1c2aa98e2SPeter Wemmdivert(-1) 2c2aa98e2SPeter Wemm# 340266059SGregory Neil Shapiro# Copyright (c) 1998-2001 Sendmail, Inc. and its suppliers. 406f25ae9SGregory Neil Shapiro# All rights reserved. 5c2aa98e2SPeter Wemm# Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved. 6c2aa98e2SPeter Wemm# Copyright (c) 1988, 1993 7c2aa98e2SPeter Wemm# The Regents of the University of California. All rights reserved. 8c2aa98e2SPeter Wemm# 9c2aa98e2SPeter Wemm# By using this file, you agree to the terms and conditions set 10c2aa98e2SPeter Wemm# forth in the LICENSE file which can be found at the top level of 11c2aa98e2SPeter Wemm# the sendmail distribution. 12c2aa98e2SPeter Wemm# 13c2aa98e2SPeter Wemm# 14c2aa98e2SPeter Wemmdivert(0) 15c2aa98e2SPeter Wemm 1640266059SGregory Neil ShapiroVERSIONID(`$Id: proto.m4,v 8.628 2001/12/28 19:02:40 ca Exp $') 17c2aa98e2SPeter Wemm 1806f25ae9SGregory Neil Shapiro# level CF_LEVEL config file format 1906f25ae9SGregory Neil ShapiroV`'CF_LEVEL/ifdef(`VENDOR_NAME', `VENDOR_NAME', `Berkeley') 20c2aa98e2SPeter Wemmdivert(-1) 21c2aa98e2SPeter Wemm 2240266059SGregory Neil Shapirodnl if MAILER(`local') not defined: do it ourself; be nice 2340266059SGregory Neil Shapirodnl maybe we should issue a warning? 2440266059SGregory Neil Shapiroifdef(`_MAILER_local_',`', `MAILER(local)') 2540266059SGregory Neil Shapiro 26c2aa98e2SPeter Wemm# do some sanity checking 27c2aa98e2SPeter Wemmifdef(`__OSTYPE__',, 2806f25ae9SGregory Neil Shapiro `errprint(`*** ERROR: No system type defined (use OSTYPE macro) 2906f25ae9SGregory Neil Shapiro')') 30c2aa98e2SPeter Wemm 31c2aa98e2SPeter Wemm# pick our default mailers 32c2aa98e2SPeter Wemmifdef(`confSMTP_MAILER',, `define(`confSMTP_MAILER', `esmtp')') 33c2aa98e2SPeter Wemmifdef(`confLOCAL_MAILER',, `define(`confLOCAL_MAILER', `local')') 34c2aa98e2SPeter Wemmifdef(`confRELAY_MAILER',, 35c2aa98e2SPeter Wemm `define(`confRELAY_MAILER', 36c2aa98e2SPeter Wemm `ifdef(`_MAILER_smtp_', `relay', 37c2aa98e2SPeter Wemm `ifdef(`_MAILER_uucp', `uucp-new', `unknown')')')') 38c2aa98e2SPeter Wemmifdef(`confUUCP_MAILER',, `define(`confUUCP_MAILER', `uucp-old')') 39c2aa98e2SPeter Wemmdefine(`_SMTP_', `confSMTP_MAILER')dnl for readability only 40c2aa98e2SPeter Wemmdefine(`_LOCAL_', `confLOCAL_MAILER')dnl for readability only 41c2aa98e2SPeter Wemmdefine(`_RELAY_', `confRELAY_MAILER')dnl for readability only 42c2aa98e2SPeter Wemmdefine(`_UUCP_', `confUUCP_MAILER')dnl for readability only 43c2aa98e2SPeter Wemm 44c2aa98e2SPeter Wemm# back compatibility with old config files 45c2aa98e2SPeter Wemmifdef(`confDEF_GROUP_ID', 4606f25ae9SGregory Neil Shapiro`errprint(`*** confDEF_GROUP_ID is obsolete. 4706f25ae9SGregory Neil Shapiro Use confDEF_USER_ID with a colon in the value instead. 4806f25ae9SGregory Neil Shapiro')') 49c2aa98e2SPeter Wemmifdef(`confREAD_TIMEOUT', 5006f25ae9SGregory Neil Shapiro`errprint(`*** confREAD_TIMEOUT is obsolete. 5106f25ae9SGregory Neil Shapiro Use individual confTO_<timeout> parameters instead. 5206f25ae9SGregory Neil Shapiro')') 53c2aa98e2SPeter Wemmifdef(`confMESSAGE_TIMEOUT', 54c2aa98e2SPeter Wemm `define(`_ARG_', index(confMESSAGE_TIMEOUT, /)) 55c2aa98e2SPeter Wemm ifelse(_ARG_, -1, 56c2aa98e2SPeter Wemm `define(`confTO_QUEUERETURN', confMESSAGE_TIMEOUT)', 57c2aa98e2SPeter Wemm `define(`confTO_QUEUERETURN', 58c2aa98e2SPeter Wemm substr(confMESSAGE_TIMEOUT, 0, _ARG_)) 59c2aa98e2SPeter Wemm define(`confTO_QUEUEWARN', 60c2aa98e2SPeter Wemm substr(confMESSAGE_TIMEOUT, eval(_ARG_+1)))')') 61c2aa98e2SPeter Wemmifdef(`confMIN_FREE_BLOCKS', `ifelse(index(confMIN_FREE_BLOCKS, /), -1,, 6206f25ae9SGregory Neil Shapiro`errprint(`*** compound confMIN_FREE_BLOCKS is obsolete. 6306f25ae9SGregory Neil Shapiro Use confMAX_MESSAGE_SIZE for the second part of the value. 6406f25ae9SGregory Neil Shapiro')')') 6506f25ae9SGregory Neil Shapiro 6606f25ae9SGregory Neil Shapiro 6706f25ae9SGregory Neil Shapiro# Sanity check on ldap_routing feature 6806f25ae9SGregory Neil Shapiro# If the user doesn't specify a new map, they better have given as a 6906f25ae9SGregory Neil Shapiro# default LDAP specification which has the LDAP base (and most likely the host) 7006f25ae9SGregory Neil Shapiroifdef(`confLDAP_DEFAULT_SPEC',, `ifdef(`_LDAP_ROUTING_WARN_', `errprint(` 7106f25ae9SGregory Neil ShapiroWARNING: Using default FEATURE(ldap_routing) map definition(s) 7206f25ae9SGregory Neil Shapirowithout setting confLDAP_DEFAULT_SPEC option. 7306f25ae9SGregory Neil Shapiro')')')dnl 74c2aa98e2SPeter Wemm 75c2aa98e2SPeter Wemm# clean option definitions below.... 7606f25ae9SGregory Neil Shapirodefine(`_OPTION', `ifdef(`$2', `O $1`'ifelse(defn(`$2'), `',, `=$2')', `#O $1`'ifelse(`$3', `',,`=$3')')')dnl 77c2aa98e2SPeter Wemm 7806f25ae9SGregory Neil Shapirodnl required to "rename" the check_* rulesets... 7906f25ae9SGregory Neil Shapirodefine(`_U_',ifdef(`_DELAY_CHECKS_',`',`_')) 8006f25ae9SGregory Neil Shapirodnl default relaying denied message 8140266059SGregory Neil Shapiroifdef(`confRELAY_MSG', `', `define(`confRELAY_MSG', 8240266059SGregory Neil Shapiroifdef(`_USE_AUTH_', `"550 Relaying denied. Proper authentication required."', `"550 Relaying denied"'))') 8340266059SGregory Neil Shapiroifdef(`confRCPTREJ_MSG', `', `define(`confRCPTREJ_MSG', `"550 Mailbox disabled for this recipient"')') 8440266059SGregory Neil Shapirodefine(`_CODE553', `553') 85c2aa98e2SPeter Wemmdivert(0)dnl 86c2aa98e2SPeter Wemm 8706f25ae9SGregory Neil Shapiro# override file safeties - setting this option compromises system security, 8806f25ae9SGregory Neil Shapiro# addressing the actual file configuration problem is preferred 8906f25ae9SGregory Neil Shapiro# need to set this before any file actions are encountered in the cf file 9006f25ae9SGregory Neil Shapiro_OPTION(DontBlameSendmail, `confDONT_BLAME_SENDMAIL', `safe') 9106f25ae9SGregory Neil Shapiro 9206f25ae9SGregory Neil Shapiro# default LDAP map specification 9306f25ae9SGregory Neil Shapiro# need to set this now before any LDAP maps are defined 9406f25ae9SGregory Neil Shapiro_OPTION(LDAPDefaultSpec, `confLDAP_DEFAULT_SPEC', `-h localhost') 95c2aa98e2SPeter Wemm 96c2aa98e2SPeter Wemm################## 97c2aa98e2SPeter Wemm# local info # 98c2aa98e2SPeter Wemm################## 99c2aa98e2SPeter Wemm 10040266059SGregory Neil Shapiro# my LDAP cluster 10140266059SGregory Neil Shapiro# need to set this before any LDAP lookups are done (including classes) 10240266059SGregory Neil Shapiroifdef(`confLDAP_CLUSTER', `D{sendmailMTACluster}`'confLDAP_CLUSTER', `#D{sendmailMTACluster}$m') 10340266059SGregory Neil Shapiro 104c2aa98e2SPeter WemmCwlocalhost 105c2aa98e2SPeter Wemmifdef(`USE_CW_FILE', 106c2aa98e2SPeter Wemm`# file containing names of hosts for which we receive email 107c2aa98e2SPeter WemmFw`'confCW_FILE', 108c2aa98e2SPeter Wemm `dnl') 109c2aa98e2SPeter Wemm 110c2aa98e2SPeter Wemm# my official domain name 111c2aa98e2SPeter Wemm# ... `define' this only if sendmail cannot automatically determine your domain 112c2aa98e2SPeter Wemmifdef(`confDOMAIN_NAME', `Dj`'confDOMAIN_NAME', `#Dj$w.Foo.COM') 113c2aa98e2SPeter Wemm 114c2aa98e2SPeter WemmCP. 115c2aa98e2SPeter Wemm 116c2aa98e2SPeter Wemmifdef(`UUCP_RELAY', 117c2aa98e2SPeter Wemm`# UUCP relay host 118c2aa98e2SPeter WemmDY`'UUCP_RELAY 119c2aa98e2SPeter WemmCPUUCP 120c2aa98e2SPeter Wemm 121c2aa98e2SPeter Wemm')dnl 122c2aa98e2SPeter Wemmifdef(`BITNET_RELAY', 123c2aa98e2SPeter Wemm`# BITNET relay host 124c2aa98e2SPeter WemmDB`'BITNET_RELAY 125c2aa98e2SPeter WemmCPBITNET 126c2aa98e2SPeter Wemm 127c2aa98e2SPeter Wemm')dnl 128c2aa98e2SPeter Wemmifdef(`DECNET_RELAY', 129c2aa98e2SPeter Wemm`define(`_USE_DECNET_SYNTAX_', 1)dnl 130c2aa98e2SPeter Wemm# DECnet relay host 131c2aa98e2SPeter WemmDC`'DECNET_RELAY 132c2aa98e2SPeter WemmCPDECNET 133c2aa98e2SPeter Wemm 134c2aa98e2SPeter Wemm')dnl 135c2aa98e2SPeter Wemmifdef(`FAX_RELAY', 136c2aa98e2SPeter Wemm`# FAX relay host 137c2aa98e2SPeter WemmDF`'FAX_RELAY 138c2aa98e2SPeter WemmCPFAX 139c2aa98e2SPeter Wemm 140c2aa98e2SPeter Wemm')dnl 141c2aa98e2SPeter Wemm# "Smart" relay host (may be null) 14240266059SGregory Neil ShapiroDS`'ifdef(`SMART_HOST', `SMART_HOST') 143c2aa98e2SPeter Wemm 144c2aa98e2SPeter Wemmifdef(`LUSER_RELAY', `dnl 145c2aa98e2SPeter Wemm# place to which unknown users should be forwarded 146c2aa98e2SPeter WemmKuser user -m -a<> 147c2aa98e2SPeter WemmDL`'LUSER_RELAY', 148c2aa98e2SPeter Wemm`dnl') 149c2aa98e2SPeter Wemm 150c2aa98e2SPeter Wemm# operators that cannot be in local usernames (i.e., network indicators) 151c2aa98e2SPeter WemmCO @ % ifdef(`_NO_UUCP_', `', `!') 152c2aa98e2SPeter Wemm 153c2aa98e2SPeter Wemm# a class with just dot (for identifying canonical names) 154c2aa98e2SPeter WemmC.. 155c2aa98e2SPeter Wemm 156c2aa98e2SPeter Wemm# a class with just a left bracket (for identifying domain literals) 157c2aa98e2SPeter WemmC[[ 158c2aa98e2SPeter Wemm 15906f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 16006f25ae9SGregory Neil Shapiro# access_db acceptance class 16106f25ae9SGregory Neil ShapiroC{Accept}OK RELAY 16240266059SGregory Neil Shapiroifdef(`_DELAY_COMPAT_8_10_',`dnl 16306f25ae9SGregory Neil Shapiroifdef(`_BLACKLIST_RCPT_',`dnl 16406f25ae9SGregory Neil Shapiro# possible access_db RHS for spam friends/haters 16506f25ae9SGregory Neil ShapiroC{SpamTag}SPAMFRIEND SPAMHATER')')', 166c2aa98e2SPeter Wemm`dnl') 167c2aa98e2SPeter Wemm 16840266059SGregory Neil Shapirodnl mark for "domain is ok" (resolved or accepted anyway) 16940266059SGregory Neil Shapirodefine(`_RES_OK_', `OKR')dnl 170c2aa98e2SPeter Wemmifdef(`_ACCEPT_UNRESOLVABLE_DOMAINS_',`dnl',`dnl 171c2aa98e2SPeter Wemm# Resolve map (to check if a host exists in check_mail) 17240266059SGregory Neil ShapiroKresolve host -a<_RES_OK_> -T<TEMP>') 17340266059SGregory Neil ShapiroC{ResOk}_RES_OK_ 174c2aa98e2SPeter Wemm 17513058a91SGregory Neil Shapiroifdef(`_NEED_MACRO_MAP_', `dnl 17613058a91SGregory Neil Shapiroifdef(`_MACRO_MAP_', `', `# macro storage map 17713058a91SGregory Neil Shapirodefine(`_MACRO_MAP_', `1')dnl 17813058a91SGregory Neil ShapiroKmacro macro')', `dnl') 17942e5d165SGregory Neil Shapiro 180c2aa98e2SPeter Wemmifdef(`confCR_FILE', `dnl 18142e5d165SGregory Neil Shapiro# Hosts for which relaying is permitted ($=R) 182c2aa98e2SPeter WemmFR`'confCR_FILE', 183c2aa98e2SPeter Wemm`dnl') 184c2aa98e2SPeter Wemm 18540266059SGregory Neil Shapirodefine(`TLS_SRV_TAG', `"TLS_Srv"')dnl 18640266059SGregory Neil Shapirodefine(`TLS_CLT_TAG', `"TLS_Clt"')dnl 18740266059SGregory Neil Shapirodefine(`TLS_RCPT_TAG', `"TLS_Rcpt"')dnl 18840266059SGregory Neil Shapirodefine(`TLS_TRY_TAG', `"Try_TLS"')dnl 18940266059SGregory Neil Shapirodefine(`SRV_FEAT_TAG', `"Srv_Features"')dnl 19006f25ae9SGregory Neil Shapirodnl this may be useful in other contexts too 19106f25ae9SGregory Neil Shapiroifdef(`_ARITH_MAP_', `', `# arithmetic map 19206f25ae9SGregory Neil Shapirodefine(`_ARITH_MAP_', `1')dnl 19306f25ae9SGregory Neil ShapiroKarith arith') 19406f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 19540266059SGregory Neil Shapiroifdef(`_MACRO_MAP_', `', `# macro storage map 19640266059SGregory Neil Shapirodefine(`_MACRO_MAP_', `1')dnl 19740266059SGregory Neil ShapiroKmacro macro') 19840266059SGregory Neil Shapiro# possible values for TLS_connection in access map 19906f25ae9SGregory Neil ShapiroC{tls}VERIFY ENCR', `dnl') 20006f25ae9SGregory Neil Shapiroifdef(`_CERT_REGEX_ISSUER_', `dnl 20106f25ae9SGregory Neil Shapiro# extract relevant part from cert issuer 20206f25ae9SGregory Neil ShapiroKCERTIssuer regex _CERT_REGEX_ISSUER_', `dnl') 20306f25ae9SGregory Neil Shapiroifdef(`_CERT_REGEX_SUBJECT_', `dnl 20406f25ae9SGregory Neil Shapiro# extract relevant part from cert subject 20506f25ae9SGregory Neil ShapiroKCERTSubject regex _CERT_REGEX_SUBJECT_', `dnl') 20606f25ae9SGregory Neil Shapiro 20740266059SGregory Neil Shapiroifdef(`LOCAL_RELAY', `dnl 208c2aa98e2SPeter Wemm# who I send unqualified names to (null means deliver locally) 20940266059SGregory Neil ShapiroDR`'LOCAL_RELAY') 210c2aa98e2SPeter Wemm 21140266059SGregory Neil Shapiroifdef(`MAIL_HUB', `dnl 212c2aa98e2SPeter Wemm# who gets all local email traffic ($R has precedence for unqualified names) 21340266059SGregory Neil ShapiroDH`'MAIL_HUB') 214c2aa98e2SPeter Wemm 215c2aa98e2SPeter Wemm# dequoting map 21640266059SGregory Neil ShapiroKdequote dequote`'ifdef(`confDEQUOTE_OPTS', ` confDEQUOTE_OPTS', `') 217c2aa98e2SPeter Wemm 218c2aa98e2SPeter Wemmdivert(0)dnl # end of nullclient diversion 219c2aa98e2SPeter Wemm# class E: names that should be exposed as from this host, even if we masquerade 22006f25ae9SGregory Neil Shapiro# class L: names that should be delivered locally, even if we have a relay 221c2aa98e2SPeter Wemm# class M: domains that should be converted to $M 22206f25ae9SGregory Neil Shapiro# class N: domains that should not be converted to $M 223c2aa98e2SPeter Wemm#CL root 224c2aa98e2SPeter Wemmundivert(5)dnl 22506f25ae9SGregory Neil Shapiroifdef(`_VIRTHOSTS_', `CR$={VirtHost}', `dnl') 226c2aa98e2SPeter Wemm 22740266059SGregory Neil Shapiroifdef(`MASQUERADE_NAME', `dnl 228c2aa98e2SPeter Wemm# who I masquerade as (null for no masquerading) (see also $=M) 22940266059SGregory Neil ShapiroDM`'MASQUERADE_NAME') 230c2aa98e2SPeter Wemm 231c2aa98e2SPeter Wemm# my name for error messages 232c2aa98e2SPeter Wemmifdef(`confMAILER_NAME', `Dn`'confMAILER_NAME', `#DnMAILER-DAEMON') 233c2aa98e2SPeter Wemm 23406f25ae9SGregory Neil Shapiroundivert(6)dnl LOCAL_CONFIG 235c2aa98e2SPeter Wemminclude(_CF_DIR_`m4/version.m4') 236c2aa98e2SPeter Wemm 237c2aa98e2SPeter Wemm############### 238c2aa98e2SPeter Wemm# Options # 239c2aa98e2SPeter Wemm############### 24040266059SGregory Neil Shapiroifdef(`confAUTO_REBUILD', 24140266059SGregory Neil Shapiro`errprint(WARNING: `confAUTO_REBUILD' is no longer valid. 24240266059SGregory Neil Shapiro There was a potential for a denial of service attack if this is set. 24340266059SGregory Neil Shapiro)')dnl 244c2aa98e2SPeter Wemm 245c2aa98e2SPeter Wemm# strip message body to 7 bits on input? 24606f25ae9SGregory Neil Shapiro_OPTION(SevenBitInput, `confSEVEN_BIT_INPUT', `False') 247c2aa98e2SPeter Wemm 248c2aa98e2SPeter Wemm# 8-bit data handling 2498774250cSGregory Neil Shapiro_OPTION(EightBitMode, `confEIGHT_BIT_HANDLING', `pass8') 250c2aa98e2SPeter Wemm 251c2aa98e2SPeter Wemm# wait for alias file rebuild (default units: minutes) 25206f25ae9SGregory Neil Shapiro_OPTION(AliasWait, `confALIAS_WAIT', `5m') 253c2aa98e2SPeter Wemm 254c2aa98e2SPeter Wemm# location of alias file 25506f25ae9SGregory Neil Shapiro_OPTION(AliasFile, `ALIAS_FILE', `MAIL_SETTINGS_DIR`'aliases') 25606f25ae9SGregory Neil Shapiro 257c2aa98e2SPeter Wemm# minimum number of free blocks on filesystem 25806f25ae9SGregory Neil Shapiro_OPTION(MinFreeBlocks, `confMIN_FREE_BLOCKS', `100') 259c2aa98e2SPeter Wemm 260c2aa98e2SPeter Wemm# maximum message size 26106f25ae9SGregory Neil Shapiro_OPTION(MaxMessageSize, `confMAX_MESSAGE_SIZE', `1000000') 262c2aa98e2SPeter Wemm 263c2aa98e2SPeter Wemm# substitution for space (blank) characters 26406f25ae9SGregory Neil Shapiro_OPTION(BlankSub, `confBLANK_SUB', `_') 265c2aa98e2SPeter Wemm 266c2aa98e2SPeter Wemm# avoid connecting to "expensive" mailers on initial submission? 26706f25ae9SGregory Neil Shapiro_OPTION(HoldExpensive, `confCON_EXPENSIVE', `False') 268c2aa98e2SPeter Wemm 269c2aa98e2SPeter Wemm# checkpoint queue runs after every N successful deliveries 27006f25ae9SGregory Neil Shapiro_OPTION(CheckpointInterval, `confCHECKPOINT_INTERVAL', `10') 271c2aa98e2SPeter Wemm 272c2aa98e2SPeter Wemm# default delivery mode 27306f25ae9SGregory Neil Shapiro_OPTION(DeliveryMode, `confDELIVERY_MODE', `background') 274c2aa98e2SPeter Wemm 275c2aa98e2SPeter Wemm# error message header/file 27606f25ae9SGregory Neil Shapiro_OPTION(ErrorHeader, `confERROR_MESSAGE', `MAIL_SETTINGS_DIR`'error-header') 277c2aa98e2SPeter Wemm 278c2aa98e2SPeter Wemm# error mode 27906f25ae9SGregory Neil Shapiro_OPTION(ErrorMode, `confERROR_MODE', `print') 280c2aa98e2SPeter Wemm 281c2aa98e2SPeter Wemm# save Unix-style "From_" lines at top of header? 28206f25ae9SGregory Neil Shapiro_OPTION(SaveFromLine, `confSAVE_FROM_LINES', `False') 283c2aa98e2SPeter Wemm 28440266059SGregory Neil Shapiro# queue file mode (qf files) 28540266059SGregory Neil Shapiro_OPTION(QueueFileMode, `confQUEUE_FILE_MODE', `0600') 28640266059SGregory Neil Shapiro 287c2aa98e2SPeter Wemm# temporary file mode 28806f25ae9SGregory Neil Shapiro_OPTION(TempFileMode, `confTEMP_FILE_MODE', `0600') 289c2aa98e2SPeter Wemm 290c2aa98e2SPeter Wemm# match recipients against GECOS field? 29106f25ae9SGregory Neil Shapiro_OPTION(MatchGECOS, `confMATCH_GECOS', `False') 292c2aa98e2SPeter Wemm 293c2aa98e2SPeter Wemm# maximum hop count 29440266059SGregory Neil Shapiro_OPTION(MaxHopCount, `confMAX_HOP', `25') 295c2aa98e2SPeter Wemm 296c2aa98e2SPeter Wemm# location of help file 29706f25ae9SGregory Neil ShapiroO HelpFile=ifdef(`HELP_FILE', HELP_FILE, `MAIL_SETTINGS_DIR`'helpfile') 298c2aa98e2SPeter Wemm 299c2aa98e2SPeter Wemm# ignore dots as terminators in incoming messages? 30006f25ae9SGregory Neil Shapiro_OPTION(IgnoreDots, `confIGNORE_DOTS', `False') 301c2aa98e2SPeter Wemm 302c2aa98e2SPeter Wemm# name resolver options 30306f25ae9SGregory Neil Shapiro_OPTION(ResolverOptions, `confBIND_OPTS', `+AAONLY') 304c2aa98e2SPeter Wemm 305c2aa98e2SPeter Wemm# deliver MIME-encapsulated error messages? 30606f25ae9SGregory Neil Shapiro_OPTION(SendMimeErrors, `confMIME_FORMAT_ERRORS', `True') 307c2aa98e2SPeter Wemm 308c2aa98e2SPeter Wemm# Forward file search path 30906f25ae9SGregory Neil Shapiro_OPTION(ForwardPath, `confFORWARD_PATH', `/var/forward/$u:$z/.forward.$w:$z/.forward') 310c2aa98e2SPeter Wemm 311c2aa98e2SPeter Wemm# open connection cache size 31206f25ae9SGregory Neil Shapiro_OPTION(ConnectionCacheSize, `confMCI_CACHE_SIZE', `2') 313c2aa98e2SPeter Wemm 314c2aa98e2SPeter Wemm# open connection cache timeout 31506f25ae9SGregory Neil Shapiro_OPTION(ConnectionCacheTimeout, `confMCI_CACHE_TIMEOUT', `5m') 316c2aa98e2SPeter Wemm 317c2aa98e2SPeter Wemm# persistent host status directory 31806f25ae9SGregory Neil Shapiro_OPTION(HostStatusDirectory, `confHOST_STATUS_DIRECTORY', `.hoststat') 319c2aa98e2SPeter Wemm 320c2aa98e2SPeter Wemm# single thread deliveries (requires HostStatusDirectory)? 32106f25ae9SGregory Neil Shapiro_OPTION(SingleThreadDelivery, `confSINGLE_THREAD_DELIVERY', `False') 322c2aa98e2SPeter Wemm 323c2aa98e2SPeter Wemm# use Errors-To: header? 32406f25ae9SGregory Neil Shapiro_OPTION(UseErrorsTo, `confUSE_ERRORS_TO', `False') 325c2aa98e2SPeter Wemm 326c2aa98e2SPeter Wemm# log level 32706f25ae9SGregory Neil Shapiro_OPTION(LogLevel, `confLOG_LEVEL', `10') 328c2aa98e2SPeter Wemm 329c2aa98e2SPeter Wemm# send to me too, even in an alias expansion? 33006f25ae9SGregory Neil Shapiro_OPTION(MeToo, `confME_TOO', `True') 331c2aa98e2SPeter Wemm 332c2aa98e2SPeter Wemm# verify RHS in newaliases? 33306f25ae9SGregory Neil Shapiro_OPTION(CheckAliases, `confCHECK_ALIASES', `False') 334c2aa98e2SPeter Wemm 335c2aa98e2SPeter Wemm# default messages to old style headers if no special punctuation? 33606f25ae9SGregory Neil Shapiro_OPTION(OldStyleHeaders, `confOLD_STYLE_HEADERS', `False') 337c2aa98e2SPeter Wemm 338c2aa98e2SPeter Wemm# SMTP daemon options 33906f25ae9SGregory Neil Shapiroifelse(defn(`confDAEMON_OPTIONS'), `', `dnl', 34006f25ae9SGregory Neil Shapiro`errprint(WARNING: `confDAEMON_OPTIONS' is no longer valid. See cf/README for more information. 34106f25ae9SGregory Neil Shapiro)'dnl 34206f25ae9SGregory Neil Shapiro`DAEMON_OPTIONS(`confDAEMON_OPTIONS')') 34342e5d165SGregory Neil Shapiroifelse(defn(`_DPO_'), `', 34440266059SGregory Neil Shapiro`ifdef(`_NETINET6_', `O DaemonPortOptions=Name=MTA-v4, Family=inet 34540266059SGregory Neil ShapiroO DaemonPortOptions=Name=MTA-v6, Family=inet6',`O DaemonPortOptions=Name=MTA')', `_DPO_') 34606f25ae9SGregory Neil Shapiroifdef(`_NO_MSA_', `dnl', `O DaemonPortOptions=Port=587, Name=MSA, M=E') 34706f25ae9SGregory Neil Shapiro 34806f25ae9SGregory Neil Shapiro# SMTP client options 34940266059SGregory Neil Shapiroifelse(defn(`confCLIENT_OPTIONS'), `', `dnl', 35040266059SGregory Neil Shapiro`errprint(WARNING: `confCLIENT_OPTIONS' is no longer valid. See cf/README for more information. 35140266059SGregory Neil Shapiro)'dnl 35240266059SGregory Neil Shapiro`CLIENT_OPTIONS(`confCLIENT_OPTIONS')') 35340266059SGregory Neil Shapiroifelse(defn(`_CPO_'), `', 35440266059SGregory Neil Shapiro`#O ClientPortOptions=Family=inet, Address=0.0.0.0', `_CPO_') 35540266059SGregory Neil Shapiro 35640266059SGregory Neil Shapiro# Modifiers to `define' {daemon_flags} for direct submissions 35740266059SGregory Neil Shapiro_OPTION(DirectSubmissionModifiers, `confDIRECT_SUBMISSION_MODIFIERS', `') 35840266059SGregory Neil Shapiro 35940266059SGregory Neil Shapiro# Use as mail submission program? See sendmail/SECURITY 36040266059SGregory Neil Shapiro_OPTION(UseMSP, `confUSE_MSP', `') 361c2aa98e2SPeter Wemm 362c2aa98e2SPeter Wemm# privacy flags 36306f25ae9SGregory Neil Shapiro_OPTION(PrivacyOptions, `confPRIVACY_FLAGS', `authwarnings') 364c2aa98e2SPeter Wemm 365c2aa98e2SPeter Wemm# who (if anyone) should get extra copies of error messages 36606f25ae9SGregory Neil Shapiro_OPTION(PostmasterCopy, `confCOPY_ERRORS_TO', `Postmaster') 367c2aa98e2SPeter Wemm 368c2aa98e2SPeter Wemm# slope of queue-only function 36906f25ae9SGregory Neil Shapiro_OPTION(QueueFactor, `confQUEUE_FACTOR', `600000') 370c2aa98e2SPeter Wemm 37140266059SGregory Neil Shapiro# limit on number of concurrent queue runners 37240266059SGregory Neil Shapiro_OPTION(MaxQueueChildren, `confMAX_QUEUE_CHILDREN', `') 37340266059SGregory Neil Shapiro 37440266059SGregory Neil Shapiro# maximum number of queue-runners per queue-grouping with multiple queues 37540266059SGregory Neil Shapiro_OPTION(MaxRunnersPerQueue, `confMAX_RUNNERS_PER_QUEUE', `1') 37640266059SGregory Neil Shapiro 37740266059SGregory Neil Shapiro# priority of queue runners (nice(3)) 37840266059SGregory Neil Shapiro_OPTION(NiceQueueRun, `confNICE_QUEUE_RUN', `') 37940266059SGregory Neil Shapiro 38040266059SGregory Neil Shapiro# shall we sort the queue by hostname first? 38140266059SGregory Neil Shapiro_OPTION(QueueSortOrder, `confQUEUE_SORT_ORDER', `priority') 38240266059SGregory Neil Shapiro 38340266059SGregory Neil Shapiro# minimum time in queue before retry 38440266059SGregory Neil Shapiro_OPTION(MinQueueAge, `confMIN_QUEUE_AGE', `30m') 38540266059SGregory Neil Shapiro 38640266059SGregory Neil Shapiro# how many jobs can you process in the queue? 