1c2aa98e2SPeter Wemmdivert(-1) 2c2aa98e2SPeter Wemm# 3605302a5SGregory Neil Shapiro# Copyright (c) 1998-2002 Sendmail, Inc. and its suppliers. 406f25ae9SGregory Neil Shapiro# All rights reserved. 5c2aa98e2SPeter Wemm# Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved. 6c2aa98e2SPeter Wemm# Copyright (c) 1988, 1993 7c2aa98e2SPeter Wemm# The Regents of the University of California. All rights reserved. 8c2aa98e2SPeter Wemm# 9c2aa98e2SPeter Wemm# By using this file, you agree to the terms and conditions set 10c2aa98e2SPeter Wemm# forth in the LICENSE file which can be found at the top level of 11c2aa98e2SPeter Wemm# the sendmail distribution. 12c2aa98e2SPeter Wemm# 13c2aa98e2SPeter Wemm# 14c2aa98e2SPeter Wemmdivert(0) 15c2aa98e2SPeter Wemm 16605302a5SGregory Neil ShapiroVERSIONID(`$Id: proto.m4,v 8.639 2002/04/02 23:42:42 gshapiro Exp $') 17c2aa98e2SPeter Wemm 1806f25ae9SGregory Neil Shapiro# level CF_LEVEL config file format 1906f25ae9SGregory Neil ShapiroV`'CF_LEVEL/ifdef(`VENDOR_NAME', `VENDOR_NAME', `Berkeley') 20c2aa98e2SPeter Wemmdivert(-1) 21c2aa98e2SPeter Wemm 2240266059SGregory Neil Shapirodnl if MAILER(`local') not defined: do it ourself; be nice 2340266059SGregory Neil Shapirodnl maybe we should issue a warning? 2440266059SGregory Neil Shapiroifdef(`_MAILER_local_',`', `MAILER(local)') 2540266059SGregory Neil Shapiro 26c2aa98e2SPeter Wemm# do some sanity checking 27c2aa98e2SPeter Wemmifdef(`__OSTYPE__',, 2806f25ae9SGregory Neil Shapiro `errprint(`*** ERROR: No system type defined (use OSTYPE macro) 2906f25ae9SGregory Neil Shapiro')') 30c2aa98e2SPeter Wemm 31c2aa98e2SPeter Wemm# pick our default mailers 32c2aa98e2SPeter Wemmifdef(`confSMTP_MAILER',, `define(`confSMTP_MAILER', `esmtp')') 33c2aa98e2SPeter Wemmifdef(`confLOCAL_MAILER',, `define(`confLOCAL_MAILER', `local')') 34c2aa98e2SPeter Wemmifdef(`confRELAY_MAILER',, 35c2aa98e2SPeter Wemm `define(`confRELAY_MAILER', 36c2aa98e2SPeter Wemm `ifdef(`_MAILER_smtp_', `relay', 37c2aa98e2SPeter Wemm `ifdef(`_MAILER_uucp', `uucp-new', `unknown')')')') 38c2aa98e2SPeter Wemmifdef(`confUUCP_MAILER',, `define(`confUUCP_MAILER', `uucp-old')') 39c2aa98e2SPeter Wemmdefine(`_SMTP_', `confSMTP_MAILER')dnl for readability only 40c2aa98e2SPeter Wemmdefine(`_LOCAL_', `confLOCAL_MAILER')dnl for readability only 41c2aa98e2SPeter Wemmdefine(`_RELAY_', `confRELAY_MAILER')dnl for readability only 42c2aa98e2SPeter Wemmdefine(`_UUCP_', `confUUCP_MAILER')dnl for readability only 43c2aa98e2SPeter Wemm 44c2aa98e2SPeter Wemm# back compatibility with old config files 45c2aa98e2SPeter Wemmifdef(`confDEF_GROUP_ID', 4606f25ae9SGregory Neil Shapiro`errprint(`*** confDEF_GROUP_ID is obsolete. 4706f25ae9SGregory Neil Shapiro Use confDEF_USER_ID with a colon in the value instead. 4806f25ae9SGregory Neil Shapiro')') 49c2aa98e2SPeter Wemmifdef(`confREAD_TIMEOUT', 5006f25ae9SGregory Neil Shapiro`errprint(`*** confREAD_TIMEOUT is obsolete. 5106f25ae9SGregory Neil Shapiro Use individual confTO_<timeout> parameters instead. 5206f25ae9SGregory Neil Shapiro')') 53c2aa98e2SPeter Wemmifdef(`confMESSAGE_TIMEOUT', 54c2aa98e2SPeter Wemm `define(`_ARG_', index(confMESSAGE_TIMEOUT, /)) 55c2aa98e2SPeter Wemm ifelse(_ARG_, -1, 56c2aa98e2SPeter Wemm `define(`confTO_QUEUERETURN', confMESSAGE_TIMEOUT)', 57c2aa98e2SPeter Wemm `define(`confTO_QUEUERETURN', 58c2aa98e2SPeter Wemm substr(confMESSAGE_TIMEOUT, 0, _ARG_)) 59c2aa98e2SPeter Wemm define(`confTO_QUEUEWARN', 60c2aa98e2SPeter Wemm substr(confMESSAGE_TIMEOUT, eval(_ARG_+1)))')') 61c2aa98e2SPeter Wemmifdef(`confMIN_FREE_BLOCKS', `ifelse(index(confMIN_FREE_BLOCKS, /), -1,, 6206f25ae9SGregory Neil Shapiro`errprint(`*** compound confMIN_FREE_BLOCKS is obsolete. 6306f25ae9SGregory Neil Shapiro Use confMAX_MESSAGE_SIZE for the second part of the value. 6406f25ae9SGregory Neil Shapiro')')') 6506f25ae9SGregory Neil Shapiro 6606f25ae9SGregory Neil Shapiro 6706f25ae9SGregory Neil Shapiro# Sanity check on ldap_routing feature 6806f25ae9SGregory Neil Shapiro# If the user doesn't specify a new map, they better have given as a 6906f25ae9SGregory Neil Shapiro# default LDAP specification which has the LDAP base (and most likely the host) 7006f25ae9SGregory Neil Shapiroifdef(`confLDAP_DEFAULT_SPEC',, `ifdef(`_LDAP_ROUTING_WARN_', `errprint(` 7106f25ae9SGregory Neil ShapiroWARNING: Using default FEATURE(ldap_routing) map definition(s) 7206f25ae9SGregory Neil Shapirowithout setting confLDAP_DEFAULT_SPEC option. 7306f25ae9SGregory Neil Shapiro')')')dnl 74c2aa98e2SPeter Wemm 75c2aa98e2SPeter Wemm# clean option definitions below.... 7606f25ae9SGregory Neil Shapirodefine(`_OPTION', `ifdef(`$2', `O $1`'ifelse(defn(`$2'), `',, `=$2')', `#O $1`'ifelse(`$3', `',,`=$3')')')dnl 77c2aa98e2SPeter Wemm 7806f25ae9SGregory Neil Shapirodnl required to "rename" the check_* rulesets... 7906f25ae9SGregory Neil Shapirodefine(`_U_',ifdef(`_DELAY_CHECKS_',`',`_')) 8006f25ae9SGregory Neil Shapirodnl default relaying denied message 8140266059SGregory Neil Shapiroifdef(`confRELAY_MSG', `', `define(`confRELAY_MSG', 8240266059SGregory Neil Shapiroifdef(`_USE_AUTH_', `"550 Relaying denied. Proper authentication required."', `"550 Relaying denied"'))') 8340266059SGregory Neil Shapiroifdef(`confRCPTREJ_MSG', `', `define(`confRCPTREJ_MSG', `"550 Mailbox disabled for this recipient"')') 8440266059SGregory Neil Shapirodefine(`_CODE553', `553') 85c2aa98e2SPeter Wemmdivert(0)dnl 86c2aa98e2SPeter Wemm 8706f25ae9SGregory Neil Shapiro# override file safeties - setting this option compromises system security, 8806f25ae9SGregory Neil Shapiro# addressing the actual file configuration problem is preferred 8906f25ae9SGregory Neil Shapiro# need to set this before any file actions are encountered in the cf file 9006f25ae9SGregory Neil Shapiro_OPTION(DontBlameSendmail, `confDONT_BLAME_SENDMAIL', `safe') 9106f25ae9SGregory Neil Shapiro 9206f25ae9SGregory Neil Shapiro# default LDAP map specification 9306f25ae9SGregory Neil Shapiro# need to set this now before any LDAP maps are defined 9406f25ae9SGregory Neil Shapiro_OPTION(LDAPDefaultSpec, `confLDAP_DEFAULT_SPEC', `-h localhost') 95c2aa98e2SPeter Wemm 96c2aa98e2SPeter Wemm################## 97c2aa98e2SPeter Wemm# local info # 98c2aa98e2SPeter Wemm################## 99c2aa98e2SPeter Wemm 10040266059SGregory Neil Shapiro# my LDAP cluster 10140266059SGregory Neil Shapiro# need to set this before any LDAP lookups are done (including classes) 10240266059SGregory Neil Shapiroifdef(`confLDAP_CLUSTER', `D{sendmailMTACluster}`'confLDAP_CLUSTER', `#D{sendmailMTACluster}$m') 10340266059SGregory Neil Shapiro 104c2aa98e2SPeter WemmCwlocalhost 105c2aa98e2SPeter Wemmifdef(`USE_CW_FILE', 106c2aa98e2SPeter Wemm`# file containing names of hosts for which we receive email 107c2aa98e2SPeter WemmFw`'confCW_FILE', 108c2aa98e2SPeter Wemm `dnl') 109c2aa98e2SPeter Wemm 110c2aa98e2SPeter Wemm# my official domain name 111c2aa98e2SPeter Wemm# ... `define' this only if sendmail cannot automatically determine your domain 112c2aa98e2SPeter Wemmifdef(`confDOMAIN_NAME', `Dj`'confDOMAIN_NAME', `#Dj$w.Foo.COM') 113c2aa98e2SPeter Wemm 114c2aa98e2SPeter WemmCP. 115c2aa98e2SPeter Wemm 116c2aa98e2SPeter Wemmifdef(`UUCP_RELAY', 117c2aa98e2SPeter Wemm`# UUCP relay host 118c2aa98e2SPeter WemmDY`'UUCP_RELAY 119c2aa98e2SPeter WemmCPUUCP 120c2aa98e2SPeter Wemm 121c2aa98e2SPeter Wemm')dnl 122c2aa98e2SPeter Wemmifdef(`BITNET_RELAY', 123c2aa98e2SPeter Wemm`# BITNET relay host 124c2aa98e2SPeter WemmDB`'BITNET_RELAY 125c2aa98e2SPeter WemmCPBITNET 126c2aa98e2SPeter Wemm 127c2aa98e2SPeter Wemm')dnl 128c2aa98e2SPeter Wemmifdef(`DECNET_RELAY', 129c2aa98e2SPeter Wemm`define(`_USE_DECNET_SYNTAX_', 1)dnl 130c2aa98e2SPeter Wemm# DECnet relay host 131c2aa98e2SPeter WemmDC`'DECNET_RELAY 132c2aa98e2SPeter WemmCPDECNET 133c2aa98e2SPeter Wemm 134c2aa98e2SPeter Wemm')dnl 135c2aa98e2SPeter Wemmifdef(`FAX_RELAY', 136c2aa98e2SPeter Wemm`# FAX relay host 137c2aa98e2SPeter WemmDF`'FAX_RELAY 138c2aa98e2SPeter WemmCPFAX 139c2aa98e2SPeter Wemm 140c2aa98e2SPeter Wemm')dnl 141c2aa98e2SPeter Wemm# "Smart" relay host (may be null) 14240266059SGregory Neil ShapiroDS`'ifdef(`SMART_HOST', `SMART_HOST') 143c2aa98e2SPeter Wemm 144c2aa98e2SPeter Wemmifdef(`LUSER_RELAY', `dnl 145c2aa98e2SPeter Wemm# place to which unknown users should be forwarded 146c2aa98e2SPeter WemmKuser user -m -a<> 147c2aa98e2SPeter WemmDL`'LUSER_RELAY', 148c2aa98e2SPeter Wemm`dnl') 149c2aa98e2SPeter Wemm 150c2aa98e2SPeter Wemm# operators that cannot be in local usernames (i.e., network indicators) 151c2aa98e2SPeter WemmCO @ % ifdef(`_NO_UUCP_', `', `!') 152c2aa98e2SPeter Wemm 153c2aa98e2SPeter Wemm# a class with just dot (for identifying canonical names) 154c2aa98e2SPeter WemmC.. 155c2aa98e2SPeter Wemm 156c2aa98e2SPeter Wemm# a class with just a left bracket (for identifying domain literals) 157c2aa98e2SPeter WemmC[[ 158c2aa98e2SPeter Wemm 15906f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 16006f25ae9SGregory Neil Shapiro# access_db acceptance class 16106f25ae9SGregory Neil ShapiroC{Accept}OK RELAY 16240266059SGregory Neil Shapiroifdef(`_DELAY_COMPAT_8_10_',`dnl 16306f25ae9SGregory Neil Shapiroifdef(`_BLACKLIST_RCPT_',`dnl 16406f25ae9SGregory Neil Shapiro# possible access_db RHS for spam friends/haters 16506f25ae9SGregory Neil ShapiroC{SpamTag}SPAMFRIEND SPAMHATER')')', 166c2aa98e2SPeter Wemm`dnl') 167c2aa98e2SPeter Wemm 16840266059SGregory Neil Shapirodnl mark for "domain is ok" (resolved or accepted anyway) 16940266059SGregory Neil Shapirodefine(`_RES_OK_', `OKR')dnl 170c2aa98e2SPeter Wemmifdef(`_ACCEPT_UNRESOLVABLE_DOMAINS_',`dnl',`dnl 171c2aa98e2SPeter Wemm# Resolve map (to check if a host exists in check_mail) 17240266059SGregory Neil ShapiroKresolve host -a<_RES_OK_> -T<TEMP>') 17340266059SGregory Neil ShapiroC{ResOk}_RES_OK_ 174c2aa98e2SPeter Wemm 17513058a91SGregory Neil Shapiroifdef(`_NEED_MACRO_MAP_', `dnl 17613058a91SGregory Neil Shapiroifdef(`_MACRO_MAP_', `', `# macro storage map 17713058a91SGregory Neil Shapirodefine(`_MACRO_MAP_', `1')dnl 17813058a91SGregory Neil ShapiroKmacro macro')', `dnl') 17942e5d165SGregory Neil Shapiro 180c2aa98e2SPeter Wemmifdef(`confCR_FILE', `dnl 18142e5d165SGregory Neil Shapiro# Hosts for which relaying is permitted ($=R) 182c2aa98e2SPeter WemmFR`'confCR_FILE', 183c2aa98e2SPeter Wemm`dnl') 184c2aa98e2SPeter Wemm 18540266059SGregory Neil Shapirodefine(`TLS_SRV_TAG', `"TLS_Srv"')dnl 18640266059SGregory Neil Shapirodefine(`TLS_CLT_TAG', `"TLS_Clt"')dnl 18740266059SGregory Neil Shapirodefine(`TLS_RCPT_TAG', `"TLS_Rcpt"')dnl 18840266059SGregory Neil Shapirodefine(`TLS_TRY_TAG', `"Try_TLS"')dnl 18940266059SGregory Neil Shapirodefine(`SRV_FEAT_TAG', `"Srv_Features"')dnl 19006f25ae9SGregory Neil Shapirodnl this may be useful in other contexts too 19106f25ae9SGregory Neil Shapiroifdef(`_ARITH_MAP_', `', `# arithmetic map 19206f25ae9SGregory Neil Shapirodefine(`_ARITH_MAP_', `1')dnl 19306f25ae9SGregory Neil ShapiroKarith arith') 19406f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 19540266059SGregory Neil Shapiroifdef(`_MACRO_MAP_', `', `# macro storage map 19640266059SGregory Neil Shapirodefine(`_MACRO_MAP_', `1')dnl 19740266059SGregory Neil ShapiroKmacro macro') 19840266059SGregory Neil Shapiro# possible values for TLS_connection in access map 19906f25ae9SGregory Neil ShapiroC{tls}VERIFY ENCR', `dnl') 20006f25ae9SGregory Neil Shapiroifdef(`_CERT_REGEX_ISSUER_', `dnl 20106f25ae9SGregory Neil Shapiro# extract relevant part from cert issuer 20206f25ae9SGregory Neil ShapiroKCERTIssuer regex _CERT_REGEX_ISSUER_', `dnl') 20306f25ae9SGregory Neil Shapiroifdef(`_CERT_REGEX_SUBJECT_', `dnl 20406f25ae9SGregory Neil Shapiro# extract relevant part from cert subject 20506f25ae9SGregory Neil ShapiroKCERTSubject regex _CERT_REGEX_SUBJECT_', `dnl') 20606f25ae9SGregory Neil Shapiro 20740266059SGregory Neil Shapiroifdef(`LOCAL_RELAY', `dnl 208c2aa98e2SPeter Wemm# who I send unqualified names to (null means deliver locally) 20940266059SGregory Neil ShapiroDR`'LOCAL_RELAY') 210c2aa98e2SPeter Wemm 21140266059SGregory Neil Shapiroifdef(`MAIL_HUB', `dnl 212c2aa98e2SPeter Wemm# who gets all local email traffic ($R has precedence for unqualified names) 21340266059SGregory Neil ShapiroDH`'MAIL_HUB') 214c2aa98e2SPeter Wemm 215c2aa98e2SPeter Wemm# dequoting map 21640266059SGregory Neil ShapiroKdequote dequote`'ifdef(`confDEQUOTE_OPTS', ` confDEQUOTE_OPTS', `') 217c2aa98e2SPeter Wemm 218c2aa98e2SPeter Wemmdivert(0)dnl # end of nullclient diversion 219c2aa98e2SPeter Wemm# class E: names that should be exposed as from this host, even if we masquerade 22006f25ae9SGregory Neil Shapiro# class L: names that should be delivered locally, even if we have a relay 221c2aa98e2SPeter Wemm# class M: domains that should be converted to $M 22206f25ae9SGregory Neil Shapiro# class N: domains that should not be converted to $M 223c2aa98e2SPeter Wemm#CL root 224c2aa98e2SPeter Wemmundivert(5)dnl 22506f25ae9SGregory Neil Shapiroifdef(`_VIRTHOSTS_', `CR$={VirtHost}', `dnl') 226c2aa98e2SPeter Wemm 22740266059SGregory Neil Shapiroifdef(`MASQUERADE_NAME', `dnl 228c2aa98e2SPeter Wemm# who I masquerade as (null for no masquerading) (see also $=M) 22940266059SGregory Neil ShapiroDM`'MASQUERADE_NAME') 230c2aa98e2SPeter Wemm 231c2aa98e2SPeter Wemm# my name for error messages 232c2aa98e2SPeter Wemmifdef(`confMAILER_NAME', `Dn`'confMAILER_NAME', `#DnMAILER-DAEMON') 233c2aa98e2SPeter Wemm 23406f25ae9SGregory Neil Shapiroundivert(6)dnl LOCAL_CONFIG 235c2aa98e2SPeter Wemminclude(_CF_DIR_`m4/version.m4') 236c2aa98e2SPeter Wemm 237c2aa98e2SPeter Wemm############### 238c2aa98e2SPeter Wemm# Options # 239c2aa98e2SPeter Wemm############### 24040266059SGregory Neil Shapiroifdef(`confAUTO_REBUILD', 24140266059SGregory Neil Shapiro`errprint(WARNING: `confAUTO_REBUILD' is no longer valid. 24240266059SGregory Neil Shapiro There was a potential for a denial of service attack if this is set. 24340266059SGregory Neil Shapiro)')dnl 244c2aa98e2SPeter Wemm 245c2aa98e2SPeter Wemm# strip message body to 7 bits on input? 24606f25ae9SGregory Neil Shapiro_OPTION(SevenBitInput, `confSEVEN_BIT_INPUT', `False') 247c2aa98e2SPeter Wemm 248c2aa98e2SPeter Wemm# 8-bit data handling 2498774250cSGregory Neil Shapiro_OPTION(EightBitMode, `confEIGHT_BIT_HANDLING', `pass8') 250c2aa98e2SPeter Wemm 251c2aa98e2SPeter Wemm# wait for alias file rebuild (default units: minutes) 25206f25ae9SGregory Neil Shapiro_OPTION(AliasWait, `confALIAS_WAIT', `5m') 253c2aa98e2SPeter Wemm 254c2aa98e2SPeter Wemm# location of alias file 25506f25ae9SGregory Neil Shapiro_OPTION(AliasFile, `ALIAS_FILE', `MAIL_SETTINGS_DIR`'aliases') 25606f25ae9SGregory Neil Shapiro 257c2aa98e2SPeter Wemm# minimum number of free blocks on filesystem 25806f25ae9SGregory Neil Shapiro_OPTION(MinFreeBlocks, `confMIN_FREE_BLOCKS', `100') 259c2aa98e2SPeter Wemm 260c2aa98e2SPeter Wemm# maximum message size 26106f25ae9SGregory Neil Shapiro_OPTION(MaxMessageSize, `confMAX_MESSAGE_SIZE', `1000000') 262c2aa98e2SPeter Wemm 263c2aa98e2SPeter Wemm# substitution for space (blank) characters 26406f25ae9SGregory Neil Shapiro_OPTION(BlankSub, `confBLANK_SUB', `_') 265c2aa98e2SPeter Wemm 266c2aa98e2SPeter Wemm# avoid connecting to "expensive" mailers on initial submission? 26706f25ae9SGregory Neil Shapiro_OPTION(HoldExpensive, `confCON_EXPENSIVE', `False') 268c2aa98e2SPeter Wemm 269c2aa98e2SPeter Wemm# checkpoint queue runs after every N successful deliveries 27006f25ae9SGregory Neil Shapiro_OPTION(CheckpointInterval, `confCHECKPOINT_INTERVAL', `10') 271c2aa98e2SPeter Wemm 272c2aa98e2SPeter Wemm# default delivery mode 27306f25ae9SGregory Neil Shapiro_OPTION(DeliveryMode, `confDELIVERY_MODE', `background') 274c2aa98e2SPeter Wemm 275c2aa98e2SPeter Wemm# error message header/file 27606f25ae9SGregory Neil Shapiro_OPTION(ErrorHeader, `confERROR_MESSAGE', `MAIL_SETTINGS_DIR`'error-header') 277c2aa98e2SPeter Wemm 278c2aa98e2SPeter Wemm# error mode 27906f25ae9SGregory Neil Shapiro_OPTION(ErrorMode, `confERROR_MODE', `print') 280c2aa98e2SPeter Wemm 281c2aa98e2SPeter Wemm# save Unix-style "From_" lines at top of header? 28206f25ae9SGregory Neil Shapiro_OPTION(SaveFromLine, `confSAVE_FROM_LINES', `False') 283c2aa98e2SPeter Wemm 28440266059SGregory Neil Shapiro# queue file mode (qf files) 28540266059SGregory Neil Shapiro_OPTION(QueueFileMode, `confQUEUE_FILE_MODE', `0600') 28640266059SGregory Neil Shapiro 287c2aa98e2SPeter Wemm# temporary file mode 28806f25ae9SGregory Neil Shapiro_OPTION(TempFileMode, `confTEMP_FILE_MODE', `0600') 289c2aa98e2SPeter Wemm 290c2aa98e2SPeter Wemm# match recipients against GECOS field? 29106f25ae9SGregory Neil Shapiro_OPTION(MatchGECOS, `confMATCH_GECOS', `False') 292c2aa98e2SPeter Wemm 293c2aa98e2SPeter Wemm# maximum hop count 29440266059SGregory Neil Shapiro_OPTION(MaxHopCount, `confMAX_HOP', `25') 295c2aa98e2SPeter Wemm 296c2aa98e2SPeter Wemm# location of help file 29706f25ae9SGregory Neil ShapiroO HelpFile=ifdef(`HELP_FILE', HELP_FILE, `MAIL_SETTINGS_DIR`'helpfile') 298c2aa98e2SPeter Wemm 299c2aa98e2SPeter Wemm# ignore dots as terminators in incoming messages? 30006f25ae9SGregory Neil Shapiro_OPTION(IgnoreDots, `confIGNORE_DOTS', `False') 301c2aa98e2SPeter Wemm 302c2aa98e2SPeter Wemm# name resolver options 30306f25ae9SGregory Neil Shapiro_OPTION(ResolverOptions, `confBIND_OPTS', `+AAONLY') 304c2aa98e2SPeter Wemm 305c2aa98e2SPeter Wemm# deliver MIME-encapsulated error messages? 30606f25ae9SGregory Neil Shapiro_OPTION(SendMimeErrors, `confMIME_FORMAT_ERRORS', `True') 307c2aa98e2SPeter Wemm 308c2aa98e2SPeter Wemm# Forward file search path 30906f25ae9SGregory Neil Shapiro_OPTION(ForwardPath, `confFORWARD_PATH', `/var/forward/$u:$z/.forward.$w:$z/.forward') 310c2aa98e2SPeter Wemm 311c2aa98e2SPeter Wemm# open connection cache size 31206f25ae9SGregory Neil Shapiro_OPTION(ConnectionCacheSize, `confMCI_CACHE_SIZE', `2') 313c2aa98e2SPeter Wemm 314c2aa98e2SPeter Wemm# open connection cache timeout 31506f25ae9SGregory Neil Shapiro_OPTION(ConnectionCacheTimeout, `confMCI_CACHE_TIMEOUT', `5m') 316c2aa98e2SPeter Wemm 317c2aa98e2SPeter Wemm# persistent host status directory 31806f25ae9SGregory Neil Shapiro_OPTION(HostStatusDirectory, `confHOST_STATUS_DIRECTORY', `.hoststat') 319c2aa98e2SPeter Wemm 320c2aa98e2SPeter Wemm# single thread deliveries (requires HostStatusDirectory)? 32106f25ae9SGregory Neil Shapiro_OPTION(SingleThreadDelivery, `confSINGLE_THREAD_DELIVERY', `False') 322c2aa98e2SPeter Wemm 323c2aa98e2SPeter Wemm# use Errors-To: header? 32406f25ae9SGregory Neil Shapiro_OPTION(UseErrorsTo, `confUSE_ERRORS_TO', `False') 325c2aa98e2SPeter Wemm 326c2aa98e2SPeter Wemm# log level 32706f25ae9SGregory Neil Shapiro_OPTION(LogLevel, `confLOG_LEVEL', `10') 328c2aa98e2SPeter Wemm 329c2aa98e2SPeter Wemm# send to me too, even in an alias expansion? 33006f25ae9SGregory Neil Shapiro_OPTION(MeToo, `confME_TOO', `True') 331c2aa98e2SPeter Wemm 332c2aa98e2SPeter Wemm# verify RHS in newaliases? 33306f25ae9SGregory Neil Shapiro_OPTION(CheckAliases, `confCHECK_ALIASES', `False') 334c2aa98e2SPeter Wemm 335c2aa98e2SPeter Wemm# default messages to old style headers if no special punctuation? 33606f25ae9SGregory Neil Shapiro_OPTION(OldStyleHeaders, `confOLD_STYLE_HEADERS', `False') 337c2aa98e2SPeter Wemm 338c2aa98e2SPeter Wemm# SMTP daemon options 33906f25ae9SGregory Neil Shapiroifelse(defn(`confDAEMON_OPTIONS'), `', `dnl', 340605302a5SGregory Neil Shapiro`errprint(WARNING: `confDAEMON_OPTIONS' is no longer valid. 341605302a5SGregory Neil Shapiro Use `DAEMON_OPTIONS()'; see cf/README. 34206f25ae9SGregory Neil Shapiro)'dnl 34306f25ae9SGregory Neil Shapiro`DAEMON_OPTIONS(`confDAEMON_OPTIONS')') 34442e5d165SGregory Neil Shapiroifelse(defn(`_DPO_'), `', 34540266059SGregory Neil Shapiro`ifdef(`_NETINET6_', `O DaemonPortOptions=Name=MTA-v4, Family=inet 34640266059SGregory Neil ShapiroO DaemonPortOptions=Name=MTA-v6, Family=inet6',`O DaemonPortOptions=Name=MTA')', `_DPO_') 34706f25ae9SGregory Neil Shapiroifdef(`_NO_MSA_', `dnl', `O DaemonPortOptions=Port=587, Name=MSA, M=E') 34806f25ae9SGregory Neil Shapiro 34906f25ae9SGregory Neil Shapiro# SMTP client options 35040266059SGregory Neil Shapiroifelse(defn(`confCLIENT_OPTIONS'), `', `dnl', 35140266059SGregory Neil Shapiro`errprint(WARNING: `confCLIENT_OPTIONS' is no longer valid. See cf/README for more information. 35240266059SGregory Neil Shapiro)'dnl 35340266059SGregory Neil Shapiro`CLIENT_OPTIONS(`confCLIENT_OPTIONS')') 35440266059SGregory Neil Shapiroifelse(defn(`_CPO_'), `', 35540266059SGregory Neil Shapiro`#O ClientPortOptions=Family=inet, Address=0.0.0.0', `_CPO_') 35640266059SGregory Neil Shapiro 35740266059SGregory Neil Shapiro# Modifiers to `define' {daemon_flags} for direct submissions 35840266059SGregory Neil Shapiro_OPTION(DirectSubmissionModifiers, `confDIRECT_SUBMISSION_MODIFIERS', `') 35940266059SGregory Neil Shapiro 36040266059SGregory Neil Shapiro# Use as mail submission program? See sendmail/SECURITY 36140266059SGregory Neil Shapiro_OPTION(UseMSP, `confUSE_MSP', `') 362c2aa98e2SPeter Wemm 363c2aa98e2SPeter Wemm# privacy flags 36406f25ae9SGregory Neil Shapiro_OPTION(PrivacyOptions, `confPRIVACY_FLAGS', `authwarnings') 365c2aa98e2SPeter Wemm 366c2aa98e2SPeter Wemm# who (if anyone) should get extra copies of error messages 36706f25ae9SGregory Neil Shapiro_OPTION(PostmasterCopy, `confCOPY_ERRORS_TO', `Postmaster') 368c2aa98e2SPeter Wemm 369c2aa98e2SPeter Wemm# slope of queue-only function 37006f25ae9SGregory Neil Shapiro_OPTION(QueueFactor, `confQUEUE_FACTOR', `600000') 371c2aa98e2SPeter Wemm 37240266059SGregory Neil Shapiro# limit on number of concurrent queue runners 37340266059SGregory Neil Shapiro_OPTION(MaxQueueChildren, `confMAX_QUEUE_CHILDREN', `') 37440266059SGregory Neil Shapiro 37540266059SGregory Neil Shapiro# maximum number of queue-runners per queue-grouping with multiple queues 37640266059SGregory Neil Shapiro_OPTION(MaxRunnersPerQueue, `confMAX_RUNNERS_PER_QUEUE', `1') 37740266059SGregory Neil Shapiro 37840266059SGregory Neil Shapiro# priority of queue runners (nice(3)) 37940266059SGregory Neil Shapiro_OPTION(NiceQueueRun, `confNICE_QUEUE_RUN', `') 38040266059SGregory Neil Shapiro 38140266059SGregory Neil Shapiro# shall we sort the queue by hostname first? 38240266059SGregory Neil Shapiro_OPTION(QueueSortOrder, `confQUEUE_SORT_ORDER', `priority') 38340266059SGregory Neil Shapiro 38440266059SGregory Neil Shapiro# minimum time in queue before retry 38540266059SGregory Neil Shapiro_OPTION(MinQueueAge, `confMIN_QUEUE_AGE', `30m') 38640266059SGregory Neil Shapiro 38740266059SGregory Neil Shapiro# how many jobs can you process in the queue? 