 1407c2aa98e2SPeter Wemmifdef(`_MASQUERADE_ENVELOPE_', 140806f25ae9SGregory Neil Shapiro`R$+ $@ $>MasqHdr $1', 1409c2aa98e2SPeter Wemm`R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2') 1410c2aa98e2SPeter Wemm 1411c2aa98e2SPeter Wemm################################################################### 1412c2aa98e2SPeter Wemm### Ruleset 98 -- local part of ruleset zero (can be null) ### 1413c2aa98e2SPeter Wemm################################################################### 1414c2aa98e2SPeter Wemm 141506f25ae9SGregory Neil ShapiroSParseLocal=98 141606f25ae9SGregory Neil Shapiroundivert(3)dnl LOCAL_RULE_0 1417c2aa98e2SPeter Wemm 141806f25ae9SGregory Neil Shapiroifdef(`_LDAP_ROUTING_', `dnl 141940266059SGregory Neil Shapiro###################################################################### 142040266059SGregory Neil Shapiro### LDAPExpand: Expand address using LDAP routing 142140266059SGregory Neil Shapiro### 142240266059SGregory Neil Shapiro### Parameters: 142340266059SGregory Neil Shapiro### <$1> -- parsed address (user < @ domain . >) (pass through) 142440266059SGregory Neil Shapiro### <$2> -- RFC822 address (user @ domain) (used for lookup) 142540266059SGregory Neil Shapiro### <$3> -- +detail information 142640266059SGregory Neil Shapiro### 142740266059SGregory Neil Shapiro### Returns: 142840266059SGregory Neil Shapiro### Mailer triplet ($#mailer $@ host $: address) 142940266059SGregory Neil Shapiro### Parsed address (user < @ domain . >) 143040266059SGregory Neil Shapiro###################################################################### 143140266059SGregory Neil Shapiro 143206f25ae9SGregory Neil ShapiroSLDAPExpand 143306f25ae9SGregory Neil Shapiro# do the LDAP lookups 143440266059SGregory Neil ShapiroR<$+><$+><$*> $: <$(ldapmra $2 $: $)> <$(ldapmh $2 $: $)> <$1> <$2> <$3> 143506f25ae9SGregory Neil Shapiro 1436605302a5SGregory Neil Shapiro# look for temporary failures (return original address, MTA will queue up) 1437959366dcSGregory Neil ShapiroR<$* <TMPF>> <$*> <$+> <$+> <$*> $@ $3 1438959366dcSGregory Neil ShapiroR<$*> <$* <TMPF>> <$+> <$+> <$*> $@ $3 1439605302a5SGregory Neil Shapiro 144006f25ae9SGregory Neil Shapiro# if mailRoutingAddress and local or non-existant mailHost, 144106f25ae9SGregory Neil Shapiro# return the new mailRoutingAddress 144240266059SGregory Neil Shapiroifelse(_LDAP_ROUTE_DETAIL_, `_PRESERVE_', `dnl 144340266059SGregory Neil ShapiroR<$+@$+> <$=w> <$+> <$+> <$*> $@ $>Parse0 $>canonify $1 $6 @ $2 144440266059SGregory Neil ShapiroR<$+@$+> <> <$+> <$+> <$*> $@ $>Parse0 $>canonify $1 $5 @ $2') 144540266059SGregory Neil ShapiroR<$+> <$=w> <$+> <$+> <$*> $@ $>Parse0 $>canonify $1 144640266059SGregory Neil ShapiroR<$+> <> <$+> <$+> <$*> $@ $>Parse0 $>canonify $1 144706f25ae9SGregory Neil Shapiro 144894c01205SGregory Neil Shapiro 144906f25ae9SGregory Neil Shapiro# if mailRoutingAddress and non-local mailHost, 145006f25ae9SGregory Neil Shapiro# relay to mailHost with new mailRoutingAddress 145140266059SGregory Neil Shapiroifelse(_LDAP_ROUTE_DETAIL_, `_PRESERVE_', `dnl 145240266059SGregory Neil Shapiroifdef(`_MAILER_TABLE_', `dnl 145340266059SGregory Neil Shapiro# check mailertable for host, relay from there 145440266059SGregory Neil ShapiroR<$+@$+> <$+> <$+> <$+> <$*> $>LDAPMailertable <$3> $>canonify $1 $6 @ $2', 145540266059SGregory Neil Shapiro`R<$+@$+> <$+> <$+> <$+> <$*> $#_RELAY_ $@ $3 $: $>canonify $1 $6 @ $2')') 145640266059SGregory Neil Shapiroifdef(`_MAILER_TABLE_', `dnl 145740266059SGregory Neil Shapiro# check mailertable for host, relay from there 145840266059SGregory Neil ShapiroR<$+> <$+> <$+> <$+> <$*> $>LDAPMailertable <$2> $>canonify $1', 145940266059SGregory Neil Shapiro`R<$+> <$+> <$+> <$+> <$*> $#_RELAY_ $@ $2 $: $>canonify $1') 146006f25ae9SGregory Neil Shapiro 146106f25ae9SGregory Neil Shapiro# if no mailRoutingAddress and local mailHost, 146206f25ae9SGregory Neil Shapiro# return original address 146340266059SGregory Neil ShapiroR<> <$=w> <$+> <$+> <$*> $@ $2 146406f25ae9SGregory Neil Shapiro 146594c01205SGregory Neil Shapiro 146606f25ae9SGregory Neil Shapiro# if no mailRoutingAddress and non-local mailHost, 146706f25ae9SGregory Neil Shapiro# relay to mailHost with original address 146840266059SGregory Neil Shapiroifdef(`_MAILER_TABLE_', `dnl 146940266059SGregory Neil Shapiro# check mailertable for host, relay from there 147040266059SGregory Neil ShapiroR<> <$+> <$+> <$+> <$*> $>LDAPMailertable <$1> $2', 147140266059SGregory Neil Shapiro`R<> <$+> <$+> <$+> <$*> $#_RELAY_ $@ $1 $: $2') 147206f25ae9SGregory Neil Shapiro 147340266059SGregory Neil Shapiroifdef(`_LDAP_ROUTE_DETAIL_', 147440266059SGregory Neil Shapiro`# if no mailRoutingAddress and no mailHost, 147540266059SGregory Neil Shapiro# try without +detail 147640266059SGregory Neil ShapiroR<> <> <$+> <$+ + $* @ $+> <> $@ $>LDAPExpand <$1> <$2 @ $4> <+$3>')dnl 147740266059SGregory Neil Shapiro 147840266059SGregory Neil Shapiro# if still no mailRoutingAddress and no mailHost, 147906f25ae9SGregory Neil Shapiro# try @domain 148040266059SGregory Neil Shapiroifelse(_LDAP_ROUTE_DETAIL_, `_PRESERVE_', `dnl 148140266059SGregory Neil ShapiroR<> <> <$+> <$+ + $* @ $+> <> $@ $>LDAPExpand <$1> <@ $4> <+$3>') 148240266059SGregory Neil ShapiroR<> <> <$+> <$+ @ $+> <$*> $@ $>LDAPExpand <$1> <@ $3> <$4> 148306f25ae9SGregory Neil Shapiro 148406f25ae9SGregory Neil Shapiro# if no mailRoutingAddress and no mailHost and this was a domain attempt, 148506f25ae9SGregory Neil Shapiroifelse(_LDAP_ROUTING_, `_MUST_EXIST_', `dnl 148606f25ae9SGregory Neil Shapiro# user does not exist 148740266059SGregory Neil ShapiroR<> <> <$+> <@ $+> <$*> $: <?> < $&{addr_type} > < $1 > 148840266059SGregory Neil Shapiro# only give error for envelope recipient 148940266059SGregory Neil ShapiroR<?> <e r> <$+> $#error $@ nouser $: "550 User unknown" 149040266059SGregory Neil ShapiroR<?> <$*> <$+> $@ $2', 149106f25ae9SGregory Neil Shapiro`dnl 149206f25ae9SGregory Neil Shapiro# return the original address 149340266059SGregory Neil ShapiroR<> <> <$+> <@ $+> <$*> $@ $1')', 149406f25ae9SGregory Neil Shapiro`dnl') 149506f25ae9SGregory Neil Shapiro 149606f25ae9SGregory Neil Shapiroifelse(substr(confDELIVERY_MODE,0,1), `d', `errprint(`WARNING: Antispam rules not available in deferred delivery mode. 149706f25ae9SGregory Neil Shapiro')') 149840266059SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl', `divert(-1)') 1499c2aa98e2SPeter Wemm###################################################################### 150040266059SGregory Neil Shapiro### D: LookUpDomain -- search for domain in access database 1501c2aa98e2SPeter Wemm### 1502c2aa98e2SPeter Wemm### Parameters: 1503c2aa98e2SPeter Wemm### <$1> -- key (domain name) 1504c2aa98e2SPeter Wemm### <$2> -- default (what to return if not found in db) 150506f25ae9SGregory Neil Shapirodnl must not be empty 150640266059SGregory Neil Shapiro### <$3> -- mark (must be <(!|+) single-token>) 150706f25ae9SGregory Neil Shapiro### ! does lookup only with tag 150806f25ae9SGregory Neil Shapiro### + does lookup with and without tag 150940266059SGregory Neil Shapiro### <$4> -- passthru (additional data passed unchanged through) 151006f25ae9SGregory Neil Shapirodnl returns: <default> <passthru> 151106f25ae9SGregory Neil Shapirodnl <result> <passthru> 1512c2aa98e2SPeter Wemm###################################################################### 1513c2aa98e2SPeter Wemm 151440266059SGregory Neil ShapiroSD 151506f25ae9SGregory Neil Shapirodnl workspace <key> <default> <passthru> <mark> 151606f25ae9SGregory Neil Shapirodnl lookup with tag (in front, no delimiter here) 151740266059SGregory Neil Shapirodnl 2 3 4 5 151840266059SGregory Neil ShapiroR<$*> <$+> <$- $-> <$*> $: < $(access $4`'_TAG_DELIM_`'$1 $: ? $) > <$1> <$2> <$3 $4> <$5> 151906f25ae9SGregory Neil Shapirodnl workspace <result-of-lookup|?> <key> <default> <passthru> <mark> 152006f25ae9SGregory Neil Shapirodnl lookup without tag? 152140266059SGregory Neil Shapirodnl 1 2 3 4 152240266059SGregory Neil ShapiroR<?> <$+> <$+> <+ $-> <$*> $: < $(access $1 $: ? $) > <$1> <$2> <+ $3> <$4> 152340266059SGregory Neil Shapiroifdef(`_LOOKUPDOTDOMAIN_', `dnl omit first component: lookup .rest 152440266059SGregory Neil Shapirodnl XXX apply this also to IP addresses? 152540266059SGregory Neil Shapirodnl currently it works the wrong way round for [1.2.3.4] 152640266059SGregory Neil Shapirodnl 1 2 3 4 5 6 152740266059SGregory Neil ShapiroR<?> <$+.$+> <$+> <$- $-> <$*> $: < $(access $5`'_TAG_DELIM_`'.$2 $: ? $) > <$1.$2> <$3> <$4 $5> <$6> 152840266059SGregory Neil Shapirodnl 1 2 3 4 5 152940266059SGregory Neil ShapiroR<?> <$+.$+> <$+> <+ $-> <$*> $: < $(access .$2 $: ? $) > <$1.$2> <$3> <+ $4> <$5>', `dnl') 153040266059SGregory Neil Shapiroifdef(`_ACCESS_SKIP_', `dnl 153140266059SGregory Neil Shapirodnl found SKIP: return <default> and <passthru> 153240266059SGregory Neil Shapirodnl 1 2 3 4 5 153340266059SGregory Neil ShapiroR<SKIP> <$+> <$+> <$- $-> <$*> $@ <$2> <$5>', `dnl') 153440266059SGregory Neil Shapirodnl not found: IPv4 net (no check is done whether it is an IP number!) 153540266059SGregory Neil Shapirodnl 1 2 3 4 5 6 153640266059SGregory Neil ShapiroR<?> <[$+.$-]> <$+> <$- $-> <$*> $@ $>D <[$1]> <$3> <$4 $5> <$6> 153740266059SGregory Neil Shapiroifdef(`NO_NETINET6', `dnl', 153840266059SGregory Neil Shapiro`dnl not found: IPv6 net 153940266059SGregory Neil Shapirodnl (could be merged with previous rule if we have a class containing .:) 154040266059SGregory Neil Shapirodnl 1 2 3 4 5 6 154140266059SGregory Neil ShapiroR<?> <[$+::$-]> <$+> <$- $-> <$*> $: $>D <[$1]> <$3> <$4 $5> <$6> 154240266059SGregory Neil ShapiroR<?> <[$+:$-]> <$+> <$- $-> <$*> $: $>D <[$1]> <$3> <$4 $5> <$6>') 154306f25ae9SGregory Neil Shapirodnl not found, but subdomain: try again 154440266059SGregory Neil Shapirodnl 1 2 3 4 5 6 154540266059SGregory Neil ShapiroR<?> <$+.$+> <$+> <$- $-> <$*> $@ $>D <$2> <$3> <$4 $5> <$6> 154640266059SGregory Neil Shapiroifdef(`_FFR_LOOKUPTAG_', `dnl lookup Tag: 154740266059SGregory Neil Shapirodnl 1 2 3 4 154840266059SGregory Neil ShapiroR<?> <$+> <$+> <! $-> <$*> $: < $(access $3`'_TAG_DELIM_ $: ? $) > <$1> <$2> <! $3> <$4>', `dnl') 154940266059SGregory Neil Shapirodnl not found, no subdomain: return <default> and <passthru> 155040266059SGregory Neil Shapirodnl 1 2 3 4 5 155140266059SGregory Neil ShapiroR<?> <$+> <$+> <$- $-> <$*> $@ <$2> <$5> 155240266059SGregory Neil Shapiroifdef(`_ATMPF_', `dnl tempfail? 155340266059SGregory Neil Shapirodnl 2 3 4 5 6 155440266059SGregory Neil ShapiroR<$* _ATMPF_> <$+> <$+> <$- $-> <$*> $@ <_ATMPF_> <$6>', `dnl') 155540266059SGregory Neil Shapirodnl return <result of lookup> and <passthru> 155640266059SGregory Neil Shapirodnl 2 3 4 5 6 155740266059SGregory Neil ShapiroR<$*> <$+> <$+> <$- $-> <$*> $@ <$1> <$6> 1558c2aa98e2SPeter Wemm 1559c2aa98e2SPeter Wemm###################################################################### 156040266059SGregory Neil Shapiro### A: LookUpAddress -- search for host address in access database 1561c2aa98e2SPeter Wemm### 1562c2aa98e2SPeter Wemm### Parameters: 1563c2aa98e2SPeter Wemm### <$1> -- key (dot quadded host address) 1564c2aa98e2SPeter Wemm### <$2> -- default (what to return if not found in db) 156506f25ae9SGregory Neil Shapirodnl must not be empty 156640266059SGregory Neil Shapiro### <$3> -- mark (must be <(!|+) single-token>) 156706f25ae9SGregory Neil Shapiro### ! does lookup only with tag 156806f25ae9SGregory Neil Shapiro### + does lookup with and without tag 156940266059SGregory Neil Shapiro### <$4> -- passthru (additional data passed through) 157006f25ae9SGregory Neil Shapirodnl returns: <default> <passthru> 157106f25ae9SGregory Neil Shapirodnl <result> <passthru> 1572c2aa98e2SPeter Wemm###################################################################### 1573c2aa98e2SPeter Wemm 157440266059SGregory Neil ShapiroSA 157506f25ae9SGregory Neil Shapirodnl lookup with tag 157640266059SGregory Neil Shapirodnl 2 3 4 5 157740266059SGregory Neil ShapiroR<$+> <$+> <$- $-> <$*> $: < $(access $4`'_TAG_DELIM_`'$1 $: ? $) > <$1> <$2> <$3 $4> <$5> 157806f25ae9SGregory Neil Shapirodnl lookup without tag 157940266059SGregory Neil Shapirodnl 1 2 3 4 158040266059SGregory Neil ShapiroR<?> <$+> <$+> <+ $-> <$*> $: < $(access $1 $: ? $) > <$1> <$2> <+ $3> <$4> 158140266059SGregory Neil Shapirodnl workspace <result-of-lookup|?> <key> <default> <mark> <passthru> 158240266059SGregory Neil Shapiroifdef(`_ACCESS_SKIP_', `dnl 158340266059SGregory Neil Shapirodnl found SKIP: return <default> and <passthru> 158440266059SGregory Neil Shapirodnl 1 2 3 4 5 158540266059SGregory Neil ShapiroR<SKIP> <$+> <$+> <$- $-> <$*> $@ <$2> <$5>', `dnl') 158640266059SGregory Neil Shapiroifdef(`NO_NETINET6', `dnl', 158740266059SGregory Neil Shapiro`dnl no match; IPv6: remove last part 158840266059SGregory Neil Shapirodnl 1 2 3 4 5 6 158940266059SGregory Neil ShapiroR<?