1c2aa98e2SPeter Wemmdivert(-1) 2c2aa98e2SPeter Wemm# 306f25ae9SGregory Neil Shapiro# Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers. 406f25ae9SGregory Neil Shapiro# All rights reserved. 5c2aa98e2SPeter Wemm# Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved. 6c2aa98e2SPeter Wemm# Copyright (c) 1988, 1993 7c2aa98e2SPeter Wemm# The Regents of the University of California. All rights reserved. 8c2aa98e2SPeter Wemm# 9c2aa98e2SPeter Wemm# By using this file, you agree to the terms and conditions set 10c2aa98e2SPeter Wemm# forth in the LICENSE file which can be found at the top level of 11c2aa98e2SPeter Wemm# the sendmail distribution. 12c2aa98e2SPeter Wemm# 13c2aa98e2SPeter Wemm# 14c2aa98e2SPeter Wemmdivert(0) 15c2aa98e2SPeter Wemm 168774250cSGregory Neil ShapiroVERSIONID(`$Id: proto.m4,v 8.446.2.5.2.41 2001/05/23 21:32:16 ca Exp $') 17c2aa98e2SPeter Wemm 18c2aa98e2SPeter WemmMAILER(local)dnl 19c2aa98e2SPeter Wemm 2006f25ae9SGregory Neil Shapiro# level CF_LEVEL config file format 2106f25ae9SGregory Neil ShapiroV`'CF_LEVEL/ifdef(`VENDOR_NAME', `VENDOR_NAME', `Berkeley') 22c2aa98e2SPeter Wemmdivert(-1) 23c2aa98e2SPeter Wemm 24c2aa98e2SPeter Wemm# do some sanity checking 25c2aa98e2SPeter Wemmifdef(`__OSTYPE__',, 2606f25ae9SGregory Neil Shapiro `errprint(`*** ERROR: No system type defined (use OSTYPE macro) 2706f25ae9SGregory Neil Shapiro')') 28c2aa98e2SPeter Wemm 29c2aa98e2SPeter Wemm# pick our default mailers 30c2aa98e2SPeter Wemmifdef(`confSMTP_MAILER',, `define(`confSMTP_MAILER', `esmtp')') 31c2aa98e2SPeter Wemmifdef(`confLOCAL_MAILER',, `define(`confLOCAL_MAILER', `local')') 32c2aa98e2SPeter Wemmifdef(`confRELAY_MAILER',, 33c2aa98e2SPeter Wemm `define(`confRELAY_MAILER', 34c2aa98e2SPeter Wemm `ifdef(`_MAILER_smtp_', `relay', 35c2aa98e2SPeter Wemm `ifdef(`_MAILER_uucp', `uucp-new', `unknown')')')') 36c2aa98e2SPeter Wemmifdef(`confUUCP_MAILER',, `define(`confUUCP_MAILER', `uucp-old')') 37c2aa98e2SPeter Wemmdefine(`_SMTP_', `confSMTP_MAILER')dnl for readability only 38c2aa98e2SPeter Wemmdefine(`_LOCAL_', `confLOCAL_MAILER')dnl for readability only 39c2aa98e2SPeter Wemmdefine(`_RELAY_', `confRELAY_MAILER')dnl for readability only 40c2aa98e2SPeter Wemmdefine(`_UUCP_', `confUUCP_MAILER')dnl for readability only 41c2aa98e2SPeter Wemm 42c2aa98e2SPeter Wemm# back compatibility with old config files 43c2aa98e2SPeter Wemmifdef(`confDEF_GROUP_ID', 4406f25ae9SGregory Neil Shapiro`errprint(`*** confDEF_GROUP_ID is obsolete. 4506f25ae9SGregory Neil Shapiro Use confDEF_USER_ID with a colon in the value instead. 4606f25ae9SGregory Neil Shapiro')') 47c2aa98e2SPeter Wemmifdef(`confREAD_TIMEOUT', 4806f25ae9SGregory Neil Shapiro`errprint(`*** confREAD_TIMEOUT is obsolete. 4906f25ae9SGregory Neil Shapiro Use individual confTO_<timeout> parameters instead. 5006f25ae9SGregory Neil Shapiro')') 51c2aa98e2SPeter Wemmifdef(`confMESSAGE_TIMEOUT', 52c2aa98e2SPeter Wemm `define(`_ARG_', index(confMESSAGE_TIMEOUT, /)) 53c2aa98e2SPeter Wemm ifelse(_ARG_, -1, 54c2aa98e2SPeter Wemm `define(`confTO_QUEUERETURN', confMESSAGE_TIMEOUT)', 55c2aa98e2SPeter Wemm `define(`confTO_QUEUERETURN', 56c2aa98e2SPeter Wemm substr(confMESSAGE_TIMEOUT, 0, _ARG_)) 57c2aa98e2SPeter Wemm define(`confTO_QUEUEWARN', 58c2aa98e2SPeter Wemm substr(confMESSAGE_TIMEOUT, eval(_ARG_+1)))')') 59c2aa98e2SPeter Wemmifdef(`confMIN_FREE_BLOCKS', `ifelse(index(confMIN_FREE_BLOCKS, /), -1,, 6006f25ae9SGregory Neil Shapiro`errprint(`*** compound confMIN_FREE_BLOCKS is obsolete. 6106f25ae9SGregory Neil Shapiro Use confMAX_MESSAGE_SIZE for the second part of the value. 6206f25ae9SGregory Neil Shapiro')')') 6306f25ae9SGregory Neil Shapiro 6406f25ae9SGregory Neil Shapiro 6506f25ae9SGregory Neil Shapiro# Sanity check on ldap_routing feature 6606f25ae9SGregory Neil Shapiro# If the user doesn't specify a new map, they better have given as a 6706f25ae9SGregory Neil Shapiro# default LDAP specification which has the LDAP base (and most likely the host) 6806f25ae9SGregory Neil Shapiroifdef(`confLDAP_DEFAULT_SPEC',, `ifdef(`_LDAP_ROUTING_WARN_', `errprint(` 6906f25ae9SGregory Neil ShapiroWARNING: Using default FEATURE(ldap_routing) map definition(s) 7006f25ae9SGregory Neil Shapirowithout setting confLDAP_DEFAULT_SPEC option. 7106f25ae9SGregory Neil Shapiro')')')dnl 72c2aa98e2SPeter Wemm 73c2aa98e2SPeter Wemm# clean option definitions below.... 7406f25ae9SGregory Neil Shapirodefine(`_OPTION', `ifdef(`$2', `O $1`'ifelse(defn(`$2'), `',, `=$2')', `#O $1`'ifelse(`$3', `',,`=$3')')')dnl 75c2aa98e2SPeter Wemm 7606f25ae9SGregory Neil Shapirodnl required to "rename" the check_* rulesets... 7706f25ae9SGregory Neil Shapirodefine(`_U_',ifdef(`_DELAY_CHECKS_',`',`_')) 7806f25ae9SGregory Neil Shapirodnl default relaying denied message 7906f25ae9SGregory Neil Shapiroifdef(`confRELAY_MSG', `', `define(`confRELAY_MSG', `"550 Relaying denied"')') 808774250cSGregory Neil Shapirodefine(`CODE553', `553') 81c2aa98e2SPeter Wemmdivert(0)dnl 82c2aa98e2SPeter Wemm 8306f25ae9SGregory Neil Shapiro# override file safeties - setting this option compromises system security, 8406f25ae9SGregory Neil Shapiro# addressing the actual file configuration problem is preferred 8506f25ae9SGregory Neil Shapiro# need to set this before any file actions are encountered in the cf file 8606f25ae9SGregory Neil Shapiro_OPTION(DontBlameSendmail, `confDONT_BLAME_SENDMAIL', `safe') 8706f25ae9SGregory Neil Shapiro 8806f25ae9SGregory Neil Shapiro# default LDAP map specification 8906f25ae9SGregory Neil Shapiro# need to set this now before any LDAP maps are defined 9006f25ae9SGregory Neil Shapiro_OPTION(LDAPDefaultSpec, `confLDAP_DEFAULT_SPEC', `-h localhost') 91c2aa98e2SPeter Wemm 92c2aa98e2SPeter Wemm################## 93c2aa98e2SPeter Wemm# local info # 94c2aa98e2SPeter Wemm################## 95c2aa98e2SPeter Wemm 96c2aa98e2SPeter WemmCwlocalhost 97c2aa98e2SPeter Wemmifdef(`USE_CW_FILE', 98c2aa98e2SPeter Wemm`# file containing names of hosts for which we receive email 99c2aa98e2SPeter WemmFw`'confCW_FILE', 100c2aa98e2SPeter Wemm `dnl') 101c2aa98e2SPeter Wemm 102c2aa98e2SPeter Wemm# my official domain name 103c2aa98e2SPeter Wemm# ... `define' this only if sendmail cannot automatically determine your domain 104c2aa98e2SPeter Wemmifdef(`confDOMAIN_NAME', `Dj`'confDOMAIN_NAME', `#Dj$w.Foo.COM') 105c2aa98e2SPeter Wemm 106c2aa98e2SPeter WemmCP. 107c2aa98e2SPeter Wemm 108c2aa98e2SPeter Wemmifdef(`UUCP_RELAY', 109c2aa98e2SPeter Wemm`# UUCP relay host 110c2aa98e2SPeter WemmDY`'UUCP_RELAY 111c2aa98e2SPeter WemmCPUUCP 112c2aa98e2SPeter Wemm 113c2aa98e2SPeter Wemm')dnl 114c2aa98e2SPeter Wemmifdef(`BITNET_RELAY', 115c2aa98e2SPeter Wemm`# BITNET relay host 116c2aa98e2SPeter WemmDB`'BITNET_RELAY 117c2aa98e2SPeter WemmCPBITNET 118c2aa98e2SPeter Wemm 119c2aa98e2SPeter Wemm')dnl 120c2aa98e2SPeter Wemmifdef(`DECNET_RELAY', 121c2aa98e2SPeter Wemm`define(`_USE_DECNET_SYNTAX_', 1)dnl 122c2aa98e2SPeter Wemm# DECnet relay host 123c2aa98e2SPeter WemmDC`'DECNET_RELAY 124c2aa98e2SPeter WemmCPDECNET 125c2aa98e2SPeter Wemm 126c2aa98e2SPeter Wemm')dnl 127c2aa98e2SPeter Wemmifdef(`FAX_RELAY', 128c2aa98e2SPeter Wemm`# FAX relay host 129c2aa98e2SPeter WemmDF`'FAX_RELAY 130c2aa98e2SPeter WemmCPFAX 131c2aa98e2SPeter Wemm 132c2aa98e2SPeter Wemm')dnl 133c2aa98e2SPeter Wemm# "Smart" relay host (may be null) 134c2aa98e2SPeter WemmDS`'ifdef(`SMART_HOST', SMART_HOST) 135c2aa98e2SPeter Wemm 136c2aa98e2SPeter Wemmifdef(`LUSER_RELAY', `dnl 137c2aa98e2SPeter Wemm# place to which unknown users should be forwarded 138c2aa98e2SPeter WemmKuser user -m -a<> 139c2aa98e2SPeter WemmDL`'LUSER_RELAY', 140c2aa98e2SPeter Wemm`dnl') 141c2aa98e2SPeter Wemm 142c2aa98e2SPeter Wemm# operators that cannot be in local usernames (i.e., network indicators) 143c2aa98e2SPeter WemmCO @ % ifdef(`_NO_UUCP_', `', `!') 144c2aa98e2SPeter Wemm 145c2aa98e2SPeter Wemm# a class with just dot (for identifying canonical names) 146c2aa98e2SPeter WemmC.. 147c2aa98e2SPeter Wemm 148c2aa98e2SPeter Wemm# a class with just a left bracket (for identifying domain literals) 149c2aa98e2SPeter WemmC[[ 150c2aa98e2SPeter Wemm 15106f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 15206f25ae9SGregory Neil Shapiro# access_db acceptance class 15306f25ae9SGregory Neil ShapiroC{Accept}OK RELAY 15406f25ae9SGregory Neil Shapiroifdef(`_DELAY_CHECKS_',`dnl 15506f25ae9SGregory Neil Shapiroifdef(`_BLACKLIST_RCPT_',`dnl 15606f25ae9SGregory Neil Shapiro# possible access_db RHS for spam friends/haters 15706f25ae9SGregory Neil ShapiroC{SpamTag}SPAMFRIEND SPAMHATER')')', 158c2aa98e2SPeter Wemm`dnl') 159c2aa98e2SPeter Wemm 160c2aa98e2SPeter Wemmifdef(`_ACCEPT_UNRESOLVABLE_DOMAINS_',`dnl',`dnl 161c2aa98e2SPeter Wemm# Resolve map (to check if a host exists in check_mail) 162c2aa98e2SPeter WemmKresolve host -a<OK> -T<TEMP>') 163c2aa98e2SPeter Wemm 16442e5d165SGregory Neil Shapiroifdef(`_FFR_5_', `# macro storage map 16542e5d165SGregory Neil ShapiroKmacro macro') 16642e5d165SGregory Neil Shapiro 167c2aa98e2SPeter Wemmifdef(`confCR_FILE', `dnl 16842e5d165SGregory Neil Shapiro# Hosts for which relaying is permitted ($=R) 169c2aa98e2SPeter WemmFR`'confCR_FILE', 170c2aa98e2SPeter Wemm`dnl') 171c2aa98e2SPeter Wemm 17206f25ae9SGregory Neil Shapirodefine(`TLS_SRV_TAG', `TLS_Srv')dnl 17306f25ae9SGregory Neil Shapirodefine(`TLS_CLT_TAG', `TLS_Clt')dnl 17406f25ae9SGregory Neil Shapirodefine(`TLS_TRY_TAG', `Try_TLS')dnl 17506f25ae9SGregory Neil Shapirodefine(`TLS_OFF_TAG', `Offer_TLS')dnl 17606f25ae9SGregory Neil Shapirodnl this may be useful in other contexts too 17706f25ae9SGregory Neil Shapiroifdef(`_ARITH_MAP_', `', `# arithmetic map 17806f25ae9SGregory Neil Shapirodefine(`_ARITH_MAP_', `1')dnl 17906f25ae9SGregory Neil ShapiroKarith arith') 18006f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 18106f25ae9SGregory Neil Shapiro# possible values for tls_connect in access map 18206f25ae9SGregory Neil ShapiroC{tls}VERIFY ENCR', `dnl') 18306f25ae9SGregory Neil Shapiroifdef(`_CERT_REGEX_ISSUER_', `dnl 18406f25ae9SGregory Neil Shapiro# extract relevant part from cert issuer 18506f25ae9SGregory Neil ShapiroKCERTIssuer regex _CERT_REGEX_ISSUER_', `dnl') 18606f25ae9SGregory Neil Shapiroifdef(`_CERT_REGEX_SUBJECT_', `dnl 18706f25ae9SGregory Neil Shapiro# extract relevant part from cert subject 18806f25ae9SGregory Neil ShapiroKCERTSubject regex _CERT_REGEX_SUBJECT_', `dnl') 18906f25ae9SGregory Neil Shapiro 190c2aa98e2SPeter Wemm# who I send unqualified names to (null means deliver locally) 191c2aa98e2SPeter WemmDR`'ifdef(`LOCAL_RELAY', LOCAL_RELAY) 192c2aa98e2SPeter Wemm 193c2aa98e2SPeter Wemm# who gets all local email traffic ($R has precedence for unqualified names) 194c2aa98e2SPeter WemmDH`'ifdef(`MAIL_HUB', MAIL_HUB) 195c2aa98e2SPeter Wemm 196c2aa98e2SPeter Wemm# dequoting map 197c2aa98e2SPeter WemmKdequote dequote 198c2aa98e2SPeter Wemm 199c2aa98e2SPeter Wemmdivert(0)dnl # end of nullclient diversion 200c2aa98e2SPeter Wemm# class E: names that should be exposed as from this host, even if we masquerade 20106f25ae9SGregory Neil Shapiro# class L: names that should be delivered locally, even if we have a relay 202c2aa98e2SPeter Wemm# class M: domains that should be converted to $M 20306f25ae9SGregory Neil Shapiro# class N: domains that should not be converted to $M 204c2aa98e2SPeter Wemm#CL root 205c2aa98e2SPeter Wemmundivert(5)dnl 20606f25ae9SGregory Neil Shapiroifdef(`_VIRTHOSTS_', `CR$={VirtHost}', `dnl') 207c2aa98e2SPeter Wemm 208c2aa98e2SPeter Wemm# who I masquerade as (null for no masquerading) (see also $=M) 209c2aa98e2SPeter WemmDM`'ifdef(`MASQUERADE_NAME', MASQUERADE_NAME) 210c2aa98e2SPeter Wemm 211c2aa98e2SPeter Wemm# my name for error messages 212c2aa98e2SPeter Wemmifdef(`confMAILER_NAME', `Dn`'confMAILER_NAME', `#DnMAILER-DAEMON') 213c2aa98e2SPeter Wemm 21406f25ae9SGregory Neil Shapiroundivert(6)dnl LOCAL_CONFIG 215c2aa98e2SPeter Wemminclude(_CF_DIR_`m4/version.m4') 216c2aa98e2SPeter Wemm 217c2aa98e2SPeter Wemm############### 218c2aa98e2SPeter Wemm# Options # 219c2aa98e2SPeter Wemm############### 220c2aa98e2SPeter Wemm 221c2aa98e2SPeter Wemm# strip message body to 7 bits on input? 22206f25ae9SGregory Neil Shapiro_OPTION(SevenBitInput, `confSEVEN_BIT_INPUT', `False') 223c2aa98e2SPeter Wemm 224c2aa98e2SPeter Wemm# 8-bit data handling 2258774250cSGregory Neil Shapiro_OPTION(EightBitMode, `confEIGHT_BIT_HANDLING', `pass8') 226c2aa98e2SPeter Wemm 227c2aa98e2SPeter Wemm# wait for alias file rebuild (default units: minutes) 22806f25ae9SGregory Neil Shapiro_OPTION(AliasWait, `confALIAS_WAIT', `5m') 229c2aa98e2SPeter Wemm 230c2aa98e2SPeter Wemm# location of alias file 23106f25ae9SGregory Neil Shapiro_OPTION(AliasFile, `ALIAS_FILE', `MAIL_SETTINGS_DIR`'aliases') 23206f25ae9SGregory Neil Shapiro 233c2aa98e2SPeter Wemm# minimum number of free blocks on filesystem 23406f25ae9SGregory Neil Shapiro_OPTION(MinFreeBlocks, `confMIN_FREE_BLOCKS', `100') 235c2aa98e2SPeter Wemm 236c2aa98e2SPeter Wemm# maximum message size 23706f25ae9SGregory Neil Shapiro_OPTION(MaxMessageSize, `confMAX_MESSAGE_SIZE', `1000000') 238c2aa98e2SPeter Wemm 239c2aa98e2SPeter Wemm# substitution for space (blank) characters 24006f25ae9SGregory Neil Shapiro_OPTION(BlankSub, `confBLANK_SUB', `_') 241c2aa98e2SPeter Wemm 242c2aa98e2SPeter Wemm# avoid connecting to "expensive" mailers on initial submission? 24306f25ae9SGregory Neil Shapiro_OPTION(HoldExpensive, `confCON_EXPENSIVE', `False') 244c2aa98e2SPeter Wemm 245c2aa98e2SPeter Wemm# checkpoint queue runs after every N successful deliveries 24606f25ae9SGregory Neil Shapiro_OPTION(CheckpointInterval, `confCHECKPOINT_INTERVAL', `10') 247c2aa98e2SPeter Wemm 248c2aa98e2SPeter Wemm# default delivery mode 24906f25ae9SGregory Neil Shapiro_OPTION(DeliveryMode, `confDELIVERY_MODE', `background') 250c2aa98e2SPeter Wemm 251c2aa98e2SPeter Wemm# automatically rebuild the alias database? 25206f25ae9SGregory Neil Shapiro# NOTE: There is a potential for a denial of service attack if this is set. 25306f25ae9SGregory Neil Shapiro# This option is deprecated and will be removed from a future version. 25406f25ae9SGregory Neil Shapiro_OPTION(AutoRebuildAliases, `confAUTO_REBUILD', `False') 255c2aa98e2SPeter Wemm 256c2aa98e2SPeter Wemm# error message header/file 25706f25ae9SGregory Neil Shapiro_OPTION(ErrorHeader, `confERROR_MESSAGE', `MAIL_SETTINGS_DIR`'error-header') 258c2aa98e2SPeter Wemm 259c2aa98e2SPeter Wemm# error mode 26006f25ae9SGregory Neil Shapiro_OPTION(ErrorMode, `confERROR_MODE', `print') 261c2aa98e2SPeter Wemm 262c2aa98e2SPeter Wemm# save Unix-style "From_" lines at top of header? 26306f25ae9SGregory Neil Shapiro_OPTION(SaveFromLine, `confSAVE_FROM_LINES', `False') 264c2aa98e2SPeter Wemm 265c2aa98e2SPeter Wemm# temporary file mode 26606f25ae9SGregory Neil Shapiro_OPTION(TempFileMode, `confTEMP_FILE_MODE', `0600') 267c2aa98e2SPeter Wemm 268c2aa98e2SPeter Wemm# match recipients against GECOS field? 26906f25ae9SGregory Neil Shapiro_OPTION(MatchGECOS, `confMATCH_GECOS', `False') 270c2aa98e2SPeter Wemm 271c2aa98e2SPeter Wemm# maximum hop count 27206f25ae9SGregory Neil Shapiro_OPTION(MaxHopCount, `confMAX_HOP', `17') 273c2aa98e2SPeter Wemm 274c2aa98e2SPeter Wemm# location of help file 27506f25ae9SGregory Neil ShapiroO HelpFile=ifdef(`HELP_FILE', HELP_FILE, `MAIL_SETTINGS_DIR`'helpfile') 276c2aa98e2SPeter Wemm 277c2aa98e2SPeter Wemm# ignore dots as terminators in incoming messages? 27806f25ae9SGregory Neil Shapiro_OPTION(IgnoreDots, `confIGNORE_DOTS', `False') 279c2aa98e2SPeter Wemm 280c2aa98e2SPeter Wemm# name resolver options 28106f25ae9SGregory Neil Shapiro_OPTION(ResolverOptions, `confBIND_OPTS', `+AAONLY') 282c2aa98e2SPeter Wemm 283c2aa98e2SPeter Wemm# deliver MIME-encapsulated error messages? 