38740266059SGregory Neil Shapiro_OPTION(MaxQueueRunSize, `confMAX_QUEUE_RUN_SIZE', `10000') 38840266059SGregory Neil Shapiro 38940266059SGregory Neil Shapiro# perform initial split of envelope without checking MX records 39040266059SGregory Neil Shapiro_OPTION(FastSplit, `confFAST_SPLIT', `1') 39140266059SGregory Neil Shapiro 392c2aa98e2SPeter Wemm# queue directory 39306f25ae9SGregory Neil ShapiroO QueueDirectory=ifdef(`QUEUE_DIR', QUEUE_DIR, `/var/spool/mqueue') 394c2aa98e2SPeter Wemm 39540266059SGregory Neil Shapiro# key for shared memory; 0 to turn off 39640266059SGregory Neil Shapiro_OPTION(SharedMemoryKey, `confSHARED_MEMORY_KEY', `0') 39740266059SGregory Neil Shapiro 398c2aa98e2SPeter Wemm# timeouts (many of these) 39906f25ae9SGregory Neil Shapiro_OPTION(Timeout.initial, `confTO_INITIAL', `5m') 40006f25ae9SGregory Neil Shapiro_OPTION(Timeout.connect, `confTO_CONNECT', `5m') 40140266059SGregory Neil Shapiro_OPTION(Timeout.aconnect, `confTO_ACONNECT', `0s') 40206f25ae9SGregory Neil Shapiro_OPTION(Timeout.iconnect, `confTO_ICONNECT', `5m') 40306f25ae9SGregory Neil Shapiro_OPTION(Timeout.helo, `confTO_HELO', `5m') 40406f25ae9SGregory Neil Shapiro_OPTION(Timeout.mail, `confTO_MAIL', `10m') 40506f25ae9SGregory Neil Shapiro_OPTION(Timeout.rcpt, `confTO_RCPT', `1h') 40606f25ae9SGregory Neil Shapiro_OPTION(Timeout.datainit, `confTO_DATAINIT', `5m') 40706f25ae9SGregory Neil Shapiro_OPTION(Timeout.datablock, `confTO_DATABLOCK', `1h') 40806f25ae9SGregory Neil Shapiro_OPTION(Timeout.datafinal, `confTO_DATAFINAL', `1h') 40906f25ae9SGregory Neil Shapiro_OPTION(Timeout.rset, `confTO_RSET', `5m') 41006f25ae9SGregory Neil Shapiro_OPTION(Timeout.quit, `confTO_QUIT', `2m') 41106f25ae9SGregory Neil Shapiro_OPTION(Timeout.misc, `confTO_MISC', `2m') 41206f25ae9SGregory Neil Shapiro_OPTION(Timeout.command, `confTO_COMMAND', `1h') 41306f25ae9SGregory Neil Shapiro_OPTION(Timeout.ident, `confTO_IDENT', `5s') 41406f25ae9SGregory Neil Shapiro_OPTION(Timeout.fileopen, `confTO_FILEOPEN', `60s') 41506f25ae9SGregory Neil Shapiro_OPTION(Timeout.control, `confTO_CONTROL', `2m') 41606f25ae9SGregory Neil Shapiro_OPTION(Timeout.queuereturn, `confTO_QUEUERETURN', `5d') 41706f25ae9SGregory Neil Shapiro_OPTION(Timeout.queuereturn.normal, `confTO_QUEUERETURN_NORMAL', `5d') 41806f25ae9SGregory Neil Shapiro_OPTION(Timeout.queuereturn.urgent, `confTO_QUEUERETURN_URGENT', `2d') 41906f25ae9SGregory Neil Shapiro_OPTION(Timeout.queuereturn.non-urgent, `confTO_QUEUERETURN_NONURGENT', `7d') 42006f25ae9SGregory Neil Shapiro_OPTION(Timeout.queuewarn, `confTO_QUEUEWARN', `4h') 42106f25ae9SGregory Neil Shapiro_OPTION(Timeout.queuewarn.normal, `confTO_QUEUEWARN_NORMAL', `4h') 42206f25ae9SGregory Neil Shapiro_OPTION(Timeout.queuewarn.urgent, `confTO_QUEUEWARN_URGENT', `1h') 42306f25ae9SGregory Neil Shapiro_OPTION(Timeout.queuewarn.non-urgent, `confTO_QUEUEWARN_NONURGENT', `12h') 42406f25ae9SGregory Neil Shapiro_OPTION(Timeout.hoststatus, `confTO_HOSTSTATUS', `30m') 42506f25ae9SGregory Neil Shapiro_OPTION(Timeout.resolver.retrans, `confTO_RESOLVER_RETRANS', `5s') 42606f25ae9SGregory Neil Shapiro_OPTION(Timeout.resolver.retrans.first, `confTO_RESOLVER_RETRANS_FIRST', `5s') 42706f25ae9SGregory Neil Shapiro_OPTION(Timeout.resolver.retrans.normal, `confTO_RESOLVER_RETRANS_NORMAL', `5s') 42806f25ae9SGregory Neil Shapiro_OPTION(Timeout.resolver.retry, `confTO_RESOLVER_RETRY', `4') 42906f25ae9SGregory Neil Shapiro_OPTION(Timeout.resolver.retry.first, `confTO_RESOLVER_RETRY_FIRST', `4') 43006f25ae9SGregory Neil Shapiro_OPTION(Timeout.resolver.retry.normal, `confTO_RESOLVER_RETRY_NORMAL', `4') 43140266059SGregory Neil Shapiro_OPTION(Timeout.lhlo, `confTO_LHLO', `2m') 43240266059SGregory Neil Shapiro_OPTION(Timeout.auth, `confTO_AUTH', `10m') 43340266059SGregory Neil Shapiro_OPTION(Timeout.starttls, `confTO_STARTTLS', `1h') 43440266059SGregory Neil Shapiro 43540266059SGregory Neil Shapiro# time for DeliverBy; extension disabled if less than 0 43640266059SGregory Neil Shapiro_OPTION(DeliverByMin, `confDELIVER_BY_MIN', `0') 437c2aa98e2SPeter Wemm 438c2aa98e2SPeter Wemm# should we not prune routes in route-addr syntax addresses? 43906f25ae9SGregory Neil Shapiro_OPTION(DontPruneRoutes, `confDONT_PRUNE_ROUTES', `False') 440c2aa98e2SPeter Wemm 441c2aa98e2SPeter Wemm# queue up everything before forking? 44206f25ae9SGregory Neil Shapiro_OPTION(SuperSafe, `confSAFE_QUEUE', `True') 443c2aa98e2SPeter Wemm 444c2aa98e2SPeter Wemm# status file 44506f25ae9SGregory Neil ShapiroO StatusFile=ifdef(`STATUS_FILE', `STATUS_FILE', `MAIL_SETTINGS_DIR`'statistics') 446c2aa98e2SPeter Wemm 447c2aa98e2SPeter Wemm# time zone handling: 448c2aa98e2SPeter Wemm# if undefined, use system default 449c2aa98e2SPeter Wemm# if defined but null, use TZ envariable passed in 450c2aa98e2SPeter Wemm# if defined and non-null, use that info 451c2aa98e2SPeter Wemmifelse(confTIME_ZONE, `USE_SYSTEM', `#O TimeZoneSpec=', 452c2aa98e2SPeter Wemm confTIME_ZONE, `USE_TZ', `O TimeZoneSpec=', 453c2aa98e2SPeter Wemm `O TimeZoneSpec=confTIME_ZONE') 454c2aa98e2SPeter Wemm 455c2aa98e2SPeter Wemm# default UID (can be username or userid:groupid) 45606f25ae9SGregory Neil Shapiro_OPTION(DefaultUser, `confDEF_USER_ID', `mailnull') 457c2aa98e2SPeter Wemm 458c2aa98e2SPeter Wemm# list of locations of user database file (null means no lookup) 45906f25ae9SGregory Neil Shapiro_OPTION(UserDatabaseSpec, `confUSERDB_SPEC', `MAIL_SETTINGS_DIR`'userdb') 460c2aa98e2SPeter Wemm 461c2aa98e2SPeter Wemm# fallback MX host 46206f25ae9SGregory Neil Shapiro_OPTION(FallbackMXhost, `confFALLBACK_MX', `fall.back.host.net') 463c2aa98e2SPeter Wemm 464c2aa98e2SPeter Wemm# if we are the best MX host for a site, try it directly instead of config err 46506f25ae9SGregory Neil Shapiro_OPTION(TryNullMXList, `confTRY_NULL_MX_LIST', `False') 466c2aa98e2SPeter Wemm 467c2aa98e2SPeter Wemm# load average at which we just queue messages 46806f25ae9SGregory Neil Shapiro_OPTION(QueueLA, `confQUEUE_LA', `8') 469c2aa98e2SPeter Wemm 470c2aa98e2SPeter Wemm# load average at which we refuse connections 47106f25ae9SGregory Neil Shapiro_OPTION(RefuseLA, `confREFUSE_LA', `12') 472c2aa98e2SPeter Wemm 47340266059SGregory Neil Shapiro# load average at which we delay connections; 0 means no limit 47440266059SGregory Neil Shapiro_OPTION(DelayLA, `confDELAY_LA', `0') 47540266059SGregory Neil Shapiro 476c2aa98e2SPeter Wemm# maximum number of children we allow at one time 47706f25ae9SGregory Neil Shapiro_OPTION(MaxDaemonChildren, `confMAX_DAEMON_CHILDREN', `12') 478c2aa98e2SPeter Wemm 479c2aa98e2SPeter Wemm# maximum number of new connections per second 480193538b7SGregory Neil Shapiro_OPTION(ConnectionRateThrottle, `confCONNECTION_RATE_THROTTLE', `0') 481c2aa98e2SPeter Wemm 482c2aa98e2SPeter Wemm# work recipient factor 48306f25ae9SGregory Neil Shapiro_OPTION(RecipientFactor, `confWORK_RECIPIENT_FACTOR', `30000') 484c2aa98e2SPeter Wemm 485c2aa98e2SPeter Wemm# deliver each queued job in a separate process? 48606f25ae9SGregory Neil Shapiro_OPTION(ForkEachJob, `confSEPARATE_PROC', `False') 487c2aa98e2SPeter Wemm 488c2aa98e2SPeter Wemm# work class factor 48906f25ae9SGregory Neil Shapiro_OPTION(ClassFactor, `confWORK_CLASS_FACTOR', `1800') 490c2aa98e2SPeter Wemm 491c2aa98e2SPeter Wemm# work time factor 49206f25ae9SGregory Neil Shapiro_OPTION(RetryFactor, `confWORK_TIME_FACTOR', `90000') 493c2aa98e2SPeter Wemm 494c2aa98e2SPeter Wemm# default character set 49506f25ae9SGregory Neil Shapiro_OPTION(DefaultCharSet, `confDEF_CHAR_SET', `iso-8859-1') 496c2aa98e2SPeter Wemm 49740266059SGregory Neil Shapiro# service switch file (name hardwired on Solaris, Ultrix, OSF/1, others) 49806f25ae9SGregory Neil Shapiro_OPTION(ServiceSwitchFile, `confSERVICE_SWITCH_FILE', `MAIL_SETTINGS_DIR`'service.switch') 499c2aa98e2SPeter Wemm 500c2aa98e2SPeter Wemm# hosts file (normally /etc/hosts) 50106f25ae9SGregory Neil Shapiro_OPTION(HostsFile, `confHOSTS_FILE', `/etc/hosts') 502c2aa98e2SPeter Wemm 503c2aa98e2SPeter Wemm# dialup line delay on connection failure 50406f25ae9SGregory Neil Shapiro_OPTION(DialDelay, `confDIAL_DELAY', `10s') 505c2aa98e2SPeter Wemm 506c2aa98e2SPeter Wemm# action to take if there are no recipients in the message 50706f25ae9SGregory Neil Shapiro_OPTION(NoRecipientAction, `confNO_RCPT_ACTION', `add-to-undisclosed') 508c2aa98e2SPeter Wemm 509c2aa98e2SPeter Wemm# chrooted environment for writing to files 51006f25ae9SGregory Neil Shapiro_OPTION(SafeFileEnvironment, `confSAFE_FILE_ENV', `/arch') 511c2aa98e2SPeter Wemm 512c2aa98e2SPeter Wemm# are colons OK in addresses? 51306f25ae9SGregory Neil Shapiro_OPTION(ColonOkInAddr, `confCOLON_OK_IN_ADDR', `True') 514c2aa98e2SPeter Wemm 515c2aa98e2SPeter Wemm# shall I avoid expanding CNAMEs (violates protocols)? 51606f25ae9SGregory Neil Shapiro_OPTION(DontExpandCnames, `confDONT_EXPAND_CNAMES', `False') 517c2aa98e2SPeter Wemm 518c2aa98e2SPeter Wemm# SMTP initial login message (old $e macro) 51906f25ae9SGregory Neil Shapiro_OPTION(SmtpGreetingMessage, `confSMTP_LOGIN_MSG', `$j Sendmail $v ready at $b') 520c2aa98e2SPeter Wemm 521c2aa98e2SPeter Wemm# UNIX initial From header format (old $l macro) 52206f25ae9SGregory Neil Shapiro_OPTION(UnixFromLine, `confFROM_LINE', `From $g $d') 523c2aa98e2SPeter Wemm 524c2aa98e2SPeter Wemm# From: lines that have embedded newlines are unwrapped onto one line 52506f25ae9SGregory Neil Shapiro_OPTION(SingleLineFromHeader, `confSINGLE_LINE_FROM_HEADER', `False') 526c2aa98e2SPeter Wemm 527c2aa98e2SPeter Wemm# Allow HELO SMTP command that does not `include' a host name 52806f25ae9SGregory Neil Shapiro_OPTION(AllowBogusHELO, `confALLOW_BOGUS_HELO', `False') 529c2aa98e2SPeter Wemm 530c2aa98e2SPeter Wemm# Characters to be quoted in a full name phrase (@,;:\()[] are automatic) 53106f25ae9SGregory Neil Shapiro_OPTION(MustQuoteChars, `confMUST_QUOTE_CHARS', `.') 532c2aa98e2SPeter Wemm 533c2aa98e2SPeter Wemm# delimiter (operator) characters (old $o macro) 53406f25ae9SGregory Neil Shapiro_OPTION(OperatorChars, `confOPERATORS', `.:@[]') 535c2aa98e2SPeter Wemm 536c2aa98e2SPeter Wemm# shall I avoid calling initgroups(3) because of high NIS costs? 53706f25ae9SGregory Neil Shapiro_OPTION(DontInitGroups, `confDONT_INIT_GROUPS', `False') 538c2aa98e2SPeter Wemm 539c2aa98e2SPeter Wemm# are group-writable `:include:' and .forward files (un)trustworthy? 54040266059SGregory Neil Shapiro# True (the default) means they are not trustworthy. 54106f25ae9SGregory Neil Shapiro_OPTION(UnsafeGroupWrites, `confUNSAFE_GROUP_WRITES', `True') 54240266059SGregory Neil Shapiroifdef(`confUNSAFE_GROUP_WRITES', 54340266059SGregory Neil Shapiro`errprint(`WARNING: confUNSAFE_GROUP_WRITES is deprecated; use confDONT_BLAME_SENDMAIL. 54440266059SGregory Neil Shapiro')') 545c2aa98e2SPeter Wemm 546c2aa98e2SPeter Wemm# where do errors that occur when sending errors get sent? 54706f25ae9SGregory Neil Shapiro_OPTION(DoubleBounceAddress, `confDOUBLE_BOUNCE_ADDRESS', `postmaster') 54806f25ae9SGregory Neil Shapiro 54906f25ae9SGregory Neil Shapiro# where to save bounces if all else fails 55006f25ae9SGregory Neil Shapiro_OPTION(DeadLetterDrop, `confDEAD_LETTER_DROP', `/var/tmp/dead.letter') 551c2aa98e2SPeter Wemm 552c2aa98e2SPeter Wemm# what user id do we assume for the majority of the processing? 55306f25ae9SGregory Neil Shapiro_OPTION(RunAsUser, `confRUN_AS_USER', `sendmail') 554c2aa98e2SPeter Wemm 555c2aa98e2SPeter Wemm# maximum number of recipients per SMTP envelope 55606f25ae9SGregory Neil Shapiro_OPTION(MaxRecipientsPerMessage, `confMAX_RCPTS_PER_MESSAGE', `100') 557c2aa98e2SPeter Wemm 55840266059SGregory Neil Shapiro# limit the rate recipients per SMTP envelope are accepted 55940266059SGregory Neil Shapiro# once the threshold number of recipients have been rejected 56040266059SGregory Neil Shapiro_OPTION(BadRcptThrottle, `confBAD_RCPT_THROTTLE', `20') 56140266059SGregory Neil Shapiro 562c2aa98e2SPeter Wemm# shall we get local names from our installed interfaces? 56306f25ae9SGregory Neil Shapiro_OPTION(DontProbeInterfaces, `confDONT_PROBE_INTERFACES', `False') 564c2aa98e2SPeter Wemm 56506f25ae9SGregory Neil Shapiro# Return-Receipt-To: header implies DSN request 56606f25ae9SGregory Neil Shapiro_OPTION(RrtImpliesDsn, `confRRT_IMPLIES_DSN', `False') 56706f25ae9SGregory Neil Shapiro 56806f25ae9SGregory Neil Shapiro# override connection address (for testing) 56906f25ae9SGregory Neil Shapiro_OPTION(ConnectOnlyTo, `confCONNECT_ONLY_TO', `0.0.0.0') 57006f25ae9SGregory Neil Shapiro 57106f25ae9SGregory Neil Shapiro# Trusted user for file ownership and starting the daemon 57206f25ae9SGregory Neil Shapiro_OPTION(TrustedUser, `confTRUSTED_USER', `root') 57306f25ae9SGregory Neil Shapiro 57406f25ae9SGregory Neil Shapiro# Control socket for daemon management 57506f25ae9SGregory Neil Shapiro_OPTION(ControlSocketName, `confCONTROL_SOCKET_NAME', `/var/spool/mqueue/.control') 57606f25ae9SGregory Neil Shapiro 57706f25ae9SGregory Neil Shapiro# Maximum MIME header length to protect MUAs 57806f25ae9SGregory Neil Shapiro_OPTION(MaxMimeHeaderLength, `confMAX_MIME_HEADER_LENGTH', `0/0') 57906f25ae9SGregory Neil Shapiro 58006f25ae9SGregory Neil Shapiro# Maximum length of the sum of all headers 58106f25ae9SGregory Neil Shapiro_OPTION(MaxHeadersLength, `confMAX_HEADERS_LENGTH', `32768') 58206f25ae9SGregory Neil Shapiro 58306f25ae9SGregory Neil Shapiro# Maximum depth of alias recursion 58406f25ae9SGregory Neil Shapiro_OPTION(MaxAliasRecursion, `confMAX_ALIAS_RECURSION', `10') 58506f25ae9SGregory Neil Shapiro 58606f25ae9SGregory Neil Shapiro# location of pid file 58706f25ae9SGregory Neil Shapiro_OPTION(PidFile, `confPID_FILE', `/var/run/sendmail.pid') 58806f25ae9SGregory Neil Shapiro 58906f25ae9SGregory Neil Shapiro# Prefix string for the process title shown on 'ps' listings 59006f25ae9SGregory Neil Shapiro_OPTION(ProcessTitlePrefix, `confPROCESS_TITLE_PREFIX', `prefix') 59106f25ae9SGregory Neil Shapiro 59206f25ae9SGregory Neil Shapiro# Data file (df) memory-buffer file maximum size 59306f25ae9SGregory Neil Shapiro_OPTION(DataFileBufferSize, `confDF_BUFFER_SIZE', `4096') 59406f25ae9SGregory Neil Shapiro 59506f25ae9SGregory Neil Shapiro# Transcript file (xf) memory-buffer file maximum size 59606f25ae9SGregory Neil Shapiro_OPTION(XscriptFileBufferSize, `confXF_BUFFER_SIZE', `4096') 59706f25ae9SGregory Neil Shapiro 59840266059SGregory Neil Shapiro# lookup type to find information about local mailboxes 59940266059SGregory Neil Shapiro_OPTION(MailboxDatabase, `confMAILBOX_DATABASE', `pw') 60040266059SGregory Neil Shapiro 60106f25ae9SGregory Neil Shapiro# list of authentication mechanisms 60240266059SGregory Neil Shapiro_OPTION(AuthMechanisms, `confAUTH_MECHANISMS', `EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5') 60306f25ae9SGregory Neil Shapiro 60406f25ae9SGregory Neil Shapiro# default authentication information for outgoing connections 60506f25ae9SGregory Neil Shapiro_OPTION(DefaultAuthInfo, `confDEF_AUTH_INFO', `MAIL_SETTINGS_DIR`'default-auth-info') 60606f25ae9SGregory Neil Shapiro 60706f25ae9SGregory Neil Shapiro# SMTP AUTH flags 60806f25ae9SGregory Neil Shapiro_OPTION(AuthOptions, `confAUTH_OPTIONS', `') 60906f25ae9SGregory Neil Shapiro 61040266059SGregory Neil Shapiro# SMTP AUTH maximum encryption strength 61140266059SGregory Neil Shapiro_OPTION(AuthMaxBits, `confAUTH_MAX_BITS', `') 61240266059SGregory Neil Shapiro 61340266059SGregory Neil Shapiro# SMTP STARTTLS server options 61440266059SGregory Neil Shapiro_OPTION(TLSSrvOptions, `confTLS_SRV_OPTIONS', `') 61540266059SGregory Neil Shapiro 61606f25ae9SGregory Neil Shapiro# Input mail filters 61706f25ae9SGregory Neil Shapiro_OPTION(InputMailFilters, `confINPUT_MAIL_FILTERS', `') 61806f25ae9SGregory Neil Shapiro 61940266059SGregory Neil Shapiroifdef(`confINPUT_MAIL_FILTERS', `dnl 62006f25ae9SGregory Neil Shapiro# Milter options 62140266059SGregory Neil Shapiro_OPTION(Milter.LogLevel, `confMILTER_LOG_LEVEL', `') 62206f25ae9SGregory Neil Shapiro_OPTION(Milter.macros.connect, `confMILTER_MACROS_CONNECT', `') 62306f25ae9SGregory Neil Shapiro_OPTION(Milter.macros.helo, `confMILTER_MACROS_HELO', `') 62406f25ae9SGregory Neil Shapiro_OPTION(Milter.macros.envfrom, `confMILTER_MACROS_ENVFROM', `') 62506f25ae9SGregory Neil Shapiro_OPTION(Milter.macros.envrcpt, `confMILTER_MACROS_ENVRCPT', `')') 62606f25ae9SGregory Neil Shapiro 62706f25ae9SGregory Neil Shapiro# CA directory 62806f25ae9SGregory Neil Shapiro_OPTION(CACERTPath, `confCACERT_PATH', `') 62906f25ae9SGregory Neil Shapiro# CA file 63006f25ae9SGregory Neil Shapiro_OPTION(CACERTFile, `confCACERT', `') 63106f25ae9SGregory Neil Shapiro# Server Cert 63206f25ae9SGregory Neil Shapiro_OPTION(ServerCertFile, `confSERVER_CERT', `') 63306f25ae9SGregory Neil Shapiro# Server private key 63406f25ae9SGregory Neil Shapiro_OPTION(ServerKeyFile, `confSERVER_KEY', `') 63506f25ae9SGregory Neil Shapiro# Client Cert 63606f25ae9SGregory Neil Shapiro_OPTION(ClientCertFile, `confCLIENT_CERT', `') 63706f25ae9SGregory Neil Shapiro# Client private key 63806f25ae9SGregory Neil Shapiro_OPTION(ClientKeyFile, `confCLIENT_KEY', `') 63906f25ae9SGregory Neil Shapiro# DHParameters (only required if DSA/DH is used) 64006f25ae9SGregory Neil Shapiro_OPTION(DHParameters, `confDH_PARAMETERS', `') 64106f25ae9SGregory Neil Shapiro# Random data source (required for systems without /dev/urandom under OpenSSL) 64206f25ae9SGregory Neil Shapiro_OPTION(RandFile, `confRAND_FILE', `') 64306f25ae9SGregory Neil Shapiro 64440266059SGregory Neil Shapiro############################ 64540266059SGregory Neil Shapiro`# QUEUE GROUP DEFINITIONS #' 64640266059SGregory Neil Shapiro############################ 64740266059SGregory Neil Shapiro_QUEUE_GROUP_ 648065a643dSPeter Wemm 649c2aa98e2SPeter Wemm########################### 650c2aa98e2SPeter Wemm# Message precedences # 651c2aa98e2SPeter Wemm########################### 652c2aa98e2SPeter Wemm 653c2aa98e2SPeter WemmPfirst-class=0 654c2aa98e2SPeter WemmPspecial-delivery=100 655c2aa98e2SPeter WemmPlist=-30 656c2aa98e2SPeter WemmPbulk=-60 657c2aa98e2SPeter WemmPjunk=-100 658c2aa98e2SPeter Wemm 659c2aa98e2SPeter Wemm##################### 660c2aa98e2SPeter Wemm# Trusted users # 661c2aa98e2SPeter Wemm##################### 662c2aa98e2SPeter Wemm 663c2aa98e2SPeter Wemm# this is equivalent to setting class "t" 66406f25ae9SGregory Neil Shapiroifdef(`_USE_CT_FILE_', `', `#')Ft`'ifdef(`confCT_FILE', confCT_FILE, `MAIL_SETTINGS_DIR`'trusted-users') 665c2aa98e2SPeter WemmTroot 666c2aa98e2SPeter WemmTdaemon 667c2aa98e2SPeter Wemmifdef(`_NO_UUCP_', `dnl', `Tuucp') 668c2aa98e2SPeter Wemmifdef(`confTRUSTED_USERS', `T`'confTRUSTED_USERS', `dnl') 669c2aa98e2SPeter Wemm 670c2aa98e2SPeter Wemm######################### 671c2aa98e2SPeter Wemm# Format of headers # 672c2aa98e2SPeter Wemm######################### 673c2aa98e2SPeter Wemm 674c2aa98e2SPeter Wemmifdef(`confFROM_HEADER',, `define(`confFROM_HEADER', `$?x$x <$g>$|$g$.')')dnl 675c2aa98e2SPeter WemmH?P?Return-Path: <$g> 676c2aa98e2SPeter WemmHReceived: confRECEIVED_HEADER 677c2aa98e2SPeter WemmH?D?Resent-Date: $a 678c2aa98e2SPeter WemmH?D?Date: $a 679c2aa98e2SPeter WemmH?F?Resent-From: confFROM_HEADER 680c2aa98e2SPeter WemmH?F?From: confFROM_HEADER 681c2aa98e2SPeter WemmH?x?Full-Name: $x 682c2aa98e2SPeter Wemm# HPosted-Date: $a 683c2aa98e2SPeter Wemm# H?l?Received-Date: $b 684c2aa98e2SPeter WemmH?M?Resent-Message-Id: <$t.$i@$j> 685c2aa98e2SPeter WemmH?M?Message-Id: <$t.$i@$j> 68606f25ae9SGregory Neil Shapiro 687c2aa98e2SPeter Wemm# 688c2aa98e2SPeter Wemm###################################################################### 689c2aa98e2SPeter Wemm###################################################################### 690c2aa98e2SPeter Wemm##### 691c2aa98e2SPeter Wemm##### REWRITING RULES 692c2aa98e2SPeter Wemm##### 693c2aa98e2SPeter Wemm###################################################################### 694c2aa98e2SPeter Wemm###################################################################### 695c2aa98e2SPeter Wemm 696c2aa98e2SPeter Wemm############################################ 697c2aa98e2SPeter Wemm### Ruleset 3 -- Name Canonicalization ### 698c2aa98e2SPeter Wemm############################################ 69906f25ae9SGregory Neil ShapiroScanonify=3 700c2aa98e2SPeter Wemm 701c2aa98e2SPeter Wemm# handle null input (translate to <@> special case) 702c2aa98e2SPeter WemmR$@ $@ <@> 703c2aa98e2SPeter Wemm 704c2aa98e2SPeter Wemm# strip group: syntax (not inside angle brackets!) and trailing semicolon 705c2aa98e2SPeter WemmR$* $: $1 <@> mark addresses 706c2aa98e2SPeter WemmR$* < $* > $* <@> $: $1 < $2 > $3 unmark <addr> 707c2aa98e2SPeter WemmR@ $* <@> $: @ $1 unmark @host:... 70840266059SGregory Neil ShapiroR$* [ IPv6 : $+ ] <@> $: $1 [ IPv6 : $2 ] unmark IPv6 addr 709c2aa98e2SPeter WemmR$* :: $* <@> $: $1 :: $2 unmark node::addr 710c2aa98e2SPeter WemmR:`include': $* <@> $: :`include': $1 unmark :`include':... 711c2aa98e2SPeter WemmR$* : $* [ $* ] $: $1 : $2 [ $3 ] <@> remark if leading colon 712c2aa98e2SPeter WemmR$* : $* <@> $: $2 strip colon if marked 713c2aa98e2SPeter WemmR$* <@> $: $1 unmark 714c2aa98e2SPeter WemmR$* ; $1 strip trailing semi 715193538b7SGregory Neil ShapiroR$* < $+ :; > $* $@ $2 :; <@> catch <list:;> 716c2aa98e2SPeter WemmR$* < $* ; > $1 < $2 > bogus bracketed semi 717c2aa98e2SPeter Wemm 718c2aa98e2SPeter Wemm# null input now results from list:; syntax 719c2aa98e2SPeter WemmR$@ $@ :; <@> 720c2aa98e2SPeter Wemm 721c2aa98e2SPeter Wemm# strip angle brackets -- note RFC733 heuristic to get innermost item 722c2aa98e2SPeter WemmR$* $: < $1 > housekeeping <> 723c2aa98e2SPeter WemmR$+ < $* > < $2 > strip excess on left 724c2aa98e2SPeter WemmR< $* > $+ < $1 > strip excess on right 725c2aa98e2SPeter WemmR<> $@ < @ > MAIL FROM:<> case 726c2aa98e2SPeter WemmR< $+ > $: $1 remove housekeeping <> 727c2aa98e2SPeter Wemm 72806f25ae9SGregory Neil Shapiroifdef(`_USE_DEPRECATED_ROUTE_ADDR_',`dnl 729c2aa98e2SPeter Wemm# make sure <@a,@b,@c:user@d> syntax is easy to parse -- undone later 730c2aa98e2SPeter WemmR@ $+ , $+ @ $1 : $2 change all "," to ":" 731c2aa98e2SPeter Wemm 732c2aa98e2SPeter Wemm# localize and dispose of route-based addresses 73340266059SGregory Neil Shapirodnl XXX: IPv6 colon conflict 73440266059SGregory Neil Shapiroifdef(`NO_NETINET6', `dnl', 73540266059SGregory Neil Shapiro`R@ [$+] : $+ $@ $>Canonify2 < @ [$1] > : $2 handle <route-addr>') 73606f25ae9SGregory Neil ShapiroR@ $+ : $+ $@ $>Canonify2 < @$1 > : $2 handle <route-addr> 73706f25ae9SGregory Neil Shapirodnl',`dnl 73806f25ae9SGregory Neil Shapiro# strip route address <@a,@b,@c:user@d> -> <user@d> 73906f25ae9SGregory Neil ShapiroR@ $+ , $+ $2 74040266059SGregory Neil Shapiroifdef(`NO_NETINET6', `dnl', 74140266059SGregory Neil Shapiro`R@ [ $* ] : $+ $2') 74206f25ae9SGregory Neil ShapiroR@ $+ : $+ $2 74306f25ae9SGregory Neil Shapirodnl') 744c2aa98e2SPeter Wemm 745c2aa98e2SPeter Wemm# find focus for list syntax 74606f25ae9SGregory Neil ShapiroR $+ : $* ; @ $+ $@ $>Canonify2 $1 : $2 ; < @ $3 > list syntax 747c2aa98e2SPeter WemmR $+ : $* ; $@ $1 : $2; list syntax 748c2aa98e2SPeter Wemm 749c2aa98e2SPeter Wemm# find focus for @ syntax addresses 750c2aa98e2SPeter WemmR$+ @ $+ $: $1 < @ $2 > focus on domain 751c2aa98e2SPeter WemmR$+ < $+ @ $+ > $1 $2 < @ $3 > move gaze right 75206f25ae9SGregory Neil ShapiroR$+ < @ $+ > $@ $>Canonify2 $1 < @ $2 > already canonical 753c2aa98e2SPeter Wemm 75440266059SGregory Neil Shapirodnl This is flagged as an error in S0; no need to silently fix it here. 75540266059SGregory Neil Shapirodnl # do some sanity checking 75640266059SGregory Neil Shapirodnl R$* < @ $~[ $* : $* > $* $1 < @ $2 $3 > $4 nix colons in addrs 757c2aa98e2SPeter Wemm 758c2aa98e2SPeter Wemmifdef(`_NO_UUCP_', `dnl', 759c2aa98e2SPeter Wemm`# convert old-style addresses to a domain-based address 76006f25ae9SGregory Neil ShapiroR$- ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > resolve uucp names 76106f25ae9SGregory Neil ShapiroR$+ . $- ! $+ $@ $>Canonify2 $3 < @ $1 . $2 > domain uucps 76206f25ae9SGregory Neil ShapiroR$+ ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > uucp subdomains 763c2aa98e2SPeter Wemm') 764c2aa98e2SPeter Wemmifdef(`_USE_DECNET_SYNTAX_', 765c2aa98e2SPeter Wemm`# convert node::user addresses into a domain-based address 76606f25ae9SGregory Neil ShapiroR$- :: $+ $@ $>Canonify2 $2 < @ $1 .DECNET > resolve DECnet names 76706f25ae9SGregory Neil ShapiroR$- . $- :: $+ $@ $>Canonify2 $3 < @ $1.