> <$+::$-> <$+> <$- $-> <$*> $@ $>A <$1> <$3> <$4 $5> <$6> 159040266059SGregory Neil ShapiroR<?> <$+:$-> <$+> <$- $-> <$*> $@ $>A <$1> <$3> <$4 $5> <$6>') 159106f25ae9SGregory Neil Shapirodnl no match; IPv4: remove last part 159240266059SGregory Neil Shapirodnl 1 2 3 4 5 6 159340266059SGregory Neil ShapiroR<?> <$+.$-> <$+> <$- $-> <$*> $@ $>A <$1> <$3> <$4 $5> <$6> 159406f25ae9SGregory Neil Shapirodnl no match: return default 159540266059SGregory Neil Shapirodnl 1 2 3 4 5 159640266059SGregory Neil ShapiroR<?> <$+> <$+> <$- $-> <$*> $@ <$2> <$5> 159740266059SGregory Neil Shapiroifdef(`_ATMPF_', `dnl tempfail? 159840266059SGregory Neil Shapirodnl 2 3 4 5 6 159940266059SGregory Neil ShapiroR<$* _ATMPF_> <$+> <$+> <$- $-> <$*> $@ <_ATMPF_> <$6>', `dnl') 160006f25ae9SGregory Neil Shapirodnl match: return result 160140266059SGregory Neil Shapirodnl 2 3 4 5 6 160240266059SGregory Neil ShapiroR<$*> <$+> <$+> <$- $-> <$*> $@ <$1> <$6> 160340266059SGregory Neil Shapirodnl endif _ACCESS_TABLE_ 160440266059SGregory Neil Shapirodivert(0) 1605c2aa98e2SPeter Wemm###################################################################### 1606065a643dSPeter Wemm### CanonAddr -- Convert an address into a standard form for 1607065a643dSPeter Wemm### relay checking. Route address syntax is 1608065a643dSPeter Wemm### crudely converted into a %-hack address. 1609065a643dSPeter Wemm### 1610065a643dSPeter Wemm### Parameters: 1611065a643dSPeter Wemm### $1 -- full recipient address 1612065a643dSPeter Wemm### 1613065a643dSPeter Wemm### Returns: 1614065a643dSPeter Wemm### parsed address, not in source route form 161506f25ae9SGregory Neil Shapirodnl user%host%host<@domain> 161606f25ae9SGregory Neil Shapirodnl host!user<@domain> 1617065a643dSPeter Wemm###################################################################### 1618065a643dSPeter Wemm 1619065a643dSPeter WemmSCanonAddr 162006f25ae9SGregory Neil ShapiroR$* $: $>Parse0 $>canonify $1 make domain canonical 162106f25ae9SGregory Neil Shapiroifdef(`_USE_DEPRECATED_ROUTE_ADDR_',`dnl 1622065a643dSPeter WemmR< @ $+ > : $* @ $* < @ $1 > : $2 % $3 change @ to % in src route 1623065a643dSPeter WemmR$* < @ $+ > : $* : $* $3 $1 < @ $2 > : $4 change to % hack. 1624065a643dSPeter WemmR$* < @ $+ > : $* $3 $1 < @ $2 > 162506f25ae9SGregory Neil Shapirodnl') 1626065a643dSPeter Wemm 1627065a643dSPeter Wemm###################################################################### 1628c2aa98e2SPeter Wemm### ParseRecipient -- Strip off hosts in $=R as well as possibly 1629c2aa98e2SPeter Wemm### $* $=m or the access database. 1630c2aa98e2SPeter Wemm### Check user portion for host separators. 1631c2aa98e2SPeter Wemm### 1632c2aa98e2SPeter Wemm### Parameters: 1633c2aa98e2SPeter Wemm### $1 -- full recipient address 1634c2aa98e2SPeter Wemm### 1635c2aa98e2SPeter Wemm### Returns: 1636c2aa98e2SPeter Wemm### parsed, non-local-relaying address 1637c2aa98e2SPeter Wemm###################################################################### 1638c2aa98e2SPeter Wemm 1639c2aa98e2SPeter WemmSParseRecipient 164006f25ae9SGregory Neil Shapirodnl mark and canonify address 1641065a643dSPeter WemmR$* $: <?> $>CanonAddr $1 164206f25ae9SGregory Neil Shapirodnl workspace: <?> localpart<@domain[.]> 1643c2aa98e2SPeter WemmR<?> $* < @ $* . > <?> $1 < @ $2 > strip trailing dots 164406f25ae9SGregory Neil Shapirodnl workspace: <?> localpart<@domain> 1645c2aa98e2SPeter WemmR<?> $- < @ $* > $: <?> $(dequote $1 $) < @ $2 > dequote local part 1646c2aa98e2SPeter Wemm 1647c2aa98e2SPeter Wemm# if no $=O character, no host in the user portion, we are done 1648c2aa98e2SPeter WemmR<?> $* $=O $* < @ $* > $: <NO> $1 $2 $3 < @ $4> 164906f25ae9SGregory Neil Shapirodnl no $=O in localpart: return 1650c2aa98e2SPeter WemmR<?> $* $@ $1 1651c2aa98e2SPeter Wemm 165240266059SGregory Neil Shapirodnl workspace: <NO> localpart<@domain>, where localpart contains $=O 165306f25ae9SGregory Neil Shapirodnl mark everything which has an "authorized" domain with <RELAY> 1654c2aa98e2SPeter Wemmifdef(`_RELAY_ENTIRE_DOMAIN_', `dnl 1655c2aa98e2SPeter Wemm# if we relay, check username portion for user%host so host can be checked also 1656c2aa98e2SPeter WemmR<NO> $* < @ $* $=m > $: <RELAY> $1 < @ $2 $3 >', `dnl') 165706f25ae9SGregory Neil Shapirodnl workspace: <(NO|RELAY)> localpart<@domain>, where localpart contains $=O 165806f25ae9SGregory Neil Shapirodnl if mark is <NO> then change it to <RELAY> if domain is "authorized" 165940266059SGregory Neil Shapiro 166040266059SGregory Neil Shapirodnl what if access map returns something else than RELAY? 166140266059SGregory Neil Shapirodnl we are only interested in RELAY entries... 166240266059SGregory Neil Shapirodnl other To: entries: blacklist recipient; generic entries? 166340266059SGregory Neil Shapirodnl if it is an error we probably do not want to relay anyway 1664c2aa98e2SPeter Wemmifdef(`_RELAY_HOSTS_ONLY_', 1665c2aa98e2SPeter Wemm`R<NO> $* < @ $=R > $: <RELAY> $1 < @ $2 > 166606f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 166706f25ae9SGregory Neil ShapiroR<NO> $* < @ $+ > $: <$(access To:$2 $: NO $)> $1 < @ $2 > 1668065a643dSPeter WemmR<NO> $* < @ $+ > $: <$(access $2 $: NO $)> $1 < @ $2 >',`dnl')', 1669c2aa98e2SPeter Wemm`R<NO> $* < @ $* $=R > $: <RELAY> $1 < @ $2 $3 > 167006f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 167140266059SGregory Neil ShapiroR<NO> $* < @ $+ > $: $>D <$2> <NO> <+ To> <$1 < @ $2 >> 1672c2aa98e2SPeter WemmR<$+> <$+> $: <$1> $2',`dnl')') 1673065a643dSPeter Wemm 167406f25ae9SGregory Neil Shapiro 167540266059SGregory Neil Shapiroifdef(`_RELAY_MX_SERVED_', `dnl 167640266059SGregory Neil Shapirodnl do "we" ($=w) act as backup MX server for the destination domain? 167740266059SGregory Neil ShapiroR<NO> $* < @ $+ > $: <MX> < : $(mxserved $2 $) : > < $1 < @$2 > > 167840266059SGregory Neil ShapiroR<MX> < : $* <TEMP> : > $* $#TEMP $@ 4.7.1 $: "450 Can not check MX records for recipient host " $1 167940266059SGregory Neil Shapirodnl yes: mark it as <RELAY> 168040266059SGregory Neil ShapiroR<MX> < $* : $=w. : $* > < $+ > $: <RELAY> $4 168140266059SGregory Neil Shapirodnl no: put old <NO> mark back 168240266059SGregory Neil ShapiroR<MX> < : $* : > < $+ > $: <NO> $2', `dnl') 168340266059SGregory Neil Shapiro 168440266059SGregory Neil Shapirodnl do we relay to this recipient domain? 1685c2aa98e2SPeter WemmR<RELAY> $* < @ $* > $@ $>ParseRecipient $1 168640266059SGregory Neil Shapirodnl something else 168740266059SGregory Neil ShapiroR<$+> $* $@ $2 1688c2aa98e2SPeter Wemm 168906f25ae9SGregory Neil Shapiro 1690c2aa98e2SPeter Wemm###################################################################### 1691c2aa98e2SPeter Wemm### check_relay -- check hostname/address on SMTP startup 1692c2aa98e2SPeter Wemm###################################################################### 1693c2aa98e2SPeter Wemm 1694c2aa98e2SPeter WemmSLocal_check_relay 169506f25ae9SGregory Neil ShapiroScheck`'_U_`'relay 1696c2aa98e2SPeter WemmR$* $: $1 $| $>"Local_check_relay" $1 1697c2aa98e2SPeter WemmR$* $| $* $| $#$* $#$3 1698c2aa98e2SPeter WemmR$* $| $* $| $* $@ $>"Basic_check_relay" $1 $| $2 1699c2aa98e2SPeter Wemm 1700c2aa98e2SPeter WemmSBasic_check_relay 1701c2aa98e2SPeter Wemm# check for deferred delivery mode 170294c01205SGregory Neil ShapiroR$* $: < $&{deliveryMode} > $1 1703c2aa98e2SPeter WemmR< d > $* $@ deferred 1704c2aa98e2SPeter WemmR< $* > $* $: $2 1705c2aa98e2SPeter Wemm 170606f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 170742e5d165SGregory Neil Shapirodnl workspace: {client_name} $| {client_addr} 170840266059SGregory Neil ShapiroR$+ $| $+ $: $>D < $1 > <?> <+ Connect> < $2 > 170942e5d165SGregory Neil Shapirodnl workspace: <result-of-lookup> <{client_addr}> 171013bd1963SGregory Neil Shapirodnl OR $| $+ if client_name is empty 171113bd1963SGregory Neil ShapiroR $| $+ $: $>A < $1 > <?> <+ Connect> <> empty client_name 171213bd1963SGregory Neil Shapirodnl workspace: <result-of-lookup> <{client_addr}> 171340266059SGregory Neil ShapiroR<?> <$+> $: $>A < $1 > <?> <+ Connect> <> no: another lookup 171440266059SGregory Neil Shapirodnl workspace: <result-of-lookup> (<>|<{client_addr}>) 171540266059SGregory Neil ShapiroR<?> <$*> $: OK found nothing 171640266059SGregory Neil Shapirodnl workspace: <result-of-lookup> (<>|<{client_addr}>) | OK 171742e5d165SGregory Neil ShapiroR<$={Accept}> <$*> $@ $1 return value of lookup 171840266059SGregory Neil ShapiroR<REJECT> <$*> $#error ifdef(`confREJECT_MSG', `$: "confREJECT_MSG"', `$@ 5.7.1 $: "550 Access denied"') 171940266059SGregory Neil ShapiroR<DISCARD> <$*> $#discard $: discard 172040266059SGregory Neil Shapiroifdef(`_FFR_QUARANTINE', 172140266059SGregory Neil Shapiro`R<QUARANTINE:$+> <$*> $#error $@ quarantine $: $1', `dnl') 172206f25ae9SGregory Neil Shapirodnl error tag 172342e5d165SGregory Neil ShapiroR<ERROR:$-.$-.$-:$+> <$*> $#error $@ $1.$2.$3 $: $4 172442e5d165SGregory Neil ShapiroR<ERROR:$+> <$*> $#error $: $1 172540266059SGregory Neil Shapiroifdef(`_ATMPF_', `R<$* _ATMPF_> <$*> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl') 172606f25ae9SGregory Neil Shapirodnl generic error from access map 172742e5d165SGregory Neil ShapiroR<$+> <$*> $#error $: $1', `dnl') 1728c2aa98e2SPeter Wemm 1729c2aa98e2SPeter Wemmifdef(`_RBL_',`dnl 173006f25ae9SGregory Neil Shapiro# DNS based IP address spam list 173140266059SGregory Neil Shapirodnl workspace: ignored... 1732c2aa98e2SPeter WemmR$* $: $&{client_addr} 173306f25ae9SGregory Neil ShapiroR$-.$-.$-.$- $: <?> $(host $4.$3.$2.$1._RBL_. $: OK $) 173406f25ae9SGregory Neil ShapiroR<?>OK $: OKSOFAR 173594c01205SGregory Neil ShapiroR<?>$+ $#error $@ 5.7.1 $: "550 Rejected: " $&{client_addr} " listed at _RBL_"', 1736c2aa98e2SPeter Wemm`dnl') 173706f25ae9SGregory Neil Shapiroundivert(8) 1738c2aa98e2SPeter Wemm 1739c2aa98e2SPeter Wemm###################################################################### 1740c2aa98e2SPeter Wemm### check_mail -- check SMTP ``MAIL FROM:'' command argument 1741c2aa98e2SPeter Wemm###################################################################### 1742c2aa98e2SPeter Wemm 1743c2aa98e2SPeter WemmSLocal_check_mail 174406f25ae9SGregory Neil ShapiroScheck`'_U_`'mail 1745c2aa98e2SPeter WemmR$* $: $1 $| $>"Local_check_mail" $1 1746c2aa98e2SPeter WemmR$* $| $#$* $#$2 1747c2aa98e2SPeter WemmR$* $| $* $@ $>"Basic_check_mail" $1 1748c2aa98e2SPeter Wemm 1749c2aa98e2SPeter WemmSBasic_check_mail 1750c2aa98e2SPeter Wemm# check for deferred delivery mode 175194c01205SGregory Neil ShapiroR$* $: < $&{deliveryMode} > $1 1752c2aa98e2SPeter WemmR< d > $* $@ deferred 1753c2aa98e2SPeter WemmR< $* > $* $: $2 1754c2aa98e2SPeter Wemm 175506f25ae9SGregory Neil Shapiro# authenticated? 175606f25ae9SGregory Neil Shapirodnl done first: we can require authentication for every mail transaction 175706f25ae9SGregory Neil Shapirodnl workspace: address as given by MAIL FROM: (sender) 175806f25ae9SGregory Neil ShapiroR$* $: $1 $| $>"tls_client" $&{verify} $| MAIL 175906f25ae9SGregory Neil ShapiroR$* $| $#$+ $#$2 176006f25ae9SGregory Neil Shapirodnl undo damage: remove result of tls_client call 176106f25ae9SGregory Neil ShapiroR$* $| $* $: $1 176206f25ae9SGregory Neil Shapiro 176306f25ae9SGregory Neil Shapirodnl workspace: address as given by MAIL FROM: 176406f25ae9SGregory Neil ShapiroR<> $@ <OK> we MUST accept <> (RFC 1123) 176506f25ae9SGregory Neil Shapiroifdef(`_ACCEPT_UNQUALIFIED_SENDERS_',`dnl',`dnl 176606f25ae9SGregory Neil Shapirodnl do some additional checks 176706f25ae9SGregory Neil Shapirodnl no user@host 176806f25ae9SGregory Neil Shapirodnl no user@localhost (if nonlocal sender) 176906f25ae9SGregory Neil Shapirodnl this is a pretty simple canonification, it will not catch every case 177006f25ae9SGregory Neil Shapirodnl just make sure the address has <> around it (which is required by 177106f25ae9SGregory Neil Shapirodnl the RFC anyway, maybe we should complain if they are missing...) 177206f25ae9SGregory Neil Shapirodnl dirty trick: if it is user@host, just add a dot: user@host. this will 177306f25ae9SGregory Neil Shapirodnl not be modified by host lookups. 177406f25ae9SGregory Neil ShapiroR$+ $: <?> $1 177506f25ae9SGregory Neil ShapiroR<?><$+> $: <@> <$1> 177606f25ae9SGregory Neil ShapiroR<?>$+ $: <@> <$1> 177706f25ae9SGregory Neil Shapirodnl workspace: <@> <address> 177806f25ae9SGregory Neil Shapirodnl prepend daemon_flags 177906f25ae9SGregory Neil ShapiroR$* $: $&{daemon_flags} $| $1 178006f25ae9SGregory Neil Shapirodnl workspace: ${daemon_flags} $| <@> <address> 178106f25ae9SGregory Neil Shapirodnl do not allow these at all or only from local systems? 