28406f25ae9SGregory Neil Shapiro_OPTION(SendMimeErrors, `confMIME_FORMAT_ERRORS', `True') 285c2aa98e2SPeter Wemm 286c2aa98e2SPeter Wemm# Forward file search path 28706f25ae9SGregory Neil Shapiro_OPTION(ForwardPath, `confFORWARD_PATH', `/var/forward/$u:$z/.forward.$w:$z/.forward') 288c2aa98e2SPeter Wemm 289c2aa98e2SPeter Wemm# open connection cache size 29006f25ae9SGregory Neil Shapiro_OPTION(ConnectionCacheSize, `confMCI_CACHE_SIZE', `2') 291c2aa98e2SPeter Wemm 292c2aa98e2SPeter Wemm# open connection cache timeout 29306f25ae9SGregory Neil Shapiro_OPTION(ConnectionCacheTimeout, `confMCI_CACHE_TIMEOUT', `5m') 294c2aa98e2SPeter Wemm 295c2aa98e2SPeter Wemm# persistent host status directory 29606f25ae9SGregory Neil Shapiro_OPTION(HostStatusDirectory, `confHOST_STATUS_DIRECTORY', `.hoststat') 297c2aa98e2SPeter Wemm 298c2aa98e2SPeter Wemm# single thread deliveries (requires HostStatusDirectory)? 29906f25ae9SGregory Neil Shapiro_OPTION(SingleThreadDelivery, `confSINGLE_THREAD_DELIVERY', `False') 300c2aa98e2SPeter Wemm 301c2aa98e2SPeter Wemm# use Errors-To: header? 30206f25ae9SGregory Neil Shapiro_OPTION(UseErrorsTo, `confUSE_ERRORS_TO', `False') 303c2aa98e2SPeter Wemm 304c2aa98e2SPeter Wemm# log level 30506f25ae9SGregory Neil Shapiro_OPTION(LogLevel, `confLOG_LEVEL', `10') 306c2aa98e2SPeter Wemm 307c2aa98e2SPeter Wemm# send to me too, even in an alias expansion? 30806f25ae9SGregory Neil Shapiro_OPTION(MeToo, `confME_TOO', `True') 309c2aa98e2SPeter Wemm 310c2aa98e2SPeter Wemm# verify RHS in newaliases? 31106f25ae9SGregory Neil Shapiro_OPTION(CheckAliases, `confCHECK_ALIASES', `False') 312c2aa98e2SPeter Wemm 313c2aa98e2SPeter Wemm# default messages to old style headers if no special punctuation? 31406f25ae9SGregory Neil Shapiro_OPTION(OldStyleHeaders, `confOLD_STYLE_HEADERS', `False') 315c2aa98e2SPeter Wemm 316c2aa98e2SPeter Wemm# SMTP daemon options 31706f25ae9SGregory Neil Shapiroifelse(defn(`confDAEMON_OPTIONS'), `', `dnl', 31806f25ae9SGregory Neil Shapiro`errprint(WARNING: `confDAEMON_OPTIONS' is no longer valid. See cf/README for more information. 31906f25ae9SGregory Neil Shapiro)'dnl 32006f25ae9SGregory Neil Shapiro`DAEMON_OPTIONS(`confDAEMON_OPTIONS')') 32142e5d165SGregory Neil Shapiroifelse(defn(`_DPO_'), `', 32242e5d165SGregory Neil Shapiro`ifdef(`_NETINET6_', `O DaemonPortOptions=Name=MTA-IPv4, Family=inet 32342e5d165SGregory Neil ShapiroO DaemonPortOptions=Name=MTA-IPv6, Family=inet6',`O DaemonPortOptions=Name=MTA')', `_DPO_') 32406f25ae9SGregory Neil Shapiroifdef(`_NO_MSA_', `dnl', `O DaemonPortOptions=Port=587, Name=MSA, M=E') 32506f25ae9SGregory Neil Shapiro 32606f25ae9SGregory Neil Shapiro# SMTP client options 32706f25ae9SGregory Neil Shapiro_OPTION(ClientPortOptions, `confCLIENT_OPTIONS', `Address=0.0.0.0') 328c2aa98e2SPeter Wemm 329c2aa98e2SPeter Wemm# privacy flags 33006f25ae9SGregory Neil Shapiro_OPTION(PrivacyOptions, `confPRIVACY_FLAGS', `authwarnings') 331c2aa98e2SPeter Wemm 332c2aa98e2SPeter Wemm# who (if anyone) should get extra copies of error messages 33306f25ae9SGregory Neil Shapiro_OPTION(PostmasterCopy, `confCOPY_ERRORS_TO', `Postmaster') 334c2aa98e2SPeter Wemm 335c2aa98e2SPeter Wemm# slope of queue-only function 33606f25ae9SGregory Neil Shapiro_OPTION(QueueFactor, `confQUEUE_FACTOR', `600000') 337c2aa98e2SPeter Wemm 338c2aa98e2SPeter Wemm# queue directory 33906f25ae9SGregory Neil ShapiroO QueueDirectory=ifdef(`QUEUE_DIR', QUEUE_DIR, `/var/spool/mqueue') 340c2aa98e2SPeter Wemm 341c2aa98e2SPeter Wemm# timeouts (many of these) 34206f25ae9SGregory Neil Shapiro_OPTION(Timeout.initial, `confTO_INITIAL', `5m') 34306f25ae9SGregory Neil Shapiro_OPTION(Timeout.connect, `confTO_CONNECT', `5m') 34406f25ae9SGregory Neil Shapiro_OPTION(Timeout.iconnect, `confTO_ICONNECT', `5m') 34506f25ae9SGregory Neil Shapiro_OPTION(Timeout.helo, `confTO_HELO', `5m') 34606f25ae9SGregory Neil Shapiro_OPTION(Timeout.mail, `confTO_MAIL', `10m') 34706f25ae9SGregory Neil Shapiro_OPTION(Timeout.rcpt, `confTO_RCPT', `1h') 34806f25ae9SGregory Neil Shapiro_OPTION(Timeout.datainit, `confTO_DATAINIT', `5m') 34906f25ae9SGregory Neil Shapiro_OPTION(Timeout.datablock, `confTO_DATABLOCK', `1h') 35006f25ae9SGregory Neil Shapiro_OPTION(Timeout.datafinal, `confTO_DATAFINAL', `1h') 35106f25ae9SGregory Neil Shapiro_OPTION(Timeout.rset, `confTO_RSET', `5m') 35206f25ae9SGregory Neil Shapiro_OPTION(Timeout.quit, `confTO_QUIT', `2m') 35306f25ae9SGregory Neil Shapiro_OPTION(Timeout.misc, `confTO_MISC', `2m') 35406f25ae9SGregory Neil Shapiro_OPTION(Timeout.command, `confTO_COMMAND', `1h') 35506f25ae9SGregory Neil Shapiro_OPTION(Timeout.ident, `confTO_IDENT', `5s') 35606f25ae9SGregory Neil Shapiro_OPTION(Timeout.fileopen, `confTO_FILEOPEN', `60s') 35706f25ae9SGregory Neil Shapiro_OPTION(Timeout.control, `confTO_CONTROL', `2m') 35806f25ae9SGregory Neil Shapiro_OPTION(Timeout.queuereturn, `confTO_QUEUERETURN', `5d') 35906f25ae9SGregory Neil Shapiro_OPTION(Timeout.queuereturn.normal, `confTO_QUEUERETURN_NORMAL', `5d') 36006f25ae9SGregory Neil Shapiro_OPTION(Timeout.queuereturn.urgent, `confTO_QUEUERETURN_URGENT', `2d') 36106f25ae9SGregory Neil Shapiro_OPTION(Timeout.queuereturn.non-urgent, `confTO_QUEUERETURN_NONURGENT', `7d') 36206f25ae9SGregory Neil Shapiro_OPTION(Timeout.queuewarn, `confTO_QUEUEWARN', `4h') 36306f25ae9SGregory Neil Shapiro_OPTION(Timeout.queuewarn.normal, `confTO_QUEUEWARN_NORMAL', `4h') 36406f25ae9SGregory Neil Shapiro_OPTION(Timeout.queuewarn.urgent, `confTO_QUEUEWARN_URGENT', `1h') 36506f25ae9SGregory Neil Shapiro_OPTION(Timeout.queuewarn.non-urgent, `confTO_QUEUEWARN_NONURGENT', `12h') 36606f25ae9SGregory Neil Shapiro_OPTION(Timeout.hoststatus, `confTO_HOSTSTATUS', `30m') 36706f25ae9SGregory Neil Shapiro_OPTION(Timeout.resolver.retrans, `confTO_RESOLVER_RETRANS', `5s') 36806f25ae9SGregory Neil Shapiro_OPTION(Timeout.resolver.retrans.first, `confTO_RESOLVER_RETRANS_FIRST', `5s') 36906f25ae9SGregory Neil Shapiro_OPTION(Timeout.resolver.retrans.normal, `confTO_RESOLVER_RETRANS_NORMAL', `5s') 37006f25ae9SGregory Neil Shapiro_OPTION(Timeout.resolver.retry, `confTO_RESOLVER_RETRY', `4') 37106f25ae9SGregory Neil Shapiro_OPTION(Timeout.resolver.retry.first, `confTO_RESOLVER_RETRY_FIRST', `4') 37206f25ae9SGregory Neil Shapiro_OPTION(Timeout.resolver.retry.normal, `confTO_RESOLVER_RETRY_NORMAL', `4') 373c2aa98e2SPeter Wemm 374c2aa98e2SPeter Wemm# should we not prune routes in route-addr syntax addresses? 37506f25ae9SGregory Neil Shapiro_OPTION(DontPruneRoutes, `confDONT_PRUNE_ROUTES', `False') 376c2aa98e2SPeter Wemm 377c2aa98e2SPeter Wemm# queue up everything before forking? 37806f25ae9SGregory Neil Shapiro_OPTION(SuperSafe, `confSAFE_QUEUE', `True') 379c2aa98e2SPeter Wemm 380c2aa98e2SPeter Wemm# status file 38106f25ae9SGregory Neil ShapiroO StatusFile=ifdef(`STATUS_FILE', `STATUS_FILE', `MAIL_SETTINGS_DIR`'statistics') 382c2aa98e2SPeter Wemm 383c2aa98e2SPeter Wemm# time zone handling: 384c2aa98e2SPeter Wemm# if undefined, use system default 385c2aa98e2SPeter Wemm# if defined but null, use TZ envariable passed in 386c2aa98e2SPeter Wemm# if defined and non-null, use that info 387c2aa98e2SPeter Wemmifelse(confTIME_ZONE, `USE_SYSTEM', `#O TimeZoneSpec=', 388c2aa98e2SPeter Wemm confTIME_ZONE, `USE_TZ', `O TimeZoneSpec=', 389c2aa98e2SPeter Wemm `O TimeZoneSpec=confTIME_ZONE') 390c2aa98e2SPeter Wemm 391c2aa98e2SPeter Wemm# default UID (can be username or userid:groupid) 39206f25ae9SGregory Neil Shapiro_OPTION(DefaultUser, `confDEF_USER_ID', `mailnull') 393c2aa98e2SPeter Wemm 394c2aa98e2SPeter Wemm# list of locations of user database file (null means no lookup) 39506f25ae9SGregory Neil Shapiro_OPTION(UserDatabaseSpec, `confUSERDB_SPEC', `MAIL_SETTINGS_DIR`'userdb') 396c2aa98e2SPeter Wemm 397c2aa98e2SPeter Wemm# fallback MX host 39806f25ae9SGregory Neil Shapiro_OPTION(FallbackMXhost, `confFALLBACK_MX', `fall.back.host.net') 399c2aa98e2SPeter Wemm 400c2aa98e2SPeter Wemm# if we are the best MX host for a site, try it directly instead of config err 40106f25ae9SGregory Neil Shapiro_OPTION(TryNullMXList, `confTRY_NULL_MX_LIST', `False') 402c2aa98e2SPeter Wemm 403c2aa98e2SPeter Wemm# load average at which we just queue messages 40406f25ae9SGregory Neil Shapiro_OPTION(QueueLA, `confQUEUE_LA', `8') 405c2aa98e2SPeter Wemm 406c2aa98e2SPeter Wemm# load average at which we refuse connections 40706f25ae9SGregory Neil Shapiro_OPTION(RefuseLA, `confREFUSE_LA', `12') 408c2aa98e2SPeter Wemm 409c2aa98e2SPeter Wemm# maximum number of children we allow at one time 41006f25ae9SGregory Neil Shapiro_OPTION(MaxDaemonChildren, `confMAX_DAEMON_CHILDREN', `12') 411c2aa98e2SPeter Wemm 412c2aa98e2SPeter Wemm# maximum number of new connections per second 413193538b7SGregory Neil Shapiro_OPTION(ConnectionRateThrottle, `confCONNECTION_RATE_THROTTLE', `0') 414c2aa98e2SPeter Wemm 415c2aa98e2SPeter Wemm# work recipient factor 41606f25ae9SGregory Neil Shapiro_OPTION(RecipientFactor, `confWORK_RECIPIENT_FACTOR', `30000') 417c2aa98e2SPeter Wemm 418c2aa98e2SPeter Wemm# deliver each queued job in a separate process? 41906f25ae9SGregory Neil Shapiro_OPTION(ForkEachJob, `confSEPARATE_PROC', `False') 420c2aa98e2SPeter Wemm 421c2aa98e2SPeter Wemm# work class factor 42206f25ae9SGregory Neil Shapiro_OPTION(ClassFactor, `confWORK_CLASS_FACTOR', `1800') 423c2aa98e2SPeter Wemm 424c2aa98e2SPeter Wemm# work time factor 42506f25ae9SGregory Neil Shapiro_OPTION(RetryFactor, `confWORK_TIME_FACTOR', `90000') 426c2aa98e2SPeter Wemm 427c2aa98e2SPeter Wemm# shall we sort the queue by hostname first? 42806f25ae9SGregory Neil Shapiro_OPTION(QueueSortOrder, `confQUEUE_SORT_ORDER', `priority') 429c2aa98e2SPeter Wemm 430c2aa98e2SPeter Wemm# minimum time in queue before retry 43106f25ae9SGregory Neil Shapiro_OPTION(MinQueueAge, `confMIN_QUEUE_AGE', `30m') 432c2aa98e2SPeter Wemm 433c2aa98e2SPeter Wemm# default character set 43406f25ae9SGregory Neil Shapiro_OPTION(DefaultCharSet, `confDEF_CHAR_SET', `iso-8859-1') 435c2aa98e2SPeter Wemm 436c2aa98e2SPeter Wemm# service switch file (ignored on Solaris, Ultrix, OSF/1, others) 43706f25ae9SGregory Neil Shapiro_OPTION(ServiceSwitchFile, `confSERVICE_SWITCH_FILE', `MAIL_SETTINGS_DIR`'service.switch') 438c2aa98e2SPeter Wemm 439c2aa98e2SPeter Wemm# hosts file (normally /etc/hosts) 44006f25ae9SGregory Neil Shapiro_OPTION(HostsFile, `confHOSTS_FILE', `/etc/hosts') 441c2aa98e2SPeter Wemm 442c2aa98e2SPeter Wemm# dialup line delay on connection failure 44306f25ae9SGregory Neil Shapiro_OPTION(DialDelay, `confDIAL_DELAY', `10s') 444c2aa98e2SPeter Wemm 445c2aa98e2SPeter Wemm# action to take if there are no recipients in the message 44606f25ae9SGregory Neil Shapiro_OPTION(NoRecipientAction, `confNO_RCPT_ACTION', `add-to-undisclosed') 447c2aa98e2SPeter Wemm 448c2aa98e2SPeter Wemm# chrooted environment for writing to files 44906f25ae9SGregory Neil Shapiro_OPTION(SafeFileEnvironment, `confSAFE_FILE_ENV', `/arch') 450c2aa98e2SPeter Wemm 451c2aa98e2SPeter Wemm# are colons OK in addresses? 45206f25ae9SGregory Neil Shapiro_OPTION(ColonOkInAddr, `confCOLON_OK_IN_ADDR', `True') 453c2aa98e2SPeter Wemm 454c2aa98e2SPeter Wemm# how many jobs can you process in the queue? 45506f25ae9SGregory Neil Shapiro_OPTION(MaxQueueRunSize, `confMAX_QUEUE_RUN_SIZE', `10000') 456c2aa98e2SPeter Wemm 457c2aa98e2SPeter Wemm# shall I avoid expanding CNAMEs (violates protocols)? 45806f25ae9SGregory Neil Shapiro_OPTION(DontExpandCnames, `confDONT_EXPAND_CNAMES', `False') 459c2aa98e2SPeter Wemm 460c2aa98e2SPeter Wemm# SMTP initial login message (old $e macro) 46106f25ae9SGregory Neil Shapiro_OPTION(SmtpGreetingMessage, `confSMTP_LOGIN_MSG', `$j Sendmail $v ready at $b') 462c2aa98e2SPeter Wemm 463c2aa98e2SPeter Wemm# UNIX initial From header format (old $l macro) 46406f25ae9SGregory Neil Shapiro_OPTION(UnixFromLine, `confFROM_LINE', `From $g $d') 465c2aa98e2SPeter Wemm 466c2aa98e2SPeter Wemm# From: lines that have embedded newlines are unwrapped onto one line 46706f25ae9SGregory Neil Shapiro_OPTION(SingleLineFromHeader, `confSINGLE_LINE_FROM_HEADER', `False') 468c2aa98e2SPeter Wemm 469c2aa98e2SPeter Wemm# Allow HELO SMTP command that does not `include' a host name 47006f25ae9SGregory Neil Shapiro_OPTION(AllowBogusHELO, `confALLOW_BOGUS_HELO', `False') 471c2aa98e2SPeter Wemm 472c2aa98e2SPeter Wemm# Characters to be quoted in a full name phrase (@,;:\()[] are automatic) 47306f25ae9SGregory Neil Shapiro_OPTION(MustQuoteChars, `confMUST_QUOTE_CHARS', `.') 474c2aa98e2SPeter Wemm 475c2aa98e2SPeter Wemm# delimiter (operator) characters (old $o macro) 47606f25ae9SGregory Neil Shapiro_OPTION(OperatorChars, `confOPERATORS', `.:@[]') 477c2aa98e2SPeter Wemm 478c2aa98e2SPeter Wemm# shall I avoid calling initgroups(3) because of high NIS costs? 47906f25ae9SGregory Neil Shapiro_OPTION(DontInitGroups, `confDONT_INIT_GROUPS', `False') 480c2aa98e2SPeter Wemm 481c2aa98e2SPeter Wemm# are group-writable `:include:' and .forward files (un)trustworthy? 48206f25ae9SGregory Neil Shapiro_OPTION(UnsafeGroupWrites, `confUNSAFE_GROUP_WRITES', `True') 483c2aa98e2SPeter Wemm 484c2aa98e2SPeter Wemm# where do errors that occur when sending errors get sent? 48506f25ae9SGregory Neil Shapiro_OPTION(DoubleBounceAddress, `confDOUBLE_BOUNCE_ADDRESS', `postmaster') 48606f25ae9SGregory Neil Shapiro 48706f25ae9SGregory Neil Shapiro# where to save bounces if all else fails 48806f25ae9SGregory Neil Shapiro_OPTION(DeadLetterDrop, `confDEAD_LETTER_DROP', `/var/tmp/dead.letter') 489c2aa98e2SPeter Wemm 490c2aa98e2SPeter Wemm# what user id do we assume for the majority of the processing? 49106f25ae9SGregory Neil Shapiro_OPTION(RunAsUser, `confRUN_AS_USER', `sendmail') 492c2aa98e2SPeter Wemm 493c2aa98e2SPeter Wemm# maximum number of recipients per SMTP envelope 49406f25ae9SGregory Neil Shapiro_OPTION(MaxRecipientsPerMessage, `confMAX_RCPTS_PER_MESSAGE', `100') 495c2aa98e2SPeter Wemm 496c2aa98e2SPeter Wemm# shall we get local names from our installed interfaces? 