38840266059SGregory Neil Shapiro_OPTION(MaxQueueRunSize, `confMAX_QUEUE_RUN_SIZE', `10000') 38940266059SGregory Neil Shapiro 39040266059SGregory Neil Shapiro# perform initial split of envelope without checking MX records 39140266059SGregory Neil Shapiro_OPTION(FastSplit, `confFAST_SPLIT', `1') 39240266059SGregory Neil Shapiro 393c2aa98e2SPeter Wemm# queue directory 39406f25ae9SGregory Neil ShapiroO QueueDirectory=ifdef(`QUEUE_DIR', QUEUE_DIR, `/var/spool/mqueue') 395c2aa98e2SPeter Wemm 39640266059SGregory Neil Shapiro# key for shared memory; 0 to turn off 39740266059SGregory Neil Shapiro_OPTION(SharedMemoryKey, `confSHARED_MEMORY_KEY', `0') 39840266059SGregory Neil Shapiro 399605302a5SGregory Neil Shapiroifdef(`confSHARED_MEMORY_KEY_FILE', `dnl 400605302a5SGregory Neil Shapiro# file to store key for shared memory (if SharedMemoryKey = -1) 401605302a5SGregory Neil ShapiroO SharedMemoryKeyFile=confSHARED_MEMORY_KEY_FILE') 402605302a5SGregory Neil Shapiro 403c2aa98e2SPeter Wemm# timeouts (many of these) 40406f25ae9SGregory Neil Shapiro_OPTION(Timeout.initial, `confTO_INITIAL', `5m') 40506f25ae9SGregory Neil Shapiro_OPTION(Timeout.connect, `confTO_CONNECT', `5m') 40640266059SGregory Neil Shapiro_OPTION(Timeout.aconnect, `confTO_ACONNECT', `0s') 40706f25ae9SGregory Neil Shapiro_OPTION(Timeout.iconnect, `confTO_ICONNECT', `5m') 40806f25ae9SGregory Neil Shapiro_OPTION(Timeout.helo, `confTO_HELO', `5m') 40906f25ae9SGregory Neil Shapiro_OPTION(Timeout.mail, `confTO_MAIL', `10m') 41006f25ae9SGregory Neil Shapiro_OPTION(Timeout.rcpt, `confTO_RCPT', `1h') 41106f25ae9SGregory Neil Shapiro_OPTION(Timeout.datainit, `confTO_DATAINIT', `5m') 41206f25ae9SGregory Neil Shapiro_OPTION(Timeout.datablock, `confTO_DATABLOCK', `1h') 41306f25ae9SGregory Neil Shapiro_OPTION(Timeout.datafinal, `confTO_DATAFINAL', `1h') 41406f25ae9SGregory Neil Shapiro_OPTION(Timeout.rset, `confTO_RSET', `5m') 41506f25ae9SGregory Neil Shapiro_OPTION(Timeout.quit, `confTO_QUIT', `2m') 41606f25ae9SGregory Neil Shapiro_OPTION(Timeout.misc, `confTO_MISC', `2m') 41706f25ae9SGregory Neil Shapiro_OPTION(Timeout.command, `confTO_COMMAND', `1h') 41806f25ae9SGregory Neil Shapiro_OPTION(Timeout.ident, `confTO_IDENT', `5s') 41906f25ae9SGregory Neil Shapiro_OPTION(Timeout.fileopen, `confTO_FILEOPEN', `60s') 42006f25ae9SGregory Neil Shapiro_OPTION(Timeout.control, `confTO_CONTROL', `2m') 42106f25ae9SGregory Neil Shapiro_OPTION(Timeout.queuereturn, `confTO_QUEUERETURN', `5d') 42206f25ae9SGregory Neil Shapiro_OPTION(Timeout.queuereturn.normal, `confTO_QUEUERETURN_NORMAL', `5d') 42306f25ae9SGregory Neil Shapiro_OPTION(Timeout.queuereturn.urgent, `confTO_QUEUERETURN_URGENT', `2d') 42406f25ae9SGregory Neil Shapiro_OPTION(Timeout.queuereturn.non-urgent, `confTO_QUEUERETURN_NONURGENT', `7d') 42506f25ae9SGregory Neil Shapiro_OPTION(Timeout.queuewarn, `confTO_QUEUEWARN', `4h') 42606f25ae9SGregory Neil Shapiro_OPTION(Timeout.queuewarn.normal, `confTO_QUEUEWARN_NORMAL', `4h') 42706f25ae9SGregory Neil Shapiro_OPTION(Timeout.queuewarn.urgent, `confTO_QUEUEWARN_URGENT', `1h') 42806f25ae9SGregory Neil Shapiro_OPTION(Timeout.queuewarn.non-urgent, `confTO_QUEUEWARN_NONURGENT', `12h') 42906f25ae9SGregory Neil Shapiro_OPTION(Timeout.hoststatus, `confTO_HOSTSTATUS', `30m') 43006f25ae9SGregory Neil Shapiro_OPTION(Timeout.resolver.retrans, `confTO_RESOLVER_RETRANS', `5s') 43106f25ae9SGregory Neil Shapiro_OPTION(Timeout.resolver.retrans.first, `confTO_RESOLVER_RETRANS_FIRST', `5s') 43206f25ae9SGregory Neil Shapiro_OPTION(Timeout.resolver.retrans.normal, `confTO_RESOLVER_RETRANS_NORMAL', `5s') 43306f25ae9SGregory Neil Shapiro_OPTION(Timeout.resolver.retry, `confTO_RESOLVER_RETRY', `4') 43406f25ae9SGregory Neil Shapiro_OPTION(Timeout.resolver.retry.first, `confTO_RESOLVER_RETRY_FIRST', `4') 43506f25ae9SGregory Neil Shapiro_OPTION(Timeout.resolver.retry.normal, `confTO_RESOLVER_RETRY_NORMAL', `4') 43640266059SGregory Neil Shapiro_OPTION(Timeout.lhlo, `confTO_LHLO', `2m') 43740266059SGregory Neil Shapiro_OPTION(Timeout.auth, `confTO_AUTH', `10m') 43840266059SGregory Neil Shapiro_OPTION(Timeout.starttls, `confTO_STARTTLS', `1h') 43940266059SGregory Neil Shapiro 44040266059SGregory Neil Shapiro# time for DeliverBy; extension disabled if less than 0 44140266059SGregory Neil Shapiro_OPTION(DeliverByMin, `confDELIVER_BY_MIN', `0') 442c2aa98e2SPeter Wemm 443c2aa98e2SPeter Wemm# should we not prune routes in route-addr syntax addresses? 44406f25ae9SGregory Neil Shapiro_OPTION(DontPruneRoutes, `confDONT_PRUNE_ROUTES', `False') 445c2aa98e2SPeter Wemm 446c2aa98e2SPeter Wemm# queue up everything before forking? 44706f25ae9SGregory Neil Shapiro_OPTION(SuperSafe, `confSAFE_QUEUE', `True') 448c2aa98e2SPeter Wemm 449c2aa98e2SPeter Wemm# status file 45006f25ae9SGregory Neil ShapiroO StatusFile=ifdef(`STATUS_FILE', `STATUS_FILE', `MAIL_SETTINGS_DIR`'statistics') 451c2aa98e2SPeter Wemm 452c2aa98e2SPeter Wemm# time zone handling: 453c2aa98e2SPeter Wemm# if undefined, use system default 454c2aa98e2SPeter Wemm# if defined but null, use TZ envariable passed in 455c2aa98e2SPeter Wemm# if defined and non-null, use that info 456c2aa98e2SPeter Wemmifelse(confTIME_ZONE, `USE_SYSTEM', `#O TimeZoneSpec=', 457c2aa98e2SPeter Wemm confTIME_ZONE, `USE_TZ', `O TimeZoneSpec=', 458c2aa98e2SPeter Wemm `O TimeZoneSpec=confTIME_ZONE') 459c2aa98e2SPeter Wemm 460c2aa98e2SPeter Wemm# default UID (can be username or userid:groupid) 46106f25ae9SGregory Neil Shapiro_OPTION(DefaultUser, `confDEF_USER_ID', `mailnull') 462c2aa98e2SPeter Wemm 463c2aa98e2SPeter Wemm# list of locations of user database file (null means no lookup) 46406f25ae9SGregory Neil Shapiro_OPTION(UserDatabaseSpec, `confUSERDB_SPEC', `MAIL_SETTINGS_DIR`'userdb') 465c2aa98e2SPeter Wemm 466c2aa98e2SPeter Wemm# fallback MX host 46706f25ae9SGregory Neil Shapiro_OPTION(FallbackMXhost, `confFALLBACK_MX', `fall.back.host.net') 468c2aa98e2SPeter Wemm 469c2aa98e2SPeter Wemm# if we are the best MX host for a site, try it directly instead of config err 47006f25ae9SGregory Neil Shapiro_OPTION(TryNullMXList, `confTRY_NULL_MX_LIST', `False') 471c2aa98e2SPeter Wemm 472c2aa98e2SPeter Wemm# load average at which we just queue messages 47306f25ae9SGregory Neil Shapiro_OPTION(QueueLA, `confQUEUE_LA', `8') 474c2aa98e2SPeter Wemm 475c2aa98e2SPeter Wemm# load average at which we refuse connections 47606f25ae9SGregory Neil Shapiro_OPTION(RefuseLA, `confREFUSE_LA', `12') 477c2aa98e2SPeter Wemm 47840266059SGregory Neil Shapiro# load average at which we delay connections; 0 means no limit 47940266059SGregory Neil Shapiro_OPTION(DelayLA, `confDELAY_LA', `0') 48040266059SGregory Neil Shapiro 481c2aa98e2SPeter Wemm# maximum number of children we allow at one time 48206f25ae9SGregory Neil Shapiro_OPTION(MaxDaemonChildren, `confMAX_DAEMON_CHILDREN', `12') 483c2aa98e2SPeter Wemm 484c2aa98e2SPeter Wemm# maximum number of new connections per second 485193538b7SGregory Neil Shapiro_OPTION(ConnectionRateThrottle, `confCONNECTION_RATE_THROTTLE', `0') 486c2aa98e2SPeter Wemm 487c2aa98e2SPeter Wemm# work recipient factor 48806f25ae9SGregory Neil Shapiro_OPTION(RecipientFactor, `confWORK_RECIPIENT_FACTOR', `30000') 489c2aa98e2SPeter Wemm 490c2aa98e2SPeter Wemm# deliver each queued job in a separate process? 49106f25ae9SGregory Neil Shapiro_OPTION(ForkEachJob, `confSEPARATE_PROC', `False') 492c2aa98e2SPeter Wemm 493c2aa98e2SPeter Wemm# work class factor 49406f25ae9SGregory Neil Shapiro_OPTION(ClassFactor, `confWORK_CLASS_FACTOR', `1800') 495c2aa98e2SPeter Wemm 496c2aa98e2SPeter Wemm# work time factor 49706f25ae9SGregory Neil Shapiro_OPTION(RetryFactor, `confWORK_TIME_FACTOR', `90000') 498c2aa98e2SPeter Wemm 499c2aa98e2SPeter Wemm# default character set 50006f25ae9SGregory Neil Shapiro_OPTION(DefaultCharSet, `confDEF_CHAR_SET', `iso-8859-1') 501c2aa98e2SPeter Wemm 50240266059SGregory Neil Shapiro# service switch file (name hardwired on Solaris, Ultrix, OSF/1, others) 50306f25ae9SGregory Neil Shapiro_OPTION(ServiceSwitchFile, `confSERVICE_SWITCH_FILE', `MAIL_SETTINGS_DIR`'service.switch') 504c2aa98e2SPeter Wemm 505c2aa98e2SPeter Wemm# hosts file (normally /etc/hosts) 50606f25ae9SGregory Neil Shapiro_OPTION(HostsFile, `confHOSTS_FILE', `/etc/hosts') 507c2aa98e2SPeter Wemm 508c2aa98e2SPeter Wemm# dialup line delay on connection failure 50906f25ae9SGregory Neil Shapiro_OPTION(DialDelay, `confDIAL_DELAY', `10s') 510c2aa98e2SPeter Wemm 511c2aa98e2SPeter Wemm# action to take if there are no recipients in the message 51206f25ae9SGregory Neil Shapiro_OPTION(NoRecipientAction, `confNO_RCPT_ACTION', `add-to-undisclosed') 513c2aa98e2SPeter Wemm 514c2aa98e2SPeter Wemm# chrooted environment for writing to files 51506f25ae9SGregory Neil Shapiro_OPTION(SafeFileEnvironment, `confSAFE_FILE_ENV', `/arch') 516c2aa98e2SPeter Wemm 517c2aa98e2SPeter Wemm# are colons OK in addresses? 51806f25ae9SGregory Neil Shapiro_OPTION(ColonOkInAddr, `confCOLON_OK_IN_ADDR', `True') 519c2aa98e2SPeter Wemm 520c2aa98e2SPeter Wemm# shall I avoid expanding CNAMEs (violates protocols)? 52106f25ae9SGregory Neil Shapiro_OPTION(DontExpandCnames, `confDONT_EXPAND_CNAMES', `False') 522c2aa98e2SPeter Wemm 523c2aa98e2SPeter Wemm# SMTP initial login message (old $e macro) 52406f25ae9SGregory Neil Shapiro_OPTION(SmtpGreetingMessage, `confSMTP_LOGIN_MSG', `$j Sendmail $v ready at $b') 525c2aa98e2SPeter Wemm 526c2aa98e2SPeter Wemm# UNIX initial From header format (old $l macro) 52706f25ae9SGregory Neil Shapiro_OPTION(UnixFromLine, `confFROM_LINE', `From $g $d') 528c2aa98e2SPeter Wemm 529c2aa98e2SPeter Wemm# From: lines that have embedded newlines are unwrapped onto one line 53006f25ae9SGregory Neil Shapiro_OPTION(SingleLineFromHeader, `confSINGLE_LINE_FROM_HEADER', `False') 531c2aa98e2SPeter Wemm 532c2aa98e2SPeter Wemm# Allow HELO SMTP command that does not `include' a host name 53306f25ae9SGregory Neil Shapiro_OPTION(AllowBogusHELO, `confALLOW_BOGUS_HELO', `False') 534c2aa98e2SPeter Wemm 535c2aa98e2SPeter Wemm# Characters to be quoted in a full name phrase (@,;:\()[] are automatic) 53606f25ae9SGregory Neil Shapiro_OPTION(MustQuoteChars, `confMUST_QUOTE_CHARS', `.') 537c2aa98e2SPeter Wemm 538c2aa98e2SPeter Wemm# delimiter (operator) characters (old $o macro) 53906f25ae9SGregory Neil Shapiro_OPTION(OperatorChars, `confOPERATORS', `.:@[]') 540c2aa98e2SPeter Wemm 541c2aa98e2SPeter Wemm# shall I avoid calling initgroups(3) because of high NIS costs? 54206f25ae9SGregory Neil Shapiro_OPTION(DontInitGroups, `confDONT_INIT_GROUPS', `False') 543c2aa98e2SPeter Wemm 544c2aa98e2SPeter Wemm# are group-writable `:include:' and .forward files (un)trustworthy? 54540266059SGregory Neil Shapiro# True (the default) means they are not trustworthy. 54606f25ae9SGregory Neil Shapiro_OPTION(UnsafeGroupWrites, `confUNSAFE_GROUP_WRITES', `True') 54740266059SGregory Neil Shapiroifdef(`confUNSAFE_GROUP_WRITES', 54840266059SGregory Neil Shapiro`errprint(`WARNING: confUNSAFE_GROUP_WRITES is deprecated; use confDONT_BLAME_SENDMAIL. 54940266059SGregory Neil Shapiro')') 550c2aa98e2SPeter Wemm 551c2aa98e2SPeter Wemm# where do errors that occur when sending errors get sent? 55206f25ae9SGregory Neil Shapiro_OPTION(DoubleBounceAddress, `confDOUBLE_BOUNCE_ADDRESS', `postmaster') 55306f25ae9SGregory Neil Shapiro 55406f25ae9SGregory Neil Shapiro# where to save bounces if all else fails 55506f25ae9SGregory Neil Shapiro_OPTION(DeadLetterDrop, `confDEAD_LETTER_DROP', `/var/tmp/dead.letter') 556c2aa98e2SPeter Wemm 557c2aa98e2SPeter Wemm# what user id do we assume for the majority of the processing? 55806f25ae9SGregory Neil Shapiro_OPTION(RunAsUser, `confRUN_AS_USER', `sendmail') 559c2aa98e2SPeter Wemm 560c2aa98e2SPeter Wemm# maximum number of recipients per SMTP envelope 56106f25ae9SGregory Neil Shapiro_OPTION(MaxRecipientsPerMessage, `confMAX_RCPTS_PER_MESSAGE', `100') 562c2aa98e2SPeter Wemm 56340266059SGregory Neil Shapiro# limit the rate recipients per SMTP envelope are accepted 56440266059SGregory Neil Shapiro# once the threshold number of recipients have been rejected 56540266059SGregory Neil Shapiro_OPTION(BadRcptThrottle, `confBAD_RCPT_THROTTLE', `20') 56640266059SGregory Neil Shapiro 567c2aa98e2SPeter Wemm# shall we get local names from our installed interfaces? 56806f25ae9SGregory Neil Shapiro_OPTION(DontProbeInterfaces, `confDONT_PROBE_INTERFACES', `False') 569c2aa98e2SPeter Wemm 57006f25ae9SGregory Neil Shapiro# Return-Receipt-To: header implies DSN request 57106f25ae9SGregory Neil Shapiro_OPTION(RrtImpliesDsn, `confRRT_IMPLIES_DSN', `False') 57206f25ae9SGregory Neil Shapiro 57306f25ae9SGregory Neil Shapiro# override connection address (for testing) 57406f25ae9SGregory Neil Shapiro_OPTION(ConnectOnlyTo, `confCONNECT_ONLY_TO', `0.0.0.0') 57506f25ae9SGregory Neil Shapiro 57606f25ae9SGregory Neil Shapiro# Trusted user for file ownership and starting the daemon 57706f25ae9SGregory Neil Shapiro_OPTION(TrustedUser, `confTRUSTED_USER', `root') 57806f25ae9SGregory Neil Shapiro 57906f25ae9SGregory Neil Shapiro# Control socket for daemon management 58006f25ae9SGregory Neil Shapiro_OPTION(ControlSocketName, `confCONTROL_SOCKET_NAME', `/var/spool/mqueue/.control') 58106f25ae9SGregory Neil Shapiro 58206f25ae9SGregory Neil Shapiro# Maximum MIME header length to protect MUAs 58306f25ae9SGregory Neil Shapiro_OPTION(MaxMimeHeaderLength, `confMAX_MIME_HEADER_LENGTH', `0/0') 58406f25ae9SGregory Neil Shapiro 58506f25ae9SGregory Neil Shapiro# Maximum length of the sum of all headers 58606f25ae9SGregory Neil Shapiro_OPTION(MaxHeadersLength, `confMAX_HEADERS_LENGTH', `32768') 58706f25ae9SGregory Neil Shapiro 58806f25ae9SGregory Neil Shapiro# Maximum depth of alias recursion 58906f25ae9SGregory Neil Shapiro_OPTION(MaxAliasRecursion, `confMAX_ALIAS_RECURSION', `10') 59006f25ae9SGregory Neil Shapiro 59106f25ae9SGregory Neil Shapiro# location of pid file 59206f25ae9SGregory Neil Shapiro_OPTION(PidFile, `confPID_FILE', `/var/run/sendmail.pid') 59306f25ae9SGregory Neil Shapiro 59406f25ae9SGregory Neil Shapiro# Prefix string for the process title shown on 'ps' listings 59506f25ae9SGregory Neil Shapiro_OPTION(ProcessTitlePrefix, `confPROCESS_TITLE_PREFIX', `prefix') 59606f25ae9SGregory Neil Shapiro 59706f25ae9SGregory Neil Shapiro# Data file (df) memory-buffer file maximum size 59806f25ae9SGregory Neil Shapiro_OPTION(DataFileBufferSize, `confDF_BUFFER_SIZE', `4096') 59906f25ae9SGregory Neil Shapiro 60006f25ae9SGregory Neil Shapiro# Transcript file (xf) memory-buffer file maximum size 60106f25ae9SGregory Neil Shapiro_OPTION(XscriptFileBufferSize, `confXF_BUFFER_SIZE', `4096') 60206f25ae9SGregory Neil Shapiro 60340266059SGregory Neil Shapiro# lookup type to find information about local mailboxes 60440266059SGregory Neil Shapiro_OPTION(MailboxDatabase, `confMAILBOX_DATABASE', `pw') 60540266059SGregory Neil Shapiro 60606f25ae9SGregory Neil Shapiro# list of authentication mechanisms 60740266059SGregory Neil Shapiro_OPTION(AuthMechanisms, `confAUTH_MECHANISMS', `EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5') 60806f25ae9SGregory Neil Shapiro 60906f25ae9SGregory Neil Shapiro# default authentication information for outgoing connections 61006f25ae9SGregory Neil Shapiro_OPTION(DefaultAuthInfo, `confDEF_AUTH_INFO', `MAIL_SETTINGS_DIR`'default-auth-info') 61106f25ae9SGregory Neil Shapiro 61206f25ae9SGregory Neil Shapiro# SMTP AUTH flags 61306f25ae9SGregory Neil Shapiro_OPTION(AuthOptions, `confAUTH_OPTIONS', `') 61406f25ae9SGregory Neil Shapiro 61540266059SGregory Neil Shapiro# SMTP AUTH maximum encryption strength 61640266059SGregory Neil Shapiro_OPTION(AuthMaxBits, `confAUTH_MAX_BITS', `') 61740266059SGregory Neil Shapiro 61840266059SGregory Neil Shapiro# SMTP STARTTLS server options 61940266059SGregory Neil Shapiro_OPTION(TLSSrvOptions, `confTLS_SRV_OPTIONS', `') 62040266059SGregory Neil Shapiro 62106f25ae9SGregory Neil Shapiro# Input mail filters 62206f25ae9SGregory Neil Shapiro_OPTION(InputMailFilters, `confINPUT_MAIL_FILTERS', `') 62306f25ae9SGregory Neil Shapiro 62440266059SGregory Neil Shapiroifdef(`confINPUT_MAIL_FILTERS', `dnl 62506f25ae9SGregory Neil Shapiro# Milter options 62640266059SGregory Neil Shapiro_OPTION(Milter.LogLevel, `confMILTER_LOG_LEVEL', `') 62706f25ae9SGregory Neil Shapiro_OPTION(Milter.macros.connect, `confMILTER_MACROS_CONNECT', `') 62806f25ae9SGregory Neil Shapiro_OPTION(Milter.macros.helo, `confMILTER_MACROS_HELO', `') 62906f25ae9SGregory Neil Shapiro_OPTION(Milter.macros.envfrom, `confMILTER_MACROS_ENVFROM', `') 63006f25ae9SGregory Neil Shapiro_OPTION(Milter.macros.envrcpt, `confMILTER_MACROS_ENVRCPT', `')') 63106f25ae9SGregory Neil Shapiro 63206f25ae9SGregory Neil Shapiro# CA directory 63306f25ae9SGregory Neil Shapiro_OPTION(CACERTPath, `confCACERT_PATH', `') 63406f25ae9SGregory Neil Shapiro# CA file 63506f25ae9SGregory Neil Shapiro_OPTION(CACERTFile, `confCACERT', `') 63606f25ae9SGregory Neil Shapiro# Server Cert 63706f25ae9SGregory Neil Shapiro_OPTION(ServerCertFile, `confSERVER_CERT', `') 63806f25ae9SGregory Neil Shapiro# Server private key 63906f25ae9SGregory Neil Shapiro_OPTION(ServerKeyFile, `confSERVER_KEY', `') 64006f25ae9SGregory Neil Shapiro# Client Cert 64106f25ae9SGregory Neil Shapiro_OPTION(ClientCertFile, `confCLIENT_CERT', `') 64206f25ae9SGregory Neil Shapiro# Client private key 64306f25ae9SGregory Neil Shapiro_OPTION(ClientKeyFile, `confCLIENT_KEY', `') 64406f25ae9SGregory Neil Shapiro# DHParameters (only required if DSA/DH is used) 64506f25ae9SGregory Neil Shapiro_OPTION(DHParameters, `confDH_PARAMETERS', `') 64606f25ae9SGregory Neil Shapiro# Random data source (required for systems without /dev/urandom under OpenSSL) 64706f25ae9SGregory Neil Shapiro_OPTION(RandFile, `confRAND_FILE', `') 64806f25ae9SGregory Neil Shapiro 64940266059SGregory Neil Shapiro############################ 65040266059SGregory Neil Shapiro`# QUEUE GROUP DEFINITIONS #' 65140266059SGregory Neil Shapiro############################ 65240266059SGregory Neil Shapiro_QUEUE_GROUP_ 653065a643dSPeter Wemm 654c2aa98e2SPeter Wemm########################### 655c2aa98e2SPeter Wemm# Message precedences # 656c2aa98e2SPeter Wemm########################### 657c2aa98e2SPeter Wemm 658c2aa98e2SPeter WemmPfirst-class=0 659c2aa98e2SPeter WemmPspecial-delivery=100 660c2aa98e2SPeter WemmPlist=-30 661c2aa98e2SPeter WemmPbulk=-60 662c2aa98e2SPeter WemmPjunk=-100 663c2aa98e2SPeter Wemm 664c2aa98e2SPeter Wemm##################### 665c2aa98e2SPeter Wemm# Trusted users # 666c2aa98e2SPeter Wemm##################### 667c2aa98e2SPeter Wemm 668c2aa98e2SPeter Wemm# this is equivalent to setting class "t" 66906f25ae9SGregory Neil Shapiroifdef(`_USE_CT_FILE_', `', `#')Ft`'ifdef(`confCT_FILE', confCT_FILE, `MAIL_SETTINGS_DIR`'trusted-users') 670c2aa98e2SPeter WemmTroot 671c2aa98e2SPeter WemmTdaemon 672c2aa98e2SPeter Wemmifdef(`_NO_UUCP_', `dnl', `Tuucp') 673c2aa98e2SPeter Wemmifdef(`confTRUSTED_USERS', `T`'confTRUSTED_USERS', `dnl') 674c2aa98e2SPeter Wemm 675c2aa98e2SPeter Wemm######################### 676c2aa98e2SPeter Wemm# Format of headers # 677c2aa98e2SPeter Wemm######################### 678c2aa98e2SPeter Wemm 679c2aa98e2SPeter Wemmifdef(`confFROM_HEADER',, `define(`confFROM_HEADER', `$?x$x <$g>$|$g$.')')dnl 680c2aa98e2SPeter WemmH?P?Return-Path: <$g> 681c2aa98e2SPeter WemmHReceived: confRECEIVED_HEADER 682c2aa98e2SPeter WemmH?D?Resent-Date: $a 683c2aa98e2SPeter WemmH?D?Date: $a 684c2aa98e2SPeter WemmH?F?Resent-From: confFROM_HEADER 685c2aa98e2SPeter WemmH?F?From: confFROM_HEADER 686c2aa98e2SPeter WemmH?x?Full-Name: $x 687c2aa98e2SPeter Wemm# HPosted-Date: $a 688c2aa98e2SPeter Wemm# H?l?Received-Date: $b 689c2aa98e2SPeter WemmH?M?Resent-Message-Id: <$t.$i@$j> 690c2aa98e2SPeter WemmH?M?Message-Id: <$t.$i@$j> 69106f25ae9SGregory Neil Shapiro 692c2aa98e2SPeter Wemm# 693c2aa98e2SPeter Wemm###################################################################### 694c2aa98e2SPeter Wemm###################################################################### 695c2aa98e2SPeter Wemm##### 696c2aa98e2SPeter Wemm##### REWRITING RULES 697c2aa98e2SPeter Wemm##### 698c2aa98e2SPeter Wemm###################################################################### 699c2aa98e2SPeter Wemm###################################################################### 700c2aa98e2SPeter Wemm 701c2aa98e2SPeter Wemm############################################ 702c2aa98e2SPeter Wemm### Ruleset 3 -- Name Canonicalization ### 703c2aa98e2SPeter Wemm############################################ 70406f25ae9SGregory Neil ShapiroScanonify=3 705c2aa98e2SPeter Wemm 706c2aa98e2SPeter Wemm# handle null input (translate to <@> special case) 707c2aa98e2SPeter WemmR$@ $@ <@> 708c2aa98e2SPeter Wemm 709c2aa98e2SPeter Wemm# strip group: syntax (not inside angle brackets!) and trailing semicolon 710c2aa98e2SPeter WemmR$* $: $1 <@> mark addresses 711c2aa98e2SPeter WemmR$* < $* > $* <@> $: $1 < $2 > $3 unmark <addr> 712c2aa98e2SPeter WemmR@ $* <@> $: @ $1 unmark @host:... 71340266059SGregory Neil ShapiroR$* [ IPv6 : $+ ] <@> $: $1 [ IPv6 : $2 ] unmark IPv6 addr 714c2aa98e2SPeter WemmR$* :: $* <@> $: $1 :: $2 unmark node::addr 715c2aa98e2SPeter WemmR:`include': $* <@> $: :`include': $1 unmark :`include':... 716c2aa98e2SPeter WemmR$* : $* [ $* ] $: $1 : $2 [ $3 ] <@> remark if leading colon 717c2aa98e2SPeter WemmR$* : $* <@> $: $2 strip colon if marked 718c2aa98e2SPeter WemmR$* <@> $: $1 unmark 719c2aa98e2SPeter WemmR$* ; $1 strip trailing semi 720193538b7SGregory Neil ShapiroR$* < $+ :; > $* $@ $2 :; <@> catch <list:;> 721c2aa98e2SPeter WemmR$* < $* ; > $1 < $2 > bogus bracketed semi 722c2aa98e2SPeter Wemm 723c2aa98e2SPeter Wemm# null input now results from list:; syntax 724c2aa98e2SPeter WemmR$@ $@ :; <@> 725c2aa98e2SPeter Wemm 726c2aa98e2SPeter Wemm# strip angle brackets -- note RFC733 heuristic to get innermost item 727c2aa98e2SPeter WemmR$* $: < $1 > housekeeping <> 728c2aa98e2SPeter WemmR$+ < $* > < $2 > strip excess on left 729c2aa98e2SPeter WemmR< $* > $+ < $1 > strip excess on right 730c2aa98e2SPeter WemmR<> $@ < @ > MAIL FROM:<> case 731c2aa98e2SPeter WemmR< $+ > $: $1 remove housekeeping <> 732c2aa98e2SPeter Wemm 73306f25ae9SGregory Neil Shapiroifdef(`_USE_DEPRECATED_ROUTE_ADDR_',`dnl 734c2aa98e2SPeter Wemm# make sure <@a,@b,@c:user@d> syntax is easy to parse -- undone later 735c2aa98e2SPeter WemmR@ $+ , $+ @ $1 : $2 change all "," to ":" 736c2aa98e2SPeter Wemm 737c2aa98e2SPeter Wemm# localize and dispose of route-based addresses 73840266059SGregory Neil Shapirodnl XXX: IPv6 colon conflict 73940266059SGregory Neil Shapiroifdef(`NO_NETINET6', `dnl', 74040266059SGregory Neil Shapiro`R@ [$+] : $+ $@ $>Canonify2 < @ [$1] > : $2 handle <route-addr>') 74106f25ae9SGregory Neil ShapiroR@ $+ : $+ $@ $>Canonify2 < @$1 > : $2 handle <route-addr> 74206f25ae9SGregory Neil Shapirodnl',`dnl 74306f25ae9SGregory Neil Shapiro# strip route address <@a,@b,@c:user@d> -> <user@d> 74406f25ae9SGregory Neil ShapiroR@ $+ , $+ $2 74540266059SGregory Neil Shapiroifdef(`NO_NETINET6', `dnl', 74640266059SGregory Neil Shapiro`R@ [ $* ] : $+ $2') 74706f25ae9SGregory Neil ShapiroR@ $+ : $+ $2 74806f25ae9SGregory Neil Shapirodnl') 749c2aa98e2SPeter Wemm 750c2aa98e2SPeter Wemm# find focus for list syntax 75106f25ae9SGregory Neil ShapiroR $+ : $* ; @ $+ $@ $>Canonify2 $1 : $2 ; < @ $3 > list syntax 752c2aa98e2SPeter WemmR $+ : $* ; $@ $1 : $2; list syntax 753c2aa98e2SPeter Wemm 754c2aa98e2SPeter Wemm# find focus for @ syntax addresses 755c2aa98e2SPeter WemmR$+ @ $+ $: $1 < @ $2 > focus on domain 756c2aa98e2SPeter WemmR$+ < $+ @ $+ > $1 $2 < @ $3 > move gaze right 75706f25ae9SGregory Neil ShapiroR$+ < @ $+ > $@ $>Canonify2 $1 < @ $2 > already canonical 758c2aa98e2SPeter Wemm 75940266059SGregory Neil Shapirodnl This is flagged as an error in S0; no need to silently fix it here. 76040266059SGregory Neil Shapirodnl # do some sanity checking 76140266059SGregory Neil Shapirodnl R$* < @ $~[ $* : $* > $* $1 < @ $2 $3 > $4 nix colons in addrs 762c2aa98e2SPeter Wemm 763c2aa98e2SPeter Wemmifdef(`_NO_UUCP_', `dnl', 764c2aa98e2SPeter Wemm`# convert old-style addresses to a domain-based address 76506f25ae9SGregory Neil ShapiroR$- ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > resolve uucp names 76606f25ae9SGregory Neil ShapiroR$+ . $- ! $+ $@ $>Canonify2 $3 < @ $1 . $2 > domain uucps 76706f25ae9SGregory Neil ShapiroR$+ ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > uucp subdomains 768c2aa98e2SPeter Wemm') 769c2aa98e2SPeter Wemmifdef(`_USE_DECNET_SYNTAX_', 770c2aa98e2SPeter Wemm`# convert node::user addresses into a domain-based address 77106f25ae9SGregory Neil ShapiroR$- :: $+ $@ $>Canonify2 $2 < @ $1 .DECNET > resolve DECnet names 77206f25ae9SGregory Neil ShapiroR$- . $- :: $+ $@ $>Canonify2 $3 < @ $1.