$2 .DECNET > numeric DECnet addr 768c2aa98e2SPeter Wemm', 769c2aa98e2SPeter Wemm `dnl') 770c2aa98e2SPeter Wemm# if we have % signs, take the rightmost one 771c2aa98e2SPeter WemmR$* % $* $1 @ $2 First make them all @s. 772c2aa98e2SPeter WemmR$* @ $* @ $* $1 % $2 @ $3 Undo all but the last. 77306f25ae9SGregory Neil ShapiroR$* @ $* $@ $>Canonify2 $1 < @ $2 > Insert < > and finish 774c2aa98e2SPeter Wemm 775c2aa98e2SPeter Wemm# else we must be a local name 77606f25ae9SGregory Neil ShapiroR$* $@ $>Canonify2 $1 777c2aa98e2SPeter Wemm 778c2aa98e2SPeter Wemm 779c2aa98e2SPeter Wemm################################################ 780c2aa98e2SPeter Wemm### Ruleset 96 -- bottom half of ruleset 3 ### 781c2aa98e2SPeter Wemm################################################ 782c2aa98e2SPeter Wemm 78306f25ae9SGregory Neil ShapiroSCanonify2=96 784c2aa98e2SPeter Wemm 785c2aa98e2SPeter Wemm# handle special cases for local names 786c2aa98e2SPeter WemmR$* < @ localhost > $* $: $1 < @ $j . > $2 no domain at all 787c2aa98e2SPeter WemmR$* < @ localhost . $m > $* $: $1 < @ $j . > $2 local domain 788c2aa98e2SPeter Wemmifdef(`_NO_UUCP_', `dnl', 789c2aa98e2SPeter Wemm`R$* < @ localhost . UUCP > $* $: $1 < @ $j . > $2 .UUCP domain') 79006f25ae9SGregory Neil Shapiro 79140266059SGregory Neil Shapiro# check for IPv4/IPv6 domain literal 79240266059SGregory Neil ShapiroR$* < @ [ $+ ] > $* $: $1 < @@ [ $2 ] > $3 mark [addr] 793c2aa98e2SPeter WemmR$* < @@ $=w > $* $: $1 < @ $j . > $3 self-literal 794c2aa98e2SPeter WemmR$* < @@ $+ > $* $@ $1 < @ $2 > $3 canon IP addr 795c2aa98e2SPeter Wemm 79606f25ae9SGregory Neil Shapiroifdef(`_DOMAIN_TABLE_', `dnl 797c2aa98e2SPeter Wemm# look up domains in the domain table 798c2aa98e2SPeter WemmR$* < @ $+ > $* $: $1 < @ $(domaintable $2 $) > $3', `dnl') 799c2aa98e2SPeter Wemm 80006f25ae9SGregory Neil Shapiroundivert(2)dnl LOCAL_RULE_3 801c2aa98e2SPeter Wemm 80206f25ae9SGregory Neil Shapiroifdef(`_BITDOMAIN_TABLE_', `dnl 803c2aa98e2SPeter Wemm# handle BITNET mapping 804c2aa98e2SPeter WemmR$* < @ $+ .BITNET > $* $: $1 < @ $(bitdomain $2 $: $2.BITNET $) > $3', `dnl') 805c2aa98e2SPeter Wemm 80606f25ae9SGregory Neil Shapiroifdef(`_UUDOMAIN_TABLE_', `dnl 807c2aa98e2SPeter Wemm# handle UUCP mapping 808c2aa98e2SPeter WemmR$* < @ $+ .UUCP > $* $: $1 < @ $(uudomain $2 $: $2.UUCP $) > $3', `dnl') 809c2aa98e2SPeter Wemm 810c2aa98e2SPeter Wemmifdef(`_NO_UUCP_', `dnl', 811c2aa98e2SPeter Wemm`ifdef(`UUCP_RELAY', 812c2aa98e2SPeter Wemm`# pass UUCP addresses straight through 813c2aa98e2SPeter WemmR$* < @ $+ . UUCP > $* $@ $1 < @ $2 . UUCP . > $3', 814c2aa98e2SPeter Wemm`# if really UUCP, handle it immediately 815c2aa98e2SPeter Wemmifdef(`_CLASS_U_', 816c2aa98e2SPeter Wemm`R$* < @ $=U . UUCP > $* $@ $1 < @ $2 . UUCP . > $3', `dnl') 817c2aa98e2SPeter Wemmifdef(`_CLASS_V_', 818c2aa98e2SPeter Wemm`R$* < @ $=V . UUCP > $* $@ $1 < @ $2 . UUCP . > $3', `dnl') 819c2aa98e2SPeter Wemmifdef(`_CLASS_W_', 820c2aa98e2SPeter Wemm`R$* < @ $=W . UUCP > $* $@ $1 < @ $2 . UUCP . > $3', `dnl') 821c2aa98e2SPeter Wemmifdef(`_CLASS_X_', 822c2aa98e2SPeter Wemm`R$* < @ $=X . UUCP > $* $@ $1 < @ $2 . UUCP . > $3', `dnl') 823c2aa98e2SPeter Wemmifdef(`_CLASS_Y_', 824c2aa98e2SPeter Wemm`R$* < @ $=Y . UUCP > $* $@ $1 < @ $2 . UUCP . > $3', `dnl') 825c2aa98e2SPeter Wemm 826c2aa98e2SPeter Wemmifdef(`_NO_CANONIFY_', `dnl', `dnl 827c2aa98e2SPeter Wemm# try UUCP traffic as a local address 828c2aa98e2SPeter WemmR$* < @ $+ . UUCP > $* $: $1 < @ $[ $2 $] . UUCP . > $3 829c2aa98e2SPeter WemmR$* < @ $+ . . UUCP . > $* $@ $1 < @ $2 . > $3') 830c2aa98e2SPeter Wemm')') 83106f25ae9SGregory Neil Shapiro# hostnames ending in class P are always canonical 83206f25ae9SGregory Neil ShapiroR$* < @ $* $=P > $* $: $1 < @ $2 $3 . > $4 83306f25ae9SGregory Neil Shapirodnl apply the next rule only for hostnames not in class P 83406f25ae9SGregory Neil Shapirodnl this even works for phrases in class P since . is in class P 83506f25ae9SGregory Neil Shapirodnl which daemon flags are set? 83606f25ae9SGregory Neil ShapiroR$* < @ $* $~P > $* $: $&{daemon_flags} $| $1 < @ $2 $3 > $4 83706f25ae9SGregory Neil Shapirodnl the other rules in this section only apply if the hostname 83806f25ae9SGregory Neil Shapirodnl does not end in class P hence no further checks are done here 83906f25ae9SGregory Neil Shapirodnl if this ever changes make sure the lookups are "protected" again! 84006f25ae9SGregory Neil Shapiroifdef(`_NO_CANONIFY_', `dnl 84106f25ae9SGregory Neil Shapirodnl do not canonify unless: 84206f25ae9SGregory Neil Shapirodnl domain ends in class {Canonify} (this does not work if the intersection 84306f25ae9SGregory Neil Shapirodnl with class P is non-empty) 84406f25ae9SGregory Neil Shapirodnl or {daemon_flags} has c set 84506f25ae9SGregory Neil Shapiro# pass to name server to make hostname canonical if in class {Canonify} 84606f25ae9SGregory Neil ShapiroR$* $| $* < @ $* $={Canonify} > $* $: $2 < @ $[ $3 $4 $] > $5 84706f25ae9SGregory Neil Shapiro# pass to name server to make hostname canonical if requested 84806f25ae9SGregory Neil ShapiroR$* c $* $| $* < @ $* > $* $: $3 < @ $[ $4 $] > $5 84906f25ae9SGregory Neil Shapirodnl trailing dot? -> do not apply _CANONIFY_HOSTS_ 85006f25ae9SGregory Neil ShapiroR$* $| $* < @ $+ . > $* $: $2 < @ $3 . > $4 85106f25ae9SGregory Neil Shapiro# add a trailing dot to qualified hostnames so other rules will work 85206f25ae9SGregory Neil ShapiroR$* $| $* < @ $+.$+ > $* $: $2 < @ $3.$4 . > $5 85306f25ae9SGregory Neil Shapiroifdef(`_CANONIFY_HOSTS_', `dnl 85406f25ae9SGregory Neil Shapirodnl this should only apply to unqualified hostnames 85506f25ae9SGregory Neil Shapirodnl but if a valid character inside an unqualified hostname is an OperatorChar 85606f25ae9SGregory Neil Shapirodnl then $- does not work. 85706f25ae9SGregory Neil Shapiro# lookup unqualified hostnames 85806f25ae9SGregory Neil ShapiroR$* $| $* < @ $* > $* $: $2 < @ $[ $3 $] > $4', `dnl')', `dnl 85906f25ae9SGregory Neil Shapirodnl _NO_CANONIFY_ is not set: canonify unless: 86006f25ae9SGregory Neil Shapirodnl {daemon_flags} contains CC (do not canonify) 861193538b7SGregory Neil Shapirodnl but add a trailing dot to qualified hostnames so other rules will work 862193538b7SGregory Neil Shapirodnl should we do this for every hostname: even unqualified? 863193538b7SGregory Neil ShapiroR$* CC $* $| $* < @ $+.$+ > $* $: $3 < @ $4.$5 . > $6 86406f25ae9SGregory Neil ShapiroR$* CC $* $| $* $: $3 86540266059SGregory Neil Shapiroifdef(`_FFR_NOCANONIFY_HEADERS', `dnl 86640266059SGregory Neil Shapiro# do not canonify header addresses 86740266059SGregory Neil ShapiroR$* $| $* < @ $* $~P > $* $: $&{addr_type} $| $2 < @ $3 $4 > $5 86840266059SGregory Neil ShapiroR$* h $* $| $* < @ $+.$+ > $* $: $3 < @ $4.$5 . > $6 86940266059SGregory Neil ShapiroR$* h $* $| $* $: $3', `dnl') 870c2aa98e2SPeter Wemm# pass to name server to make hostname canonical 87106f25ae9SGregory Neil ShapiroR$* $| $* < @ $* > $* $: $2 < @ $[ $3 $] > $4') 87206f25ae9SGregory Neil Shapirodnl remove {daemon_flags} for other cases 87306f25ae9SGregory Neil ShapiroR$* $| $* $: $2 874c2aa98e2SPeter Wemm 875c2aa98e2SPeter Wemm# local host aliases and pseudo-domains are always canonical 876c2aa98e2SPeter WemmR$* < @ $=w > $* $: $1 < @ $2 . > $3 877c2aa98e2SPeter Wemmifdef(`_MASQUERADE_ENTIRE_DOMAIN_', 878c2aa98e2SPeter Wemm`R$* < @ $* $=M > $* $: $1 < @ $2 $3 . > $4', 879c2aa98e2SPeter Wemm`R$* < @ $=M > $* $: $1 < @ $2 . > $3') 88006f25ae9SGregory Neil Shapiroifdef(`_VIRTUSER_TABLE_', `dnl 88106f25ae9SGregory Neil Shapirodnl virtual hosts are also canonical 88206f25ae9SGregory Neil Shapiroifdef(`_VIRTUSER_ENTIRE_DOMAIN_', 88306f25ae9SGregory Neil Shapiro`R$* < @ $* $={VirtHost} > $* $: $1 < @ $2 $3 . > $4', 88406f25ae9SGregory Neil Shapiro`R$* < @ $={VirtHost} > $* $: $1 < @ $2 . > $3')', 88506f25ae9SGregory Neil Shapiro`dnl') 88640266059SGregory Neil Shapiroifdef(`_GENERICS_TABLE_', `dnl 88740266059SGregory Neil Shapirodnl hosts for genericstable are also canonical 88840266059SGregory Neil Shapiroifdef(`_GENERICS_ENTIRE_DOMAIN_', 88940266059SGregory Neil Shapiro`R$* < @ $* $=G > $* $: $1 < @ $2 $3 . > $4', 89040266059SGregory Neil Shapiro`R$* < @ $=G > $* $: $1 < @ $2 . > $3')', 89140266059SGregory Neil Shapiro`dnl') 89206f25ae9SGregory Neil Shapirodnl remove superfluous dots (maybe repeatedly) which may have been added 89306f25ae9SGregory Neil Shapirodnl by one of the rules before 894c2aa98e2SPeter WemmR$* < @ $* . . > $* $1 < @ $2 . > $3 895c2aa98e2SPeter Wemm 896c2aa98e2SPeter Wemm 897c2aa98e2SPeter Wemm################################################## 898c2aa98e2SPeter Wemm### Ruleset 4 -- Final Output Post-rewriting ### 899c2aa98e2SPeter Wemm################################################## 90006f25ae9SGregory Neil ShapiroSfinal=4 901c2aa98e2SPeter Wemm 902193538b7SGregory Neil ShapiroR$+ :; <@> $@ $1 : handle <list:;> 903c2aa98e2SPeter WemmR$* <@> $@ handle <> and list:; 904c2aa98e2SPeter Wemm 905c2aa98e2SPeter Wemm# strip trailing dot off possibly canonical name 906c2aa98e2SPeter WemmR$* < @ $+ . > $* $1 < @ $2 > $3 907c2aa98e2SPeter Wemm 90806f25ae9SGregory Neil Shapiro# eliminate internal code 909c2aa98e2SPeter WemmR$* < @ *LOCAL* > $* $1 < @ $j > $2 910c2aa98e2SPeter Wemm 911c2aa98e2SPeter Wemm# externalize local domain info 912c2aa98e2SPeter WemmR$* < $+ > $* $1 $2 $3 defocus 913c2aa98e2SPeter WemmR@ $+ : @ $+ : $+ @ $1 , @ $2 : $3 <route-addr> canonical 914c2aa98e2SPeter WemmR@ $* $@ @ $1 ... and exit 915c2aa98e2SPeter Wemm 916c2aa98e2SPeter Wemmifdef(`_NO_UUCP_', `dnl', 917c2aa98e2SPeter Wemm`# UUCP must always be presented in old form 918c2aa98e2SPeter WemmR$+ @ $- . UUCP $2!$1 u@h.UUCP => h!u') 919c2aa98e2SPeter Wemm 920c2aa98e2SPeter Wemmifdef(`_USE_DECNET_SYNTAX_', 921c2aa98e2SPeter Wemm`# put DECnet back in :: form 922c2aa98e2SPeter WemmR$+ @ $+ . DECNET $2 :: $1 u@h.DECNET => h::u', 923c2aa98e2SPeter Wemm `dnl') 924c2aa98e2SPeter Wemm# delete duplicate local names 925c2aa98e2SPeter WemmR$+ % $=w @ $=w $1 @ $2 u%host@host => u@host 926c2aa98e2SPeter Wemm 927c2aa98e2SPeter Wemm 928c2aa98e2SPeter Wemm 929c2aa98e2SPeter Wemm############################################################## 930c2aa98e2SPeter Wemm### Ruleset 97 -- recanonicalize and call ruleset zero ### 931c2aa98e2SPeter Wemm### (used for recursive calls) ### 932c2aa98e2SPeter Wemm############################################################## 933c2aa98e2SPeter Wemm 93406f25ae9SGregory Neil ShapiroSRecurse=97 93506f25ae9SGregory Neil ShapiroR$* $: $>canonify $1 93606f25ae9SGregory Neil ShapiroR$* $@ $>parse $1 937c2aa98e2SPeter Wemm 938c2aa98e2SPeter Wemm 939c2aa98e2SPeter Wemm###################################### 940c2aa98e2SPeter Wemm### Ruleset 0 -- Parse Address ### 941c2aa98e2SPeter Wemm###################################### 942c2aa98e2SPeter Wemm 94306f25ae9SGregory Neil ShapiroSparse=0 944c2aa98e2SPeter Wemm 945c2aa98e2SPeter WemmR$* $: $>Parse0 $1 initial parsing 946c2aa98e2SPeter WemmR<@> $#_LOCAL_ $: <@> special case error msgs 94706f25ae9SGregory Neil ShapiroR$* $: $>ParseLocal $1 handle local hacks 948c2aa98e2SPeter WemmR$* $: $>Parse1 $1 final parsing 949c2aa98e2SPeter Wemm 950c2aa98e2SPeter Wemm# 951c2aa98e2SPeter Wemm# Parse0 -- do initial syntax checking and eliminate local addresses. 952c2aa98e2SPeter Wemm# This should either return with the (possibly modified) input 953c2aa98e2SPeter Wemm# or return with a #error mailer. It should not return with a 954c2aa98e2SPeter Wemm# #mailer other than the #error mailer. 955c2aa98e2SPeter Wemm# 956c2aa98e2SPeter Wemm 957c2aa98e2SPeter WemmSParse0 958c2aa98e2SPeter WemmR<@> $@ <@> special case error msgs 95940266059SGregory Neil ShapiroR$* : $* ; <@> $#error $@ 5.1.3 $: "_CODE553 List:; syntax illegal for recipient addresses" 96006f25ae9SGregory Neil ShapiroR@ <@ $* > < @ $1 > catch "@@host" bogosity 96140266059SGregory Neil ShapiroR<@ $+> $#error $@ 5.1.3 $: "_CODE553 User address required" 96240266059SGregory Neil ShapiroR$+ <@> $#error $@ 5.1.3 $: "_CODE553 Hostname required" 963c2aa98e2SPeter WemmR$* $: <> $1 96440266059SGregory Neil Shapirodnl allow tricks like [host1]:[host2] 96540266059SGregory Neil ShapiroR<> $* < @ [ $* ] : $+ > $* $1 < @ [ $2 ] : $3 > $4 96640266059SGregory Neil ShapiroR<> $* < @ [ $* ] , $+ > $* $1 < @ [ $2 ] , $3 > $4 96740266059SGregory Neil Shapirodnl but no a@[b]c 96840266059SGregory Neil ShapiroR<> $* < @ [ $* ] $+ > $* $#error $@ 5.1.2 $: "_CODE553 Invalid address" 969c2aa98e2SPeter WemmR<> $* < @ [ $+ ] > $* $1 < @ [ $2 ] > $3 97040266059SGregory Neil ShapiroR<> $* <$* : $* > $* $#error $@ 5.1.3 $: "_CODE553 Colon illegal in host name part" 971c2aa98e2SPeter WemmR<> $* $1 97240266059SGregory Neil ShapiroR$* < @ . $* > $* $#error $@ 5.1.2 $: "_CODE553 Invalid host name" 97340266059SGregory Neil ShapiroR$* < @ $* .. $* > $* $#error $@ 5.1.2 $: "_CODE553 Invalid host name" 97440266059SGregory Neil Shapirodnl no a@b@ 97540266059SGregory Neil ShapiroR$* < @ $* @ > $* $#error $@ 5.1.2 $: "_CODE553 Invalid route address" 97640266059SGregory Neil Shapirodnl no a@b@c 97740266059SGregory Neil ShapiroR$* @ $* < @ $* > $* $#error $@ 5.1.3 $: "_CODE553 Invalid route address" 97806f25ae9SGregory Neil Shapirodnl comma only allowed before @; this check is not complete 97940266059SGregory Neil ShapiroR$* , $~O $* $#error $@ 5.1.3 $: "_CODE553 Invalid route address" 98040266059SGregory Neil Shapiro 98140266059SGregory Neil Shapiroifdef(`_STRICT_RFC821_', `# more RFC 821 checks 98240266059SGregory Neil ShapiroR$* . < @ $* > $* $#error $@ 5.1.2 $: "_CODE553 Local part must not end with a dot" 98340266059SGregory Neil ShapiroR. $* < @ $* > $* $#error $@ 5.1.2 $: "_CODE553 Local part must not begin with a dot" 98440266059SGregory Neil Shapirodnl', `dnl') 985c2aa98e2SPeter Wemm 986c2aa98e2SPeter Wemm# now delete the local info -- note $=O to find characters that cause forwarding 98706f25ae9SGregory Neil ShapiroR$* < @ > $* $@ $>Parse0 $>canonify $1 user@ => user 98806f25ae9SGregory Neil ShapiroR< @ $=w . > : $* $@ $>Parse0 $>canonify $2 @here:... -> ... 989c2aa98e2SPeter WemmR$- < @ $=w . > $: $(dequote $1 $) < @ $2 . > dequote "foo"@here 99040266059SGregory Neil ShapiroR< @ $+ > $#error $@ 5.1.3 $: "_CODE553 User address required" 99106f25ae9SGregory Neil ShapiroR$* $=O $* < @ $=w . > $@ $>Parse0 $>canonify $1 $2 $3 ...@here -> ... 992c2aa98e2SPeter WemmR$- $: $(dequote $1 $) < @ *LOCAL* > dequote "foo" 99340266059SGregory Neil ShapiroR< @ *LOCAL* > $#error $@ 5.1.3 $: "_CODE553 User address required" 994c2aa98e2SPeter WemmR$* $=O $* < @ *LOCAL* > 99506f25ae9SGregory Neil Shapiro $@ $>Parse0 $>canonify $1 $2 $3 ...@*LOCAL* -> ... 996c2aa98e2SPeter WemmR$* < @ *LOCAL* > $: $1 997c2aa98e2SPeter Wemm 998c2aa98e2SPeter Wemm# 999c2aa98e2SPeter Wemm# Parse1 -- the bottom half of ruleset 0. 1000c2aa98e2SPeter Wemm# 1001c2aa98e2SPeter Wemm 1002c2aa98e2SPeter WemmSParse1 100306f25ae9SGregory Neil Shapiroifdef(`_LDAP_ROUTING_', `dnl 100406f25ae9SGregory Neil Shapiro# handle LDAP routing for hosts in $={LDAPRoute} 100540266059SGregory Neil ShapiroR$+ < @ $={LDAPRoute} . > $: $>LDAPExpand <$1 < @ $2 . >> <$1 @ $2> <> 100640266059SGregory Neil ShapiroR$+ < @ $={LDAPRouteEquiv} . > $: $>LDAPExpand <$1 < @ $2 . >> <$1 @ $M> <>', 1007c2aa98e2SPeter Wemm`dnl') 1008c2aa98e2SPeter Wemm 100906f25ae9SGregory Neil Shapiroifdef(`_MAILER_smtp_', 101006f25ae9SGregory Neil Shapiro`# handle numeric address spec 101106f25ae9SGregory Neil Shapirodnl there is no check whether this is really an IP number 101206f25ae9SGregory Neil ShapiroR$* < @ [ $+ ] > $* $: $>ParseLocal $1 < @ [ $2 ] > $3 numeric internet spec 101306f25ae9SGregory Neil ShapiroR$* < @ [ $+ ] > $* $1 < @ [ $2 ] : $S > $3 Add smart host to path 101406f25ae9SGregory Neil ShapiroR$* < @ [ $+ ] : > $* $#_SMTP_ $@ [$2] $: $1 < @ [$2] > $3 no smarthost: send 101506f25ae9SGregory Neil ShapiroR$* < @ [ $+ ] : $- : $*> $* $#$3 $@ $4 $: $1 < @ [$2] > $5 smarthost with mailer 101606f25ae9SGregory Neil ShapiroR$* < @ [ $+ ] : $+ > $* $#_SMTP_ $@ $3 $: $1 < @ [$2] > $4 smarthost without mailer', 101706f25ae9SGregory Neil Shapiro `dnl') 101806f25ae9SGregory Neil Shapiro 101906f25ae9SGregory Neil Shapiroifdef(`_VIRTUSER_TABLE_', `dnl 1020c2aa98e2SPeter Wemm# handle virtual users 102140266059SGregory Neil Shapiroifdef(`_VIRTUSER_STOP_ONE_LEVEL_RECURSION_',`dnl 102240266059SGregory Neil Shapirodnl this is not a documented option 102340266059SGregory Neil Shapirodnl it stops looping in virtusertable mapping if input and output 102440266059SGregory Neil Shapirodnl are identical, i.e., if address A is mapped to A. 102540266059SGregory Neil Shapirodnl it does not deal with multi-level recursion 102640266059SGregory Neil Shapiro# handle full domains in RHS of virtusertable 102740266059SGregory Neil ShapiroR$+ < @ $+ > $: $(macro {RecipientAddress} $) $1 < @ $2 > 102840266059SGregory Neil ShapiroR$+ < @ $+ > $: <?> $1 < @ $2 > $| $>final $1 < @ $2 > 102940266059SGregory Neil ShapiroR<?> $+ $| $+ $: $1 $(macro {RecipientAddress} $@ $2 $) 103040266059SGregory Neil ShapiroR<?> $+ $| $* $: $1', 103140266059SGregory Neil Shapiro`dnl') 103206f25ae9SGregory Neil ShapiroR$+ $: <!> $1 Mark for lookup 103340266059SGregory Neil Shapirodnl input: <!> local<@domain> 103406f25ae9SGregory Neil Shapiroifdef(`_VIRTUSER_ENTIRE_DOMAIN_', 103506f25ae9SGregory Neil Shapiro`R<!> $+ < @ $* $={VirtHost} . > $: < $(virtuser $1 @ $2 $3 $@ $1 $: @ $) > $1 < @ $2 $3 . >', 103606f25ae9SGregory Neil Shapiro`R<!> $+ < @ $={VirtHost} . > $: < $(virtuser $1 @ $2 $@ $1 $: @ $) > $1 < @ $2 . >') 103740266059SGregory Neil Shapirodnl input: <result-of-lookup | @> local<@domain> | <!> local<@domain> 103806f25ae9SGregory Neil ShapiroR<!> $+ < @ $=w . > $: < $(virtuser $1 @ $2 $@ $1 $: @ $) > $1 < @ $2 . > 103940266059SGregory Neil Shapirodnl if <@> local<@domain>: no match but try lookup 104040266059SGregory Neil Shapirodnl user+detail: try user++@domain if detail not empty 104140266059SGregory Neil ShapiroR<@> $+ + $+ < @ $* . > 104240266059SGregory Neil Shapiro $: < $(virtuser $1 + + @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . > 104340266059SGregory Neil Shapirodnl user+detail: try user+*@domain 1044c2aa98e2SPeter WemmR<@> $+ + $* < @ $* . > 104540266059SGregory Neil Shapiro $: < $(virtuser $1 + * @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . > 104640266059SGregory Neil Shapirodnl user+detail: try user@domain 1047c2aa98e2SPeter WemmR<@> $+ + $* < @ $* . > 104840266059SGregory Neil Shapiro $: < $(virtuser $1 @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . > 104906f25ae9SGregory Neil Shapirodnl try default entry: @domain 105040266059SGregory Neil Shapirodnl ++@domain 105140266059SGregory Neil ShapiroR<@> $+ + $+ < @ $+ . > $: < $(virtuser + + @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . > 105206f25ae9SGregory Neil Shapirodnl +*@domain 105340266059SGregory Neil ShapiroR<@> $+ + $* < @ $+ . > $: < $(virtuser + * @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . > 105406f25ae9SGregory Neil Shapirodnl @domain if +detail exists 105540266059SGregory Neil ShapiroR<@> $+ + $* < @ $+ . > $: < $(virtuser @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . > 105606f25ae9SGregory Neil Shapirodnl without +detail (or no match) 1057c2aa98e2SPeter WemmR<@> $+ < @ $+ . > $: < $(virtuser @ $2 $@ $1 $: @ $) > $1 < @ $2 . > 105840266059SGregory Neil Shapirodnl no match 1059c2aa98e2SPeter WemmR<@> $+ $: $1 106040266059SGregory Neil Shapirodnl remove mark 106106f25ae9SGregory Neil ShapiroR<!> $+ $: $1 106206f25ae9SGregory Neil ShapiroR< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4 1063c2aa98e2SPeter WemmR< error : $- $+ > $* $#error $@ $(dequote $1 $) $: $2 106440266059SGregory Neil Shapiroifdef(`_VIRTUSER_STOP_ONE_LEVEL_RECURSION_',`dnl 106540266059SGregory Neil Shapiro# check virtuser input address against output address, if same, skip recursion 106640266059SGregory Neil ShapiroR< $+ > $+ < @ $+ > $: < $1 > $2 < @ $3 > $| $1 106740266059SGregory Neil Shapiro# it is the same: stop now 106840266059SGregory Neil ShapiroR< $+ > $+ < @ $+ > $| $&{RecipientAddress} $: $>ParseLocal $>Parse0 $>canonify $1 106940266059SGregory Neil ShapiroR< $+ > $+ < @ $+ > $| $* $: < $1 > $2 < @ $3 > 107040266059SGregory Neil Shapirodnl', `dnl') 107113058a91SGregory Neil Shapirodnl this is not a documented option 107213058a91SGregory Neil Shapirodnl it performs no looping at all for virtusertable 10738774250cSGregory Neil Shapiroifdef(`_NO_VIRTUSER_RECURSION_', 10748774250cSGregory Neil Shapiro`R< $+ > $+ < @ $+ > $: $>ParseLocal $>Parse0 $>canonify $1', 10758774250cSGregory Neil Shapiro`R< $+ > $+ < @ $+ > $: $>Recurse $1') 10768774250cSGregory Neil Shapirodnl', `dnl') 1077c2aa98e2SPeter Wemm 1078c2aa98e2SPeter Wemm# short circuit local delivery so forwarded email works 1079c2aa98e2SPeter Wemmifdef(`_MAILER_usenet_', `dnl 108006f25ae9SGregory Neil ShapiroR$+ . USENET < @ $=w . > $#usenet $@ usenet $: $1 handle usenet specially', `dnl') 108142e5d165SGregory Neil Shapiro 108242e5d165SGregory Neil Shapiro 1083c2aa98e2SPeter Wemmifdef(`_STICKY_LOCAL_DOMAIN_', 1084c2aa98e2SPeter Wemm`R$+ < @ $=w . > $: < $H > $1 < @ $2 . > first try hub 108506f25ae9SGregory Neil ShapiroR< $+ > $+ < $+ > $>MailerToTriple < $1 > $2 < $3 > yep .... 108606f25ae9SGregory Neil Shapirodnl $H empty (but @$=w.) 1087c2aa98e2SPeter WemmR< > $+ + $* < $+ > $#_LOCAL_ $: $1 + $2 plussed name? 1088c2aa98e2SPeter WemmR< > $+ < $+ > $#_LOCAL_ $: @ $1 nope, local address', 1089c2aa98e2SPeter Wemm`R$=L < @ $=w . > $#_LOCAL_ $: @ $1 special local names 1090c2aa98e2SPeter WemmR$+ < @ $=w . > $#_LOCAL_ $: $1 regular local name') 1091c2aa98e2SPeter Wemm 109206f25ae9SGregory Neil Shapiroifdef(`_MAILER_TABLE_', `dnl 1093c2aa98e2SPeter Wemm# not local -- try mailer table lookup 1094c2aa98e2SPeter WemmR$* <@ $+ > $* $: < $2 > $1 < @ $2 > $3 extract host name 1095c2aa98e2SPeter WemmR< $+ . > $* $: < $1 > $2 strip trailing dot 1096c2aa98e2SPeter WemmR< $+ > $* $: < $(mailertable $1 $) > $2 lookup 109706f25ae9SGregory Neil Shapirodnl it is $~[ instead of $- to avoid matches on IPv6 addresses 109806f25ae9SGregory Neil ShapiroR< $~[ : $* > $* $>MailerToTriple < $1 : $2 > $3 check -- resolved? 109906f25ae9SGregory Neil ShapiroR< $+ > $* $: $>Mailertable <$1> $2 try domain', 1100c2aa98e2SPeter Wemm`dnl') 110106f25ae9SGregory Neil Shapiroundivert(4)dnl UUCP rules from `MAILER(uucp)' 1102c2aa98e2SPeter Wemm 1103c2aa98e2SPeter Wemmifdef(`_NO_UUCP_', `dnl', 1104c2aa98e2SPeter Wemm`# resolve remotely connected UUCP links (if any) 1105c2aa98e2SPeter Wemmifdef(`_CLASS_V_', 110606f25ae9SGregory Neil Shapiro`R$* < @ $=V . UUCP . > $* $: $>MailerToTriple < $V > $1 <@$2.UUCP.> $3', 1107c2aa98e2SPeter Wemm `dnl') 1108c2aa98e2SPeter Wemmifdef(`_CLASS_W_', 110906f25ae9SGregory Neil Shapiro`R$* < @ $=W . UUCP . > $* $: $>MailerToTriple < $W > $1 <@$2.UUCP.> $3', 1110c2aa98e2SPeter Wemm `dnl') 1111c2aa98e2SPeter Wemmifdef(`_CLASS_X_', 111206f25ae9SGregory Neil Shapiro`R$* < @ $=X . UUCP . > $* $: $>MailerToTriple < $X > $1 <@$2.UUCP.