49706f25ae9SGregory Neil Shapiro_OPTION(DontProbeInterfaces, `confDONT_PROBE_INTERFACES', `False') 498c2aa98e2SPeter Wemm 49906f25ae9SGregory Neil Shapiro# Return-Receipt-To: header implies DSN request 50006f25ae9SGregory Neil Shapiro_OPTION(RrtImpliesDsn, `confRRT_IMPLIES_DSN', `False') 50106f25ae9SGregory Neil Shapiro 50206f25ae9SGregory Neil Shapiro# override connection address (for testing) 50306f25ae9SGregory Neil Shapiro_OPTION(ConnectOnlyTo, `confCONNECT_ONLY_TO', `0.0.0.0') 50406f25ae9SGregory Neil Shapiro 50506f25ae9SGregory Neil Shapiro# Trusted user for file ownership and starting the daemon 50606f25ae9SGregory Neil Shapiro_OPTION(TrustedUser, `confTRUSTED_USER', `root') 50706f25ae9SGregory Neil Shapiro 50806f25ae9SGregory Neil Shapiro# Control socket for daemon management 50906f25ae9SGregory Neil Shapiro_OPTION(ControlSocketName, `confCONTROL_SOCKET_NAME', `/var/spool/mqueue/.control') 51006f25ae9SGregory Neil Shapiro 51106f25ae9SGregory Neil Shapiro# Maximum MIME header length to protect MUAs 51206f25ae9SGregory Neil Shapiro_OPTION(MaxMimeHeaderLength, `confMAX_MIME_HEADER_LENGTH', `0/0') 51306f25ae9SGregory Neil Shapiro 51406f25ae9SGregory Neil Shapiro# Maximum length of the sum of all headers 51506f25ae9SGregory Neil Shapiro_OPTION(MaxHeadersLength, `confMAX_HEADERS_LENGTH', `32768') 51606f25ae9SGregory Neil Shapiro 51706f25ae9SGregory Neil Shapiro# Maximum depth of alias recursion 51806f25ae9SGregory Neil Shapiro_OPTION(MaxAliasRecursion, `confMAX_ALIAS_RECURSION', `10') 51906f25ae9SGregory Neil Shapiro 52006f25ae9SGregory Neil Shapiro# location of pid file 52106f25ae9SGregory Neil Shapiro_OPTION(PidFile, `confPID_FILE', `/var/run/sendmail.pid') 52206f25ae9SGregory Neil Shapiro 52306f25ae9SGregory Neil Shapiro# Prefix string for the process title shown on 'ps' listings 52406f25ae9SGregory Neil Shapiro_OPTION(ProcessTitlePrefix, `confPROCESS_TITLE_PREFIX', `prefix') 52506f25ae9SGregory Neil Shapiro 52606f25ae9SGregory Neil Shapiro# Data file (df) memory-buffer file maximum size 52706f25ae9SGregory Neil Shapiro_OPTION(DataFileBufferSize, `confDF_BUFFER_SIZE', `4096') 52806f25ae9SGregory Neil Shapiro 52906f25ae9SGregory Neil Shapiro# Transcript file (xf) memory-buffer file maximum size 53006f25ae9SGregory Neil Shapiro_OPTION(XscriptFileBufferSize, `confXF_BUFFER_SIZE', `4096') 53106f25ae9SGregory Neil Shapiro 53206f25ae9SGregory Neil Shapiro# list of authentication mechanisms 53306f25ae9SGregory Neil Shapiro_OPTION(AuthMechanisms, `confAUTH_MECHANISMS', `GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5') 53406f25ae9SGregory Neil Shapiro 53506f25ae9SGregory Neil Shapiro# default authentication information for outgoing connections 53606f25ae9SGregory Neil Shapiro_OPTION(DefaultAuthInfo, `confDEF_AUTH_INFO', `MAIL_SETTINGS_DIR`'default-auth-info') 53706f25ae9SGregory Neil Shapiro 53806f25ae9SGregory Neil Shapiro# SMTP AUTH flags 53906f25ae9SGregory Neil Shapiro_OPTION(AuthOptions, `confAUTH_OPTIONS', `') 54006f25ae9SGregory Neil Shapiro 54106f25ae9SGregory Neil Shapiroifdef(`_FFR_MILTER', ` 54206f25ae9SGregory Neil Shapiro# Input mail filters 54306f25ae9SGregory Neil Shapiro_OPTION(InputMailFilters, `confINPUT_MAIL_FILTERS', `') 54406f25ae9SGregory Neil Shapiro 54506f25ae9SGregory Neil Shapiro# Milter options 54606f25ae9SGregory Neil Shapiro_OPTION(Milter.macros.connect, `confMILTER_MACROS_CONNECT', `') 54706f25ae9SGregory Neil Shapiro_OPTION(Milter.macros.helo, `confMILTER_MACROS_HELO', `') 54806f25ae9SGregory Neil Shapiro_OPTION(Milter.macros.envfrom, `confMILTER_MACROS_ENVFROM', `') 54906f25ae9SGregory Neil Shapiro_OPTION(Milter.macros.envrcpt, `confMILTER_MACROS_ENVRCPT', `')') 55006f25ae9SGregory Neil Shapiro 55106f25ae9SGregory Neil Shapiro# CA directory 55206f25ae9SGregory Neil Shapiro_OPTION(CACERTPath, `confCACERT_PATH', `') 55306f25ae9SGregory Neil Shapiro# CA file 55406f25ae9SGregory Neil Shapiro_OPTION(CACERTFile, `confCACERT', `') 55506f25ae9SGregory Neil Shapiro# Server Cert 55606f25ae9SGregory Neil Shapiro_OPTION(ServerCertFile, `confSERVER_CERT', `') 55706f25ae9SGregory Neil Shapiro# Server private key 55806f25ae9SGregory Neil Shapiro_OPTION(ServerKeyFile, `confSERVER_KEY', `') 55906f25ae9SGregory Neil Shapiro# Client Cert 56006f25ae9SGregory Neil Shapiro_OPTION(ClientCertFile, `confCLIENT_CERT', `') 56106f25ae9SGregory Neil Shapiro# Client private key 56206f25ae9SGregory Neil Shapiro_OPTION(ClientKeyFile, `confCLIENT_KEY', `') 56306f25ae9SGregory Neil Shapiro# DHParameters (only required if DSA/DH is used) 56406f25ae9SGregory Neil Shapiro_OPTION(DHParameters, `confDH_PARAMETERS', `') 56506f25ae9SGregory Neil Shapiro# Random data source (required for systems without /dev/urandom under OpenSSL) 56606f25ae9SGregory Neil Shapiro_OPTION(RandFile, `confRAND_FILE', `') 56706f25ae9SGregory Neil Shapiro 56806f25ae9SGregory Neil Shapiroifdef(`confQUEUE_FILE_MODE', 56906f25ae9SGregory Neil Shapiro`# queue file mode (qf files) 57006f25ae9SGregory Neil ShapiroO QueueFileMode=confQUEUE_FILE_MODE 57125bab6e9SPeter Wemm') 572065a643dSPeter Wemm 573c2aa98e2SPeter Wemm########################### 574c2aa98e2SPeter Wemm# Message precedences # 575c2aa98e2SPeter Wemm########################### 576c2aa98e2SPeter Wemm 577c2aa98e2SPeter WemmPfirst-class=0 578c2aa98e2SPeter WemmPspecial-delivery=100 579c2aa98e2SPeter WemmPlist=-30 580c2aa98e2SPeter WemmPbulk=-60 581c2aa98e2SPeter WemmPjunk=-100 582c2aa98e2SPeter Wemm 583c2aa98e2SPeter Wemm##################### 584c2aa98e2SPeter Wemm# Trusted users # 585c2aa98e2SPeter Wemm##################### 586c2aa98e2SPeter Wemm 587c2aa98e2SPeter Wemm# this is equivalent to setting class "t" 58806f25ae9SGregory Neil Shapiroifdef(`_USE_CT_FILE_', `', `#')Ft`'ifdef(`confCT_FILE', confCT_FILE, `MAIL_SETTINGS_DIR`'trusted-users') 589c2aa98e2SPeter WemmTroot 590c2aa98e2SPeter WemmTdaemon 591c2aa98e2SPeter Wemmifdef(`_NO_UUCP_', `dnl', `Tuucp') 592c2aa98e2SPeter Wemmifdef(`confTRUSTED_USERS', `T`'confTRUSTED_USERS', `dnl') 593c2aa98e2SPeter Wemm 594c2aa98e2SPeter Wemm######################### 595c2aa98e2SPeter Wemm# Format of headers # 596c2aa98e2SPeter Wemm######################### 597c2aa98e2SPeter Wemm 598c2aa98e2SPeter Wemmifdef(`confFROM_HEADER',, `define(`confFROM_HEADER', `$?x$x <$g>$|$g$.')')dnl 599c2aa98e2SPeter WemmH?P?Return-Path: <$g> 600c2aa98e2SPeter WemmHReceived: confRECEIVED_HEADER 601c2aa98e2SPeter WemmH?D?Resent-Date: $a 602c2aa98e2SPeter WemmH?D?Date: $a 603c2aa98e2SPeter WemmH?F?Resent-From: confFROM_HEADER 604c2aa98e2SPeter WemmH?F?From: confFROM_HEADER 605c2aa98e2SPeter WemmH?x?Full-Name: $x 606c2aa98e2SPeter Wemm# HPosted-Date: $a 607c2aa98e2SPeter Wemm# H?l?Received-Date: $b 608c2aa98e2SPeter WemmH?M?Resent-Message-Id: <$t.$i@$j> 609c2aa98e2SPeter WemmH?M?Message-Id: <$t.$i@$j> 61006f25ae9SGregory Neil Shapiro 611c2aa98e2SPeter Wemm# 612c2aa98e2SPeter Wemm###################################################################### 613c2aa98e2SPeter Wemm###################################################################### 614c2aa98e2SPeter Wemm##### 615c2aa98e2SPeter Wemm##### REWRITING RULES 616c2aa98e2SPeter Wemm##### 617c2aa98e2SPeter Wemm###################################################################### 618c2aa98e2SPeter Wemm###################################################################### 619c2aa98e2SPeter Wemm 620c2aa98e2SPeter Wemm############################################ 621c2aa98e2SPeter Wemm### Ruleset 3 -- Name Canonicalization ### 622c2aa98e2SPeter Wemm############################################ 62306f25ae9SGregory Neil ShapiroScanonify=3 624c2aa98e2SPeter Wemm 625c2aa98e2SPeter Wemm# handle null input (translate to <@> special case) 626c2aa98e2SPeter WemmR$@ $@ <@> 627c2aa98e2SPeter Wemm 628c2aa98e2SPeter Wemm# strip group: syntax (not inside angle brackets!) and trailing semicolon 629c2aa98e2SPeter WemmR$* $: $1 <@> mark addresses 630c2aa98e2SPeter WemmR$* < $* > $* <@> $: $1 < $2 > $3 unmark <addr> 631c2aa98e2SPeter WemmR@ $* <@> $: @ $1 unmark @host:... 632c2aa98e2SPeter WemmR$* :: $* <@> $: $1 :: $2 unmark node::addr 633c2aa98e2SPeter WemmR:`include': $* <@> $: :`include': $1 unmark :`include':... 63406f25ae9SGregory Neil ShapiroR$* [ IPv6 $- ] <@> $: $1 [ IPv6 $2 ] unmark IPv6 addr 635c2aa98e2SPeter WemmR$* : $* [ $* ] $: $1 : $2 [ $3 ] <@> remark if leading colon 636c2aa98e2SPeter WemmR$* : $* <@> $: $2 strip colon if marked 637c2aa98e2SPeter WemmR$* <@> $: $1 unmark 638c2aa98e2SPeter WemmR$* ; $1 strip trailing semi 639193538b7SGregory Neil ShapiroR$* < $+ :; > $* $@ $2 :; <@> catch <list:;> 640c2aa98e2SPeter WemmR$* < $* ; > $1 < $2 > bogus bracketed semi 641c2aa98e2SPeter Wemm 642c2aa98e2SPeter Wemm# null input now results from list:; syntax 643c2aa98e2SPeter WemmR$@ $@ :; <@> 644c2aa98e2SPeter Wemm 645c2aa98e2SPeter Wemm# strip angle brackets -- note RFC733 heuristic to get innermost item 646c2aa98e2SPeter WemmR$* $: < $1 > housekeeping <> 647c2aa98e2SPeter WemmR$+ < $* > < $2 > strip excess on left 648c2aa98e2SPeter WemmR< $* > $+ < $1 > strip excess on right 649c2aa98e2SPeter WemmR<> $@ < @ > MAIL FROM:<> case 650c2aa98e2SPeter WemmR< $+ > $: $1 remove housekeeping <> 651c2aa98e2SPeter Wemm 65206f25ae9SGregory Neil Shapiroifdef(`_USE_DEPRECATED_ROUTE_ADDR_',`dnl 653c2aa98e2SPeter Wemm# make sure <@a,@b,@c:user@d> syntax is easy to parse -- undone later 654c2aa98e2SPeter WemmR@ $+ , $+ @ $1 : $2 change all "," to ":" 655c2aa98e2SPeter Wemm 656c2aa98e2SPeter Wemm# localize and dispose of route-based addresses 65706f25ae9SGregory Neil ShapiroR@ $+ : $+ $@ $>Canonify2 < @$1 > : $2 handle <route-addr> 65806f25ae9SGregory Neil Shapirodnl',`dnl 65906f25ae9SGregory Neil Shapiro# strip route address <@a,@b,@c:user@d> -> <user@d> 66006f25ae9SGregory Neil ShapiroR@ $+ , $+ $2 66106f25ae9SGregory Neil ShapiroR@ $+ : $+ $2 66206f25ae9SGregory Neil Shapirodnl') 663c2aa98e2SPeter Wemm 664c2aa98e2SPeter Wemm# find focus for list syntax 66506f25ae9SGregory Neil ShapiroR $+ : $* ; @ $+ $@ $>Canonify2 $1 : $2 ; < @ $3 > list syntax 666c2aa98e2SPeter WemmR $+ : $* ; $@ $1 : $2; list syntax 667c2aa98e2SPeter Wemm 668c2aa98e2SPeter Wemm# find focus for @ syntax addresses 669c2aa98e2SPeter WemmR$+ @ $+ $: $1 < @ $2 > focus on domain 670c2aa98e2SPeter WemmR$+ < $+ @ $+ > $1 $2 < @ $3 > move gaze right 67106f25ae9SGregory Neil ShapiroR$+ < @ $+ > $@ $>Canonify2 $1 < @ $2 > already canonical 672c2aa98e2SPeter Wemm 673c2aa98e2SPeter Wemm# do some sanity checking 674c2aa98e2SPeter WemmR$* < @ $* : $* > $* $1 < @ $2 $3 > $4 nix colons in addrs 675c2aa98e2SPeter Wemm 676c2aa98e2SPeter Wemmifdef(`_NO_UUCP_', `dnl', 677c2aa98e2SPeter Wemm`# convert old-style addresses to a domain-based address 67806f25ae9SGregory Neil ShapiroR$- ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > resolve uucp names 67906f25ae9SGregory Neil ShapiroR$+ . $- ! $+ $@ $>Canonify2 $3 < @ $1 . $2 > domain uucps 68006f25ae9SGregory Neil ShapiroR$+ ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > uucp subdomains 681c2aa98e2SPeter Wemm') 682c2aa98e2SPeter Wemmifdef(`_USE_DECNET_SYNTAX_', 683c2aa98e2SPeter Wemm`# convert node::user addresses into a domain-based address 68406f25ae9SGregory Neil ShapiroR$- :: $+ $@ $>Canonify2 $2 < @ $1 .DECNET > resolve DECnet names 68506f25ae9SGregory Neil ShapiroR$- . $- :: $+ $@ $>Canonify2 $3 < @ $1.$2 .DECNET > numeric DECnet addr 686c2aa98e2SPeter Wemm', 687c2aa98e2SPeter Wemm `dnl') 688c2aa98e2SPeter Wemm# if we have % signs, take the rightmost one 689c2aa98e2SPeter WemmR$* % $* $1 @ $2 First make them all @s. 690c2aa98e2SPeter WemmR$* @ $* @ $* $1 % $2 @ $3 Undo all but the last. 69106f25ae9SGregory Neil ShapiroR$* @ $* $@ $>Canonify2 $1 < @ $2 > Insert < > and finish 692c2aa98e2SPeter Wemm 693c2aa98e2SPeter Wemm# else we must be a local name 69406f25ae9SGregory Neil ShapiroR$* $@ $>Canonify2 $1 695c2aa98e2SPeter Wemm 696c2aa98e2SPeter Wemm 697c2aa98e2SPeter Wemm################################################ 698c2aa98e2SPeter Wemm### Ruleset 96 -- bottom half of ruleset 3 ### 699c2aa98e2SPeter Wemm################################################ 700c2aa98e2SPeter Wemm 70106f25ae9SGregory Neil ShapiroSCanonify2=96 702c2aa98e2SPeter Wemm 703c2aa98e2SPeter Wemm# handle special cases for local names 704c2aa98e2SPeter WemmR$* < @ localhost > $* $: $1 < @ $j . > $2 no domain at all 705c2aa98e2SPeter WemmR$* < @ localhost . $m > $* $: $1 < @ $j . > $2 local domain 706c2aa98e2SPeter Wemmifdef(`_NO_UUCP_', `dnl', 707c2aa98e2SPeter Wemm`R$* < @ localhost . UUCP > $* $: $1 < @ $j . > $2 .UUCP domain') 70806f25ae9SGregory Neil Shapiro 70906f25ae9SGregory Neil Shapiro# check for IPv6 domain literal (save quoted form) 71006f25ae9SGregory Neil ShapiroR$* < @ [ IPv6 $- ] > $* $: $2 $| $1 < @@ [ $(dequote $2 $) ] > $3 mark IPv6 addr 71106f25ae9SGregory Neil ShapiroR$- $| $* < @@ $=w > $* $: $2 < @ $j . > $4 self-literal 71206f25ae9SGregory Neil ShapiroR$- $| $* < @@ [ $+ ] > $* $@ $2 < @ [ IPv6 $1 ] > $4 canon IP addr 71306f25ae9SGregory Neil Shapiro 71406f25ae9SGregory Neil Shapiro# check for IPv4 domain literal 715c2aa98e2SPeter WemmR$* < @ [ $+ ] > $* $: $1 < @@ [ $2 ] > $3 mark [a.b.c.d] 716c2aa98e2SPeter WemmR$* < @@ $=w > $* $: $1 < @ $j . > $3 self-literal 717c2aa98e2SPeter WemmR$* < @@ $+ > $* $@ $1 < @ $2 > $3 canon IP addr 718c2aa98e2SPeter Wemm 71906f25ae9SGregory Neil Shapiroifdef(`_DOMAIN_TABLE_', `dnl 720c2aa98e2SPeter Wemm# look up domains in the domain table 721c2aa98e2SPeter WemmR$* < @ $+ > $* $: $1 < @ $(domaintable $2 $) > $3', `dnl') 722c2aa98e2SPeter Wemm 72306f25ae9SGregory Neil Shapiroundivert(2)dnl LOCAL_RULE_3 724c2aa98e2SPeter Wemm 72506f25ae9SGregory Neil Shapiroifdef(`_BITDOMAIN_TABLE_', `dnl 726c2aa98e2SPeter Wemm# handle BITNET mapping 727c2aa98e2SPeter WemmR$* < @ $+ .BITNET > $* $: $1 < @ $(bitdomain $2 $: $2.BITNET $) > $3', `dnl') 728c2aa98e2SPeter Wemm 72906f25ae9SGregory Neil Shapiroifdef(`_UUDOMAIN_TABLE_', `dnl 730c2aa98e2SPeter Wemm# handle UUCP mapping 731c2aa98e2SPeter WemmR$* < @ $+ .UUCP > $* $: $1 < @ $(uudomain $2 $: $2.UUCP $) > $3', `dnl') 732c2aa98e2SPeter Wemm 733c2aa98e2SPeter Wemmifdef(`_NO_UUCP_', `dnl', 734c2aa98e2SPeter Wemm`ifdef(`UUCP_RELAY', 735c2aa98e2SPeter Wemm`# pass UUCP addresses straight through 736c2aa98e2SPeter WemmR$* < @ $+ . UUCP > $* $@ $1 < @ $2 . UUCP . > $3', 737c2aa98e2SPeter Wemm`# if really UUCP, handle it immediately 738c2aa98e2SPeter Wemmifdef(`_CLASS_U_', 739c2aa98e2SPeter Wemm`R$* < @ $=U . UUCP > $* $@ $1 < @ $2 . UUCP . > $3', `dnl') 740c2aa98e2SPeter Wemmifdef(`_CLASS_V_', 741c2aa98e2SPeter Wemm`R$* < @ $=V . UUCP > $* $@ $1 < @ $2 . UUCP . > $3', `dnl') 742c2aa98e2SPeter Wemmifdef(`_CLASS_W_', 743c2aa98e2SPeter Wemm`R$* < @ $=W . UUCP > $* $@ $1 < @ $2 . UUCP . > $3', `dnl') 744c2aa98e2SPeter Wemmifdef(`_CLASS_X_', 745c2aa98e2SPeter Wemm`R$* < @ $=X . UUCP > $* $@ $1 < @ $2 . UUCP . > $3', `dnl') 746c2aa98e2SPeter Wemmifdef(`_CLASS_Y_', 747c2aa98e2SPeter Wemm`R$* < @ $=Y . UUCP > $* $@ $1 < @ $2 . UUCP . > $3', `dnl') 748c2aa98e2SPeter Wemm 749c2aa98e2SPeter Wemmifdef(`_NO_CANONIFY_', `dnl', `dnl 750c2aa98e2SPeter Wemm# try UUCP traffic as a local address 751c2aa98e2SPeter WemmR$* < @ $+ . UUCP > $* $: $1 < @ $[ $2 $] . UUCP . > $3 752c2aa98e2SPeter WemmR$* < @ $+ . . UUCP . > $* $@ $1 < @ $2 . > $3') 753c2aa98e2SPeter Wemm')') 75406f25ae9SGregory Neil Shapiro# hostnames ending in class P are always canonical 75506f25ae9SGregory Neil ShapiroR$* < @ $* $=P > $* $: $1 < @ $2 $3 . > $4 75606f25ae9SGregory Neil Shapirodnl apply the next rule only for hostnames not in class P 75706f25ae9SGregory Neil Shapirodnl this even works for phrases in class P since . is in class P 75806f25ae9SGregory Neil Shapirodnl which daemon flags are set? 75906f25ae9SGregory Neil ShapiroR$* < @ $* $~P > $* $: $&{daemon_flags} $| $1 < @ $2 $3 > $4 76006f25ae9SGregory Neil Shapirodnl the other rules in this section only apply if the hostname 76106f25ae9SGregory Neil Shapirodnl does not end in class P hence no further checks are done here 76206f25ae9SGregory Neil Shapirodnl if this ever changes make sure the lookups are "protected" again! 76306f25ae9SGregory Neil Shapiroifdef(`_NO_CANONIFY_', `dnl 76406f25ae9SGregory Neil Shapirodnl do not canonify unless: 76506f25ae9SGregory Neil Shapirodnl domain ends in class {Canonify} (this does not work if the intersection 76606f25ae9SGregory Neil Shapirodnl with class P is non-empty) 76706f25ae9SGregory Neil Shapirodnl or {daemon_flags} has c set 76806f25ae9SGregory Neil Shapiro# pass to name server to make hostname canonical if in class {Canonify} 76906f25ae9SGregory Neil ShapiroR$* $| $* < @ $* $={Canonify} > $* $: $2 < @ $[ $3 $4 $] > $5 77006f25ae9SGregory Neil Shapiro# pass to name server to make hostname canonical if requested 77106f25ae9SGregory Neil ShapiroR$* c $* $| $* < @ $* > $* $: $3 < @ $[ $4 $] > $5 77206f25ae9SGregory Neil Shapirodnl trailing dot? -> do not apply _CANONIFY_HOSTS_ 77306f25ae9SGregory Neil ShapiroR$* $| $* < @ $+ . > $* $: $2 < @ $3 . > $4 77406f25ae9SGregory Neil Shapiro# add a trailing dot to qualified hostnames so other rules will work 77506f25ae9SGregory Neil ShapiroR$* $| $* < @ $+.$+ > $* $: $2 < @ $3.$4 . > $5 77606f25ae9SGregory Neil Shapiroifdef(`_CANONIFY_HOSTS_', `dnl 77706f25ae9SGregory Neil Shapirodnl this should only apply to unqualified hostnames 77806f25ae9SGregory Neil Shapirodnl but if a valid character inside an unqualified hostname is an OperatorChar 77906f25ae9SGregory Neil Shapirodnl then $- does not work. 78006f25ae9SGregory Neil Shapiro# lookup unqualified hostnames 78106f25ae9SGregory Neil ShapiroR$* $| $* < @ $* > $* $: $2 < @ $[ $3 $] > $4', `dnl')', `dnl 78206f25ae9SGregory Neil Shapirodnl _NO_CANONIFY_ is not set: canonify unless: 78306f25ae9SGregory Neil Shapirodnl {daemon_flags} contains CC (do not canonify) 784193538b7SGregory Neil Shapirodnl but add a trailing dot to qualified hostnames so other rules will work 785193538b7SGregory Neil Shapirodnl should we do this for every hostname: even unqualified? 