$2 .DECNET > numeric DECnet addr 773c2aa98e2SPeter Wemm', 774c2aa98e2SPeter Wemm `dnl') 775c2aa98e2SPeter Wemm# if we have % signs, take the rightmost one 776c2aa98e2SPeter WemmR$* % $* $1 @ $2 First make them all @s. 777c2aa98e2SPeter WemmR$* @ $* @ $* $1 % $2 @ $3 Undo all but the last. 77806f25ae9SGregory Neil ShapiroR$* @ $* $@ $>Canonify2 $1 < @ $2 > Insert < > and finish 779c2aa98e2SPeter Wemm 780c2aa98e2SPeter Wemm# else we must be a local name 78106f25ae9SGregory Neil ShapiroR$* $@ $>Canonify2 $1 782c2aa98e2SPeter Wemm 783c2aa98e2SPeter Wemm 784c2aa98e2SPeter Wemm################################################ 785c2aa98e2SPeter Wemm### Ruleset 96 -- bottom half of ruleset 3 ### 786c2aa98e2SPeter Wemm################################################ 787c2aa98e2SPeter Wemm 78806f25ae9SGregory Neil ShapiroSCanonify2=96 789c2aa98e2SPeter Wemm 790c2aa98e2SPeter Wemm# handle special cases for local names 791c2aa98e2SPeter WemmR$* < @ localhost > $* $: $1 < @ $j . > $2 no domain at all 792c2aa98e2SPeter WemmR$* < @ localhost . $m > $* $: $1 < @ $j . > $2 local domain 793c2aa98e2SPeter Wemmifdef(`_NO_UUCP_', `dnl', 794c2aa98e2SPeter Wemm`R$* < @ localhost . UUCP > $* $: $1 < @ $j . > $2 .UUCP domain') 79506f25ae9SGregory Neil Shapiro 79640266059SGregory Neil Shapiro# check for IPv4/IPv6 domain literal 79740266059SGregory Neil ShapiroR$* < @ [ $+ ] > $* $: $1 < @@ [ $2 ] > $3 mark [addr] 798c2aa98e2SPeter WemmR$* < @@ $=w > $* $: $1 < @ $j . > $3 self-literal 799c2aa98e2SPeter WemmR$* < @@ $+ > $* $@ $1 < @ $2 > $3 canon IP addr 800c2aa98e2SPeter Wemm 80106f25ae9SGregory Neil Shapiroifdef(`_DOMAIN_TABLE_', `dnl 802c2aa98e2SPeter Wemm# look up domains in the domain table 803c2aa98e2SPeter WemmR$* < @ $+ > $* $: $1 < @ $(domaintable $2 $) > $3', `dnl') 804c2aa98e2SPeter Wemm 80506f25ae9SGregory Neil Shapiroundivert(2)dnl LOCAL_RULE_3 806c2aa98e2SPeter Wemm 80706f25ae9SGregory Neil Shapiroifdef(`_BITDOMAIN_TABLE_', `dnl 808c2aa98e2SPeter Wemm# handle BITNET mapping 809c2aa98e2SPeter WemmR$* < @ $+ .BITNET > $* $: $1 < @ $(bitdomain $2 $: $2.BITNET $) > $3', `dnl') 810c2aa98e2SPeter Wemm 81106f25ae9SGregory Neil Shapiroifdef(`_UUDOMAIN_TABLE_', `dnl 812c2aa98e2SPeter Wemm# handle UUCP mapping 813c2aa98e2SPeter WemmR$* < @ $+ .UUCP > $* $: $1 < @ $(uudomain $2 $: $2.UUCP $) > $3', `dnl') 814c2aa98e2SPeter Wemm 815c2aa98e2SPeter Wemmifdef(`_NO_UUCP_', `dnl', 816c2aa98e2SPeter Wemm`ifdef(`UUCP_RELAY', 817c2aa98e2SPeter Wemm`# pass UUCP addresses straight through 818c2aa98e2SPeter WemmR$* < @ $+ . UUCP > $* $@ $1 < @ $2 . UUCP . > $3', 819c2aa98e2SPeter Wemm`# if really UUCP, handle it immediately 820c2aa98e2SPeter Wemmifdef(`_CLASS_U_', 821c2aa98e2SPeter Wemm`R$* < @ $=U . UUCP > $* $@ $1 < @ $2 . UUCP . > $3', `dnl') 822c2aa98e2SPeter Wemmifdef(`_CLASS_V_', 823c2aa98e2SPeter Wemm`R$* < @ $=V . UUCP > $* $@ $1 < @ $2 . UUCP . > $3', `dnl') 824c2aa98e2SPeter Wemmifdef(`_CLASS_W_', 825c2aa98e2SPeter Wemm`R$* < @ $=W . UUCP > $* $@ $1 < @ $2 . UUCP . > $3', `dnl') 826c2aa98e2SPeter Wemmifdef(`_CLASS_X_', 827c2aa98e2SPeter Wemm`R$* < @ $=X . UUCP > $* $@ $1 < @ $2 . UUCP . > $3', `dnl') 828c2aa98e2SPeter Wemmifdef(`_CLASS_Y_', 829c2aa98e2SPeter Wemm`R$* < @ $=Y . UUCP > $* $@ $1 < @ $2 . UUCP . > $3', `dnl') 830c2aa98e2SPeter Wemm 831c2aa98e2SPeter Wemmifdef(`_NO_CANONIFY_', `dnl', `dnl 832c2aa98e2SPeter Wemm# try UUCP traffic as a local address 833c2aa98e2SPeter WemmR$* < @ $+ . UUCP > $* $: $1 < @ $[ $2 $] . UUCP . > $3 834c2aa98e2SPeter WemmR$* < @ $+ . . UUCP . > $* $@ $1 < @ $2 . > $3') 835c2aa98e2SPeter Wemm')') 83606f25ae9SGregory Neil Shapiro# hostnames ending in class P are always canonical 83706f25ae9SGregory Neil ShapiroR$* < @ $* $=P > $* $: $1 < @ $2 $3 . > $4 83806f25ae9SGregory Neil Shapirodnl apply the next rule only for hostnames not in class P 83906f25ae9SGregory Neil Shapirodnl this even works for phrases in class P since . is in class P 84006f25ae9SGregory Neil Shapirodnl which daemon flags are set? 84106f25ae9SGregory Neil ShapiroR$* < @ $* $~P > $* $: $&{daemon_flags} $| $1 < @ $2 $3 > $4 84206f25ae9SGregory Neil Shapirodnl the other rules in this section only apply if the hostname 84306f25ae9SGregory Neil Shapirodnl does not end in class P hence no further checks are done here 84406f25ae9SGregory Neil Shapirodnl if this ever changes make sure the lookups are "protected" again! 84506f25ae9SGregory Neil Shapiroifdef(`_NO_CANONIFY_', `dnl 84606f25ae9SGregory Neil Shapirodnl do not canonify unless: 84706f25ae9SGregory Neil Shapirodnl domain ends in class {Canonify} (this does not work if the intersection 84806f25ae9SGregory Neil Shapirodnl with class P is non-empty) 84906f25ae9SGregory Neil Shapirodnl or {daemon_flags} has c set 85006f25ae9SGregory Neil Shapiro# pass to name server to make hostname canonical if in class {Canonify} 85106f25ae9SGregory Neil ShapiroR$* $| $* < @ $* $={Canonify} > $* $: $2 < @ $[ $3 $4 $] > $5 85206f25ae9SGregory Neil Shapiro# pass to name server to make hostname canonical if requested 85306f25ae9SGregory Neil ShapiroR$* c $* $| $* < @ $* > $* $: $3 < @ $[ $4 $] > $5 85406f25ae9SGregory Neil Shapirodnl trailing dot? -> do not apply _CANONIFY_HOSTS_ 85506f25ae9SGregory Neil ShapiroR$* $| $* < @ $+ . > $* $: $2 < @ $3 . > $4 85606f25ae9SGregory Neil Shapiro# add a trailing dot to qualified hostnames so other rules will work 85706f25ae9SGregory Neil ShapiroR$* $| $* < @ $+.$+ > $* $: $2 < @ $3.$4 . > $5 85806f25ae9SGregory Neil Shapiroifdef(`_CANONIFY_HOSTS_', `dnl 85906f25ae9SGregory Neil Shapirodnl this should only apply to unqualified hostnames 86006f25ae9SGregory Neil Shapirodnl but if a valid character inside an unqualified hostname is an OperatorChar 86106f25ae9SGregory Neil Shapirodnl then $- does not work. 86206f25ae9SGregory Neil Shapiro# lookup unqualified hostnames 86306f25ae9SGregory Neil ShapiroR$* $| $* < @ $* > $* $: $2 < @ $[ $3 $] > $4', `dnl')', `dnl 86406f25ae9SGregory Neil Shapirodnl _NO_CANONIFY_ is not set: canonify unless: 86506f25ae9SGregory Neil Shapirodnl {daemon_flags} contains CC (do not canonify) 866193538b7SGregory Neil Shapirodnl but add a trailing dot to qualified hostnames so other rules will work 867193538b7SGregory Neil Shapirodnl should we do this for every hostname: even unqualified? 868193538b7SGregory Neil ShapiroR$* CC $* $| $* < @ $+.$+ > $* $: $3 < @ $4.$5 . > $6 86906f25ae9SGregory Neil ShapiroR$* CC $* $| $* $: $3 87040266059SGregory Neil Shapiroifdef(`_FFR_NOCANONIFY_HEADERS', `dnl 87140266059SGregory Neil Shapiro# do not canonify header addresses 87240266059SGregory Neil ShapiroR$* $| $* < @ $* $~P > $* $: $&{addr_type} $| $2 < @ $3 $4 > $5 87340266059SGregory Neil ShapiroR$* h $* $| $* < @ $+.$+ > $* $: $3 < @ $4.$5 . > $6 87440266059SGregory Neil ShapiroR$* h $* $| $* $: $3', `dnl') 875c2aa98e2SPeter Wemm# pass to name server to make hostname canonical 87606f25ae9SGregory Neil ShapiroR$* $| $* < @ $* > $* $: $2 < @ $[ $3 $] > $4') 87706f25ae9SGregory Neil Shapirodnl remove {daemon_flags} for other cases 87806f25ae9SGregory Neil ShapiroR$* $| $* $: $2 879c2aa98e2SPeter Wemm 880c2aa98e2SPeter Wemm# local host aliases and pseudo-domains are always canonical 881c2aa98e2SPeter WemmR$* < @ $=w > $* $: $1 < @ $2 . > $3 882c2aa98e2SPeter Wemmifdef(`_MASQUERADE_ENTIRE_DOMAIN_', 883c2aa98e2SPeter Wemm`R$* < @ $* $=M > $* $: $1 < @ $2 $3 . > $4', 884c2aa98e2SPeter Wemm`R$* < @ $=M > $* $: $1 < @ $2 . > $3') 88506f25ae9SGregory Neil Shapiroifdef(`_VIRTUSER_TABLE_', `dnl 88606f25ae9SGregory Neil Shapirodnl virtual hosts are also canonical 88706f25ae9SGregory Neil Shapiroifdef(`_VIRTUSER_ENTIRE_DOMAIN_', 88806f25ae9SGregory Neil Shapiro`R$* < @ $* $={VirtHost} > $* $: $1 < @ $2 $3 . > $4', 88906f25ae9SGregory Neil Shapiro`R$* < @ $={VirtHost} > $* $: $1 < @ $2 . > $3')', 89006f25ae9SGregory Neil Shapiro`dnl') 89140266059SGregory Neil Shapiroifdef(`_GENERICS_TABLE_', `dnl 89240266059SGregory Neil Shapirodnl hosts for genericstable are also canonical 89340266059SGregory Neil Shapiroifdef(`_GENERICS_ENTIRE_DOMAIN_', 89440266059SGregory Neil Shapiro`R$* < @ $* $=G > $* $: $1 < @ $2 $3 . > $4', 89540266059SGregory Neil Shapiro`R$* < @ $=G > $* $: $1 < @ $2 . > $3')', 89640266059SGregory Neil Shapiro`dnl') 89706f25ae9SGregory Neil Shapirodnl remove superfluous dots (maybe repeatedly) which may have been added 89806f25ae9SGregory Neil Shapirodnl by one of the rules before 899c2aa98e2SPeter WemmR$* < @ $* . . > $* $1 < @ $2 . > $3 900c2aa98e2SPeter Wemm 901c2aa98e2SPeter Wemm 902c2aa98e2SPeter Wemm################################################## 903c2aa98e2SPeter Wemm### Ruleset 4 -- Final Output Post-rewriting ### 904c2aa98e2SPeter Wemm################################################## 90506f25ae9SGregory Neil ShapiroSfinal=4 906c2aa98e2SPeter Wemm 907193538b7SGregory Neil ShapiroR$+ :; <@> $@ $1 : handle <list:;> 908c2aa98e2SPeter WemmR$* <@> $@ handle <> and list:; 909c2aa98e2SPeter Wemm 910c2aa98e2SPeter Wemm# strip trailing dot off possibly canonical name 911c2aa98e2SPeter WemmR$* < @ $+ . > $* $1 < @ $2 > $3 912c2aa98e2SPeter Wemm 91306f25ae9SGregory Neil Shapiro# eliminate internal code 914c2aa98e2SPeter WemmR$* < @ *LOCAL* > $* $1 < @ $j > $2 915c2aa98e2SPeter Wemm 916c2aa98e2SPeter Wemm# externalize local domain info 917c2aa98e2SPeter WemmR$* < $+ > $* $1 $2 $3 defocus 918c2aa98e2SPeter WemmR@ $+ : @ $+ : $+ @ $1 , @ $2 : $3 <route-addr> canonical 919c2aa98e2SPeter WemmR@ $* $@ @ $1 ... and exit 920c2aa98e2SPeter Wemm 921c2aa98e2SPeter Wemmifdef(`_NO_UUCP_', `dnl', 922c2aa98e2SPeter Wemm`# UUCP must always be presented in old form 923c2aa98e2SPeter WemmR$+ @ $- . UUCP $2!$1 u@h.UUCP => h!u') 924c2aa98e2SPeter Wemm 925c2aa98e2SPeter Wemmifdef(`_USE_DECNET_SYNTAX_', 926c2aa98e2SPeter Wemm`# put DECnet back in :: form 927c2aa98e2SPeter WemmR$+ @ $+ . DECNET $2 :: $1 u@h.DECNET => h::u', 928c2aa98e2SPeter Wemm `dnl') 929c2aa98e2SPeter Wemm# delete duplicate local names 930c2aa98e2SPeter WemmR$+ % $=w @ $=w $1 @ $2 u%host@host => u@host 931c2aa98e2SPeter Wemm 932c2aa98e2SPeter Wemm 933c2aa98e2SPeter Wemm 934c2aa98e2SPeter Wemm############################################################## 935c2aa98e2SPeter Wemm### Ruleset 97 -- recanonicalize and call ruleset zero ### 936c2aa98e2SPeter Wemm### (used for recursive calls) ### 937c2aa98e2SPeter Wemm############################################################## 938c2aa98e2SPeter Wemm 93906f25ae9SGregory Neil ShapiroSRecurse=97 94006f25ae9SGregory Neil ShapiroR$* $: $>canonify $1 94106f25ae9SGregory Neil ShapiroR$* $@ $>parse $1 942c2aa98e2SPeter Wemm 943c2aa98e2SPeter Wemm 944c2aa98e2SPeter Wemm###################################### 945c2aa98e2SPeter Wemm### Ruleset 0 -- Parse Address ### 946c2aa98e2SPeter Wemm###################################### 947c2aa98e2SPeter Wemm 94806f25ae9SGregory Neil ShapiroSparse=0 949c2aa98e2SPeter Wemm 950c2aa98e2SPeter WemmR$* $: $>Parse0 $1 initial parsing 951c2aa98e2SPeter WemmR<@> $#_LOCAL_ $: <@> special case error msgs 95206f25ae9SGregory Neil ShapiroR$* $: $>ParseLocal $1 handle local hacks 953c2aa98e2SPeter WemmR$* $: $>Parse1 $1 final parsing 954c2aa98e2SPeter Wemm 955c2aa98e2SPeter Wemm# 956c2aa98e2SPeter Wemm# Parse0 -- do initial syntax checking and eliminate local addresses. 957c2aa98e2SPeter Wemm# This should either return with the (possibly modified) input 958c2aa98e2SPeter Wemm# or return with a #error mailer. It should not return with a 959c2aa98e2SPeter Wemm# #mailer other than the #error mailer. 960c2aa98e2SPeter Wemm# 961c2aa98e2SPeter Wemm 962c2aa98e2SPeter WemmSParse0 963c2aa98e2SPeter WemmR<@> $@ <@> special case error msgs 96440266059SGregory Neil ShapiroR$* : $* ; <@> $#error $@ 5.1.3 $: "_CODE553 List:; syntax illegal for recipient addresses" 96506f25ae9SGregory Neil ShapiroR@ <@ $* > < @ $1 > catch "@@host" bogosity 96640266059SGregory Neil ShapiroR<@ $+> $#error $@ 5.1.3 $: "_CODE553 User address required" 96740266059SGregory Neil ShapiroR$+ <@> $#error $@ 5.1.3 $: "_CODE553 Hostname required" 968c2aa98e2SPeter WemmR$* $: <> $1 96940266059SGregory Neil Shapirodnl allow tricks like [host1]:[host2] 97040266059SGregory Neil ShapiroR<> $* < @ [ $* ] : $+ > $* $1 < @ [ $2 ] : $3 > $4 97140266059SGregory Neil ShapiroR<> $* < @ [ $* ] , $+ > $* $1 < @ [ $2 ] , $3 > $4 97240266059SGregory Neil Shapirodnl but no a@[b]c 97340266059SGregory Neil ShapiroR<> $* < @ [ $* ] $+ > $* $#error $@ 5.1.2 $: "_CODE553 Invalid address" 974c2aa98e2SPeter WemmR<> $* < @ [ $+ ] > $* $1 < @ [ $2 ] > $3 97540266059SGregory Neil ShapiroR<> $* <$* : $* > $* $#error $@ 5.1.3 $: "_CODE553 Colon illegal in host name part" 976c2aa98e2SPeter WemmR<> $* $1 97740266059SGregory Neil ShapiroR$* < @ . $* > $* $#error $@ 5.1.2 $: "_CODE553 Invalid host name" 97840266059SGregory Neil ShapiroR$* < @ $* .. $* > $* $#error $@ 5.1.2 $: "_CODE553 Invalid host name" 97940266059SGregory Neil Shapirodnl no a@b@ 98040266059SGregory Neil ShapiroR$* < @ $* @ > $* $#error $@ 5.1.2 $: "_CODE553 Invalid route address" 98140266059SGregory Neil Shapirodnl no a@b@c 98240266059SGregory Neil ShapiroR$* @ $* < @ $* > $* $#error $@ 5.1.3 $: "_CODE553 Invalid route address" 98306f25ae9SGregory Neil Shapirodnl comma only allowed before @; this check is not complete 98440266059SGregory Neil ShapiroR$* , $~O $* $#error $@ 5.1.3 $: "_CODE553 Invalid route address" 98540266059SGregory Neil Shapiro 98640266059SGregory Neil Shapiroifdef(`_STRICT_RFC821_', `# more RFC 821 checks 98740266059SGregory Neil ShapiroR$* . < @ $* > $* $#error $@ 5.1.2 $: "_CODE553 Local part must not end with a dot" 98840266059SGregory Neil ShapiroR. $* < @ $* > $* $#error $@ 5.1.2 $: "_CODE553 Local part must not begin with a dot" 98940266059SGregory Neil Shapirodnl', `dnl') 990c2aa98e2SPeter Wemm 991c2aa98e2SPeter Wemm# now delete the local info -- note $=O to find characters that cause forwarding 99206f25ae9SGregory Neil ShapiroR$* < @ > $* $@ $>Parse0 $>canonify $1 user@ => user 99306f25ae9SGregory Neil ShapiroR< @ $=w . > : $* $@ $>Parse0 $>canonify $2 @here:... -> ... 994c2aa98e2SPeter WemmR$- < @ $=w . > $: $(dequote $1 $) < @ $2 . > dequote "foo"@here 99540266059SGregory Neil ShapiroR< @ $+ > $#error $@ 5.1.3 $: "_CODE553 User address required" 99606f25ae9SGregory Neil ShapiroR$* $=O $* < @ $=w . > $@ $>Parse0 $>canonify $1 $2 $3 ...@here -> ... 997c2aa98e2SPeter WemmR$- $: $(dequote $1 $) < @ *LOCAL* > dequote "foo" 99840266059SGregory Neil ShapiroR< @ *LOCAL* > $#error $@ 5.1.3 $: "_CODE553 User address required" 999c2aa98e2SPeter WemmR$* $=O $* < @ *LOCAL* > 100006f25ae9SGregory Neil Shapiro $@ $>Parse0 $>canonify $1 $2 $3 ...@*LOCAL* -> ... 1001c2aa98e2SPeter WemmR$* < @ *LOCAL* > $: $1 1002c2aa98e2SPeter Wemm 1003c2aa98e2SPeter Wemm# 1004c2aa98e2SPeter Wemm# Parse1 -- the bottom half of ruleset 0. 1005c2aa98e2SPeter Wemm# 1006c2aa98e2SPeter Wemm 1007c2aa98e2SPeter WemmSParse1 100806f25ae9SGregory Neil Shapiroifdef(`_LDAP_ROUTING_', `dnl 100906f25ae9SGregory Neil Shapiro# handle LDAP routing for hosts in $={LDAPRoute} 101040266059SGregory Neil ShapiroR$+ < @ $={LDAPRoute} . > $: $>LDAPExpand <$1 < @ $2 . >> <$1 @ $2> <> 101140266059SGregory Neil ShapiroR$+ < @ $={LDAPRouteEquiv} . > $: $>LDAPExpand <$1 < @ $2 . >> <$1 @ $M> <>', 1012c2aa98e2SPeter Wemm`dnl') 1013c2aa98e2SPeter Wemm 101406f25ae9SGregory Neil Shapiroifdef(`_MAILER_smtp_', 101506f25ae9SGregory Neil Shapiro`# handle numeric address spec 101606f25ae9SGregory Neil Shapirodnl there is no check whether this is really an IP number 101706f25ae9SGregory Neil ShapiroR$* < @ [ $+ ] > $* $: $>ParseLocal $1 < @ [ $2 ] > $3 numeric internet spec 101806f25ae9SGregory Neil ShapiroR$* < @ [ $+ ] > $* $1 < @ [ $2 ] : $S > $3 Add smart host to path 101906f25ae9SGregory Neil ShapiroR$* < @ [ $+ ] : > $* $#_SMTP_ $@ [$2] $: $1 < @ [$2] > $3 no smarthost: send 102006f25ae9SGregory Neil ShapiroR$* < @ [ $+ ] : $- : $*> $* $#$3 $@ $4 $: $1 < @ [$2] > $5 smarthost with mailer 102106f25ae9SGregory Neil ShapiroR$* < @ [ $+ ] : $+ > $* $#_SMTP_ $@ $3 $: $1 < @ [$2] > $4 smarthost without mailer', 102206f25ae9SGregory Neil Shapiro `dnl') 102306f25ae9SGregory Neil Shapiro 102406f25ae9SGregory Neil Shapiroifdef(`_VIRTUSER_TABLE_', `dnl 1025c2aa98e2SPeter Wemm# handle virtual users 102640266059SGregory Neil Shapiroifdef(`_VIRTUSER_STOP_ONE_LEVEL_RECURSION_',`dnl 102740266059SGregory Neil Shapirodnl this is not a documented option 102840266059SGregory Neil Shapirodnl it stops looping in virtusertable mapping if input and output 102940266059SGregory Neil Shapirodnl are identical, i.e., if address A is mapped to A. 103040266059SGregory Neil Shapirodnl it does not deal with multi-level recursion 103140266059SGregory Neil Shapiro# handle full domains in RHS of virtusertable 103240266059SGregory Neil ShapiroR$+ < @ $+ > $: $(macro {RecipientAddress} $) $1 < @ $2 > 103340266059SGregory Neil ShapiroR$+ < @ $+ > $: <?> $1 < @ $2 > $| $>final $1 < @ $2 > 103440266059SGregory Neil ShapiroR<?> $+ $| $+ $: $1 $(macro {RecipientAddress} $@ $2 $) 103540266059SGregory Neil ShapiroR<?> $+ $| $* $: $1', 103640266059SGregory Neil Shapiro`dnl') 103706f25ae9SGregory Neil ShapiroR$+ $: <!> $1 Mark for lookup 103840266059SGregory Neil Shapirodnl input: <!> local<@domain> 103906f25ae9SGregory Neil Shapiroifdef(`_VIRTUSER_ENTIRE_DOMAIN_', 104006f25ae9SGregory Neil Shapiro`R<!> $+ < @ $* $={VirtHost} . > $: < $(virtuser $1 @ $2 $3 $@ $1 $: @ $) > $1 < @ $2 $3 . >', 104106f25ae9SGregory Neil Shapiro`R<!> $+ < @ $={VirtHost} . > $: < $(virtuser $1 @ $2 $@ $1 $: @ $) > $1 < @ $2 . >') 104240266059SGregory Neil Shapirodnl input: <result-of-lookup | @> local<@domain> | <!> local<@domain> 104306f25ae9SGregory Neil ShapiroR<!> $+ < @ $=w . > $: < $(virtuser $1 @ $2 $@ $1 $: @ $) > $1 < @ $2 . > 104440266059SGregory Neil Shapirodnl if <@> local<@domain>: no match but try lookup 104540266059SGregory Neil Shapirodnl user+detail: try user++@domain if detail not empty 104640266059SGregory Neil ShapiroR<@> $+ + $+ < @ $* . > 104740266059SGregory Neil Shapiro $: < $(virtuser $1 + + @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . > 104840266059SGregory Neil Shapirodnl user+detail: try user+*@domain 1049c2aa98e2SPeter WemmR<@> $+ + $* < @ $* . > 105040266059SGregory Neil Shapiro $: < $(virtuser $1 + * @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . > 105140266059SGregory Neil Shapirodnl user+detail: try user@domain 1052c2aa98e2SPeter WemmR<@> $+ + $* < @ $* . > 105340266059SGregory Neil Shapiro $: < $(virtuser $1 @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . > 105406f25ae9SGregory Neil Shapirodnl try default entry: @domain 105540266059SGregory Neil Shapirodnl ++@domain 105640266059SGregory Neil ShapiroR<@> $+ + $+ < @ $+ . > $: < $(virtuser + + @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . > 105706f25ae9SGregory Neil Shapirodnl +*@domain 105840266059SGregory Neil ShapiroR<@> $+ + $* < @ $+ . > $: < $(virtuser + * @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . > 105906f25ae9SGregory Neil Shapirodnl @domain if +detail exists 106040266059SGregory Neil ShapiroR<@> $+ + $* < @ $+ . > $: < $(virtuser @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . > 106106f25ae9SGregory Neil Shapirodnl without +detail (or no match) 1062c2aa98e2SPeter WemmR<@> $+ < @ $+ . > $: < $(virtuser @ $2 $@ $1 $: @ $) > $1 < @ $2 . > 106340266059SGregory Neil Shapirodnl no match 1064c2aa98e2SPeter WemmR<@> $+ $: $1 106540266059SGregory Neil Shapirodnl remove mark 106606f25ae9SGregory Neil ShapiroR<!> $+ $: $1 106706f25ae9SGregory Neil ShapiroR< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4 1068c2aa98e2SPeter WemmR< error : $- $+ > $* $#error $@ $(dequote $1 $) $: $2 106940266059SGregory Neil Shapiroifdef(`_VIRTUSER_STOP_ONE_LEVEL_RECURSION_',`dnl 107040266059SGregory Neil Shapiro# check virtuser input address against output address, if same, skip recursion 107140266059SGregory Neil ShapiroR< $+ > $+ < @ $+ > $: < $1 > $2 < @ $3 > $| $1 107240266059SGregory Neil Shapiro# it is the same: stop now 107340266059SGregory Neil ShapiroR< $+ > $+ < @ $+ > $| $&{RecipientAddress} $: $>ParseLocal $>Parse0 $>canonify $1 107440266059SGregory Neil ShapiroR< $+ > $+ < @ $+ > $| $* $: < $1 > $2 < @ $3 > 107540266059SGregory Neil Shapirodnl', `dnl') 107613058a91SGregory Neil Shapirodnl this is not a documented option 107713058a91SGregory Neil Shapirodnl it performs no looping at all for virtusertable 10788774250cSGregory Neil Shapiroifdef(`_NO_VIRTUSER_RECURSION_', 10798774250cSGregory Neil Shapiro`R< $+ > $+ < @ $+ > $: $>ParseLocal $>Parse0 $>canonify $1', 10808774250cSGregory Neil Shapiro`R< $+ > $+ < @ $+ > $: $>Recurse $1') 10818774250cSGregory Neil Shapirodnl', `dnl') 1082c2aa98e2SPeter Wemm 1083c2aa98e2SPeter Wemm# short circuit local delivery so forwarded email works 1084c2aa98e2SPeter Wemmifdef(`_MAILER_usenet_', `dnl 108506f25ae9SGregory Neil ShapiroR$+ . USENET < @ $=w . > $#usenet $@ usenet $: $1 handle usenet specially', `dnl') 108642e5d165SGregory Neil Shapiro 108742e5d165SGregory Neil Shapiro 1088c2aa98e2SPeter Wemmifdef(`_STICKY_LOCAL_DOMAIN_', 1089c2aa98e2SPeter Wemm`R$+ < @ $=w . > $: < $H > $1 < @ $2 . > first try hub 109006f25ae9SGregory Neil ShapiroR< $+ > $+ < $+ > $>MailerToTriple < $1 > $2 < $3 > yep .... 109106f25ae9SGregory Neil Shapirodnl $H empty (but @$=w.) 1092c2aa98e2SPeter WemmR< > $+ + $* < $+ > $#_LOCAL_ $: $1 + $2 plussed name? 1093c2aa98e2SPeter WemmR< > $+ < $+ > $#_LOCAL_ $: @ $1 nope, local address', 1094c2aa98e2SPeter Wemm`R$=L < @ $=w . > $#_LOCAL_ $: @ $1 special local names 1095c2aa98e2SPeter WemmR$+ < @ $=w . > $#_LOCAL_ $: $1 regular local name') 1096c2aa98e2SPeter Wemm 109706f25ae9SGregory Neil Shapiroifdef(`_MAILER_TABLE_', `dnl 1098c2aa98e2SPeter Wemm# not local -- try mailer table lookup 1099c2aa98e2SPeter WemmR$* <@ $+ > $* $: < $2 > $1 < @ $2 > $3 extract host name 1100c2aa98e2SPeter WemmR< $+ . > $* $: < $1 > $2 strip trailing dot 1101c2aa98e2SPeter WemmR< $+ > $* $: < $(mailertable $1 $) > $2 lookup 110206f25ae9SGregory Neil Shapirodnl it is $~[ instead of $- to avoid matches on IPv6 addresses 110306f25ae9SGregory Neil ShapiroR< $~[ : $* > $* $>MailerToTriple < $1 : $2 > $3 check -- resolved? 110406f25ae9SGregory Neil ShapiroR< $+ > $* $: $>Mailertable <$1> $2 try domain', 1105c2aa98e2SPeter Wemm`dnl') 110606f25ae9SGregory Neil Shapiroundivert(4)dnl UUCP rules from `MAILER(uucp)' 1107c2aa98e2SPeter Wemm 1108c2aa98e2SPeter Wemmifdef(`_NO_UUCP_', `dnl', 1109c2aa98e2SPeter Wemm`# resolve remotely connected UUCP links (if any) 1110c2aa98e2SPeter Wemmifdef(`_CLASS_V_', 111106f25ae9SGregory Neil Shapiro`R$* < @ $=V . UUCP . > $* $: $>MailerToTriple < $V > $1 <@$2.UUCP.> $3', 1112c2aa98e2SPeter Wemm `dnl') 1113c2aa98e2SPeter Wemmifdef(`_CLASS_W_', 111406f25ae9SGregory Neil Shapiro`R$* < @ $=W . UUCP . > $* $: $>MailerToTriple < $W > $1 <@$2.UUCP.> $3', 1115c2aa98e2SPeter Wemm `dnl') 1116c2aa98e2SPeter Wemmifdef(`_CLASS_X_', 111706f25ae9SGregory Neil Shapiro`R$* < @ $=X . UUCP . > $* $: $>MailerToTriple < $X > $1 <@$2.UUCP.