178206f25ae9SGregory Neil ShapiroR$* f $* $| <@> < $* @ $- > $: < ? $&{client_name} > < $3 @ $4 > 178306f25ae9SGregory Neil Shapirodnl accept unqualified sender: change mark to avoid test 178406f25ae9SGregory Neil ShapiroR$* u $* $| <@> < $* > $: <?> < $3 > 178506f25ae9SGregory Neil Shapirodnl workspace: ${daemon_flags} $| <@> <address> 178606f25ae9SGregory Neil Shapirodnl or: <? ${client_name} > <address> 178706f25ae9SGregory Neil Shapirodnl or: <?> <address> 178806f25ae9SGregory Neil Shapirodnl remove daemon_flags 178906f25ae9SGregory Neil ShapiroR$* $| $* $: $2 179006f25ae9SGregory Neil Shapiro# handle case of @localhost on address 179106f25ae9SGregory Neil ShapiroR<@> < $* @ localhost > $: < ? $&{client_name} > < $1 @ localhost > 179206f25ae9SGregory Neil ShapiroR<@> < $* @ [127.0.0.1] > 179306f25ae9SGregory Neil Shapiro $: < ? $&{client_name} > < $1 @ [127.0.0.1] > 179406f25ae9SGregory Neil ShapiroR<@> < $* @ localhost.$m > 179506f25ae9SGregory Neil Shapiro $: < ? $&{client_name} > < $1 @ localhost.$m > 179606f25ae9SGregory Neil Shapiroifdef(`_NO_UUCP_', `dnl', 179706f25ae9SGregory Neil Shapiro`R<@> < $* @ localhost.UUCP > 179806f25ae9SGregory Neil Shapiro $: < ? $&{client_name} > < $1 @ localhost.UUCP >') 179906f25ae9SGregory Neil Shapirodnl workspace: < ? $&{client_name} > <user@localhost|host> 180006f25ae9SGregory Neil Shapirodnl or: <@> <address> 180106f25ae9SGregory Neil Shapirodnl or: <?> <address> (thanks to u in ${daemon_flags}) 180206f25ae9SGregory Neil ShapiroR<@> $* $: $1 no localhost as domain 180306f25ae9SGregory Neil Shapirodnl workspace: < ? $&{client_name} > <user@localhost|host> 180406f25ae9SGregory Neil Shapirodnl or: <address> 180506f25ae9SGregory Neil Shapirodnl or: <?> <address> (thanks to u in ${daemon_flags}) 180606f25ae9SGregory Neil ShapiroR<? $=w> $* $: $2 local client: ok 180740266059SGregory Neil ShapiroR<? $+> <$+> $#error $@ 5.5.4 $: "_CODE553 Real domain name required for sender address" 180806f25ae9SGregory Neil Shapirodnl remove <?> (happens only if ${client_name} == "" or u in ${daemon_flags}) 180906f25ae9SGregory Neil ShapiroR<?> $* $: $1') 181006f25ae9SGregory Neil Shapirodnl workspace: address (or <address>) 181106f25ae9SGregory Neil ShapiroR$* $: <?> $>CanonAddr $1 canonify sender address and mark it 181206f25ae9SGregory Neil Shapirodnl workspace: <?> CanonicalAddress (i.e. address in canonical form localpart<@host>) 181306f25ae9SGregory Neil Shapirodnl there is nothing behind the <@host> so no trailing $* needed 1814065a643dSPeter WemmR<?> $* < @ $+ . > <?> $1 < @ $2 > strip trailing dots 1815c2aa98e2SPeter Wemm# handle non-DNS hostnames (*.bitnet, *.decnet, *.uucp, etc) 1816959366dcSGregory Neil ShapiroR<?> $* < @ $* $=P > $: <_RES_OK_> $1 < @ $2 $3 > 181706f25ae9SGregory Neil Shapirodnl workspace <mark> CanonicalAddress where mark is ? or OK 181894c01205SGregory Neil Shapirodnl A sender address with my local host name ($j) is safe 1819959366dcSGregory Neil ShapiroR<?> $* < @ $j > $: <_RES_OK_> $1 < @ $j > 1820c2aa98e2SPeter Wemmifdef(`_ACCEPT_UNRESOLVABLE_DOMAINS_', 182140266059SGregory Neil Shapiro`R<?> $* < @ $+ > $: <_RES_OK_> $1 < @ $2 > ... unresolvable OK', 182206f25ae9SGregory Neil Shapiro`R<?> $* < @ $+ > $: <? $(resolve $2 $: $2 <PERM> $) > $1 < @ $2 > 182306f25ae9SGregory Neil ShapiroR<? $* <$->> $* < @ $+ > 182406f25ae9SGregory Neil Shapiro $: <$2> $3 < @ $4 >') 182540266059SGregory Neil Shapirodnl workspace <mark> CanonicalAddress where mark is ?, _RES_OK_, PERM, TEMP 182606f25ae9SGregory Neil Shapirodnl mark is ? iff the address is user (wo @domain) 1827c2aa98e2SPeter Wemm 182806f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 182906f25ae9SGregory Neil Shapiro# check sender address: user@address, user@, address 183006f25ae9SGregory Neil Shapirodnl should we remove +ext from user? 183140266059SGregory Neil Shapirodnl workspace: <mark> CanonicalAddress where mark is: ?, _RES_OK_, PERM, TEMP 183240266059SGregory Neil ShapiroR<$+> $+ < @ $* > $: @<$1> <$2 < @ $3 >> $| <F:$2@$3> <U:$2@> <D:$3> 183306f25ae9SGregory Neil ShapiroR<$+> $+ $: @<$1> <$2> $| <U:$2@> 183406f25ae9SGregory Neil Shapirodnl workspace: @<mark> <CanonicalAddress> $| <@type:address> .... 183506f25ae9SGregory Neil Shapirodnl $| is used as delimiter, otherwise false matches may occur: <user<@domain>> 183606f25ae9SGregory Neil Shapirodnl will only return user<@domain when "reversing" the args 183706f25ae9SGregory Neil ShapiroR@ <$+> <$*> $| <$+> $: <@> <$1> <$2> $| $>SearchList <+ From> $| <$3> <> 183806f25ae9SGregory Neil Shapirodnl workspace: <@><mark> <CanonicalAddress> $| <result> 183906f25ae9SGregory Neil ShapiroR<@> <$+> <$*> $| <$*> $: <$3> <$1> <$2> reverse result 184006f25ae9SGregory Neil Shapirodnl workspace: <result> <mark> <CanonicalAddress> 1841c2aa98e2SPeter Wemm# retransform for further use 184206f25ae9SGregory Neil Shapirodnl required form: 184306f25ae9SGregory Neil Shapirodnl <ResultOfLookup|mark> CanonicalAddress 184406f25ae9SGregory Neil ShapiroR<?> <$+> <$*> $: <$1> $2 no match 184506f25ae9SGregory Neil ShapiroR<$+> <$+> <$*> $: <$1> $3 relevant result, keep it', `dnl') 184606f25ae9SGregory Neil Shapirodnl workspace <ResultOfLookup|mark> CanonicalAddress 184706f25ae9SGregory Neil Shapirodnl mark is ? iff the address is user (wo @domain) 1848c2aa98e2SPeter Wemm 1849c2aa98e2SPeter Wemmifdef(`_ACCEPT_UNQUALIFIED_SENDERS_',`dnl',`dnl 1850c2aa98e2SPeter Wemm# handle case of no @domain on address 185106f25ae9SGregory Neil Shapirodnl prepend daemon_flags 185206f25ae9SGregory Neil ShapiroR<?> $* $: $&{daemon_flags} $| <?> $1 185306f25ae9SGregory Neil Shapirodnl accept unqualified sender: change mark to avoid test 185440266059SGregory Neil ShapiroR$* u $* $| <?> $* $: <_RES_OK_> $3 185506f25ae9SGregory Neil Shapirodnl remove daemon_flags 185606f25ae9SGregory Neil ShapiroR$* $| $* $: $2 185713bd1963SGregory Neil ShapiroR<?> $* $: < ? $&{client_addr} > $1 1858959366dcSGregory Neil ShapiroR<?> $* $@ <_RES_OK_> ...local unqualed ok 185940266059SGregory Neil ShapiroR<? $+> $* $#error $@ 5.5.4 $: "_CODE553 Domain name required for sender address " $&f 1860c2aa98e2SPeter Wemm ...remote is not') 1861c2aa98e2SPeter Wemm# check results 186206f25ae9SGregory Neil ShapiroR<?> $* $: @ $1 mark address: nothing known about it 186340266059SGregory Neil ShapiroR<$={ResOk}> $* $@ <_RES_OK_> domain ok: stop 186406f25ae9SGregory Neil ShapiroR<TEMP> $* $#error $@ 4.1.8 $: "451 Domain of sender address " $&f " does not resolve" 186540266059SGregory Neil ShapiroR<PERM> $* $#error $@ 5.1.8 $: "_CODE553 Domain of sender address " $&f " does not exist" 186606f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 186740266059SGregory Neil ShapiroR<$={Accept}> $* $# $1 accept from access map 1868c2aa98e2SPeter WemmR<DISCARD> $* $#discard $: discard 186940266059SGregory Neil Shapiroifdef(`_FFR_QUARANTINE', 187040266059SGregory Neil Shapiro`R<QUARANTINE:$+> $* $#error $@ quarantine $: $1', `dnl') 187106f25ae9SGregory Neil ShapiroR<REJECT> $* $#error ifdef(`confREJECT_MSG', `$: "confREJECT_MSG"', `$@ 5.7.1 $: "550 Access denied"') 187206f25ae9SGregory Neil Shapirodnl error tag 187306f25ae9SGregory Neil ShapiroR<ERROR:$-.$-.$-:$+> $* $#error $@ $1.$2.$3 $: $4 187406f25ae9SGregory Neil ShapiroR<ERROR:$+> $* $#error $: $1 187540266059SGregory Neil Shapiroifdef(`_ATMPF_', `R<_ATMPF_> $* $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl') 187606f25ae9SGregory Neil Shapirodnl generic error from access map 187706f25ae9SGregory Neil ShapiroR<$+> $* $#error $: $1 error from access db', 1878c2aa98e2SPeter Wemm`dnl') 1879c2aa98e2SPeter Wemm 1880c2aa98e2SPeter Wemm###################################################################### 1881c2aa98e2SPeter Wemm### check_rcpt -- check SMTP ``RCPT TO:'' command argument 1882c2aa98e2SPeter Wemm###################################################################### 1883c2aa98e2SPeter Wemm 1884c2aa98e2SPeter WemmSLocal_check_rcpt 188506f25ae9SGregory Neil ShapiroScheck`'_U_`'rcpt 1886c2aa98e2SPeter WemmR$* $: $1 $| $>"Local_check_rcpt" $1 1887c2aa98e2SPeter WemmR$* $| $#$* $#$2 1888c2aa98e2SPeter WemmR$* $| $* $@ $>"Basic_check_rcpt" $1 1889c2aa98e2SPeter Wemm 1890c2aa98e2SPeter WemmSBasic_check_rcpt 189140266059SGregory Neil Shapiro# empty address? 189240266059SGregory Neil ShapiroR<> $#error $@ nouser $: "553 User address required" 189340266059SGregory Neil ShapiroR$@ $#error $@ nouser $: "553 User address required" 1894c2aa98e2SPeter Wemm# check for deferred delivery mode 189594c01205SGregory Neil ShapiroR$* $: < $&{deliveryMode} > $1 1896c2aa98e2SPeter WemmR< d > $* $@ deferred 1897c2aa98e2SPeter WemmR< $* > $* $: $2 1898c2aa98e2SPeter Wemm 189906f25ae9SGregory Neil Shapiroifdef(`_REQUIRE_QUAL_RCPT_', `dnl 190040266059SGregory Neil Shapirodnl this code checks for user@host where host is not a FQHN. 190140266059SGregory Neil Shapirodnl it is not activated. 190240266059SGregory Neil Shapirodnl notice: code to check for a recipient without a domain name is 190340266059SGregory Neil Shapirodnl available down below; look for the same macro. 190440266059SGregory Neil Shapirodnl this check is done here because the name might be qualified by the 190540266059SGregory Neil Shapirodnl canonicalization. 190640266059SGregory Neil Shapiro# require fully qualified domain part? 190740266059SGregory Neil Shapirodnl very simple canonification: make sure the address is in < > 190806f25ae9SGregory Neil ShapiroR$+ $: <?> $1 190906f25ae9SGregory Neil ShapiroR<?> <$+> $: <@> <$1> 191006f25ae9SGregory Neil ShapiroR<?> $+ $: <@> <$1> 191140266059SGregory Neil ShapiroR<@> < postmaster > $: postmaster 191213bd1963SGregory Neil ShapiroR<@> < $* @ $+ . $+ > $: < $1 @ $2 . $3 > 191306f25ae9SGregory Neil Shapirodnl prepend daemon_flags 191440266059SGregory Neil ShapiroR<@> $* $: $&{daemon_flags} $| <@> $1 191506f25ae9SGregory Neil Shapirodnl workspace: ${daemon_flags} $| <@> <address> 1916a7ec597cSGregory Neil Shapirodnl 'r'equire qual.rcpt: ok 1917a7ec597cSGregory Neil ShapiroR$* r $* $| <@> < $+ @ $+ > $: < $3 @ $4 > 191806f25ae9SGregory Neil Shapirodnl do not allow these at all or only from local systems? 1919a7ec597cSGregory Neil ShapiroR$* r $* $| <@> < $* > $: < ? $&{client_name} > < $3 > 192006f25ae9SGregory Neil ShapiroR<?> < $* > $: <$1> 192106f25ae9SGregory Neil ShapiroR<? $=w> < $* > $: <$1> 192240266059SGregory Neil ShapiroR<? $+> <$+> $#error $@ 5.5.4 $: "553 Fully qualified domain name required" 192306f25ae9SGregory Neil Shapirodnl remove daemon_flags for other cases 192406f25ae9SGregory Neil ShapiroR$* $| <@> $* $: $2', `dnl') 192506f25ae9SGregory Neil Shapiro 192640266059SGregory Neil Shapirodnl ################################################################## 192740266059SGregory Neil Shapirodnl call subroutines for recipient and relay 192840266059SGregory Neil Shapirodnl possible returns from subroutines: 192940266059SGregory Neil Shapirodnl $#TEMP temporary failure 193040266059SGregory Neil Shapirodnl $#error permanent failure (or temporary if from access map) 193140266059SGregory Neil Shapirodnl $#other stop processing 193240266059SGregory Neil Shapirodnl RELAY RELAYing allowed 193340266059SGregory Neil Shapirodnl other otherwise 193440266059SGregory Neil Shapiro###################################################################### 193540266059SGregory Neil ShapiroR$* $: $1 $| @ $>"Rcpt_ok" $1 193640266059SGregory Neil Shapirodnl temporary failure? remove mark @ and remember 193740266059SGregory Neil ShapiroR$* $| @ $#TEMP $+ $: $1 $| T $2 193840266059SGregory Neil Shapirodnl error or ok (stop) 193940266059SGregory Neil ShapiroR$* $| @ $#$* $#$2 194040266059SGregory Neil Shapiroifdef(`_PROMISCUOUS_RELAY_', `divert(-1)', `dnl') 194140266059SGregory Neil ShapiroR$* $| @ RELAY $@ RELAY 194240266059SGregory Neil Shapirodnl something else: call check sender (relay) 194340266059SGregory Neil ShapiroR$* $| @ $* $: O $| $>"Relay_ok" $1 194440266059SGregory Neil Shapirodnl temporary failure: call check sender (relay) 194540266059SGregory Neil ShapiroR$* $| T $+ $: T $2 $| $>"Relay_ok" $1 194640266059SGregory Neil Shapirodnl temporary failure? return that 194740266059SGregory Neil ShapiroR$* $| $#TEMP $+ $#error $2 194840266059SGregory Neil Shapirodnl error or ok (stop) 194940266059SGregory Neil ShapiroR$* $| $#$* $#$2 195040266059SGregory Neil ShapiroR$* $| RELAY $@ RELAY 195140266059SGregory Neil Shapirodnl something else: return previous temp failure 195240266059SGregory Neil ShapiroR T $+ $| $* $#error $1 195340266059SGregory Neil Shapiro# anything else is bogus 195440266059SGregory Neil ShapiroR$* $#error $@ 5.7.1 $: confRELAY_MSG 195540266059SGregory Neil Shapirodivert(0) 195640266059SGregory Neil Shapiro 195740266059SGregory Neil Shapiro###################################################################### 195840266059SGregory Neil Shapiro### Rcpt_ok: is the recipient ok? 195940266059SGregory Neil Shapirodnl input: recipient address (RCPT TO) 196040266059SGregory Neil Shapirodnl output: see explanation at call 196140266059SGregory Neil Shapiro###################################################################### 196240266059SGregory Neil ShapiroSRcpt_ok 1963c2aa98e2SPeter Wemmifdef(`_LOOSE_RELAY_CHECK_',`dnl 1964065a643dSPeter WemmR$* $: $>CanonAddr $1 1965c2aa98e2SPeter WemmR$* < @ $* . > $1 < @ $2 > strip trailing dots', 1966c2aa98e2SPeter Wemm`R$* $: $>ParseRecipient $1 strip relayable hosts') 1967c2aa98e2SPeter Wemm 1968065a643dSPeter Wemmifdef(`_BESTMX_IS_LOCAL_',`dnl 1969065a643dSPeter Wemmifelse(_BESTMX_IS_LOCAL_, `', `dnl 1970065a643dSPeter Wemm# unlimited bestmx 1971065a643dSPeter WemmR$* < @ $* > $* $: $1 < @ $2 @@ $(bestmx $2 $) > $3', 1972065a643dSPeter Wemm`dnl 1973065a643dSPeter Wemm# limit bestmx to $=B 19742e43090eSPeter WemmR$* < @ $* $=B > $* $: $1 < @ $2 $3 @@ $(bestmx $2 $3 $) > $4') 197540266059SGregory Neil ShapiroR$* $=O $* < @ $* @@ $=w . > $* $@ $>"Rcpt_ok" $1 $2 $3 1976065a643dSPeter WemmR$* < @ $* @@ $=w . > $* $: $1 < @ $3 > $4 1977065a643dSPeter WemmR$* < @ $* @@ $* > $* $: $1 < @ $2 > $4') 1978065a643dSPeter Wemm 1979c2aa98e2SPeter Wemmifdef(`_BLACKLIST_RCPT_',`dnl 198006f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 1981c2aa98e2SPeter Wemm# blacklist local users or any host from receiving mail 1982c2aa98e2SPeter WemmR$* $: <?