786193538b7SGregory Neil ShapiroR$* CC $* $| $* < @ $+.$+ > $* $: $3 < @ $4.$5 . > $6 78706f25ae9SGregory Neil ShapiroR$* CC $* $| $* $: $3 788c2aa98e2SPeter Wemm# pass to name server to make hostname canonical 78906f25ae9SGregory Neil ShapiroR$* $| $* < @ $* > $* $: $2 < @ $[ $3 $] > $4') 79006f25ae9SGregory Neil Shapirodnl remove {daemon_flags} for other cases 79106f25ae9SGregory Neil ShapiroR$* $| $* $: $2 792c2aa98e2SPeter Wemm 793c2aa98e2SPeter Wemm# local host aliases and pseudo-domains are always canonical 794c2aa98e2SPeter WemmR$* < @ $=w > $* $: $1 < @ $2 . > $3 795c2aa98e2SPeter Wemmifdef(`_MASQUERADE_ENTIRE_DOMAIN_', 796c2aa98e2SPeter Wemm`R$* < @ $* $=M > $* $: $1 < @ $2 $3 . > $4', 797c2aa98e2SPeter Wemm`R$* < @ $=M > $* $: $1 < @ $2 . > $3') 79806f25ae9SGregory Neil Shapiroifdef(`_VIRTUSER_TABLE_', `dnl 79906f25ae9SGregory Neil Shapirodnl virtual hosts are also canonical 80006f25ae9SGregory Neil Shapiroifdef(`_VIRTUSER_ENTIRE_DOMAIN_', 80106f25ae9SGregory Neil Shapiro`R$* < @ $* $={VirtHost} > $* $: $1 < @ $2 $3 . > $4', 80206f25ae9SGregory Neil Shapiro`R$* < @ $={VirtHost} > $* $: $1 < @ $2 . > $3')', 80306f25ae9SGregory Neil Shapiro`dnl') 80406f25ae9SGregory Neil Shapirodnl remove superfluous dots (maybe repeatedly) which may have been added 80506f25ae9SGregory Neil Shapirodnl by one of the rules before 806c2aa98e2SPeter WemmR$* < @ $* . . > $* $1 < @ $2 . > $3 807c2aa98e2SPeter Wemm 808c2aa98e2SPeter Wemm 809c2aa98e2SPeter Wemm################################################## 810c2aa98e2SPeter Wemm### Ruleset 4 -- Final Output Post-rewriting ### 811c2aa98e2SPeter Wemm################################################## 81206f25ae9SGregory Neil ShapiroSfinal=4 813c2aa98e2SPeter Wemm 814193538b7SGregory Neil ShapiroR$+ :; <@> $@ $1 : handle <list:;> 815c2aa98e2SPeter WemmR$* <@> $@ handle <> and list:; 816c2aa98e2SPeter Wemm 817c2aa98e2SPeter Wemm# strip trailing dot off possibly canonical name 818c2aa98e2SPeter WemmR$* < @ $+ . > $* $1 < @ $2 > $3 819c2aa98e2SPeter Wemm 82006f25ae9SGregory Neil Shapiro# eliminate internal code 821c2aa98e2SPeter WemmR$* < @ *LOCAL* > $* $1 < @ $j > $2 822c2aa98e2SPeter Wemm 823c2aa98e2SPeter Wemm# externalize local domain info 824c2aa98e2SPeter WemmR$* < $+ > $* $1 $2 $3 defocus 825c2aa98e2SPeter WemmR@ $+ : @ $+ : $+ @ $1 , @ $2 : $3 <route-addr> canonical 826c2aa98e2SPeter WemmR@ $* $@ @ $1 ... and exit 827c2aa98e2SPeter Wemm 828c2aa98e2SPeter Wemmifdef(`_NO_UUCP_', `dnl', 829c2aa98e2SPeter Wemm`# UUCP must always be presented in old form 830c2aa98e2SPeter WemmR$+ @ $- . UUCP $2!$1 u@h.UUCP => h!u') 831c2aa98e2SPeter Wemm 832c2aa98e2SPeter Wemmifdef(`_USE_DECNET_SYNTAX_', 833c2aa98e2SPeter Wemm`# put DECnet back in :: form 834c2aa98e2SPeter WemmR$+ @ $+ . DECNET $2 :: $1 u@h.DECNET => h::u', 835c2aa98e2SPeter Wemm `dnl') 836c2aa98e2SPeter Wemm# delete duplicate local names 837c2aa98e2SPeter WemmR$+ % $=w @ $=w $1 @ $2 u%host@host => u@host 838c2aa98e2SPeter Wemm 839c2aa98e2SPeter Wemm 840c2aa98e2SPeter Wemm 841c2aa98e2SPeter Wemm############################################################## 842c2aa98e2SPeter Wemm### Ruleset 97 -- recanonicalize and call ruleset zero ### 843c2aa98e2SPeter Wemm### (used for recursive calls) ### 844c2aa98e2SPeter Wemm############################################################## 845c2aa98e2SPeter Wemm 84606f25ae9SGregory Neil ShapiroSRecurse=97 84706f25ae9SGregory Neil ShapiroR$* $: $>canonify $1 84806f25ae9SGregory Neil ShapiroR$* $@ $>parse $1 849c2aa98e2SPeter Wemm 850c2aa98e2SPeter Wemm 851c2aa98e2SPeter Wemm###################################### 852c2aa98e2SPeter Wemm### Ruleset 0 -- Parse Address ### 853c2aa98e2SPeter Wemm###################################### 854c2aa98e2SPeter Wemm 85506f25ae9SGregory Neil ShapiroSparse=0 856c2aa98e2SPeter Wemm 857c2aa98e2SPeter WemmR$* $: $>Parse0 $1 initial parsing 858c2aa98e2SPeter WemmR<@> $#_LOCAL_ $: <@> special case error msgs 85906f25ae9SGregory Neil ShapiroR$* $: $>ParseLocal $1 handle local hacks 860c2aa98e2SPeter WemmR$* $: $>Parse1 $1 final parsing 861c2aa98e2SPeter Wemm 862c2aa98e2SPeter Wemm# 863c2aa98e2SPeter Wemm# Parse0 -- do initial syntax checking and eliminate local addresses. 864c2aa98e2SPeter Wemm# This should either return with the (possibly modified) input 865c2aa98e2SPeter Wemm# or return with a #error mailer. It should not return with a 866c2aa98e2SPeter Wemm# #mailer other than the #error mailer. 867c2aa98e2SPeter Wemm# 868c2aa98e2SPeter Wemm 869c2aa98e2SPeter WemmSParse0 870c2aa98e2SPeter WemmR<@> $@ <@> special case error msgs 8718774250cSGregory Neil ShapiroR$* : $* ; <@> $#error $@ 5.1.3 $: "CODE553 List:; syntax illegal for recipient addresses" 87206f25ae9SGregory Neil ShapiroR@ <@ $* > < @ $1 > catch "@@host" bogosity 8738774250cSGregory Neil ShapiroR<@ $+> $#error $@ 5.1.3 $: "CODE553 User address required" 874c2aa98e2SPeter WemmR$* $: <> $1 875c2aa98e2SPeter WemmR<> $* < @ [ $+ ] > $* $1 < @ [ $2 ] > $3 8768774250cSGregory Neil ShapiroR<> $* <$* : $* > $* $#error $@ 5.1.3 $: "CODE553 Colon illegal in host name part" 877c2aa98e2SPeter WemmR<> $* $1 8788774250cSGregory Neil ShapiroR$* < @ . $* > $* $#error $@ 5.1.2 $: "CODE553 Invalid host name" 8798774250cSGregory Neil ShapiroR$* < @ $* .. $* > $* $#error $@ 5.1.2 $: "CODE553 Invalid host name" 88006f25ae9SGregory Neil Shapirodnl comma only allowed before @; this check is not complete 8818774250cSGregory Neil ShapiroR$* , $~O $* $#error $@ 5.1.2 $: "CODE553 Invalid route address" 882c2aa98e2SPeter Wemm 883c2aa98e2SPeter Wemm# now delete the local info -- note $=O to find characters that cause forwarding 88406f25ae9SGregory Neil ShapiroR$* < @ > $* $@ $>Parse0 $>canonify $1 user@ => user 88506f25ae9SGregory Neil ShapiroR< @ $=w . > : $* $@ $>Parse0 $>canonify $2 @here:... -> ... 886c2aa98e2SPeter WemmR$- < @ $=w . > $: $(dequote $1 $) < @ $2 . > dequote "foo"@here 8878774250cSGregory Neil ShapiroR< @ $+ > $#error $@ 5.1.3 $: "CODE553 User address required" 88806f25ae9SGregory Neil ShapiroR$* $=O $* < @ $=w . > $@ $>Parse0 $>canonify $1 $2 $3 ...@here -> ... 889c2aa98e2SPeter WemmR$- $: $(dequote $1 $) < @ *LOCAL* > dequote "foo" 8908774250cSGregory Neil ShapiroR< @ *LOCAL* > $#error $@ 5.1.3 $: "CODE553 User address required" 891c2aa98e2SPeter WemmR$* $=O $* < @ *LOCAL* > 89206f25ae9SGregory Neil Shapiro $@ $>Parse0 $>canonify $1 $2 $3 ...@*LOCAL* -> ... 893c2aa98e2SPeter WemmR$* < @ *LOCAL* > $: $1 894c2aa98e2SPeter Wemm 895c2aa98e2SPeter Wemm# 896c2aa98e2SPeter Wemm# Parse1 -- the bottom half of ruleset 0. 897c2aa98e2SPeter Wemm# 898c2aa98e2SPeter Wemm 899c2aa98e2SPeter WemmSParse1 90006f25ae9SGregory Neil Shapiroifdef(`_LDAP_ROUTING_', `dnl 90106f25ae9SGregory Neil Shapiro# handle LDAP routing for hosts in $={LDAPRoute} 90206f25ae9SGregory Neil ShapiroR$+ < @ $={LDAPRoute} . > $: $>LDAPExpand <$1 < @ $2 . >> <$1 @ $2>', 903c2aa98e2SPeter Wemm`dnl') 904c2aa98e2SPeter Wemm 90506f25ae9SGregory Neil Shapiroifdef(`_MAILER_smtp_', 90606f25ae9SGregory Neil Shapiro`# handle numeric address spec 90706f25ae9SGregory Neil Shapirodnl there is no check whether this is really an IP number 90806f25ae9SGregory Neil ShapiroR$* < @ [ $+ ] > $* $: $>ParseLocal $1 < @ [ $2 ] > $3 numeric internet spec 90906f25ae9SGregory Neil ShapiroR$* < @ [ $+ ] > $* $1 < @ [ $2 ] : $S > $3 Add smart host to path 91006f25ae9SGregory Neil ShapiroR$* < @ [ IPv6 $- ] : > $* 91106f25ae9SGregory Neil Shapiro $#_SMTP_ $@ [ $(dequote $2 $) ] $: $1 < @ [IPv6 $2 ] > $3 no smarthost: send 91206f25ae9SGregory Neil ShapiroR$* < @ [ $+ ] : > $* $#_SMTP_ $@ [$2] $: $1 < @ [$2] > $3 no smarthost: send 91306f25ae9SGregory Neil ShapiroR$* < @ [ $+ ] : $- : $*> $* $#$3 $@ $4 $: $1 < @ [$2] > $5 smarthost with mailer 91406f25ae9SGregory Neil ShapiroR$* < @ [ $+ ] : $+ > $* $#_SMTP_ $@ $3 $: $1 < @ [$2] > $4 smarthost without mailer', 91506f25ae9SGregory Neil Shapiro `dnl') 91606f25ae9SGregory Neil Shapiro 91706f25ae9SGregory Neil Shapiroifdef(`_VIRTUSER_TABLE_', `dnl 918c2aa98e2SPeter Wemm# handle virtual users 91906f25ae9SGregory Neil ShapiroR$+ $: <!> $1 Mark for lookup 92006f25ae9SGregory Neil Shapiroifdef(`_VIRTUSER_ENTIRE_DOMAIN_', 92106f25ae9SGregory Neil Shapiro`R<!> $+ < @ $* $={VirtHost} . > $: < $(virtuser $1 @ $2 $3 $@ $1 $: @ $) > $1 < @ $2 $3 . >', 92206f25ae9SGregory Neil Shapiro`R<!> $+ < @ $={VirtHost} . > $: < $(virtuser $1 @ $2 $@ $1 $: @ $) > $1 < @ $2 . >') 92306f25ae9SGregory Neil ShapiroR<!> $+ < @ $=w . > $: < $(virtuser $1 @ $2 $@ $1 $: @ $) > $1 < @ $2 . > 924c2aa98e2SPeter WemmR<@> $+ + $* < @ $* . > 92506f25ae9SGregory Neil Shapiro $: < $(virtuser $1 + * @ $3 $@ $1 $@ $2 $: @ $) > $1 + $2 < @ $3 . > 926c2aa98e2SPeter WemmR<@> $+ + $* < @ $* . > 927c2aa98e2SPeter Wemm $: < $(virtuser $1 @ $3 $@ $1 $: @ $) > $1 + $2 < @ $3 . > 92806f25ae9SGregory Neil Shapirodnl try default entry: @domain 92906f25ae9SGregory Neil Shapirodnl +*@domain 93006f25ae9SGregory Neil ShapiroR<@> $+ + $+ < @ $+ . > $: < $(virtuser + * @ $3 $@ $1 $@ $2 $: @ $) > $1 + $2 < @ $3 . > 93106f25ae9SGregory Neil Shapirodnl @domain if +detail exists 93206f25ae9SGregory Neil ShapiroR<@> $+ + $* < @ $+ . > $: < $(virtuser @ $3 $@ $1 $@ $2 $: @ $) > $1 + $2 < @ $3 . > 93306f25ae9SGregory Neil Shapirodnl without +detail (or no match) 934c2aa98e2SPeter WemmR<@> $+ < @ $+ . > $: < $(virtuser @ $2 $@ $1 $: @ $) > $1 < @ $2 . > 935c2aa98e2SPeter WemmR<@> $+ $: $1 93606f25ae9SGregory Neil ShapiroR<!> $+ $: $1 93706f25ae9SGregory Neil ShapiroR< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4 938c2aa98e2SPeter WemmR< error : $- $+ > $* $#error $@ $(dequote $1 $) $: $2 9398774250cSGregory Neil Shapiroifdef(`_NO_VIRTUSER_RECURSION_', 9408774250cSGregory Neil Shapiro`R< $+ > $+ < @ $+ > $: $>ParseLocal $>Parse0 $>canonify $1', 9418774250cSGregory Neil Shapiro`R< $+ > $+ < @ $+ > $: $>Recurse $1') 9428774250cSGregory Neil Shapirodnl', `dnl') 943c2aa98e2SPeter Wemm 944c2aa98e2SPeter Wemm# short circuit local delivery so forwarded email works 945c2aa98e2SPeter Wemmifdef(`_MAILER_usenet_', `dnl 94606f25ae9SGregory Neil ShapiroR$+ . USENET < @ $=w . > $#usenet $@ usenet $: $1 handle usenet specially', `dnl') 94742e5d165SGregory Neil Shapiro 94842e5d165SGregory Neil Shapiro 949c2aa98e2SPeter Wemmifdef(`_STICKY_LOCAL_DOMAIN_', 950c2aa98e2SPeter Wemm`R$+ < @ $=w . > $: < $H > $1 < @ $2 . > first try hub 95106f25ae9SGregory Neil ShapiroR< $+ > $+ < $+ > $>MailerToTriple < $1 > $2 < $3 > yep .... 95206f25ae9SGregory Neil Shapirodnl $H empty (but @$=w.) 953c2aa98e2SPeter WemmR< > $+ + $* < $+ > $#_LOCAL_ $: $1 + $2 plussed name? 954c2aa98e2SPeter WemmR< > $+ < $+ > $#_LOCAL_ $: @ $1 nope, local address', 955c2aa98e2SPeter Wemm`R$=L < @ $=w . > $#_LOCAL_ $: @ $1 special local names 956c2aa98e2SPeter WemmR$+ < @ $=w . > $#_LOCAL_ $: $1 regular local name') 957c2aa98e2SPeter Wemm 95806f25ae9SGregory Neil Shapiroifdef(`_MAILER_TABLE_', `dnl 959c2aa98e2SPeter Wemm# not local -- try mailer table lookup 960c2aa98e2SPeter WemmR$* <@ $+ > $* $: < $2 > $1 < @ $2 > $3 extract host name 961c2aa98e2SPeter WemmR< $+ . > $* $: < $1 > $2 strip trailing dot 962c2aa98e2SPeter WemmR< $+ > $* $: < $(mailertable $1 $) > $2 lookup 96306f25ae9SGregory Neil Shapirodnl it is $~[ instead of $- to avoid matches on IPv6 addresses 96406f25ae9SGregory Neil ShapiroR< $~[ : $* > $* $>MailerToTriple < $1 : $2 > $3 check -- resolved? 96506f25ae9SGregory Neil ShapiroR< $+ > $* $: $>Mailertable <$1> $2 try domain', 966c2aa98e2SPeter Wemm`dnl') 96706f25ae9SGregory Neil Shapiroundivert(4)dnl UUCP rules from `MAILER(uucp)' 968c2aa98e2SPeter Wemm 969c2aa98e2SPeter Wemmifdef(`_NO_UUCP_', `dnl', 970c2aa98e2SPeter Wemm`# resolve remotely connected UUCP links (if any) 971c2aa98e2SPeter Wemmifdef(`_CLASS_V_', 97206f25ae9SGregory Neil Shapiro`R$* < @ $=V . UUCP . > $* $: $>MailerToTriple < $V > $1 <@$2.UUCP.> $3', 973c2aa98e2SPeter Wemm `dnl') 974c2aa98e2SPeter Wemmifdef(`_CLASS_W_', 97506f25ae9SGregory Neil Shapiro`R$* < @ $=W . UUCP . > $* $: $>MailerToTriple < $W > $1 <@$2.UUCP.> $3', 976c2aa98e2SPeter Wemm `dnl') 977c2aa98e2SPeter Wemmifdef(`_CLASS_X_', 97806f25ae9SGregory Neil Shapiro`R$* < @ $=X . UUCP . > $* $: $>MailerToTriple < $X > $1 <@$2.UUCP.> $3', 979c2aa98e2SPeter Wemm `dnl')') 980c2aa98e2SPeter Wemm 981c2aa98e2SPeter Wemm# resolve fake top level domains by forwarding to other hosts 982c2aa98e2SPeter Wemmifdef(`BITNET_RELAY', 98306f25ae9SGregory Neil Shapiro`R$*<@$+.BITNET.>$* $: $>MailerToTriple < $B > $1 <@$2.BITNET.> $3 user@host.BITNET', 984c2aa98e2SPeter Wemm `dnl') 985c2aa98e2SPeter Wemmifdef(`DECNET_RELAY', 98606f25ae9SGregory Neil Shapiro`R$*<@$+.DECNET.>$* $: $>MailerToTriple < $C > $1 <@$2.DECNET.> $3 user@host.DECNET', 987c2aa98e2SPeter Wemm `dnl') 988c2aa98e2SPeter Wemmifdef(`_MAILER_pop_', 989c2aa98e2SPeter Wemm`R$+ < @ POP. > $#pop $: $1 user@POP', 990c2aa98e2SPeter Wemm `dnl') 991c2aa98e2SPeter Wemmifdef(`_MAILER_fax_', 992c2aa98e2SPeter Wemm`R$+ < @ $+ .FAX. > $#fax $@ $2 $: $1 user@host.FAX', 993c2aa98e2SPeter Wemm`ifdef(`FAX_RELAY', 99406f25ae9SGregory Neil Shapiro`R$*<@$+.FAX.>$* $: $>MailerToTriple < $F > $1 <@$2.FAX.> $3 user@host.FAX', 995c2aa98e2SPeter Wemm `dnl')') 996c2aa98e2SPeter Wemm 997c2aa98e2SPeter Wemmifdef(`UUCP_RELAY', 998c2aa98e2SPeter Wemm`# forward non-local UUCP traffic to our UUCP relay 99906f25ae9SGregory Neil ShapiroR$*<@$*.UUCP.>$* $: $>MailerToTriple < $Y > $1 <@$2.UUCP.