> $3', 1113c2aa98e2SPeter Wemm `dnl')') 1114c2aa98e2SPeter Wemm 1115c2aa98e2SPeter Wemm# resolve fake top level domains by forwarding to other hosts 1116c2aa98e2SPeter Wemmifdef(`BITNET_RELAY', 111706f25ae9SGregory Neil Shapiro`R$*<@$+.BITNET.>$* $: $>MailerToTriple < $B > $1 <@$2.BITNET.> $3 user@host.BITNET', 1118c2aa98e2SPeter Wemm `dnl') 1119c2aa98e2SPeter Wemmifdef(`DECNET_RELAY', 112006f25ae9SGregory Neil Shapiro`R$*<@$+.DECNET.>$* $: $>MailerToTriple < $C > $1 <@$2.DECNET.> $3 user@host.DECNET', 1121c2aa98e2SPeter Wemm `dnl') 1122c2aa98e2SPeter Wemmifdef(`_MAILER_pop_', 1123c2aa98e2SPeter Wemm`R$+ < @ POP. > $#pop $: $1 user@POP', 1124c2aa98e2SPeter Wemm `dnl') 1125c2aa98e2SPeter Wemmifdef(`_MAILER_fax_', 1126c2aa98e2SPeter Wemm`R$+ < @ $+ .FAX. > $#fax $@ $2 $: $1 user@host.FAX', 1127c2aa98e2SPeter Wemm`ifdef(`FAX_RELAY', 112806f25ae9SGregory Neil Shapiro`R$*<@$+.FAX.>$* $: $>MailerToTriple < $F > $1 <@$2.FAX.> $3 user@host.FAX', 1129c2aa98e2SPeter Wemm `dnl')') 1130c2aa98e2SPeter Wemm 1131c2aa98e2SPeter Wemmifdef(`UUCP_RELAY', 1132c2aa98e2SPeter Wemm`# forward non-local UUCP traffic to our UUCP relay 113306f25ae9SGregory Neil ShapiroR$*<@$*.UUCP.>$* $: $>MailerToTriple < $Y > $1 <@$2.UUCP.> $3 uucp mail', 1134c2aa98e2SPeter Wemm`ifdef(`_MAILER_uucp_', 1135c2aa98e2SPeter Wemm`# forward other UUCP traffic straight to UUCP 1136c2aa98e2SPeter WemmR$* < @ $+ .UUCP. > $* $#_UUCP_ $@ $2 $: $1 < @ $2 .UUCP. > $3 user@host.UUCP', 1137c2aa98e2SPeter Wemm `dnl')') 1138c2aa98e2SPeter Wemmifdef(`_MAILER_usenet_', ` 1139c2aa98e2SPeter Wemm# addresses sent to net.group.USENET will get forwarded to a newsgroup 114006f25ae9SGregory Neil ShapiroR$+ . USENET $#usenet $@ usenet $: $1', 1141c2aa98e2SPeter Wemm `dnl') 1142c2aa98e2SPeter Wemm 1143c2aa98e2SPeter Wemmifdef(`_LOCAL_RULES_', 1144c2aa98e2SPeter Wemm`# figure out what should stay in our local mail system 1145c2aa98e2SPeter Wemmundivert(1)', `dnl') 1146c2aa98e2SPeter Wemm 1147c2aa98e2SPeter Wemm# pass names that still have a host to a smarthost (if defined) 114806f25ae9SGregory Neil ShapiroR$* < @ $* > $* $: $>MailerToTriple < $S > $1 < @ $2 > $3 glue on smarthost name 1149c2aa98e2SPeter Wemm 1150c2aa98e2SPeter Wemm# deal with other remote names 1151c2aa98e2SPeter Wemmifdef(`_MAILER_smtp_', 1152c2aa98e2SPeter Wemm`R$* < @$* > $* $#_SMTP_ $@ $2 $: $1 < @ $2 > $3 user@host.domain', 115340266059SGregory Neil Shapiro`R$* < @$* > $* $#error $@ 5.1.2 $: "_CODE553 Unrecognized host name " $2') 1154c2aa98e2SPeter Wemm 1155c2aa98e2SPeter Wemm# handle locally delivered names 1156c2aa98e2SPeter WemmR$=L $#_LOCAL_ $: @ $1 special local names 1157c2aa98e2SPeter WemmR$+ $#_LOCAL_ $: $1 regular local names 1158c2aa98e2SPeter Wemm 1159c2aa98e2SPeter Wemm########################################################################### 1160c2aa98e2SPeter Wemm### Ruleset 5 -- special rewriting after aliases have been expanded ### 1161c2aa98e2SPeter Wemm########################################################################### 1162c2aa98e2SPeter Wemm 116306f25ae9SGregory Neil ShapiroSLocal_localaddr 116406f25ae9SGregory Neil ShapiroSlocaladdr=5 116506f25ae9SGregory Neil ShapiroR$+ $: $1 $| $>"Local_localaddr" $1 116640266059SGregory Neil ShapiroR$+ $| $#ok $@ $1 no change 116706f25ae9SGregory Neil ShapiroR$+ $| $#$* $#$2 116806f25ae9SGregory Neil ShapiroR$+ $| $* $: $1 1169c2aa98e2SPeter Wemm 117040266059SGregory Neil Shapiroifdef(`_PRESERVE_LUSER_HOST_', `dnl 117140266059SGregory Neil Shapiro# Preserve rcpt_host in {Host} 117240266059SGregory Neil ShapiroR$+ $: $1 $| $&h $| $&{Host} check h and {Host} 117340266059SGregory Neil ShapiroR$+ $| $| $: $(macro {Host} $@ $) $1 no h or {Host} 117440266059SGregory Neil ShapiroR$+ $| $| $+ $: $1 h not set, {Host} set 117540266059SGregory Neil ShapiroR$+ $| +$* $| $* $: $1 h is +detail, {Host} set 117640266059SGregory Neil ShapiroR$+ $| $+ $| $* $: $(macro {Host} $@ @$2 $) $1 set {Host} to h 117740266059SGregory Neil Shapiro')dnl 117840266059SGregory Neil Shapiro 117940266059SGregory Neil Shapiroifdef(`_FFR_5_', `dnl 118042e5d165SGregory Neil Shapiro# Preserve host in a macro 118142e5d165SGregory Neil ShapiroR$+ $: $(macro {LocalAddrHost} $) $1 118242e5d165SGregory Neil ShapiroR$+ @ $+ $: $(macro {LocalAddrHost} $@ @ $2 $) $1') 1183c2aa98e2SPeter Wemm 118440266059SGregory Neil Shapiroifdef(`_PRESERVE_LOCAL_PLUS_DETAIL_', `', `dnl 118542e5d165SGregory Neil Shapiro# deal with plussed users so aliases work nicely 118642e5d165SGregory Neil ShapiroR$+ + * $#_LOCAL_ $@ $&h $: $1`'ifdef(`_FFR_5_', ` $&{LocalAddrHost}') 118742e5d165SGregory Neil ShapiroR$+ + $* $#_LOCAL_ $@ + $2 $: $1 + *`'ifdef(`_FFR_5_', ` $&{LocalAddrHost}') 118842e5d165SGregory Neil Shapiro') 1189c2aa98e2SPeter Wemm# prepend an empty "forward host" on the front 1190c2aa98e2SPeter WemmR$+ $: <> $1 1191c2aa98e2SPeter Wemm 1192c2aa98e2SPeter Wemmifdef(`LUSER_RELAY', `dnl 1193c2aa98e2SPeter Wemm# send unrecognized local users to a relay host 119440266059SGregory Neil Shapiroifdef(`_PRESERVE_LOCAL_PLUS_DETAIL_', `dnl 119542e5d165SGregory Neil ShapiroR< > $+ + $* $: < ? $L > <+ $2> $(user $1 $) look up user+ 119642e5d165SGregory Neil ShapiroR< > $+ $: < ? $L > < > $(user $1 $) look up user 119742e5d165SGregory Neil ShapiroR< ? $* > < $* > $+ <> $: < > $3 $2 found; strip $L 119842e5d165SGregory Neil ShapiroR< ? $* > < $* > $+ $: < $1 > $3 $2 not found', ` 119906f25ae9SGregory Neil ShapiroR< > $+ $: < $L > $(user $1 $) look up user 120040266059SGregory Neil ShapiroR< $* > $+ <> $: < > $2 found; strip $L') 120140266059SGregory Neil Shapiroifdef(`_PRESERVE_LUSER_HOST_', `dnl 120240266059SGregory Neil ShapiroR< $+ > $+ $: < $1 > $2 $&{Host}') 120340266059SGregory Neil Shapirodnl') 1204c2aa98e2SPeter Wemm 120540266059SGregory Neil Shapiroifdef(`MAIL_HUB', `dnl 120640266059SGregory Neil ShapiroR< > $+ $: < $H > $1 try hub', `dnl') 120740266059SGregory Neil Shapiroifdef(`LOCAL_RELAY', `dnl 120840266059SGregory Neil ShapiroR< > $+ $: < $R > $1 try relay', `dnl') 120940266059SGregory Neil Shapiroifdef(`_PRESERVE_LOCAL_PLUS_DETAIL_', `dnl 121040266059SGregory Neil ShapiroR< > $+ $@ $1', `dnl 121106f25ae9SGregory Neil ShapiroR< > $+ $: < > < $1 <> $&h > nope, restore +detail 121240266059SGregory Neil Shapiroifdef(`_PRESERVE_LUSER_HOST_', `dnl 121340266059SGregory Neil ShapiroR< > < $+ @ $+ <> + $* > $: < > < $1 + $3 @ $2 > check whether +detail') 121406f25ae9SGregory Neil ShapiroR< > < $+ <> + $* > $: < > < $1 + $2 > check whether +detail 121506f25ae9SGregory Neil ShapiroR< > < $+ <> $* > $: < > < $1 > else discard 1216c2aa98e2SPeter WemmR< > < $+ + $* > $* < > < $1 > + $2 $3 find the user part 121742e5d165SGregory Neil ShapiroR< > < $+ > + $* $#_LOCAL_ $@ $2 $: @ $1`'ifdef(`_FFR_5_', ` $&{LocalAddrHost}') strip the extra + 1218c2aa98e2SPeter WemmR< > < $+ > $@ $1 no +detail 12192e43090eSPeter WemmR$+ $: $1 <> $&h add +detail back in 122040266059SGregory Neil Shapiroifdef(`_PRESERVE_LUSER_HOST_', `dnl 122140266059SGregory Neil ShapiroR$+ @ $+ <> + $* $: $1 + $3 @ $2 check whether +detail') 12222e43090eSPeter WemmR$+ <> + $* $: $1 + $2 check whether +detail 122342e5d165SGregory Neil ShapiroR$+ <> $* $: $1 else discard') 122406f25ae9SGregory Neil ShapiroR< local : $* > $* $: $>MailerToTriple < local : $1 > $2 no host extension 122506f25ae9SGregory Neil ShapiroR< error : $* > $* $: $>MailerToTriple < error : $1 > $2 no host extension 122640266059SGregory Neil Shapiroifdef(`_PRESERVE_LUSER_HOST_', `dnl 122740266059SGregory Neil Shapirodnl it is $~[ instead of $- to avoid matches on IPv6 addresses 122840266059SGregory Neil ShapiroR< $~[ : $+ > $+ @ $+ $: $>MailerToTriple < $1 : $2 > $3 < @ $4 >') 122940266059SGregory Neil ShapiroR< $~[ : $+ > $+ $: $>MailerToTriple < $1 : $2 > $3 < @ $2 > 123040266059SGregory Neil Shapiroifdef(`_PRESERVE_LUSER_HOST_', `dnl 123140266059SGregory Neil ShapiroR< $+ > $+ @ $+ $@ $>MailerToTriple < $1 > $2 < @ $3 >') 123206f25ae9SGregory Neil ShapiroR< $+ > $+ $@ $>MailerToTriple < $1 > $2 < @ $1 > 1233c2aa98e2SPeter Wemm 123406f25ae9SGregory Neil Shapiroifdef(`_MAILER_TABLE_', `dnl 123540266059SGregory Neil Shapiroifdef(`_LDAP_ROUTING_', `dnl 123640266059SGregory Neil Shapiro################################################################### 123740266059SGregory Neil Shapiro### Ruleset LDAPMailertable -- mailertable lookup for LDAP ### 123840266059SGregory Neil Shapirodnl input: <Domain> FullAddress 123940266059SGregory Neil Shapiro################################################################### 124040266059SGregory Neil Shapiro 124140266059SGregory Neil ShapiroSLDAPMailertable 124240266059SGregory Neil ShapiroR< $+ > $* $: < $(mailertable $1 $) > $2 lookup 124340266059SGregory Neil ShapiroR< $~[ : $* > $* $>MailerToTriple < $1 : $2 > $3 check resolved? 124440266059SGregory Neil ShapiroR< $+ > $* $: < $1 > $>Mailertable <$1> $2 try domain 124540266059SGregory Neil ShapiroR< $+ > $#$* $#$2 found 124640266059SGregory Neil ShapiroR< $+ > $* $#_RELAY_ $@ $1 $: $2 not found, direct relay', 124740266059SGregory Neil Shapiro`dnl') 124840266059SGregory Neil Shapiro 1249c2aa98e2SPeter Wemm################################################################### 1250c2aa98e2SPeter Wemm### Ruleset 90 -- try domain part of mailertable entry ### 125106f25ae9SGregory Neil Shapirodnl input: LeftPartOfDomain <RightPartOfDomain> FullAddress 1252c2aa98e2SPeter Wemm################################################################### 1253c2aa98e2SPeter Wemm 125406f25ae9SGregory Neil ShapiroSMailertable=90 125506f25ae9SGregory Neil Shapirodnl shift and check 125606f25ae9SGregory Neil Shapirodnl %2 is not documented in cf/README 1257c2aa98e2SPeter WemmR$* <$- . $+ > $* $: $1$2 < $(mailertable .$3 $@ $1$2 $@ $2 $) > $4 125806f25ae9SGregory Neil Shapirodnl it is $~[ instead of $- to avoid matches on IPv6 addresses 125906f25ae9SGregory Neil ShapiroR$* <$~[ : $* > $* $>MailerToTriple < $2 : $3 > $4 check -- resolved? 126006f25ae9SGregory Neil ShapiroR$* < . $+ > $* $@ $>Mailertable $1 . <$2> $3 no -- strip & try again 126106f25ae9SGregory Neil Shapirodnl is $2 always empty? 1262c2aa98e2SPeter WemmR$* < $* > $* $: < $(mailertable . $@ $1$2 $) > $3 try "." 126306f25ae9SGregory Neil ShapiroR< $~[ : $* > $* $>MailerToTriple < $1 : $2 > $3 "." found? 126406f25ae9SGregory Neil Shapirodnl return full address 1265c2aa98e2SPeter WemmR< $* > $* $@ $2 no mailertable match', 1266c2aa98e2SPeter Wemm`dnl') 1267c2aa98e2SPeter Wemm 1268c2aa98e2SPeter Wemm################################################################### 1269c2aa98e2SPeter Wemm### Ruleset 95 -- canonify mailer:[user@]host syntax to triple ### 127006f25ae9SGregory Neil Shapirodnl input: in general: <[mailer:]host> lp<@domain>rest 127106f25ae9SGregory Neil Shapirodnl <> address -> address 127206f25ae9SGregory Neil Shapirodnl <error:d.s.n:text> -> error 127306f25ae9SGregory Neil Shapirodnl <error:text> -> error 127406f25ae9SGregory Neil Shapirodnl <mailer:user@host> lp<@domain>rest -> mailer host user 127506f25ae9SGregory Neil Shapirodnl <mailer:host> address -> mailer host address 127606f25ae9SGregory Neil Shapirodnl <localdomain> address -> address 127706f25ae9SGregory Neil Shapirodnl <host> address -> relay host address 1278c2aa98e2SPeter Wemm################################################################### 1279c2aa98e2SPeter Wemm 128006f25ae9SGregory Neil ShapiroSMailerToTriple=95 1281c2aa98e2SPeter WemmR< > $* $@ $1 strip off null relay 128206f25ae9SGregory Neil ShapiroR< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4 1283c2aa98e2SPeter WemmR< error : $- $+ > $* $#error $@ $(dequote $1 $) $: $2 1284c2aa98e2SPeter WemmR< local : $* > $* $>CanonLocal < $1 > $2 128540266059SGregory Neil Shapirodnl it is $~[ instead of $- to avoid matches on IPv6 addresses 128640266059SGregory Neil ShapiroR< $~[ : $+ @ $+ > $*<$*>$* $# $1 $@ $3 $: $2<@$3> use literal user 128740266059SGregory Neil ShapiroR< $~[ : $+ > $* $# $1 $@ $2 $: $3 try qualified mailer 1288c2aa98e2SPeter WemmR< $=w > $* $@ $2 delete local host 1289c2aa98e2SPeter WemmR< $+ > $* $#_RELAY_ $@ $1 $: $2 use unqualified mailer 1290c2aa98e2SPeter Wemm 1291c2aa98e2SPeter Wemm################################################################### 1292c2aa98e2SPeter Wemm### Ruleset CanonLocal -- canonify local: syntax ### 129306f25ae9SGregory Neil Shapirodnl input: <user> address 129406f25ae9SGregory Neil Shapirodnl <x> <@host> : rest -> Recurse rest 129506f25ae9SGregory Neil Shapirodnl <x> p1 $=O p2 <@host> -> Recurse p1 $=O p2 129606f25ae9SGregory Neil Shapirodnl <> user <@host> rest -> local user@host user 129706f25ae9SGregory Neil Shapirodnl <> user -> local user user 129806f25ae9SGregory Neil Shapirodnl <user@host> lp <@domain> rest -> <user> lp <@host> [cont] 129906f25ae9SGregory Neil Shapirodnl <user> lp <@host> rest -> local lp@host user 130006f25ae9SGregory Neil Shapirodnl <user> lp -> local lp user 1301c2aa98e2SPeter Wemm################################################################### 1302c2aa98e2SPeter Wemm 1303c2aa98e2SPeter WemmSCanonLocal 13042e43090eSPeter Wemm# strip local host from routed addresses 130506f25ae9SGregory Neil ShapiroR< $* > < @ $+ > : $+ $@ $>Recurse $3 130606f25ae9SGregory Neil ShapiroR< $* > $+ $=O $+ < @ $+ > $@ $>Recurse $2 $3 $4 13072e43090eSPeter Wemm 1308c2aa98e2SPeter Wemm# strip trailing dot from any host name that may appear 1309c2aa98e2SPeter WemmR< $* > $* < @ $* . > $: < $1 > $2 < @ $3 > 1310c2aa98e2SPeter Wemm 1311c2aa98e2SPeter Wemm# handle local: syntax -- use old user, either with or without host 1312c2aa98e2SPeter WemmR< > $* < @ $* > $* $#_LOCAL_ $@ $1@$2 $: $1 1313c2aa98e2SPeter WemmR< > $+ $#_LOCAL_ $@ $1 $: $1 1314c2aa98e2SPeter Wemm 1315c2aa98e2SPeter Wemm# handle local:user@host syntax -- ignore host part 1316c2aa98e2SPeter WemmR< $+ @ $+ > $* < @ $* > $: < $1 > $3 < @ $4 > 1317c2aa98e2SPeter Wemm 1318c2aa98e2SPeter Wemm# handle local:user syntax 1319c2aa98e2SPeter WemmR< $+ > $* <@ $* > $* $#_LOCAL_ $@ $2@$3 $: $1 1320c2aa98e2SPeter WemmR< $+ > $* $#_LOCAL_ $@ $2 $: $1 1321c2aa98e2SPeter Wemm 1322c2aa98e2SPeter Wemm################################################################### 1323c2aa98e2SPeter Wemm### Ruleset 93 -- convert header names to masqueraded form ### 1324c2aa98e2SPeter Wemm################################################################### 1325c2aa98e2SPeter Wemm 132606f25ae9SGregory Neil ShapiroSMasqHdr=93 1327c2aa98e2SPeter Wemm 132806f25ae9SGregory Neil Shapiroifdef(`_GENERICS_TABLE_', `dnl 1329c2aa98e2SPeter Wemm# handle generics database 1330c2aa98e2SPeter Wemmifdef(`_GENERICS_ENTIRE_DOMAIN_', 133106f25ae9SGregory Neil Shapirodnl if generics should be applied add a @ as mark 1332c2aa98e2SPeter Wemm`R$+ < @ $* $=G . > $: < $1@$2$3 > $1 < @ $2$3 . > @ mark', 1333c2aa98e2SPeter Wemm`R$+ < @ $=G . > $: < $1@$2 > $1 < @ $2 . > @ mark') 1334c2aa98e2SPeter WemmR$+ < @ *LOCAL* > $: < $1@$j > $1 < @ *LOCAL* > @ mark 133506f25ae9SGregory Neil Shapirodnl workspace: either user<@domain> or <user@domain> user <@domain> @ 133606f25ae9SGregory Neil Shapirodnl ignore the first case for now 133706f25ae9SGregory Neil Shapirodnl if it has the mark lookup full address 133840266059SGregory Neil Shapirodnl broken: %1 is full address not just detail 133906f25ae9SGregory Neil ShapiroR< $+ > $+ < $* > @ $: < $(generics $1 $: @ $1 $) > $2 < $3 > 134006f25ae9SGregory Neil Shapirodnl workspace: ... or <match|@user@domain> user <@domain> 134106f25ae9SGregory Neil Shapirodnl no match, try user+detail@domain 134206f25ae9SGregory Neil ShapiroR<@$+ + $* @ $+> $+ < @ $+ > 134306f25ae9SGregory Neil Shapiro $: < $(generics $1+*@$3 $@ $2 $:@$1 + $2@$3 $) > $4 < @ $5 > 134406f25ae9SGregory Neil ShapiroR<@$+ + $* @ $+> $+ < @ $+ > 134506f25ae9SGregory Neil Shapiro $: < $(generics $1@$3 $: $) > $4 < @ $5 > 134606f25ae9SGregory Neil Shapirodnl no match, remove mark 134706f25ae9SGregory Neil ShapiroR<@$+ > $+ < @ $+ > $: < > $2 < @ $3 > 134806f25ae9SGregory Neil Shapirodnl no match, try @domain for exceptions 134906f25ae9SGregory Neil ShapiroR< > $+ < @ $+ . > $: < $(generics @$2 $@ $1 $: $) > $1 < @ $2 . > 135006f25ae9SGregory Neil Shapirodnl workspace: ... or <match> user <@domain> 135106f25ae9SGregory Neil Shapirodnl no match, try local part 1352c2aa98e2SPeter WemmR< > $+ < @ $+ > $: < $(generics $1 $: $) > $1 < @ $2 > 135306f25ae9SGregory Neil ShapiroR< > $+ + $* < @ $+ > $: < $(generics $1+* $@ $2 $: $) > $1 + $2 < @ $3 > 135406f25ae9SGregory Neil ShapiroR< > $+ + $* < @ $+ > $: < $(generics $1 $: $) > $1 + $2 < @ $3 > 135506f25ae9SGregory Neil ShapiroR< $* @ $* > $* < $* > $@ $>canonify $1 @ $2 found qualified 135606f25ae9SGregory Neil ShapiroR< $+ > $* < $* > $: $>canonify $1 @ *LOCAL* found unqualified 1357c2aa98e2SPeter WemmR< > $* $: $1 not found', 1358c2aa98e2SPeter Wemm`dnl') 1359c2aa98e2SPeter Wemm 136006f25ae9SGregory Neil Shapiro# do not masquerade anything in class N 136106f25ae9SGregory Neil ShapiroR$* < @ $* $=N . > $@ $1 < @ $2 $3 . > 136206f25ae9SGregory Neil Shapiro 136340266059SGregory Neil Shapiroifdef(`MASQUERADE_NAME', `dnl 1364c2aa98e2SPeter Wemm# special case the users that should be exposed 1365c2aa98e2SPeter WemmR$=E < @ *LOCAL* > $@ $1 < @ $j . > leave exposed 1366c2aa98e2SPeter Wemmifdef(`_MASQUERADE_ENTIRE_DOMAIN_', 1367c2aa98e2SPeter Wemm`R$=E < @ $* $=M . > $@ $1 < @ $2 $3 . >', 1368c2aa98e2SPeter Wemm`R$=E < @ $=M . > $@ $1 < @ $2 . >') 1369c2aa98e2SPeter Wemmifdef(`_LIMITED_MASQUERADE_', `dnl', 1370c2aa98e2SPeter Wemm`R$=E < @ $=w . > $@ $1 < @ $2 . >') 1371c2aa98e2SPeter Wemm 1372c2aa98e2SPeter Wemm# handle domain-specific masquerading 1373c2aa98e2SPeter Wemmifdef(`_MASQUERADE_ENTIRE_DOMAIN_', 1374c2aa98e2SPeter Wemm`R$* < @ $* $=M . > $* $: $1 < @ $2 $3 . @ $M > $4 convert masqueraded doms', 1375c2aa98e2SPeter Wemm`R$* < @ $=M . > $* $: $1 < @ $2 . @ $M > $3 convert masqueraded doms') 1376c2aa98e2SPeter Wemmifdef(`_LIMITED_MASQUERADE_', `dnl', 1377c2aa98e2SPeter Wemm`R$* < @ $=w . > $* $: $1 < @ $2 . @ $M > $3') 1378c2aa98e2SPeter WemmR$* < @ *LOCAL* > $* $: $1 < @ $j . @ $M > $2 1379c2aa98e2SPeter WemmR$* < @ $+ @ > $* $: $1 < @ $2 > $3 $M is null 1380c2aa98e2SPeter WemmR$* < @ $+ @ $+ > $* $: $1 < @ $3 . > $4 $M is not null 138140266059SGregory Neil Shapirodnl', `dnl no masquerading 138240266059SGregory Neil Shapirodnl just fix *LOCAL* leftovers 138340266059SGregory Neil ShapiroR$* < @ *LOCAL* > $@ $1 < @ $j . >') 1384c2aa98e2SPeter Wemm 1385c2aa98e2SPeter Wemm################################################################### 1386c2aa98e2SPeter Wemm### Ruleset 94 -- convert envelope names to masqueraded form ### 1387c2aa98e2SPeter Wemm################################################################### 1388c2aa98e2SPeter Wemm 138906f25ae9SGregory Neil ShapiroSMasqEnv=94 1390c2aa98e2SPeter Wemmifdef(`_MASQUERADE_ENVELOPE_', 139106f25ae9SGregory Neil Shapiro`R$+ $@ $>MasqHdr $1', 1392c2aa98e2SPeter Wemm`R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2') 1393c2aa98e2SPeter Wemm 1394c2aa98e2SPeter Wemm################################################################### 1395c2aa98e2SPeter Wemm### Ruleset 98 -- local part of ruleset zero (can be null) ### 1396c2aa98e2SPeter Wemm################################################################### 1397c2aa98e2SPeter Wemm 139806f25ae9SGregory Neil ShapiroSParseLocal=98 139906f25ae9SGregory Neil Shapiroundivert(3)dnl LOCAL_RULE_0 1400c2aa98e2SPeter Wemm 140106f25ae9SGregory Neil Shapiroifdef(`_LDAP_ROUTING_', `dnl 140240266059SGregory Neil Shapiro###################################################################### 140340266059SGregory Neil Shapiro### LDAPExpand: Expand address using LDAP routing 140440266059SGregory Neil Shapiro### 140540266059SGregory Neil Shapiro### Parameters: 140640266059SGregory Neil Shapiro### <$1> -- parsed address (user < @ domain . >) (pass through) 140740266059SGregory Neil Shapiro### <$2> -- RFC822 address (user @ domain) (used for lookup) 140840266059SGregory Neil Shapiro### <$3> -- +detail information 140940266059SGregory Neil Shapiro### 141040266059SGregory Neil Shapiro### Returns: 141140266059SGregory Neil Shapiro### Mailer triplet ($#mailer $@ host $: address) 141240266059SGregory Neil Shapiro### Parsed address (user < @ domain . >) 141340266059SGregory Neil Shapiro###################################################################### 141440266059SGregory Neil Shapiro 141506f25ae9SGregory Neil ShapiroSLDAPExpand 141606f25ae9SGregory Neil Shapiro# do the LDAP lookups 141740266059SGregory Neil ShapiroR<$+><$+><$*> $: <$(ldapmra $2 $: $)> <$(ldapmh $2 $: $)> <$1> <$2> <$3> 141806f25ae9SGregory Neil Shapiro 141906f25ae9SGregory Neil Shapiro# if mailRoutingAddress and local or non-existant mailHost, 142006f25ae9SGregory Neil Shapiro# return the new mailRoutingAddress 142140266059SGregory Neil Shapiroifelse(_LDAP_ROUTE_DETAIL_, `_PRESERVE_', `dnl 142240266059SGregory Neil ShapiroR<$+@$+> <$=w> <$+> <$+> <$*> $@ $>Parse0 $>canonify $1 $6 @ $2 142340266059SGregory Neil ShapiroR<$+@$+> <> <$+> <$+> <$*> $@ $>Parse0 $>canonify $1 $5 @ $2') 142440266059SGregory Neil ShapiroR<$+> <$=w> <$+> <$+> <$*> $@ $>Parse0 $>canonify $1 142540266059SGregory Neil ShapiroR<$+> <> <$+> <$+> <$*> $@ $>Parse0 $>canonify $1 142606f25ae9SGregory Neil Shapiro 142706f25ae9SGregory Neil Shapiro# if mailRoutingAddress and non-local mailHost, 142806f25ae9SGregory Neil Shapiro# relay to mailHost with new mailRoutingAddress 142940266059SGregory Neil Shapiroifelse(_LDAP_ROUTE_DETAIL_, `_PRESERVE_', `dnl 143040266059SGregory Neil Shapiroifdef(`_MAILER_TABLE_', `dnl 143140266059SGregory Neil Shapiro# check mailertable for host, relay from there 143240266059SGregory Neil ShapiroR<$+@$+> <$+> <$+> <$+> <$*> $>LDAPMailertable <$3> $>canonify $1 $6 @ $2', 143340266059SGregory Neil Shapiro`R<$+@$+> <$+> <$+> <$+> <$*> $#_RELAY_ $@ $3 $: $>canonify $1 $6 @ $2')') 143440266059SGregory Neil Shapiroifdef(`_MAILER_TABLE_', `dnl 143540266059SGregory Neil Shapiro# check mailertable for host, relay from there 143640266059SGregory Neil ShapiroR<$+> <$+> <$+> <$+> <$*> $>LDAPMailertable <$2> $>canonify $1', 143740266059SGregory Neil Shapiro`R<$+> <$+> <$+> <$+> <$*> $#_RELAY_ $@ $2 $: $>canonify $1') 143806f25ae9SGregory Neil Shapiro 143906f25ae9SGregory Neil Shapiro# if no mailRoutingAddress and local mailHost, 144006f25ae9SGregory Neil Shapiro# return original address 144140266059SGregory Neil ShapiroR<> <$=w> <$+> <$+> <$*> $@ $2 144206f25ae9SGregory Neil Shapiro 144306f25ae9SGregory Neil Shapiro# if no mailRoutingAddress and non-local mailHost, 144406f25ae9SGregory Neil Shapiro# relay to mailHost with original address 144540266059SGregory Neil Shapiroifdef(`_MAILER_TABLE_', `dnl 144640266059SGregory Neil Shapiro# check mailertable for host, relay from there 144740266059SGregory Neil ShapiroR<> <$+> <$+> <$+> <$*> $>LDAPMailertable <$1> $2', 144840266059SGregory Neil Shapiro`R<> <$+> <$+> <$+> <$*> $#_RELAY_ $@ $1 $: $2') 144906f25ae9SGregory Neil Shapiro 145040266059SGregory Neil Shapiroifdef(`_LDAP_ROUTE_DETAIL_', 145140266059SGregory Neil Shapiro`# if no mailRoutingAddress and no mailHost, 145240266059SGregory Neil Shapiro# try without +detail 145340266059SGregory Neil ShapiroR<> <> <$+> <$+ + $* @ $+> <> $@ $>LDAPExpand <$1> <$2 @ $4> <+$3>')dnl 145440266059SGregory Neil Shapiro 145540266059SGregory Neil Shapiro# if still no mailRoutingAddress and no mailHost, 145606f25ae9SGregory Neil Shapiro# try @domain 145740266059SGregory Neil Shapiroifelse(_LDAP_ROUTE_DETAIL_, `_PRESERVE_', `dnl 145840266059SGregory Neil ShapiroR<> <> <$+> <$+ + $* @ $+> <> $@ $>LDAPExpand <$1> <@ $4> <+$3>') 145940266059SGregory Neil ShapiroR<> <> <$+> <$+ @ $+> <$*> $@ $>LDAPExpand <$1> <@ $3> <$4> 146006f25ae9SGregory Neil Shapiro 146106f25ae9SGregory Neil Shapiro# if no mailRoutingAddress and no mailHost and this was a domain attempt, 146206f25ae9SGregory Neil Shapiroifelse(_LDAP_ROUTING_, `_MUST_EXIST_', `dnl 146306f25ae9SGregory Neil Shapiro# user does not exist 146440266059SGregory Neil ShapiroR<> <> <$+> <@ $+> <$*> $: <?