> $1 198306f25ae9SGregory Neil Shapirodnl user is now tagged with @ to be consistent with check_mail 198406f25ae9SGregory Neil Shapirodnl and to distinguish users from hosts (com would be host, com@ would be user) 198540266059SGregory Neil ShapiroR<?> $+ < @ $=w > $: <> <$1 < @ $2 >> $| <F:$1@$2> <U:$1@> <D:$2> 198640266059SGregory Neil ShapiroR<?> $+ < @ $* > $: <> <$1 < @ $2 >> $| <F:$1@$2> <D:$2> 198706f25ae9SGregory Neil ShapiroR<?> $+ $: <> <$1> $| <U:$1@> 198806f25ae9SGregory Neil Shapirodnl $| is used as delimiter, otherwise false matches may occur: <user<@domain>> 198906f25ae9SGregory Neil Shapirodnl will only return user<@domain when "reversing" the args 199006f25ae9SGregory Neil ShapiroR<> <$*> $| <$+> $: <@> <$1> $| $>SearchList <+ To> $| <$2> <> 199106f25ae9SGregory Neil ShapiroR<@> <$*> $| <$*> $: <$2> <$1> reverse result 199206f25ae9SGregory Neil ShapiroR<?> <$*> $: @ $1 mark address as no match 199340266059SGregory Neil Shapirodnl we may have to filter here because otherwise some RHSs 199440266059SGregory Neil Shapirodnl would be interpreted as generic error messages... 199540266059SGregory Neil Shapirodnl error messages should be "tagged" by prefixing them with error: ! 199640266059SGregory Neil Shapirodnl that would make a lot of things easier. 199706f25ae9SGregory Neil ShapiroR<$={Accept}> <$*> $: @ $2 mark address as no match 199840266059SGregory Neil Shapiroifdef(`_ACCESS_SKIP_', `dnl 199940266059SGregory Neil ShapiroR<SKIP> <$*> $: @ $1 mark address as no match', `dnl') 200040266059SGregory Neil Shapiroifdef(`_DELAY_COMPAT_8_10_',`dnl 200140266059SGregory Neil Shapirodnl compatility with 8.11/8.10: 200206f25ae9SGregory Neil Shapirodnl we have to filter these because otherwise they would be interpreted 200306f25ae9SGregory Neil Shapirodnl as generic error message... 200406f25ae9SGregory Neil Shapirodnl error messages should be "tagged" by prefixing them with error: ! 200506f25ae9SGregory Neil Shapirodnl that would make a lot of things easier. 200606f25ae9SGregory Neil Shapirodnl maybe we should stop checks already here (if SPAM_xyx)? 200706f25ae9SGregory Neil ShapiroR<$={SpamTag}> <$*> $: @ $2 mark address as no match') 200840266059SGregory Neil ShapiroR<REJECT> $* $#error $@ 5.2.1 $: confRCPTREJ_MSG 200906f25ae9SGregory Neil ShapiroR<DISCARD> $* $#discard $: discard 201040266059SGregory Neil Shapiroifdef(`_FFR_QUARANTINE', 201140266059SGregory Neil Shapiro`R<QUARANTINE:$+> $* $#error $@ quarantine $: $1', `dnl') 201206f25ae9SGregory Neil Shapirodnl error tag 201306f25ae9SGregory Neil ShapiroR<ERROR:$-.$-.$-:$+> $* $#error $@ $1.$2.$3 $: $4 201406f25ae9SGregory Neil ShapiroR<ERROR:$+> $* $#error $: $1 201540266059SGregory Neil Shapiroifdef(`_ATMPF_', `R<_ATMPF_> $* $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl') 201606f25ae9SGregory Neil Shapirodnl generic error from access map 201706f25ae9SGregory Neil ShapiroR<$+> $* $#error $: $1 error from access db 201806f25ae9SGregory Neil ShapiroR@ $* $1 remove mark', `dnl')', `dnl') 2019c2aa98e2SPeter Wemm 202040266059SGregory Neil Shapiroifdef(`_PROMISCUOUS_RELAY_', `divert(-1)', `dnl') 202140266059SGregory Neil Shapiro# authenticated via TLS? 202240266059SGregory Neil ShapiroR$* $: $1 $| $>RelayTLS client authenticated? 202306f25ae9SGregory Neil ShapiroR$* $| $# $+ $# $2 error/ok? 202406f25ae9SGregory Neil ShapiroR$* $| $* $: $1 no 202506f25ae9SGregory Neil Shapiro 202640266059SGregory Neil ShapiroR$* $: $1 $| $>"Local_Relay_Auth" $&{auth_type} 202740266059SGregory Neil Shapirodnl workspace: localpart<@domain> $| result of Local_Relay_Auth 202840266059SGregory Neil ShapiroR$* $| $# $* $# $2 202940266059SGregory Neil Shapirodnl if Local_Relay_Auth returns NO then do not check $={TrustAuthMech} 203040266059SGregory Neil ShapiroR$* $| NO $: $1 203140266059SGregory Neil ShapiroR$* $| $* $: $1 $| $&{auth_type} 203240266059SGregory Neil Shapirodnl workspace: localpart<@domain> [ $| ${auth_type} ] 203306f25ae9SGregory Neil Shapirodnl empty ${auth_type}? 203406f25ae9SGregory Neil ShapiroR$* $| $: $1 203506f25ae9SGregory Neil Shapirodnl mechanism ${auth_type} accepted? 203606f25ae9SGregory Neil Shapirodnl use $# to override further tests (delay_checks): see check_rcpt below 203740266059SGregory Neil ShapiroR$* $| $={TrustAuthMech} $# RELAY 203840266059SGregory Neil Shapirodnl remove ${auth_type} 203906f25ae9SGregory Neil ShapiroR$* $| $* $: $1 2040193538b7SGregory Neil Shapirodnl workspace: localpart<@domain> | localpart 204106f25ae9SGregory Neil Shapiroifelse(defn(`_NO_UUCP_'), `r', 2042193538b7SGregory Neil Shapiro`R$* ! $* < @ $* > $: <REMOTE> $2 < @ BANG_PATH > 2043193538b7SGregory Neil ShapiroR$* ! $* $: <REMOTE> $2 < @ BANG_PATH >', `dnl') 2044c2aa98e2SPeter Wemm# anything terminating locally is ok 2045c2aa98e2SPeter Wemmifdef(`_RELAY_ENTIRE_DOMAIN_', `dnl 204640266059SGregory Neil ShapiroR$+ < @ $* $=m > $@ RELAY', `dnl') 204740266059SGregory Neil ShapiroR$+ < @ $=w > $@ RELAY 2048c2aa98e2SPeter Wemmifdef(`_RELAY_HOSTS_ONLY_', 204940266059SGregory Neil Shapiro`R$+ < @ $=R > $@ RELAY 205006f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 205106f25ae9SGregory Neil ShapiroR$+ < @ $+ > $: <$(access To:$2 $: ? $)> <$1 < @ $2 >> 205206f25ae9SGregory Neil Shapirodnl workspace: <Result-of-lookup | ?> <localpart<@domain>> 205306f25ae9SGregory Neil ShapiroR<?> <$+ < @ $+ >> $: <$(access $2 $: ? $)> <$1 < @ $2 >>',`dnl')', 205440266059SGregory Neil Shapiro`R$+ < @ $* $=R > $@ RELAY 205506f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 205640266059SGregory Neil ShapiroR$+ < @ $+ > $: $>D <$2> <?> <+ To> <$1 < @ $2 >>',`dnl')') 205706f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 205806f25ae9SGregory Neil Shapirodnl workspace: <Result-of-lookup | ?> <localpart<@domain>> 205940266059SGregory Neil ShapiroR<RELAY> $* $@ RELAY 206040266059SGregory Neil Shapiroifdef(`_ATMPF_', `R<$* _ATMPF_> $* $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl') 2061c2aa98e2SPeter WemmR<$*> <$*> $: $2',`dnl') 2062c2aa98e2SPeter Wemm 206306f25ae9SGregory Neil Shapiro 2064c2aa98e2SPeter Wemmifdef(`_RELAY_MX_SERVED_', `dnl 2065c2aa98e2SPeter Wemm# allow relaying for hosts which we MX serve 206606f25ae9SGregory Neil ShapiroR$+ < @ $+ > $: < : $(mxserved $2 $) : > $1 < @ $2 > 206706f25ae9SGregory Neil Shapirodnl this must not necessarily happen if the client is checked first... 206840266059SGregory Neil ShapiroR< : $* <TEMP> : > $* $#TEMP $@ 4.7.1 $: "450 Can not check MX records for recipient host " $1 206940266059SGregory Neil ShapiroR<$* : $=w . : $*> $* $@ RELAY 2070065a643dSPeter WemmR< : $* : > $* $: $2', 2071c2aa98e2SPeter Wemm`dnl') 2072c2aa98e2SPeter Wemm 2073c2aa98e2SPeter Wemm# check for local user (i.e. unqualified address) 2074c2aa98e2SPeter WemmR$* $: <?> $1 2075065a643dSPeter WemmR<?> $* < @ $+ > $: <REMOTE> $1 < @ $2 > 2076c2aa98e2SPeter Wemm# local user is ok 207706f25ae9SGregory Neil Shapirodnl is it really? the standard requires user@domain, not just user 207806f25ae9SGregory Neil Shapirodnl but we should accept it anyway (maybe making it an option: 207906f25ae9SGregory Neil Shapirodnl RequireFQDN ?) 208006f25ae9SGregory Neil Shapirodnl postmaster must be accepted without domain (DRUMS) 208106f25ae9SGregory Neil Shapiroifdef(`_REQUIRE_QUAL_RCPT_', `dnl 208240266059SGregory Neil ShapiroR<?> postmaster $@ OK 208306f25ae9SGregory Neil Shapiro# require qualified recipient? 208406f25ae9SGregory Neil Shapirodnl prepend daemon_flags 208506f25ae9SGregory Neil ShapiroR<?> $+ $: $&{daemon_flags} $| <?> $1 208606f25ae9SGregory Neil Shapirodnl workspace: ${daemon_flags} $| <?> localpart 208706f25ae9SGregory Neil Shapirodnl do not allow these at all or only from local systems? 208806f25ae9SGregory Neil Shapirodnl r flag? add client_name 208906f25ae9SGregory Neil ShapiroR$* r $* $| <?> $+ $: < ? $&{client_name} > <?> $3 209006f25ae9SGregory Neil Shapirodnl no r flag: relay to local user (only local part) 209106f25ae9SGregory Neil Shapiro# no qualified recipient required 209240266059SGregory Neil ShapiroR$* $| <?> $+ $@ RELAY 209306f25ae9SGregory Neil Shapirodnl client_name is empty 209440266059SGregory Neil ShapiroR<?> <?> $+ $@ RELAY 209506f25ae9SGregory Neil Shapirodnl client_name is local 209640266059SGregory Neil ShapiroR<? $=w> <?> $+ $@ RELAY 209706f25ae9SGregory Neil Shapirodnl client_name is not local 209806f25ae9SGregory Neil ShapiroR<? $+> $+ $#error $@ 5.5.4 $: "553 Domain name required"', `dnl 209906f25ae9SGregory Neil Shapirodnl no qualified recipient required 210040266059SGregory Neil ShapiroR<?> $+ $@ RELAY') 210106f25ae9SGregory Neil Shapirodnl it is a remote user: remove mark and then check client 2102c2aa98e2SPeter WemmR<$+> $* $: $2 210306f25ae9SGregory Neil Shapirodnl currently the recipient address is not used below 2104c2aa98e2SPeter Wemm 210540266059SGregory Neil Shapiro###################################################################### 210640266059SGregory Neil Shapiro### Relay_ok: is the relay/sender ok? 210740266059SGregory Neil Shapirodnl input: ignored 210840266059SGregory Neil Shapirodnl output: see explanation at call 210940266059SGregory Neil Shapiro###################################################################### 211040266059SGregory Neil ShapiroSRelay_ok 2111c2aa98e2SPeter Wemm# anything originating locally is ok 2112c2aa98e2SPeter Wemm# check IP address 2113c2aa98e2SPeter WemmR$* $: $&{client_addr} 211440266059SGregory Neil ShapiroR$@ $@ RELAY originated locally 211540266059SGregory Neil ShapiroR0 $@ RELAY originated locally 211613bd1963SGregory Neil ShapiroR127.0.0.1 $@ RELAY originated locally 211713bd1963SGregory Neil ShapiroRIPv6:::1 $@ RELAY originated locally 211840266059SGregory Neil ShapiroR$=R $* $@ RELAY relayable IP address 211906f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 212040266059SGregory Neil ShapiroR$* $: $>A <$1> <?> <+ Connect> <$1> 212140266059SGregory Neil ShapiroR<RELAY> $* $@ RELAY relayable IP address 2122959366dcSGregory Neil Shapiroifdef(`_FFR_REJECT_IP_IN_CHECK_RCPT_',`dnl 2123959366dcSGregory Neil Shapirodnl this will cause rejections in cases like: 2124959366dcSGregory Neil Shapirodnl Connect:My.Host.Domain RELAY 2125959366dcSGregory Neil Shapirodnl Connect:My.Net REJECT 2126959366dcSGregory Neil Shapirodnl since in check_relay client_name is checked before client_addr 2127959366dcSGregory Neil ShapiroR<REJECT> $* $@ REJECT rejected IP address') 212840266059SGregory Neil Shapiroifdef(`_ATMPF_', `R<_ATMPF_> $* $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl') 2129c2aa98e2SPeter WemmR<$*> <$*> $: $2', `dnl') 2130c2aa98e2SPeter WemmR$* $: [ $1 ] put brackets around it... 213140266059SGregory Neil ShapiroR$=w $@ RELAY ... and see if it is local 2132c2aa98e2SPeter Wemm 213306f25ae9SGregory Neil Shapiroifdef(`_RELAY_DB_FROM_', `define(`_RELAY_MAIL_FROM_', `1')')dnl 213406f25ae9SGregory Neil Shapiroifdef(`_RELAY_LOCAL_FROM_', `define(`_RELAY_MAIL_FROM_', `1')')dnl 213506f25ae9SGregory Neil Shapiroifdef(`_RELAY_MAIL_FROM_', `dnl 213606f25ae9SGregory Neil Shapirodnl input: {client_addr} or something "broken" 213706f25ae9SGregory Neil Shapirodnl just throw the input away; we do not need it. 213806f25ae9SGregory Neil Shapiro# check whether FROM is allowed to use system as relay 213906f25ae9SGregory Neil ShapiroR$* $: <?