> $3 uucp mail', 1000c2aa98e2SPeter Wemm`ifdef(`_MAILER_uucp_', 1001c2aa98e2SPeter Wemm`# forward other UUCP traffic straight to UUCP 1002c2aa98e2SPeter WemmR$* < @ $+ .UUCP. > $* $#_UUCP_ $@ $2 $: $1 < @ $2 .UUCP. > $3 user@host.UUCP', 1003c2aa98e2SPeter Wemm `dnl')') 1004c2aa98e2SPeter Wemmifdef(`_MAILER_usenet_', ` 1005c2aa98e2SPeter Wemm# addresses sent to net.group.USENET will get forwarded to a newsgroup 100606f25ae9SGregory Neil ShapiroR$+ . USENET $#usenet $@ usenet $: $1', 1007c2aa98e2SPeter Wemm `dnl') 1008c2aa98e2SPeter Wemm 1009c2aa98e2SPeter Wemmifdef(`_LOCAL_RULES_', 1010c2aa98e2SPeter Wemm`# figure out what should stay in our local mail system 1011c2aa98e2SPeter Wemmundivert(1)', `dnl') 1012c2aa98e2SPeter Wemm 1013c2aa98e2SPeter Wemm# pass names that still have a host to a smarthost (if defined) 101406f25ae9SGregory Neil ShapiroR$* < @ $* > $* $: $>MailerToTriple < $S > $1 < @ $2 > $3 glue on smarthost name 1015c2aa98e2SPeter Wemm 1016c2aa98e2SPeter Wemm# deal with other remote names 1017c2aa98e2SPeter Wemmifdef(`_MAILER_smtp_', 1018c2aa98e2SPeter Wemm`R$* < @$* > $* $#_SMTP_ $@ $2 $: $1 < @ $2 > $3 user@host.domain', 10198774250cSGregory Neil Shapiro`R$* < @$* > $* $#error $@ 5.1.2 $: "CODE553 Unrecognized host name " $2') 1020c2aa98e2SPeter Wemm 1021c2aa98e2SPeter Wemm# handle locally delivered names 1022c2aa98e2SPeter WemmR$=L $#_LOCAL_ $: @ $1 special local names 1023c2aa98e2SPeter WemmR$+ $#_LOCAL_ $: $1 regular local names 1024c2aa98e2SPeter Wemm 1025c2aa98e2SPeter Wemm########################################################################### 1026c2aa98e2SPeter Wemm### Ruleset 5 -- special rewriting after aliases have been expanded ### 1027c2aa98e2SPeter Wemm########################################################################### 1028c2aa98e2SPeter Wemm 102906f25ae9SGregory Neil ShapiroSLocal_localaddr 103006f25ae9SGregory Neil ShapiroSlocaladdr=5 103106f25ae9SGregory Neil ShapiroR$+ $: $1 $| $>"Local_localaddr" $1 103206f25ae9SGregory Neil ShapiroR$+ $| $#$* $#$2 103306f25ae9SGregory Neil ShapiroR$+ $| $* $: $1 1034c2aa98e2SPeter Wemm 103542e5d165SGregory Neil Shapiroifdef(`_FFR_5_', ` 103642e5d165SGregory Neil Shapiro# Preserve host in a macro 103742e5d165SGregory Neil ShapiroR$+ $: $(macro {LocalAddrHost} $) $1 103842e5d165SGregory Neil ShapiroR$+ @ $+ $: $(macro {LocalAddrHost} $@ @ $2 $) $1') 1039c2aa98e2SPeter Wemm 104042e5d165SGregory Neil Shapiroifdef(`_PRESERVE_LOCAL_PLUS_DETAIL_', `', ` 104142e5d165SGregory Neil Shapiro# deal with plussed users so aliases work nicely 104242e5d165SGregory Neil ShapiroR$+ + * $#_LOCAL_ $@ $&h $: $1`'ifdef(`_FFR_5_', ` $&{LocalAddrHost}') 104342e5d165SGregory Neil ShapiroR$+ + $* $#_LOCAL_ $@ + $2 $: $1 + *`'ifdef(`_FFR_5_', ` $&{LocalAddrHost}') 104442e5d165SGregory Neil Shapiro') 1045c2aa98e2SPeter Wemm# prepend an empty "forward host" on the front 1046c2aa98e2SPeter WemmR$+ $: <> $1 1047c2aa98e2SPeter Wemm 1048c2aa98e2SPeter Wemmifdef(`LUSER_RELAY', `dnl 1049c2aa98e2SPeter Wemm# send unrecognized local users to a relay host 105042e5d165SGregory Neil Shapiroifdef(`_PRESERVE_LOCAL_PLUS_DETAIL_', ` 105142e5d165SGregory Neil ShapiroR< > $+ + $* $: < ? $L > <+ $2> $(user $1 $) look up user+ 105242e5d165SGregory Neil ShapiroR< > $+ $: < ? $L > < > $(user $1 $) look up user 105342e5d165SGregory Neil ShapiroR< ? $* > < $* > $+ <> $: < > $3 $2 found; strip $L 105442e5d165SGregory Neil ShapiroR< ? $* > < $* > $+ $: < $1 > $3 $2 not found', ` 105506f25ae9SGregory Neil ShapiroR< > $+ $: < $L > $(user $1 $) look up user 105642e5d165SGregory Neil ShapiroR< $* > $+ <> $: < > $2 found; strip $L')', 1057c2aa98e2SPeter Wemm`dnl') 1058c2aa98e2SPeter Wemm 1059c2aa98e2SPeter Wemm# see if we have a relay or a hub 1060c2aa98e2SPeter WemmR< > $+ $: < $H > $1 try hub 1061c2aa98e2SPeter WemmR< > $+ $: < $R > $1 try relay 106242e5d165SGregory Neil Shapiroifdef(`_PRESERVE_LOCAL_PLUS_DETAIL_', ` 106342e5d165SGregory Neil ShapiroR< > $+ $@ $1', ` 106406f25ae9SGregory Neil ShapiroR< > $+ $: < > < $1 <> $&h > nope, restore +detail 106506f25ae9SGregory Neil ShapiroR< > < $+ <> + $* > $: < > < $1 + $2 > check whether +detail 106606f25ae9SGregory Neil ShapiroR< > < $+ <> $* > $: < > < $1 > else discard 1067c2aa98e2SPeter WemmR< > < $+ + $* > $* < > < $1 > + $2 $3 find the user part 106842e5d165SGregory Neil ShapiroR< > < $+ > + $* $#_LOCAL_ $@ $2 $: @ $1`'ifdef(`_FFR_5_', ` $&{LocalAddrHost}') strip the extra + 1069c2aa98e2SPeter WemmR< > < $+ > $@ $1 no +detail 10702e43090eSPeter WemmR$+ $: $1 <> $&h add +detail back in 10712e43090eSPeter WemmR$+ <> + $* $: $1 + $2 check whether +detail 107242e5d165SGregory Neil ShapiroR$+ <> $* $: $1 else discard') 107306f25ae9SGregory Neil ShapiroR< local : $* > $* $: $>MailerToTriple < local : $1 > $2 no host extension 107406f25ae9SGregory Neil ShapiroR< error : $* > $* $: $>MailerToTriple < error : $1 > $2 no host extension 107506f25ae9SGregory Neil ShapiroR< $- : $+ > $+ $: $>MailerToTriple < $1 : $2 > $3 < @ $2 > 107606f25ae9SGregory Neil ShapiroR< $+ > $+ $@ $>MailerToTriple < $1 > $2 < @ $1 > 1077c2aa98e2SPeter Wemm 107806f25ae9SGregory Neil Shapiroifdef(`_MAILER_TABLE_', `dnl 1079c2aa98e2SPeter Wemm################################################################### 1080c2aa98e2SPeter Wemm### Ruleset 90 -- try domain part of mailertable entry ### 108106f25ae9SGregory Neil Shapirodnl input: LeftPartOfDomain <RightPartOfDomain> FullAddress 1082c2aa98e2SPeter Wemm################################################################### 1083c2aa98e2SPeter Wemm 108406f25ae9SGregory Neil ShapiroSMailertable=90 108506f25ae9SGregory Neil Shapirodnl shift and check 108606f25ae9SGregory Neil Shapirodnl %2 is not documented in cf/README 1087c2aa98e2SPeter WemmR$* <$- . $+ > $* $: $1$2 < $(mailertable .$3 $@ $1$2 $@ $2 $) > $4 108806f25ae9SGregory Neil Shapirodnl it is $~[ instead of $- to avoid matches on IPv6 addresses 108906f25ae9SGregory Neil ShapiroR$* <$~[ : $* > $* $>MailerToTriple < $2 : $3 > $4 check -- resolved? 109006f25ae9SGregory Neil ShapiroR$* < . $+ > $* $@ $>Mailertable $1 . <$2> $3 no -- strip & try again 109106f25ae9SGregory Neil Shapirodnl is $2 always empty? 1092c2aa98e2SPeter WemmR$* < $* > $* $: < $(mailertable . $@ $1$2 $) > $3 try "." 109306f25ae9SGregory Neil ShapiroR< $~[ : $* > $* $>MailerToTriple < $1 : $2 > $3 "." found? 109406f25ae9SGregory Neil Shapirodnl return full address 1095c2aa98e2SPeter WemmR< $* > $* $@ $2 no mailertable match', 1096c2aa98e2SPeter Wemm`dnl') 1097c2aa98e2SPeter Wemm 1098c2aa98e2SPeter Wemm################################################################### 1099c2aa98e2SPeter Wemm### Ruleset 95 -- canonify mailer:[user@]host syntax to triple ### 110006f25ae9SGregory Neil Shapirodnl input: in general: <[mailer:]host> lp<@domain>rest 110106f25ae9SGregory Neil Shapirodnl <> address -> address 110206f25ae9SGregory Neil Shapirodnl <error:d.s.n:text> -> error 110306f25ae9SGregory Neil Shapirodnl <error:text> -> error 110406f25ae9SGregory Neil Shapirodnl <mailer:user@host> lp<@domain>rest -> mailer host user 110506f25ae9SGregory Neil Shapirodnl <mailer:host> address -> mailer host address 110606f25ae9SGregory Neil Shapirodnl <localdomain> address -> address 110706f25ae9SGregory Neil Shapirodnl <[IPv6 number]> address -> relay number address 110806f25ae9SGregory Neil Shapirodnl <host> address -> relay host address 1109c2aa98e2SPeter Wemm################################################################### 1110c2aa98e2SPeter Wemm 111106f25ae9SGregory Neil ShapiroSMailerToTriple=95 1112c2aa98e2SPeter WemmR< > $* $@ $1 strip off null relay 111306f25ae9SGregory Neil ShapiroR< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4 1114c2aa98e2SPeter WemmR< error : $- $+ > $* $#error $@ $(dequote $1 $) $: $2 1115c2aa98e2SPeter WemmR< local : $* > $* $>CanonLocal < $1 > $2 1116c2aa98e2SPeter WemmR< $- : $+ @ $+ > $*<$*>$* $# $1 $@ $3 $: $2<@$3> use literal user 1117c2aa98e2SPeter WemmR< $- : $+ > $* $# $1 $@ $2 $: $3 try qualified mailer 1118c2aa98e2SPeter WemmR< $=w > $* $@ $2 delete local host 111906f25ae9SGregory Neil ShapiroR< [ IPv6 $+ ] > $* $#_RELAY_ $@ $(dequote $1 $) $: $2 use unqualified mailer 1120c2aa98e2SPeter WemmR< $+ > $* $#_RELAY_ $@ $1 $: $2 use unqualified mailer 1121c2aa98e2SPeter Wemm 1122c2aa98e2SPeter Wemm################################################################### 1123c2aa98e2SPeter Wemm### Ruleset CanonLocal -- canonify local: syntax ### 112406f25ae9SGregory Neil Shapirodnl input: <user> address 112506f25ae9SGregory Neil Shapirodnl <x> <@host> : rest -> Recurse rest 112606f25ae9SGregory Neil Shapirodnl <x> p1 $=O p2 <@host> -> Recurse p1 $=O p2 112706f25ae9SGregory Neil Shapirodnl <> user <@host> rest -> local user@host user 112806f25ae9SGregory Neil Shapirodnl <> user -> local user user 112906f25ae9SGregory Neil Shapirodnl <user@host> lp <@domain> rest -> <user> lp <@host> [cont] 113006f25ae9SGregory Neil Shapirodnl <user> lp <@host> rest -> local lp@host user 113106f25ae9SGregory Neil Shapirodnl <user> lp -> local lp user 1132c2aa98e2SPeter Wemm################################################################### 1133c2aa98e2SPeter Wemm 1134c2aa98e2SPeter WemmSCanonLocal 11352e43090eSPeter Wemm# strip local host from routed addresses 113606f25ae9SGregory Neil ShapiroR< $* > < @ $+ > : $+ $@ $>Recurse $3 113706f25ae9SGregory Neil ShapiroR< $* > $+ $=O $+ < @ $+ > $@ $>Recurse $2 $3 $4 11382e43090eSPeter Wemm 1139c2aa98e2SPeter Wemm# strip trailing dot from any host name that may appear 1140c2aa98e2SPeter WemmR< $* > $* < @ $* . > $: < $1 > $2 < @ $3 > 1141c2aa98e2SPeter Wemm 1142c2aa98e2SPeter Wemm# handle local: syntax -- use old user, either with or without host 1143c2aa98e2SPeter WemmR< > $* < @ $* > $* $#_LOCAL_ $@ $1@$2 $: $1 1144c2aa98e2SPeter WemmR< > $+ $#_LOCAL_ $@ $1 $: $1 1145c2aa98e2SPeter Wemm 1146c2aa98e2SPeter Wemm# handle local:user@host syntax -- ignore host part 1147c2aa98e2SPeter WemmR< $+ @ $+ > $* < @ $* > $: < $1 > $3 < @ $4 > 1148c2aa98e2SPeter Wemm 1149c2aa98e2SPeter Wemm# handle local:user syntax 1150c2aa98e2SPeter WemmR< $+ > $* <@ $* > $* $#_LOCAL_ $@ $2@$3 $: $1 1151c2aa98e2SPeter WemmR< $+ > $* $#_LOCAL_ $@ $2 $: $1 1152c2aa98e2SPeter Wemm 1153c2aa98e2SPeter Wemm################################################################### 1154c2aa98e2SPeter Wemm### Ruleset 93 -- convert header names to masqueraded form ### 1155c2aa98e2SPeter Wemm################################################################### 1156c2aa98e2SPeter Wemm 115706f25ae9SGregory Neil ShapiroSMasqHdr=93 1158c2aa98e2SPeter Wemm 115906f25ae9SGregory Neil Shapiroifdef(`_GENERICS_TABLE_', `dnl 1160c2aa98e2SPeter Wemm# handle generics database 1161c2aa98e2SPeter Wemmifdef(`_GENERICS_ENTIRE_DOMAIN_', 116206f25ae9SGregory Neil Shapirodnl if generics should be applied add a @ as mark 1163c2aa98e2SPeter Wemm`R$+ < @ $* $=G . > $: < $1@$2$3 > $1 < @ $2$3 . > @ mark', 1164c2aa98e2SPeter Wemm`R$+ < @ $=G . > $: < $1@$2 > $1 < @ $2 . > @ mark') 1165c2aa98e2SPeter WemmR$+ < @ *LOCAL* > $: < $1@$j > $1 < @ *LOCAL* > @ mark 116606f25ae9SGregory Neil Shapirodnl workspace: either user<@domain> or <user@domain> user <@domain> @ 116706f25ae9SGregory Neil Shapirodnl ignore the first case for now 116806f25ae9SGregory Neil Shapirodnl if it has the mark lookup full address 116906f25ae9SGregory Neil ShapiroR< $+ > $+ < $* > @ $: < $(generics $1 $: @ $1 $) > $2 < $3 > 117006f25ae9SGregory Neil Shapirodnl workspace: ... or <match|@user@domain> user <@domain> 117106f25ae9SGregory Neil Shapirodnl no match, try user+detail@domain 117206f25ae9SGregory Neil ShapiroR<@$+ + $* @ $+> $+ < @ $+ > 117306f25ae9SGregory Neil Shapiro $: < $(generics $1+*@$3 $@ $2 $:@$1 + $2@$3 $) > $4 < @ $5 > 117406f25ae9SGregory Neil ShapiroR<@$+ + $* @ $+> $+ < @ $+ > 117506f25ae9SGregory Neil Shapiro $: < $(generics $1@$3 $: $) > $4 < @ $5 > 117606f25ae9SGregory Neil Shapirodnl no match, remove mark 117706f25ae9SGregory Neil ShapiroR<@$+ > $+ < @ $+ > $: < > $2 < @ $3 > 117806f25ae9SGregory Neil Shapirodnl no match, try @domain for exceptions 117906f25ae9SGregory Neil ShapiroR< > $+ < @ $+ . > $: < $(generics @$2 $@ $1 $: $) > $1 < @ $2 . > 118006f25ae9SGregory Neil Shapirodnl workspace: ... or <match> user <@domain> 118106f25ae9SGregory Neil Shapirodnl no match, try local part 1182c2aa98e2SPeter WemmR< > $+ < @ $+ > $: < $(generics $1 $: $) > $1 < @ $2 > 118306f25ae9SGregory Neil ShapiroR< > $+ + $* < @ $+ > $: < $(generics $1+* $@ $2 $: $) > $1 + $2 < @ $3 > 118406f25ae9SGregory Neil ShapiroR< > $+ + $* < @ $+ > $: < $(generics $1 $: $) > $1 + $2 < @ $3 > 118506f25ae9SGregory Neil ShapiroR< $* @ $* > $* < $* > $@ $>canonify $1 @ $2 found qualified 118606f25ae9SGregory Neil ShapiroR< $+ > $* < $* > $: $>canonify $1 @ *LOCAL* found unqualified 1187c2aa98e2SPeter WemmR< > $* $: $1 not found', 1188c2aa98e2SPeter Wemm`dnl') 1189c2aa98e2SPeter Wemm 119006f25ae9SGregory Neil Shapiro# do not masquerade anything in class N 119106f25ae9SGregory Neil ShapiroR$* < @ $* $=N . > $@ $1 < @ $2 $3 . > 119206f25ae9SGregory Neil Shapiro 1193c2aa98e2SPeter Wemm# special case the users that should be exposed 1194c2aa98e2SPeter WemmR$=E < @ *LOCAL* > $@ $1 < @ $j . > leave exposed 1195c2aa98e2SPeter Wemmifdef(`_MASQUERADE_ENTIRE_DOMAIN_', 1196c2aa98e2SPeter Wemm`R$=E < @ $* $=M . > $@ $1 < @ $2 $3 . >', 1197c2aa98e2SPeter Wemm`R$=E < @ $=M . > $@ $1 < @ $2 . >') 1198c2aa98e2SPeter Wemmifdef(`_LIMITED_MASQUERADE_', `dnl', 1199c2aa98e2SPeter Wemm`R$=E < @ $=w . > $@ $1 < @ $2 . >') 1200c2aa98e2SPeter Wemm 1201c2aa98e2SPeter Wemm# handle domain-specific masquerading 1202c2aa98e2SPeter Wemmifdef(`_MASQUERADE_ENTIRE_DOMAIN_', 1203c2aa98e2SPeter Wemm`R$* < @ $* $=M . > $* $: $1 < @ $2 $3 . @ $M > $4 convert masqueraded doms', 1204c2aa98e2SPeter Wemm`R$* < @ $=M . > $* $: $1 < @ $2 . @ $M > $3 convert masqueraded doms') 1205c2aa98e2SPeter Wemmifdef(`_LIMITED_MASQUERADE_', `dnl', 1206c2aa98e2SPeter Wemm`R$* < @ $=w . > $* $: $1 < @ $2 . @ $M > $3') 1207c2aa98e2SPeter WemmR$* < @ *LOCAL* > $* $: $1 < @ $j . @ $M > $2 1208c2aa98e2SPeter WemmR$* < @ $+ @ > $* $: $1 < @ $2 > $3 $M is null 1209c2aa98e2SPeter WemmR$* < @ $+ @ $+ > $* $: $1 < @ $3 . > $4 $M is not null 1210c2aa98e2SPeter Wemm 1211c2aa98e2SPeter Wemm################################################################### 1212c2aa98e2SPeter Wemm### Ruleset 94 -- convert envelope names to masqueraded form ### 1213c2aa98e2SPeter Wemm################################################################### 1214c2aa98e2SPeter Wemm 121506f25ae9SGregory Neil ShapiroSMasqEnv=94 1216c2aa98e2SPeter Wemmifdef(`_MASQUERADE_ENVELOPE_', 121706f25ae9SGregory Neil Shapiro`R$+ $@ $>MasqHdr $1', 1218c2aa98e2SPeter Wemm`R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2') 1219c2aa98e2SPeter Wemm 1220c2aa98e2SPeter Wemm################################################################### 1221c2aa98e2SPeter Wemm### Ruleset 98 -- local part of ruleset zero (can be null) ### 1222c2aa98e2SPeter Wemm################################################################### 1223c2aa98e2SPeter Wemm 122406f25ae9SGregory Neil ShapiroSParseLocal=98 122506f25ae9SGregory Neil Shapiroundivert(3)dnl LOCAL_RULE_0 1226c2aa98e2SPeter Wemm 122706f25ae9SGregory Neil Shapiroifdef(`_LDAP_ROUTING_', `dnl 122806f25ae9SGregory Neil ShapiroSLDAPExpand 122906f25ae9SGregory Neil Shapiro# do the LDAP lookups 123006f25ae9SGregory Neil ShapiroR<$+><$+> $: <$(ldapmra $2 $: $)> <$(ldapmh $2 $: $)> <$1> <$2> 123106f25ae9SGregory Neil Shapiro 123206f25ae9SGregory Neil Shapiro# if mailRoutingAddress and local or non-existant mailHost, 123306f25ae9SGregory Neil Shapiro# return the new mailRoutingAddress 123406f25ae9SGregory Neil ShapiroR< $+ > < $=w > < $+ > < $+ > $@ $>Parse0 $>canonify $1 123506f25ae9SGregory Neil ShapiroR< $+ > < > < $+ > < $+ > $@ $>Parse0 $>canonify $1 123606f25ae9SGregory Neil Shapiro 123706f25ae9SGregory Neil Shapiro# if mailRoutingAddress and non-local mailHost, 123806f25ae9SGregory Neil Shapiro# relay to mailHost with new mailRoutingAddress 123906f25ae9SGregory Neil ShapiroR< $+ > < $+ > < $+ > < $+ > $#_RELAY_ $@ $2 $: $>canonify $1 124006f25ae9SGregory Neil Shapiro 124106f25ae9SGregory Neil Shapiro# if no mailRoutingAddress and local mailHost, 124206f25ae9SGregory Neil Shapiro# return original address 124306f25ae9SGregory Neil ShapiroR< > < $=w > <$+> <$+> $@ $2 124406f25ae9SGregory Neil Shapiro 124506f25ae9SGregory Neil Shapiro# if no mailRoutingAddress and non-local mailHost, 124606f25ae9SGregory Neil Shapiro# relay to mailHost with original address 124706f25ae9SGregory Neil ShapiroR< > < $+ > <$+> <$+> $#_RELAY_ $@ $1 $: $2 124806f25ae9SGregory Neil Shapiro 124906f25ae9SGregory Neil Shapiro# if no mailRoutingAddress and no mailHost, 125006f25ae9SGregory Neil Shapiro# try @domain 125106f25ae9SGregory Neil ShapiroR< > < > <$+> <$+ @ $+> $@ $>LDAPExpand <$1> <@ $3> 125206f25ae9SGregory Neil Shapiro 125306f25ae9SGregory Neil Shapiro# if no mailRoutingAddress and no mailHost and this was a domain attempt, 125406f25ae9SGregory Neil Shapiroifelse(_LDAP_ROUTING_, `_MUST_EXIST_', `dnl 125506f25ae9SGregory Neil Shapiro# user does not exist 125606f25ae9SGregory Neil ShapiroR< > < > <$+> <@ $+> $#error $@ nouser $: "550 User unknown"', 125706f25ae9SGregory Neil Shapiro`dnl 125806f25ae9SGregory Neil Shapiro# return the original address 125906f25ae9SGregory Neil ShapiroR< > < > <$+> <@ $+> $@ $1')', 126006f25ae9SGregory Neil Shapiro`dnl') 126106f25ae9SGregory Neil Shapiro 126206f25ae9SGregory Neil Shapiroifelse(substr(confDELIVERY_MODE,0,1), `d', `errprint(`WARNING: Antispam rules not available in deferred delivery mode. 126306f25ae9SGregory Neil Shapiro')') 126406f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 1265c2aa98e2SPeter Wemm###################################################################### 1266c2aa98e2SPeter Wemm### LookUpDomain -- search for domain in access database 1267c2aa98e2SPeter Wemm### 1268c2aa98e2SPeter Wemm### Parameters: 1269c2aa98e2SPeter Wemm### <$1> -- key (domain name) 1270c2aa98e2SPeter Wemm### <$2> -- default (what to return if not found in db) 127106f25ae9SGregory Neil Shapirodnl must not be empty 1272c2aa98e2SPeter Wemm### <$3> -- passthru (additional data passed unchanged through) 127306f25ae9SGregory Neil Shapiro### <$4> -- mark (must be <(!