> < $&{addr_type} > < $1 > 146540266059SGregory Neil Shapiro# only give error for envelope recipient 146640266059SGregory Neil ShapiroR<?> <e r> <$+> $#error $@ nouser $: "550 User unknown" 146740266059SGregory Neil ShapiroR<?> <$*> <$+> $@ $2', 146806f25ae9SGregory Neil Shapiro`dnl 146906f25ae9SGregory Neil Shapiro# return the original address 147040266059SGregory Neil ShapiroR<> <> <$+> <@ $+> <$*> $@ $1')', 147106f25ae9SGregory Neil Shapiro`dnl') 147206f25ae9SGregory Neil Shapiro 147306f25ae9SGregory Neil Shapiroifelse(substr(confDELIVERY_MODE,0,1), `d', `errprint(`WARNING: Antispam rules not available in deferred delivery mode. 147406f25ae9SGregory Neil Shapiro')') 147540266059SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl', `divert(-1)') 1476c2aa98e2SPeter Wemm###################################################################### 147740266059SGregory Neil Shapiro### D: LookUpDomain -- search for domain in access database 1478c2aa98e2SPeter Wemm### 1479c2aa98e2SPeter Wemm### Parameters: 1480c2aa98e2SPeter Wemm### <$1> -- key (domain name) 1481c2aa98e2SPeter Wemm### <$2> -- default (what to return if not found in db) 148206f25ae9SGregory Neil Shapirodnl must not be empty 148340266059SGregory Neil Shapiro### <$3> -- mark (must be <(!|+) single-token>) 148406f25ae9SGregory Neil Shapiro### ! does lookup only with tag 148506f25ae9SGregory Neil Shapiro### + does lookup with and without tag 148640266059SGregory Neil Shapiro### <$4> -- passthru (additional data passed unchanged through) 148706f25ae9SGregory Neil Shapirodnl returns: <default> <passthru> 148806f25ae9SGregory Neil Shapirodnl <result> <passthru> 1489c2aa98e2SPeter Wemm###################################################################### 1490c2aa98e2SPeter Wemm 149140266059SGregory Neil ShapiroSD 149206f25ae9SGregory Neil Shapirodnl workspace <key> <default> <passthru> <mark> 149306f25ae9SGregory Neil Shapirodnl lookup with tag (in front, no delimiter here) 149440266059SGregory Neil Shapirodnl 2 3 4 5 149540266059SGregory Neil ShapiroR<$*> <$+> <$- $-> <$*> $: < $(access $4`'_TAG_DELIM_`'$1 $: ? $) > <$1> <$2> <$3 $4> <$5> 149606f25ae9SGregory Neil Shapirodnl workspace <result-of-lookup|?> <key> <default> <passthru> <mark> 149706f25ae9SGregory Neil Shapirodnl lookup without tag? 149840266059SGregory Neil Shapirodnl 1 2 3 4 149940266059SGregory Neil ShapiroR<?> <$+> <$+> <+ $-> <$*> $: < $(access $1 $: ? $) > <$1> <$2> <+ $3> <$4> 150040266059SGregory Neil Shapiroifdef(`_LOOKUPDOTDOMAIN_', `dnl omit first component: lookup .rest 150140266059SGregory Neil Shapirodnl XXX apply this also to IP addresses? 150240266059SGregory Neil Shapirodnl currently it works the wrong way round for [1.2.3.4] 150340266059SGregory Neil Shapirodnl 1 2 3 4 5 6 150440266059SGregory Neil ShapiroR<?> <$+.$+> <$+> <$- $-> <$*> $: < $(access $5`'_TAG_DELIM_`'.$2 $: ? $) > <$1.$2> <$3> <$4 $5> <$6> 150540266059SGregory Neil Shapirodnl 1 2 3 4 5 150640266059SGregory Neil ShapiroR<?> <$+.$+> <$+> <+ $-> <$*> $: < $(access .$2 $: ? $) > <$1.$2> <$3> <+ $4> <$5>', `dnl') 150740266059SGregory Neil Shapiroifdef(`_ACCESS_SKIP_', `dnl 150840266059SGregory Neil Shapirodnl found SKIP: return <default> and <passthru> 150940266059SGregory Neil Shapirodnl 1 2 3 4 5 151040266059SGregory Neil ShapiroR<SKIP> <$+> <$+> <$- $-> <$*> $@ <$2> <$5>', `dnl') 151140266059SGregory Neil Shapirodnl not found: IPv4 net (no check is done whether it is an IP number!) 151240266059SGregory Neil Shapirodnl 1 2 3 4 5 6 151340266059SGregory Neil ShapiroR<?> <[$+.$-]> <$+> <$- $-> <$*> $@ $>D <[$1]> <$3> <$4 $5> <$6> 151440266059SGregory Neil Shapiroifdef(`NO_NETINET6', `dnl', 151540266059SGregory Neil Shapiro`dnl not found: IPv6 net 151640266059SGregory Neil Shapirodnl (could be merged with previous rule if we have a class containing .:) 151740266059SGregory Neil Shapirodnl 1 2 3 4 5 6 151840266059SGregory Neil ShapiroR<?> <[$+::$-]> <$+> <$- $-> <$*> $: $>D <[$1]> <$3> <$4 $5> <$6> 151940266059SGregory Neil ShapiroR<?> <[$+:$-]> <$+> <$- $-> <$*> $: $>D <[$1]> <$3> <$4 $5> <$6>') 152006f25ae9SGregory Neil Shapirodnl not found, but subdomain: try again 152140266059SGregory Neil Shapirodnl 1 2 3 4 5 6 152240266059SGregory Neil ShapiroR<?> <$+.$+> <$+> <$- $-> <$*> $@ $>D <$2> <$3> <$4 $5> <$6> 152340266059SGregory Neil Shapiroifdef(`_FFR_LOOKUPTAG_', `dnl lookup Tag: 152440266059SGregory Neil Shapirodnl 1 2 3 4 152540266059SGregory Neil ShapiroR<?> <$+> <$+> <! $-> <$*> $: < $(access $3`'_TAG_DELIM_ $: ? $) > <$1> <$2> <! $3> <$4>', `dnl') 152640266059SGregory Neil Shapirodnl not found, no subdomain: return <default> and <passthru> 152740266059SGregory Neil Shapirodnl 1 2 3 4 5 152840266059SGregory Neil ShapiroR<?> <$+> <$+> <$- $-> <$*> $@ <$2> <$5> 152940266059SGregory Neil Shapiroifdef(`_ATMPF_', `dnl tempfail? 153040266059SGregory Neil Shapirodnl 2 3 4 5 6 153140266059SGregory Neil ShapiroR<$* _ATMPF_> <$+> <$+> <$- $-> <$*> $@ <_ATMPF_> <$6>', `dnl') 153240266059SGregory Neil Shapirodnl return <result of lookup> and <passthru> 153340266059SGregory Neil Shapirodnl 2 3 4 5 6 153440266059SGregory Neil ShapiroR<$*> <$+> <$+> <$- $-> <$*> $@ <$1> <$6> 1535c2aa98e2SPeter Wemm 1536c2aa98e2SPeter Wemm###################################################################### 153740266059SGregory Neil Shapiro### A: LookUpAddress -- search for host address in access database 1538c2aa98e2SPeter Wemm### 1539c2aa98e2SPeter Wemm### Parameters: 1540c2aa98e2SPeter Wemm### <$1> -- key (dot quadded host address) 1541c2aa98e2SPeter Wemm### <$2> -- default (what to return if not found in db) 154206f25ae9SGregory Neil Shapirodnl must not be empty 154340266059SGregory Neil Shapiro### <$3> -- mark (must be <(!|+) single-token>) 154406f25ae9SGregory Neil Shapiro### ! does lookup only with tag 154506f25ae9SGregory Neil Shapiro### + does lookup with and without tag 154640266059SGregory Neil Shapiro### <$4> -- passthru (additional data passed through) 154706f25ae9SGregory Neil Shapirodnl returns: <default> <passthru> 154806f25ae9SGregory Neil Shapirodnl <result> <passthru> 1549c2aa98e2SPeter Wemm###################################################################### 1550c2aa98e2SPeter Wemm 155140266059SGregory Neil ShapiroSA 155206f25ae9SGregory Neil Shapirodnl lookup with tag 155340266059SGregory Neil Shapirodnl 2 3 4 5 155440266059SGregory Neil ShapiroR<$+> <$+> <$- $-> <$*> $: < $(access $4`'_TAG_DELIM_`'$1 $: ? $) > <$1> <$2> <$3 $4> <$5> 155506f25ae9SGregory Neil Shapirodnl lookup without tag 155640266059SGregory Neil Shapirodnl 1 2 3 4 155740266059SGregory Neil ShapiroR<?> <$+> <$+> <+ $-> <$*> $: < $(access $1 $: ? $) > <$1> <$2> <+ $3> <$4> 155840266059SGregory Neil Shapirodnl workspace <result-of-lookup|?> <key> <default> <mark> <passthru> 155940266059SGregory Neil Shapiroifdef(`_ACCESS_SKIP_', `dnl 156040266059SGregory Neil Shapirodnl found SKIP: return <default> and <passthru> 156140266059SGregory Neil Shapirodnl 1 2 3 4 5 156240266059SGregory Neil ShapiroR<SKIP> <$+> <$+> <$- $-> <$*> $@ <$2> <$5>', `dnl') 156340266059SGregory Neil Shapiroifdef(`NO_NETINET6', `dnl', 156440266059SGregory Neil Shapiro`dnl no match; IPv6: remove last part 156540266059SGregory Neil Shapirodnl 1 2 3 4 5 6 156640266059SGregory Neil ShapiroR<?> <$+::$-> <$+> <$- $-> <$*> $@ $>A <$1> <$3> <$4 $5> <$6> 156740266059SGregory Neil ShapiroR<?> <$+:$-> <$+> <$- $-> <$*> $@ $>A <$1> <$3> <$4 $5> <$6>') 156806f25ae9SGregory Neil Shapirodnl no match; IPv4: remove last part 156940266059SGregory Neil Shapirodnl 1 2 3 4 5 6 157040266059SGregory Neil ShapiroR<?> <$+.$-> <$+> <$- $-> <$*> $@ $>A <$1> <$3> <$4 $5> <$6> 157106f25ae9SGregory Neil Shapirodnl no match: return default 157240266059SGregory Neil Shapirodnl 1 2 3 4 5 157340266059SGregory Neil ShapiroR<?> <$+> <$+> <$- $-> <$*> $@ <$2> <$5> 157440266059SGregory Neil Shapiroifdef(`_ATMPF_', `dnl tempfail? 157540266059SGregory Neil Shapirodnl 2 3 4 5 6 157640266059SGregory Neil ShapiroR<$* _ATMPF_> <$+> <$+> <$- $-> <$*> $@ <_ATMPF_> <$6>', `dnl') 157706f25ae9SGregory Neil Shapirodnl match: return result 157840266059SGregory Neil Shapirodnl 2 3 4 5 6 157940266059SGregory Neil ShapiroR<$*> <$+> <$+> <$- $-> <$*> $@ <$1> <$6> 158040266059SGregory Neil Shapirodnl endif _ACCESS_TABLE_ 158140266059SGregory Neil Shapirodivert(0) 1582c2aa98e2SPeter Wemm###################################################################### 1583065a643dSPeter Wemm### CanonAddr -- Convert an address into a standard form for 1584065a643dSPeter Wemm### relay checking. Route address syntax is 1585065a643dSPeter Wemm### crudely converted into a %-hack address. 1586065a643dSPeter Wemm### 1587065a643dSPeter Wemm### Parameters: 1588065a643dSPeter Wemm### $1 -- full recipient address 1589065a643dSPeter Wemm### 1590065a643dSPeter Wemm### Returns: 1591065a643dSPeter Wemm### parsed address, not in source route form 159206f25ae9SGregory Neil Shapirodnl user%host%host<@domain> 159306f25ae9SGregory Neil Shapirodnl host!user<@domain> 1594065a643dSPeter Wemm###################################################################### 1595065a643dSPeter Wemm 1596065a643dSPeter WemmSCanonAddr 159706f25ae9SGregory Neil ShapiroR$* $: $>Parse0 $>canonify $1 make domain canonical 159806f25ae9SGregory Neil Shapiroifdef(`_USE_DEPRECATED_ROUTE_ADDR_',`dnl 1599065a643dSPeter WemmR< @ $+ > : $* @ $* < @ $1 > : $2 % $3 change @ to % in src route 1600065a643dSPeter WemmR$* < @ $+ > : $* : $* $3 $1 < @ $2 > : $4 change to % hack. 1601065a643dSPeter WemmR$* < @ $+ > : $* $3 $1 < @ $2 > 160206f25ae9SGregory Neil Shapirodnl') 1603065a643dSPeter Wemm 1604065a643dSPeter Wemm###################################################################### 1605c2aa98e2SPeter Wemm### ParseRecipient -- Strip off hosts in $=R as well as possibly 1606c2aa98e2SPeter Wemm### $* $=m or the access database. 1607c2aa98e2SPeter Wemm### Check user portion for host separators. 1608c2aa98e2SPeter Wemm### 1609c2aa98e2SPeter Wemm### Parameters: 1610c2aa98e2SPeter Wemm### $1 -- full recipient address 1611c2aa98e2SPeter Wemm### 1612c2aa98e2SPeter Wemm### Returns: 1613c2aa98e2SPeter Wemm### parsed, non-local-relaying address 1614c2aa98e2SPeter Wemm###################################################################### 1615c2aa98e2SPeter Wemm 1616c2aa98e2SPeter WemmSParseRecipient 161706f25ae9SGregory Neil Shapirodnl mark and canonify address 1618065a643dSPeter WemmR$* $: <?> $>CanonAddr $1 161906f25ae9SGregory Neil Shapirodnl workspace: <?> localpart<@domain[.]> 1620c2aa98e2SPeter WemmR<?> $* < @ $* . > <?> $1 < @ $2 > strip trailing dots 162106f25ae9SGregory Neil Shapirodnl workspace: <?> localpart<@domain> 1622c2aa98e2SPeter WemmR<?> $- < @ $* > $: <?> $(dequote $1 $) < @ $2 > dequote local part 1623c2aa98e2SPeter Wemm 1624c2aa98e2SPeter Wemm# if no $=O character, no host in the user portion, we are done 1625c2aa98e2SPeter WemmR<?> $* $=O $* < @ $* > $: <NO> $1 $2 $3 < @ $4> 162606f25ae9SGregory Neil Shapirodnl no $=O in localpart: return 1627c2aa98e2SPeter WemmR<?> $* $@ $1 1628c2aa98e2SPeter Wemm 162940266059SGregory Neil Shapirodnl workspace: <NO> localpart<@domain>, where localpart contains $=O 163006f25ae9SGregory Neil Shapirodnl mark everything which has an "authorized" domain with <RELAY> 1631c2aa98e2SPeter Wemmifdef(`_RELAY_ENTIRE_DOMAIN_', `dnl 1632c2aa98e2SPeter Wemm# if we relay, check username portion for user%host so host can be checked also 1633c2aa98e2SPeter WemmR<NO> $* < @ $* $=m > $: <RELAY> $1 < @ $2 $3 >', `dnl') 163406f25ae9SGregory Neil Shapirodnl workspace: <(NO|RELAY)> localpart<@domain>, where localpart contains $=O 163506f25ae9SGregory Neil Shapirodnl if mark is <NO> then change it to <RELAY> if domain is "authorized" 163640266059SGregory Neil Shapiro 163740266059SGregory Neil Shapirodnl what if access map returns something else than RELAY? 163840266059SGregory Neil Shapirodnl we are only interested in RELAY entries... 163940266059SGregory Neil Shapirodnl other To: entries: blacklist recipient; generic entries? 164040266059SGregory Neil Shapirodnl if it is an error we probably do not want to relay anyway 1641c2aa98e2SPeter Wemmifdef(`_RELAY_HOSTS_ONLY_', 1642c2aa98e2SPeter Wemm`R<NO> $* < @ $=R > $: <RELAY> $1 < @ $2 > 164306f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 164406f25ae9SGregory Neil ShapiroR<NO> $* < @ $+ > $: <$(access To:$2 $: NO $)> $1 < @ $2 > 1645065a643dSPeter WemmR<NO> $* < @ $+ > $: <$(access $2 $: NO $)> $1 < @ $2 >',`dnl')', 1646c2aa98e2SPeter Wemm`R<NO> $* < @ $* $=R > $: <RELAY> $1 < @ $2 $3 > 164706f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 164840266059SGregory Neil ShapiroR<NO> $* < @ $+ > $: $>D <$2> <NO> <+ To> <$1 < @ $2 >> 1649c2aa98e2SPeter WemmR<$+> <$+> $: <$1> $2',`dnl')') 1650065a643dSPeter Wemm 165106f25ae9SGregory Neil Shapiro 165240266059SGregory Neil Shapiroifdef(`_RELAY_MX_SERVED_', `dnl 165340266059SGregory Neil Shapirodnl do "we" ($=w) act as backup MX server for the destination domain? 165440266059SGregory Neil ShapiroR<NO> $* < @ $+ > $: <MX> < : $(mxserved $2 $) : > < $1 < @$2 > > 165540266059SGregory Neil ShapiroR<MX> < : $* <TEMP> : > $* $#TEMP $@ 4.7.1 $: "450 Can not check MX records for recipient host " $1 165640266059SGregory Neil Shapirodnl yes: mark it as <RELAY> 165740266059SGregory Neil ShapiroR<MX> < $* : $=w. : $* > < $+ > $: <RELAY> $4 165840266059SGregory Neil Shapirodnl no: put old <NO> mark back 165940266059SGregory Neil ShapiroR<MX> < : $* : > < $+ > $: <NO> $2', `dnl') 166040266059SGregory Neil Shapiro 166140266059SGregory Neil Shapirodnl do we relay to this recipient domain? 1662c2aa98e2SPeter WemmR<RELAY> $* < @ $* > $@ $>ParseRecipient $1 166340266059SGregory Neil Shapirodnl something else 166440266059SGregory Neil ShapiroR<$+> $* $@ $2 1665c2aa98e2SPeter Wemm 166606f25ae9SGregory Neil Shapiro 1667c2aa98e2SPeter Wemm###################################################################### 1668c2aa98e2SPeter Wemm### check_relay -- check hostname/address on SMTP startup 1669c2aa98e2SPeter Wemm###################################################################### 1670c2aa98e2SPeter Wemm 1671c2aa98e2SPeter WemmSLocal_check_relay 167206f25ae9SGregory Neil ShapiroScheck`'_U_`'relay 1673c2aa98e2SPeter WemmR$* $: $1 $| $>"Local_check_relay" $1 1674c2aa98e2SPeter WemmR$* $| $* $| $#$* $#$3 1675c2aa98e2SPeter WemmR$* $| $* $| $* $@ $>"Basic_check_relay" $1 $| $2 1676c2aa98e2SPeter Wemm 1677c2aa98e2SPeter WemmSBasic_check_relay 1678c2aa98e2SPeter Wemm# check for deferred delivery mode 1679c2aa98e2SPeter WemmR$* $: < ${deliveryMode} > $1 1680c2aa98e2SPeter WemmR< d > $* $@ deferred 1681c2aa98e2SPeter WemmR< $* > $* $: $2 1682c2aa98e2SPeter Wemm 168306f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 168442e5d165SGregory Neil Shapirodnl workspace: {client_name} $| {client_addr} 168540266059SGregory Neil ShapiroR$+ $| $+ $: $>D < $1 > <?> <+ Connect> < $2 > 168642e5d165SGregory Neil Shapirodnl workspace: <result-of-lookup> <{client_addr}> 168740266059SGregory Neil ShapiroR<?> <$+> $: $>A < $1 > <?> <+ Connect> <> no: another lookup 168840266059SGregory Neil Shapirodnl workspace: <result-of-lookup> (<>|<{client_addr}>) 168940266059SGregory Neil ShapiroR<?> <$*> $: OK found nothing 169040266059SGregory Neil Shapirodnl workspace: <result-of-lookup> (<>|<{client_addr}>) | OK 169142e5d165SGregory Neil ShapiroR<$={Accept}> <$*> $@ $1 return value of lookup 169240266059SGregory Neil ShapiroR<REJECT> <$*> $#error ifdef(`confREJECT_MSG', `$: "confREJECT_MSG"', `$@ 5.7.1 $: "550 Access denied"') 169340266059SGregory Neil ShapiroR<DISCARD> <$*> $#discard $: discard 169440266059SGregory Neil Shapiroifdef(`_FFR_QUARANTINE', 169540266059SGregory Neil Shapiro`R<QUARANTINE:$+> <$*> $#error $@ quarantine $: $1', `dnl') 169606f25ae9SGregory Neil Shapirodnl error tag 169742e5d165SGregory Neil ShapiroR<ERROR:$-.$-.$-:$+> <$*> $#error $@ $1.$2.$3 $: $4 169842e5d165SGregory Neil ShapiroR<ERROR:$+> <$*> $#error $: $1 169940266059SGregory Neil Shapiroifdef(`_ATMPF_', `R<$* _ATMPF_> <$*> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl') 170006f25ae9SGregory Neil Shapirodnl generic error from access map 170142e5d165SGregory Neil ShapiroR<$+> <$*> $#error $: $1', `dnl') 1702c2aa98e2SPeter Wemm 1703c2aa98e2SPeter Wemmifdef(`_RBL_',`dnl 170406f25ae9SGregory Neil Shapiro# DNS based IP address spam list 170540266059SGregory Neil Shapirodnl workspace: ignored... 1706c2aa98e2SPeter WemmR$* $: $&{client_addr} 170706f25ae9SGregory Neil ShapiroR$-.$-.$-.$- $: <?> $(host $4.$3.$2.$1._RBL_. $: OK $) 170806f25ae9SGregory Neil ShapiroR<?>OK $: OKSOFAR 170906f25ae9SGregory Neil ShapiroR<?>$+ $#error $@ 5.7.1 $: "550 Mail from " $&{client_addr} " refused by blackhole site _RBL_"', 1710c2aa98e2SPeter Wemm`dnl') 171106f25ae9SGregory Neil Shapiroundivert(8) 1712c2aa98e2SPeter Wemm 1713c2aa98e2SPeter Wemm###################################################################### 1714c2aa98e2SPeter Wemm### check_mail -- check SMTP ``MAIL FROM:'' command argument 1715c2aa98e2SPeter Wemm###################################################################### 1716c2aa98e2SPeter Wemm 1717c2aa98e2SPeter WemmSLocal_check_mail 171806f25ae9SGregory Neil ShapiroScheck`'_U_`'mail 1719c2aa98e2SPeter WemmR$* $: $1 $| $>"Local_check_mail" $1 1720c2aa98e2SPeter WemmR$* $| $#$* $#$2 1721c2aa98e2SPeter WemmR$* $| $* $@ $>"Basic_check_mail" $1 1722c2aa98e2SPeter Wemm 1723c2aa98e2SPeter WemmSBasic_check_mail 1724c2aa98e2SPeter Wemm# check for deferred delivery mode 1725c2aa98e2SPeter WemmR$* $: < ${deliveryMode} > $1 1726c2aa98e2SPeter WemmR< d > $* $@ deferred 1727c2aa98e2SPeter WemmR< $* > $* $: $2 1728c2aa98e2SPeter Wemm 172906f25ae9SGregory Neil Shapiro# authenticated? 173006f25ae9SGregory Neil Shapirodnl done first: we can require authentication for every mail transaction 173106f25ae9SGregory Neil Shapirodnl workspace: address as given by MAIL FROM: (sender) 173206f25ae9SGregory Neil ShapiroR$* $: $1 $| $>"tls_client" $&{verify} $| MAIL 173306f25ae9SGregory Neil ShapiroR$* $| $#$+ $#$2 173406f25ae9SGregory Neil Shapirodnl undo damage: remove result of tls_client call 173506f25ae9SGregory Neil ShapiroR$* $| $* $: $1 173606f25ae9SGregory Neil Shapiro 173706f25ae9SGregory Neil Shapirodnl workspace: address as given by MAIL FROM: 173806f25ae9SGregory Neil ShapiroR<> $@ <OK> we MUST accept <> (RFC 1123) 173906f25ae9SGregory Neil Shapiroifdef(`_ACCEPT_UNQUALIFIED_SENDERS_',`dnl',`dnl 174006f25ae9SGregory Neil Shapirodnl do some additional checks 174106f25ae9SGregory Neil Shapirodnl no user@host 174206f25ae9SGregory Neil Shapirodnl no user@localhost (if nonlocal sender) 174306f25ae9SGregory Neil Shapirodnl this is a pretty simple canonification, it will not catch every case 174406f25ae9SGregory Neil Shapirodnl just make sure the address has <> around it (which is required by 174506f25ae9SGregory Neil Shapirodnl the RFC anyway, maybe we should complain if they are missing...) 174606f25ae9SGregory Neil Shapirodnl dirty trick: if it is user@host, just add a dot: user@host. this will 174706f25ae9SGregory Neil Shapirodnl not be modified by host lookups. 174806f25ae9SGregory Neil ShapiroR$+ $: <?> $1 174906f25ae9SGregory Neil ShapiroR<?><$+> $: <@> <$1> 175006f25ae9SGregory Neil ShapiroR<?>$+ $: <@> <$1> 175106f25ae9SGregory Neil Shapirodnl workspace: <@> <address> 175206f25ae9SGregory Neil Shapirodnl prepend daemon_flags 175306f25ae9SGregory Neil ShapiroR$* $: $&{daemon_flags} $| $1 175406f25ae9SGregory Neil Shapirodnl workspace: ${daemon_flags} $| <@> <address> 175506f25ae9SGregory Neil Shapirodnl do not allow these at all or only from local systems? 175606f25ae9SGregory Neil ShapiroR$* f $* $| <@> < $* @ $- > $: < ? $&{client_name} > < $3 @ $4 > 175706f25ae9SGregory Neil Shapirodnl accept unqualified sender: change mark to avoid test 175806f25ae9SGregory Neil ShapiroR$* u $* $| <@> < $* > $: <?> < $3 > 175906f25ae9SGregory Neil Shapirodnl workspace: ${daemon_flags} $| <@> <address> 176006f25ae9SGregory Neil Shapirodnl or: <? ${client_name} > <address> 176106f25ae9SGregory Neil Shapirodnl or: <?> <address> 176206f25ae9SGregory Neil Shapirodnl remove daemon_flags 176306f25ae9SGregory Neil ShapiroR$* $| $* $: $2 176406f25ae9SGregory Neil Shapiro# handle case of @localhost on address 176506f25ae9SGregory Neil ShapiroR<@> < $* @ localhost > $: < ? $&{client_name} > < $1 @ localhost > 176606f25ae9SGregory Neil ShapiroR<@> < $* @ [127.0.0.1] > 176706f25ae9SGregory Neil Shapiro $: < ? $&{client_name} > < $1 @ [127.0.0.1] > 176806f25ae9SGregory Neil ShapiroR<@> < $* @ localhost.$m > 176906f25ae9SGregory Neil Shapiro $: < ? $&{client_name} > < $1 @ localhost.$m > 177006f25ae9SGregory Neil Shapiroifdef(`_NO_UUCP_', `dnl', 177106f25ae9SGregory Neil Shapiro`R<@> < $* @ localhost.UUCP > 177206f25ae9SGregory Neil Shapiro $: < ? $&{client_name} > < $1 @ localhost.UUCP >') 177306f25ae9SGregory Neil Shapirodnl workspace: < ? $&{client_name} > <user@localhost|host> 177406f25ae9SGregory Neil Shapirodnl or: <@> <address> 177506f25ae9SGregory Neil Shapirodnl or: <?> <address> (thanks to u in ${daemon_flags}) 177606f25ae9SGregory Neil ShapiroR<@> $* $: $1 no localhost as domain 177706f25ae9SGregory Neil Shapirodnl workspace: < ? $&{client_name} > <user@localhost|host> 177806f25ae9SGregory Neil Shapirodnl or: <address> 177906f25ae9SGregory Neil Shapirodnl or: <?> <address> (thanks to u in ${daemon_flags}) 178006f25ae9SGregory Neil ShapiroR<? $=w> $* $: $2 local client: ok 178140266059SGregory Neil ShapiroR<? $+> <$+> $#error $@ 5.5.4 $: "_CODE553 Real domain name required for sender address" 178206f25ae9SGregory Neil Shapirodnl remove <?> (happens only if ${client_name} == "" or u in ${daemon_flags}) 178306f25ae9SGregory Neil ShapiroR<?> $* $: $1') 178406f25ae9SGregory Neil Shapirodnl workspace: address (or <address>) 178506f25ae9SGregory Neil ShapiroR$* $: <?> $>CanonAddr $1 canonify sender address and mark it 178606f25ae9SGregory Neil Shapirodnl workspace: <?> CanonicalAddress (i.e. address in canonical form localpart<@host>) 178706f25ae9SGregory Neil Shapirodnl there is nothing behind the <@host> so no trailing $* needed 1788065a643dSPeter WemmR<?> $* < @ $+ . > <?> $1 < @ $2 > strip trailing dots 1789c2aa98e2SPeter Wemm# handle non-DNS hostnames (*.bitnet, *.decnet, *.uucp, etc) 179006f25ae9SGregory Neil ShapiroR<?> $* < @ $* $=P > $: <OK> $1 < @ $2 $3 > 179106f25ae9SGregory Neil Shapirodnl workspace <mark> CanonicalAddress where mark is ? or OK 1792c2aa98e2SPeter Wemmifdef(`_ACCEPT_UNRESOLVABLE_DOMAINS_', 179340266059SGregory Neil Shapiro`R<?> $* < @ $+ > $: <_RES_OK_> $1 < @ $2 > ... unresolvable OK', 179406f25ae9SGregory Neil Shapiro`R<?