> $>CanonAddr $&f 214040266059SGregory Neil ShapiroR<?> $+ < @ $+ . > <?> $1 < @ $2 > remove trailing dot 2141c2aa98e2SPeter Wemmifdef(`_RELAY_LOCAL_FROM_', `dnl 214206f25ae9SGregory Neil Shapiro# check whether local FROM is ok 214340266059SGregory Neil ShapiroR<?> $+ < @ $=w > $@ RELAY FROM local', `dnl') 214406f25ae9SGregory Neil Shapiroifdef(`_RELAY_DB_FROM_', `dnl 2145605302a5SGregory Neil ShapiroR<?> $+ < @ $+ > $: <@> $>SearchList <! From> $| <F:$1@$2> ifdef(`_RELAY_DB_FROM_DOMAIN_', ifdef(`_RELAY_HOSTS_ONLY_', `<E:$2>', `<D:$2>')) <> 214640266059SGregory Neil ShapiroR<@> <RELAY> $@ RELAY RELAY FROM sender ok 214740266059SGregory Neil Shapiroifdef(`_ATMPF_', `R<@> <_ATMPF_> $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl') 214840266059SGregory Neil Shapiro', `dnl 214940266059SGregory Neil Shapiroifdef(`_RELAY_DB_FROM_DOMAIN_', 215040266059SGregory Neil Shapiro`errprint(`*** ERROR: _RELAY_DB_FROM_DOMAIN_ requires _RELAY_DB_FROM_ 215106f25ae9SGregory Neil Shapiro')', 215206f25ae9SGregory Neil Shapiro`dnl') 215306f25ae9SGregory Neil Shapirodnl')', `dnl') 215440266059SGregory Neil Shapirodnl notice: the rulesets above do not leave a unique workspace behind. 215540266059SGregory Neil Shapirodnl it does not matter in this case because the following rule ignores 215640266059SGregory Neil Shapirodnl the input. otherwise these rules must "clean up" the workspace. 215706f25ae9SGregory Neil Shapiro 215806f25ae9SGregory Neil Shapiro# check client name: first: did it resolve? 215906f25ae9SGregory Neil Shapirodnl input: ignored 216006f25ae9SGregory Neil ShapiroR$* $: < $&{client_resolve} > 216140266059SGregory Neil ShapiroR<TEMP> $#TEMP $@ 4.7.1 $: "450 Relaying temporarily denied. Cannot resolve PTR record for " $&{client_addr} 216206f25ae9SGregory Neil ShapiroR<FORGED> $#error $@ 5.7.1 $: "550 Relaying denied. IP name possibly forged " $&{client_name} 216306f25ae9SGregory Neil ShapiroR<FAIL> $#error $@ 5.7.1 $: "550 Relaying denied. IP name lookup failed " $&{client_name} 216406f25ae9SGregory Neil Shapirodnl ${client_resolve} should be OK, so go ahead 216540266059SGregory Neil ShapiroR$* $: <@> $&{client_name} 216606f25ae9SGregory Neil Shapirodnl should not be necessary since it has been done for client_addr already 216713bd1963SGregory Neil Shapirodnl this rule actually may cause a problem if {client_name} resolves to "" 216813bd1963SGregory Neil Shapirodnl however, this should not happen since the forward lookup should fail 216913bd1963SGregory Neil Shapirodnl and {client_resolve} should be TEMP or FAIL. 217013bd1963SGregory Neil Shapirodnl nevertheless, removing the rule doesn't hurt. 217113bd1963SGregory Neil Shapirodnl R<@> $@ RELAY 217240266059SGregory Neil Shapirodnl workspace: <@> ${client_name} (not empty) 217340266059SGregory Neil Shapiro# pass to name server to make hostname canonical 217440266059SGregory Neil ShapiroR<@> $* $=P $:<?> $1 $2 217540266059SGregory Neil ShapiroR<@> $+ $:<?> $[ $1 $] 217640266059SGregory Neil Shapirodnl workspace: <?> ${client_name} (canonified) 217740266059SGregory Neil ShapiroR$* . $1 strip trailing dots 217806f25ae9SGregory Neil Shapiroifdef(`_RELAY_ENTIRE_DOMAIN_', `dnl 217940266059SGregory Neil ShapiroR<?> $* $=m $@ RELAY', `dnl') 218040266059SGregory Neil ShapiroR<?> $=w $@ RELAY 218106f25ae9SGregory Neil Shapiroifdef(`_RELAY_HOSTS_ONLY_', 218240266059SGregory Neil Shapiro`R<?> $=R $@ RELAY 218306f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 218406f25ae9SGregory Neil ShapiroR<?> $* $: <$(access Connect:$1 $: ? $)> <$1> 218506f25ae9SGregory Neil ShapiroR<?> <$*> $: <$(access $1 $: ? $)> <$1>',`dnl')', 218640266059SGregory Neil Shapiro`R<?> $* $=R $@ RELAY 218706f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 218840266059SGregory Neil ShapiroR<?> $* $: $>D <$1> <?> <+ Connect> <$1>',`dnl')') 218906f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 219040266059SGregory Neil ShapiroR<RELAY> $* $@ RELAY 219140266059SGregory Neil Shapiroifdef(`_ATMPF_', `R<$* _ATMPF_> $* $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl') 219206f25ae9SGregory Neil ShapiroR<$*> <$*> $: $2',`dnl') 219340266059SGregory Neil Shapirodnl end of _PROMISCUOUS_RELAY_ 219406f25ae9SGregory Neil Shapirodivert(0) 219506f25ae9SGregory Neil Shapiroifdef(`_DELAY_CHECKS_',`dnl 219606f25ae9SGregory Neil Shapiro# turn a canonical address in the form user<@domain> 219706f25ae9SGregory Neil Shapiro# qualify unqual. addresses with $j 219806f25ae9SGregory Neil Shapirodnl it might have been only user (without <@domain>) 219906f25ae9SGregory Neil ShapiroSFullAddr 220006f25ae9SGregory Neil ShapiroR$* <@ $+ . > $1 <@ $2 > 220106f25ae9SGregory Neil ShapiroR$* <@ $* > $@ $1 <@ $2 > 220206f25ae9SGregory Neil ShapiroR$+ $@ $1 <@ $j > 2203c2aa98e2SPeter Wemm 2204a7ec597cSGregory Neil ShapiroSDelay_TLS_Clt 220513bd1963SGregory Neil Shapiro# authenticated? 220613bd1963SGregory Neil Shapirodnl code repeated here from Basic_check_mail 220713bd1963SGregory Neil Shapirodnl only called from check_rcpt in delay mode if checkrcpt returns $# 220813bd1963SGregory Neil ShapiroR$* $: $1 $| $>"tls_client" $&{verify} $| MAIL 220913bd1963SGregory Neil ShapiroR$* $| $#$+ $#$2 221013bd1963SGregory Neil Shapirodnl return result from checkrcpt 2211a7ec597cSGregory Neil ShapiroR$* $| $* $# $1 221213bd1963SGregory Neil ShapiroR$* $# $1 221313bd1963SGregory Neil Shapiro 2214a7ec597cSGregory Neil ShapiroSDelay_TLS_Clt2 221513bd1963SGregory Neil Shapiro# authenticated? 221613bd1963SGregory Neil Shapirodnl code repeated here from Basic_check_mail 221713bd1963SGregory Neil Shapirodnl only called from check_rcpt in delay mode if stopping due to Friend/Hater 221813bd1963SGregory Neil ShapiroR$* $: $1 $| $>"tls_client" $&{verify} $| MAIL 221913bd1963SGregory Neil ShapiroR$* $| $#$+ $#$2 222013bd1963SGregory Neil Shapirodnl return result from friend/hater check 2221a7ec597cSGregory Neil ShapiroR$* $| $* $@ $1 222213bd1963SGregory Neil ShapiroR$* $@ $1 222313bd1963SGregory Neil Shapiro 222406f25ae9SGregory Neil Shapiro# call all necessary rulesets 222506f25ae9SGregory Neil ShapiroScheck_rcpt 222606f25ae9SGregory Neil Shapirodnl this test should be in the Basic_check_rcpt ruleset 222706f25ae9SGregory Neil Shapirodnl which is the correct DSN code? 222806f25ae9SGregory Neil Shapiro# R$@ $#error $@ 5.1.3 $: "553 Recipient address required" 222913bd1963SGregory Neil Shapiro 223006f25ae9SGregory Neil ShapiroR$+ $: $1 $| $>checkrcpt $1 223106f25ae9SGregory Neil Shapirodnl now we can simply stop checks by returning "$# xyz" instead of just "ok" 223213bd1963SGregory Neil Shapirodnl on error (or discard) stop now 223313bd1963SGregory Neil ShapiroR$+ $| $#error $* $#error $2 223413bd1963SGregory Neil ShapiroR$+ $| $#discard $* $#discard $2 223513bd1963SGregory Neil Shapirodnl otherwise call tls_client; see above 2236a7ec597cSGregory Neil ShapiroR$+ $| $#$* $@ $>"Delay_TLS_Clt" $2 223706f25ae9SGregory Neil ShapiroR$+ $| $* $: <?> $>FullAddr $>CanonAddr $1 223806f25ae9SGregory Neil Shapiroifdef(`_SPAM_FH_', 223906f25ae9SGregory Neil Shapiro`dnl lookup user@ and user@address 224006f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `', 224106f25ae9SGregory Neil Shapiro`errprint(`*** ERROR: FEATURE(`delay_checks', `argument') requires FEATURE(`access_db') 224206f25ae9SGregory Neil Shapiro')')dnl 224306f25ae9SGregory Neil Shapirodnl one of the next two rules is supposed to match 224406f25ae9SGregory Neil Shapirodnl this code has been copied from BLACKLIST... etc 224506f25ae9SGregory Neil Shapirodnl and simplified by omitting some < >. 224640266059SGregory Neil ShapiroR<?> $+ < @ $=w > $: <> $1 < @ $2 > $| <F: $1@$2 > <D: $2 > <U: $1@> 224740266059SGregory Neil ShapiroR<?> $+ < @ $* > $: <> $1 < @ $2 > $| <F: $1@$2 > <D: $2 > 224806f25ae9SGregory Neil Shapirodnl R<?> $@ something_is_very_wrong_here 224940266059SGregory Neil Shapiro# lookup the addresses only with Spam tag 225040266059SGregory Neil ShapiroR<> $* $| <$+> $: <@> $1 $| $>SearchList <! Spam> $| <$2> <> 225106f25ae9SGregory Neil ShapiroR<@> $* $| $* $: $2 $1 reverse result 225206f25ae9SGregory Neil Shapirodnl', `dnl') 225306f25ae9SGregory Neil Shapiroifdef(`_SPAM_FRIEND_', 225406f25ae9SGregory Neil Shapiro`# is the recipient a spam friend? 225506f25ae9SGregory Neil Shapiroifdef(`_SPAM_HATER_', 225613bd1963SGregory Neil Shapiro `errprint(`*** ERROR: define either Hater or Friend -- not both. 225706f25ae9SGregory Neil Shapiro')', `dnl') 2258a7ec597cSGregory Neil ShapiroR<FRIEND> $+ $@ $>"Delay_TLS_Clt2" SPAMFRIEND 225906f25ae9SGregory Neil ShapiroR<$*> $+ $: $2', 226006f25ae9SGregory Neil Shapiro`dnl') 226106f25ae9SGregory Neil Shapiroifdef(`_SPAM_HATER_', 226206f25ae9SGregory Neil Shapiro`# is the recipient no spam hater? 226340266059SGregory Neil ShapiroR<HATER> $+ $: $1 spam hater: continue checks 2264a7ec597cSGregory Neil ShapiroR<$*> $+ $@ $>"Delay_TLS_Clt2" NOSPAMHATER everyone else: stop 226506f25ae9SGregory Neil Shapirodnl',`dnl') 226606f25ae9SGregory Neil Shapirodnl run further checks: check_mail 226706f25ae9SGregory Neil Shapirodnl should we "clean up" $&f? 226840266059SGregory Neil Shapiroifdef(`_FFR_MAIL_MACRO', 226940266059SGregory Neil Shapiro`R$* $: $1 $| $>checkmail $&{mail_from}', 227040266059SGregory Neil Shapiro`R$* $: $1 $| $>checkmail <$&f>') 2271605302a5SGregory Neil Shapirodnl recipient (canonical format) $| result of checkmail 227206f25ae9SGregory Neil ShapiroR$* $| $#$* $#$2 227306f25ae9SGregory Neil Shapirodnl run further checks: check_relay 2274605302a5SGregory Neil ShapiroR$* $| $* $: $1 $| $>checkrelay $&{client_name} $| $&{client_addr} 227506f25ae9SGregory Neil ShapiroR$* $| $#$* $#$2 227606f25ae9SGregory Neil ShapiroR$* $| $* $: $1 227706f25ae9SGregory Neil Shapiro', `dnl') 227840266059SGregory Neil Shapiro 227940266059SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl', `divert(-1)') 228040266059SGregory Neil Shapiro###################################################################### 228140266059SGregory Neil Shapiro### F: LookUpFull -- search for an entry in access database 228240266059SGregory Neil Shapiro### 228340266059SGregory Neil Shapiro### lookup of full key (which should be an address) and 228440266059SGregory Neil Shapiro### variations if +detail exists: +* and without +detail 228540266059SGregory Neil Shapiro### 228640266059SGregory Neil Shapiro### Parameters: 228740266059SGregory Neil Shapiro### <$1> -- key 228840266059SGregory Neil Shapiro### <$2> -- default (what to return if not found in db) 228940266059SGregory Neil Shapirodnl must not be empty 229040266059SGregory Neil Shapiro### <$3> -- mark (must be <(!|+) single-token>) 229140266059SGregory Neil Shapiro### ! does lookup only with tag 229240266059SGregory Neil Shapiro### + does lookup with and without tag 229340266059SGregory Neil Shapiro### <$4> -- passthru (additional data passed unchanged through) 229440266059SGregory Neil Shapirodnl returns: <default> <passthru> 229540266059SGregory Neil Shapirodnl <result> <passthru> 229640266059SGregory Neil Shapiro###################################################################### 229740266059SGregory Neil Shapiro 229840266059SGregory Neil ShapiroSF 229940266059SGregory Neil Shapirodnl workspace: <key> <def> <o tag> <thru> 230040266059SGregory Neil Shapirodnl full lookup 230140266059SGregory Neil Shapirodnl 2 3 4 5 230240266059SGregory Neil ShapiroR<$+> <$*> <$- $-> <$*> $: <$(access $4`'_TAG_DELIM_`'$1 $: ? $)> <$1> <$2> <$3 $4> <$5> 230340266059SGregory Neil Shapirodnl no match, try without tag 230440266059SGregory Neil Shapirodnl 1 2 3 4 230540266059SGregory Neil ShapiroR<?> <$+> <$*> <+ $-> <$*> $: <$(access $1 $: ? $)> <$1> <$2> <+ $3> <$4> 230640266059SGregory Neil Shapirodnl no match, +detail: try +* 230740266059SGregory Neil Shapirodnl 1 2 3 4 5 6 7 230840266059SGregory Neil ShapiroR<?> <$+ + $* @ $+> <$*> <$- $-> <$*> 230940266059SGregory Neil Shapiro $: <$(access $6`'_TAG_DELIM_`'$1+*@$3 $: ? $)> <$1+$2@$3> <$4> <$5 $6> <$7> 231040266059SGregory Neil Shapirodnl no match, +detail: try +* without tag 231140266059SGregory Neil Shapirodnl 1 2 3 4 5 6 231240266059SGregory Neil ShapiroR<?> <$+ + $* @ $+> <$*> <+ $-> <$*> 231340266059SGregory Neil Shapiro $: <$(access $1+*@$3 $: ? $)> <$1+$2@$3> <$4> <+ $5> <$6> 231440266059SGregory Neil Shapirodnl no match, +detail: try without +detail 231540266059SGregory Neil Shapirodnl 1 2 3 4 5 6 7 231640266059SGregory Neil ShapiroR<?