|+) single-token>) 127406f25ae9SGregory Neil Shapiro### ! does lookup only with tag 127506f25ae9SGregory Neil Shapiro### + does lookup with and without tag 127606f25ae9SGregory Neil Shapirodnl returns: <default> <passthru> 127706f25ae9SGregory Neil Shapirodnl <result> <passthru> 1278c2aa98e2SPeter Wemm###################################################################### 1279c2aa98e2SPeter Wemm 1280c2aa98e2SPeter WemmSLookUpDomain 128106f25ae9SGregory Neil Shapirodnl remove IPv6 mark and dequote address 128206f25ae9SGregory Neil Shapirodnl it is a bit ugly because it is checked on each "iteration" 128306f25ae9SGregory Neil ShapiroR<[IPv6 $-]> <$+> <$*> <$*> $: <[$(dequote $1 $)]> <$2> <$3> <$4> 128406f25ae9SGregory Neil Shapirodnl workspace <key> <default> <passthru> <mark> 128506f25ae9SGregory Neil Shapirodnl lookup with tag (in front, no delimiter here) 128606f25ae9SGregory Neil ShapiroR<$*> <$+> <$*> <$- $-> $: < $(access $5`'_TAG_DELIM_`'$1 $: ? $) > <$1> <$2> <$3> <$4 $5> 128706f25ae9SGregory Neil Shapirodnl workspace <result-of-lookup|?> <key> <default> <passthru> <mark> 128806f25ae9SGregory Neil Shapiroifdef(`_FFR_LOOKUPDOTDOMAIN', `dnl omit first component: lookup .rest 128906f25ae9SGregory Neil ShapiroR<?> <$+.$+> <$+> <$*> <$- $-> $: < $(access $5`'_TAG_DELIM_`'.$2 $: ? $) > <$1.$2> <$3> <$4> <$5 $6>', `dnl') 129006f25ae9SGregory Neil Shapirodnl lookup without tag? 129106f25ae9SGregory Neil ShapiroR<?> <$+> <$+> <$*> <+ $*> $: < $(access $1 $: ? $) > <$1> <$2> <$3> <+ $4> 129206f25ae9SGregory Neil Shapiroifdef(`_FFR_LOOKUPDOTDOMAIN', `dnl omit first component: lookup .rest 129306f25ae9SGregory Neil ShapiroR<?> <$+.$+> <$+> <$*> <+ $*> $: < $(access .$2 $: ? $) > <$1.$2> <$3> <$4> <+ $5>', `dnl') 129406f25ae9SGregory Neil Shapirodnl lookup IP address (no check is done whether it is an IP number!) 129506f25ae9SGregory Neil ShapiroR<?> <[$+.$-]> <$+> <$*> <$*> $@ $>LookUpDomain <[$1]> <$3> <$4> <$5> 129606f25ae9SGregory Neil Shapirodnl lookup IPv6 address 1297193538b7SGregory Neil ShapiroR<?> <[$+::$-]> <$+> <$*> <$*> $: $>LookUpDomain <[$1]> <$3> <$4> <$5> 129806f25ae9SGregory Neil ShapiroR<?> <[$+:$-]> <$+> <$*> <$*> $: $>LookUpDomain <[$1]> <$3> <$4> <$5> 129906f25ae9SGregory Neil Shapirodnl not found, but subdomain: try again 130006f25ae9SGregory Neil ShapiroR<?> <$+.$+> <$+> <$*> <$*> $@ $>LookUpDomain <$2> <$3> <$4> <$5> 130106f25ae9SGregory Neil Shapirodnl not found, no subdomain: return default 130206f25ae9SGregory Neil ShapiroR<?> <$+> <$+> <$*> <$*> $@ <$2> <$3> 130306f25ae9SGregory Neil Shapirodnl return result of lookup 130406f25ae9SGregory Neil ShapiroR<$*> <$+> <$+> <$*> <$*> $@ <$1> <$4> 1305c2aa98e2SPeter Wemm 1306c2aa98e2SPeter Wemm###################################################################### 1307c2aa98e2SPeter Wemm### LookUpAddress -- search for host address in access database 1308c2aa98e2SPeter Wemm### 1309c2aa98e2SPeter Wemm### Parameters: 1310c2aa98e2SPeter Wemm### <$1> -- key (dot quadded host address) 1311c2aa98e2SPeter Wemm### <$2> -- default (what to return if not found in db) 131206f25ae9SGregory Neil Shapirodnl must not be empty 1313c2aa98e2SPeter Wemm### <$3> -- passthru (additional data passed through) 131406f25ae9SGregory Neil Shapiro### <$4> -- mark (must be <(!|+) single-token>) 131506f25ae9SGregory Neil Shapiro### ! does lookup only with tag 131606f25ae9SGregory Neil Shapiro### + does lookup with and without tag 131706f25ae9SGregory Neil Shapirodnl returns: <default> <passthru> 131806f25ae9SGregory Neil Shapirodnl <result> <passthru> 1319c2aa98e2SPeter Wemm###################################################################### 1320c2aa98e2SPeter Wemm 1321c2aa98e2SPeter WemmSLookUpAddress 132206f25ae9SGregory Neil Shapirodnl lookup with tag 132306f25ae9SGregory Neil ShapiroR<$+> <$+> <$*> <$- $+> $: < $(access $5`'_TAG_DELIM_`'$1 $: ? $) > <$1> <$2> <$3> <$4 $5> 132406f25ae9SGregory Neil Shapirodnl lookup without tag 132506f25ae9SGregory Neil ShapiroR<?> <$+> <$+> <$*> <+ $+> $: < $(access $1 $: ? $) > <$1> <$2> <$3> <+ $4> 132606f25ae9SGregory Neil Shapirodnl no match; IPv6: remove last part 1327193538b7SGregory Neil ShapiroR<?> <$+::$-> <$+> <$*> <$*> $@ $>LookUpAddress <$1> <$3> <$4> <$5> 132806f25ae9SGregory Neil ShapiroR<?> <$+:$-> <$+> <$*> <$*> $@ $>LookUpAddress <$1> <$3> <$4> <$5> 132906f25ae9SGregory Neil Shapirodnl no match; IPv4: remove last part 133006f25ae9SGregory Neil ShapiroR<?> <$+.$-> <$+> <$*> <$*> $@ $>LookUpAddress <$1> <$3> <$4> <$5> 133106f25ae9SGregory Neil Shapirodnl no match: return default 133206f25ae9SGregory Neil ShapiroR<?> <$+> <$+> <$*> <$*> $@ <$2> <$3> 133306f25ae9SGregory Neil Shapirodnl match: return result 133406f25ae9SGregory Neil ShapiroR<$*> <$+> <$+> <$*> <$*> $@ <$1> <$4>', 1335c2aa98e2SPeter Wemm`dnl') 1336c2aa98e2SPeter Wemm 1337c2aa98e2SPeter Wemm###################################################################### 1338065a643dSPeter Wemm### CanonAddr -- Convert an address into a standard form for 1339065a643dSPeter Wemm### relay checking. Route address syntax is 1340065a643dSPeter Wemm### crudely converted into a %-hack address. 1341065a643dSPeter Wemm### 1342065a643dSPeter Wemm### Parameters: 1343065a643dSPeter Wemm### $1 -- full recipient address 1344065a643dSPeter Wemm### 1345065a643dSPeter Wemm### Returns: 1346065a643dSPeter Wemm### parsed address, not in source route form 134706f25ae9SGregory Neil Shapirodnl user%host%host<@domain> 134806f25ae9SGregory Neil Shapirodnl host!user<@domain> 1349065a643dSPeter Wemm###################################################################### 1350065a643dSPeter Wemm 1351065a643dSPeter WemmSCanonAddr 135206f25ae9SGregory Neil ShapiroR$* $: $>Parse0 $>canonify $1 make domain canonical 135306f25ae9SGregory Neil Shapiroifdef(`_USE_DEPRECATED_ROUTE_ADDR_',`dnl 1354065a643dSPeter WemmR< @ $+ > : $* @ $* < @ $1 > : $2 % $3 change @ to % in src route 1355065a643dSPeter WemmR$* < @ $+ > : $* : $* $3 $1 < @ $2 > : $4 change to % hack. 1356065a643dSPeter WemmR$* < @ $+ > : $* $3 $1 < @ $2 > 135706f25ae9SGregory Neil Shapirodnl') 1358065a643dSPeter Wemm 1359065a643dSPeter Wemm###################################################################### 1360c2aa98e2SPeter Wemm### ParseRecipient -- Strip off hosts in $=R as well as possibly 1361c2aa98e2SPeter Wemm### $* $=m or the access database. 1362c2aa98e2SPeter Wemm### Check user portion for host separators. 1363c2aa98e2SPeter Wemm### 1364c2aa98e2SPeter Wemm### Parameters: 1365c2aa98e2SPeter Wemm### $1 -- full recipient address 1366c2aa98e2SPeter Wemm### 1367c2aa98e2SPeter Wemm### Returns: 1368c2aa98e2SPeter Wemm### parsed, non-local-relaying address 1369c2aa98e2SPeter Wemm###################################################################### 1370c2aa98e2SPeter Wemm 1371c2aa98e2SPeter WemmSParseRecipient 137206f25ae9SGregory Neil Shapirodnl mark and canonify address 1373065a643dSPeter WemmR$* $: <?> $>CanonAddr $1 137406f25ae9SGregory Neil Shapirodnl workspace: <?> localpart<@domain[.]> 1375c2aa98e2SPeter WemmR<?> $* < @ $* . > <?> $1 < @ $2 > strip trailing dots 137606f25ae9SGregory Neil Shapirodnl workspace: <?> localpart<@domain> 1377c2aa98e2SPeter WemmR<?> $- < @ $* > $: <?> $(dequote $1 $) < @ $2 > dequote local part 1378c2aa98e2SPeter Wemm 1379c2aa98e2SPeter Wemm# if no $=O character, no host in the user portion, we are done 1380c2aa98e2SPeter WemmR<?> $* $=O $* < @ $* > $: <NO> $1 $2 $3 < @ $4> 138106f25ae9SGregory Neil Shapirodnl no $=O in localpart: return 1382c2aa98e2SPeter WemmR<?> $* $@ $1 1383c2aa98e2SPeter Wemm 138406f25ae9SGregory Neil Shapirodnl workspace: <?> localpart<@domain>, where localpart contains $=O 138506f25ae9SGregory Neil Shapirodnl mark everything which has an "authorized" domain with <RELAY> 1386c2aa98e2SPeter Wemmifdef(`_RELAY_ENTIRE_DOMAIN_', `dnl 1387c2aa98e2SPeter Wemm# if we relay, check username portion for user%host so host can be checked also 1388c2aa98e2SPeter WemmR<NO> $* < @ $* $=m > $: <RELAY> $1 < @ $2 $3 >', `dnl') 1389065a643dSPeter Wemm 1390065a643dSPeter Wemmifdef(`_RELAY_MX_SERVED_', `dnl 139106f25ae9SGregory Neil Shapirodnl do "we" ($=w) act as backup MX server for the destination domain? 1392065a643dSPeter WemmR<NO> $* < @ $+ > $: <MX> < : $(mxserved $2 $) : > < $1 < @$2 > > 1393065a643dSPeter WemmR<MX> < : $* <TEMP> : > $* $#error $@ 4.7.1 $: "450 Can not check MX records for recipient host " $1 139406f25ae9SGregory Neil Shapirodnl yes: mark it as <RELAY> 1395065a643dSPeter WemmR<MX> < $* : $=w. : $* > < $+ > $: <RELAY> $4 139606f25ae9SGregory Neil Shapirodnl no: put old <NO> mark back 1397065a643dSPeter WemmR<MX> < : $* : > < $+ > $: <NO> $2', `dnl') 1398065a643dSPeter Wemm 139906f25ae9SGregory Neil Shapirodnl workspace: <(NO|RELAY)> localpart<@domain>, where localpart contains $=O 140006f25ae9SGregory Neil Shapirodnl if mark is <NO> then change it to <RELAY> if domain is "authorized" 1401c2aa98e2SPeter Wemmifdef(`_RELAY_HOSTS_ONLY_', 1402c2aa98e2SPeter Wemm`R<NO> $* < @ $=R > $: <RELAY> $1 < @ $2 > 140306f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 140406f25ae9SGregory Neil ShapiroR<NO> $* < @ $+ > $: <$(access To:$2 $: NO $)> $1 < @ $2 > 1405065a643dSPeter WemmR<NO> $* < @ $+ > $: <$(access $2 $: NO $)> $1 < @ $2 >',`dnl')', 1406c2aa98e2SPeter Wemm`R<NO> $* < @ $* $=R > $: <RELAY> $1 < @ $2 $3 > 140706f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 140806f25ae9SGregory Neil ShapiroR<NO> $* < @ $+ > $: $>LookUpDomain <$2> <NO> <$1 < @ $2 >> <+To> 1409c2aa98e2SPeter WemmR<$+> <$+> $: <$1> $2',`dnl')') 1410065a643dSPeter Wemm 141106f25ae9SGregory Neil Shapiro 1412c2aa98e2SPeter WemmR<RELAY> $* < @ $* > $@ $>ParseRecipient $1 1413c2aa98e2SPeter WemmR<$-> $* $@ $2 1414c2aa98e2SPeter Wemm 141506f25ae9SGregory Neil Shapiro 1416c2aa98e2SPeter Wemm###################################################################### 1417c2aa98e2SPeter Wemm### check_relay -- check hostname/address on SMTP startup 1418c2aa98e2SPeter Wemm###################################################################### 1419c2aa98e2SPeter Wemm 1420c2aa98e2SPeter WemmSLocal_check_relay 142106f25ae9SGregory Neil ShapiroScheck`'_U_`'relay 1422c2aa98e2SPeter WemmR$* $: $1 $| $>"Local_check_relay" $1 1423c2aa98e2SPeter WemmR$* $| $* $| $#$* $#$3 1424c2aa98e2SPeter WemmR$* $| $* $| $* $@ $>"Basic_check_relay" $1 $| $2 1425c2aa98e2SPeter Wemm 1426c2aa98e2SPeter WemmSBasic_check_relay 1427c2aa98e2SPeter Wemm# check for deferred delivery mode 1428c2aa98e2SPeter WemmR$* $: < ${deliveryMode} > $1 1429c2aa98e2SPeter WemmR< d > $* $@ deferred 1430c2aa98e2SPeter WemmR< $* > $* $: $2 1431c2aa98e2SPeter Wemm 143206f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 143342e5d165SGregory Neil Shapirodnl workspace: {client_name} $| {client_addr} 143406f25ae9SGregory Neil ShapiroR$+ $| $+ $: $>LookUpDomain < $1 > <?> < $2 > <+Connect> 143542e5d165SGregory Neil Shapirodnl workspace: <result-of-lookup> <{client_addr}> 143606f25ae9SGregory Neil ShapiroR<?> <$+> $: $>LookUpAddress < $1 > <?> < $1 > <+Connect> no: another lookup 143742e5d165SGregory Neil Shapirodnl workspace: <result-of-lookup> <{client_addr}> 143806f25ae9SGregory Neil ShapiroR<?> < $+ > $: $1 found nothing 143942e5d165SGregory Neil Shapirodnl workspace: <result-of-lookup> <{client_addr}> 144042e5d165SGregory Neil Shapirodnl or {client_addr} 144142e5d165SGregory Neil ShapiroR<$={Accept}> < $* > $@ $1 return value of lookup 144206f25ae9SGregory Neil ShapiroR<REJECT> $* $#error ifdef(`confREJECT_MSG', `$: "confREJECT_MSG"', `$@ 5.7.1 $: "550 Access denied"') 1443c2aa98e2SPeter WemmR<DISCARD> $* $#discard $: discard 144406f25ae9SGregory Neil Shapirodnl error tag 144542e5d165SGregory Neil ShapiroR<ERROR:$-.$-.$-:$+> <$*> $#error $@ $1.$2.$3 $: $4 144642e5d165SGregory Neil ShapiroR<ERROR:$+> <$*> $#error $: $1 144706f25ae9SGregory Neil Shapirodnl generic error from access map 144842e5d165SGregory Neil ShapiroR<$+> <$*> $#error $: $1', `dnl') 1449c2aa98e2SPeter Wemm 1450c2aa98e2SPeter Wemmifdef(`_RBL_',`dnl 145106f25ae9SGregory Neil Shapiro# DNS based IP address spam list 1452c2aa98e2SPeter WemmR$* $: $&{client_addr} 145306f25ae9SGregory Neil ShapiroR::ffff:$-.$-.$-.$- $: <?> $(host $4.$3.$2.$1._RBL_. $: OK $) 145406f25ae9SGregory Neil ShapiroR$-.$-.$-.$- $: <?> $(host $4.$3.$2.$1._RBL_. $: OK $) 145506f25ae9SGregory Neil ShapiroR<?>OK $: OKSOFAR 145606f25ae9SGregory Neil ShapiroR<?>$+ $#error $@ 5.7.1 $: "550 Mail from " $&{client_addr} " refused by blackhole site _RBL_"', 1457c2aa98e2SPeter Wemm`dnl') 145806f25ae9SGregory Neil Shapiroundivert(8) 1459c2aa98e2SPeter Wemm 1460c2aa98e2SPeter Wemm###################################################################### 1461c2aa98e2SPeter Wemm### check_mail -- check SMTP ``MAIL FROM:'' command argument 1462c2aa98e2SPeter Wemm###################################################################### 1463c2aa98e2SPeter Wemm 1464c2aa98e2SPeter WemmSLocal_check_mail 146506f25ae9SGregory Neil ShapiroScheck`'_U_`'mail 1466c2aa98e2SPeter WemmR$* $: $1 $| $>"Local_check_mail" $1 1467c2aa98e2SPeter WemmR$* $| $#$* $#$2 1468c2aa98e2SPeter WemmR$* $| $* $@ $>"Basic_check_mail" $1 1469c2aa98e2SPeter Wemm 1470c2aa98e2SPeter WemmSBasic_check_mail 1471c2aa98e2SPeter Wemm# check for deferred delivery mode 1472c2aa98e2SPeter WemmR$* $: < ${deliveryMode} > $1 1473c2aa98e2SPeter WemmR< d > $* $@ deferred 1474c2aa98e2SPeter WemmR< $* > $* $: $2 1475c2aa98e2SPeter Wemm 147606f25ae9SGregory Neil Shapiro# authenticated? 147706f25ae9SGregory Neil Shapirodnl done first: we can require authentication for every mail transaction 147806f25ae9SGregory Neil Shapirodnl workspace: address as given by MAIL FROM: (sender) 147906f25ae9SGregory Neil ShapiroR$* $: $1 $| $>"tls_client" $&{verify} $| MAIL 148006f25ae9SGregory Neil ShapiroR$* $| $#$+ $#$2 148106f25ae9SGregory Neil Shapirodnl undo damage: remove result of tls_client call 148206f25ae9SGregory Neil ShapiroR$* $| $* $: $1 148306f25ae9SGregory Neil Shapiro 148406f25ae9SGregory Neil Shapirodnl workspace: address as given by MAIL FROM: 148506f25ae9SGregory Neil ShapiroR<> $@ <OK> we MUST accept <> (RFC 1123) 148606f25ae9SGregory Neil Shapiroifdef(`_ACCEPT_UNQUALIFIED_SENDERS_',`dnl',`dnl 148706f25ae9SGregory Neil Shapirodnl do some additional checks 148806f25ae9SGregory Neil Shapirodnl no user@host 148906f25ae9SGregory Neil Shapirodnl no user@localhost (if nonlocal sender) 149006f25ae9SGregory Neil Shapirodnl this is a pretty simple canonification, it will not catch every case 149106f25ae9SGregory Neil Shapirodnl just make sure the address has <> around it (which is required by 149206f25ae9SGregory Neil Shapirodnl the RFC anyway, maybe we should complain if they are missing...) 149306f25ae9SGregory Neil Shapirodnl dirty trick: if it is user@host, just add a dot: user@host. this will 149406f25ae9SGregory Neil Shapirodnl not be modified by host lookups. 149506f25ae9SGregory Neil ShapiroR$+ $: <?> $1 149606f25ae9SGregory Neil ShapiroR<?><$+> $: <@> <$1> 149706f25ae9SGregory Neil ShapiroR<?