> $3', 1118c2aa98e2SPeter Wemm `dnl')') 1119c2aa98e2SPeter Wemm 1120c2aa98e2SPeter Wemm# resolve fake top level domains by forwarding to other hosts 1121c2aa98e2SPeter Wemmifdef(`BITNET_RELAY', 112206f25ae9SGregory Neil Shapiro`R$*<@$+.BITNET.>$* $: $>MailerToTriple < $B > $1 <@$2.BITNET.> $3 user@host.BITNET', 1123c2aa98e2SPeter Wemm `dnl') 1124c2aa98e2SPeter Wemmifdef(`DECNET_RELAY', 112506f25ae9SGregory Neil Shapiro`R$*<@$+.DECNET.>$* $: $>MailerToTriple < $C > $1 <@$2.DECNET.> $3 user@host.DECNET', 1126c2aa98e2SPeter Wemm `dnl') 1127c2aa98e2SPeter Wemmifdef(`_MAILER_pop_', 1128c2aa98e2SPeter Wemm`R$+ < @ POP. > $#pop $: $1 user@POP', 1129c2aa98e2SPeter Wemm `dnl') 1130c2aa98e2SPeter Wemmifdef(`_MAILER_fax_', 1131c2aa98e2SPeter Wemm`R$+ < @ $+ .FAX. > $#fax $@ $2 $: $1 user@host.FAX', 1132c2aa98e2SPeter Wemm`ifdef(`FAX_RELAY', 113306f25ae9SGregory Neil Shapiro`R$*<@$+.FAX.>$* $: $>MailerToTriple < $F > $1 <@$2.FAX.> $3 user@host.FAX', 1134c2aa98e2SPeter Wemm `dnl')') 1135c2aa98e2SPeter Wemm 1136c2aa98e2SPeter Wemmifdef(`UUCP_RELAY', 1137c2aa98e2SPeter Wemm`# forward non-local UUCP traffic to our UUCP relay 113806f25ae9SGregory Neil ShapiroR$*<@$*.UUCP.>$* $: $>MailerToTriple < $Y > $1 <@$2.UUCP.> $3 uucp mail', 1139c2aa98e2SPeter Wemm`ifdef(`_MAILER_uucp_', 1140c2aa98e2SPeter Wemm`# forward other UUCP traffic straight to UUCP 1141c2aa98e2SPeter WemmR$* < @ $+ .UUCP. > $* $#_UUCP_ $@ $2 $: $1 < @ $2 .UUCP. > $3 user@host.UUCP', 1142c2aa98e2SPeter Wemm `dnl')') 1143c2aa98e2SPeter Wemmifdef(`_MAILER_usenet_', ` 1144c2aa98e2SPeter Wemm# addresses sent to net.group.USENET will get forwarded to a newsgroup 114506f25ae9SGregory Neil ShapiroR$+ . USENET $#usenet $@ usenet $: $1', 1146c2aa98e2SPeter Wemm `dnl') 1147c2aa98e2SPeter Wemm 1148c2aa98e2SPeter Wemmifdef(`_LOCAL_RULES_', 1149c2aa98e2SPeter Wemm`# figure out what should stay in our local mail system 1150c2aa98e2SPeter Wemmundivert(1)', `dnl') 1151c2aa98e2SPeter Wemm 1152c2aa98e2SPeter Wemm# pass names that still have a host to a smarthost (if defined) 115306f25ae9SGregory Neil ShapiroR$* < @ $* > $* $: $>MailerToTriple < $S > $1 < @ $2 > $3 glue on smarthost name 1154c2aa98e2SPeter Wemm 1155c2aa98e2SPeter Wemm# deal with other remote names 1156c2aa98e2SPeter Wemmifdef(`_MAILER_smtp_', 1157c2aa98e2SPeter Wemm`R$* < @$* > $* $#_SMTP_ $@ $2 $: $1 < @ $2 > $3 user@host.domain', 115840266059SGregory Neil Shapiro`R$* < @$* > $* $#error $@ 5.1.2 $: "_CODE553 Unrecognized host name " $2') 1159c2aa98e2SPeter Wemm 1160c2aa98e2SPeter Wemm# handle locally delivered names 1161c2aa98e2SPeter WemmR$=L $#_LOCAL_ $: @ $1 special local names 1162c2aa98e2SPeter WemmR$+ $#_LOCAL_ $: $1 regular local names 1163c2aa98e2SPeter Wemm 1164c2aa98e2SPeter Wemm########################################################################### 1165c2aa98e2SPeter Wemm### Ruleset 5 -- special rewriting after aliases have been expanded ### 1166c2aa98e2SPeter Wemm########################################################################### 1167c2aa98e2SPeter Wemm 116806f25ae9SGregory Neil ShapiroSLocal_localaddr 116906f25ae9SGregory Neil ShapiroSlocaladdr=5 117006f25ae9SGregory Neil ShapiroR$+ $: $1 $| $>"Local_localaddr" $1 117140266059SGregory Neil ShapiroR$+ $| $#ok $@ $1 no change 117206f25ae9SGregory Neil ShapiroR$+ $| $#$* $#$2 117306f25ae9SGregory Neil ShapiroR$+ $| $* $: $1 1174c2aa98e2SPeter Wemm 117540266059SGregory Neil Shapiroifdef(`_PRESERVE_LUSER_HOST_', `dnl 117640266059SGregory Neil Shapiro# Preserve rcpt_host in {Host} 117740266059SGregory Neil ShapiroR$+ $: $1 $| $&h $| $&{Host} check h and {Host} 117840266059SGregory Neil ShapiroR$+ $| $| $: $(macro {Host} $@ $) $1 no h or {Host} 117940266059SGregory Neil ShapiroR$+ $| $| $+ $: $1 h not set, {Host} set 118040266059SGregory Neil ShapiroR$+ $| +$* $| $* $: $1 h is +detail, {Host} set 118140266059SGregory Neil ShapiroR$+ $| $+ $| $* $: $(macro {Host} $@ @$2 $) $1 set {Host} to h 118240266059SGregory Neil Shapiro')dnl 118340266059SGregory Neil Shapiro 118440266059SGregory Neil Shapiroifdef(`_FFR_5_', `dnl 118542e5d165SGregory Neil Shapiro# Preserve host in a macro 118642e5d165SGregory Neil ShapiroR$+ $: $(macro {LocalAddrHost} $) $1 118742e5d165SGregory Neil ShapiroR$+ @ $+ $: $(macro {LocalAddrHost} $@ @ $2 $) $1') 1188c2aa98e2SPeter Wemm 118940266059SGregory Neil Shapiroifdef(`_PRESERVE_LOCAL_PLUS_DETAIL_', `', `dnl 119042e5d165SGregory Neil Shapiro# deal with plussed users so aliases work nicely 119142e5d165SGregory Neil ShapiroR$+ + * $#_LOCAL_ $@ $&h $: $1`'ifdef(`_FFR_5_', ` $&{LocalAddrHost}') 119242e5d165SGregory Neil ShapiroR$+ + $* $#_LOCAL_ $@ + $2 $: $1 + *`'ifdef(`_FFR_5_', ` $&{LocalAddrHost}') 119342e5d165SGregory Neil Shapiro') 1194c2aa98e2SPeter Wemm# prepend an empty "forward host" on the front 1195c2aa98e2SPeter WemmR$+ $: <> $1 1196c2aa98e2SPeter Wemm 1197c2aa98e2SPeter Wemmifdef(`LUSER_RELAY', `dnl 1198c2aa98e2SPeter Wemm# send unrecognized local users to a relay host 119940266059SGregory Neil Shapiroifdef(`_PRESERVE_LOCAL_PLUS_DETAIL_', `dnl 120042e5d165SGregory Neil ShapiroR< > $+ + $* $: < ? $L > <+ $2> $(user $1 $) look up user+ 120142e5d165SGregory Neil ShapiroR< > $+ $: < ? $L > < > $(user $1 $) look up user 120242e5d165SGregory Neil ShapiroR< ? $* > < $* > $+ <> $: < > $3 $2 found; strip $L 120342e5d165SGregory Neil ShapiroR< ? $* > < $* > $+ $: < $1 > $3 $2 not found', ` 120406f25ae9SGregory Neil ShapiroR< > $+ $: < $L > $(user $1 $) look up user 120540266059SGregory Neil ShapiroR< $* > $+ <> $: < > $2 found; strip $L') 120640266059SGregory Neil Shapiroifdef(`_PRESERVE_LUSER_HOST_', `dnl 120740266059SGregory Neil ShapiroR< $+ > $+ $: < $1 > $2 $&{Host}') 120840266059SGregory Neil Shapirodnl') 1209c2aa98e2SPeter Wemm 121040266059SGregory Neil Shapiroifdef(`MAIL_HUB', `dnl 121140266059SGregory Neil ShapiroR< > $+ $: < $H > $1 try hub', `dnl') 121240266059SGregory Neil Shapiroifdef(`LOCAL_RELAY', `dnl 121340266059SGregory Neil ShapiroR< > $+ $: < $R > $1 try relay', `dnl') 121440266059SGregory Neil Shapiroifdef(`_PRESERVE_LOCAL_PLUS_DETAIL_', `dnl 121540266059SGregory Neil ShapiroR< > $+ $@ $1', `dnl 121606f25ae9SGregory Neil ShapiroR< > $+ $: < > < $1 <> $&h > nope, restore +detail 121740266059SGregory Neil Shapiroifdef(`_PRESERVE_LUSER_HOST_', `dnl 121840266059SGregory Neil ShapiroR< > < $+ @ $+ <> + $* > $: < > < $1 + $3 @ $2 > check whether +detail') 121906f25ae9SGregory Neil ShapiroR< > < $+ <> + $* > $: < > < $1 + $2 > check whether +detail 122006f25ae9SGregory Neil ShapiroR< > < $+ <> $* > $: < > < $1 > else discard 1221c2aa98e2SPeter WemmR< > < $+ + $* > $* < > < $1 > + $2 $3 find the user part 122242e5d165SGregory Neil ShapiroR< > < $+ > + $* $#_LOCAL_ $@ $2 $: @ $1`'ifdef(`_FFR_5_', ` $&{LocalAddrHost}') strip the extra + 1223c2aa98e2SPeter WemmR< > < $+ > $@ $1 no +detail 12242e43090eSPeter WemmR$+ $: $1 <> $&h add +detail back in 122540266059SGregory Neil Shapiroifdef(`_PRESERVE_LUSER_HOST_', `dnl 122640266059SGregory Neil ShapiroR$+ @ $+ <> + $* $: $1 + $3 @ $2 check whether +detail') 12272e43090eSPeter WemmR$+ <> + $* $: $1 + $2 check whether +detail 122842e5d165SGregory Neil ShapiroR$+ <> $* $: $1 else discard') 122906f25ae9SGregory Neil ShapiroR< local : $* > $* $: $>MailerToTriple < local : $1 > $2 no host extension 123006f25ae9SGregory Neil ShapiroR< error : $* > $* $: $>MailerToTriple < error : $1 > $2 no host extension 123140266059SGregory Neil Shapiroifdef(`_PRESERVE_LUSER_HOST_', `dnl 123240266059SGregory Neil Shapirodnl it is $~[ instead of $- to avoid matches on IPv6 addresses 123340266059SGregory Neil ShapiroR< $~[ : $+ > $+ @ $+ $: $>MailerToTriple < $1 : $2 > $3 < @ $4 >') 123440266059SGregory Neil ShapiroR< $~[ : $+ > $+ $: $>MailerToTriple < $1 : $2 > $3 < @ $2 > 123540266059SGregory Neil Shapiroifdef(`_PRESERVE_LUSER_HOST_', `dnl 123640266059SGregory Neil ShapiroR< $+ > $+ @ $+ $@ $>MailerToTriple < $1 > $2 < @ $3 >') 123706f25ae9SGregory Neil ShapiroR< $+ > $+ $@ $>MailerToTriple < $1 > $2 < @ $1 > 1238c2aa98e2SPeter Wemm 123906f25ae9SGregory Neil Shapiroifdef(`_MAILER_TABLE_', `dnl 124040266059SGregory Neil Shapiroifdef(`_LDAP_ROUTING_', `dnl 124140266059SGregory Neil Shapiro################################################################### 124240266059SGregory Neil Shapiro### Ruleset LDAPMailertable -- mailertable lookup for LDAP ### 124340266059SGregory Neil Shapirodnl input: <Domain> FullAddress 124440266059SGregory Neil Shapiro################################################################### 124540266059SGregory Neil Shapiro 124640266059SGregory Neil ShapiroSLDAPMailertable 124740266059SGregory Neil ShapiroR< $+ > $* $: < $(mailertable $1 $) > $2 lookup 124840266059SGregory Neil ShapiroR< $~[ : $* > $* $>MailerToTriple < $1 : $2 > $3 check resolved? 124940266059SGregory Neil ShapiroR< $+ > $* $: < $1 > $>Mailertable <$1> $2 try domain 125040266059SGregory Neil ShapiroR< $+ > $#$* $#$2 found 125140266059SGregory Neil ShapiroR< $+ > $* $#_RELAY_ $@ $1 $: $2 not found, direct relay', 125240266059SGregory Neil Shapiro`dnl') 125340266059SGregory Neil Shapiro 1254c2aa98e2SPeter Wemm################################################################### 1255c2aa98e2SPeter Wemm### Ruleset 90 -- try domain part of mailertable entry ### 125606f25ae9SGregory Neil Shapirodnl input: LeftPartOfDomain <RightPartOfDomain> FullAddress 1257c2aa98e2SPeter Wemm################################################################### 1258c2aa98e2SPeter Wemm 125906f25ae9SGregory Neil ShapiroSMailertable=90 126006f25ae9SGregory Neil Shapirodnl shift and check 126106f25ae9SGregory Neil Shapirodnl %2 is not documented in cf/README 1262c2aa98e2SPeter WemmR$* <$- . $+ > $* $: $1$2 < $(mailertable .$3 $@ $1$2 $@ $2 $) > $4 126306f25ae9SGregory Neil Shapirodnl it is $~[ instead of $- to avoid matches on IPv6 addresses 126406f25ae9SGregory Neil ShapiroR$* <$~[ : $* > $* $>MailerToTriple < $2 : $3 > $4 check -- resolved? 126506f25ae9SGregory Neil ShapiroR$* < . $+ > $* $@ $>Mailertable $1 . <$2> $3 no -- strip & try again 126606f25ae9SGregory Neil Shapirodnl is $2 always empty? 1267c2aa98e2SPeter WemmR$* < $* > $* $: < $(mailertable . $@ $1$2 $) > $3 try "." 126806f25ae9SGregory Neil ShapiroR< $~[ : $* > $* $>MailerToTriple < $1 : $2 > $3 "." found? 126906f25ae9SGregory Neil Shapirodnl return full address 1270c2aa98e2SPeter WemmR< $* > $* $@ $2 no mailertable match', 1271c2aa98e2SPeter Wemm`dnl') 1272c2aa98e2SPeter Wemm 1273c2aa98e2SPeter Wemm################################################################### 1274c2aa98e2SPeter Wemm### Ruleset 95 -- canonify mailer:[user@]host syntax to triple ### 127506f25ae9SGregory Neil Shapirodnl input: in general: <[mailer:]host> lp<@domain>rest 127606f25ae9SGregory Neil Shapirodnl <> address -> address 127706f25ae9SGregory Neil Shapirodnl <error:d.s.n:text> -> error 127806f25ae9SGregory Neil Shapirodnl <error:text> -> error 127906f25ae9SGregory Neil Shapirodnl <mailer:user@host> lp<@domain>rest -> mailer host user 128006f25ae9SGregory Neil Shapirodnl <mailer:host> address -> mailer host address 128106f25ae9SGregory Neil Shapirodnl <localdomain> address -> address 128206f25ae9SGregory Neil Shapirodnl <host> address -> relay host address 1283c2aa98e2SPeter Wemm################################################################### 1284c2aa98e2SPeter Wemm 128506f25ae9SGregory Neil ShapiroSMailerToTriple=95 1286c2aa98e2SPeter WemmR< > $* $@ $1 strip off null relay 128706f25ae9SGregory Neil ShapiroR< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4 1288c2aa98e2SPeter WemmR< error : $- $+ > $* $#error $@ $(dequote $1 $) $: $2 1289c2aa98e2SPeter WemmR< local : $* > $* $>CanonLocal < $1 > $2 129040266059SGregory Neil Shapirodnl it is $~[ instead of $- to avoid matches on IPv6 addresses 129140266059SGregory Neil ShapiroR< $~[ : $+ @ $+ > $*<$*>$* $# $1 $@ $3 $: $2<@$3> use literal user 129240266059SGregory Neil ShapiroR< $~[ : $+ > $* $# $1 $@ $2 $: $3 try qualified mailer 1293c2aa98e2SPeter WemmR< $=w > $* $@ $2 delete local host 1294c2aa98e2SPeter WemmR< $+ > $* $#_RELAY_ $@ $1 $: $2 use unqualified mailer 1295c2aa98e2SPeter Wemm 1296c2aa98e2SPeter Wemm################################################################### 1297c2aa98e2SPeter Wemm### Ruleset CanonLocal -- canonify local: syntax ### 129806f25ae9SGregory Neil Shapirodnl input: <user> address 129906f25ae9SGregory Neil Shapirodnl <x> <@host> : rest -> Recurse rest 130006f25ae9SGregory Neil Shapirodnl <x> p1 $=O p2 <@host> -> Recurse p1 $=O p2 130106f25ae9SGregory Neil Shapirodnl <> user <@host> rest -> local user@host user 130206f25ae9SGregory Neil Shapirodnl <> user -> local user user 130306f25ae9SGregory Neil Shapirodnl <user@host> lp <@domain> rest -> <user> lp <@host> [cont] 130406f25ae9SGregory Neil Shapirodnl <user> lp <@host> rest -> local lp@host user 130506f25ae9SGregory Neil Shapirodnl <user> lp -> local lp user 1306c2aa98e2SPeter Wemm################################################################### 1307c2aa98e2SPeter Wemm 1308c2aa98e2SPeter WemmSCanonLocal 13092e43090eSPeter Wemm# strip local host from routed addresses 131006f25ae9SGregory Neil ShapiroR< $* > < @ $+ > : $+ $@ $>Recurse $3 131106f25ae9SGregory Neil ShapiroR< $* > $+ $=O $+ < @ $+ > $@ $>Recurse $2 $3 $4 13122e43090eSPeter Wemm 1313c2aa98e2SPeter Wemm# strip trailing dot from any host name that may appear 1314c2aa98e2SPeter WemmR< $* > $* < @ $* . > $: < $1 > $2 < @ $3 > 1315c2aa98e2SPeter Wemm 1316c2aa98e2SPeter Wemm# handle local: syntax -- use old user, either with or without host 1317c2aa98e2SPeter WemmR< > $* < @ $* > $* $#_LOCAL_ $@ $1@$2 $: $1 1318c2aa98e2SPeter WemmR< > $+ $#_LOCAL_ $@ $1 $: $1 1319c2aa98e2SPeter Wemm 1320c2aa98e2SPeter Wemm# handle local:user@host syntax -- ignore host part 1321c2aa98e2SPeter WemmR< $+ @ $+ > $* < @ $* > $: < $1 > $3 < @ $4 > 1322c2aa98e2SPeter Wemm 1323c2aa98e2SPeter Wemm# handle local:user syntax 1324c2aa98e2SPeter WemmR< $+ > $* <@ $* > $* $#_LOCAL_ $@ $2@$3 $: $1 1325c2aa98e2SPeter WemmR< $+ > $* $#_LOCAL_ $@ $2 $: $1 1326c2aa98e2SPeter Wemm 1327c2aa98e2SPeter Wemm################################################################### 1328c2aa98e2SPeter Wemm### Ruleset 93 -- convert header names to masqueraded form ### 1329c2aa98e2SPeter Wemm################################################################### 1330c2aa98e2SPeter Wemm 133106f25ae9SGregory Neil ShapiroSMasqHdr=93 1332c2aa98e2SPeter Wemm 133306f25ae9SGregory Neil Shapiroifdef(`_GENERICS_TABLE_', `dnl 1334c2aa98e2SPeter Wemm# handle generics database 1335c2aa98e2SPeter Wemmifdef(`_GENERICS_ENTIRE_DOMAIN_', 133606f25ae9SGregory Neil Shapirodnl if generics should be applied add a @ as mark 1337c2aa98e2SPeter Wemm`R$+ < @ $* $=G . > $: < $1@$2$3 > $1 < @ $2$3 . > @ mark', 1338c2aa98e2SPeter Wemm`R$+ < @ $=G . > $: < $1@$2 > $1 < @ $2 . > @ mark') 1339c2aa98e2SPeter WemmR$+ < @ *LOCAL* > $: < $1@$j > $1 < @ *LOCAL* > @ mark 134006f25ae9SGregory Neil Shapirodnl workspace: either user<@domain> or <user@domain> user <@domain> @ 134106f25ae9SGregory Neil Shapirodnl ignore the first case for now 134206f25ae9SGregory Neil Shapirodnl if it has the mark lookup full address 134340266059SGregory Neil Shapirodnl broken: %1 is full address not just detail 134406f25ae9SGregory Neil ShapiroR< $+ > $+ < $* > @ $: < $(generics $1 $: @ $1 $) > $2 < $3 > 134506f25ae9SGregory Neil Shapirodnl workspace: ... or <match|@user@domain> user <@domain> 134606f25ae9SGregory Neil Shapirodnl no match, try user+detail@domain 134706f25ae9SGregory Neil ShapiroR<@$+ + $* @ $+> $+ < @ $+ > 134806f25ae9SGregory Neil Shapiro $: < $(generics $1+*@$3 $@ $2 $:@$1 + $2@$3 $) > $4 < @ $5 > 134906f25ae9SGregory Neil ShapiroR<@$+ + $* @ $+> $+ < @ $+ > 135006f25ae9SGregory Neil Shapiro $: < $(generics $1@$3 $: $) > $4 < @ $5 > 135106f25ae9SGregory Neil Shapirodnl no match, remove mark 135206f25ae9SGregory Neil ShapiroR<@$+ > $+ < @ $+ > $: < > $2 < @ $3 > 135306f25ae9SGregory Neil Shapirodnl no match, try @domain for exceptions 135406f25ae9SGregory Neil ShapiroR< > $+ < @ $+ . > $: < $(generics @$2 $@ $1 $: $) > $1 < @ $2 . > 135506f25ae9SGregory Neil Shapirodnl workspace: ... or <match> user <@domain> 135606f25ae9SGregory Neil Shapirodnl no match, try local part 1357c2aa98e2SPeter WemmR< > $+ < @ $+ > $: < $(generics $1 $: $) > $1 < @ $2 > 135806f25ae9SGregory Neil ShapiroR< > $+ + $* < @ $+ > $: < $(generics $1+* $@ $2 $: $) > $1 + $2 < @ $3 > 135906f25ae9SGregory Neil ShapiroR< > $+ + $* < @ $+ > $: < $(generics $1 $: $) > $1 + $2 < @ $3 > 136006f25ae9SGregory Neil ShapiroR< $* @ $* > $* < $* > $@ $>canonify $1 @ $2 found qualified 136106f25ae9SGregory Neil ShapiroR< $+ > $* < $* > $: $>canonify $1 @ *LOCAL* found unqualified 1362c2aa98e2SPeter WemmR< > $* $: $1 not found', 1363c2aa98e2SPeter Wemm`dnl') 1364c2aa98e2SPeter Wemm 136506f25ae9SGregory Neil Shapiro# do not masquerade anything in class N 136606f25ae9SGregory Neil ShapiroR$* < @ $* $=N . > $@ $1 < @ $2 $3 . > 136706f25ae9SGregory Neil Shapiro 136840266059SGregory Neil Shapiroifdef(`MASQUERADE_NAME', `dnl 1369c2aa98e2SPeter Wemm# special case the users that should be exposed 1370c2aa98e2SPeter WemmR$=E < @ *LOCAL* > $@ $1 < @ $j . > leave exposed 1371c2aa98e2SPeter Wemmifdef(`_MASQUERADE_ENTIRE_DOMAIN_', 1372c2aa98e2SPeter Wemm`R$=E < @ $* $=M . > $@ $1 < @ $2 $3 . >', 1373c2aa98e2SPeter Wemm`R$=E < @ $=M . > $@ $1 < @ $2 . >') 1374c2aa98e2SPeter Wemmifdef(`_LIMITED_MASQUERADE_', `dnl', 1375c2aa98e2SPeter Wemm`R$=E < @ $=w . > $@ $1 < @ $2 . >') 1376c2aa98e2SPeter Wemm 1377c2aa98e2SPeter Wemm# handle domain-specific masquerading 1378c2aa98e2SPeter Wemmifdef(`_MASQUERADE_ENTIRE_DOMAIN_', 1379c2aa98e2SPeter Wemm`R$* < @ $* $=M . > $* $: $1 < @ $2 $3 . @ $M > $4 convert masqueraded doms', 1380c2aa98e2SPeter Wemm`R$* < @ $=M . > $* $: $1 < @ $2 . @ $M > $3 convert masqueraded doms') 1381c2aa98e2SPeter Wemmifdef(`_LIMITED_MASQUERADE_', `dnl', 1382c2aa98e2SPeter Wemm`R$* < @ $=w . > $* $: $1 < @ $2 . @ $M > $3') 1383c2aa98e2SPeter WemmR$* < @ *LOCAL* > $* $: $1 < @ $j . @ $M > $2 1384c2aa98e2SPeter WemmR$* < @ $+ @ > $* $: $1 < @ $2 > $3 $M is null 1385c2aa98e2SPeter WemmR$* < @ $+ @ $+ > $* $: $1 < @ $3 . > $4 $M is not null 138640266059SGregory Neil Shapirodnl', `dnl no masquerading 138740266059SGregory Neil Shapirodnl just fix *LOCAL* leftovers 138840266059SGregory Neil ShapiroR$* < @ *LOCAL* > $@ $1 < @ $j . >') 1389c2aa98e2SPeter Wemm 1390c2aa98e2SPeter Wemm################################################################### 1391c2aa98e2SPeter Wemm### Ruleset 94 -- convert envelope names to masqueraded form ### 1392c2aa98e2SPeter Wemm################################################################### 1393c2aa98e2SPeter Wemm 139406f25ae9SGregory Neil ShapiroSMasqEnv=94 1395c2aa98e2SPeter Wemmifdef(`_MASQUERADE_ENVELOPE_', 139606f25ae9SGregory Neil Shapiro`R$+ $@ $>MasqHdr $1', 1397c2aa98e2SPeter Wemm`R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2') 1398c2aa98e2SPeter Wemm 1399c2aa98e2SPeter Wemm################################################################### 1400c2aa98e2SPeter Wemm### Ruleset 98 -- local part of ruleset zero (can be null) ### 1401c2aa98e2SPeter Wemm################################################################### 1402c2aa98e2SPeter Wemm 140306f25ae9SGregory Neil ShapiroSParseLocal=98 140406f25ae9SGregory Neil Shapiroundivert(3)dnl LOCAL_RULE_0 1405c2aa98e2SPeter Wemm 140606f25ae9SGregory Neil Shapiroifdef(`_LDAP_ROUTING_', `dnl 140740266059SGregory Neil Shapiro###################################################################### 140840266059SGregory Neil Shapiro### LDAPExpand: Expand address using LDAP routing 140940266059SGregory Neil Shapiro### 141040266059SGregory Neil Shapiro### Parameters: 141140266059SGregory Neil Shapiro### <$1> -- parsed address (user < @ domain . >) (pass through) 141240266059SGregory Neil Shapiro### <$2> -- RFC822 address (user @ domain) (used for lookup) 141340266059SGregory Neil Shapiro### <$3> -- +detail information 141440266059SGregory Neil Shapiro### 141540266059SGregory Neil Shapiro### Returns: 141640266059SGregory Neil Shapiro### Mailer triplet ($#mailer $@ host $: address) 141740266059SGregory Neil Shapiro### Parsed address (user < @ domain . >) 141840266059SGregory Neil Shapiro###################################################################### 141940266059SGregory Neil Shapiro 142006f25ae9SGregory Neil ShapiroSLDAPExpand 142106f25ae9SGregory Neil Shapiro# do the LDAP lookups 142240266059SGregory Neil ShapiroR<$+><$+><$*> $: <$(ldapmra $2 $: $)> <$(ldapmh $2 $: $)> <$1> <$2> <$3> 142306f25ae9SGregory Neil Shapiro 1424605302a5SGregory Neil Shapiro# look for temporary failures (return original address, MTA will queue up) 1425605302a5SGregory Neil ShapiroR<$* <TMPF>> <$*> <$+> <$+> <$*> $@ $2 1426605302a5SGregory Neil ShapiroR<$*> <$* <TMPF>> <$+> <$+> <$*> $@ $2 1427605302a5SGregory Neil Shapiro 142806f25ae9SGregory Neil Shapiro# if mailRoutingAddress and local or non-existant mailHost, 142906f25ae9SGregory Neil Shapiro# return the new mailRoutingAddress 143040266059SGregory Neil Shapiroifelse(_LDAP_ROUTE_DETAIL_, `_PRESERVE_', `dnl 143140266059SGregory Neil ShapiroR<$+@$+> <$=w> <$+> <$+> <$*> $@ $>Parse0 $>canonify $1 $6 @ $2 143240266059SGregory Neil ShapiroR<$+@$+> <> <$+> <$+> <$*> $@ $>Parse0 $>canonify $1 $5 @ $2') 143340266059SGregory Neil ShapiroR<$+> <$=w> <$+> <$+> <$*> $@ $>Parse0 $>canonify $1 143440266059SGregory Neil ShapiroR<$+> <> <$+> <$+> <$*> $@ $>Parse0 $>canonify $1 143506f25ae9SGregory Neil Shapiro 143606f25ae9SGregory Neil Shapiro# if mailRoutingAddress and non-local mailHost, 143706f25ae9SGregory Neil Shapiro# relay to mailHost with new mailRoutingAddress 143840266059SGregory Neil Shapiroifelse(_LDAP_ROUTE_DETAIL_, `_PRESERVE_', `dnl 143940266059SGregory Neil Shapiroifdef(`_MAILER_TABLE_', `dnl 144040266059SGregory Neil Shapiro# check mailertable for host, relay from there 144140266059SGregory Neil ShapiroR<$+@$+> <$+> <$+> <$+> <$*> $>LDAPMailertable <$3> $>canonify $1 $6 @ $2', 144240266059SGregory Neil Shapiro`R<$+@$+> <$+> <$+> <$+> <$*> $#_RELAY_ $@ $3 $: $>canonify $1 $6 @ $2')') 144340266059SGregory Neil Shapiroifdef(`_MAILER_TABLE_', `dnl 144440266059SGregory Neil Shapiro# check mailertable for host, relay from there 144540266059SGregory Neil ShapiroR<$+> <$+> <$+> <$+> <$*> $>LDAPMailertable <$2> $>canonify $1', 144640266059SGregory Neil Shapiro`R<$+> <$+> <$+> <$+> <$*> $#_RELAY_ $@ $2 $: $>canonify $1') 144706f25ae9SGregory Neil Shapiro 144806f25ae9SGregory Neil Shapiro# if no mailRoutingAddress and local mailHost, 144906f25ae9SGregory Neil Shapiro# return original address 145040266059SGregory Neil ShapiroR<> <$=w> <$+> <$+> <$*> $@ $2 145106f25ae9SGregory Neil Shapiro 145206f25ae9SGregory Neil Shapiro# if no mailRoutingAddress and non-local mailHost, 145306f25ae9SGregory Neil Shapiro# relay to mailHost with original address 145440266059SGregory Neil Shapiroifdef(`_MAILER_TABLE_', `dnl 145540266059SGregory Neil Shapiro# check mailertable for host, relay from there 145640266059SGregory Neil ShapiroR<> <$+> <$+> <$+> <$*> $>LDAPMailertable <$1> $2', 145740266059SGregory Neil Shapiro`R<> <$+> <$+> <$+> <$*> $#_RELAY_ $@ $1 $: $2') 145806f25ae9SGregory Neil Shapiro 145940266059SGregory Neil Shapiroifdef(`_LDAP_ROUTE_DETAIL_', 146040266059SGregory Neil Shapiro`# if no mailRoutingAddress and no mailHost, 146140266059SGregory Neil Shapiro# try without +detail 146240266059SGregory Neil ShapiroR<> <> <$+> <$+ + $* @ $+> <> $@ $>LDAPExpand <$1> <$2 @ $4> <+$3>')dnl 146340266059SGregory Neil Shapiro 146440266059SGregory Neil Shapiro# if still no mailRoutingAddress and no mailHost, 146506f25ae9SGregory Neil Shapiro# try @domain 146640266059SGregory Neil Shapiroifelse(_LDAP_ROUTE_DETAIL_, `_PRESERVE_', `dnl 146740266059SGregory Neil ShapiroR<> <> <$+> <$+ + $* @ $+> <> $@ $>LDAPExpand <$1> <@ $4> <+$3>') 146840266059SGregory Neil ShapiroR<> <> <$+> <$+ @ $+> <$*> $@ $>LDAPExpand <$1> <@ $3> <$4> 146906f25ae9SGregory Neil Shapiro 147006f25ae9SGregory Neil Shapiro# if no mailRoutingAddress and no mailHost and this was a domain attempt, 147106f25ae9SGregory Neil Shapiroifelse(_LDAP_ROUTING_, `_MUST_EXIST_', `dnl 147206f25ae9SGregory Neil Shapiro# user does not exist 147340266059SGregory Neil ShapiroR<> <> <$+> <@ $+> <$*> $: <?