> <$+ + $* @ $+> <$*> <$- $-> <$*> 231740266059SGregory Neil Shapiro $: <$(access $6`'_TAG_DELIM_`'$1@$3 $: ? $)> <$1+$2@$3> <$4> <$5 $6> <$7> 231840266059SGregory Neil Shapirodnl no match, +detail: try without +detail and without tag 231940266059SGregory Neil Shapirodnl 1 2 3 4 5 6 232040266059SGregory Neil ShapiroR<?> <$+ + $* @ $+> <$*> <+ $-> <$*> 232140266059SGregory Neil Shapiro $: <$(access $1@$3 $: ? $)> <$1+$2@$3> <$4> <+ $5> <$6> 232240266059SGregory Neil Shapirodnl no match, return <default> <passthru> 232340266059SGregory Neil Shapirodnl 1 2 3 4 5 232440266059SGregory Neil ShapiroR<?> <$+> <$*> <$- $-> <$*> $@ <$2> <$5> 232540266059SGregory Neil Shapiroifdef(`_ATMPF_', `dnl tempfail? 232640266059SGregory Neil Shapirodnl 2 3 4 5 232740266059SGregory Neil ShapiroR<$+ _ATMPF_> <$*> <$- $-> <$*> $@ <_ATMPF_> <$5>', `dnl') 232840266059SGregory Neil Shapirodnl match, return <match> <passthru> 232940266059SGregory Neil Shapirodnl 2 3 4 5 233040266059SGregory Neil ShapiroR<$+> <$*> <$- $-> <$*> $@ <$1> <$5> 233140266059SGregory Neil Shapiro 233240266059SGregory Neil Shapiro###################################################################### 233340266059SGregory Neil Shapiro### E: LookUpExact -- search for an entry in access database 233440266059SGregory Neil Shapiro### 233540266059SGregory Neil Shapiro### Parameters: 233640266059SGregory Neil Shapiro### <$1> -- key 233740266059SGregory Neil Shapiro### <$2> -- default (what to return if not found in db) 233840266059SGregory Neil Shapirodnl must not be empty 233940266059SGregory Neil Shapiro### <$3> -- mark (must be <(!|+) single-token>) 234040266059SGregory Neil Shapiro### ! does lookup only with tag 234140266059SGregory Neil Shapiro### + does lookup with and without tag 234240266059SGregory Neil Shapiro### <$4> -- passthru (additional data passed unchanged through) 234340266059SGregory Neil Shapirodnl returns: <default> <passthru> 234440266059SGregory Neil Shapirodnl <result> <passthru> 234540266059SGregory Neil Shapiro###################################################################### 234640266059SGregory Neil Shapiro 234740266059SGregory Neil ShapiroSE 234840266059SGregory Neil Shapirodnl 2 3 4 5 234940266059SGregory Neil ShapiroR<$*> <$*> <$- $-> <$*> $: <$(access $4`'_TAG_DELIM_`'$1 $: ? $)> <$1> <$2> <$3 $4> <$5> 235040266059SGregory Neil Shapirodnl no match, try without tag 235140266059SGregory Neil Shapirodnl 1 2 3 4 235240266059SGregory Neil ShapiroR<?> <$+> <$*> <+ $-> <$*> $: <$(access $1 $: ? $)> <$1> <$2> <+ $3> <$4> 235340266059SGregory Neil Shapirodnl no match, return default passthru 235440266059SGregory Neil Shapirodnl 1 2 3 4 5 235540266059SGregory Neil ShapiroR<?> <$+> <$*> <$- $-> <$*> $@ <$2> <$5> 235640266059SGregory Neil Shapiroifdef(`_ATMPF_', `dnl tempfail? 235740266059SGregory Neil Shapirodnl 2 3 4 5 235840266059SGregory Neil ShapiroR<$+ _ATMPF_> <$*> <$- $-> <$*> $@ <_ATMPF_> <$5>', `dnl') 235940266059SGregory Neil Shapirodnl match, return <match> <passthru> 236040266059SGregory Neil Shapirodnl 2 3 4 5 236140266059SGregory Neil ShapiroR<$+> <$*> <$- $-> <$*> $@ <$1> <$5> 236240266059SGregory Neil Shapiro 236340266059SGregory Neil Shapiro###################################################################### 236440266059SGregory Neil Shapiro### U: LookUpUser -- search for an entry in access database 236540266059SGregory Neil Shapiro### 236640266059SGregory Neil Shapiro### lookup of key (which should be a local part) and 236740266059SGregory Neil Shapiro### variations if +detail exists: +* and without +detail 236840266059SGregory Neil Shapiro### 236940266059SGregory Neil Shapiro### Parameters: 237040266059SGregory Neil Shapiro### <$1> -- key (user@) 237140266059SGregory Neil Shapiro### <$2> -- default (what to return if not found in db) 237240266059SGregory Neil Shapirodnl must not be empty 237340266059SGregory Neil Shapiro### <$3> -- mark (must be <(!|+) single-token>) 237440266059SGregory Neil Shapiro### ! does lookup only with tag 237540266059SGregory Neil Shapiro### + does lookup with and without tag 237640266059SGregory Neil Shapiro### <$4> -- passthru (additional data passed unchanged through) 237740266059SGregory Neil Shapirodnl returns: <default> <passthru> 237840266059SGregory Neil Shapirodnl <result> <passthru> 237940266059SGregory Neil Shapiro###################################################################### 238040266059SGregory Neil Shapiro 238140266059SGregory Neil ShapiroSU 238240266059SGregory Neil Shapirodnl user lookups are always with trailing @ 238340266059SGregory Neil Shapirodnl 2 3 4 5 238440266059SGregory Neil ShapiroR<$+> <$*> <$- $-> <$*> $: <$(access $4`'_TAG_DELIM_`'$1 $: ? $)> <$1> <$2> <$3 $4> <$5> 238540266059SGregory Neil Shapirodnl no match, try without tag 238640266059SGregory Neil Shapirodnl 1 2 3 4 238740266059SGregory Neil ShapiroR<?> <$+> <$*> <+ $-> <$*> $: <$(access $1 $: ? $)> <$1> <$2> <+ $3> <$4> 238840266059SGregory Neil Shapirodnl do not remove the @ from the lookup: 238940266059SGregory Neil Shapirodnl it is part of the +detail@ which is omitted for the lookup 239040266059SGregory Neil Shapirodnl no match, +detail: try +* 239140266059SGregory Neil Shapirodnl 1 2 3 4 5 6 239240266059SGregory Neil ShapiroR<?> <$+ + $* @> <$*> <$- $-> <$*> 239340266059SGregory Neil Shapiro $: <$(access $5`'_TAG_DELIM_`'$1+*@ $: ? $)> <$1+$2@> <$3> <$4 $5> <$6> 239440266059SGregory Neil Shapirodnl no match, +detail: try +* without tag 239540266059SGregory Neil Shapirodnl 1 2 3 4 5 239640266059SGregory Neil ShapiroR<?> <$+ + $* @> <$*> <+ $-> <$*> 239740266059SGregory Neil Shapiro $: <$(access $1+*@ $: ? $)> <$1+$2@> <$3> <+ $4> <$5> 239840266059SGregory Neil Shapirodnl no match, +detail: try without +detail 239940266059SGregory Neil Shapirodnl 1 2 3 4 5 6 240040266059SGregory Neil ShapiroR<?> <$+ + $* @> <$*> <$- $-> <$*> 240140266059SGregory Neil Shapiro $: <$(access $5`'_TAG_DELIM_`'$1@ $: ? $)> <$1+$2@> <$3> <$4 $5> <$6> 240240266059SGregory Neil Shapirodnl no match, +detail: try without +detail and without tag 240340266059SGregory Neil Shapirodnl 1 2 3 4 5 240440266059SGregory Neil ShapiroR<?> <$+ + $* @> <$*> <+ $-> <$*> 240540266059SGregory Neil Shapiro $: <$(access $1@ $: ? $)> <$1+$2@> <$3> <+ $4> <$5> 240640266059SGregory Neil Shapirodnl no match, return <default> <passthru> 240740266059SGregory Neil Shapirodnl 1 2 3 4 5 240840266059SGregory Neil ShapiroR<?> <$+> <$*> <$- $-> <$*> $@ <$2> <$5> 240940266059SGregory Neil Shapiroifdef(`_ATMPF_', `dnl tempfail? 241040266059SGregory Neil Shapirodnl 2 3 4 5 241140266059SGregory Neil ShapiroR<$+ _ATMPF_> <$*> <$- $-> <$*> $@ <_ATMPF_> <$5>', `dnl') 241240266059SGregory Neil Shapirodnl match, return <match> <passthru> 241340266059SGregory Neil Shapirodnl 2 3 4 5 241440266059SGregory Neil ShapiroR<$+> <$*> <$- $-> <$*> $@ <$1> <$5> 241540266059SGregory Neil Shapiro 241606f25ae9SGregory Neil Shapiro###################################################################### 241706f25ae9SGregory Neil Shapiro### SearchList: search a list of items in the access map 241806f25ae9SGregory Neil Shapiro### Parameters: 241906f25ae9SGregory Neil Shapiro### <exact tag> $| <mark:address> <mark:address> ... <> 242006f25ae9SGregory Neil Shapirodnl maybe we should have a @ (again) in front of the mark to 242106f25ae9SGregory Neil Shapirodnl avoid errorneous matches (with error messages?) 242206f25ae9SGregory Neil Shapirodnl if we can make sure that tag is always a single token 242306f25ae9SGregory Neil Shapirodnl then we can omit the delimiter $|, otherwise we need it 242440266059SGregory Neil Shapirodnl to avoid errorneous matchs (first rule: D: if there 242506f25ae9SGregory Neil Shapirodnl is that mark somewhere in the list, it will be taken). 242606f25ae9SGregory Neil Shapirodnl moreover, we can do some tricks to enforce lookup with 242706f25ae9SGregory Neil Shapirodnl the tag only, e.g.: 242806f25ae9SGregory Neil Shapiro### where "exact" is either "+" or "!": 242906f25ae9SGregory Neil Shapiro### <+ TAG> lookup with and w/o tag 243006f25ae9SGregory Neil Shapiro### <! TAG> lookup with tag 243106f25ae9SGregory Neil Shapirodnl Warning: + and ! should be in OperatorChars (otherwise there must be 243206f25ae9SGregory Neil Shapirodnl a blank between them and the tag. 243306f25ae9SGregory Neil Shapiro### possible values for "mark" are: 243440266059SGregory Neil Shapiro### D: recursive host lookup (LookUpDomain) 243506f25ae9SGregory Neil Shapirodnl A: recursive address lookup (LookUpAddress) [not yet required] 243606f25ae9SGregory Neil Shapiro### E: exact lookup, no modifications 243706f25ae9SGregory Neil Shapiro### F: full lookup, try user+ext@domain and user@domain 243806f25ae9SGregory Neil Shapiro### U: user lookup, try user+ext and user (input must have trailing @) 243906f25ae9SGregory Neil Shapiro### return: <RHS of lookup> or <?> (not found) 244006f25ae9SGregory Neil Shapiro###################################################################### 244106f25ae9SGregory Neil Shapiro 244206f25ae9SGregory Neil Shapiro# class with valid marks for SearchList 244306f25ae9SGregory Neil Shapirodnl if A is activated: add it 244440266059SGregory Neil ShapiroC{src}E F D U ifdef(`_FFR_SRCHLIST_A', `A') 244506f25ae9SGregory Neil ShapiroSSearchList 244640266059SGregory Neil Shapiro# just call the ruleset with the name of the tag... nice trick... 244740266059SGregory Neil Shapirodnl 2 3 4 244840266059SGregory Neil ShapiroR<$+> $| <$={src}:$*> <$*> $: <$1> $| <$4> $| $>$2 <$3> <?> <$1> <> 244940266059SGregory Neil Shapirodnl workspace: <o tag> $| <rest> $| <result of lookup> <> 245040266059SGregory Neil Shapirodnl no match and nothing left: return 245140266059SGregory Neil ShapiroR<$+> $| <> $| <?> <> $@ <?> 245240266059SGregory Neil Shapirodnl no match but something left: continue 245340266059SGregory Neil ShapiroR<$+> $| <$+> $| <?> <> $@ $>SearchList <$1> $| <$2> 245440266059SGregory Neil Shapirodnl match: return 245540266059SGregory Neil ShapiroR<$+> $| <$*> $| <$+> <> $@ <$3> 245606f25ae9SGregory Neil Shapirodnl return result from recursive invocation 245740266059SGregory Neil ShapiroR<$+> $| <$+> $@ <$2> 245840266059SGregory Neil Shapirodnl endif _ACCESS_TABLE_ 245940266059SGregory Neil Shapirodivert(0) 246006f25ae9SGregory Neil Shapiro 246140266059SGregory Neil Shapiro###################################################################### 246240266059SGregory Neil Shapiro### trust_auth: is user trusted to authenticate as someone else? 246340266059SGregory Neil Shapiro### 246440266059SGregory Neil Shapiro### Parameters: 246540266059SGregory Neil Shapiro### $1: AUTH= parameter from MAIL command 246640266059SGregory Neil Shapiro###################################################################### 246740266059SGregory Neil Shapiro 246840266059SGregory Neil Shapirodnl empty ruleset definition so it can be called 246940266059SGregory Neil ShapiroSLocal_trust_auth 247006f25ae9SGregory Neil ShapiroStrust_auth 247106f25ae9SGregory Neil ShapiroR$* $: $&{auth_type} $| $1 247206f25ae9SGregory Neil Shapiro# required by RFC 2554 section 4. 247306f25ae9SGregory Neil ShapiroR$@ $| $* $#error $@ 5.7.1 $: "550 not authenticated" 247406f25ae9SGregory Neil Shapirodnl seems to be useful... 247506f25ae9SGregory Neil ShapiroR$* $| $&{auth_authen} $@ identical 247606f25ae9SGregory Neil ShapiroR$* $| <$&{auth_authen}> $@ identical 247706f25ae9SGregory Neil Shapirodnl call user supplied code 2478a7ec597cSGregory Neil ShapiroR$* $| $* $: $1 $| $>"Local_trust_auth" $2 247906f25ae9SGregory Neil ShapiroR$* $| $#$* $#$2 248006f25ae9SGregory Neil Shapirodnl default: error 248106f25ae9SGregory Neil ShapiroR$* $#error $@ 5.7.1 $: "550 " $&{auth_authen} " not allowed to act as " $&{auth_author} 248206f25ae9SGregory Neil Shapiro 248340266059SGregory Neil Shapiro###################################################################### 248440266059SGregory Neil Shapiro### Relay_Auth: allow relaying based on authentication? 248540266059SGregory Neil Shapiro### 248640266059SGregory Neil Shapiro### Parameters: 248740266059SGregory Neil Shapiro### $1: ${auth_type} 248840266059SGregory Neil Shapiro###################################################################### 248940266059SGregory Neil ShapiroSLocal_Relay_Auth 249006f25ae9SGregory Neil Shapiro 249140266059SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 249240266059SGregory Neil Shapiro###################################################################### 249340266059SGregory Neil Shapiro### srv_features: which features to offer to a client? 