>$+ $: <@> <$1> 149806f25ae9SGregory Neil Shapirodnl workspace: <@> <address> 149906f25ae9SGregory Neil Shapirodnl prepend daemon_flags 150006f25ae9SGregory Neil ShapiroR$* $: $&{daemon_flags} $| $1 150106f25ae9SGregory Neil Shapirodnl workspace: ${daemon_flags} $| <@> <address> 150206f25ae9SGregory Neil Shapirodnl do not allow these at all or only from local systems? 150306f25ae9SGregory Neil ShapiroR$* f $* $| <@> < $* @ $- > $: < ? $&{client_name} > < $3 @ $4 > 150406f25ae9SGregory Neil Shapirodnl accept unqualified sender: change mark to avoid test 150506f25ae9SGregory Neil ShapiroR$* u $* $| <@> < $* > $: <?> < $3 > 150606f25ae9SGregory Neil Shapirodnl workspace: ${daemon_flags} $| <@> <address> 150706f25ae9SGregory Neil Shapirodnl or: <? ${client_name} > <address> 150806f25ae9SGregory Neil Shapirodnl or: <?> <address> 150906f25ae9SGregory Neil Shapirodnl remove daemon_flags 151006f25ae9SGregory Neil ShapiroR$* $| $* $: $2 151106f25ae9SGregory Neil Shapiro# handle case of @localhost on address 151206f25ae9SGregory Neil ShapiroR<@> < $* @ localhost > $: < ? $&{client_name} > < $1 @ localhost > 151306f25ae9SGregory Neil ShapiroR<@> < $* @ [127.0.0.1] > 151406f25ae9SGregory Neil Shapiro $: < ? $&{client_name} > < $1 @ [127.0.0.1] > 151506f25ae9SGregory Neil ShapiroR<@> < $* @ localhost.$m > 151606f25ae9SGregory Neil Shapiro $: < ? $&{client_name} > < $1 @ localhost.$m > 151706f25ae9SGregory Neil Shapiroifdef(`_NO_UUCP_', `dnl', 151806f25ae9SGregory Neil Shapiro`R<@> < $* @ localhost.UUCP > 151906f25ae9SGregory Neil Shapiro $: < ? $&{client_name} > < $1 @ localhost.UUCP >') 152006f25ae9SGregory Neil Shapirodnl workspace: < ? $&{client_name} > <user@localhost|host> 152106f25ae9SGregory Neil Shapirodnl or: <@> <address> 152206f25ae9SGregory Neil Shapirodnl or: <?> <address> (thanks to u in ${daemon_flags}) 152306f25ae9SGregory Neil ShapiroR<@> $* $: $1 no localhost as domain 152406f25ae9SGregory Neil Shapirodnl workspace: < ? $&{client_name} > <user@localhost|host> 152506f25ae9SGregory Neil Shapirodnl or: <address> 152606f25ae9SGregory Neil Shapirodnl or: <?> <address> (thanks to u in ${daemon_flags}) 152706f25ae9SGregory Neil ShapiroR<? $=w> $* $: $2 local client: ok 15288774250cSGregory Neil ShapiroR<? $+> <$+> $#error $@ 5.5.4 $: "CODE553 Real domain name required for sender address" 152906f25ae9SGregory Neil Shapirodnl remove <?> (happens only if ${client_name} == "" or u in ${daemon_flags}) 153006f25ae9SGregory Neil ShapiroR<?> $* $: $1') 153106f25ae9SGregory Neil Shapirodnl workspace: address (or <address>) 153206f25ae9SGregory Neil ShapiroR$* $: <?> $>CanonAddr $1 canonify sender address and mark it 153306f25ae9SGregory Neil Shapirodnl workspace: <?> CanonicalAddress (i.e. address in canonical form localpart<@host>) 153406f25ae9SGregory Neil Shapirodnl there is nothing behind the <@host> so no trailing $* needed 1535065a643dSPeter WemmR<?> $* < @ $+ . > <?> $1 < @ $2 > strip trailing dots 1536c2aa98e2SPeter Wemm# handle non-DNS hostnames (*.bitnet, *.decnet, *.uucp, etc) 153706f25ae9SGregory Neil ShapiroR<?> $* < @ $* $=P > $: <OK> $1 < @ $2 $3 > 153806f25ae9SGregory Neil Shapirodnl workspace <mark> CanonicalAddress where mark is ? or OK 1539c2aa98e2SPeter Wemmifdef(`_ACCEPT_UNRESOLVABLE_DOMAINS_', 154006f25ae9SGregory Neil Shapiro`R<?> $* < @ $+ > $: <OK> $1 < @ $2 > ... unresolvable OK', 154106f25ae9SGregory Neil Shapiro`R<?> $* < @ $+ > $: <? $(resolve $2 $: $2 <PERM> $) > $1 < @ $2 > 154206f25ae9SGregory Neil ShapiroR<? $* <$->> $* < @ $+ > 154306f25ae9SGregory Neil Shapiro $: <$2> $3 < @ $4 >') 154406f25ae9SGregory Neil Shapirodnl workspace <mark> CanonicalAddress where mark is ?, OK, PERM, TEMP 154506f25ae9SGregory Neil Shapirodnl mark is ? iff the address is user (wo @domain) 1546c2aa98e2SPeter Wemm 154706f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 154806f25ae9SGregory Neil Shapiro# check sender address: user@address, user@, address 154906f25ae9SGregory Neil Shapirodnl should we remove +ext from user? 155006f25ae9SGregory Neil Shapirodnl workspace: <mark> CanonicalAddress where mark is: ?, OK, PERM, TEMP 155106f25ae9SGregory Neil ShapiroR<$+> $+ < @ $* > $: @<$1> <$2 < @ $3 >> $| <F:$2@$3> <U:$2@> <H:$3> 155206f25ae9SGregory Neil ShapiroR<$+> $+ $: @<$1> <$2> $| <U:$2@> 155306f25ae9SGregory Neil Shapirodnl workspace: @<mark> <CanonicalAddress> $| <@type:address> .... 155406f25ae9SGregory Neil Shapirodnl $| is used as delimiter, otherwise false matches may occur: <user<@domain>> 155506f25ae9SGregory Neil Shapirodnl will only return user<@domain when "reversing" the args 155606f25ae9SGregory Neil ShapiroR@ <$+> <$*> $| <$+> $: <@> <$1> <$2> $| $>SearchList <+From> $| <$3> <> 155706f25ae9SGregory Neil Shapirodnl workspace: <@><mark> <CanonicalAddress> $| <result> 155806f25ae9SGregory Neil ShapiroR<@> <$+> <$*> $| <$*> $: <$3> <$1> <$2> reverse result 155906f25ae9SGregory Neil Shapirodnl workspace: <result> <mark> <CanonicalAddress> 1560c2aa98e2SPeter Wemm# retransform for further use 156106f25ae9SGregory Neil Shapirodnl required form: 156206f25ae9SGregory Neil Shapirodnl <ResultOfLookup|mark> CanonicalAddress 156306f25ae9SGregory Neil ShapiroR<?> <$+> <$*> $: <$1> $2 no match 156406f25ae9SGregory Neil ShapiroR<$+> <$+> <$*> $: <$1> $3 relevant result, keep it', `dnl') 156506f25ae9SGregory Neil Shapirodnl workspace <ResultOfLookup|mark> CanonicalAddress 156606f25ae9SGregory Neil Shapirodnl mark is ? iff the address is user (wo @domain) 1567c2aa98e2SPeter Wemm 1568c2aa98e2SPeter Wemmifdef(`_ACCEPT_UNQUALIFIED_SENDERS_',`dnl',`dnl 1569c2aa98e2SPeter Wemm# handle case of no @domain on address 157006f25ae9SGregory Neil Shapirodnl prepend daemon_flags 157106f25ae9SGregory Neil ShapiroR<?> $* $: $&{daemon_flags} $| <?> $1 157206f25ae9SGregory Neil Shapirodnl accept unqualified sender: change mark to avoid test 157306f25ae9SGregory Neil ShapiroR$* u $* $| <?> $* $: <OK> $3 157406f25ae9SGregory Neil Shapirodnl remove daemon_flags 157506f25ae9SGregory Neil ShapiroR$* $| $* $: $2 1576c2aa98e2SPeter WemmR<?> $* $: < ? $&{client_name} > $1 1577c2aa98e2SPeter WemmR<?> $* $@ <OK> ...local unqualed ok 15788774250cSGregory Neil ShapiroR<? $+> $* $#error $@ 5.5.4 $: "CODE553 Domain name required for sender address " $&f 1579c2aa98e2SPeter Wemm ...remote is not') 1580c2aa98e2SPeter Wemm# check results 158106f25ae9SGregory Neil ShapiroR<?> $* $: @ $1 mark address: nothing known about it 1582c2aa98e2SPeter WemmR<OK> $* $@ <OK> 158306f25ae9SGregory Neil ShapiroR<TEMP> $* $#error $@ 4.1.8 $: "451 Domain of sender address " $&f " does not resolve" 15848774250cSGregory Neil ShapiroR<PERM> $* $#error $@ 5.1.8 $: "CODE553 Domain of sender address " $&f " does not exist" 158506f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 158606f25ae9SGregory Neil ShapiroR<$={Accept}> $* $# $1 1587c2aa98e2SPeter WemmR<DISCARD> $* $#discard $: discard 158806f25ae9SGregory Neil ShapiroR<REJECT> $* $#error ifdef(`confREJECT_MSG', `$: "confREJECT_MSG"', `$@ 5.7.1 $: "550 Access denied"') 158906f25ae9SGregory Neil Shapirodnl error tag 159006f25ae9SGregory Neil ShapiroR<ERROR:$-.$-.$-:$+> $* $#error $@ $1.$2.$3 $: $4 159106f25ae9SGregory Neil ShapiroR<ERROR:$+> $* $#error $: $1 159206f25ae9SGregory Neil Shapirodnl generic error from access map 159306f25ae9SGregory Neil ShapiroR<$+> $* $#error $: $1 error from access db', 1594c2aa98e2SPeter Wemm`dnl') 1595c2aa98e2SPeter Wemm 1596c2aa98e2SPeter Wemm###################################################################### 1597c2aa98e2SPeter Wemm### check_rcpt -- check SMTP ``RCPT TO:'' command argument 1598c2aa98e2SPeter Wemm###################################################################### 1599c2aa98e2SPeter Wemm 1600c2aa98e2SPeter WemmSLocal_check_rcpt 160106f25ae9SGregory Neil ShapiroScheck`'_U_`'rcpt 1602c2aa98e2SPeter WemmR$* $: $1 $| $>"Local_check_rcpt" $1 1603c2aa98e2SPeter WemmR$* $| $#$* $#$2 1604c2aa98e2SPeter WemmR$* $| $* $@ $>"Basic_check_rcpt" $1 1605c2aa98e2SPeter Wemm 1606c2aa98e2SPeter WemmSBasic_check_rcpt 1607c2aa98e2SPeter Wemm# check for deferred delivery mode 1608c2aa98e2SPeter WemmR$* $: < ${deliveryMode} > $1 1609c2aa98e2SPeter WemmR< d > $* $@ deferred 1610c2aa98e2SPeter WemmR< $* > $* $: $2 1611c2aa98e2SPeter Wemm 161206f25ae9SGregory Neil Shapiroifdef(`_REQUIRE_QUAL_RCPT_', `dnl 161306f25ae9SGregory Neil Shapiro# require qualified recipient? 161406f25ae9SGregory Neil ShapiroR$+ $: <?> $1 161506f25ae9SGregory Neil ShapiroR<?><$+> $: <@> <$1> 161606f25ae9SGregory Neil ShapiroR<?>$+ $: <@> <$1> 161706f25ae9SGregory Neil Shapirodnl prepend daemon_flags 161806f25ae9SGregory Neil ShapiroR$* $: $&{daemon_flags} $| $1 161906f25ae9SGregory Neil Shapirodnl workspace: ${daemon_flags} $| <@> <address> 162006f25ae9SGregory Neil Shapirodnl do not allow these at all or only from local systems? 162106f25ae9SGregory Neil ShapiroR$* r $* $| <@> < $* @ $- > $: < ? $&{client_name} > < $3 @ $4 > 162206f25ae9SGregory Neil ShapiroR<?> < $* > $: <$1> 162306f25ae9SGregory Neil ShapiroR<? $=w> < $* > $: <$1> 162406f25ae9SGregory Neil ShapiroR<? $+> <$+> $#error $@ 5.5.4 $: "553 Domain name required" 162506f25ae9SGregory Neil Shapirodnl remove daemon_flags for other cases 162606f25ae9SGregory Neil ShapiroR$* $| <@> $* $: $2', `dnl') 162706f25ae9SGregory Neil Shapiro 1628c2aa98e2SPeter Wemmifdef(`_LOOSE_RELAY_CHECK_',`dnl 1629065a643dSPeter WemmR$* $: $>CanonAddr $1 1630c2aa98e2SPeter WemmR$* < @ $* . > $1 < @ $2 > strip trailing dots', 1631c2aa98e2SPeter Wemm`R$* $: $>ParseRecipient $1 strip relayable hosts') 1632c2aa98e2SPeter Wemm 1633065a643dSPeter Wemmifdef(`_BESTMX_IS_LOCAL_',`dnl 1634065a643dSPeter Wemmifelse(_BESTMX_IS_LOCAL_, `', `dnl 1635065a643dSPeter Wemm# unlimited bestmx 1636065a643dSPeter WemmR$* < @ $* > $* $: $1 < @ $2 @@ $(bestmx $2 $) > $3', 1637065a643dSPeter Wemm`dnl 1638065a643dSPeter Wemm# limit bestmx to $=B 16392e43090eSPeter WemmR$* < @ $* $=B > $* $: $1 < @ $2 $3 @@ $(bestmx $2 $3 $) > $4') 164006f25ae9SGregory Neil ShapiroR$* $=O $* < @ $* @@ $=w . > $* $@ $>"Basic_check_rcpt" $1 $2 $3 1641065a643dSPeter WemmR$* < @ $* @@ $=w . > $* $: $1 < @ $3 > $4 1642065a643dSPeter WemmR$* < @ $* @@ $* > $* $: $1 < @ $2 > $4') 1643065a643dSPeter Wemm 1644c2aa98e2SPeter Wemmifdef(`_BLACKLIST_RCPT_',`dnl 164506f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 1646c2aa98e2SPeter Wemm# blacklist local users or any host from receiving mail 1647c2aa98e2SPeter WemmR$* $: <?> $1 164806f25ae9SGregory Neil Shapirodnl user is now tagged with @ to be consistent with check_mail 164906f25ae9SGregory Neil Shapirodnl and to distinguish users from hosts (com would be host, com@ would be user) 165006f25ae9SGregory Neil ShapiroR<?> $+ < @ $=w > $: <> <$1 < @ $2 >> $| <F:$1@$2> <U:$1@> <H:$2> 165106f25ae9SGregory Neil ShapiroR<?> $+ < @ $* > $: <> <$1 < @ $2 >> $| <F:$1@$2> <H:$2> 165206f25ae9SGregory Neil ShapiroR<?> $+ $: <> <$1> $| <U:$1@> 165306f25ae9SGregory Neil Shapirodnl $| is used as delimiter, otherwise false matches may occur: <user<@domain>> 165406f25ae9SGregory Neil Shapirodnl will only return user<@domain when "reversing" the args 165506f25ae9SGregory Neil ShapiroR<> <$*> $| <$+> $: <@> <$1> $| $>SearchList <+To> $| <$2> <> 165606f25ae9SGregory Neil ShapiroR<@> <$*> $| <$*> $: <$2> <$1> reverse result 165706f25ae9SGregory Neil ShapiroR<?> <$*> $: @ $1 mark address as no match 165806f25ae9SGregory Neil ShapiroR<$={Accept}> <$*> $: @ $2 mark address as no match 165906f25ae9SGregory Neil Shapiroifdef(`_DELAY_CHECKS_',`dnl 166006f25ae9SGregory Neil Shapirodnl we have to filter these because otherwise they would be interpreted 166106f25ae9SGregory Neil Shapirodnl as generic error message... 166206f25ae9SGregory Neil Shapirodnl error messages should be "tagged" by prefixing them with error: ! 166306f25ae9SGregory Neil Shapirodnl that would make a lot of things easier. 166406f25ae9SGregory Neil Shapirodnl maybe we should stop checks already here (if SPAM_xyx)? 166506f25ae9SGregory Neil ShapiroR<$={SpamTag}> <$*> $: @ $2 mark address as no match') 1666c2aa98e2SPeter WemmR<REJECT> $* $#error $@ 5.2.1 $: "550 Mailbox disabled for this recipient" 166706f25ae9SGregory Neil ShapiroR<DISCARD> $* $#discard $: discard 166806f25ae9SGregory Neil Shapirodnl error tag 166906f25ae9SGregory Neil ShapiroR<ERROR:$-.$-.$-:$+> $* $#error $@ $1.$2.$3 $: $4 167006f25ae9SGregory Neil ShapiroR<ERROR:$+> $* $#error $: $1 167106f25ae9SGregory Neil Shapirodnl generic error from access map 167206f25ae9SGregory Neil ShapiroR<$+> $* $#error $: $1 error from access db 167306f25ae9SGregory Neil ShapiroR@ $* $1 remove mark', `dnl')', `dnl') 1674c2aa98e2SPeter Wemm 167506f25ae9SGregory Neil Shapiroifdef(`_PROMISCUOUS_RELAY_', `divert(-1)') 167606f25ae9SGregory Neil Shapiro# authenticated? 167706f25ae9SGregory Neil Shapirodnl do this unconditionally? this requires to manage CAs carefully 167806f25ae9SGregory Neil Shapirodnl just because someone has a CERT signed by a "trusted" CA 167906f25ae9SGregory Neil Shapirodnl does not mean we want to allow relaying for her, 168006f25ae9SGregory Neil Shapirodnl either use a subroutine or provide something more sophisticated 168106f25ae9SGregory Neil Shapirodnl this could for example check the DN (maybe an access map lookup) 168206f25ae9SGregory Neil ShapiroR$* $: $1 $| $>RelayAuth $1 $| $&{verify} client authenticated? 168306f25ae9SGregory Neil ShapiroR$* $| $# $+ $# $2 error/ok? 168406f25ae9SGregory Neil ShapiroR$* $| $* $: $1 no 168506f25ae9SGregory Neil Shapiro 168606f25ae9SGregory Neil Shapiro# authenticated by a trusted mechanism? 168706f25ae9SGregory Neil ShapiroR$* $: $1 $| $&{auth_type} 168806f25ae9SGregory Neil Shapirodnl empty ${auth_type}? 168906f25ae9SGregory Neil ShapiroR$* $| $: $1 169006f25ae9SGregory Neil Shapirodnl mechanism ${auth_type} accepted? 169106f25ae9SGregory Neil Shapirodnl use $# to override further tests (delay_checks): see check_rcpt below 169206f25ae9SGregory Neil ShapiroR$* $| $={TrustAuthMech} $# RELAYAUTH 169306f25ae9SGregory Neil Shapirodnl undo addition of ${auth_type} 169406f25ae9SGregory Neil ShapiroR$* $| $* $: $1 1695193538b7SGregory Neil Shapirodnl workspace: localpart<@domain> | localpart 169606f25ae9SGregory Neil Shapiroifelse(defn(`_NO_UUCP_'), `r', 1697193538b7SGregory Neil Shapiro`R$* ! $* < @ $* > $: <REMOTE> $2 < @ BANG_PATH > 1698193538b7SGregory Neil ShapiroR$* ! $* $: <REMOTE> $2 < @ BANG_PATH >', `dnl') 1699c2aa98e2SPeter Wemm# anything terminating locally is ok 1700c2aa98e2SPeter Wemmifdef(`_RELAY_ENTIRE_DOMAIN_', `dnl 170106f25ae9SGregory Neil ShapiroR$+ < @ $* $=m > $@ RELAYTO', `dnl') 170206f25ae9SGregory Neil ShapiroR$+ < @ $=w > $@ RELAYTO 1703c2aa98e2SPeter Wemmifdef(`_RELAY_HOSTS_ONLY_', 170406f25ae9SGregory Neil Shapiro`R$+ < @ $=R > $@ RELAYTO 170506f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 170606f25ae9SGregory Neil ShapiroR$+ < @ $+ > $: <$(access To:$2 $: ? $)> <$1 < @ $2 >> 170706f25ae9SGregory Neil Shapirodnl workspace: <Result-of-lookup | ?> <localpart<@domain>> 170806f25ae9SGregory Neil ShapiroR<?> <$+ < @ $+ >> $: <$(access $2 $: ? $)> <$1 < @ $2 >>',`dnl')', 170906f25ae9SGregory Neil Shapiro`R$+ < @ $* $=R > $@ RELAYTO 171006f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 171106f25ae9SGregory Neil ShapiroR$+ < @ $+ > $: $>LookUpDomain <$2> <?> <$1 < @ $2 >> <+To>',`dnl')') 171206f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 171306f25ae9SGregory Neil Shapirodnl workspace: <Result-of-lookup | ?> <localpart<@domain>> 171406f25ae9SGregory Neil ShapiroR<RELAY> $* $@ RELAYTO 1715c2aa98e2SPeter WemmR<$*> <$*> $: $2',`dnl') 1716c2aa98e2SPeter Wemm 171706f25ae9SGregory Neil Shapiro 1718c2aa98e2SPeter Wemmifdef(`_RELAY_MX_SERVED_', `dnl 1719c2aa98e2SPeter Wemm# allow relaying for hosts which we MX serve 172006f25ae9SGregory Neil ShapiroR$+ < @ $+ > $: < : $(mxserved $2 $) : > $1 < @ $2 > 172106f25ae9SGregory Neil Shapirodnl this must not necessarily happen if the client is checked first... 