> < $&{addr_type} > < $1 > 147440266059SGregory Neil Shapiro# only give error for envelope recipient 147540266059SGregory Neil ShapiroR<?> <e r> <$+> $#error $@ nouser $: "550 User unknown" 147640266059SGregory Neil ShapiroR<?> <$*> <$+> $@ $2', 147706f25ae9SGregory Neil Shapiro`dnl 147806f25ae9SGregory Neil Shapiro# return the original address 147940266059SGregory Neil ShapiroR<> <> <$+> <@ $+> <$*> $@ $1')', 148006f25ae9SGregory Neil Shapiro`dnl') 148106f25ae9SGregory Neil Shapiro 148206f25ae9SGregory Neil Shapiroifelse(substr(confDELIVERY_MODE,0,1), `d', `errprint(`WARNING: Antispam rules not available in deferred delivery mode. 148306f25ae9SGregory Neil Shapiro')') 148440266059SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl', `divert(-1)') 1485c2aa98e2SPeter Wemm###################################################################### 148640266059SGregory Neil Shapiro### D: LookUpDomain -- search for domain in access database 1487c2aa98e2SPeter Wemm### 1488c2aa98e2SPeter Wemm### Parameters: 1489c2aa98e2SPeter Wemm### <$1> -- key (domain name) 1490c2aa98e2SPeter Wemm### <$2> -- default (what to return if not found in db) 149106f25ae9SGregory Neil Shapirodnl must not be empty 149240266059SGregory Neil Shapiro### <$3> -- mark (must be <(!|+) single-token>) 149306f25ae9SGregory Neil Shapiro### ! does lookup only with tag 149406f25ae9SGregory Neil Shapiro### + does lookup with and without tag 149540266059SGregory Neil Shapiro### <$4> -- passthru (additional data passed unchanged through) 149606f25ae9SGregory Neil Shapirodnl returns: <default> <passthru> 149706f25ae9SGregory Neil Shapirodnl <result> <passthru> 1498c2aa98e2SPeter Wemm###################################################################### 1499c2aa98e2SPeter Wemm 150040266059SGregory Neil ShapiroSD 150106f25ae9SGregory Neil Shapirodnl workspace <key> <default> <passthru> <mark> 150206f25ae9SGregory Neil Shapirodnl lookup with tag (in front, no delimiter here) 150340266059SGregory Neil Shapirodnl 2 3 4 5 150440266059SGregory Neil ShapiroR<$*> <$+> <$- $-> <$*> $: < $(access $4`'_TAG_DELIM_`'$1 $: ? $) > <$1> <$2> <$3 $4> <$5> 150506f25ae9SGregory Neil Shapirodnl workspace <result-of-lookup|?> <key> <default> <passthru> <mark> 150606f25ae9SGregory Neil Shapirodnl lookup without tag? 150740266059SGregory Neil Shapirodnl 1 2 3 4 150840266059SGregory Neil ShapiroR<?> <$+> <$+> <+ $-> <$*> $: < $(access $1 $: ? $) > <$1> <$2> <+ $3> <$4> 150940266059SGregory Neil Shapiroifdef(`_LOOKUPDOTDOMAIN_', `dnl omit first component: lookup .rest 151040266059SGregory Neil Shapirodnl XXX apply this also to IP addresses? 151140266059SGregory Neil Shapirodnl currently it works the wrong way round for [1.2.3.4] 151240266059SGregory Neil Shapirodnl 1 2 3 4 5 6 151340266059SGregory Neil ShapiroR<?> <$+.$+> <$+> <$- $-> <$*> $: < $(access $5`'_TAG_DELIM_`'.$2 $: ? $) > <$1.$2> <$3> <$4 $5> <$6> 151440266059SGregory Neil Shapirodnl 1 2 3 4 5 151540266059SGregory Neil ShapiroR<?> <$+.$+> <$+> <+ $-> <$*> $: < $(access .$2 $: ? $) > <$1.$2> <$3> <+ $4> <$5>', `dnl') 151640266059SGregory Neil Shapiroifdef(`_ACCESS_SKIP_', `dnl 151740266059SGregory Neil Shapirodnl found SKIP: return <default> and <passthru> 151840266059SGregory Neil Shapirodnl 1 2 3 4 5 151940266059SGregory Neil ShapiroR<SKIP> <$+> <$+> <$- $-> <$*> $@ <$2> <$5>', `dnl') 152040266059SGregory Neil Shapirodnl not found: IPv4 net (no check is done whether it is an IP number!) 152140266059SGregory Neil Shapirodnl 1 2 3 4 5 6 152240266059SGregory Neil ShapiroR<?> <[$+.$-]> <$+> <$- $-> <$*> $@ $>D <[$1]> <$3> <$4 $5> <$6> 152340266059SGregory Neil Shapiroifdef(`NO_NETINET6', `dnl', 152440266059SGregory Neil Shapiro`dnl not found: IPv6 net 152540266059SGregory Neil Shapirodnl (could be merged with previous rule if we have a class containing .:) 152640266059SGregory Neil Shapirodnl 1 2 3 4 5 6 152740266059SGregory Neil ShapiroR<?> <[$+::$-]> <$+> <$- $-> <$*> $: $>D <[$1]> <$3> <$4 $5> <$6> 152840266059SGregory Neil ShapiroR<?> <[$+:$-]> <$+> <$- $-> <$*> $: $>D <[$1]> <$3> <$4 $5> <$6>') 152906f25ae9SGregory Neil Shapirodnl not found, but subdomain: try again 153040266059SGregory Neil Shapirodnl 1 2 3 4 5 6 153140266059SGregory Neil ShapiroR<?> <$+.$+> <$+> <$- $-> <$*> $@ $>D <$2> <$3> <$4 $5> <$6> 153240266059SGregory Neil Shapiroifdef(`_FFR_LOOKUPTAG_', `dnl lookup Tag: 153340266059SGregory Neil Shapirodnl 1 2 3 4 153440266059SGregory Neil ShapiroR<?> <$+> <$+> <! $-> <$*> $: < $(access $3`'_TAG_DELIM_ $: ? $) > <$1> <$2> <! $3> <$4>', `dnl') 153540266059SGregory Neil Shapirodnl not found, no subdomain: return <default> and <passthru> 153640266059SGregory Neil Shapirodnl 1 2 3 4 5 153740266059SGregory Neil ShapiroR<?> <$+> <$+> <$- $-> <$*> $@ <$2> <$5> 153840266059SGregory Neil Shapiroifdef(`_ATMPF_', `dnl tempfail? 153940266059SGregory Neil Shapirodnl 2 3 4 5 6 154040266059SGregory Neil ShapiroR<$* _ATMPF_> <$+> <$+> <$- $-> <$*> $@ <_ATMPF_> <$6>', `dnl') 154140266059SGregory Neil Shapirodnl return <result of lookup> and <passthru> 154240266059SGregory Neil Shapirodnl 2 3 4 5 6 154340266059SGregory Neil ShapiroR<$*> <$+> <$+> <$- $-> <$*> $@ <$1> <$6> 1544c2aa98e2SPeter Wemm 1545c2aa98e2SPeter Wemm###################################################################### 154640266059SGregory Neil Shapiro### A: LookUpAddress -- search for host address in access database 1547c2aa98e2SPeter Wemm### 1548c2aa98e2SPeter Wemm### Parameters: 1549c2aa98e2SPeter Wemm### <$1> -- key (dot quadded host address) 1550c2aa98e2SPeter Wemm### <$2> -- default (what to return if not found in db) 155106f25ae9SGregory Neil Shapirodnl must not be empty 155240266059SGregory Neil Shapiro### <$3> -- mark (must be <(!|+) single-token>) 155306f25ae9SGregory Neil Shapiro### ! does lookup only with tag 155406f25ae9SGregory Neil Shapiro### + does lookup with and without tag 155540266059SGregory Neil Shapiro### <$4> -- passthru (additional data passed through) 155606f25ae9SGregory Neil Shapirodnl returns: <default> <passthru> 155706f25ae9SGregory Neil Shapirodnl <result> <passthru> 1558c2aa98e2SPeter Wemm###################################################################### 1559c2aa98e2SPeter Wemm 156040266059SGregory Neil ShapiroSA 156106f25ae9SGregory Neil Shapirodnl lookup with tag 156240266059SGregory Neil Shapirodnl 2 3 4 5 156340266059SGregory Neil ShapiroR<$+> <$+> <$- $-> <$*> $: < $(access $4`'_TAG_DELIM_`'$1 $: ? $) > <$1> <$2> <$3 $4> <$5> 156406f25ae9SGregory Neil Shapirodnl lookup without tag 156540266059SGregory Neil Shapirodnl 1 2 3 4 156640266059SGregory Neil ShapiroR<?> <$+> <$+> <+ $-> <$*> $: < $(access $1 $: ? $) > <$1> <$2> <+ $3> <$4> 156740266059SGregory Neil Shapirodnl workspace <result-of-lookup|?> <key> <default> <mark> <passthru> 156840266059SGregory Neil Shapiroifdef(`_ACCESS_SKIP_', `dnl 156940266059SGregory Neil Shapirodnl found SKIP: return <default> and <passthru> 157040266059SGregory Neil Shapirodnl 1 2 3 4 5 157140266059SGregory Neil ShapiroR<SKIP> <$+> <$+> <$- $-> <$*> $@ <$2> <$5>', `dnl') 157240266059SGregory Neil Shapiroifdef(`NO_NETINET6', `dnl', 157340266059SGregory Neil Shapiro`dnl no match; IPv6: remove last part 157440266059SGregory Neil Shapirodnl 1 2 3 4 5 6 157540266059SGregory Neil ShapiroR<?> <$+::$-> <$+> <$- $-> <$*> $@ $>A <$1> <$3> <$4 $5> <$6> 157640266059SGregory Neil ShapiroR<?> <$+:$-> <$+> <$- $-> <$*> $@ $>A <$1> <$3> <$4 $5> <$6>') 157706f25ae9SGregory Neil Shapirodnl no match; IPv4: remove last part 157840266059SGregory Neil Shapirodnl 1 2 3 4 5 6 157940266059SGregory Neil ShapiroR<?> <$+.$-> <$+> <$- $-> <$*> $@ $>A <$1> <$3> <$4 $5> <$6> 158006f25ae9SGregory Neil Shapirodnl no match: return default 158140266059SGregory Neil Shapirodnl 1 2 3 4 5 158240266059SGregory Neil ShapiroR<?> <$+> <$+> <$- $-> <$*> $@ <$2> <$5> 158340266059SGregory Neil Shapiroifdef(`_ATMPF_', `dnl tempfail? 158440266059SGregory Neil Shapirodnl 2 3 4 5 6 158540266059SGregory Neil ShapiroR<$* _ATMPF_> <$+> <$+> <$- $-> <$*> $@ <_ATMPF_> <$6>', `dnl') 158606f25ae9SGregory Neil Shapirodnl match: return result 158740266059SGregory Neil Shapirodnl 2 3 4 5 6 158840266059SGregory Neil ShapiroR<$*> <$+> <$+> <$- $-> <$*> $@ <$1> <$6> 158940266059SGregory Neil Shapirodnl endif _ACCESS_TABLE_ 159040266059SGregory Neil Shapirodivert(0) 1591c2aa98e2SPeter Wemm###################################################################### 1592065a643dSPeter Wemm### CanonAddr -- Convert an address into a standard form for 1593065a643dSPeter Wemm### relay checking. Route address syntax is 1594065a643dSPeter Wemm### crudely converted into a %-hack address. 1595065a643dSPeter Wemm### 1596065a643dSPeter Wemm### Parameters: 1597065a643dSPeter Wemm### $1 -- full recipient address 1598065a643dSPeter Wemm### 1599065a643dSPeter Wemm### Returns: 1600065a643dSPeter Wemm### parsed address, not in source route form 160106f25ae9SGregory Neil Shapirodnl user%host%host<@domain> 160206f25ae9SGregory Neil Shapirodnl host!user<@domain> 1603065a643dSPeter Wemm###################################################################### 1604065a643dSPeter Wemm 1605065a643dSPeter WemmSCanonAddr 160606f25ae9SGregory Neil ShapiroR$* $: $>Parse0 $>canonify $1 make domain canonical 160706f25ae9SGregory Neil Shapiroifdef(`_USE_DEPRECATED_ROUTE_ADDR_',`dnl 1608065a643dSPeter WemmR< @ $+ > : $* @ $* < @ $1 > : $2 % $3 change @ to % in src route 1609065a643dSPeter WemmR$* < @ $+ > : $* : $* $3 $1 < @ $2 > : $4 change to % hack. 1610065a643dSPeter WemmR$* < @ $+ > : $* $3 $1 < @ $2 > 161106f25ae9SGregory Neil Shapirodnl') 1612065a643dSPeter Wemm 1613065a643dSPeter Wemm###################################################################### 1614c2aa98e2SPeter Wemm### ParseRecipient -- Strip off hosts in $=R as well as possibly 1615c2aa98e2SPeter Wemm### $* $=m or the access database. 1616c2aa98e2SPeter Wemm### Check user portion for host separators. 1617c2aa98e2SPeter Wemm### 1618c2aa98e2SPeter Wemm### Parameters: 1619c2aa98e2SPeter Wemm### $1 -- full recipient address 1620c2aa98e2SPeter Wemm### 1621c2aa98e2SPeter Wemm### Returns: 1622c2aa98e2SPeter Wemm### parsed, non-local-relaying address 1623c2aa98e2SPeter Wemm###################################################################### 1624c2aa98e2SPeter Wemm 1625c2aa98e2SPeter WemmSParseRecipient 162606f25ae9SGregory Neil Shapirodnl mark and canonify address 1627065a643dSPeter WemmR$* $: <?> $>CanonAddr $1 162806f25ae9SGregory Neil Shapirodnl workspace: <?> localpart<@domain[.]> 1629c2aa98e2SPeter WemmR<?> $* < @ $* . > <?> $1 < @ $2 > strip trailing dots 163006f25ae9SGregory Neil Shapirodnl workspace: <?> localpart<@domain> 1631c2aa98e2SPeter WemmR<?> $- < @ $* > $: <?> $(dequote $1 $) < @ $2 > dequote local part 1632c2aa98e2SPeter Wemm 1633c2aa98e2SPeter Wemm# if no $=O character, no host in the user portion, we are done 1634c2aa98e2SPeter WemmR<?> $* $=O $* < @ $* > $: <NO> $1 $2 $3 < @ $4> 163506f25ae9SGregory Neil Shapirodnl no $=O in localpart: return 1636c2aa98e2SPeter WemmR<?> $* $@ $1 1637c2aa98e2SPeter Wemm 163840266059SGregory Neil Shapirodnl workspace: <NO> localpart<@domain>, where localpart contains $=O 163906f25ae9SGregory Neil Shapirodnl mark everything which has an "authorized" domain with <RELAY> 1640c2aa98e2SPeter Wemmifdef(`_RELAY_ENTIRE_DOMAIN_', `dnl 1641c2aa98e2SPeter Wemm# if we relay, check username portion for user%host so host can be checked also 1642c2aa98e2SPeter WemmR<NO> $* < @ $* $=m > $: <RELAY> $1 < @ $2 $3 >', `dnl') 164306f25ae9SGregory Neil Shapirodnl workspace: <(NO|RELAY)> localpart<@domain>, where localpart contains $=O 164406f25ae9SGregory Neil Shapirodnl if mark is <NO> then change it to <RELAY> if domain is "authorized" 164540266059SGregory Neil Shapiro 164640266059SGregory Neil Shapirodnl what if access map returns something else than RELAY? 164740266059SGregory Neil Shapirodnl we are only interested in RELAY entries... 164840266059SGregory Neil Shapirodnl other To: entries: blacklist recipient; generic entries? 164940266059SGregory Neil Shapirodnl if it is an error we probably do not want to relay anyway 1650c2aa98e2SPeter Wemmifdef(`_RELAY_HOSTS_ONLY_', 1651c2aa98e2SPeter Wemm`R<NO> $* < @ $=R > $: <RELAY> $1 < @ $2 > 165206f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 165306f25ae9SGregory Neil ShapiroR<NO> $* < @ $+ > $: <$(access To:$2 $: NO $)> $1 < @ $2 > 1654065a643dSPeter WemmR<NO> $* < @ $+ > $: <$(access $2 $: NO $)> $1 < @ $2 >',`dnl')', 1655c2aa98e2SPeter Wemm`R<NO> $* < @ $* $=R > $: <RELAY> $1 < @ $2 $3 > 165606f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 165740266059SGregory Neil ShapiroR<NO> $* < @ $+ > $: $>D <$2> <NO> <+ To> <$1 < @ $2 >> 1658c2aa98e2SPeter WemmR<$+> <$+> $: <$1> $2',`dnl')') 1659065a643dSPeter Wemm 166006f25ae9SGregory Neil Shapiro 166140266059SGregory Neil Shapiroifdef(`_RELAY_MX_SERVED_', `dnl 166240266059SGregory Neil Shapirodnl do "we" ($=w) act as backup MX server for the destination domain? 166340266059SGregory Neil ShapiroR<NO> $* < @ $+ > $: <MX> < : $(mxserved $2 $) : > < $1 < @$2 > > 166440266059SGregory Neil ShapiroR<MX> < : $* <TEMP> : > $* $#TEMP $@ 4.7.1 $: "450 Can not check MX records for recipient host " $1 166540266059SGregory Neil Shapirodnl yes: mark it as <RELAY> 166640266059SGregory Neil ShapiroR<MX> < $* : $=w. : $* > < $+ > $: <RELAY> $4 166740266059SGregory Neil Shapirodnl no: put old <NO> mark back 166840266059SGregory Neil ShapiroR<MX> < : $* : > < $+ > $: <NO> $2', `dnl') 166940266059SGregory Neil Shapiro 167040266059SGregory Neil Shapirodnl do we relay to this recipient domain? 1671c2aa98e2SPeter WemmR<RELAY> $* < @ $* > $@ $>ParseRecipient $1 167240266059SGregory Neil Shapirodnl something else 167340266059SGregory Neil ShapiroR<$+> $* $@ $2 1674c2aa98e2SPeter Wemm 167506f25ae9SGregory Neil Shapiro 1676c2aa98e2SPeter Wemm###################################################################### 1677c2aa98e2SPeter Wemm### check_relay -- check hostname/address on SMTP startup 1678c2aa98e2SPeter Wemm###################################################################### 1679c2aa98e2SPeter Wemm 1680c2aa98e2SPeter WemmSLocal_check_relay 168106f25ae9SGregory Neil ShapiroScheck`'_U_`'relay 1682c2aa98e2SPeter WemmR$* $: $1 $| $>"Local_check_relay" $1 1683c2aa98e2SPeter WemmR$* $| $* $| $#$* $#$3 1684c2aa98e2SPeter WemmR$* $| $* $| $* $@ $>"Basic_check_relay" $1 $| $2 1685c2aa98e2SPeter Wemm 1686c2aa98e2SPeter WemmSBasic_check_relay 1687c2aa98e2SPeter Wemm# check for deferred delivery mode 1688c2aa98e2SPeter WemmR$* $: < ${deliveryMode} > $1 1689c2aa98e2SPeter WemmR< d > $* $@ deferred 1690c2aa98e2SPeter WemmR< $* > $* $: $2 1691c2aa98e2SPeter Wemm 169206f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 169342e5d165SGregory Neil Shapirodnl workspace: {client_name} $| {client_addr} 169440266059SGregory Neil ShapiroR$+ $| $+ $: $>D < $1 > <?> <+ Connect> < $2 > 169542e5d165SGregory Neil Shapirodnl workspace: <result-of-lookup> <{client_addr}> 169640266059SGregory Neil ShapiroR<?> <$+> $: $>A < $1 > <?> <+ Connect> <> no: another lookup 169740266059SGregory Neil Shapirodnl workspace: <result-of-lookup> (<>|<{client_addr}>) 169840266059SGregory Neil ShapiroR<?> <$*> $: OK found nothing 169940266059SGregory Neil Shapirodnl workspace: <result-of-lookup> (<>|<{client_addr}>) | OK 170042e5d165SGregory Neil ShapiroR<$={Accept}> <$*> $@ $1 return value of lookup 170140266059SGregory Neil ShapiroR<REJECT> <$*> $#error ifdef(`confREJECT_MSG', `$: "confREJECT_MSG"', `$@ 5.7.1 $: "550 Access denied"') 170240266059SGregory Neil ShapiroR<DISCARD> <$*> $#discard $: discard 170340266059SGregory Neil Shapiroifdef(`_FFR_QUARANTINE', 170440266059SGregory Neil Shapiro`R<QUARANTINE:$+> <$*> $#error $@ quarantine $: $1', `dnl') 170506f25ae9SGregory Neil Shapirodnl error tag 170642e5d165SGregory Neil ShapiroR<ERROR:$-.$-.$-:$+> <$*> $#error $@ $1.$2.$3 $: $4 170742e5d165SGregory Neil ShapiroR<ERROR:$+> <$*> $#error $: $1 170840266059SGregory Neil Shapiroifdef(`_ATMPF_', `R<$* _ATMPF_> <$*> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl') 170906f25ae9SGregory Neil Shapirodnl generic error from access map 171042e5d165SGregory Neil ShapiroR<$+> <$*> $#error $: $1', `dnl') 1711c2aa98e2SPeter Wemm 1712c2aa98e2SPeter Wemmifdef(`_RBL_',`dnl 171306f25ae9SGregory Neil Shapiro# DNS based IP address spam list 171440266059SGregory Neil Shapirodnl workspace: ignored... 1715c2aa98e2SPeter WemmR$* $: $&{client_addr} 171606f25ae9SGregory Neil ShapiroR$-.$-.$-.$- $: <?> $(host $4.$3.$2.$1._RBL_. $: OK $) 171706f25ae9SGregory Neil ShapiroR<?>OK $: OKSOFAR 171806f25ae9SGregory Neil ShapiroR<?>$+ $#error $@ 5.7.1 $: "550 Mail from " $&{client_addr} " refused by blackhole site _RBL_"', 1719c2aa98e2SPeter Wemm`dnl') 172006f25ae9SGregory Neil Shapiroundivert(8) 1721c2aa98e2SPeter Wemm 1722c2aa98e2SPeter Wemm###################################################################### 1723c2aa98e2SPeter Wemm### check_mail -- check SMTP ``MAIL FROM:'' command argument 1724c2aa98e2SPeter Wemm###################################################################### 1725c2aa98e2SPeter Wemm 1726c2aa98e2SPeter WemmSLocal_check_mail 172706f25ae9SGregory Neil ShapiroScheck`'_U_`'mail 1728c2aa98e2SPeter WemmR$* $: $1 $| $>"Local_check_mail" $1 1729c2aa98e2SPeter WemmR$* $| $#$* $#$2 1730c2aa98e2SPeter WemmR$* $| $* $@ $>"Basic_check_mail" $1 1731c2aa98e2SPeter Wemm 1732c2aa98e2SPeter WemmSBasic_check_mail 1733c2aa98e2SPeter Wemm# check for deferred delivery mode 1734c2aa98e2SPeter WemmR$* $: < ${deliveryMode} > $1 1735c2aa98e2SPeter WemmR< d > $* $@ deferred 1736c2aa98e2SPeter WemmR< $* > $* $: $2 1737c2aa98e2SPeter Wemm 173806f25ae9SGregory Neil Shapiro# authenticated? 173906f25ae9SGregory Neil Shapirodnl done first: we can require authentication for every mail transaction 174006f25ae9SGregory Neil Shapirodnl workspace: address as given by MAIL FROM: (sender) 174106f25ae9SGregory Neil ShapiroR$* $: $1 $| $>"tls_client" $&{verify} $| MAIL 174206f25ae9SGregory Neil ShapiroR$* $| $#$+ $#$2 174306f25ae9SGregory Neil Shapirodnl undo damage: remove result of tls_client call 174406f25ae9SGregory Neil ShapiroR$* $| $* $: $1 174506f25ae9SGregory Neil Shapiro 174606f25ae9SGregory Neil Shapirodnl workspace: address as given by MAIL FROM: 174706f25ae9SGregory Neil ShapiroR<> $@ <OK> we MUST accept <> (RFC 1123) 174806f25ae9SGregory Neil Shapiroifdef(`_ACCEPT_UNQUALIFIED_SENDERS_',`dnl',`dnl 174906f25ae9SGregory Neil Shapirodnl do some additional checks 175006f25ae9SGregory Neil Shapirodnl no user@host 175106f25ae9SGregory Neil Shapirodnl no user@localhost (if nonlocal sender) 175206f25ae9SGregory Neil Shapirodnl this is a pretty simple canonification, it will not catch every case 175306f25ae9SGregory Neil Shapirodnl just make sure the address has <> around it (which is required by 175406f25ae9SGregory Neil Shapirodnl the RFC anyway, maybe we should complain if they are missing...) 175506f25ae9SGregory Neil Shapirodnl dirty trick: if it is user@host, just add a dot: user@host. this will 175606f25ae9SGregory Neil Shapirodnl not be modified by host lookups. 175706f25ae9SGregory Neil ShapiroR$+ $: <?> $1 175806f25ae9SGregory Neil ShapiroR<?><$+> $: <@> <$1> 175906f25ae9SGregory Neil ShapiroR<?>$+ $: <@> <$1> 176006f25ae9SGregory Neil Shapirodnl workspace: <@> <address> 176106f25ae9SGregory Neil Shapirodnl prepend daemon_flags 176206f25ae9SGregory Neil ShapiroR$* $: $&{daemon_flags} $| $1 176306f25ae9SGregory Neil Shapirodnl workspace: ${daemon_flags} $| <@> <address> 176406f25ae9SGregory Neil Shapirodnl do not allow these at all or only from local systems? 176506f25ae9SGregory Neil ShapiroR$* f $* $| <@> < $* @ $- > $: < ? $&{client_name} > < $3 @ $4 > 176606f25ae9SGregory Neil Shapirodnl accept unqualified sender: change mark to avoid test 176706f25ae9SGregory Neil ShapiroR$* u $* $| <@> < $* > $: <?> < $3 > 176806f25ae9SGregory Neil Shapirodnl workspace: ${daemon_flags} $| <@> <address> 176906f25ae9SGregory Neil Shapirodnl or: <? ${client_name} > <address> 177006f25ae9SGregory Neil Shapirodnl or: <?> <address> 177106f25ae9SGregory Neil Shapirodnl remove daemon_flags 177206f25ae9SGregory Neil ShapiroR$* $| $* $: $2 177306f25ae9SGregory Neil Shapiro# handle case of @localhost on address 177406f25ae9SGregory Neil ShapiroR<@> < $* @ localhost > $: < ? $&{client_name} > < $1 @ localhost > 177506f25ae9SGregory Neil ShapiroR<@> < $* @ [127.0.0.1] > 177606f25ae9SGregory Neil Shapiro $: < ? $&{client_name} > < $1 @ [127.0.0.1] > 177706f25ae9SGregory Neil ShapiroR<@> < $* @ localhost.$m > 177806f25ae9SGregory Neil Shapiro $: < ? $&{client_name} > < $1 @ localhost.$m > 177906f25ae9SGregory Neil Shapiroifdef(`_NO_UUCP_', `dnl', 178006f25ae9SGregory Neil Shapiro`R<@> < $* @ localhost.UUCP > 178106f25ae9SGregory Neil Shapiro $: < ? $&{client_name} > < $1 @ localhost.UUCP >') 178206f25ae9SGregory Neil Shapirodnl workspace: < ? $&{client_name} > <user@localhost|host> 178306f25ae9SGregory Neil Shapirodnl or: <@> <address> 178406f25ae9SGregory Neil Shapirodnl or: <?> <address> (thanks to u in ${daemon_flags}) 178506f25ae9SGregory Neil ShapiroR<@> $* $: $1 no localhost as domain 178606f25ae9SGregory Neil Shapirodnl workspace: < ? $&{client_name} > <user@localhost|host> 178706f25ae9SGregory Neil Shapirodnl or: <address> 178806f25ae9SGregory Neil Shapirodnl or: <?> <address> (thanks to u in ${daemon_flags}) 178906f25ae9SGregory Neil ShapiroR<? $=w> $* $: $2 local client: ok 179040266059SGregory Neil ShapiroR<? $+> <$+> $#error $@ 5.5.4 $: "_CODE553 Real domain name required for sender address" 179106f25ae9SGregory Neil Shapirodnl remove <?> (happens only if ${client_name} == "" or u in ${daemon_flags}) 179206f25ae9SGregory Neil ShapiroR<?> $* $: $1') 179306f25ae9SGregory Neil Shapirodnl workspace: address (or <address>) 179406f25ae9SGregory Neil ShapiroR$* $: <?> $>CanonAddr $1 canonify sender address and mark it 179506f25ae9SGregory Neil Shapirodnl workspace: <?> CanonicalAddress (i.e. address in canonical form localpart<@host>) 179606f25ae9SGregory Neil Shapirodnl there is nothing behind the <@host> so no trailing $* needed 1797065a643dSPeter WemmR<?> $* < @ $+ . > <?> $1 < @ $2 > strip trailing dots 1798c2aa98e2SPeter Wemm# handle non-DNS hostnames (*.bitnet, *.decnet, *.uucp, etc) 179906f25ae9SGregory Neil ShapiroR<?> $* < @ $* $=P > $: <OK> $1 < @ $2 $3 > 180006f25ae9SGregory Neil Shapirodnl workspace <mark> CanonicalAddress where mark is ? or OK 1801c2aa98e2SPeter Wemmifdef(`_ACCEPT_UNRESOLVABLE_DOMAINS_', 180240266059SGregory Neil Shapiro`R<?