249440266059SGregory Neil Shapiro### (done in server) 249540266059SGregory Neil Shapiro###################################################################### 249640266059SGregory Neil ShapiroSsrv_features 249740266059SGregory Neil Shapiroifdef(`_LOCAL_SRV_FEATURES_', `dnl 249840266059SGregory Neil ShapiroR$* $: $1 $| $>"Local_srv_features" $1 249940266059SGregory Neil ShapiroR$* $| $#$* $#$2 250040266059SGregory Neil ShapiroR$* $| $* $: $1', `dnl') 250140266059SGregory Neil ShapiroR$* $: $>D <$&{client_name}> <?> <! SRV_FEAT_TAG> <> 250240266059SGregory Neil ShapiroR<?>$* $: $>A <$&{client_addr}> <?> <! SRV_FEAT_TAG> <> 250340266059SGregory Neil ShapiroR<?>$* $: <$(access SRV_FEAT_TAG`'_TAG_DELIM_ $: ? $)> 250406f25ae9SGregory Neil ShapiroR<?>$* $@ OK 250540266059SGregory Neil Shapiroifdef(`_ATMPF_', `dnl tempfail? 250640266059SGregory Neil ShapiroR<$* _ATMPF_>$* $#temp', `dnl') 250740266059SGregory Neil ShapiroR<$+>$* $# $1 250806f25ae9SGregory Neil Shapiro 250940266059SGregory Neil Shapiro###################################################################### 251040266059SGregory Neil Shapiro### try_tls: try to use STARTTLS? 251140266059SGregory Neil Shapiro### (done in client) 251240266059SGregory Neil Shapiro###################################################################### 251306f25ae9SGregory Neil ShapiroStry_tls 251440266059SGregory Neil Shapiroifdef(`_LOCAL_TRY_TLS_', `dnl 251540266059SGregory Neil ShapiroR$* $: $1 $| $>"Local_try_tls" $1 251640266059SGregory Neil ShapiroR$* $| $#$* $#$2 251740266059SGregory Neil ShapiroR$* $| $* $: $1', `dnl') 251840266059SGregory Neil ShapiroR$* $: $>D <$&{server_name}> <?> <! TLS_TRY_TAG> <> 251940266059SGregory Neil ShapiroR<?>$* $: $>A <$&{server_addr}> <?> <! TLS_TRY_TAG> <> 252040266059SGregory Neil ShapiroR<?>$* $: <$(access TLS_TRY_TAG`'_TAG_DELIM_ $: ? $)> 252106f25ae9SGregory Neil ShapiroR<?>$* $@ OK 252240266059SGregory Neil Shapiroifdef(`_ATMPF_', `dnl tempfail? 252340266059SGregory Neil ShapiroR<$* _ATMPF_>$* $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl') 2524193538b7SGregory Neil ShapiroR<NO>$* $#error $@ 5.7.1 $: "550 do not try TLS with " $&{server_name} " ["$&{server_addr}"]" 252506f25ae9SGregory Neil Shapiro 252640266059SGregory Neil Shapiro###################################################################### 252740266059SGregory Neil Shapiro### tls_rcpt: is connection with server "good" enough? 252840266059SGregory Neil Shapiro### (done in client, per recipient) 252940266059SGregory Neil Shapirodnl called from deliver() before RCPT command 253040266059SGregory Neil Shapiro### 253140266059SGregory Neil Shapiro### Parameters: 253240266059SGregory Neil Shapiro### $1: recipient 253340266059SGregory Neil Shapiro###################################################################### 253440266059SGregory Neil ShapiroStls_rcpt 253540266059SGregory Neil Shapiroifdef(`_LOCAL_TLS_RCPT_', `dnl 253640266059SGregory Neil ShapiroR$* $: $1 $| $>"Local_tls_rcpt" $1 253740266059SGregory Neil ShapiroR$* $| $#$* $#$2 253840266059SGregory Neil ShapiroR$* $| $* $: $1', `dnl') 253940266059SGregory Neil Shapirodnl store name of other side 254040266059SGregory Neil ShapiroR$* $: $(macro {TLS_Name} $@ $&{server_name} $) $1 254140266059SGregory Neil Shapirodnl canonify recipient address 254240266059SGregory Neil ShapiroR$+ $: <?> $>CanonAddr $1 254340266059SGregory Neil Shapirodnl strip trailing dots 254440266059SGregory Neil ShapiroR<?> $+ < @ $+ . > <?> $1 <@ $2 > 254540266059SGregory Neil Shapirodnl full address? 254640266059SGregory Neil ShapiroR<?> $+ < @ $+ > $: $1 <@ $2 > $| <F:$1@$2> <U:$1@> <D:$2> <E:> 254740266059SGregory Neil Shapirodnl only localpart? 254840266059SGregory Neil ShapiroR<?> $+ $: $1 $| <U:$1@> <E:> 254940266059SGregory Neil Shapirodnl look it up 255040266059SGregory Neil Shapirodnl also look up a default value via E: 255140266059SGregory Neil ShapiroR$* $| $+ $: $1 $| $>SearchList <! TLS_RCPT_TAG> $| $2 <> 255240266059SGregory Neil Shapirodnl found nothing: stop here 255340266059SGregory Neil ShapiroR$* $| <?> $@ OK 255440266059SGregory Neil Shapiroifdef(`_ATMPF_', `dnl tempfail? 255540266059SGregory Neil ShapiroR$* $| <$* _ATMPF_> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl') 255640266059SGregory Neil Shapirodnl use the generic routine (for now) 255740266059SGregory Neil ShapiroR$* $| <$+> $@ $>"TLS_connection" $&{verify} $| <$2>') 255840266059SGregory Neil Shapiro 255940266059SGregory Neil Shapiro###################################################################### 256040266059SGregory Neil Shapiro### tls_client: is connection with client "good" enough? 256140266059SGregory Neil Shapiro### (done in server) 256240266059SGregory Neil Shapiro### 256340266059SGregory Neil Shapiro### Parameters: 256440266059SGregory Neil Shapiro### ${verify} $| (MAIL|STARTTLS) 256540266059SGregory Neil Shapiro###################################################################### 256606f25ae9SGregory Neil Shapirodnl MAIL: called from check_mail 256706f25ae9SGregory Neil Shapirodnl STARTTLS: called from smtp() after STARTTLS has been accepted 256806f25ae9SGregory Neil ShapiroStls_client 256940266059SGregory Neil Shapiroifdef(`_LOCAL_TLS_CLIENT_', `dnl 257040266059SGregory Neil ShapiroR$* $: $1 $| $>"Local_tls_client" $1 257140266059SGregory Neil ShapiroR$* $| $#$* $#$2 257240266059SGregory Neil ShapiroR$* $| $* $: $1', `dnl') 257306f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 257440266059SGregory Neil Shapirodnl store name of other side 257540266059SGregory Neil ShapiroR$* $: $(macro {TLS_Name} $@ $&{server_name} $) $1 257606f25ae9SGregory Neil Shapirodnl ignore second arg for now 257706f25ae9SGregory Neil Shapirodnl maybe use it to distinguish permanent/temporary error? 257806f25ae9SGregory Neil Shapirodnl if MAIL: permanent (STARTTLS has not been offered) 257906f25ae9SGregory Neil Shapirodnl if STARTTLS: temporary (offered but maybe failed) 258040266059SGregory Neil ShapiroR$* $| $* $: $1 $| $>D <$&{client_name}> <?> <! TLS_CLT_TAG> <> 258140266059SGregory Neil ShapiroR$* $| <?>$* $: $1 $| $>A <$&{client_addr}> <?> <! TLS_CLT_TAG> <> 258206f25ae9SGregory Neil Shapirodnl do a default lookup: just TLS_CLT_TAG 258306f25ae9SGregory Neil ShapiroR$* $| <?>$* $: $1 $| <$(access TLS_CLT_TAG`'_TAG_DELIM_ $: ? $)> 258440266059SGregory Neil Shapiroifdef(`_ATMPF_', `dnl tempfail? 258540266059SGregory Neil ShapiroR$* $| <$* _ATMPF_> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl') 258640266059SGregory Neil ShapiroR$* $@ $>"TLS_connection" $1', `dnl 258740266059SGregory Neil ShapiroR$* $| $* $@ $>"TLS_connection" $1') 258806f25ae9SGregory Neil Shapiro 258940266059SGregory Neil Shapiro###################################################################### 259040266059SGregory Neil Shapiro### tls_server: is connection with server "good" enough? 259140266059SGregory Neil Shapiro### (done in client) 259240266059SGregory Neil Shapiro### 259340266059SGregory Neil Shapiro### Parameter: 259440266059SGregory Neil Shapiro### ${verify} 259540266059SGregory Neil Shapiro###################################################################### 259606f25ae9SGregory Neil Shapirodnl i.e. has the server been authenticated and is encryption active? 259706f25ae9SGregory Neil Shapirodnl called from deliver() after STARTTLS command 259806f25ae9SGregory Neil ShapiroStls_server 259940266059SGregory Neil Shapiroifdef(`_LOCAL_TLS_SERVER_', `dnl 260040266059SGregory Neil ShapiroR$* $: $1 $| $>"Local_tls_server" $1 260140266059SGregory Neil ShapiroR$* $| $#$* $#$2 260240266059SGregory Neil ShapiroR$* $| $* $: $1', `dnl') 260306f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 260440266059SGregory Neil Shapirodnl store name of other side 260540266059SGregory Neil ShapiroR$* $: $(macro {TLS_Name} $@ $&{server_name} $) $1 260640266059SGregory Neil ShapiroR$* $: $1 $| $>D <$&{server_name}> <?> <! TLS_SRV_TAG> <> 260740266059SGregory Neil ShapiroR$* $| <?>$* $: $1 $| $>A <$&{server_addr}> <?> <! TLS_SRV_TAG> <> 260806f25ae9SGregory Neil Shapirodnl do a default lookup: just TLS_SRV_TAG 260906f25ae9SGregory Neil ShapiroR$* $| <?>$* $: $1 $| <$(access TLS_SRV_TAG`'_TAG_DELIM_ $: ? $)> 261040266059SGregory Neil Shapiroifdef(`_ATMPF_', `dnl tempfail? 261140266059SGregory Neil ShapiroR$* $| <$* _ATMPF_> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl') 261240266059SGregory Neil ShapiroR$* $@ $>"TLS_connection" $1', `dnl 261340266059SGregory Neil ShapiroR$* $@ $>"TLS_connection" $1') 261406f25ae9SGregory Neil Shapiro 261540266059SGregory Neil Shapiro###################################################################### 261640266059SGregory Neil Shapiro### TLS_connection: is TLS connection "good" enough? 261740266059SGregory Neil Shapiro### 261840266059SGregory Neil Shapiro### Parameters: 261906f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 262040266059SGregory Neil Shapiro### ${verify} $| <Requirement> [<>]', `dnl 262140266059SGregory Neil Shapiro### ${verify}') 262240266059SGregory Neil Shapiro### Requirement: RHS from access map, may be ? for none. 262340266059SGregory Neil Shapirodnl syntax for Requirement: 262440266059SGregory Neil Shapirodnl [(PERM|TEMP)+] (VERIFY[:bits]|ENCR:bits) [+extensions] 262540266059SGregory Neil Shapirodnl extensions: could be a list of further requirements 262640266059SGregory Neil Shapirodnl for now: CN:string {cn_subject} == string 262740266059SGregory Neil Shapiro###################################################################### 262840266059SGregory Neil ShapiroSTLS_connection 262940266059SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl', `dnl use default error 263040266059SGregory Neil Shapirodnl deal with TLS handshake failures: abort 263140266059SGregory Neil ShapiroRSOFTWARE $#error $@ ifdef(`TLS_PERM_ERR', `5.7.0', `4.7.0') $: "ifdef(`TLS_PERM_ERR', `503', `403') TLS handshake." 263240266059SGregory Neil Shapirodivert(-1)') 263306f25ae9SGregory Neil Shapirodnl common ruleset for tls_{client|server} 263440266059SGregory Neil Shapirodnl input: ${verify} $| <ResultOfLookup> [<>] 263506f25ae9SGregory Neil Shapirodnl remove optional <> 263606f25ae9SGregory Neil ShapiroR$* $| <$*>$* $: $1 $| <$2> 263740266059SGregory Neil Shapirodnl workspace: ${verify} $| <ResultOfLookup> 263840266059SGregory Neil Shapiro# create the appropriate error codes 263906f25ae9SGregory Neil Shapirodnl permanent or temporary error? 264006f25ae9SGregory Neil ShapiroR$* $| <PERM + $={tls} $*> $: $1 $| <503:5.7.0> <$2 $3> 264106f25ae9SGregory Neil ShapiroR$* $| <TEMP + $={tls} $*> $: $1 $| <403:4.7.0> <$2 $3> 264206f25ae9SGregory Neil Shapirodnl default case depends on TLS_PERM_ERR 264306f25ae9SGregory Neil ShapiroR$* $| <$={tls} $*> $: $1 $| <ifdef(`TLS_PERM_ERR', `503:5.7.0', `403:4.7.0')> <$2 $3> 264440266059SGregory Neil Shapirodnl workspace: ${verify} $| [<SMTP:ESC>] <ResultOfLookup> 264540266059SGregory Neil Shapiro# deal with TLS handshake failures: abort 264606f25ae9SGregory Neil ShapiroRSOFTWARE $| <$-:$+> $* $#error $@ $2 $: $1 " TLS handshake failed." 264706f25ae9SGregory Neil Shapirodnl no <reply:dns> i.e. not requirements in the access map 264806f25ae9SGregory Neil Shapirodnl use default error 264906f25ae9SGregory Neil ShapiroRSOFTWARE $| $* $#error $@ ifdef(`TLS_PERM_ERR', `5.7.0', `4.7.0') $: "ifdef(`TLS_PERM_ERR', `503', `403') TLS handshake failed." 265040266059SGregory Neil ShapiroR$* $| <$*> <VERIFY> $: <$2> <VERIFY> <> $1 265140266059SGregory Neil Shapirodnl separate optional requirements 265240266059SGregory Neil ShapiroR$* $| <$*> <VERIFY + $+> $: <$2> <VERIFY> <$3> $1 265340266059SGregory Neil ShapiroR$* $| <$*> <$={tls}:$->$* $: <$2> <$3:$4> <> $1 265440266059SGregory Neil Shapirodnl separate optional requirements 265540266059SGregory Neil ShapiroR$* $| <$*> <$={tls}:$- + $+>$* $: <$2> <$3:$4> <$5> $1 265606f25ae9SGregory Neil Shapirodnl some other value in access map: accept 265706f25ae9SGregory Neil Shapirodnl this also allows to override the default case (if used) 265806f25ae9SGregory Neil ShapiroR$* $| $* $@ OK 265906f25ae9SGregory Neil Shapiro# authentication required: give appropriate error 266006f25ae9SGregory Neil Shapiro# other side did authenticate (via STARTTLS) 266140266059SGregory Neil Shapirodnl workspace: <SMTP:ESC> <{VERIFY,ENCR}[:BITS]> <[extensions]> ${verify} 266206f25ae9SGregory Neil Shapirodnl only verification required and it succeeded 266340266059SGregory Neil ShapiroR<$*><VERIFY> <> OK $@ OK 266440266059SGregory Neil Shapirodnl verification required and it succeeded but extensions are given 266540266059SGregory Neil Shapirodnl change it to <SMTP:ESC> <REQ:0> <extensions> 266640266059SGregory Neil ShapiroR<$*><VERIFY> <$+> OK $: <$1> <REQ:0> <$2> 266706f25ae9SGregory Neil Shapirodnl verification required + some level of encryption 266840266059SGregory Neil ShapiroR<$*><VERIFY:$-> <$*> OK $: <$1> <REQ:$2> <$3> 266906f25ae9SGregory Neil Shapirodnl just some level of encryption required 267040266059SGregory Neil ShapiroR<$*><ENCR:$-> <$*> $* $: <$1> <REQ:$2> <$3> 267140266059SGregory Neil Shapirodnl workspace: 267240266059SGregory Neil Shapirodnl 1. <SMTP:ESC> <VERIFY [:bits]> <[extensions]> {verify} (!