> $* < @ $+ > $: <? $(resolve $2 $: $2 <PERM> $) > $1 < @ $2 > 179506f25ae9SGregory Neil ShapiroR<? $* <$->> $* < @ $+ > 179606f25ae9SGregory Neil Shapiro $: <$2> $3 < @ $4 >') 179740266059SGregory Neil Shapirodnl workspace <mark> CanonicalAddress where mark is ?, _RES_OK_, PERM, TEMP 179806f25ae9SGregory Neil Shapirodnl mark is ? iff the address is user (wo @domain) 1799c2aa98e2SPeter Wemm 180006f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 180106f25ae9SGregory Neil Shapiro# check sender address: user@address, user@, address 180206f25ae9SGregory Neil Shapirodnl should we remove +ext from user? 180340266059SGregory Neil Shapirodnl workspace: <mark> CanonicalAddress where mark is: ?, _RES_OK_, PERM, TEMP 180440266059SGregory Neil ShapiroR<$+> $+ < @ $* > $: @<$1> <$2 < @ $3 >> $| <F:$2@$3> <U:$2@> <D:$3> 180506f25ae9SGregory Neil ShapiroR<$+> $+ $: @<$1> <$2> $| <U:$2@> 180606f25ae9SGregory Neil Shapirodnl workspace: @<mark> <CanonicalAddress> $| <@type:address> .... 180706f25ae9SGregory Neil Shapirodnl $| is used as delimiter, otherwise false matches may occur: <user<@domain>> 180806f25ae9SGregory Neil Shapirodnl will only return user<@domain when "reversing" the args 180906f25ae9SGregory Neil ShapiroR@ <$+> <$*> $| <$+> $: <@> <$1> <$2> $| $>SearchList <+ From> $| <$3> <> 181006f25ae9SGregory Neil Shapirodnl workspace: <@><mark> <CanonicalAddress> $| <result> 181106f25ae9SGregory Neil ShapiroR<@> <$+> <$*> $| <$*> $: <$3> <$1> <$2> reverse result 181206f25ae9SGregory Neil Shapirodnl workspace: <result> <mark> <CanonicalAddress> 1813c2aa98e2SPeter Wemm# retransform for further use 181406f25ae9SGregory Neil Shapirodnl required form: 181506f25ae9SGregory Neil Shapirodnl <ResultOfLookup|mark> CanonicalAddress 181606f25ae9SGregory Neil ShapiroR<?> <$+> <$*> $: <$1> $2 no match 181706f25ae9SGregory Neil ShapiroR<$+> <$+> <$*> $: <$1> $3 relevant result, keep it', `dnl') 181806f25ae9SGregory Neil Shapirodnl workspace <ResultOfLookup|mark> CanonicalAddress 181906f25ae9SGregory Neil Shapirodnl mark is ? iff the address is user (wo @domain) 1820c2aa98e2SPeter Wemm 1821c2aa98e2SPeter Wemmifdef(`_ACCEPT_UNQUALIFIED_SENDERS_',`dnl',`dnl 1822c2aa98e2SPeter Wemm# handle case of no @domain on address 182306f25ae9SGregory Neil Shapirodnl prepend daemon_flags 182406f25ae9SGregory Neil ShapiroR<?> $* $: $&{daemon_flags} $| <?> $1 182506f25ae9SGregory Neil Shapirodnl accept unqualified sender: change mark to avoid test 182640266059SGregory Neil ShapiroR$* u $* $| <?> $* $: <_RES_OK_> $3 182706f25ae9SGregory Neil Shapirodnl remove daemon_flags 182806f25ae9SGregory Neil ShapiroR$* $| $* $: $2 1829c2aa98e2SPeter WemmR<?> $* $: < ? $&{client_name} > $1 1830c2aa98e2SPeter WemmR<?> $* $@ <OK> ...local unqualed ok 183140266059SGregory Neil ShapiroR<? $+> $* $#error $@ 5.5.4 $: "_CODE553 Domain name required for sender address " $&f 1832c2aa98e2SPeter Wemm ...remote is not') 1833c2aa98e2SPeter Wemm# check results 183406f25ae9SGregory Neil ShapiroR<?> $* $: @ $1 mark address: nothing known about it 183540266059SGregory Neil ShapiroR<$={ResOk}> $* $@ <_RES_OK_> domain ok: stop 183606f25ae9SGregory Neil ShapiroR<TEMP> $* $#error $@ 4.1.8 $: "451 Domain of sender address " $&f " does not resolve" 183740266059SGregory Neil ShapiroR<PERM> $* $#error $@ 5.1.8 $: "_CODE553 Domain of sender address " $&f " does not exist" 183806f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 183940266059SGregory Neil ShapiroR<$={Accept}> $* $# $1 accept from access map 1840c2aa98e2SPeter WemmR<DISCARD> $* $#discard $: discard 184140266059SGregory Neil Shapiroifdef(`_FFR_QUARANTINE', 184240266059SGregory Neil Shapiro`R<QUARANTINE:$+> $* $#error $@ quarantine $: $1', `dnl') 184306f25ae9SGregory Neil ShapiroR<REJECT> $* $#error ifdef(`confREJECT_MSG', `$: "confREJECT_MSG"', `$@ 5.7.1 $: "550 Access denied"') 184406f25ae9SGregory Neil Shapirodnl error tag 184506f25ae9SGregory Neil ShapiroR<ERROR:$-.$-.$-:$+> $* $#error $@ $1.$2.$3 $: $4 184606f25ae9SGregory Neil ShapiroR<ERROR:$+> $* $#error $: $1 184740266059SGregory Neil Shapiroifdef(`_ATMPF_', `R<_ATMPF_> $* $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl') 184806f25ae9SGregory Neil Shapirodnl generic error from access map 184906f25ae9SGregory Neil ShapiroR<$+> $* $#error $: $1 error from access db', 1850c2aa98e2SPeter Wemm`dnl') 1851c2aa98e2SPeter Wemm 1852c2aa98e2SPeter Wemm###################################################################### 1853c2aa98e2SPeter Wemm### check_rcpt -- check SMTP ``RCPT TO:'' command argument 1854c2aa98e2SPeter Wemm###################################################################### 1855c2aa98e2SPeter Wemm 1856c2aa98e2SPeter WemmSLocal_check_rcpt 185706f25ae9SGregory Neil ShapiroScheck`'_U_`'rcpt 1858c2aa98e2SPeter WemmR$* $: $1 $| $>"Local_check_rcpt" $1 1859c2aa98e2SPeter WemmR$* $| $#$* $#$2 1860c2aa98e2SPeter WemmR$* $| $* $@ $>"Basic_check_rcpt" $1 1861c2aa98e2SPeter Wemm 1862c2aa98e2SPeter WemmSBasic_check_rcpt 186340266059SGregory Neil Shapiro# empty address? 186440266059SGregory Neil ShapiroR<> $#error $@ nouser $: "553 User address required" 186540266059SGregory Neil ShapiroR$@ $#error $@ nouser $: "553 User address required" 1866c2aa98e2SPeter Wemm# check for deferred delivery mode 1867c2aa98e2SPeter WemmR$* $: < ${deliveryMode} > $1 1868c2aa98e2SPeter WemmR< d > $* $@ deferred 1869c2aa98e2SPeter WemmR< $* > $* $: $2 1870c2aa98e2SPeter Wemm 187106f25ae9SGregory Neil Shapiroifdef(`_REQUIRE_QUAL_RCPT_', `dnl 187240266059SGregory Neil Shapirodnl this code checks for user@host where host is not a FQHN. 187340266059SGregory Neil Shapirodnl it is not activated. 187440266059SGregory Neil Shapirodnl notice: code to check for a recipient without a domain name is 187540266059SGregory Neil Shapirodnl available down below; look for the same macro. 187640266059SGregory Neil Shapirodnl this check is done here because the name might be qualified by the 187740266059SGregory Neil Shapirodnl canonicalization. 187840266059SGregory Neil Shapiro# require fully qualified domain part? 187940266059SGregory Neil Shapirodnl very simple canonification: make sure the address is in < > 188006f25ae9SGregory Neil ShapiroR$+ $: <?> $1 188106f25ae9SGregory Neil ShapiroR<?> <$+> $: <@> <$1> 188206f25ae9SGregory Neil ShapiroR<?> $+ $: <@> <$1> 188340266059SGregory Neil ShapiroR<@> < postmaster > $: postmaster 188440266059SGregory Neil ShapiroR<@> < $* @ $+ . $+ > $: < $3 @ $4 . $5 > 188506f25ae9SGregory Neil Shapirodnl prepend daemon_flags 188640266059SGregory Neil ShapiroR<@> $* $: $&{daemon_flags} $| <@> $1 188706f25ae9SGregory Neil Shapirodnl workspace: ${daemon_flags} $| <@> <address> 188806f25ae9SGregory Neil Shapirodnl do not allow these at all or only from local systems? 188940266059SGregory Neil ShapiroR$* r $* $| <@> < $* @ $* > $: < ? $&{client_name} > < $3 @ $4 > 189006f25ae9SGregory Neil ShapiroR<?> < $* > $: <$1> 189106f25ae9SGregory Neil ShapiroR<? $=w> < $* > $: <$1> 189240266059SGregory Neil ShapiroR<? $+> <$+> $#error $@ 5.5.4 $: "553 Fully qualified domain name required" 189306f25ae9SGregory Neil Shapirodnl remove daemon_flags for other cases 189406f25ae9SGregory Neil ShapiroR$* $| <@> $* $: $2', `dnl') 189506f25ae9SGregory Neil Shapiro 189640266059SGregory Neil Shapirodnl ################################################################## 189740266059SGregory Neil Shapirodnl call subroutines for recipient and relay 189840266059SGregory Neil Shapirodnl possible returns from subroutines: 189940266059SGregory Neil Shapirodnl $#TEMP temporary failure 190040266059SGregory Neil Shapirodnl $#error permanent failure (or temporary if from access map) 190140266059SGregory Neil Shapirodnl $#other stop processing 190240266059SGregory Neil Shapirodnl RELAY RELAYing allowed 190340266059SGregory Neil Shapirodnl other otherwise 190440266059SGregory Neil Shapiro###################################################################### 190540266059SGregory Neil ShapiroR$* $: $1 $| @ $>"Rcpt_ok" $1 190640266059SGregory Neil Shapirodnl temporary failure? remove mark @ and remember 190740266059SGregory Neil ShapiroR$* $| @ $#TEMP $+ $: $1 $| T $2 190840266059SGregory Neil Shapirodnl error or ok (stop) 190940266059SGregory Neil ShapiroR$* $| @ $#$* $#$2 191040266059SGregory Neil Shapiroifdef(`_PROMISCUOUS_RELAY_', `divert(-1)', `dnl') 191140266059SGregory Neil ShapiroR$* $| @ RELAY $@ RELAY 191240266059SGregory Neil Shapirodnl something else: call check sender (relay) 191340266059SGregory Neil ShapiroR$* $| @ $* $: O $| $>"Relay_ok" $1 191440266059SGregory Neil Shapirodnl temporary failure: call check sender (relay) 191540266059SGregory Neil ShapiroR$* $| T $+ $: T $2 $| $>"Relay_ok" $1 191640266059SGregory Neil Shapirodnl temporary failure? return that 191740266059SGregory Neil ShapiroR$* $| $#TEMP $+ $#error $2 191840266059SGregory Neil Shapirodnl error or ok (stop) 191940266059SGregory Neil ShapiroR$* $| $#$* $#$2 192040266059SGregory Neil ShapiroR$* $| RELAY $@ RELAY 192140266059SGregory Neil Shapirodnl something else: return previous temp failure 192240266059SGregory Neil ShapiroR T $+ $| $* $#error $1 192340266059SGregory Neil Shapiro# anything else is bogus 192440266059SGregory Neil ShapiroR$* $#error $@ 5.7.1 $: confRELAY_MSG 192540266059SGregory Neil Shapirodivert(0) 192640266059SGregory Neil Shapiro 192740266059SGregory Neil Shapiro###################################################################### 192840266059SGregory Neil Shapiro### Rcpt_ok: is the recipient ok? 192940266059SGregory Neil Shapirodnl input: recipient address (RCPT TO) 193040266059SGregory Neil Shapirodnl output: see explanation at call 193140266059SGregory Neil Shapiro###################################################################### 193240266059SGregory Neil ShapiroSRcpt_ok 1933c2aa98e2SPeter Wemmifdef(`_LOOSE_RELAY_CHECK_',`dnl 1934065a643dSPeter WemmR$* $: $>CanonAddr $1 1935c2aa98e2SPeter WemmR$* < @ $* . > $1 < @ $2 > strip trailing dots', 1936c2aa98e2SPeter Wemm`R$* $: $>ParseRecipient $1 strip relayable hosts') 1937c2aa98e2SPeter Wemm 1938065a643dSPeter Wemmifdef(`_BESTMX_IS_LOCAL_',`dnl 1939065a643dSPeter Wemmifelse(_BESTMX_IS_LOCAL_, `', `dnl 1940065a643dSPeter Wemm# unlimited bestmx 1941065a643dSPeter WemmR$* < @ $* > $* $: $1 < @ $2 @@ $(bestmx $2 $) > $3', 1942065a643dSPeter Wemm`dnl 1943065a643dSPeter Wemm# limit bestmx to $=B 19442e43090eSPeter WemmR$* < @ $* $=B > $* $: $1 < @ $2 $3 @@ $(bestmx $2 $3 $) > $4') 194540266059SGregory Neil ShapiroR$* $=O $* < @ $* @@ $=w . > $* $@ $>"Rcpt_ok" $1 $2 $3 1946065a643dSPeter WemmR$* < @ $* @@ $=w . > $* $: $1 < @ $3 > $4 1947065a643dSPeter WemmR$* < @ $* @@ $* > $* $: $1 < @ $2 > $4') 1948065a643dSPeter Wemm 1949c2aa98e2SPeter Wemmifdef(`_BLACKLIST_RCPT_',`dnl 195006f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 1951c2aa98e2SPeter Wemm# blacklist local users or any host from receiving mail 1952c2aa98e2SPeter WemmR$* $: <?> $1 195306f25ae9SGregory Neil Shapirodnl user is now tagged with @ to be consistent with check_mail 195406f25ae9SGregory Neil Shapirodnl and to distinguish users from hosts (com would be host, com@ would be user) 195540266059SGregory Neil ShapiroR<?> $+ < @ $=w > $: <> <$1 < @ $2 >> $| <F:$1@$2> <U:$1@> <D:$2> 195640266059SGregory Neil ShapiroR<?> $+ < @ $* > $: <> <$1 < @ $2 >> $| <F:$1@$2> <D:$2> 195706f25ae9SGregory Neil ShapiroR<?> $+ $: <> <$1> $| <U:$1@> 195806f25ae9SGregory Neil Shapirodnl $| is used as delimiter, otherwise false matches may occur: <user<@domain>> 195906f25ae9SGregory Neil Shapirodnl will only return user<@domain when "reversing" the args 196006f25ae9SGregory Neil ShapiroR<> <$*> $| <$+> $: <@> <$1> $| $>SearchList <+ To> $| <$2> <> 196106f25ae9SGregory Neil ShapiroR<@> <$*> $| <$*> $: <$2> <$1> reverse result 196206f25ae9SGregory Neil ShapiroR<?> <$*> $: @ $1 mark address as no match 196340266059SGregory Neil Shapirodnl we may have to filter here because otherwise some RHSs 196440266059SGregory Neil Shapirodnl would be interpreted as generic error messages... 196540266059SGregory Neil Shapirodnl error messages should be "tagged" by prefixing them with error: ! 196640266059SGregory Neil Shapirodnl that would make a lot of things easier. 196706f25ae9SGregory Neil ShapiroR<$={Accept}> <$*> $: @ $2 mark address as no match 196840266059SGregory Neil Shapiroifdef(`_ACCESS_SKIP_', `dnl 196940266059SGregory Neil ShapiroR<SKIP> <$*> $: @ $1 mark address as no match', `dnl') 197040266059SGregory Neil Shapiroifdef(`_DELAY_COMPAT_8_10_',`dnl 197140266059SGregory Neil Shapirodnl compatility with 8.11/8.10: 197206f25ae9SGregory Neil Shapirodnl we have to filter these because otherwise they would be interpreted 197306f25ae9SGregory Neil Shapirodnl as generic error message... 197406f25ae9SGregory Neil Shapirodnl error messages should be "tagged" by prefixing them with error: ! 197506f25ae9SGregory Neil Shapirodnl that would make a lot of things easier. 197606f25ae9SGregory Neil Shapirodnl maybe we should stop checks already here (if SPAM_xyx)? 197706f25ae9SGregory Neil ShapiroR<$={SpamTag}> <$*> $: @ $2 mark address as no match') 197840266059SGregory Neil ShapiroR<REJECT> $* $#error $@ 5.2.1 $: confRCPTREJ_MSG 197906f25ae9SGregory Neil ShapiroR<DISCARD> $* $#discard $: discard 198040266059SGregory Neil Shapiroifdef(`_FFR_QUARANTINE', 198140266059SGregory Neil Shapiro`R<QUARANTINE:$+> $* $#error $@ quarantine $: $1', `dnl') 198206f25ae9SGregory Neil Shapirodnl error tag 198306f25ae9SGregory Neil ShapiroR<ERROR:$-.$-.$-:$+> $* $#error $@ $1.$2.$3 $: $4 198406f25ae9SGregory Neil ShapiroR<ERROR:$+> $* $#error $: $1 198540266059SGregory Neil Shapiroifdef(`_ATMPF_', `R<_ATMPF_> $* $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl') 198606f25ae9SGregory Neil Shapirodnl generic error from access map 198706f25ae9SGregory Neil ShapiroR<$+> $* $#error $: $1 error from access db 198806f25ae9SGregory Neil ShapiroR@ $* $1 remove mark', `dnl')', `dnl') 1989c2aa98e2SPeter Wemm 199040266059SGregory Neil Shapiroifdef(`_PROMISCUOUS_RELAY_', `divert(-1)', `dnl') 199140266059SGregory Neil Shapiro# authenticated via TLS? 199240266059SGregory Neil ShapiroR$* $: $1 $| $>RelayTLS client authenticated? 199306f25ae9SGregory Neil ShapiroR$* $| $# $+ $# $2 error/ok? 199406f25ae9SGregory Neil ShapiroR$* $| $* $: $1 no 199506f25ae9SGregory Neil Shapiro 199640266059SGregory Neil ShapiroR$* $: $1 $| $>"Local_Relay_Auth" $&{auth_type} 199740266059SGregory Neil Shapirodnl workspace: localpart<@domain> $| result of Local_Relay_Auth 199840266059SGregory Neil ShapiroR$* $| $# $* $# $2 199940266059SGregory Neil Shapirodnl if Local_Relay_Auth returns NO then do not check $={TrustAuthMech} 200040266059SGregory Neil ShapiroR$* $| NO $: $1 200140266059SGregory Neil ShapiroR$* $| $* $: $1 $| $&{auth_type} 200240266059SGregory Neil Shapirodnl workspace: localpart<@domain> [ $| ${auth_type} ] 200306f25ae9SGregory Neil Shapirodnl empty ${auth_type}? 200406f25ae9SGregory Neil ShapiroR$* $| $: $1 200506f25ae9SGregory Neil Shapirodnl mechanism ${auth_type} accepted? 200606f25ae9SGregory Neil Shapirodnl use $# to override further tests (delay_checks): see check_rcpt below 200740266059SGregory Neil ShapiroR$* $| $={TrustAuthMech} $# RELAY 200840266059SGregory Neil Shapirodnl remove ${auth_type} 200906f25ae9SGregory Neil ShapiroR$* $| $* $: $1 2010193538b7SGregory Neil Shapirodnl workspace: localpart<@domain> | localpart 201106f25ae9SGregory Neil Shapiroifelse(defn(`_NO_UUCP_'), `r', 2012193538b7SGregory Neil Shapiro`R$* ! $* < @ $* > $: <REMOTE> $2 < @ BANG_PATH > 2013193538b7SGregory Neil ShapiroR$* ! $* $: <REMOTE> $2 < @ BANG_PATH >', `dnl') 2014c2aa98e2SPeter Wemm# anything terminating locally is ok 2015c2aa98e2SPeter Wemmifdef(`_RELAY_ENTIRE_DOMAIN_', `dnl 201640266059SGregory Neil ShapiroR$+ < @ $* $=m > $@ RELAY', `dnl') 201740266059SGregory Neil ShapiroR$+ < @ $=w > $@ RELAY 2018c2aa98e2SPeter Wemmifdef(`_RELAY_HOSTS_ONLY_', 201940266059SGregory Neil Shapiro`R$+ < @ $=R > $@ RELAY 202006f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 202106f25ae9SGregory Neil ShapiroR$+ < @ $+ > $: <$(access To:$2 $: ? $)> <$1 < @ $2 >> 202206f25ae9SGregory Neil Shapirodnl workspace: <Result-of-lookup | ?> <localpart<@domain>> 202306f25ae9SGregory Neil ShapiroR<?> <$+ < @ $+ >> $: <$(access $2 $: ? $)> <$1 < @ $2 >>',`dnl')', 202440266059SGregory Neil Shapiro`R$+ < @ $* $=R > $@ RELAY 202506f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 202640266059SGregory Neil ShapiroR$+ < @ $+ > $: $>D <$2> <?> <+ To> <$1 < @ $2 >>',`dnl')') 202706f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 202806f25ae9SGregory Neil Shapirodnl workspace: <Result-of-lookup | ?> <localpart<@domain>> 202940266059SGregory Neil ShapiroR<RELAY> $* $@ RELAY 203040266059SGregory Neil Shapiroifdef(`_ATMPF_', `R<$* _ATMPF_> $* $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl') 2031c2aa98e2SPeter WemmR<$*> <$*> $: $2',`dnl') 2032c2aa98e2SPeter Wemm 203306f25ae9SGregory Neil Shapiro 2034c2aa98e2SPeter Wemmifdef(`_RELAY_MX_SERVED_', `dnl 2035c2aa98e2SPeter Wemm# allow relaying for hosts which we MX serve 203606f25ae9SGregory Neil ShapiroR$+ < @ $+ > $: < : $(mxserved $2 $) : > $1 < @ $2 > 203706f25ae9SGregory Neil Shapirodnl this must not necessarily happen if the client is checked first... 203840266059SGregory Neil ShapiroR< : $* <TEMP> : > $* $#TEMP $@ 4.7.1 $: "450 Can not check MX records for recipient host " $1 203940266059SGregory Neil ShapiroR<$* : $=w . : $*> $* $@ RELAY 2040065a643dSPeter WemmR< : $* : > $* $: $2', 2041c2aa98e2SPeter Wemm`dnl') 2042c2aa98e2SPeter Wemm 2043c2aa98e2SPeter Wemm# check for local user (i.e. unqualified address) 2044c2aa98e2SPeter WemmR$* $: <?> $1 2045065a643dSPeter WemmR<?> $* < @ $+ > $: <REMOTE> $1 < @ $2 > 2046c2aa98e2SPeter Wemm# local user is ok 204706f25ae9SGregory Neil Shapirodnl is it really? the standard requires user@domain, not just user 204806f25ae9SGregory Neil Shapirodnl but we should accept it anyway (maybe making it an option: 204906f25ae9SGregory Neil Shapirodnl RequireFQDN ?) 205006f25ae9SGregory Neil Shapirodnl postmaster must be accepted without domain (DRUMS) 205106f25ae9SGregory Neil Shapiroifdef(`_REQUIRE_QUAL_RCPT_', `dnl 205240266059SGregory Neil ShapiroR<?> postmaster $@ OK 205306f25ae9SGregory Neil Shapiro# require qualified recipient? 205406f25ae9SGregory Neil Shapirodnl prepend daemon_flags 205506f25ae9SGregory Neil ShapiroR<?> $+ $: $&{daemon_flags} $| <?> $1 205606f25ae9SGregory Neil Shapirodnl workspace: ${daemon_flags} $| <?> localpart 205706f25ae9SGregory Neil Shapirodnl do not allow these at all or only from local systems? 205806f25ae9SGregory Neil Shapirodnl r flag? add client_name 205906f25ae9SGregory Neil ShapiroR$* r $* $| <?> $+ $: < ? $&{client_name} > <?> $3 206006f25ae9SGregory Neil Shapirodnl no r flag: relay to local user (only local part) 206106f25ae9SGregory Neil Shapiro# no qualified recipient required 206240266059SGregory Neil ShapiroR$* $| <?> $+ $@ RELAY 206306f25ae9SGregory Neil Shapirodnl client_name is empty 206440266059SGregory Neil ShapiroR<?> <?> $+ $@ RELAY 206506f25ae9SGregory Neil Shapirodnl client_name is local 206640266059SGregory Neil ShapiroR<? $=w> <?> $+ $@ RELAY 206706f25ae9SGregory Neil Shapirodnl client_name is not local 206806f25ae9SGregory Neil ShapiroR<? $+> $+ $#error $@ 5.5.4 $: "553 Domain name required"', `dnl 206906f25ae9SGregory Neil Shapirodnl no qualified recipient required 207040266059SGregory Neil ShapiroR<?> $+ $@ RELAY') 207106f25ae9SGregory Neil Shapirodnl it is a remote user: remove mark and then check client 2072c2aa98e2SPeter WemmR<$+> $* $: $2 207306f25ae9SGregory Neil Shapirodnl currently the recipient address is not used below 2074c2aa98e2SPeter Wemm 207540266059SGregory Neil Shapiro###################################################################### 207640266059SGregory Neil Shapiro### Relay_ok: is the relay/sender ok? 207740266059SGregory Neil Shapirodnl input: ignored 207840266059SGregory Neil Shapirodnl output: see explanation at call 207940266059SGregory Neil Shapiro###################################################################### 208040266059SGregory Neil ShapiroSRelay_ok 2081c2aa98e2SPeter Wemm# anything originating locally is ok 2082c2aa98e2SPeter Wemm# check IP address 2083c2aa98e2SPeter WemmR$* $: $&{client_addr} 208440266059SGregory Neil ShapiroR$@ $@ RELAY originated locally 208540266059SGregory Neil ShapiroR0 $@ RELAY originated locally 208640266059SGregory Neil ShapiroR$=R $* $@ RELAY relayable IP address 208706f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 208840266059SGregory Neil ShapiroR$* $: $>A <$1> <?> <+ Connect> <$1> 208940266059SGregory Neil ShapiroR<RELAY> $* $@ RELAY relayable IP address 209040266059SGregory Neil Shapiroifdef(`_ATMPF_', `R<_ATMPF_> $* $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl') 2091c2aa98e2SPeter WemmR<$*> <$*> $: $2', `dnl') 2092c2aa98e2SPeter WemmR$* $: [ $1 ] put brackets around it... 209340266059SGregory Neil ShapiroR$=w $@ RELAY ... and see if it is local 2094c2aa98e2SPeter Wemm 209506f25ae9SGregory Neil Shapiroifdef(`_RELAY_DB_FROM_', `define(`_RELAY_MAIL_FROM_', `1')')dnl 209606f25ae9SGregory Neil Shapiroifdef(`_RELAY_LOCAL_FROM_', `define(`_RELAY_MAIL_FROM_', `1')')dnl 209706f25ae9SGregory Neil Shapiroifdef(`_RELAY_MAIL_FROM_', `dnl 209806f25ae9SGregory Neil Shapirodnl input: {client_addr} or something "broken" 209906f25ae9SGregory Neil Shapirodnl just throw the input away; we do not need it. 210006f25ae9SGregory Neil Shapiro# check whether FROM is allowed to use system as relay 210106f25ae9SGregory Neil ShapiroR$* $: <?> $>CanonAddr $&f 210240266059SGregory Neil ShapiroR<?> $+ < @ $+ . > <?> $1 < @ $2 > remove trailing dot 2103c2aa98e2SPeter Wemmifdef(`_RELAY_LOCAL_FROM_', `dnl 210406f25ae9SGregory Neil Shapiro# check whether local FROM is ok 210540266059SGregory Neil ShapiroR<?> $+ < @ $=w > $@ RELAY FROM local', `dnl') 210606f25ae9SGregory Neil Shapiroifdef(`_RELAY_DB_FROM_', `dnl 210740266059SGregory Neil ShapiroR<?> $+ < @ $+ > $: <@> $>SearchList <! From> $| <F:$1@$2> ifdef(`_RELAY_DB_FROM_DOMAIN_', `<D:$2>') <> 210840266059SGregory Neil ShapiroR<@> <RELAY> $@ RELAY RELAY FROM sender ok 210940266059SGregory Neil Shapiroifdef(`_ATMPF_', `R<@> <_ATMPF_> $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl') 211040266059SGregory Neil Shapiro', `dnl 211140266059SGregory Neil Shapiroifdef(`_RELAY_DB_FROM_DOMAIN_', 211240266059SGregory Neil Shapiro`errprint(`*** ERROR: _RELAY_DB_FROM_DOMAIN_ requires _RELAY_DB_FROM_ 211306f25ae9SGregory Neil Shapiro')', 211406f25ae9SGregory Neil Shapiro`dnl') 211506f25ae9SGregory Neil Shapirodnl')', `dnl') 211640266059SGregory Neil Shapirodnl notice: the rulesets above do not leave a unique workspace behind. 211740266059SGregory Neil Shapirodnl it does not matter in this case because the following rule ignores 211840266059SGregory Neil Shapirodnl the input. otherwise these rules must "clean up" the workspace. 211906f25ae9SGregory Neil Shapiro 212006f25ae9SGregory Neil Shapiro# check client name: first: did it resolve? 