> $* < @ $+ > $: <_RES_OK_> $1 < @ $2 > ... unresolvable OK', 180306f25ae9SGregory Neil Shapiro`R<?> $* < @ $+ > $: <? $(resolve $2 $: $2 <PERM> $) > $1 < @ $2 > 180406f25ae9SGregory Neil ShapiroR<? $* <$->> $* < @ $+ > 180506f25ae9SGregory Neil Shapiro $: <$2> $3 < @ $4 >') 180640266059SGregory Neil Shapirodnl workspace <mark> CanonicalAddress where mark is ?, _RES_OK_, PERM, TEMP 180706f25ae9SGregory Neil Shapirodnl mark is ? iff the address is user (wo @domain) 1808c2aa98e2SPeter Wemm 180906f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 181006f25ae9SGregory Neil Shapiro# check sender address: user@address, user@, address 181106f25ae9SGregory Neil Shapirodnl should we remove +ext from user? 181240266059SGregory Neil Shapirodnl workspace: <mark> CanonicalAddress where mark is: ?, _RES_OK_, PERM, TEMP 181340266059SGregory Neil ShapiroR<$+> $+ < @ $* > $: @<$1> <$2 < @ $3 >> $| <F:$2@$3> <U:$2@> <D:$3> 181406f25ae9SGregory Neil ShapiroR<$+> $+ $: @<$1> <$2> $| <U:$2@> 181506f25ae9SGregory Neil Shapirodnl workspace: @<mark> <CanonicalAddress> $| <@type:address> .... 181606f25ae9SGregory Neil Shapirodnl $| is used as delimiter, otherwise false matches may occur: <user<@domain>> 181706f25ae9SGregory Neil Shapirodnl will only return user<@domain when "reversing" the args 181806f25ae9SGregory Neil ShapiroR@ <$+> <$*> $| <$+> $: <@> <$1> <$2> $| $>SearchList <+ From> $| <$3> <> 181906f25ae9SGregory Neil Shapirodnl workspace: <@><mark> <CanonicalAddress> $| <result> 182006f25ae9SGregory Neil ShapiroR<@> <$+> <$*> $| <$*> $: <$3> <$1> <$2> reverse result 182106f25ae9SGregory Neil Shapirodnl workspace: <result> <mark> <CanonicalAddress> 1822c2aa98e2SPeter Wemm# retransform for further use 182306f25ae9SGregory Neil Shapirodnl required form: 182406f25ae9SGregory Neil Shapirodnl <ResultOfLookup|mark> CanonicalAddress 182506f25ae9SGregory Neil ShapiroR<?> <$+> <$*> $: <$1> $2 no match 182606f25ae9SGregory Neil ShapiroR<$+> <$+> <$*> $: <$1> $3 relevant result, keep it', `dnl') 182706f25ae9SGregory Neil Shapirodnl workspace <ResultOfLookup|mark> CanonicalAddress 182806f25ae9SGregory Neil Shapirodnl mark is ? iff the address is user (wo @domain) 1829c2aa98e2SPeter Wemm 1830c2aa98e2SPeter Wemmifdef(`_ACCEPT_UNQUALIFIED_SENDERS_',`dnl',`dnl 1831c2aa98e2SPeter Wemm# handle case of no @domain on address 183206f25ae9SGregory Neil Shapirodnl prepend daemon_flags 183306f25ae9SGregory Neil ShapiroR<?> $* $: $&{daemon_flags} $| <?> $1 183406f25ae9SGregory Neil Shapirodnl accept unqualified sender: change mark to avoid test 183540266059SGregory Neil ShapiroR$* u $* $| <?> $* $: <_RES_OK_> $3 183606f25ae9SGregory Neil Shapirodnl remove daemon_flags 183706f25ae9SGregory Neil ShapiroR$* $| $* $: $2 1838c2aa98e2SPeter WemmR<?> $* $: < ? $&{client_name} > $1 1839c2aa98e2SPeter WemmR<?> $* $@ <OK> ...local unqualed ok 184040266059SGregory Neil ShapiroR<? $+> $* $#error $@ 5.5.4 $: "_CODE553 Domain name required for sender address " $&f 1841c2aa98e2SPeter Wemm ...remote is not') 1842c2aa98e2SPeter Wemm# check results 184306f25ae9SGregory Neil ShapiroR<?> $* $: @ $1 mark address: nothing known about it 184440266059SGregory Neil ShapiroR<$={ResOk}> $* $@ <_RES_OK_> domain ok: stop 184506f25ae9SGregory Neil ShapiroR<TEMP> $* $#error $@ 4.1.8 $: "451 Domain of sender address " $&f " does not resolve" 184640266059SGregory Neil ShapiroR<PERM> $* $#error $@ 5.1.8 $: "_CODE553 Domain of sender address " $&f " does not exist" 184706f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 184840266059SGregory Neil ShapiroR<$={Accept}> $* $# $1 accept from access map 1849c2aa98e2SPeter WemmR<DISCARD> $* $#discard $: discard 185040266059SGregory Neil Shapiroifdef(`_FFR_QUARANTINE', 185140266059SGregory Neil Shapiro`R<QUARANTINE:$+> $* $#error $@ quarantine $: $1', `dnl') 185206f25ae9SGregory Neil ShapiroR<REJECT> $* $#error ifdef(`confREJECT_MSG', `$: "confREJECT_MSG"', `$@ 5.7.1 $: "550 Access denied"') 185306f25ae9SGregory Neil Shapirodnl error tag 185406f25ae9SGregory Neil ShapiroR<ERROR:$-.$-.$-:$+> $* $#error $@ $1.$2.$3 $: $4 185506f25ae9SGregory Neil ShapiroR<ERROR:$+> $* $#error $: $1 185640266059SGregory Neil Shapiroifdef(`_ATMPF_', `R<_ATMPF_> $* $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl') 185706f25ae9SGregory Neil Shapirodnl generic error from access map 185806f25ae9SGregory Neil ShapiroR<$+> $* $#error $: $1 error from access db', 1859c2aa98e2SPeter Wemm`dnl') 1860c2aa98e2SPeter Wemm 1861c2aa98e2SPeter Wemm###################################################################### 1862c2aa98e2SPeter Wemm### check_rcpt -- check SMTP ``RCPT TO:'' command argument 1863c2aa98e2SPeter Wemm###################################################################### 1864c2aa98e2SPeter Wemm 1865c2aa98e2SPeter WemmSLocal_check_rcpt 186606f25ae9SGregory Neil ShapiroScheck`'_U_`'rcpt 1867c2aa98e2SPeter WemmR$* $: $1 $| $>"Local_check_rcpt" $1 1868c2aa98e2SPeter WemmR$* $| $#$* $#$2 1869c2aa98e2SPeter WemmR$* $| $* $@ $>"Basic_check_rcpt" $1 1870c2aa98e2SPeter Wemm 1871c2aa98e2SPeter WemmSBasic_check_rcpt 187240266059SGregory Neil Shapiro# empty address? 187340266059SGregory Neil ShapiroR<> $#error $@ nouser $: "553 User address required" 187440266059SGregory Neil ShapiroR$@ $#error $@ nouser $: "553 User address required" 1875c2aa98e2SPeter Wemm# check for deferred delivery mode 1876c2aa98e2SPeter WemmR$* $: < ${deliveryMode} > $1 1877c2aa98e2SPeter WemmR< d > $* $@ deferred 1878c2aa98e2SPeter WemmR< $* > $* $: $2 1879c2aa98e2SPeter Wemm 188006f25ae9SGregory Neil Shapiroifdef(`_REQUIRE_QUAL_RCPT_', `dnl 188140266059SGregory Neil Shapirodnl this code checks for user@host where host is not a FQHN. 188240266059SGregory Neil Shapirodnl it is not activated. 188340266059SGregory Neil Shapirodnl notice: code to check for a recipient without a domain name is 188440266059SGregory Neil Shapirodnl available down below; look for the same macro. 188540266059SGregory Neil Shapirodnl this check is done here because the name might be qualified by the 188640266059SGregory Neil Shapirodnl canonicalization. 188740266059SGregory Neil Shapiro# require fully qualified domain part? 188840266059SGregory Neil Shapirodnl very simple canonification: make sure the address is in < > 188906f25ae9SGregory Neil ShapiroR$+ $: <?> $1 189006f25ae9SGregory Neil ShapiroR<?> <$+> $: <@> <$1> 189106f25ae9SGregory Neil ShapiroR<?> $+ $: <@> <$1> 189240266059SGregory Neil ShapiroR<@> < postmaster > $: postmaster 189340266059SGregory Neil ShapiroR<@> < $* @ $+ . $+ > $: < $3 @ $4 . $5 > 189406f25ae9SGregory Neil Shapirodnl prepend daemon_flags 189540266059SGregory Neil ShapiroR<@> $* $: $&{daemon_flags} $| <@> $1 189606f25ae9SGregory Neil Shapirodnl workspace: ${daemon_flags} $| <@> <address> 189706f25ae9SGregory Neil Shapirodnl do not allow these at all or only from local systems? 189840266059SGregory Neil ShapiroR$* r $* $| <@> < $* @ $* > $: < ? $&{client_name} > < $3 @ $4 > 189906f25ae9SGregory Neil ShapiroR<?> < $* > $: <$1> 190006f25ae9SGregory Neil ShapiroR<? $=w> < $* > $: <$1> 190140266059SGregory Neil ShapiroR<? $+> <$+> $#error $@ 5.5.4 $: "553 Fully qualified domain name required" 190206f25ae9SGregory Neil Shapirodnl remove daemon_flags for other cases 190306f25ae9SGregory Neil ShapiroR$* $| <@> $* $: $2', `dnl') 190406f25ae9SGregory Neil Shapiro 190540266059SGregory Neil Shapirodnl ################################################################## 190640266059SGregory Neil Shapirodnl call subroutines for recipient and relay 190740266059SGregory Neil Shapirodnl possible returns from subroutines: 190840266059SGregory Neil Shapirodnl $#TEMP temporary failure 190940266059SGregory Neil Shapirodnl $#error permanent failure (or temporary if from access map) 191040266059SGregory Neil Shapirodnl $#other stop processing 191140266059SGregory Neil Shapirodnl RELAY RELAYing allowed 191240266059SGregory Neil Shapirodnl other otherwise 191340266059SGregory Neil Shapiro###################################################################### 191440266059SGregory Neil ShapiroR$* $: $1 $| @ $>"Rcpt_ok" $1 191540266059SGregory Neil Shapirodnl temporary failure? remove mark @ and remember 191640266059SGregory Neil ShapiroR$* $| @ $#TEMP $+ $: $1 $| T $2 191740266059SGregory Neil Shapirodnl error or ok (stop) 191840266059SGregory Neil ShapiroR$* $| @ $#$* $#$2 191940266059SGregory Neil Shapiroifdef(`_PROMISCUOUS_RELAY_', `divert(-1)', `dnl') 192040266059SGregory Neil ShapiroR$* $| @ RELAY $@ RELAY 192140266059SGregory Neil Shapirodnl something else: call check sender (relay) 192240266059SGregory Neil ShapiroR$* $| @ $* $: O $| $>"Relay_ok" $1 192340266059SGregory Neil Shapirodnl temporary failure: call check sender (relay) 192440266059SGregory Neil ShapiroR$* $| T $+ $: T $2 $| $>"Relay_ok" $1 192540266059SGregory Neil Shapirodnl temporary failure? return that 192640266059SGregory Neil ShapiroR$* $| $#TEMP $+ $#error $2 192740266059SGregory Neil Shapirodnl error or ok (stop) 192840266059SGregory Neil ShapiroR$* $| $#$* $#$2 192940266059SGregory Neil ShapiroR$* $| RELAY $@ RELAY 193040266059SGregory Neil Shapirodnl something else: return previous temp failure 193140266059SGregory Neil ShapiroR T $+ $| $* $#error $1 193240266059SGregory Neil Shapiro# anything else is bogus 193340266059SGregory Neil ShapiroR$* $#error $@ 5.7.1 $: confRELAY_MSG 193440266059SGregory Neil Shapirodivert(0) 193540266059SGregory Neil Shapiro 193640266059SGregory Neil Shapiro###################################################################### 193740266059SGregory Neil Shapiro### Rcpt_ok: is the recipient ok? 193840266059SGregory Neil Shapirodnl input: recipient address (RCPT TO) 193940266059SGregory Neil Shapirodnl output: see explanation at call 194040266059SGregory Neil Shapiro###################################################################### 194140266059SGregory Neil ShapiroSRcpt_ok 1942c2aa98e2SPeter Wemmifdef(`_LOOSE_RELAY_CHECK_',`dnl 1943065a643dSPeter WemmR$* $: $>CanonAddr $1 1944c2aa98e2SPeter WemmR$* < @ $* . > $1 < @ $2 > strip trailing dots', 1945c2aa98e2SPeter Wemm`R$* $: $>ParseRecipient $1 strip relayable hosts') 1946c2aa98e2SPeter Wemm 1947065a643dSPeter Wemmifdef(`_BESTMX_IS_LOCAL_',`dnl 1948065a643dSPeter Wemmifelse(_BESTMX_IS_LOCAL_, `', `dnl 1949065a643dSPeter Wemm# unlimited bestmx 1950065a643dSPeter WemmR$* < @ $* > $* $: $1 < @ $2 @@ $(bestmx $2 $) > $3', 1951065a643dSPeter Wemm`dnl 1952065a643dSPeter Wemm# limit bestmx to $=B 19532e43090eSPeter WemmR$* < @ $* $=B > $* $: $1 < @ $2 $3 @@ $(bestmx $2 $3 $) > $4') 195440266059SGregory Neil ShapiroR$* $=O $* < @ $* @@ $=w . > $* $@ $>"Rcpt_ok" $1 $2 $3 1955065a643dSPeter WemmR$* < @ $* @@ $=w . > $* $: $1 < @ $3 > $4 1956065a643dSPeter WemmR$* < @ $* @@ $* > $* $: $1 < @ $2 > $4') 1957065a643dSPeter Wemm 1958c2aa98e2SPeter Wemmifdef(`_BLACKLIST_RCPT_',`dnl 195906f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 1960c2aa98e2SPeter Wemm# blacklist local users or any host from receiving mail 1961c2aa98e2SPeter WemmR$* $: <?> $1 196206f25ae9SGregory Neil Shapirodnl user is now tagged with @ to be consistent with check_mail 196306f25ae9SGregory Neil Shapirodnl and to distinguish users from hosts (com would be host, com@ would be user) 196440266059SGregory Neil ShapiroR<?> $+ < @ $=w > $: <> <$1 < @ $2 >> $| <F:$1@$2> <U:$1@> <D:$2> 196540266059SGregory Neil ShapiroR<?> $+ < @ $* > $: <> <$1 < @ $2 >> $| <F:$1@$2> <D:$2> 196606f25ae9SGregory Neil ShapiroR<?> $+ $: <> <$1> $| <U:$1@> 196706f25ae9SGregory Neil Shapirodnl $| is used as delimiter, otherwise false matches may occur: <user<@domain>> 196806f25ae9SGregory Neil Shapirodnl will only return user<@domain when "reversing" the args 196906f25ae9SGregory Neil ShapiroR<> <$*> $| <$+> $: <@> <$1> $| $>SearchList <+ To> $| <$2> <> 197006f25ae9SGregory Neil ShapiroR<@> <$*> $| <$*> $: <$2> <$1> reverse result 197106f25ae9SGregory Neil ShapiroR<?> <$*> $: @ $1 mark address as no match 197240266059SGregory Neil Shapirodnl we may have to filter here because otherwise some RHSs 197340266059SGregory Neil Shapirodnl would be interpreted as generic error messages... 197440266059SGregory Neil Shapirodnl error messages should be "tagged" by prefixing them with error: ! 197540266059SGregory Neil Shapirodnl that would make a lot of things easier. 197606f25ae9SGregory Neil ShapiroR<$={Accept}> <$*> $: @ $2 mark address as no match 197740266059SGregory Neil Shapiroifdef(`_ACCESS_SKIP_', `dnl 197840266059SGregory Neil ShapiroR<SKIP> <$*> $: @ $1 mark address as no match', `dnl') 197940266059SGregory Neil Shapiroifdef(`_DELAY_COMPAT_8_10_',`dnl 198040266059SGregory Neil Shapirodnl compatility with 8.11/8.10: 198106f25ae9SGregory Neil Shapirodnl we have to filter these because otherwise they would be interpreted 198206f25ae9SGregory Neil Shapirodnl as generic error message... 198306f25ae9SGregory Neil Shapirodnl error messages should be "tagged" by prefixing them with error: ! 198406f25ae9SGregory Neil Shapirodnl that would make a lot of things easier. 198506f25ae9SGregory Neil Shapirodnl maybe we should stop checks already here (if SPAM_xyx)? 198606f25ae9SGregory Neil ShapiroR<$={SpamTag}> <$*> $: @ $2 mark address as no match') 198740266059SGregory Neil ShapiroR<REJECT> $* $#error $@ 5.2.1 $: confRCPTREJ_MSG 198806f25ae9SGregory Neil ShapiroR<DISCARD> $* $#discard $: discard 198940266059SGregory Neil Shapiroifdef(`_FFR_QUARANTINE', 199040266059SGregory Neil Shapiro`R<QUARANTINE:$+> $* $#error $@ quarantine $: $1', `dnl') 199106f25ae9SGregory Neil Shapirodnl error tag 199206f25ae9SGregory Neil ShapiroR<ERROR:$-.$-.$-:$+> $* $#error $@ $1.$2.$3 $: $4 199306f25ae9SGregory Neil ShapiroR<ERROR:$+> $* $#error $: $1 199440266059SGregory Neil Shapiroifdef(`_ATMPF_', `R<_ATMPF_> $* $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl') 199506f25ae9SGregory Neil Shapirodnl generic error from access map 199606f25ae9SGregory Neil ShapiroR<$+> $* $#error $: $1 error from access db 199706f25ae9SGregory Neil ShapiroR@ $* $1 remove mark', `dnl')', `dnl') 1998c2aa98e2SPeter Wemm 199940266059SGregory Neil Shapiroifdef(`_PROMISCUOUS_RELAY_', `divert(-1)', `dnl') 200040266059SGregory Neil Shapiro# authenticated via TLS? 200140266059SGregory Neil ShapiroR$* $: $1 $| $>RelayTLS client authenticated? 200206f25ae9SGregory Neil ShapiroR$* $| $# $+ $# $2 error/ok? 200306f25ae9SGregory Neil ShapiroR$* $| $* $: $1 no 200406f25ae9SGregory Neil Shapiro 200540266059SGregory Neil ShapiroR$* $: $1 $| $>"Local_Relay_Auth" $&{auth_type} 200640266059SGregory Neil Shapirodnl workspace: localpart<@domain> $| result of Local_Relay_Auth 200740266059SGregory Neil ShapiroR$* $| $# $* $# $2 200840266059SGregory Neil Shapirodnl if Local_Relay_Auth returns NO then do not check $={TrustAuthMech} 200940266059SGregory Neil ShapiroR$* $| NO $: $1 201040266059SGregory Neil ShapiroR$* $| $* $: $1 $| $&{auth_type} 201140266059SGregory Neil Shapirodnl workspace: localpart<@domain> [ $| ${auth_type} ] 201206f25ae9SGregory Neil Shapirodnl empty ${auth_type}? 201306f25ae9SGregory Neil ShapiroR$* $| $: $1 201406f25ae9SGregory Neil Shapirodnl mechanism ${auth_type} accepted? 201506f25ae9SGregory Neil Shapirodnl use $# to override further tests (delay_checks): see check_rcpt below 201640266059SGregory Neil ShapiroR$* $| $={TrustAuthMech} $# RELAY 201740266059SGregory Neil Shapirodnl remove ${auth_type} 201806f25ae9SGregory Neil ShapiroR$* $| $* $: $1 2019193538b7SGregory Neil Shapirodnl workspace: localpart<@domain> | localpart 202006f25ae9SGregory Neil Shapiroifelse(defn(`_NO_UUCP_'), `r', 2021193538b7SGregory Neil Shapiro`R$* ! $* < @ $* > $: <REMOTE> $2 < @ BANG_PATH > 2022193538b7SGregory Neil ShapiroR$* ! $* $: <REMOTE> $2 < @ BANG_PATH >', `dnl') 2023c2aa98e2SPeter Wemm# anything terminating locally is ok 2024c2aa98e2SPeter Wemmifdef(`_RELAY_ENTIRE_DOMAIN_', `dnl 202540266059SGregory Neil ShapiroR$+ < @ $* $=m > $@ RELAY', `dnl') 202640266059SGregory Neil ShapiroR$+ < @ $=w > $@ RELAY 2027c2aa98e2SPeter Wemmifdef(`_RELAY_HOSTS_ONLY_', 202840266059SGregory Neil Shapiro`R$+ < @ $=R > $@ RELAY 202906f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 203006f25ae9SGregory Neil ShapiroR$+ < @ $+ > $: <$(access To:$2 $: ? $)> <$1 < @ $2 >> 203106f25ae9SGregory Neil Shapirodnl workspace: <Result-of-lookup | ?> <localpart<@domain>> 203206f25ae9SGregory Neil ShapiroR<?> <$+ < @ $+ >> $: <$(access $2 $: ? $)> <$1 < @ $2 >>',`dnl')', 203340266059SGregory Neil Shapiro`R$+ < @ $* $=R > $@ RELAY 203406f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 203540266059SGregory Neil ShapiroR$+ < @ $+ > $: $>D <$2> <?> <+ To> <$1 < @ $2 >>',`dnl')') 203606f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 203706f25ae9SGregory Neil Shapirodnl workspace: <Result-of-lookup | ?> <localpart<@domain>> 203840266059SGregory Neil ShapiroR<RELAY> $* $@ RELAY 203940266059SGregory Neil Shapiroifdef(`_ATMPF_', `R<$* _ATMPF_> $* $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl') 2040c2aa98e2SPeter WemmR<$*> <$*> $: $2',`dnl') 2041c2aa98e2SPeter Wemm 204206f25ae9SGregory Neil Shapiro 2043c2aa98e2SPeter Wemmifdef(`_RELAY_MX_SERVED_', `dnl 2044c2aa98e2SPeter Wemm# allow relaying for hosts which we MX serve 204506f25ae9SGregory Neil ShapiroR$+ < @ $+ > $: < : $(mxserved $2 $) : > $1 < @ $2 > 204606f25ae9SGregory Neil Shapirodnl this must not necessarily happen if the client is checked first... 204740266059SGregory Neil ShapiroR< : $* <TEMP> : > $* $#TEMP $@ 4.7.1 $: "450 Can not check MX records for recipient host " $1 204840266059SGregory Neil ShapiroR<$* : $=w . : $*> $* $@ RELAY 2049065a643dSPeter WemmR< : $* : > $* $: $2', 2050c2aa98e2SPeter Wemm`dnl') 2051c2aa98e2SPeter Wemm 2052c2aa98e2SPeter Wemm# check for local user (i.e. unqualified address) 2053c2aa98e2SPeter WemmR$* $: <?> $1 2054065a643dSPeter WemmR<?> $* < @ $+ > $: <REMOTE> $1 < @ $2 > 2055c2aa98e2SPeter Wemm# local user is ok 205606f25ae9SGregory Neil Shapirodnl is it really? the standard requires user@domain, not just user 205706f25ae9SGregory Neil Shapirodnl but we should accept it anyway (maybe making it an option: 205806f25ae9SGregory Neil Shapirodnl RequireFQDN ?) 205906f25ae9SGregory Neil Shapirodnl postmaster must be accepted without domain (DRUMS) 206006f25ae9SGregory Neil Shapiroifdef(`_REQUIRE_QUAL_RCPT_', `dnl 206140266059SGregory Neil ShapiroR<?> postmaster $@ OK 206206f25ae9SGregory Neil Shapiro# require qualified recipient? 206306f25ae9SGregory Neil Shapirodnl prepend daemon_flags 206406f25ae9SGregory Neil ShapiroR<?> $+ $: $&{daemon_flags} $| <?> $1 206506f25ae9SGregory Neil Shapirodnl workspace: ${daemon_flags} $| <?> localpart 206606f25ae9SGregory Neil Shapirodnl do not allow these at all or only from local systems? 206706f25ae9SGregory Neil Shapirodnl r flag? add client_name 206806f25ae9SGregory Neil ShapiroR$* r $* $| <?> $+ $: < ? $&{client_name} > <?> $3 206906f25ae9SGregory Neil Shapirodnl no r flag: relay to local user (only local part) 207006f25ae9SGregory Neil Shapiro# no qualified recipient required 207140266059SGregory Neil ShapiroR$* $| <?> $+ $@ RELAY 207206f25ae9SGregory Neil Shapirodnl client_name is empty 207340266059SGregory Neil ShapiroR<?> <?> $+ $@ RELAY 207406f25ae9SGregory Neil Shapirodnl client_name is local 207540266059SGregory Neil ShapiroR<? $=w> <?> $+ $@ RELAY 207606f25ae9SGregory Neil Shapirodnl client_name is not local 207706f25ae9SGregory Neil ShapiroR<? $+> $+ $#error $@ 5.5.4 $: "553 Domain name required"', `dnl 207806f25ae9SGregory Neil Shapirodnl no qualified recipient required 207940266059SGregory Neil ShapiroR<?> $+ $@ RELAY') 208006f25ae9SGregory Neil Shapirodnl it is a remote user: remove mark and then check client 2081c2aa98e2SPeter WemmR<$+> $* $: $2 208206f25ae9SGregory Neil Shapirodnl currently the recipient address is not used below 2083c2aa98e2SPeter Wemm 208440266059SGregory Neil Shapiro###################################################################### 208540266059SGregory Neil Shapiro### Relay_ok: is the relay/sender ok? 208640266059SGregory Neil Shapirodnl input: ignored 208740266059SGregory Neil Shapirodnl output: see explanation at call 208840266059SGregory Neil Shapiro###################################################################### 208940266059SGregory Neil ShapiroSRelay_ok 2090c2aa98e2SPeter Wemm# anything originating locally is ok 2091c2aa98e2SPeter Wemm# check IP address 2092c2aa98e2SPeter WemmR$* $: $&{client_addr} 209340266059SGregory Neil ShapiroR$@ $@ RELAY originated locally 209440266059SGregory Neil ShapiroR0 $@ RELAY originated locally 209540266059SGregory Neil ShapiroR$=R $* $@ RELAY relayable IP address 209606f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 209740266059SGregory Neil ShapiroR$* $: $>A <$1> <?> <+ Connect> <$1> 209840266059SGregory Neil ShapiroR<RELAY> $* $@ RELAY relayable IP address 209940266059SGregory Neil Shapiroifdef(`_ATMPF_', `R<_ATMPF_> $* $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl') 2100c2aa98e2SPeter WemmR<$*> <$*> $: $2', `dnl') 2101c2aa98e2SPeter WemmR$* $: [ $1 ] put brackets around it... 210240266059SGregory Neil ShapiroR$=w $@ RELAY ... and see if it is local 2103c2aa98e2SPeter Wemm 210406f25ae9SGregory Neil Shapiroifdef(`_RELAY_DB_FROM_', `define(`_RELAY_MAIL_FROM_', `1')')dnl 210506f25ae9SGregory Neil Shapiroifdef(`_RELAY_LOCAL_FROM_', `define(`_RELAY_MAIL_FROM_', `1')')dnl 210606f25ae9SGregory Neil Shapiroifdef(`_RELAY_MAIL_FROM_', `dnl 210706f25ae9SGregory Neil Shapirodnl input: {client_addr} or something "broken" 210806f25ae9SGregory Neil Shapirodnl just throw the input away; we do not need it. 210906f25ae9SGregory Neil Shapiro# check whether FROM is allowed to use system as relay 211006f25ae9SGregory Neil ShapiroR$* $: <?> $>CanonAddr $&f 211140266059SGregory Neil ShapiroR<?> $+ < @ $+ . > <?> $1 < @ $2 > remove trailing dot 2112c2aa98e2SPeter Wemmifdef(`_RELAY_LOCAL_FROM_', `dnl 211306f25ae9SGregory Neil Shapiro# check whether local FROM is ok 211440266059SGregory Neil ShapiroR<?> $+ < @ $=w > $@ RELAY FROM local', `dnl') 211506f25ae9SGregory Neil Shapiroifdef(`_RELAY_DB_FROM_', `dnl 2116605302a5SGregory Neil ShapiroR<?> $+ < @ $+ > $: <@> $>SearchList <! From> $| <F:$1@$2> ifdef(`_RELAY_DB_FROM_DOMAIN_', ifdef(`_RELAY_HOSTS_ONLY_', `<E:$2>', `<D:$2>')) <> 211740266059SGregory Neil ShapiroR<@> <RELAY> $@ RELAY RELAY FROM sender ok 211840266059SGregory Neil Shapiroifdef(`_ATMPF_', `R<@> <_ATMPF_> $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl') 211940266059SGregory Neil Shapiro', `dnl 212040266059SGregory Neil Shapiroifdef(`_RELAY_DB_FROM_DOMAIN_', 212140266059SGregory Neil Shapiro`errprint(`*** ERROR: _RELAY_DB_FROM_DOMAIN_ requires _RELAY_DB_FROM_ 212206f25ae9SGregory Neil Shapiro')', 212306f25ae9SGregory Neil Shapiro`dnl') 212406f25ae9SGregory Neil Shapirodnl')', `dnl') 212540266059SGregory Neil Shapirodnl notice: the rulesets above do not leave a unique workspace behind. 212640266059SGregory Neil Shapirodnl it does not matter in this case because the following rule ignores 212740266059SGregory Neil Shapirodnl the input. otherwise these rules must "clean up" the workspace. 212806f25ae9SGregory Neil Shapiro 212906f25ae9SGregory Neil Shapiro# check client name: first: did it resolve? 