= OK) 267340266059SGregory Neil Shapirodnl 2. <SMTP:ESC> <REQ:bits> <[extensions]> 267440266059SGregory Neil Shapirodnl verification required but ${verify} is not set (case 1.) 267540266059SGregory Neil ShapiroR<$-:$+><VERIFY $*> <$*> $#error $@ $2 $: $1 " authentication required" 267640266059SGregory Neil ShapiroR<$-:$+><VERIFY $*> <$*> FAIL $#error $@ $2 $: $1 " authentication failed" 267740266059SGregory Neil ShapiroR<$-:$+><VERIFY $*> <$*> NO $#error $@ $2 $: $1 " not authenticated" 267840266059SGregory Neil ShapiroR<$-:$+><VERIFY $*> <$*> NOT $#error $@ $2 $: $1 " no authentication requested" 267940266059SGregory Neil ShapiroR<$-:$+><VERIFY $*> <$*> NONE $#error $@ $2 $: $1 " other side does not support STARTTLS" 268006f25ae9SGregory Neil Shapirodnl some other value for ${verify} 268140266059SGregory Neil ShapiroR<$-:$+><VERIFY $*> <$*> $+ $#error $@ $2 $: $1 " authentication failure " $4 268240266059SGregory Neil Shapirodnl some level of encryption required: get the maximum level (case 2.) 268340266059SGregory Neil ShapiroR<$*><REQ:$-> <$*> $: <$1> <REQ:$2> <$3> $>max $&{cipher_bits} : $&{auth_ssf} 268406f25ae9SGregory Neil Shapirodnl compare required bits with actual bits 268540266059SGregory Neil ShapiroR<$*><REQ:$-> <$*> $- $: <$1> <$2:$4> <$3> $(arith l $@ $4 $@ $2 $) 268640266059SGregory Neil ShapiroR<$-:$+><$-:$-> <$*> TRUE $#error $@ $2 $: $1 " encryption too weak " $4 " less than " $3 268740266059SGregory Neil Shapirodnl strength requirements fulfilled 268840266059SGregory Neil Shapirodnl TLS Additional Requirements Separator 268940266059SGregory Neil Shapirodnl this should be something which does not appear in the extensions itself 269040266059SGregory Neil Shapirodnl @ could be part of a CN, DN, etc... 269140266059SGregory Neil Shapirodnl use < > ? those are encoded in CN, DN, ... 269240266059SGregory Neil Shapirodefine(`_TLS_ARS_', `++')dnl 269340266059SGregory Neil Shapirodnl workspace: 269440266059SGregory Neil Shapirodnl <SMTP:ESC> <REQ:bits> <extensions> result-of-compare 269540266059SGregory Neil ShapiroR<$-:$+><$-:$-> <$*> $* $: <$1:$2 _TLS_ARS_ $5> 269640266059SGregory Neil Shapirodnl workspace: <SMTP:ESC _TLS_ARS_ extensions> 269740266059SGregory Neil Shapirodnl continue: check extensions 269840266059SGregory Neil ShapiroR<$-:$+ _TLS_ARS_ > $@ OK 269940266059SGregory Neil Shapirodnl split extensions into own list 270040266059SGregory Neil ShapiroR<$-:$+ _TLS_ARS_ $+ > $: <$1:$2> <$3> 270140266059SGregory Neil ShapiroR<$-:$+> < $+ _TLS_ARS_ $+ > <$1:$2> <$3> <$4> 270240266059SGregory Neil ShapiroR<$-:$+> $+ $@ $>"TLS_req" $3 $| <$1:$2> 270306f25ae9SGregory Neil Shapiro 270440266059SGregory Neil Shapiro###################################################################### 270540266059SGregory Neil Shapiro### TLS_req: check additional TLS requirements 270640266059SGregory Neil Shapiro### 270740266059SGregory Neil Shapiro### Parameters: [<list> <of> <req>] $| <$-:$+> 270840266059SGregory Neil Shapiro### $-: SMTP reply code 270940266059SGregory Neil Shapiro### $+: Enhanced Status Code 271040266059SGregory Neil Shapirodnl further requirements for this ruleset: 271140266059SGregory Neil Shapirodnl name of "other side" is stored is {TLS_name} (client/server_name) 271240266059SGregory Neil Shapirodnl 271340266059SGregory Neil Shapirodnl currently only CN[:common_name] is implemented 271440266059SGregory Neil Shapirodnl right now this is only a logical AND 271540266059SGregory Neil Shapirodnl i.e. all requirements must be true 271640266059SGregory Neil Shapirodnl how about an OR? CN must be X or CN must be Y or .. 271740266059SGregory Neil Shapirodnl use a macro to compute this as a trivial sequential 271840266059SGregory Neil Shapirodnl operations (no precedences etc)? 271940266059SGregory Neil Shapiro###################################################################### 272040266059SGregory Neil ShapiroSTLS_req 272140266059SGregory Neil Shapirodnl no additional requirements: ok 272240266059SGregory Neil ShapiroR $| $+ $@ OK 272340266059SGregory Neil Shapirodnl require CN: but no CN specified: use name of other side 272440266059SGregory Neil ShapiroR<CN> $* $| <$+> $: <CN:$&{TLS_Name}> $1 $| <$2> 272540266059SGregory Neil Shapirodnl match, check rest 272640266059SGregory Neil ShapiroR<CN:$&{cn_subject}> $* $| <$+> $@ $>"TLS_req" $1 $| <$2> 272740266059SGregory Neil Shapirodnl CN does not match 272840266059SGregory Neil Shapirodnl 1 2 3 4 272940266059SGregory Neil ShapiroR<CN:$+> $* $| <$-:$+> $#error $@ $4 $: $3 " CN " $&{cn_subject} " does not match " $1 273040266059SGregory Neil Shapirodnl cert subject 273140266059SGregory Neil ShapiroR<CS:$&{cert_subject}> $* $| <$+> $@ $>"TLS_req" $1 $| <$2> 273240266059SGregory Neil Shapirodnl CS does not match 273340266059SGregory Neil Shapirodnl 1 2 3 4 273413bd1963SGregory Neil ShapiroR<CS:$+> $* $| <$-:$+> $#error $@ $4 $: $3 " Cert Subject " $&{cert_subject} " does not match " $1 273540266059SGregory Neil Shapirodnl match, check rest 273640266059SGregory Neil ShapiroR<CI:$&{cert_issuer}> $* $| <$+> $@ $>"TLS_req" $1 $| <$2> 273740266059SGregory Neil Shapirodnl CI does not match 273840266059SGregory Neil Shapirodnl 1 2 3 4 273913bd1963SGregory Neil ShapiroR<CI:$+> $* $| <$-:$+> $#error $@ $4 $: $3 " Cert Issuer " $&{cert_issuer} " does not match " $1 274040266059SGregory Neil Shapirodnl return from recursive call 274140266059SGregory Neil ShapiroROK $@ OK 274240266059SGregory Neil Shapiro 274340266059SGregory Neil Shapiro###################################################################### 274440266059SGregory Neil Shapiro### max: return the maximum of two values separated by : 274540266059SGregory Neil Shapiro### 274640266059SGregory Neil Shapiro### Parameters: [$-]:[$-] 274740266059SGregory Neil Shapiro###################################################################### 274806f25ae9SGregory Neil ShapiroSmax 274906f25ae9SGregory Neil ShapiroR: $: 0 275006f25ae9SGregory Neil ShapiroR:$- $: $1 275106f25ae9SGregory Neil ShapiroR$-: $: $1 275206f25ae9SGregory Neil ShapiroR$-:$- $: $(arith l $@ $1 $@ $2 $) : $1 : $2 275306f25ae9SGregory Neil ShapiroRTRUE:$-:$- $: $2 275440266059SGregory Neil ShapiroR$-:$-:$- $: $2 275540266059SGregory Neil Shapirodnl endif _ACCESS_TABLE_ 275640266059SGregory Neil Shapirodivert(0) 275706f25ae9SGregory Neil Shapiro 275840266059SGregory Neil Shapiro###################################################################### 275940266059SGregory Neil Shapiro### RelayTLS: allow relaying based on TLS authentication 276040266059SGregory Neil Shapiro### 276140266059SGregory Neil Shapiro### Parameters: 276240266059SGregory Neil Shapiro### none 276340266059SGregory Neil Shapiro###################################################################### 276440266059SGregory Neil ShapiroSRelayTLS 276506f25ae9SGregory Neil Shapiro# authenticated? 276606f25ae9SGregory Neil Shapirodnl we do not allow relaying for anyone who can present a cert 276706f25ae9SGregory Neil Shapirodnl signed by a "trusted" CA. For example, even if we put verisigns 276813bd1963SGregory Neil Shapirodnl CA in CertPath so we can authenticate users, we do not allow 276906f25ae9SGregory Neil Shapirodnl them to abuse our server (they might be easier to get hold of, 277006f25ae9SGregory Neil Shapirodnl but anyway). 277106f25ae9SGregory Neil Shapirodnl so here is the trick: if the verification succeeded 277206f25ae9SGregory Neil Shapirodnl we look up the cert issuer in the access map 277306f25ae9SGregory Neil Shapirodnl (maybe after extracting a part with a regular expression) 277406f25ae9SGregory Neil Shapirodnl if this returns RELAY we relay without further questions 277506f25ae9SGregory Neil Shapirodnl if it returns SUBJECT we perform a similar check on the 277606f25ae9SGregory Neil Shapirodnl cert subject. 277706f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 277840266059SGregory Neil ShapiroR$* $: <?> $&{verify} 277940266059SGregory Neil ShapiroR<?> OK $: OK authenticated: continue 278040266059SGregory Neil ShapiroR<?> $* $@ NO not authenticated 278106f25ae9SGregory Neil Shapiroifdef(`_CERT_REGEX_ISSUER_', `dnl 278240266059SGregory Neil ShapiroR$* $: $(CERTIssuer $&{cert_issuer} $)', 278340266059SGregory Neil Shapiro`R$* $: $&{cert_issuer}') 278440266059SGregory Neil ShapiroR$+ $: $(access CERTISSUER`'_TAG_DELIM_`'$1 $) 278506f25ae9SGregory Neil Shapirodnl use $# to stop further checks (delay_check) 278640266059SGregory Neil ShapiroRRELAY $# RELAY 278706f25ae9SGregory Neil Shapiroifdef(`_CERT_REGEX_SUBJECT_', `dnl 278840266059SGregory Neil ShapiroRSUBJECT $: <@> $(CERTSubject $&{cert_subject} $)', 278940266059SGregory Neil Shapiro`RSUBJECT $: <@> $&{cert_subject}') 279040266059SGregory Neil ShapiroR<@> $+ $: <@> $(access CERTSUBJECT`'_TAG_DELIM_`'$1 $) 279140266059SGregory Neil ShapiroR<@> RELAY $# RELAY 279240266059SGregory Neil ShapiroR$* $: NO', `dnl') 279340266059SGregory Neil Shapiro 279440266059SGregory Neil Shapiro###################################################################### 279540266059SGregory Neil Shapiro### authinfo: lookup authinfo in the access map 279640266059SGregory Neil Shapiro### 279740266059SGregory Neil Shapiro### Parameters: 279840266059SGregory Neil Shapiro### $1: {server_name} 279940266059SGregory Neil Shapiro### $2: {server_addr} 280040266059SGregory Neil Shapirodnl both are currently ignored 280140266059SGregory Neil Shapirodnl if it should be done via another map, we either need to restrict 280240266059SGregory Neil Shapirodnl functionality (it calls D and A) or copy those rulesets (or add another 280340266059SGregory Neil Shapirodnl parameter which I want to avoid, it's quite complex already) 280440266059SGregory Neil Shapiro###################################################################### 280540266059SGregory Neil Shapirodnl omit this ruleset if neither is defined? 280640266059SGregory Neil Shapirodnl it causes DefaultAuthInfo to be ignored 280740266059SGregory Neil Shapirodnl (which may be considered a good thing). 280840266059SGregory Neil ShapiroSauthinfo 280940266059SGregory Neil Shapiroifdef(`_AUTHINFO_TABLE_', `dnl 281040266059SGregory Neil ShapiroR$* $: <$(authinfo AuthInfo:$&{server_name} $: ? $)> 281140266059SGregory Neil ShapiroR<?> $: <$(authinfo AuthInfo:$&{server_addr} $: ? $)> 281240266059SGregory Neil ShapiroR<?> $: <$(authinfo AuthInfo: $: ? $)> 281340266059SGregory Neil ShapiroR<?> $@ no no authinfo available 281440266059SGregory Neil ShapiroR<$*> $# $1 281540266059SGregory Neil Shapirodnl', `dnl 281640266059SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 281740266059SGregory Neil ShapiroR$* $: $1 $| $>D <$&{server_name}> <?> <! AuthInfo> <> 281840266059SGregory Neil ShapiroR$* $| <?>$* $: $1 $| $>A <$&{server_addr}> <?> <! AuthInfo> <> 281940266059SGregory Neil ShapiroR$* $| <?>$* $: $1 $| <$(access AuthInfo`'_TAG_DELIM_ $: ? $)> <> 282040266059SGregory Neil ShapiroR$* $| <?>$* $@ no no authinfo available 282140266059SGregory Neil ShapiroR$* $| <$*> <> $# $2 282240266059SGregory Neil Shapirodnl', `dnl')') 282306f25ae9SGregory Neil Shapiro 282406f25ae9SGregory Neil Shapiroundivert(9)dnl LOCAL_RULESETS 282506f25ae9SGregory Neil Shapiro# 282606f25ae9SGregory Neil Shapiro###################################################################### 282706f25ae9SGregory Neil Shapiro###################################################################### 282806f25ae9SGregory Neil Shapiro##### 282906f25ae9SGregory Neil Shapiro`##### MAIL FILTER DEFINITIONS' 283006f25ae9SGregory Neil Shapiro##### 283106f25ae9SGregory Neil Shapiro###################################################################### 283206f25ae9SGregory Neil Shapiro###################################################################### 283340266059SGregory Neil Shapiro_MAIL_FILTERS_ 2834c2aa98e2SPeter Wemm# 2835c2aa98e2SPeter Wemm###################################################################### 2836c2aa98e2SPeter Wemm###################################################################### 2837c2aa98e2SPeter Wemm##### 2838c2aa98e2SPeter Wemm`##### MAILER DEFINITIONS' 2839c2aa98e2SPeter Wemm##### 2840c2aa98e2SPeter Wemm###################################################################### 2841c2aa98e2SPeter Wemm###################################################################### 284206f25ae9SGregory Neil Shapiroundivert(7)dnl MAILER_DEFINITIONS 284342e5d165SGregory Neil Shapiro 2844