212106f25ae9SGregory Neil Shapirodnl input: ignored 212206f25ae9SGregory Neil ShapiroR$* $: < $&{client_resolve} > 212340266059SGregory Neil ShapiroR<TEMP> $#TEMP $@ 4.7.1 $: "450 Relaying temporarily denied. Cannot resolve PTR record for " $&{client_addr} 212406f25ae9SGregory Neil ShapiroR<FORGED> $#error $@ 5.7.1 $: "550 Relaying denied. IP name possibly forged " $&{client_name} 212506f25ae9SGregory Neil ShapiroR<FAIL> $#error $@ 5.7.1 $: "550 Relaying denied. IP name lookup failed " $&{client_name} 212606f25ae9SGregory Neil Shapirodnl ${client_resolve} should be OK, so go ahead 212740266059SGregory Neil ShapiroR$* $: <@> $&{client_name} 212806f25ae9SGregory Neil Shapirodnl should not be necessary since it has been done for client_addr already 212940266059SGregory Neil ShapiroR<@> $@ RELAY 213040266059SGregory Neil Shapirodnl workspace: <@> ${client_name} (not empty) 213140266059SGregory Neil Shapiro# pass to name server to make hostname canonical 213240266059SGregory Neil ShapiroR<@> $* $=P $:<?> $1 $2 213340266059SGregory Neil ShapiroR<@> $+ $:<?> $[ $1 $] 213440266059SGregory Neil Shapirodnl workspace: <?> ${client_name} (canonified) 213540266059SGregory Neil ShapiroR$* . $1 strip trailing dots 213606f25ae9SGregory Neil Shapiroifdef(`_RELAY_ENTIRE_DOMAIN_', `dnl 213740266059SGregory Neil ShapiroR<?> $* $=m $@ RELAY', `dnl') 213840266059SGregory Neil ShapiroR<?> $=w $@ RELAY 213906f25ae9SGregory Neil Shapiroifdef(`_RELAY_HOSTS_ONLY_', 214040266059SGregory Neil Shapiro`R<?> $=R $@ RELAY 214106f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 214206f25ae9SGregory Neil ShapiroR<?> $* $: <$(access Connect:$1 $: ? $)> <$1> 214306f25ae9SGregory Neil ShapiroR<?> <$*> $: <$(access $1 $: ? $)> <$1>',`dnl')', 214440266059SGregory Neil Shapiro`R<?> $* $=R $@ RELAY 214506f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 214640266059SGregory Neil ShapiroR<?> $* $: $>D <$1> <?> <+ Connect> <$1>',`dnl')') 214706f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 214840266059SGregory Neil ShapiroR<RELAY> $* $@ RELAY 214940266059SGregory Neil Shapiroifdef(`_ATMPF_', `R<$* _ATMPF_> $* $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl') 215006f25ae9SGregory Neil ShapiroR<$*> <$*> $: $2',`dnl') 215140266059SGregory Neil Shapirodnl end of _PROMISCUOUS_RELAY_ 215206f25ae9SGregory Neil Shapirodivert(0) 215306f25ae9SGregory Neil Shapiroifdef(`_DELAY_CHECKS_',`dnl 215406f25ae9SGregory Neil Shapiro# turn a canonical address in the form user<@domain> 215506f25ae9SGregory Neil Shapiro# qualify unqual. addresses with $j 215606f25ae9SGregory Neil Shapirodnl it might have been only user (without <@domain>) 215706f25ae9SGregory Neil ShapiroSFullAddr 215806f25ae9SGregory Neil ShapiroR$* <@ $+ . > $1 <@ $2 > 215906f25ae9SGregory Neil ShapiroR$* <@ $* > $@ $1 <@ $2 > 216006f25ae9SGregory Neil ShapiroR$+ $@ $1 <@ $j > 2161c2aa98e2SPeter Wemm 216206f25ae9SGregory Neil Shapiro# call all necessary rulesets 216306f25ae9SGregory Neil ShapiroScheck_rcpt 216406f25ae9SGregory Neil Shapirodnl this test should be in the Basic_check_rcpt ruleset 216506f25ae9SGregory Neil Shapirodnl which is the correct DSN code? 216606f25ae9SGregory Neil Shapiro# R$@ $#error $@ 5.1.3 $: "553 Recipient address required" 216706f25ae9SGregory Neil ShapiroR$+ $: $1 $| $>checkrcpt $1 216806f25ae9SGregory Neil Shapirodnl now we can simply stop checks by returning "$# xyz" instead of just "ok" 216906f25ae9SGregory Neil ShapiroR$+ $| $#$* $#$2 217006f25ae9SGregory Neil ShapiroR$+ $| $* $: <?> $>FullAddr $>CanonAddr $1 217106f25ae9SGregory Neil Shapiroifdef(`_SPAM_FH_', 217206f25ae9SGregory Neil Shapiro`dnl lookup user@ and user@address 217306f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `', 217406f25ae9SGregory Neil Shapiro`errprint(`*** ERROR: FEATURE(`delay_checks', `argument') requires FEATURE(`access_db') 217506f25ae9SGregory Neil Shapiro')')dnl 217606f25ae9SGregory Neil Shapirodnl one of the next two rules is supposed to match 217706f25ae9SGregory Neil Shapirodnl this code has been copied from BLACKLIST... etc 217806f25ae9SGregory Neil Shapirodnl and simplified by omitting some < >. 217940266059SGregory Neil ShapiroR<?> $+ < @ $=w > $: <> $1 < @ $2 > $| <F: $1@$2 > <D: $2 > <U: $1@> 218040266059SGregory Neil ShapiroR<?> $+ < @ $* > $: <> $1 < @ $2 > $| <F: $1@$2 > <D: $2 > 218106f25ae9SGregory Neil Shapirodnl R<?> $@ something_is_very_wrong_here 218240266059SGregory Neil Shapiro# lookup the addresses only with Spam tag 218340266059SGregory Neil ShapiroR<> $* $| <$+> $: <@> $1 $| $>SearchList <! Spam> $| <$2> <> 218406f25ae9SGregory Neil ShapiroR<@> $* $| $* $: $2 $1 reverse result 218506f25ae9SGregory Neil Shapirodnl', `dnl') 218606f25ae9SGregory Neil Shapiroifdef(`_SPAM_FRIEND_', 218706f25ae9SGregory Neil Shapiro`# is the recipient a spam friend? 218806f25ae9SGregory Neil Shapiroifdef(`_SPAM_HATER_', 218906f25ae9SGregory Neil Shapiro `errprint(`*** ERROR: define either SpamHater or SpamFriend 219006f25ae9SGregory Neil Shapiro')', `dnl') 219140266059SGregory Neil ShapiroR<FRIEND> $+ $@ SPAMFRIEND 219206f25ae9SGregory Neil ShapiroR<$*> $+ $: $2', 219306f25ae9SGregory Neil Shapiro`dnl') 219406f25ae9SGregory Neil Shapiroifdef(`_SPAM_HATER_', 219506f25ae9SGregory Neil Shapiro`# is the recipient no spam hater? 219640266059SGregory Neil ShapiroR<HATER> $+ $: $1 spam hater: continue checks 219706f25ae9SGregory Neil ShapiroR<$*> $+ $@ NOSPAMHATER everyone else: stop 219806f25ae9SGregory Neil Shapirodnl',`dnl') 219906f25ae9SGregory Neil Shapirodnl run further checks: check_mail 220006f25ae9SGregory Neil Shapirodnl should we "clean up" $&f? 220140266059SGregory Neil Shapiroifdef(`_FFR_MAIL_MACRO', 220240266059SGregory Neil Shapiro`R$* $: $1 $| $>checkmail $&{mail_from}', 220340266059SGregory Neil Shapiro`R$* $: $1 $| $>checkmail <$&f>') 220406f25ae9SGregory Neil ShapiroR$* $| $#$* $#$2 220506f25ae9SGregory Neil Shapirodnl run further checks: check_relay 220606f25ae9SGregory Neil ShapiroR$* $: $1 $| $>checkrelay $&{client_name} $| $&{client_addr} 220706f25ae9SGregory Neil ShapiroR$* $| $#$* $#$2 220806f25ae9SGregory Neil ShapiroR$* $| $* $: $1 220906f25ae9SGregory Neil Shapiro', `dnl') 221040266059SGregory Neil Shapiro 221140266059SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl', `divert(-1)') 221240266059SGregory Neil Shapiro###################################################################### 221340266059SGregory Neil Shapiro### F: LookUpFull -- search for an entry in access database 221440266059SGregory Neil Shapiro### 221540266059SGregory Neil Shapiro### lookup of full key (which should be an address) and 221640266059SGregory Neil Shapiro### variations if +detail exists: +* and without +detail 221740266059SGregory Neil Shapiro### 221840266059SGregory Neil Shapiro### Parameters: 221940266059SGregory Neil Shapiro### <$1> -- key 222040266059SGregory Neil Shapiro### <$2> -- default (what to return if not found in db) 222140266059SGregory Neil Shapirodnl must not be empty 222240266059SGregory Neil Shapiro### <$3> -- mark (must be <(!|+) single-token>) 222340266059SGregory Neil Shapiro### ! does lookup only with tag 222440266059SGregory Neil Shapiro### + does lookup with and without tag 222540266059SGregory Neil Shapiro### <$4> -- passthru (additional data passed unchanged through) 222640266059SGregory Neil Shapirodnl returns: <default> <passthru> 222740266059SGregory Neil Shapirodnl <result> <passthru> 222840266059SGregory Neil Shapiro###################################################################### 222940266059SGregory Neil Shapiro 223040266059SGregory Neil ShapiroSF 223140266059SGregory Neil Shapirodnl workspace: <key> <def> <o tag> <thru> 223240266059SGregory Neil Shapirodnl full lookup 223340266059SGregory Neil Shapirodnl 2 3 4 5 223440266059SGregory Neil ShapiroR<$+> <$*> <$- $-> <$*> $: <$(access $4`'_TAG_DELIM_`'$1 $: ? $)> <$1> <$2> <$3 $4> <$5> 223540266059SGregory Neil Shapirodnl no match, try without tag 223640266059SGregory Neil Shapirodnl 1 2 3 4 223740266059SGregory Neil ShapiroR<?> <$+> <$*> <+ $-> <$*> $: <$(access $1 $: ? $)> <$1> <$2> <+ $3> <$4> 223840266059SGregory Neil Shapirodnl no match, +detail: try +* 223940266059SGregory Neil Shapirodnl 1 2 3 4 5 6 7 224040266059SGregory Neil ShapiroR<?> <$+ + $* @ $+> <$*> <$- $-> <$*> 224140266059SGregory Neil Shapiro $: <$(access $6`'_TAG_DELIM_`'$1+*@$3 $: ? $)> <$1+$2@$3> <$4> <$5 $6> <$7> 224240266059SGregory Neil Shapirodnl no match, +detail: try +* without tag 224340266059SGregory Neil Shapirodnl 1 2 3 4 5 6 224440266059SGregory Neil ShapiroR<?> <$+ + $* @ $+> <$*> <+ $-> <$*> 224540266059SGregory Neil Shapiro $: <$(access $1+*@$3 $: ? $)> <$1+$2@$3> <$4> <+ $5> <$6> 224640266059SGregory Neil Shapirodnl no match, +detail: try without +detail 224740266059SGregory Neil Shapirodnl 1 2 3 4 5 6 7 224840266059SGregory Neil ShapiroR<?> <$+ + $* @ $+> <$*> <$- $-> <$*> 224940266059SGregory Neil Shapiro $: <$(access $6`'_TAG_DELIM_`'$1@$3 $: ? $)> <$1+$2@$3> <$4> <$5 $6> <$7> 225040266059SGregory Neil Shapirodnl no match, +detail: try without +detail and without tag 225140266059SGregory Neil Shapirodnl 1 2 3 4 5 6 225240266059SGregory Neil ShapiroR<?> <$+ + $* @ $+> <$*> <+ $-> <$*> 225340266059SGregory Neil Shapiro $: <$(access $1@$3 $: ? $)> <$1+$2@$3> <$4> <+ $5> <$6> 225440266059SGregory Neil Shapirodnl no match, return <default> <passthru> 225540266059SGregory Neil Shapirodnl 1 2 3 4 5 225640266059SGregory Neil ShapiroR<?> <$+> <$*> <$- $-> <$*> $@ <$2> <$5> 225740266059SGregory Neil Shapiroifdef(`_ATMPF_', `dnl tempfail? 225840266059SGregory Neil Shapirodnl 2 3 4 5 225940266059SGregory Neil ShapiroR<$+ _ATMPF_> <$*> <$- $-> <$*> $@ <_ATMPF_> <$5>', `dnl') 226040266059SGregory Neil Shapirodnl match, return <match> <passthru> 226140266059SGregory Neil Shapirodnl 2 3 4 5 226240266059SGregory Neil ShapiroR<$+> <$*> <$- $-> <$*> $@ <$1> <$5> 226340266059SGregory Neil Shapiro 226440266059SGregory Neil Shapiro###################################################################### 226540266059SGregory Neil Shapiro### E: LookUpExact -- search for an entry in access database 226640266059SGregory Neil Shapiro### 226740266059SGregory Neil Shapiro### Parameters: 226840266059SGregory Neil Shapiro### <$1> -- key 226940266059SGregory Neil Shapiro### <$2> -- default (what to return if not found in db) 227040266059SGregory Neil Shapirodnl must not be empty 227140266059SGregory Neil Shapiro### <$3> -- mark (must be <(!|+) single-token>) 227240266059SGregory Neil Shapiro### ! does lookup only with tag 227340266059SGregory Neil Shapiro### + does lookup with and without tag 227440266059SGregory Neil Shapiro### <$4> -- passthru (additional data passed unchanged through) 227540266059SGregory Neil Shapirodnl returns: <default> <passthru> 227640266059SGregory Neil Shapirodnl <result> <passthru> 227740266059SGregory Neil Shapiro###################################################################### 227840266059SGregory Neil Shapiro 227940266059SGregory Neil ShapiroSE 228040266059SGregory Neil Shapirodnl 2 3 4 5 228140266059SGregory Neil ShapiroR<$*> <$*> <$- $-> <$*> $: <$(access $4`'_TAG_DELIM_`'$1 $: ? $)> <$1> <$2> <$3 $4> <$5> 228240266059SGregory Neil Shapirodnl no match, try without tag 228340266059SGregory Neil Shapirodnl 1 2 3 4 228440266059SGregory Neil ShapiroR<?> <$+> <$*> <+ $-> <$*> $: <$(access $1 $: ? $)> <$1> <$2> <+ $3> <$4> 228540266059SGregory Neil Shapirodnl no match, return default passthru 228640266059SGregory Neil Shapirodnl 1 2 3 4 5 228740266059SGregory Neil ShapiroR<?> <$+> <$*> <$- $-> <$*> $@ <$2> <$5> 228840266059SGregory Neil Shapiroifdef(`_ATMPF_', `dnl tempfail? 228940266059SGregory Neil Shapirodnl 2 3 4 5 229040266059SGregory Neil ShapiroR<$+ _ATMPF_> <$*> <$- $-> <$*> $@ <_ATMPF_> <$5>', `dnl') 229140266059SGregory Neil Shapirodnl match, return <match> <passthru> 229240266059SGregory Neil Shapirodnl 2 3 4 5 229340266059SGregory Neil ShapiroR<$+> <$*> <$- $-> <$*> $@ <$1> <$5> 229440266059SGregory Neil Shapiro 229540266059SGregory Neil Shapiro###################################################################### 229640266059SGregory Neil Shapiro### U: LookUpUser -- search for an entry in access database 229740266059SGregory Neil Shapiro### 229840266059SGregory Neil Shapiro### lookup of key (which should be a local part) and 229940266059SGregory Neil Shapiro### variations if +detail exists: +* and without +detail 230040266059SGregory Neil Shapiro### 230140266059SGregory Neil Shapiro### Parameters: 230240266059SGregory Neil Shapiro### <$1> -- key (user@) 230340266059SGregory Neil Shapiro### <$2> -- default (what to return if not found in db) 230440266059SGregory Neil Shapirodnl must not be empty 230540266059SGregory Neil Shapiro### <$3> -- mark (must be <(!|+) single-token>) 230640266059SGregory Neil Shapiro### ! does lookup only with tag 230740266059SGregory Neil Shapiro### + does lookup with and without tag 230840266059SGregory Neil Shapiro### <$4> -- passthru (additional data passed unchanged through) 230940266059SGregory Neil Shapirodnl returns: <default> <passthru> 231040266059SGregory Neil Shapirodnl <result> <passthru> 231140266059SGregory Neil Shapiro###################################################################### 231240266059SGregory Neil Shapiro 231340266059SGregory Neil ShapiroSU 231440266059SGregory Neil Shapirodnl user lookups are always with trailing @ 231540266059SGregory Neil Shapirodnl 2 3 4 5 231640266059SGregory Neil ShapiroR<$+> <$*> <$- $-> <$*> $: <$(access $4`'_TAG_DELIM_`'$1 $: ? $)> <$1> <$2> <$3 $4> <$5> 231740266059SGregory Neil Shapirodnl no match, try without tag 231840266059SGregory Neil Shapirodnl 1 2 3 4 231940266059SGregory Neil ShapiroR<?> <$+> <$*> <+ $-> <$*> $: <$(access $1 $: ? $)> <$1> <$2> <+ $3> <$4> 232040266059SGregory Neil Shapirodnl do not remove the @ from the lookup: 232140266059SGregory Neil Shapirodnl it is part of the +detail@ which is omitted for the lookup 232240266059SGregory Neil Shapirodnl no match, +detail: try +* 232340266059SGregory Neil Shapirodnl 1 2 3 4 5 6 232440266059SGregory Neil ShapiroR<?> <$+ + $* @> <$*> <$- $-> <$*> 232540266059SGregory Neil Shapiro $: <$(access $5`'_TAG_DELIM_`'$1+*@ $: ? $)> <$1+$2@> <$3> <$4 $5> <$6> 232640266059SGregory Neil Shapirodnl no match, +detail: try +* without tag 232740266059SGregory Neil Shapirodnl 1 2 3 4 5 232840266059SGregory Neil ShapiroR<?> <$+ + $* @> <$*> <+ $-> <$*> 232940266059SGregory Neil Shapiro $: <$(access $1+*@ $: ? $)> <$1+$2@> <$3> <+ $4> <$5> 233040266059SGregory Neil Shapirodnl no match, +detail: try without +detail 233140266059SGregory Neil Shapirodnl 1 2 3 4 5 6 233240266059SGregory Neil ShapiroR<?> <$+ + $* @> <$*> <$- $-> <$*> 233340266059SGregory Neil Shapiro $: <$(access $5`'_TAG_DELIM_`'$1@ $: ? $)> <$1+$2@> <$3> <$4 $5> <$6> 233440266059SGregory Neil Shapirodnl no match, +detail: try without +detail and without tag 233540266059SGregory Neil Shapirodnl 1 2 3 4 5 233640266059SGregory Neil ShapiroR<?> <$+ + $* @> <$*> <+ $-> <$*> 233740266059SGregory Neil Shapiro $: <$(access $1@ $: ? $)> <$1+$2@> <$3> <+ $4> <$5> 233840266059SGregory Neil Shapirodnl no match, return <default> <passthru> 233940266059SGregory Neil Shapirodnl 1 2 3 4 5 234040266059SGregory Neil ShapiroR<?> <$+> <$*> <$- $-> <$*> $@ <$2> <$5> 234140266059SGregory Neil Shapiroifdef(`_ATMPF_', `dnl tempfail? 234240266059SGregory Neil Shapirodnl 2 3 4 5 234340266059SGregory Neil ShapiroR<$+ _ATMPF_> <$*> <$- $-> <$*> $@ <_ATMPF_> <$5>', `dnl') 234440266059SGregory Neil Shapirodnl match, return <match> <passthru> 234540266059SGregory Neil Shapirodnl 2 3 4 5 234640266059SGregory Neil ShapiroR<$+> <$*> <$- $-> <$*> $@ <$1> <$5> 234740266059SGregory Neil Shapiro 234806f25ae9SGregory Neil Shapiro###################################################################### 234906f25ae9SGregory Neil Shapiro### SearchList: search a list of items in the access map 235006f25ae9SGregory Neil Shapiro### Parameters: 235106f25ae9SGregory Neil Shapiro### <exact tag> $| <mark:address> <mark:address> ... <> 235206f25ae9SGregory Neil Shapirodnl maybe we should have a @ (again) in front of the mark to 235306f25ae9SGregory Neil Shapirodnl avoid errorneous matches (with error messages?) 235406f25ae9SGregory Neil Shapirodnl if we can make sure that tag is always a single token 235506f25ae9SGregory Neil Shapirodnl then we can omit the delimiter $|, otherwise we need it 235640266059SGregory Neil Shapirodnl to avoid errorneous matchs (first rule: D: if there 235706f25ae9SGregory Neil Shapirodnl is that mark somewhere in the list, it will be taken). 235806f25ae9SGregory Neil Shapirodnl moreover, we can do some tricks to enforce lookup with 235906f25ae9SGregory Neil Shapirodnl the tag only, e.g.: 236006f25ae9SGregory Neil Shapiro### where "exact" is either "+" or "!": 236106f25ae9SGregory Neil Shapiro### <+ TAG> lookup with and w/o tag 236206f25ae9SGregory Neil Shapiro### <! TAG> lookup with tag 236306f25ae9SGregory Neil Shapirodnl Warning: + and ! should be in OperatorChars (otherwise there must be 236406f25ae9SGregory Neil Shapirodnl a blank between them and the tag. 236506f25ae9SGregory Neil Shapiro### possible values for "mark" are: 236640266059SGregory Neil Shapiro### D: recursive host lookup (LookUpDomain) 236706f25ae9SGregory Neil Shapirodnl A: recursive address lookup (LookUpAddress) [not yet required] 236806f25ae9SGregory Neil Shapiro### E: exact lookup, no modifications 236906f25ae9SGregory Neil Shapiro### F: full lookup, try user+ext@domain and user@domain 237006f25ae9SGregory Neil Shapiro### U: user lookup, try user+ext and user (input must have trailing @) 237106f25ae9SGregory Neil Shapiro### return: <RHS of lookup> or <?> (not found) 237206f25ae9SGregory Neil Shapiro###################################################################### 237306f25ae9SGregory Neil Shapiro 237406f25ae9SGregory Neil Shapiro# class with valid marks for SearchList 237506f25ae9SGregory Neil Shapirodnl if A is activated: add it 237640266059SGregory Neil ShapiroC{src}E F D U ifdef(`_FFR_SRCHLIST_A', `A') 237706f25ae9SGregory Neil ShapiroSSearchList 237840266059SGregory Neil Shapiro# just call the ruleset with the name of the tag... nice trick... 237940266059SGregory Neil Shapirodnl 2 3 4 238040266059SGregory Neil ShapiroR<$+> $| <$={src}:$*> <$*> $: <$1> $| <$4> $| $>$2 <$3> <?> <$1> <> 238140266059SGregory Neil Shapirodnl workspace: <o tag> $| <rest> $| <result of lookup> <> 238240266059SGregory Neil Shapirodnl no match and nothing left: return 238340266059SGregory Neil ShapiroR<$+> $| <> $| <?> <> $@ <?> 238440266059SGregory Neil Shapirodnl no match but something left: continue 238540266059SGregory Neil ShapiroR<$+> $| <$+> $| <?> <> $@ $>SearchList <$1> $| <$2> 238640266059SGregory Neil Shapirodnl match: return 238740266059SGregory Neil ShapiroR<$+> $| <$*> $| <$+> <> $@ <$3> 238806f25ae9SGregory Neil Shapirodnl return result from recursive invocation 238940266059SGregory Neil ShapiroR<$+> $| <$+> $@ <$2> 239040266059SGregory Neil Shapirodnl endif _ACCESS_TABLE_ 239140266059SGregory Neil Shapirodivert(0) 239206f25ae9SGregory Neil Shapiro 239340266059SGregory Neil Shapiro###################################################################### 239440266059SGregory Neil Shapiro### trust_auth: is user trusted to authenticate as someone else? 239540266059SGregory Neil Shapiro### 239640266059SGregory Neil Shapiro### Parameters: 239740266059SGregory Neil Shapiro### $1: AUTH= parameter from MAIL command 239840266059SGregory Neil Shapiro###################################################################### 239940266059SGregory Neil Shapiro 240040266059SGregory Neil Shapirodnl empty ruleset definition so it can be called 240140266059SGregory Neil ShapiroSLocal_trust_auth 240206f25ae9SGregory Neil ShapiroStrust_auth 240306f25ae9SGregory Neil ShapiroR$* $: $&{auth_type} $| $1 240406f25ae9SGregory Neil Shapiro# required by RFC 2554 section 4. 240506f25ae9SGregory Neil ShapiroR$@ $| $* $#error $@ 5.7.1 $: "550 not authenticated" 240606f25ae9SGregory Neil Shapirodnl seems to be useful... 240706f25ae9SGregory Neil ShapiroR$* $| $&{auth_authen} $@ identical 240806f25ae9SGregory Neil ShapiroR$* $| <$&{auth_authen}> $@ identical 240906f25ae9SGregory Neil Shapirodnl call user supplied code 241006f25ae9SGregory Neil ShapiroR$* $| $* $: $1 $| $>"Local_trust_auth" $1 241106f25ae9SGregory Neil ShapiroR$* $| $#$* $#$2 241206f25ae9SGregory Neil Shapirodnl default: error 241306f25ae9SGregory Neil ShapiroR$* $#error $@ 5.7.1 $: "550 " $&{auth_authen} " not allowed to act as " $&{auth_author} 241406f25ae9SGregory Neil Shapiro 241540266059SGregory Neil Shapiro###################################################################### 241640266059SGregory Neil Shapiro### Relay_Auth: allow relaying based on authentication? 241740266059SGregory Neil Shapiro### 241840266059SGregory Neil Shapiro### Parameters: 241940266059SGregory Neil Shapiro### $1: ${auth_type} 242040266059SGregory Neil Shapiro###################################################################### 242140266059SGregory Neil ShapiroSLocal_Relay_Auth 242206f25ae9SGregory Neil Shapiro 242340266059SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 242440266059SGregory Neil Shapiro###################################################################### 242540266059SGregory Neil Shapiro### srv_features: which features to offer to a client? 242640266059SGregory Neil Shapiro### (done in server) 242740266059SGregory Neil Shapiro###################################################################### 242840266059SGregory Neil ShapiroSsrv_features 242940266059SGregory Neil Shapiroifdef(`_LOCAL_SRV_FEATURES_', `dnl 243040266059SGregory Neil ShapiroR$* $: $1 $| $>"Local_srv_features" $1 243140266059SGregory Neil ShapiroR$* $| $#$* $#$2 243240266059SGregory Neil ShapiroR$* $| $* $: $1', `dnl') 243340266059SGregory Neil ShapiroR$* $: $>D <$&{client_name}> <?> <! SRV_FEAT_TAG> <> 243440266059SGregory Neil ShapiroR<?>$* $: $>A <$&{client_addr}> <?> <! SRV_FEAT_TAG> <> 243540266059SGregory Neil ShapiroR<?>$* $: <$(access SRV_FEAT_TAG`'_TAG_DELIM_ $: ? $)> 243606f25ae9SGregory Neil ShapiroR<?>$* $@ OK 243740266059SGregory Neil Shapiroifdef(`_ATMPF_', `dnl tempfail? 243840266059SGregory Neil ShapiroR<$* _ATMPF_>$* $#temp', `dnl') 243940266059SGregory Neil ShapiroR<$+>$* $# $1 244006f25ae9SGregory Neil Shapiro 244140266059SGregory Neil Shapiro###################################################################### 244240266059SGregory Neil Shapiro### try_tls: try to use STARTTLS? 244340266059SGregory Neil Shapiro### (done in client) 244440266059SGregory Neil Shapiro###################################################################### 244506f25ae9SGregory Neil ShapiroStry_tls 244640266059SGregory Neil Shapiroifdef(`_LOCAL_TRY_TLS_', `dnl 244740266059SGregory Neil ShapiroR$* $: $1 $| $>"Local_try_tls" $1 244840266059SGregory Neil ShapiroR$* $| $#$* $#$2 244940266059SGregory Neil ShapiroR$* $| $* $: $1', `dnl') 245040266059SGregory Neil ShapiroR$* $: $>D <$&{server_name}> <?> <! TLS_TRY_TAG> <> 245140266059SGregory Neil ShapiroR<?>$* $: $>A <$&{server_addr}> <?> <! TLS_TRY_TAG> <> 245240266059SGregory Neil ShapiroR<?>$* $: <$(access TLS_TRY_TAG`'_TAG_DELIM_ $: ? $)> 245306f25ae9SGregory Neil ShapiroR<?>$* $@ OK 245440266059SGregory Neil Shapiroifdef(`_ATMPF_', `dnl tempfail? 245540266059SGregory Neil ShapiroR<$* _ATMPF_>$* $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl') 2456193538b7SGregory Neil ShapiroR<NO>$* $#error $@ 5.7.1 $: "550 do not try TLS with " $&{server_name} " ["$&{server_addr}"]" 245706f25ae9SGregory Neil Shapiro 245840266059SGregory Neil Shapiro###################################################################### 245940266059SGregory Neil Shapiro### tls_rcpt: is connection with server "good" enough? 