213006f25ae9SGregory Neil Shapirodnl input: ignored 213106f25ae9SGregory Neil ShapiroR$* $: < $&{client_resolve} > 213240266059SGregory Neil ShapiroR<TEMP> $#TEMP $@ 4.7.1 $: "450 Relaying temporarily denied. Cannot resolve PTR record for " $&{client_addr} 213306f25ae9SGregory Neil ShapiroR<FORGED> $#error $@ 5.7.1 $: "550 Relaying denied. IP name possibly forged " $&{client_name} 213406f25ae9SGregory Neil ShapiroR<FAIL> $#error $@ 5.7.1 $: "550 Relaying denied. IP name lookup failed " $&{client_name} 213506f25ae9SGregory Neil Shapirodnl ${client_resolve} should be OK, so go ahead 213640266059SGregory Neil ShapiroR$* $: <@> $&{client_name} 213706f25ae9SGregory Neil Shapirodnl should not be necessary since it has been done for client_addr already 213840266059SGregory Neil ShapiroR<@> $@ RELAY 213940266059SGregory Neil Shapirodnl workspace: <@> ${client_name} (not empty) 214040266059SGregory Neil Shapiro# pass to name server to make hostname canonical 214140266059SGregory Neil ShapiroR<@> $* $=P $:<?> $1 $2 214240266059SGregory Neil ShapiroR<@> $+ $:<?> $[ $1 $] 214340266059SGregory Neil Shapirodnl workspace: <?> ${client_name} (canonified) 214440266059SGregory Neil ShapiroR$* . $1 strip trailing dots 214506f25ae9SGregory Neil Shapiroifdef(`_RELAY_ENTIRE_DOMAIN_', `dnl 214640266059SGregory Neil ShapiroR<?> $* $=m $@ RELAY', `dnl') 214740266059SGregory Neil ShapiroR<?> $=w $@ RELAY 214806f25ae9SGregory Neil Shapiroifdef(`_RELAY_HOSTS_ONLY_', 214940266059SGregory Neil Shapiro`R<?> $=R $@ RELAY 215006f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 215106f25ae9SGregory Neil ShapiroR<?> $* $: <$(access Connect:$1 $: ? $)> <$1> 215206f25ae9SGregory Neil ShapiroR<?> <$*> $: <$(access $1 $: ? $)> <$1>',`dnl')', 215340266059SGregory Neil Shapiro`R<?> $* $=R $@ RELAY 215406f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 215540266059SGregory Neil ShapiroR<?> $* $: $>D <$1> <?> <+ Connect> <$1>',`dnl')') 215606f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 215740266059SGregory Neil ShapiroR<RELAY> $* $@ RELAY 215840266059SGregory Neil Shapiroifdef(`_ATMPF_', `R<$* _ATMPF_> $* $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl') 215906f25ae9SGregory Neil ShapiroR<$*> <$*> $: $2',`dnl') 216040266059SGregory Neil Shapirodnl end of _PROMISCUOUS_RELAY_ 216106f25ae9SGregory Neil Shapirodivert(0) 216206f25ae9SGregory Neil Shapiroifdef(`_DELAY_CHECKS_',`dnl 216306f25ae9SGregory Neil Shapiro# turn a canonical address in the form user<@domain> 216406f25ae9SGregory Neil Shapiro# qualify unqual. addresses with $j 216506f25ae9SGregory Neil Shapirodnl it might have been only user (without <@domain>) 216606f25ae9SGregory Neil ShapiroSFullAddr 216706f25ae9SGregory Neil ShapiroR$* <@ $+ . > $1 <@ $2 > 216806f25ae9SGregory Neil ShapiroR$* <@ $* > $@ $1 <@ $2 > 216906f25ae9SGregory Neil ShapiroR$+ $@ $1 <@ $j > 2170c2aa98e2SPeter Wemm 217106f25ae9SGregory Neil Shapiro# call all necessary rulesets 217206f25ae9SGregory Neil ShapiroScheck_rcpt 217306f25ae9SGregory Neil Shapirodnl this test should be in the Basic_check_rcpt ruleset 217406f25ae9SGregory Neil Shapirodnl which is the correct DSN code? 217506f25ae9SGregory Neil Shapiro# R$@ $#error $@ 5.1.3 $: "553 Recipient address required" 217606f25ae9SGregory Neil ShapiroR$+ $: $1 $| $>checkrcpt $1 217706f25ae9SGregory Neil Shapirodnl now we can simply stop checks by returning "$# xyz" instead of just "ok" 217806f25ae9SGregory Neil ShapiroR$+ $| $#$* $#$2 217906f25ae9SGregory Neil ShapiroR$+ $| $* $: <?> $>FullAddr $>CanonAddr $1 218006f25ae9SGregory Neil Shapiroifdef(`_SPAM_FH_', 218106f25ae9SGregory Neil Shapiro`dnl lookup user@ and user@address 218206f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `', 218306f25ae9SGregory Neil Shapiro`errprint(`*** ERROR: FEATURE(`delay_checks', `argument') requires FEATURE(`access_db') 218406f25ae9SGregory Neil Shapiro')')dnl 218506f25ae9SGregory Neil Shapirodnl one of the next two rules is supposed to match 218606f25ae9SGregory Neil Shapirodnl this code has been copied from BLACKLIST... etc 218706f25ae9SGregory Neil Shapirodnl and simplified by omitting some < >. 218840266059SGregory Neil ShapiroR<?> $+ < @ $=w > $: <> $1 < @ $2 > $| <F: $1@$2 > <D: $2 > <U: $1@> 218940266059SGregory Neil ShapiroR<?> $+ < @ $* > $: <> $1 < @ $2 > $| <F: $1@$2 > <D: $2 > 219006f25ae9SGregory Neil Shapirodnl R<?> $@ something_is_very_wrong_here 219140266059SGregory Neil Shapiro# lookup the addresses only with Spam tag 219240266059SGregory Neil ShapiroR<> $* $| <$+> $: <@> $1 $| $>SearchList <! Spam> $| <$2> <> 219306f25ae9SGregory Neil ShapiroR<@> $* $| $* $: $2 $1 reverse result 219406f25ae9SGregory Neil Shapirodnl', `dnl') 219506f25ae9SGregory Neil Shapiroifdef(`_SPAM_FRIEND_', 219606f25ae9SGregory Neil Shapiro`# is the recipient a spam friend? 219706f25ae9SGregory Neil Shapiroifdef(`_SPAM_HATER_', 219806f25ae9SGregory Neil Shapiro `errprint(`*** ERROR: define either SpamHater or SpamFriend 219906f25ae9SGregory Neil Shapiro')', `dnl') 220040266059SGregory Neil ShapiroR<FRIEND> $+ $@ SPAMFRIEND 220106f25ae9SGregory Neil ShapiroR<$*> $+ $: $2', 220206f25ae9SGregory Neil Shapiro`dnl') 220306f25ae9SGregory Neil Shapiroifdef(`_SPAM_HATER_', 220406f25ae9SGregory Neil Shapiro`# is the recipient no spam hater? 220540266059SGregory Neil ShapiroR<HATER> $+ $: $1 spam hater: continue checks 220606f25ae9SGregory Neil ShapiroR<$*> $+ $@ NOSPAMHATER everyone else: stop 220706f25ae9SGregory Neil Shapirodnl',`dnl') 220806f25ae9SGregory Neil Shapirodnl run further checks: check_mail 220906f25ae9SGregory Neil Shapirodnl should we "clean up" $&f? 221040266059SGregory Neil Shapiroifdef(`_FFR_MAIL_MACRO', 221140266059SGregory Neil Shapiro`R$* $: $1 $| $>checkmail $&{mail_from}', 221240266059SGregory Neil Shapiro`R$* $: $1 $| $>checkmail <$&f>') 2213605302a5SGregory Neil Shapirodnl recipient (canonical format) $| result of checkmail 221406f25ae9SGregory Neil ShapiroR$* $| $#$* $#$2 221506f25ae9SGregory Neil Shapirodnl run further checks: check_relay 2216605302a5SGregory Neil ShapiroR$* $| $* $: $1 $| $>checkrelay $&{client_name} $| $&{client_addr} 221706f25ae9SGregory Neil ShapiroR$* $| $#$* $#$2 221806f25ae9SGregory Neil ShapiroR$* $| $* $: $1 221906f25ae9SGregory Neil Shapiro', `dnl') 222040266059SGregory Neil Shapiro 222140266059SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl', `divert(-1)') 222240266059SGregory Neil Shapiro###################################################################### 222340266059SGregory Neil Shapiro### F: LookUpFull -- search for an entry in access database 222440266059SGregory Neil Shapiro### 222540266059SGregory Neil Shapiro### lookup of full key (which should be an address) and 222640266059SGregory Neil Shapiro### variations if +detail exists: +* and without +detail 222740266059SGregory Neil Shapiro### 222840266059SGregory Neil Shapiro### Parameters: 222940266059SGregory Neil Shapiro### <$1> -- key 223040266059SGregory Neil Shapiro### <$2> -- default (what to return if not found in db) 223140266059SGregory Neil Shapirodnl must not be empty 223240266059SGregory Neil Shapiro### <$3> -- mark (must be <(!|+) single-token>) 223340266059SGregory Neil Shapiro### ! does lookup only with tag 223440266059SGregory Neil Shapiro### + does lookup with and without tag 223540266059SGregory Neil Shapiro### <$4> -- passthru (additional data passed unchanged through) 223640266059SGregory Neil Shapirodnl returns: <default> <passthru> 223740266059SGregory Neil Shapirodnl <result> <passthru> 223840266059SGregory Neil Shapiro###################################################################### 223940266059SGregory Neil Shapiro 224040266059SGregory Neil ShapiroSF 224140266059SGregory Neil Shapirodnl workspace: <key> <def> <o tag> <thru> 224240266059SGregory Neil Shapirodnl full lookup 224340266059SGregory Neil Shapirodnl 2 3 4 5 224440266059SGregory Neil ShapiroR<$+> <$*> <$- $-> <$*> $: <$(access $4`'_TAG_DELIM_`'$1 $: ? $)> <$1> <$2> <$3 $4> <$5> 224540266059SGregory Neil Shapirodnl no match, try without tag 224640266059SGregory Neil Shapirodnl 1 2 3 4 224740266059SGregory Neil ShapiroR<?> <$+> <$*> <+ $-> <$*> $: <$(access $1 $: ? $)> <$1> <$2> <+ $3> <$4> 224840266059SGregory Neil Shapirodnl no match, +detail: try +* 224940266059SGregory Neil Shapirodnl 1 2 3 4 5 6 7 225040266059SGregory Neil ShapiroR<?> <$+ + $* @ $+> <$*> <$- $-> <$*> 225140266059SGregory Neil Shapiro $: <$(access $6`'_TAG_DELIM_`'$1+*@$3 $: ? $)> <$1+$2@$3> <$4> <$5 $6> <$7> 225240266059SGregory Neil Shapirodnl no match, +detail: try +* without tag 225340266059SGregory Neil Shapirodnl 1 2 3 4 5 6 225440266059SGregory Neil ShapiroR<?> <$+ + $* @ $+> <$*> <+ $-> <$*> 225540266059SGregory Neil Shapiro $: <$(access $1+*@$3 $: ? $)> <$1+$2@$3> <$4> <+ $5> <$6> 225640266059SGregory Neil Shapirodnl no match, +detail: try without +detail 225740266059SGregory Neil Shapirodnl 1 2 3 4 5 6 7 225840266059SGregory Neil ShapiroR<?> <$+ + $* @ $+> <$*> <$- $-> <$*> 225940266059SGregory Neil Shapiro $: <$(access $6`'_TAG_DELIM_`'$1@$3 $: ? $)> <$1+$2@$3> <$4> <$5 $6> <$7> 226040266059SGregory Neil Shapirodnl no match, +detail: try without +detail and without tag 226140266059SGregory Neil Shapirodnl 1 2 3 4 5 6 226240266059SGregory Neil ShapiroR<?> <$+ + $* @ $+> <$*> <+ $-> <$*> 226340266059SGregory Neil Shapiro $: <$(access $1@$3 $: ? $)> <$1+$2@$3> <$4> <+ $5> <$6> 226440266059SGregory Neil Shapirodnl no match, return <default> <passthru> 226540266059SGregory Neil Shapirodnl 1 2 3 4 5 226640266059SGregory Neil ShapiroR<?> <$+> <$*> <$- $-> <$*> $@ <$2> <$5> 226740266059SGregory Neil Shapiroifdef(`_ATMPF_', `dnl tempfail? 226840266059SGregory Neil Shapirodnl 2 3 4 5 226940266059SGregory Neil ShapiroR<$+ _ATMPF_> <$*> <$- $-> <$*> $@ <_ATMPF_> <$5>', `dnl') 227040266059SGregory Neil Shapirodnl match, return <match> <passthru> 227140266059SGregory Neil Shapirodnl 2 3 4 5 227240266059SGregory Neil ShapiroR<$+> <$*> <$- $-> <$*> $@ <$1> <$5> 227340266059SGregory Neil Shapiro 227440266059SGregory Neil Shapiro###################################################################### 227540266059SGregory Neil Shapiro### E: LookUpExact -- search for an entry in access database 227640266059SGregory Neil Shapiro### 227740266059SGregory Neil Shapiro### Parameters: 227840266059SGregory Neil Shapiro### <$1> -- key 227940266059SGregory Neil Shapiro### <$2> -- default (what to return if not found in db) 228040266059SGregory Neil Shapirodnl must not be empty 228140266059SGregory Neil Shapiro### <$3> -- mark (must be <(!|+) single-token>) 228240266059SGregory Neil Shapiro### ! does lookup only with tag 228340266059SGregory Neil Shapiro### + does lookup with and without tag 228440266059SGregory Neil Shapiro### <$4> -- passthru (additional data passed unchanged through) 228540266059SGregory Neil Shapirodnl returns: <default> <passthru> 228640266059SGregory Neil Shapirodnl <result> <passthru> 228740266059SGregory Neil Shapiro###################################################################### 228840266059SGregory Neil Shapiro 228940266059SGregory Neil ShapiroSE 229040266059SGregory Neil Shapirodnl 2 3 4 5 229140266059SGregory Neil ShapiroR<$*> <$*> <$- $-> <$*> $: <$(access $4`'_TAG_DELIM_`'$1 $: ? $)> <$1> <$2> <$3 $4> <$5> 229240266059SGregory Neil Shapirodnl no match, try without tag 229340266059SGregory Neil Shapirodnl 1 2 3 4 229440266059SGregory Neil ShapiroR<?> <$+> <$*> <+ $-> <$*> $: <$(access $1 $: ? $)> <$1> <$2> <+ $3> <$4> 229540266059SGregory Neil Shapirodnl no match, return default passthru 229640266059SGregory Neil Shapirodnl 1 2 3 4 5 229740266059SGregory Neil ShapiroR<?> <$+> <$*> <$- $-> <$*> $@ <$2> <$5> 229840266059SGregory Neil Shapiroifdef(`_ATMPF_', `dnl tempfail? 229940266059SGregory Neil Shapirodnl 2 3 4 5 230040266059SGregory Neil ShapiroR<$+ _ATMPF_> <$*> <$- $-> <$*> $@ <_ATMPF_> <$5>', `dnl') 230140266059SGregory Neil Shapirodnl match, return <match> <passthru> 230240266059SGregory Neil Shapirodnl 2 3 4 5 230340266059SGregory Neil ShapiroR<$+> <$*> <$- $-> <$*> $@ <$1> <$5> 230440266059SGregory Neil Shapiro 230540266059SGregory Neil Shapiro###################################################################### 230640266059SGregory Neil Shapiro### U: LookUpUser -- search for an entry in access database 230740266059SGregory Neil Shapiro### 230840266059SGregory Neil Shapiro### lookup of key (which should be a local part) and 230940266059SGregory Neil Shapiro### variations if +detail exists: +* and without +detail 231040266059SGregory Neil Shapiro### 231140266059SGregory Neil Shapiro### Parameters: 231240266059SGregory Neil Shapiro### <$1> -- key (user@) 231340266059SGregory Neil Shapiro### <$2> -- default (what to return if not found in db) 231440266059SGregory Neil Shapirodnl must not be empty 231540266059SGregory Neil Shapiro### <$3> -- mark (must be <(!|+) single-token>) 231640266059SGregory Neil Shapiro### ! does lookup only with tag 231740266059SGregory Neil Shapiro### + does lookup with and without tag 231840266059SGregory Neil Shapiro### <$4> -- passthru (additional data passed unchanged through) 231940266059SGregory Neil Shapirodnl returns: <default> <passthru> 232040266059SGregory Neil Shapirodnl <result> <passthru> 232140266059SGregory Neil Shapiro###################################################################### 232240266059SGregory Neil Shapiro 232340266059SGregory Neil ShapiroSU 232440266059SGregory Neil Shapirodnl user lookups are always with trailing @ 232540266059SGregory Neil Shapirodnl 2 3 4 5 232640266059SGregory Neil ShapiroR<$+> <$*> <$- $-> <$*> $: <$(access $4`'_TAG_DELIM_`'$1 $: ? $)> <$1> <$2> <$3 $4> <$5> 232740266059SGregory Neil Shapirodnl no match, try without tag 232840266059SGregory Neil Shapirodnl 1 2 3 4 232940266059SGregory Neil ShapiroR<?> <$+> <$*> <+ $-> <$*> $: <$(access $1 $: ? $)> <$1> <$2> <+ $3> <$4> 233040266059SGregory Neil Shapirodnl do not remove the @ from the lookup: 233140266059SGregory Neil Shapirodnl it is part of the +detail@ which is omitted for the lookup 233240266059SGregory Neil Shapirodnl no match, +detail: try +* 233340266059SGregory Neil Shapirodnl 1 2 3 4 5 6 233440266059SGregory Neil ShapiroR<?> <$+ + $* @> <$*> <$- $-> <$*> 233540266059SGregory Neil Shapiro $: <$(access $5`'_TAG_DELIM_`'$1+*@ $: ? $)> <$1+$2@> <$3> <$4 $5> <$6> 233640266059SGregory Neil Shapirodnl no match, +detail: try +* without tag 233740266059SGregory Neil Shapirodnl 1 2 3 4 5 233840266059SGregory Neil ShapiroR<?> <$+ + $* @> <$*> <+ $-> <$*> 233940266059SGregory Neil Shapiro $: <$(access $1+*@ $: ? $)> <$1+$2@> <$3> <+ $4> <$5> 234040266059SGregory Neil Shapirodnl no match, +detail: try without +detail 234140266059SGregory Neil Shapirodnl 1 2 3 4 5 6 234240266059SGregory Neil ShapiroR<?> <$+ + $* @> <$*> <$- $-> <$*> 234340266059SGregory Neil Shapiro $: <$(access $5`'_TAG_DELIM_`'$1@ $: ? $)> <$1+$2@> <$3> <$4 $5> <$6> 234440266059SGregory Neil Shapirodnl no match, +detail: try without +detail and without tag 234540266059SGregory Neil Shapirodnl 1 2 3 4 5 234640266059SGregory Neil ShapiroR<?> <$+ + $* @> <$*> <+ $-> <$*> 234740266059SGregory Neil Shapiro $: <$(access $1@ $: ? $)> <$1+$2@> <$3> <+ $4> <$5> 234840266059SGregory Neil Shapirodnl no match, return <default> <passthru> 234940266059SGregory Neil Shapirodnl 1 2 3 4 5 235040266059SGregory Neil ShapiroR<?> <$+> <$*> <$- $-> <$*> $@ <$2> <$5> 235140266059SGregory Neil Shapiroifdef(`_ATMPF_', `dnl tempfail? 235240266059SGregory Neil Shapirodnl 2 3 4 5 235340266059SGregory Neil ShapiroR<$+ _ATMPF_> <$*> <$- $-> <$*> $@ <_ATMPF_> <$5>', `dnl') 235440266059SGregory Neil Shapirodnl match, return <match> <passthru> 235540266059SGregory Neil Shapirodnl 2 3 4 5 235640266059SGregory Neil ShapiroR<$+> <$*> <$- $-> <$*> $@ <$1> <$5> 235740266059SGregory Neil Shapiro 235806f25ae9SGregory Neil Shapiro###################################################################### 235906f25ae9SGregory Neil Shapiro### SearchList: search a list of items in the access map 236006f25ae9SGregory Neil Shapiro### Parameters: 236106f25ae9SGregory Neil Shapiro### <exact tag> $| <mark:address> <mark:address> ... <> 236206f25ae9SGregory Neil Shapirodnl maybe we should have a @ (again) in front of the mark to 236306f25ae9SGregory Neil Shapirodnl avoid errorneous matches (with error messages?) 236406f25ae9SGregory Neil Shapirodnl if we can make sure that tag is always a single token 236506f25ae9SGregory Neil Shapirodnl then we can omit the delimiter $|, otherwise we need it 236640266059SGregory Neil Shapirodnl to avoid errorneous matchs (first rule: D: if there 236706f25ae9SGregory Neil Shapirodnl is that mark somewhere in the list, it will be taken). 236806f25ae9SGregory Neil Shapirodnl moreover, we can do some tricks to enforce lookup with 236906f25ae9SGregory Neil Shapirodnl the tag only, e.g.: 237006f25ae9SGregory Neil Shapiro### where "exact" is either "+" or "!": 237106f25ae9SGregory Neil Shapiro### <+ TAG> lookup with and w/o tag 237206f25ae9SGregory Neil Shapiro### <! TAG> lookup with tag 237306f25ae9SGregory Neil Shapirodnl Warning: + and ! should be in OperatorChars (otherwise there must be 237406f25ae9SGregory Neil Shapirodnl a blank between them and the tag. 237506f25ae9SGregory Neil Shapiro### possible values for "mark" are: 237640266059SGregory Neil Shapiro### D: recursive host lookup (LookUpDomain) 237706f25ae9SGregory Neil Shapirodnl A: recursive address lookup (LookUpAddress) [not yet required] 237806f25ae9SGregory Neil Shapiro### E: exact lookup, no modifications 237906f25ae9SGregory Neil Shapiro### F: full lookup, try user+ext@domain and user@domain 238006f25ae9SGregory Neil Shapiro### U: user lookup, try user+ext and user (input must have trailing @) 238106f25ae9SGregory Neil Shapiro### return: <RHS of lookup> or <?> (not found) 238206f25ae9SGregory Neil Shapiro###################################################################### 238306f25ae9SGregory Neil Shapiro 238406f25ae9SGregory Neil Shapiro# class with valid marks for SearchList 238506f25ae9SGregory Neil Shapirodnl if A is activated: add it 238640266059SGregory Neil ShapiroC{src}E F D U ifdef(`_FFR_SRCHLIST_A', `A') 238706f25ae9SGregory Neil ShapiroSSearchList 238840266059SGregory Neil Shapiro# just call the ruleset with the name of the tag... nice trick... 238940266059SGregory Neil Shapirodnl 2 3 4 239040266059SGregory Neil ShapiroR<$+> $| <$={src}:$*> <$*> $: <$1> $| <$4> $| $>$2 <$3> <?> <$1> <> 239140266059SGregory Neil Shapirodnl workspace: <o tag> $| <rest> $| <result of lookup> <> 239240266059SGregory Neil Shapirodnl no match and nothing left: return 239340266059SGregory Neil ShapiroR<$+> $| <> $| <?> <> $@ <?> 239440266059SGregory Neil Shapirodnl no match but something left: continue 239540266059SGregory Neil ShapiroR<$+> $| <$+> $| <?> <> $@ $>SearchList <$1> $| <$2> 239640266059SGregory Neil Shapirodnl match: return 239740266059SGregory Neil ShapiroR<$+> $| <$*> $| <$+> <> $@ <$3> 239806f25ae9SGregory Neil Shapirodnl return result from recursive invocation 239940266059SGregory Neil ShapiroR<$+> $| <$+> $@ <$2> 240040266059SGregory Neil Shapirodnl endif _ACCESS_TABLE_ 240140266059SGregory Neil Shapirodivert(0) 240206f25ae9SGregory Neil Shapiro 240340266059SGregory Neil Shapiro###################################################################### 240440266059SGregory Neil Shapiro### trust_auth: is user trusted to authenticate as someone else? 240540266059SGregory Neil Shapiro### 240640266059SGregory Neil Shapiro### Parameters: 240740266059SGregory Neil Shapiro### $1: AUTH= parameter from MAIL command 240840266059SGregory Neil Shapiro###################################################################### 240940266059SGregory Neil Shapiro 241040266059SGregory Neil Shapirodnl empty ruleset definition so it can be called 241140266059SGregory Neil ShapiroSLocal_trust_auth 241206f25ae9SGregory Neil ShapiroStrust_auth 241306f25ae9SGregory Neil ShapiroR$* $: $&{auth_type} $| $1 241406f25ae9SGregory Neil Shapiro# required by RFC 2554 section 4. 241506f25ae9SGregory Neil ShapiroR$@ $| $* $#error $@ 5.7.1 $: "550 not authenticated" 241606f25ae9SGregory Neil Shapirodnl seems to be useful... 241706f25ae9SGregory Neil ShapiroR$* $| $&{auth_authen} $@ identical 241806f25ae9SGregory Neil ShapiroR$* $| <$&{auth_authen}> $@ identical 241906f25ae9SGregory Neil Shapirodnl call user supplied code 242006f25ae9SGregory Neil ShapiroR$* $| $* $: $1 $| $>"Local_trust_auth" $1 242106f25ae9SGregory Neil ShapiroR$* $| $#$* $#$2 242206f25ae9SGregory Neil Shapirodnl default: error 242306f25ae9SGregory Neil ShapiroR$* $#error $@ 5.7.1 $: "550 " $&{auth_authen} " not allowed to act as " $&{auth_author} 242406f25ae9SGregory Neil Shapiro 242540266059SGregory Neil Shapiro###################################################################### 242640266059SGregory Neil Shapiro### Relay_Auth: allow relaying based on authentication? 242740266059SGregory Neil Shapiro### 242840266059SGregory Neil Shapiro### Parameters: 242940266059SGregory Neil Shapiro### $1: ${auth_type} 243040266059SGregory Neil Shapiro###################################################################### 243140266059SGregory Neil ShapiroSLocal_Relay_Auth 243206f25ae9SGregory Neil Shapiro 243340266059SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 243440266059SGregory Neil Shapiro###################################################################### 243540266059SGregory Neil Shapiro### srv_features: which features to offer to a client? 243640266059SGregory Neil Shapiro### (done in server) 243740266059SGregory Neil Shapiro###################################################################### 243840266059SGregory Neil ShapiroSsrv_features 243940266059SGregory Neil Shapiroifdef(`_LOCAL_SRV_FEATURES_', `dnl 244040266059SGregory Neil ShapiroR$* $: $1 $| $>"Local_srv_features" $1 244140266059SGregory Neil ShapiroR$* $| $#$* $#$2 244240266059SGregory Neil ShapiroR$* $| $* $: $1', `dnl') 244340266059SGregory Neil ShapiroR$* $: $>D <$&{client_name}> <?> <! SRV_FEAT_TAG> <> 244440266059SGregory Neil ShapiroR<?>$* $: $>A <$&{client_addr}> <?> <! SRV_FEAT_TAG> <> 244540266059SGregory Neil ShapiroR<?>$* $: <$(access SRV_FEAT_TAG`'_TAG_DELIM_ $: ? $)> 244606f25ae9SGregory Neil ShapiroR<?>$* $@ OK 244740266059SGregory Neil Shapiroifdef(`_ATMPF_', `dnl tempfail? 244840266059SGregory Neil ShapiroR<$* _ATMPF_>$* $#temp', `dnl') 244940266059SGregory Neil ShapiroR<$+>$* $# $1 245006f25ae9SGregory Neil Shapiro 245140266059SGregory Neil Shapiro###################################################################### 245240266059SGregory Neil Shapiro### try_tls: try to use STARTTLS? 245340266059SGregory Neil Shapiro### (done in client) 245440266059SGregory Neil Shapiro###################################################################### 245506f25ae9SGregory Neil ShapiroStry_tls 245640266059SGregory Neil Shapiroifdef(`_LOCAL_TRY_TLS_', `dnl 245740266059SGregory Neil ShapiroR$* $: $1 $| $>"Local_try_tls" $1 245840266059SGregory Neil ShapiroR$* $| $#$* $#$2 245940266059SGregory Neil ShapiroR$* $| $* $: $1', `dnl') 246040266059SGregory Neil ShapiroR$* $: $>D <$&{server_name}> <?> <! TLS_TRY_TAG> <> 246140266059SGregory Neil ShapiroR<?>$* $: $>A <$&{server_addr}> <?> <! TLS_TRY_TAG> <> 246240266059SGregory Neil ShapiroR<?>$* $: <$(access TLS_TRY_TAG`'_TAG_DELIM_ $: ? $)> 246306f25ae9SGregory Neil ShapiroR<?>$* $@ OK 246440266059SGregory Neil Shapiroifdef(`_ATMPF_', `dnl tempfail? 246540266059SGregory Neil ShapiroR<$* _ATMPF_>$* $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl') 2466193538b7SGregory Neil ShapiroR<NO>$* $#error $@ 5.7.1 $: "550 do not try TLS with " $&{server_name} " ["$&{server_addr}"]" 246706f25ae9SGregory Neil Shapiro 246840266059SGregory Neil Shapiro###################################################################### 246940266059SGregory Neil Shapiro### tls_rcpt: is connection with server "good" enough? 247040266059SGregory Neil Shapiro### (done in client, per recipient) 247140266059SGregory Neil Shapirodnl called from deliver() before RCPT command 247240266059SGregory Neil Shapiro### 247340266059SGregory Neil Shapiro### Parameters: 247440266059SGregory Neil Shapiro### $1: recipient 247540266059SGregory Neil Shapiro###################################################################### 247640266059SGregory Neil ShapiroStls_rcpt 247740266059SGregory Neil Shapiroifdef(`_LOCAL_TLS_RCPT_', `dnl 247840266059SGregory Neil ShapiroR$* $: $1 $| $>"Local_tls_rcpt" $1 247940266059SGregory Neil ShapiroR$* $| $#$* $#$2 248040266059SGregory Neil ShapiroR$* $| $* $: $1', `dnl') 248140266059SGregory Neil Shapirodnl store name of other side 248240266059SGregory Neil ShapiroR$* $: $(macro {TLS_Name} $@ $&{server_name} $) $1 248340266059SGregory Neil Shapirodnl canonify recipient address 248440266059SGregory Neil ShapiroR$+ $: <?> $>CanonAddr $1 248540266059SGregory Neil Shapirodnl strip trailing dots 248640266059SGregory Neil ShapiroR<?> $+ < @ $+ . > <?> $1 <@ $2 > 248740266059SGregory Neil Shapirodnl full address? 248840266059SGregory Neil ShapiroR<?> $+ < @ $+ > $: $1 <@ $2 > $| <F:$1@$2> <U:$1@> <D:$2> <E:> 248940266059SGregory Neil Shapirodnl only localpart? 249040266059SGregory Neil ShapiroR<?> $+ $: $1 $| <U:$1@> <E:> 249140266059SGregory Neil Shapirodnl look it up 249240266059SGregory Neil Shapirodnl also look up a default value via E: 249340266059SGregory Neil ShapiroR$* $| $+ $: $1 $| $>SearchList <! TLS_RCPT_TAG> $| $2 <> 249440266059SGregory Neil Shapirodnl found nothing: stop here 249540266059SGregory Neil ShapiroR$* $| <?> $@ OK 249640266059SGregory Neil Shapiroifdef(`_ATMPF_', `dnl tempfail? 249740266059SGregory Neil ShapiroR$* $| <$* _ATMPF_> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl') 249840266059SGregory Neil Shapirodnl use the generic routine (for now) 249940266059SGregory Neil ShapiroR$* $| <$+> $@ $>"TLS_connection" $&{verify} $| <$2>') 250040266059SGregory Neil Shapiro 250140266059SGregory Neil Shapiro###################################################################### 250240266059SGregory Neil Shapiro### tls_client: is connection with client "good" enough? 250340266059SGregory Neil Shapiro### (done in server) 250440266059SGregory Neil Shapiro### 250540266059SGregory Neil Shapiro### Parameters: 250640266059SGregory Neil Shapiro### ${verify} $| (MAIL|STARTTLS) 250740266059SGregory Neil Shapiro###################################################################### 250806f25ae9SGregory Neil Shapirodnl MAIL: called from check_mail 250906f25ae9SGregory Neil Shapirodnl STARTTLS: called from smtp() after STARTTLS has been accepted 251006f25ae9SGregory Neil ShapiroStls_client 251140266059SGregory Neil Shapiroifdef(`_LOCAL_TLS_CLIENT_', `dnl 251240266059SGregory Neil ShapiroR$* $: $1 $| $>"Local_tls_client" $1 251340266059SGregory Neil ShapiroR$* $| $#$* $#$2 251440266059SGregory Neil ShapiroR$* $| $* $: $1', `dnl') 251506f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 251640266059SGregory Neil Shapirodnl store name of other side 251740266059SGregory Neil ShapiroR$* $: $(macro {TLS_Name} $@ $&{server_name} $) $1 251806f25ae9SGregory Neil Shapirodnl ignore second arg for now 251906f25ae9SGregory Neil Shapirodnl maybe use it to distinguish permanent/temporary error? 252006f25ae9SGregory Neil Shapirodnl if MAIL: permanent (STARTTLS has not been offered) 252106f25ae9SGregory Neil Shapirodnl if STARTTLS: temporary (offered but maybe failed) 252240266059SGregory Neil ShapiroR$* $| $* $: $1 $| $>D <$&{client_name}> <?> <! TLS_CLT_TAG> <> 252340266059SGregory Neil ShapiroR$* $| <?>$* $: $1 $| $>A <$&{client_addr}> <?> <! TLS_CLT_TAG> <> 252406f25ae9SGregory Neil Shapirodnl do a default lookup: just TLS_CLT_TAG 252506f25ae9SGregory Neil ShapiroR$* $| <?>$* $: $1 $| <$(access TLS_CLT_TAG`'_TAG_DELIM_ $: ? $)> 252640266059SGregory Neil Shapiroifdef(`_ATMPF_', `dnl tempfail? 252740266059SGregory Neil ShapiroR$* $| <$* _ATMPF_> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl') 252840266059SGregory Neil ShapiroR$* $@ $>"TLS_connection" $1', `dnl 252940266059SGregory Neil ShapiroR$* $| $* $@ $>"TLS_connection" $1') 253006f25ae9SGregory Neil Shapiro 253140266059SGregory Neil Shapiro###################################################################### 253240266059SGregory Neil Shapiro### tls_server: is connection with server "good" enough? 253340266059SGregory Neil Shapiro### (done in client) 253440266059SGregory Neil Shapiro### 253540266059SGregory Neil Shapiro### Parameter: 253640266059SGregory Neil Shapiro### ${verify} 253740266059SGregory Neil Shapiro###################################################################### 253806f25ae9SGregory Neil Shapirodnl i.e. has the server been authenticated and is encryption active? 253906f25ae9SGregory Neil Shapirodnl called from deliver() after STARTTLS command 254006f25ae9SGregory Neil ShapiroStls_server 254140266059SGregory Neil Shapiroifdef(`_LOCAL_TLS_SERVER_', `dnl 254240266059SGregory Neil ShapiroR$* $: $1 $| $>"Local_tls_server" $1 254340266059SGregory Neil ShapiroR$* $| $#$* $#$2 254440266059SGregory Neil ShapiroR$* $| $* $: $1', `dnl') 254506f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 254640266059SGregory Neil Shapirodnl store name of other side 254740266059SGregory Neil ShapiroR$* $: $(macro {TLS_Name} $@ $&{server_name} $) $1 254840266059SGregory Neil ShapiroR$* $: $1 $| $>D <$&{server_name}> <?> <! TLS_SRV_TAG> <> 254940266059SGregory Neil ShapiroR$* $| <?>$* $: $1 $| $>A <$&{server_addr}> <?> <! TLS_SRV_TAG> <> 255006f25ae9SGregory Neil Shapirodnl do a default lookup: just TLS_SRV_TAG 255106f25ae9SGregory Neil ShapiroR$* $| <?>$* $: $1 $| <$(access TLS_SRV_TAG`'_TAG_DELIM_ $: ? $)> 255240266059SGregory Neil Shapiroifdef(`_ATMPF_', `dnl tempfail? 255340266059SGregory Neil ShapiroR$* $| <$* _ATMPF_> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl') 255440266059SGregory Neil ShapiroR$* $@ $>"TLS_connection" $1', `dnl 255540266059SGregory Neil ShapiroR$* $@ $>"TLS_connection" $1') 255606f25ae9SGregory Neil Shapiro 255740266059SGregory Neil Shapiro###################################################################### 255840266059SGregory Neil Shapiro### TLS_connection: is TLS connection "good" enough? 255940266059SGregory Neil Shapiro### 256040266059SGregory Neil Shapiro### Parameters: 256106f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 256240266059SGregory Neil Shapiro### ${verify} $| <Requirement> [<>]', `dnl 256340266059SGregory Neil Shapiro### ${verify}') 256440266059SGregory Neil Shapiro### Requirement: RHS from access map, may be ? for none. 256540266059SGregory Neil Shapirodnl syntax for Requirement: 256640266059SGregory Neil Shapirodnl [(PERM|TEMP)+] (VERIFY[:bits]|ENCR:bits) [+extensions] 256740266059SGregory Neil Shapirodnl extensions: could be a list of further requirements 256840266059SGregory Neil Shapirodnl for now: CN:string {cn_subject} == string 256940266059SGregory Neil Shapiro###################################################################### 257040266059SGregory Neil ShapiroSTLS_connection 257140266059SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl', `dnl use default error 257240266059SGregory Neil Shapirodnl deal with TLS handshake failures: abort 257340266059SGregory Neil ShapiroRSOFTWARE $#error $@ ifdef(`TLS_PERM_ERR', `5.7.0', `4.7.0') $: "ifdef(`TLS_PERM_ERR', `503', `403') TLS handshake." 257440266059SGregory Neil Shapirodivert(-1)') 257506f25ae9SGregory Neil Shapirodnl common ruleset for tls_{client|server} 257640266059SGregory Neil Shapirodnl input: ${verify} $| <ResultOfLookup> [<>] 257706f25ae9SGregory Neil Shapirodnl remove optional <> 257806f25ae9SGregory Neil ShapiroR$* $| <$*>$* $: $1 $| <$2> 257940266059SGregory Neil Shapirodnl workspace: ${verify} $| <ResultOfLookup> 258040266059SGregory Neil Shapiro# create the appropriate error codes 258106f25ae9SGregory Neil Shapirodnl permanent or temporary error? 258206f25ae9SGregory Neil ShapiroR$* $| <PERM + $={tls} $*> $: $1 $| <503:5.7.0> <$2 $3> 258306f25ae9SGregory Neil ShapiroR$* $| <TEMP + $={tls} $*> $: $1 $| <403:4.7.0> <$2 $3> 258406f25ae9SGregory Neil Shapirodnl default case depends on TLS_PERM_ERR 258506f25ae9SGregory Neil ShapiroR$* $| <$={tls} $*> $: $1 $| <ifdef(`TLS_PERM_ERR', `503:5.7.0', `403:4.7.0')> <$2 $3> 258640266059SGregory Neil Shapirodnl workspace: ${verify} $| [<SMTP:ESC>] <ResultOfLookup> 258740266059SGregory Neil Shapiro# deal with TLS handshake failures: abort 258806f25ae9SGregory Neil ShapiroRSOFTWARE $| <$-:$+> $* $#error $@ $2 $: $1 " TLS handshake failed." 258906f25ae9SGregory Neil Shapirodnl no <reply:dns> i.e. not requirements in the access map 259006f25ae9SGregory Neil Shapirodnl use default error 259106f25ae9SGregory Neil ShapiroRSOFTWARE $| $* $#error $@ ifdef(`TLS_PERM_ERR', `5.7.0', `4.7.0') $: "ifdef(`TLS_PERM_ERR', `503', `403') TLS handshake failed." 259240266059SGregory Neil ShapiroR$* $| <$*> <VERIFY> $: <$2> <VERIFY> <> $1 259340266059SGregory Neil Shapirodnl separate optional requirements 259440266059SGregory Neil ShapiroR$* $| <$*> <VERIFY + $+> $: <$2> <VERIFY> <$3> $1 259540266059SGregory Neil ShapiroR$* $| <$*> <$={tls}:$->$* $: <$2> <$3:$4> <> $1 259640266059SGregory Neil Shapirodnl separate optional requirements 259740266059SGregory Neil ShapiroR$* $| <$*> <$={tls}:$- + $+>$* $: <$2> <$3:$4> <$5> $1 259806f25ae9SGregory Neil Shapirodnl some other value in access map: accept 259906f25ae9SGregory Neil Shapirodnl this also allows to override the default case (if used) 260006f25ae9SGregory Neil ShapiroR$* $| $* $@ OK 260106f25ae9SGregory Neil Shapiro# authentication required: give appropriate error 260206f25ae9SGregory Neil Shapiro# other side did authenticate (via STARTTLS) 260340266059SGregory Neil Shapirodnl workspace: <SMTP:ESC> <{VERIFY,ENCR}[:BITS]> <[extensions]> ${verify} 260406f25ae9SGregory Neil Shapirodnl only verification required and it succeeded 260540266059SGregory Neil ShapiroR<$*><VERIFY> <> OK $@ OK 260640266059SGregory Neil Shapirodnl verification required and it succeeded but extensions are given 260740266059SGregory Neil Shapirodnl change it to <SMTP:ESC> <REQ:0> <extensions> 260840266059SGregory Neil ShapiroR<$*><VERIFY> <$+> OK $: <$1> <REQ:0> <$2> 260906f25ae9SGregory Neil Shapirodnl verification required + some level of encryption 261040266059SGregory Neil ShapiroR<$*><VERIFY:$-> <$*> OK $: <$1> <REQ:$2> <$3> 261106f25ae9SGregory Neil Shapirodnl just some level of encryption required 261240266059SGregory Neil ShapiroR<$*><ENCR:$-> <$*> $* $: <$1> <REQ:$2> <$3> 261340266059SGregory Neil Shapirodnl workspace: 261440266059SGregory Neil Shapirodnl 1. <SMTP:ESC> <VERIFY [:bits]> <[extensions]> {verify} (!= OK) 261540266059SGregory Neil Shapirodnl 2. <SMTP:ESC> <REQ:bits> <[extensions]> 261640266059SGregory Neil Shapirodnl verification required but ${verify} is not set (case 1.) 261740266059SGregory Neil ShapiroR<$-:$+><VERIFY $*> <$*> $#error $@ $2 $: $1 " authentication required" 261840266059SGregory Neil ShapiroR<$-:$+><VERIFY $*> <$*> FAIL $#error $@ $2 $: $1 " authentication failed" 261940266059SGregory Neil ShapiroR<$-:$+><VERIFY $*> <$*> NO $#error $@ $2 $: $1 " not authenticated" 262040266059SGregory Neil ShapiroR<$-:$+><VERIFY $*> <$*> NOT $#error $@ $2 $: $1 " no authentication requested" 262140266059SGregory Neil ShapiroR<$-:$+><VERIFY $*> <$*> NONE $#error $@ $2 $: $1 " other side does not support STARTTLS" 262206f25ae9SGregory Neil Shapirodnl some other value for ${verify} 262340266059SGregory Neil ShapiroR<$-:$+><VERIFY $*> <$*> $+ $#error $@ $2 $: $1 " authentication failure " $4 262440266059SGregory Neil Shapirodnl some level of encryption required: get the maximum level (case 2.) 262540266059SGregory Neil ShapiroR<$*><REQ:$-> <$*> $: <$1> <REQ:$2> <$3> $>max $&{cipher_bits} : $&{auth_ssf} 262606f25ae9SGregory Neil Shapirodnl compare required bits with actual bits 262740266059SGregory Neil ShapiroR<$*><REQ:$-> <$*> $- $: <$1> <$2:$4> <$3> $(arith l $@ $4 $@ $2 $) 262840266059SGregory Neil ShapiroR<$-:$+><$-:$-> <$*> TRUE $#error $@ $2 $: $1 " encryption too weak " $4 " less than " $3 262940266059SGregory Neil Shapirodnl strength requirements fulfilled 263040266059SGregory Neil Shapirodnl TLS Additional Requirements Separator 263140266059SGregory Neil Shapirodnl this should be something which does not appear in the extensions itself 263240266059SGregory Neil Shapirodnl @ could be part of a CN, DN, etc... 263340266059SGregory Neil Shapirodnl use < > ? those are encoded in CN, DN, ... 263440266059SGregory Neil Shapirodefine(`_TLS_ARS_', `++')dnl 263540266059SGregory Neil Shapirodnl workspace: 263640266059SGregory Neil Shapirodnl <SMTP:ESC> <REQ:bits> <extensions> result-of-compare 263740266059SGregory Neil ShapiroR<$-:$+><$-:$-> <$*> $* $: <$1:$2 _TLS_ARS_ $5> 263840266059SGregory Neil Shapirodnl workspace: <SMTP:ESC _TLS_ARS_ extensions> 263940266059SGregory Neil Shapirodnl continue: check extensions 264040266059SGregory Neil ShapiroR<$-:$+ _TLS_ARS_ > $@ OK 264140266059SGregory Neil Shapirodnl split extensions into own list 264240266059SGregory Neil ShapiroR<$-:$+ _TLS_ARS_ $+ > $: <$1:$2> <$3> 264340266059SGregory Neil ShapiroR<$-:$+> < $+ _TLS_ARS_ $+ > <$1:$2> <$3> <$4> 264440266059SGregory Neil ShapiroR<$-:$+> $+ $@ $>"TLS_req" $3 $| <$1:$2> 264506f25ae9SGregory Neil Shapiro 264640266059SGregory Neil Shapiro###################################################################### 264740266059SGregory Neil Shapiro### TLS_req: check additional TLS requirements 264840266059SGregory Neil Shapiro### 264940266059SGregory Neil Shapiro### Parameters: [<list> <of> <req>] $| <$-:$+> 265040266059SGregory Neil Shapiro### $-: SMTP reply code 265140266059SGregory Neil Shapiro### $+: Enhanced Status Code 265240266059SGregory Neil Shapirodnl further requirements for this ruleset: 265340266059SGregory Neil Shapirodnl name of "other side" is stored is {TLS_name} (client/server_name) 265440266059SGregory Neil Shapirodnl 265540266059SGregory Neil Shapirodnl currently only CN[:common_name] is implemented 265640266059SGregory Neil Shapirodnl right now this is only a logical AND 265740266059SGregory Neil Shapirodnl i.e. all requirements must be true 265840266059SGregory Neil Shapirodnl how about an OR? CN must be X or CN must be Y or .. 265940266059SGregory Neil Shapirodnl use a macro to compute this as a trivial sequential 266040266059SGregory Neil Shapirodnl operations (no precedences etc)? 266140266059SGregory Neil Shapiro###################################################################### 266240266059SGregory Neil ShapiroSTLS_req 266340266059SGregory Neil Shapirodnl no additional requirements: ok 266440266059SGregory Neil ShapiroR $| $+ $@ OK 266540266059SGregory Neil Shapirodnl require CN: but no CN specified: use name of other side 266640266059SGregory Neil ShapiroR<CN> $* $| <$+> $: <CN:$&{TLS_Name}> $1 $| <$2> 266740266059SGregory Neil Shapirodnl match, check rest 266840266059SGregory Neil ShapiroR<CN:$&{cn_subject}> $* $| <$+> $@ $>"TLS_req" $1 $| <$2> 266940266059SGregory Neil Shapirodnl CN does not match 267040266059SGregory Neil Shapirodnl 1 2 3 4 267140266059SGregory Neil ShapiroR<CN:$+> $* $| <$-:$+> $#error $@ $4 $: $3 " CN " $&{cn_subject} " does not match " $1 267240266059SGregory Neil Shapirodnl cert subject 267340266059SGregory Neil ShapiroR<CS:$&{cert_subject}> $* $| <$+> $@ $>"TLS_req" $1 $| <$2> 267440266059SGregory Neil Shapirodnl CS does not match 267540266059SGregory Neil Shapirodnl 1 2 3 4 267640266059SGregory Neil ShapiroR<CS:$+> $* $| <$-:$+> $#error $@ $4 $: $3 " CERT Subject " $&{cert_subject} " does not match " $1 267740266059SGregory Neil Shapirodnl match, check rest 267840266059SGregory Neil ShapiroR<CI:$&{cert_issuer}> $* $| <$+> $@ $>"TLS_req" $1 $| <$2> 267940266059SGregory Neil Shapirodnl CI does not match 268040266059SGregory Neil Shapirodnl 1 2 3 4 268140266059SGregory Neil ShapiroR<CI:$+> $* $| <$-:$+> $#error $@ $4 $: $3 " CERT Issuer " $&{cert_issuer} " does not match " $1 268240266059SGregory Neil Shapirodnl return from recursive call 268340266059SGregory Neil ShapiroROK $@ OK 268440266059SGregory Neil Shapiro 268540266059SGregory Neil Shapiro###################################################################### 268640266059SGregory Neil Shapiro### max: return the maximum of two values separated by : 268740266059SGregory Neil Shapiro### 268840266059SGregory Neil Shapiro### Parameters: [$-]:[$-] 268940266059SGregory Neil Shapiro###################################################################### 269006f25ae9SGregory Neil ShapiroSmax 269106f25ae9SGregory Neil ShapiroR: $: 0 269206f25ae9SGregory Neil ShapiroR:$- $: $1 269306f25ae9SGregory Neil ShapiroR$-: $: $1 269406f25ae9SGregory Neil ShapiroR$-:$- $: $(arith l $@ $1 $@ $2 $) : $1 : $2 269506f25ae9SGregory Neil ShapiroRTRUE:$-:$- $: $2 269640266059SGregory Neil ShapiroR$-:$-:$- $: $2 269740266059SGregory Neil Shapirodnl endif _ACCESS_TABLE_ 269840266059SGregory Neil Shapirodivert(0) 269906f25ae9SGregory Neil Shapiro 270040266059SGregory Neil Shapiro###################################################################### 270140266059SGregory Neil Shapiro### RelayTLS: allow relaying based on TLS authentication 270240266059SGregory Neil Shapiro### 270340266059SGregory Neil Shapiro### Parameters: 270440266059SGregory Neil Shapiro### none 270540266059SGregory Neil Shapiro###################################################################### 270640266059SGregory Neil ShapiroSRelayTLS 270706f25ae9SGregory Neil Shapiro# authenticated? 270806f25ae9SGregory Neil Shapirodnl we do not allow relaying for anyone who can present a cert 270906f25ae9SGregory Neil Shapirodnl signed by a "trusted" CA. For example, even if we put verisigns 271006f25ae9SGregory Neil Shapirodnl CA in CERTPath so we can authenticate users, we do not allow 271106f25ae9SGregory Neil Shapirodnl them to abuse our server (they might be easier to get hold of, 271206f25ae9SGregory Neil Shapirodnl but anyway). 271306f25ae9SGregory Neil Shapirodnl so here is the trick: if the verification succeeded 271406f25ae9SGregory Neil Shapirodnl we look up the cert issuer in the access map 271506f25ae9SGregory Neil Shapirodnl (maybe after extracting a part with a regular expression) 271606f25ae9SGregory Neil Shapirodnl if this returns RELAY we relay without further questions 271706f25ae9SGregory Neil Shapirodnl if it returns SUBJECT we perform a similar check on the 271806f25ae9SGregory Neil Shapirodnl cert subject. 271906f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 272040266059SGregory Neil ShapiroR$* $: <?> $&{verify} 272140266059SGregory Neil ShapiroR<?> OK $: OK authenticated: continue 272240266059SGregory Neil ShapiroR<?> $* $@ NO not authenticated 272306f25ae9SGregory Neil Shapiroifdef(`_CERT_REGEX_ISSUER_', `dnl 272440266059SGregory Neil ShapiroR$* $: $(CERTIssuer $&{cert_issuer} $)', 272540266059SGregory Neil Shapiro`R$* $: $&{cert_issuer}') 272640266059SGregory Neil ShapiroR$+ $: $(access CERTISSUER`'_TAG_DELIM_`'$1 $) 272706f25ae9SGregory Neil Shapirodnl use $# to stop further checks (delay_check) 272840266059SGregory Neil ShapiroRRELAY $# RELAY 272906f25ae9SGregory Neil Shapiroifdef(`_CERT_REGEX_SUBJECT_', `dnl 273040266059SGregory Neil ShapiroRSUBJECT $: <@> $(CERTSubject $&{cert_subject} $)', 273140266059SGregory Neil Shapiro`RSUBJECT $: <@> $&{cert_subject}') 273240266059SGregory Neil ShapiroR<@> $+ $: <@> $(access CERTSUBJECT`'_TAG_DELIM_`'$1 $) 273340266059SGregory Neil ShapiroR<@> RELAY $# RELAY 273440266059SGregory Neil ShapiroR$* $: NO', `dnl') 273540266059SGregory Neil Shapiro 273640266059SGregory Neil Shapiro###################################################################### 273740266059SGregory Neil Shapiro### authinfo: lookup authinfo in the access map 273840266059SGregory Neil Shapiro### 273940266059SGregory Neil Shapiro### Parameters: 274040266059SGregory Neil Shapiro### $1: {server_name} 274140266059SGregory Neil Shapiro### $2: {server_addr} 274240266059SGregory Neil Shapirodnl both are currently ignored 274340266059SGregory Neil Shapirodnl if it should be done via another map, we either need to restrict 274440266059SGregory Neil Shapirodnl functionality (it calls D and A) or copy those rulesets (or add another 274540266059SGregory Neil Shapirodnl parameter which I want to avoid, it's quite complex already) 274640266059SGregory Neil Shapiro###################################################################### 274740266059SGregory Neil Shapirodnl omit this ruleset if neither is defined? 274840266059SGregory Neil Shapirodnl it causes DefaultAuthInfo to be ignored 274940266059SGregory Neil Shapirodnl (which may be considered a good thing). 275040266059SGregory Neil ShapiroSauthinfo 275140266059SGregory Neil Shapiroifdef(`_AUTHINFO_TABLE_', `dnl 275240266059SGregory Neil ShapiroR$* $: <$(authinfo AuthInfo:$&{server_name} $: ? $)> 275340266059SGregory Neil ShapiroR<?> $: <$(authinfo AuthInfo:$&{server_addr} $: ? $)> 275440266059SGregory Neil ShapiroR<?> $: <$(authinfo AuthInfo: $: ? $)> 275540266059SGregory Neil ShapiroR<?> $@ no no authinfo available 275640266059SGregory Neil ShapiroR<$*> $# $1 275740266059SGregory Neil Shapirodnl', `dnl 275840266059SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 275940266059SGregory Neil ShapiroR$* $: $1 $| $>D <$&{server_name}> <?> <! AuthInfo> <> 276040266059SGregory Neil ShapiroR$* $| <?>$* $: $1 $| $>A <$&{server_addr}> <?> <! AuthInfo> <> 276140266059SGregory Neil ShapiroR$* $| <?>$* $: $1 $| <$(access AuthInfo`'_TAG_DELIM_ $: ? $)> <> 276240266059SGregory Neil ShapiroR$* $| <?>$* $@ no no authinfo available 276340266059SGregory Neil ShapiroR$* $| <$*> <> $# $2 276440266059SGregory Neil Shapirodnl', `dnl')') 276506f25ae9SGregory Neil Shapiro 276606f25ae9SGregory Neil Shapiroundivert(9)dnl LOCAL_RULESETS 276706f25ae9SGregory Neil Shapiro# 276806f25ae9SGregory Neil Shapiro###################################################################### 276906f25ae9SGregory Neil Shapiro###################################################################### 277006f25ae9SGregory Neil Shapiro##### 277106f25ae9SGregory Neil Shapiro`##### MAIL FILTER DEFINITIONS' 277206f25ae9SGregory Neil Shapiro##### 277306f25ae9SGregory Neil Shapiro###################################################################### 277406f25ae9SGregory Neil Shapiro###################################################################### 277540266059SGregory Neil Shapiro_MAIL_FILTERS_ 2776c2aa98e2SPeter Wemm# 2777c2aa98e2SPeter Wemm###################################################################### 2778c2aa98e2SPeter Wemm###################################################################### 2779c2aa98e2SPeter Wemm##### 2780c2aa98e2SPeter Wemm`##### MAILER DEFINITIONS' 2781c2aa98e2SPeter Wemm##### 2782c2aa98e2SPeter Wemm###################################################################### 2783c2aa98e2SPeter Wemm###################################################################### 278406f25ae9SGregory Neil Shapiroundivert(7)dnl MAILER_DEFINITIONS 278542e5d165SGregory Neil Shapiro 2786