246040266059SGregory Neil Shapiro### (done in client, per recipient) 246140266059SGregory Neil Shapirodnl called from deliver() before RCPT command 246240266059SGregory Neil Shapiro### 246340266059SGregory Neil Shapiro### Parameters: 246440266059SGregory Neil Shapiro### $1: recipient 246540266059SGregory Neil Shapiro###################################################################### 246640266059SGregory Neil ShapiroStls_rcpt 246740266059SGregory Neil Shapiroifdef(`_LOCAL_TLS_RCPT_', `dnl 246840266059SGregory Neil ShapiroR$* $: $1 $| $>"Local_tls_rcpt" $1 246940266059SGregory Neil ShapiroR$* $| $#$* $#$2 247040266059SGregory Neil ShapiroR$* $| $* $: $1', `dnl') 247140266059SGregory Neil Shapirodnl store name of other side 247240266059SGregory Neil ShapiroR$* $: $(macro {TLS_Name} $@ $&{server_name} $) $1 247340266059SGregory Neil Shapirodnl canonify recipient address 247440266059SGregory Neil ShapiroR$+ $: <?> $>CanonAddr $1 247540266059SGregory Neil Shapirodnl strip trailing dots 247640266059SGregory Neil ShapiroR<?> $+ < @ $+ . > <?> $1 <@ $2 > 247740266059SGregory Neil Shapirodnl full address? 247840266059SGregory Neil ShapiroR<?> $+ < @ $+ > $: $1 <@ $2 > $| <F:$1@$2> <U:$1@> <D:$2> <E:> 247940266059SGregory Neil Shapirodnl only localpart? 248040266059SGregory Neil ShapiroR<?> $+ $: $1 $| <U:$1@> <E:> 248140266059SGregory Neil Shapirodnl look it up 248240266059SGregory Neil Shapirodnl also look up a default value via E: 248340266059SGregory Neil ShapiroR$* $| $+ $: $1 $| $>SearchList <! TLS_RCPT_TAG> $| $2 <> 248440266059SGregory Neil Shapirodnl found nothing: stop here 248540266059SGregory Neil ShapiroR$* $| <?> $@ OK 248640266059SGregory Neil Shapiroifdef(`_ATMPF_', `dnl tempfail? 248740266059SGregory Neil ShapiroR$* $| <$* _ATMPF_> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl') 248840266059SGregory Neil Shapirodnl use the generic routine (for now) 248940266059SGregory Neil ShapiroR$* $| <$+> $@ $>"TLS_connection" $&{verify} $| <$2>') 249040266059SGregory Neil Shapiro 249140266059SGregory Neil Shapiro###################################################################### 249240266059SGregory Neil Shapiro### tls_client: is connection with client "good" enough? 249340266059SGregory Neil Shapiro### (done in server) 249440266059SGregory Neil Shapiro### 249540266059SGregory Neil Shapiro### Parameters: 249640266059SGregory Neil Shapiro### ${verify} $| (MAIL|STARTTLS) 249740266059SGregory Neil Shapiro###################################################################### 249806f25ae9SGregory Neil Shapirodnl MAIL: called from check_mail 249906f25ae9SGregory Neil Shapirodnl STARTTLS: called from smtp() after STARTTLS has been accepted 250006f25ae9SGregory Neil ShapiroStls_client 250140266059SGregory Neil Shapiroifdef(`_LOCAL_TLS_CLIENT_', `dnl 250240266059SGregory Neil ShapiroR$* $: $1 $| $>"Local_tls_client" $1 250340266059SGregory Neil ShapiroR$* $| $#$* $#$2 250440266059SGregory Neil ShapiroR$* $| $* $: $1', `dnl') 250506f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 250640266059SGregory Neil Shapirodnl store name of other side 250740266059SGregory Neil ShapiroR$* $: $(macro {TLS_Name} $@ $&{server_name} $) $1 250806f25ae9SGregory Neil Shapirodnl ignore second arg for now 250906f25ae9SGregory Neil Shapirodnl maybe use it to distinguish permanent/temporary error? 251006f25ae9SGregory Neil Shapirodnl if MAIL: permanent (STARTTLS has not been offered) 251106f25ae9SGregory Neil Shapirodnl if STARTTLS: temporary (offered but maybe failed) 251240266059SGregory Neil ShapiroR$* $| $* $: $1 $| $>D <$&{client_name}> <?> <! TLS_CLT_TAG> <> 251340266059SGregory Neil ShapiroR$* $| <?>$* $: $1 $| $>A <$&{client_addr}> <?> <! TLS_CLT_TAG> <> 251406f25ae9SGregory Neil Shapirodnl do a default lookup: just TLS_CLT_TAG 251506f25ae9SGregory Neil ShapiroR$* $| <?>$* $: $1 $| <$(access TLS_CLT_TAG`'_TAG_DELIM_ $: ? $)> 251640266059SGregory Neil Shapiroifdef(`_ATMPF_', `dnl tempfail? 251740266059SGregory Neil ShapiroR$* $| <$* _ATMPF_> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl') 251840266059SGregory Neil ShapiroR$* $@ $>"TLS_connection" $1', `dnl 251940266059SGregory Neil ShapiroR$* $| $* $@ $>"TLS_connection" $1') 252006f25ae9SGregory Neil Shapiro 252140266059SGregory Neil Shapiro###################################################################### 252240266059SGregory Neil Shapiro### tls_server: is connection with server "good" enough? 252340266059SGregory Neil Shapiro### (done in client) 252440266059SGregory Neil Shapiro### 252540266059SGregory Neil Shapiro### Parameter: 252640266059SGregory Neil Shapiro### ${verify} 252740266059SGregory Neil Shapiro###################################################################### 252806f25ae9SGregory Neil Shapirodnl i.e. has the server been authenticated and is encryption active? 252906f25ae9SGregory Neil Shapirodnl called from deliver() after STARTTLS command 253006f25ae9SGregory Neil ShapiroStls_server 253140266059SGregory Neil Shapiroifdef(`_LOCAL_TLS_SERVER_', `dnl 253240266059SGregory Neil ShapiroR$* $: $1 $| $>"Local_tls_server" $1 253340266059SGregory Neil ShapiroR$* $| $#$* $#$2 253440266059SGregory Neil ShapiroR$* $| $* $: $1', `dnl') 253506f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 253640266059SGregory Neil Shapirodnl store name of other side 253740266059SGregory Neil ShapiroR$* $: $(macro {TLS_Name} $@ $&{server_name} $) $1 253840266059SGregory Neil ShapiroR$* $: $1 $| $>D <$&{server_name}> <?> <! TLS_SRV_TAG> <> 253940266059SGregory Neil ShapiroR$* $| <?>$* $: $1 $| $>A <$&{server_addr}> <?> <! TLS_SRV_TAG> <> 254006f25ae9SGregory Neil Shapirodnl do a default lookup: just TLS_SRV_TAG 254106f25ae9SGregory Neil ShapiroR$* $| <?>$* $: $1 $| <$(access TLS_SRV_TAG`'_TAG_DELIM_ $: ? $)> 254240266059SGregory Neil Shapiroifdef(`_ATMPF_', `dnl tempfail? 254340266059SGregory Neil ShapiroR$* $| <$* _ATMPF_> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl') 254440266059SGregory Neil ShapiroR$* $@ $>"TLS_connection" $1', `dnl 254540266059SGregory Neil ShapiroR$* $@ $>"TLS_connection" $1') 254606f25ae9SGregory Neil Shapiro 254740266059SGregory Neil Shapiro###################################################################### 254840266059SGregory Neil Shapiro### TLS_connection: is TLS connection "good" enough? 254940266059SGregory Neil Shapiro### 255040266059SGregory Neil Shapiro### Parameters: 255106f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 255240266059SGregory Neil Shapiro### ${verify} $| <Requirement> [<>]', `dnl 255340266059SGregory Neil Shapiro### ${verify}') 255440266059SGregory Neil Shapiro### Requirement: RHS from access map, may be ? for none. 255540266059SGregory Neil Shapirodnl syntax for Requirement: 255640266059SGregory Neil Shapirodnl [(PERM|TEMP)+] (VERIFY[:bits]|ENCR:bits) [+extensions] 255740266059SGregory Neil Shapirodnl extensions: could be a list of further requirements 255840266059SGregory Neil Shapirodnl for now: CN:string {cn_subject} == string 255940266059SGregory Neil Shapiro###################################################################### 256040266059SGregory Neil ShapiroSTLS_connection 256140266059SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl', `dnl use default error 256240266059SGregory Neil Shapirodnl deal with TLS handshake failures: abort 256340266059SGregory Neil ShapiroRSOFTWARE $#error $@ ifdef(`TLS_PERM_ERR', `5.7.0', `4.7.0') $: "ifdef(`TLS_PERM_ERR', `503', `403') TLS handshake." 256440266059SGregory Neil Shapirodivert(-1)') 256506f25ae9SGregory Neil Shapirodnl common ruleset for tls_{client|server} 256640266059SGregory Neil Shapirodnl input: ${verify} $| <ResultOfLookup> [<>] 256706f25ae9SGregory Neil Shapirodnl remove optional <> 256806f25ae9SGregory Neil ShapiroR$* $| <$*>$* $: $1 $| <$2> 256940266059SGregory Neil Shapirodnl workspace: ${verify} $| <ResultOfLookup> 257040266059SGregory Neil Shapiro# create the appropriate error codes 257106f25ae9SGregory Neil Shapirodnl permanent or temporary error? 257206f25ae9SGregory Neil ShapiroR$* $| <PERM + $={tls} $*> $: $1 $| <503:5.7.0> <$2 $3> 257306f25ae9SGregory Neil ShapiroR$* $| <TEMP + $={tls} $*> $: $1 $| <403:4.7.0> <$2 $3> 257406f25ae9SGregory Neil Shapirodnl default case depends on TLS_PERM_ERR 257506f25ae9SGregory Neil ShapiroR$* $| <$={tls} $*> $: $1 $| <ifdef(`TLS_PERM_ERR', `503:5.7.0', `403:4.7.0')> <$2 $3> 257640266059SGregory Neil Shapirodnl workspace: ${verify} $| [<SMTP:ESC>] <ResultOfLookup> 257740266059SGregory Neil Shapiro# deal with TLS handshake failures: abort 257806f25ae9SGregory Neil ShapiroRSOFTWARE $| <$-:$+> $* $#error $@ $2 $: $1 " TLS handshake failed." 257906f25ae9SGregory Neil Shapirodnl no <reply:dns> i.e. not requirements in the access map 258006f25ae9SGregory Neil Shapirodnl use default error 258106f25ae9SGregory Neil ShapiroRSOFTWARE $| $* $#error $@ ifdef(`TLS_PERM_ERR', `5.7.0', `4.7.0') $: "ifdef(`TLS_PERM_ERR', `503', `403') TLS handshake failed." 258240266059SGregory Neil ShapiroR$* $| <$*> <VERIFY> $: <$2> <VERIFY> <> $1 258340266059SGregory Neil Shapirodnl separate optional requirements 258440266059SGregory Neil ShapiroR$* $| <$*> <VERIFY + $+> $: <$2> <VERIFY> <$3> $1 258540266059SGregory Neil ShapiroR$* $| <$*> <$={tls}:$->$* $: <$2> <$3:$4> <> $1 258640266059SGregory Neil Shapirodnl separate optional requirements 258740266059SGregory Neil ShapiroR$* $| <$*> <$={tls}:$- + $+>$* $: <$2> <$3:$4> <$5> $1 258806f25ae9SGregory Neil Shapirodnl some other value in access map: accept 258906f25ae9SGregory Neil Shapirodnl this also allows to override the default case (if used) 259006f25ae9SGregory Neil ShapiroR$* $| $* $@ OK 259106f25ae9SGregory Neil Shapiro# authentication required: give appropriate error 259206f25ae9SGregory Neil Shapiro# other side did authenticate (via STARTTLS) 259340266059SGregory Neil Shapirodnl workspace: <SMTP:ESC> <{VERIFY,ENCR}[:BITS]> <[extensions]> ${verify} 259406f25ae9SGregory Neil Shapirodnl only verification required and it succeeded 259540266059SGregory Neil ShapiroR<$*><VERIFY> <> OK $@ OK 259640266059SGregory Neil Shapirodnl verification required and it succeeded but extensions are given 259740266059SGregory Neil Shapirodnl change it to <SMTP:ESC> <REQ:0> <extensions> 259840266059SGregory Neil ShapiroR<$*><VERIFY> <$+> OK $: <$1> <REQ:0> <$2> 259906f25ae9SGregory Neil Shapirodnl verification required + some level of encryption 260040266059SGregory Neil ShapiroR<$*><VERIFY:$-> <$*> OK $: <$1> <REQ:$2> <$3> 260106f25ae9SGregory Neil Shapirodnl just some level of encryption required 260240266059SGregory Neil ShapiroR<$*><ENCR:$-> <$*> $* $: <$1> <REQ:$2> <$3> 260340266059SGregory Neil Shapirodnl workspace: 260440266059SGregory Neil Shapirodnl 1. <SMTP:ESC> <VERIFY [:bits]> <[extensions]> {verify} (!= OK) 260540266059SGregory Neil Shapirodnl 2. <SMTP:ESC> <REQ:bits> <[extensions]> 260640266059SGregory Neil Shapirodnl verification required but ${verify} is not set (case 1.) 260740266059SGregory Neil ShapiroR<$-:$+><VERIFY $*> <$*> $#error $@ $2 $: $1 " authentication required" 260840266059SGregory Neil ShapiroR<$-:$+><VERIFY $*> <$*> FAIL $#error $@ $2 $: $1 " authentication failed" 260940266059SGregory Neil ShapiroR<$-:$+><VERIFY $*> <$*> NO $#error $@ $2 $: $1 " not authenticated" 261040266059SGregory Neil ShapiroR<$-:$+><VERIFY $*> <$*> NOT $#error $@ $2 $: $1 " no authentication requested" 261140266059SGregory Neil ShapiroR<$-:$+><VERIFY $*> <$*> NONE $#error $@ $2 $: $1 " other side does not support STARTTLS" 261206f25ae9SGregory Neil Shapirodnl some other value for ${verify} 261340266059SGregory Neil ShapiroR<$-:$+><VERIFY $*> <$*> $+ $#error $@ $2 $: $1 " authentication failure " $4 261440266059SGregory Neil Shapirodnl some level of encryption required: get the maximum level (case 2.) 261540266059SGregory Neil ShapiroR<$*><REQ:$-> <$*> $: <$1> <REQ:$2> <$3> $>max $&{cipher_bits} : $&{auth_ssf} 261606f25ae9SGregory Neil Shapirodnl compare required bits with actual bits 261740266059SGregory Neil ShapiroR<$*><REQ:$-> <$*> $- $: <$1> <$2:$4> <$3> $(arith l $@ $4 $@ $2 $) 261840266059SGregory Neil ShapiroR<$-:$+><$-:$-> <$*> TRUE $#error $@ $2 $: $1 " encryption too weak " $4 " less than " $3 261940266059SGregory Neil Shapirodnl strength requirements fulfilled 262040266059SGregory Neil Shapirodnl TLS Additional Requirements Separator 262140266059SGregory Neil Shapirodnl this should be something which does not appear in the extensions itself 262240266059SGregory Neil Shapirodnl @ could be part of a CN, DN, etc... 262340266059SGregory Neil Shapirodnl use < > ? those are encoded in CN, DN, ... 262440266059SGregory Neil Shapirodefine(`_TLS_ARS_', `++')dnl 262540266059SGregory Neil Shapirodnl workspace: 262640266059SGregory Neil Shapirodnl <SMTP:ESC> <REQ:bits> <extensions> result-of-compare 262740266059SGregory Neil ShapiroR<$-:$+><$-:$-> <$*> $* $: <$1:$2 _TLS_ARS_ $5> 262840266059SGregory Neil Shapirodnl workspace: <SMTP:ESC _TLS_ARS_ extensions> 262940266059SGregory Neil Shapirodnl continue: check extensions 263040266059SGregory Neil ShapiroR<$-:$+ _TLS_ARS_ > $@ OK 263140266059SGregory Neil Shapirodnl split extensions into own list 263240266059SGregory Neil ShapiroR<$-:$+ _TLS_ARS_ $+ > $: <$1:$2> <$3> 263340266059SGregory Neil ShapiroR<$-:$+> < $+ _TLS_ARS_ $+ > <$1:$2> <$3> <$4> 263440266059SGregory Neil ShapiroR<$-:$+> $+ $@ $>"TLS_req" $3 $| <$1:$2> 263506f25ae9SGregory Neil Shapiro 263640266059SGregory Neil Shapiro###################################################################### 263740266059SGregory Neil Shapiro### TLS_req: check additional TLS requirements 263840266059SGregory Neil Shapiro### 263940266059SGregory Neil Shapiro### Parameters: [<list> <of> <req>] $| <$-:$+> 264040266059SGregory Neil Shapiro### $-: SMTP reply code 264140266059SGregory Neil Shapiro### $+: Enhanced Status Code 264240266059SGregory Neil Shapirodnl further requirements for this ruleset: 264340266059SGregory Neil Shapirodnl name of "other side" is stored is {TLS_name} (client/server_name) 264440266059SGregory Neil Shapirodnl 264540266059SGregory Neil Shapirodnl currently only CN[:common_name] is implemented 264640266059SGregory Neil Shapirodnl right now this is only a logical AND 264740266059SGregory Neil Shapirodnl i.e. all requirements must be true 264840266059SGregory Neil Shapirodnl how about an OR? CN must be X or CN must be Y or .. 264940266059SGregory Neil Shapirodnl use a macro to compute this as a trivial sequential 265040266059SGregory Neil Shapirodnl operations (no precedences etc)? 265140266059SGregory Neil Shapiro###################################################################### 265240266059SGregory Neil ShapiroSTLS_req 265340266059SGregory Neil Shapirodnl no additional requirements: ok 265440266059SGregory Neil ShapiroR $| $+ $@ OK 265540266059SGregory Neil Shapirodnl require CN: but no CN specified: use name of other side 265640266059SGregory Neil ShapiroR<CN> $* $| <$+> $: <CN:$&{TLS_Name}> $1 $| <$2> 265740266059SGregory Neil Shapirodnl match, check rest 265840266059SGregory Neil ShapiroR<CN:$&{cn_subject}> $* $| <$+> $@ $>"TLS_req" $1 $| <$2> 265940266059SGregory Neil Shapirodnl CN does not match 266040266059SGregory Neil Shapirodnl 1 2 3 4 266140266059SGregory Neil ShapiroR<CN:$+> $* $| <$-:$+> $#error $@ $4 $: $3 " CN " $&{cn_subject} " does not match " $1 266240266059SGregory Neil Shapirodnl cert subject 266340266059SGregory Neil ShapiroR<CS:$&{cert_subject}> $* $| <$+> $@ $>"TLS_req" $1 $| <$2> 266440266059SGregory Neil Shapirodnl CS does not match 266540266059SGregory Neil Shapirodnl 1 2 3 4 266640266059SGregory Neil ShapiroR<CS:$+> $* $| <$-:$+> $#error $@ $4 $: $3 " CERT Subject " $&{cert_subject} " does not match " $1 266740266059SGregory Neil Shapirodnl match, check rest 266840266059SGregory Neil ShapiroR<CI:$&{cert_issuer}> $* $| <$+> $@ $>"TLS_req" $1 $| <$2> 266940266059SGregory Neil Shapirodnl CI does not match 267040266059SGregory Neil Shapirodnl 1 2 3 4 267140266059SGregory Neil ShapiroR<CI:$+> $* $| <$-:$+> $#error $@ $4 $: $3 " CERT Issuer " $&{cert_issuer} " does not match " $1 267240266059SGregory Neil Shapirodnl return from recursive call 267340266059SGregory Neil ShapiroROK $@ OK 267440266059SGregory Neil Shapiro 267540266059SGregory Neil Shapiro###################################################################### 267640266059SGregory Neil Shapiro### max: return the maximum of two values separated by : 267740266059SGregory Neil Shapiro### 267840266059SGregory Neil Shapiro### Parameters: [$-]:[$-] 267940266059SGregory Neil Shapiro###################################################################### 268006f25ae9SGregory Neil ShapiroSmax 268106f25ae9SGregory Neil ShapiroR: $: 0 268206f25ae9SGregory Neil ShapiroR:$- $: $1 268306f25ae9SGregory Neil ShapiroR$-: $: $1 268406f25ae9SGregory Neil ShapiroR$-:$- $: $(arith l $@ $1 $@ $2 $) : $1 : $2 268506f25ae9SGregory Neil ShapiroRTRUE:$-:$- $: $2 268640266059SGregory Neil ShapiroR$-:$-:$- $: $2 268740266059SGregory Neil Shapirodnl endif _ACCESS_TABLE_ 268840266059SGregory Neil Shapirodivert(0) 268906f25ae9SGregory Neil Shapiro 269040266059SGregory Neil Shapiro###################################################################### 269140266059SGregory Neil Shapiro### RelayTLS: allow relaying based on TLS authentication 269240266059SGregory Neil Shapiro### 269340266059SGregory Neil Shapiro### Parameters: 269440266059SGregory Neil Shapiro### none 269540266059SGregory Neil Shapiro###################################################################### 269640266059SGregory Neil ShapiroSRelayTLS 269706f25ae9SGregory Neil Shapiro# authenticated? 269806f25ae9SGregory Neil Shapirodnl we do not allow relaying for anyone who can present a cert 269906f25ae9SGregory Neil Shapirodnl signed by a "trusted" CA. For example, even if we put verisigns 270006f25ae9SGregory Neil Shapirodnl CA in CERTPath so we can authenticate users, we do not allow 270106f25ae9SGregory Neil Shapirodnl them to abuse our server (they might be easier to get hold of, 270206f25ae9SGregory Neil Shapirodnl but anyway). 270306f25ae9SGregory Neil Shapirodnl so here is the trick: if the verification succeeded 270406f25ae9SGregory Neil Shapirodnl we look up the cert issuer in the access map 270506f25ae9SGregory Neil Shapirodnl (maybe after extracting a part with a regular expression) 270606f25ae9SGregory Neil Shapirodnl if this returns RELAY we relay without further questions 270706f25ae9SGregory Neil Shapirodnl if it returns SUBJECT we perform a similar check on the 270806f25ae9SGregory Neil Shapirodnl cert subject. 270906f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 271040266059SGregory Neil ShapiroR$* $: <?> $&{verify} 271140266059SGregory Neil ShapiroR<?> OK $: OK authenticated: continue 271240266059SGregory Neil ShapiroR<?> $* $@ NO not authenticated 271306f25ae9SGregory Neil Shapiroifdef(`_CERT_REGEX_ISSUER_', `dnl 271440266059SGregory Neil ShapiroR$* $: $(CERTIssuer $&{cert_issuer} $)', 271540266059SGregory Neil Shapiro`R$* $: $&{cert_issuer}') 271640266059SGregory Neil ShapiroR$+ $: $(access CERTISSUER`'_TAG_DELIM_`'$1 $) 271706f25ae9SGregory Neil Shapirodnl use $# to stop further checks (delay_check) 271840266059SGregory Neil ShapiroRRELAY $# RELAY 271906f25ae9SGregory Neil Shapiroifdef(`_CERT_REGEX_SUBJECT_', `dnl 272040266059SGregory Neil ShapiroRSUBJECT $: <@> $(CERTSubject $&{cert_subject} $)', 272140266059SGregory Neil Shapiro`RSUBJECT $: <@> $&{cert_subject}') 272240266059SGregory Neil ShapiroR<@> $+ $: <@> $(access CERTSUBJECT`'_TAG_DELIM_`'$1 $) 272340266059SGregory Neil ShapiroR<@> RELAY $# RELAY 272440266059SGregory Neil ShapiroR$* $: NO', `dnl') 272540266059SGregory Neil Shapiro 272640266059SGregory Neil Shapiro###################################################################### 272740266059SGregory Neil Shapiro### authinfo: lookup authinfo in the access map 272840266059SGregory Neil Shapiro### 272940266059SGregory Neil Shapiro### Parameters: 273040266059SGregory Neil Shapiro### $1: {server_name} 273140266059SGregory Neil Shapiro### $2: {server_addr} 273240266059SGregory Neil Shapirodnl both are currently ignored 273340266059SGregory Neil Shapirodnl if it should be done via another map, we either need to restrict 273440266059SGregory Neil Shapirodnl functionality (it calls D and A) or copy those rulesets (or add another 273540266059SGregory Neil Shapirodnl parameter which I want to avoid, it's quite complex already) 273640266059SGregory Neil Shapiro###################################################################### 273740266059SGregory Neil Shapirodnl omit this ruleset if neither is defined? 273840266059SGregory Neil Shapirodnl it causes DefaultAuthInfo to be ignored 273940266059SGregory Neil Shapirodnl (which may be considered a good thing). 274040266059SGregory Neil ShapiroSauthinfo 274140266059SGregory Neil Shapiroifdef(`_AUTHINFO_TABLE_', `dnl 274240266059SGregory Neil ShapiroR$* $: <$(authinfo AuthInfo:$&{server_name} $: ? $)> 274340266059SGregory Neil ShapiroR<?> $: <$(authinfo AuthInfo:$&{server_addr} $: ? $)> 274440266059SGregory Neil ShapiroR<?> $: <$(authinfo AuthInfo: $: ? $)> 274540266059SGregory Neil ShapiroR<?> $@ no no authinfo available 274640266059SGregory Neil ShapiroR<$*> $# $1 274740266059SGregory Neil Shapirodnl', `dnl 274840266059SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 274940266059SGregory Neil ShapiroR$* $: $1 $| $>D <$&{server_name}> <?> <! AuthInfo> <> 275040266059SGregory Neil ShapiroR$* $| <?>$* $: $1 $| $>A <$&{server_addr}> <?> <! AuthInfo> <> 275140266059SGregory Neil ShapiroR$* $| <?>$* $: $1 $| <$(access AuthInfo`'_TAG_DELIM_ $: ? $)> <> 275240266059SGregory Neil ShapiroR$* $| <?>$* $@ no no authinfo available 275340266059SGregory Neil ShapiroR$* $| <$*> <> $# $2 275440266059SGregory Neil Shapirodnl', `dnl')') 275506f25ae9SGregory Neil Shapiro 275606f25ae9SGregory Neil Shapiroundivert(9)dnl LOCAL_RULESETS 275706f25ae9SGregory Neil Shapiro# 275806f25ae9SGregory Neil Shapiro###################################################################### 275906f25ae9SGregory Neil Shapiro###################################################################### 276006f25ae9SGregory Neil Shapiro##### 276106f25ae9SGregory Neil Shapiro`##### MAIL FILTER DEFINITIONS' 276206f25ae9SGregory Neil Shapiro##### 276306f25ae9SGregory Neil Shapiro###################################################################### 276406f25ae9SGregory Neil Shapiro###################################################################### 276540266059SGregory Neil Shapiro_MAIL_FILTERS_ 2766c2aa98e2SPeter Wemm# 2767c2aa98e2SPeter Wemm###################################################################### 2768c2aa98e2SPeter Wemm###################################################################### 2769c2aa98e2SPeter Wemm##### 2770c2aa98e2SPeter Wemm`##### MAILER DEFINITIONS' 2771c2aa98e2SPeter Wemm##### 2772c2aa98e2SPeter Wemm###################################################################### 2773c2aa98e2SPeter Wemm###################################################################### 277406f25ae9SGregory Neil Shapiroundivert(7)dnl MAILER_DEFINITIONS 277542e5d165SGregory Neil Shapiro 2776