1722c2aa98e2SPeter WemmR< : $* <TEMP> : > $* $#error $@ 4.7.1 $: "450 Can not check MX records for recipient host " $1 172306f25ae9SGregory Neil ShapiroR<$* : $=w . : $*> $* $@ RELAYTO 1724065a643dSPeter WemmR< : $* : > $* $: $2', 1725c2aa98e2SPeter Wemm`dnl') 1726c2aa98e2SPeter Wemm 1727c2aa98e2SPeter Wemm# check for local user (i.e. unqualified address) 1728c2aa98e2SPeter WemmR$* $: <?> $1 1729065a643dSPeter WemmR<?> $* < @ $+ > $: <REMOTE> $1 < @ $2 > 1730c2aa98e2SPeter Wemm# local user is ok 173106f25ae9SGregory Neil Shapirodnl is it really? the standard requires user@domain, not just user 173206f25ae9SGregory Neil Shapirodnl but we should accept it anyway (maybe making it an option: 173306f25ae9SGregory Neil Shapirodnl RequireFQDN ?) 173406f25ae9SGregory Neil Shapirodnl postmaster must be accepted without domain (DRUMS) 173506f25ae9SGregory Neil Shapiroifdef(`_REQUIRE_QUAL_RCPT_', `dnl 173606f25ae9SGregory Neil ShapiroR<?> postmaster $@ TOPOSTMASTER 173706f25ae9SGregory Neil Shapiro# require qualified recipient? 173806f25ae9SGregory Neil Shapirodnl prepend daemon_flags 173906f25ae9SGregory Neil ShapiroR<?> $+ $: $&{daemon_flags} $| <?> $1 174006f25ae9SGregory Neil Shapirodnl workspace: ${daemon_flags} $| <?> localpart 174106f25ae9SGregory Neil Shapirodnl do not allow these at all or only from local systems? 174206f25ae9SGregory Neil Shapirodnl r flag? add client_name 174306f25ae9SGregory Neil ShapiroR$* r $* $| <?> $+ $: < ? $&{client_name} > <?> $3 174406f25ae9SGregory Neil Shapirodnl no r flag: relay to local user (only local part) 174506f25ae9SGregory Neil Shapiro# no qualified recipient required 174606f25ae9SGregory Neil ShapiroR$* $| <?> $+ $@ RELAYTOLOCAL 174706f25ae9SGregory Neil Shapirodnl client_name is empty 174806f25ae9SGregory Neil ShapiroR<?> <?> $+ $@ RELAYTOLOCAL 174906f25ae9SGregory Neil Shapirodnl client_name is local 175006f25ae9SGregory Neil ShapiroR<? $=w> <?> $+ $@ RELAYTOLOCAL 175106f25ae9SGregory Neil Shapirodnl client_name is not local 175206f25ae9SGregory Neil ShapiroR<? $+> $+ $#error $@ 5.5.4 $: "553 Domain name required"', `dnl 175306f25ae9SGregory Neil Shapirodnl no qualified recipient required 175406f25ae9SGregory Neil ShapiroR<?> $+ $@ RELAYTOLOCAL') 175506f25ae9SGregory Neil Shapirodnl it is a remote user: remove mark and then check client 1756c2aa98e2SPeter WemmR<$+> $* $: $2 175706f25ae9SGregory Neil Shapirodnl currently the recipient address is not used below 1758c2aa98e2SPeter Wemm 1759c2aa98e2SPeter Wemm# anything originating locally is ok 1760c2aa98e2SPeter Wemm# check IP address 1761c2aa98e2SPeter WemmR$* $: $&{client_addr} 176206f25ae9SGregory Neil ShapiroR$@ $@ RELAYFROM originated locally 176306f25ae9SGregory Neil ShapiroR0 $@ RELAYFROM originated locally 176406f25ae9SGregory Neil ShapiroR$=R $* $@ RELAYFROM relayable IP address 176506f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 176606f25ae9SGregory Neil ShapiroR$* $: $>LookUpAddress <$1> <?> <$1> <+Connect> 176706f25ae9SGregory Neil ShapiroR<RELAY> $* $@ RELAYFROM relayable IP address 1768c2aa98e2SPeter WemmR<$*> <$*> $: $2', `dnl') 1769c2aa98e2SPeter WemmR$* $: [ $1 ] put brackets around it... 177006f25ae9SGregory Neil ShapiroR$=w $@ RELAYFROM ... and see if it is local 1771c2aa98e2SPeter Wemm 177206f25ae9SGregory Neil Shapiroifdef(`_RELAY_DB_FROM_', `define(`_RELAY_MAIL_FROM_', `1')')dnl 177306f25ae9SGregory Neil Shapiroifdef(`_RELAY_LOCAL_FROM_', `define(`_RELAY_MAIL_FROM_', `1')')dnl 177406f25ae9SGregory Neil Shapiroifdef(`_RELAY_MAIL_FROM_', `dnl 177506f25ae9SGregory Neil Shapirodnl input: {client_addr} or something "broken" 177606f25ae9SGregory Neil Shapirodnl just throw the input away; we do not need it. 177706f25ae9SGregory Neil Shapiro# check whether FROM is allowed to use system as relay 177806f25ae9SGregory Neil ShapiroR$* $: <?> $>CanonAddr $&f 1779c2aa98e2SPeter Wemmifdef(`_RELAY_LOCAL_FROM_', `dnl 178006f25ae9SGregory Neil Shapiro# check whether local FROM is ok 178106f25ae9SGregory Neil ShapiroR<?> $+ < @ $=w . > $@ RELAYFROMMAIL FROM local', `dnl') 178206f25ae9SGregory Neil Shapiroifdef(`_RELAY_DB_FROM_', `dnl 178306f25ae9SGregory Neil ShapiroR<?> $+ < @ $+ . > <?> $1 < @ $2 > remove trailing dot 178406f25ae9SGregory Neil ShapiroR<?> $+ < @ $+ > $: $1 < @ $2 > $| $>SearchList <! From> $| <F:$1@$2> ifdef(`_RELAY_DB_FROM_DOMAIN_', `<H:$2>') <> 178506f25ae9SGregory Neil ShapiroR$* <RELAY> $@ RELAYFROMMAIL RELAY FROM sender ok', `dnl 178606f25ae9SGregory Neil Shapiroifdef(`_RELAY_DB_FROM_DOMAIN_', `errprint(`*** ERROR: _RELAY_DB_FROM_DOMAIN_ requires _RELAY_DB_FROM_ 178706f25ae9SGregory Neil Shapiro')', 178806f25ae9SGregory Neil Shapiro`dnl') 178906f25ae9SGregory Neil Shapirodnl')', `dnl') 179006f25ae9SGregory Neil Shapiro 179106f25ae9SGregory Neil Shapiro# check client name: first: did it resolve? 179206f25ae9SGregory Neil Shapirodnl input: ignored 179306f25ae9SGregory Neil ShapiroR$* $: < $&{client_resolve} > 179406f25ae9SGregory Neil ShapiroR<TEMP> $#error $@ 4.7.1 $: "450 Relaying temporarily denied. Cannot resolve PTR record for " $&{client_addr} 179506f25ae9SGregory Neil ShapiroR<FORGED> $#error $@ 5.7.1 $: "550 Relaying denied. IP name possibly forged " $&{client_name} 179606f25ae9SGregory Neil ShapiroR<FAIL> $#error $@ 5.7.1 $: "550 Relaying denied. IP name lookup failed " $&{client_name} 179706f25ae9SGregory Neil Shapirodnl ${client_resolve} should be OK, so go ahead 179806f25ae9SGregory Neil ShapiroR$* $: <?> $&{client_name} 179906f25ae9SGregory Neil Shapiro# pass to name server to make hostname canonical 180006f25ae9SGregory Neil ShapiroR<?> $* $~P $:<?> $[ $1 $2 $] 180106f25ae9SGregory Neil ShapiroR$* . $1 strip trailing dots 180206f25ae9SGregory Neil Shapirodnl should not be necessary since it has been done for client_addr already 180306f25ae9SGregory Neil ShapiroR<?> $@ RELAYFROM 180406f25ae9SGregory Neil Shapiroifdef(`_RELAY_ENTIRE_DOMAIN_', `dnl 180506f25ae9SGregory Neil ShapiroR<?> $* $=m $@ RELAYFROM', `dnl') 180606f25ae9SGregory Neil ShapiroR<?> $=w $@ RELAYFROM 180706f25ae9SGregory Neil Shapiroifdef(`_RELAY_HOSTS_ONLY_', 180806f25ae9SGregory Neil Shapiro`R<?> $=R $@ RELAYFROM 180906f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 181006f25ae9SGregory Neil ShapiroR<?> $* $: <$(access Connect:$1 $: ? $)> <$1> 181106f25ae9SGregory Neil ShapiroR<?> <$*> $: <$(access $1 $: ? $)> <$1>',`dnl')', 181206f25ae9SGregory Neil Shapiro`R<?> $* $=R $@ RELAYFROM 181306f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 181406f25ae9SGregory Neil ShapiroR<?> $* $: $>LookUpDomain <$1> <?> <$1> <+Connect>',`dnl')') 181506f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 181606f25ae9SGregory Neil ShapiroR<RELAY> $* $@ RELAYFROM 181706f25ae9SGregory Neil ShapiroR<$*> <$*> $: $2',`dnl') 1818c2aa98e2SPeter Wemm 1819c2aa98e2SPeter Wemm# anything else is bogus 182006f25ae9SGregory Neil ShapiroR$* $#error $@ 5.7.1 $: confRELAY_MSG 182106f25ae9SGregory Neil Shapirodivert(0) 182206f25ae9SGregory Neil Shapiroifdef(`_DELAY_CHECKS_',`dnl 182306f25ae9SGregory Neil Shapiro# turn a canonical address in the form user<@domain> 182406f25ae9SGregory Neil Shapiro# qualify unqual. addresses with $j 182506f25ae9SGregory Neil Shapirodnl it might have been only user (without <@domain>) 182606f25ae9SGregory Neil ShapiroSFullAddr 182706f25ae9SGregory Neil ShapiroR$* <@ $+ . > $1 <@ $2 > 182806f25ae9SGregory Neil ShapiroR$* <@ $* > $@ $1 <@ $2 > 182906f25ae9SGregory Neil ShapiroR$+ $@ $1 <@ $j > 1830c2aa98e2SPeter Wemm 183106f25ae9SGregory Neil Shapiro# call all necessary rulesets 183206f25ae9SGregory Neil ShapiroScheck_rcpt 183306f25ae9SGregory Neil Shapirodnl this test should be in the Basic_check_rcpt ruleset 183406f25ae9SGregory Neil Shapirodnl which is the correct DSN code? 183506f25ae9SGregory Neil Shapiro# R$@ $#error $@ 5.1.3 $: "553 Recipient address required" 183606f25ae9SGregory Neil ShapiroR$+ $: $1 $| $>checkrcpt $1 183706f25ae9SGregory Neil Shapirodnl now we can simply stop checks by returning "$# xyz" instead of just "ok" 183806f25ae9SGregory Neil ShapiroR$+ $| $#$* $#$2 183906f25ae9SGregory Neil ShapiroR$+ $| $* $: <?> $>FullAddr $>CanonAddr $1 184006f25ae9SGregory Neil Shapiroifdef(`_SPAM_FH_', 184106f25ae9SGregory Neil Shapiro`dnl lookup user@ and user@address 184206f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `', 184306f25ae9SGregory Neil Shapiro`errprint(`*** ERROR: FEATURE(`delay_checks', `argument') requires FEATURE(`access_db') 184406f25ae9SGregory Neil Shapiro')')dnl 184506f25ae9SGregory Neil Shapirodnl one of the next two rules is supposed to match 184606f25ae9SGregory Neil Shapirodnl this code has been copied from BLACKLIST... etc 184706f25ae9SGregory Neil Shapirodnl and simplified by omitting some < >. 184806f25ae9SGregory Neil ShapiroR<?> $+ < @ $=w > $: <> $1 < @ $2 > $| <F: $1@$2 > <U: $1@> 184906f25ae9SGregory Neil ShapiroR<?> $+ < @ $* > $: <> $1 < @ $2 > $| <F: $1@$2 > 185006f25ae9SGregory Neil Shapirodnl R<?> $@ something_is_very_wrong_here 185106f25ae9SGregory Neil Shapiro# lookup the addresses only with To tag 185206f25ae9SGregory Neil ShapiroR<> $* $| <$+> $: <@> $1 $| $>SearchList <!To> $| <$2> <> 185306f25ae9SGregory Neil ShapiroR<@> $* $| $* $: $2 $1 reverse result 185406f25ae9SGregory Neil Shapirodnl', `dnl') 185506f25ae9SGregory Neil Shapiroifdef(`_SPAM_FRIEND_', 185606f25ae9SGregory Neil Shapiro`# is the recipient a spam friend? 185706f25ae9SGregory Neil Shapiroifdef(`_SPAM_HATER_', 185806f25ae9SGregory Neil Shapiro `errprint(`*** ERROR: define either SpamHater or SpamFriend 185906f25ae9SGregory Neil Shapiro')', `dnl') 186006f25ae9SGregory Neil ShapiroR<SPAMFRIEND> $+ $@ SPAMFRIEND 186106f25ae9SGregory Neil ShapiroR<$*> $+ $: $2', 186206f25ae9SGregory Neil Shapiro`dnl') 186306f25ae9SGregory Neil Shapiroifdef(`_SPAM_HATER_', 186406f25ae9SGregory Neil Shapiro`# is the recipient no spam hater? 186506f25ae9SGregory Neil ShapiroR<SPAMHATER> $+ $: $1 spam hater: continue checks 186606f25ae9SGregory Neil ShapiroR<$*> $+ $@ NOSPAMHATER everyone else: stop 186706f25ae9SGregory Neil Shapirodnl',`dnl') 186806f25ae9SGregory Neil Shapirodnl run further checks: check_mail 186906f25ae9SGregory Neil Shapirodnl should we "clean up" $&f? 187006f25ae9SGregory Neil ShapiroR$* $: $1 $| $>checkmail <$&f> 187106f25ae9SGregory Neil ShapiroR$* $| $#$* $#$2 187206f25ae9SGregory Neil Shapirodnl run further checks: check_relay 187306f25ae9SGregory Neil ShapiroR$* $: $1 $| $>checkrelay $&{client_name} $| $&{client_addr} 187406f25ae9SGregory Neil ShapiroR$* $| $#$* $#$2 187506f25ae9SGregory Neil ShapiroR$* $| $* $: $1 187606f25ae9SGregory Neil Shapiro', `dnl') 187706f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 187806f25ae9SGregory Neil Shapiro###################################################################### 187906f25ae9SGregory Neil Shapiro### SearchList: search a list of items in the access map 188006f25ae9SGregory Neil Shapiro### Parameters: 188106f25ae9SGregory Neil Shapiro### <exact tag> $| <mark:address> <mark:address> ... <> 188206f25ae9SGregory Neil Shapirodnl maybe we should have a @ (again) in front of the mark to 188306f25ae9SGregory Neil Shapirodnl avoid errorneous matches (with error messages?) 188406f25ae9SGregory Neil Shapirodnl if we can make sure that tag is always a single token 188506f25ae9SGregory Neil Shapirodnl then we can omit the delimiter $|, otherwise we need it 188606f25ae9SGregory Neil Shapirodnl to avoid errorneous matchs (first rule: H: if there 188706f25ae9SGregory Neil Shapirodnl is that mark somewhere in the list, it will be taken). 188806f25ae9SGregory Neil Shapirodnl moreover, we can do some tricks to enforce lookup with 188906f25ae9SGregory Neil Shapirodnl the tag only, e.g.: 189006f25ae9SGregory Neil Shapiro### where "exact" is either "+" or "!": 189106f25ae9SGregory Neil Shapiro### <+ TAG> lookup with and w/o tag 189206f25ae9SGregory Neil Shapiro### <! TAG> lookup with tag 189306f25ae9SGregory Neil Shapirodnl Warning: + and ! should be in OperatorChars (otherwise there must be 189406f25ae9SGregory Neil Shapirodnl a blank between them and the tag. 189506f25ae9SGregory Neil Shapiro### possible values for "mark" are: 189606f25ae9SGregory Neil Shapiro### H: recursive host lookup (LookUpDomain) 189706f25ae9SGregory Neil Shapirodnl A: recursive address lookup (LookUpAddress) [not yet required] 189806f25ae9SGregory Neil Shapiro### E: exact lookup, no modifications 189906f25ae9SGregory Neil Shapiro### F: full lookup, try user+ext@domain and user@domain 190006f25ae9SGregory Neil Shapiro### U: user lookup, try user+ext and user (input must have trailing @) 190106f25ae9SGregory Neil Shapiro### return: <RHS of lookup> or <?> (not found) 190206f25ae9SGregory Neil Shapiro###################################################################### 190306f25ae9SGregory Neil Shapiro 190406f25ae9SGregory Neil Shapiro# class with valid marks for SearchList 190506f25ae9SGregory Neil Shapirodnl if A is activated: add it 190606f25ae9SGregory Neil ShapiroC{src}E F H U 190706f25ae9SGregory Neil ShapiroSSearchList 190806f25ae9SGregory Neil Shapiro# mark H: lookup domain 190906f25ae9SGregory Neil ShapiroR<$+> $| <H:$+> <$*> $: <$1> $| <@> $>LookUpDomain <$2> <?> <$3> <$1> 191006f25ae9SGregory Neil ShapiroR<$+> $| <@> <$+> <$*> $: <$1> $| <$2> <$3> 191106f25ae9SGregory Neil Shapirodnl A: NOT YET REQUIRED 191206f25ae9SGregory Neil Shapirodnl R<$+> $| <A:$+> <$*> $: <$1> $| <@> $>LookUpAddress <$2> <?> <$3> <$1> 191306f25ae9SGregory Neil Shapirodnl R<$+> $| <@> <$+> <$*> $: <$1> $| <$2> <$3> 191406f25ae9SGregory Neil Shapirodnl lookup of the item with tag 191506f25ae9SGregory Neil Shapirodnl this applies to F: U: E: 191606f25ae9SGregory Neil ShapiroR<$- $-> $| <$={src}:$+> <$*> $: <$1 $2> $| <$(access $2`'_TAG_DELIM_`'$4 $: $3:$4 $)> <$5> 191706f25ae9SGregory Neil Shapirodnl no match, try without tag 191806f25ae9SGregory Neil ShapiroR<+ $-> $| <$={src}:$+> <$*> $: <+ $1> $| <$(access $3 $: $2:$3 $)> <$4> 191906f25ae9SGregory Neil Shapirodnl do we really have to distinguish these cases? 192006f25ae9SGregory Neil Shapirodnl probably yes, there might be a + in the domain part (is that allowed?) 192106f25ae9SGregory Neil Shapirodnl user+detail lookups: should it be: 192206f25ae9SGregory Neil Shapirodnl user+detail, user+*, user; just like aliases? 192306f25ae9SGregory Neil ShapiroR<$- $-> $| <F:$* + $*@$+> <$*> $: <$1 $2> $| <$(access $2`'_TAG_DELIM_`'$3@$5 $: F:$3 + $4@$5$)> <$6> 192406f25ae9SGregory Neil ShapiroR<+ $-> $| <F:$* + $*@$+> <$*> $: <+ $1> $| <$(access $2@$4 $: F:$2 + $3@$4$)> <$5> 192506f25ae9SGregory Neil Shapirodnl user lookups are always with trailing @ 192606f25ae9SGregory Neil Shapirodnl do not remove the @ from the lookup: 192706f25ae9SGregory Neil Shapirodnl it is part of the +detail@ which is omitted for the lookup 192806f25ae9SGregory Neil ShapiroR<$- $-> $| <U:$* + $*> <$*> $: <$1 $2> $| <$(access $2`'_TAG_DELIM_`'$3@ $: U:$3 + $4$)> <$5> 192906f25ae9SGregory Neil Shapirodnl no match, try without tag 193006f25ae9SGregory Neil ShapiroR<+ $-> $| <U:$* + $*> <$*> $: <+ $1> $| <$(access $2@ $: U:$2 + $3$)> <$4> 193106f25ae9SGregory Neil Shapirodnl no match, try rest of list 193206f25ae9SGregory Neil ShapiroR<$+> $| <$={src}:$+> <$+> $@ $>SearchList <$1> $| <$4> 193306f25ae9SGregory Neil Shapirodnl no match, list empty: return failure 193406f25ae9SGregory Neil ShapiroR<$+> $| <$={src}:$+> <> $@ <?> 193506f25ae9SGregory Neil Shapirodnl got result, return it 193606f25ae9SGregory Neil ShapiroR<$+> $| <$+> <$*> $@ <$2> 193706f25ae9SGregory Neil Shapirodnl return result from recursive invocation 193806f25ae9SGregory Neil ShapiroR<$+> $| <$+> $@ <$2>', `dnl') 193906f25ae9SGregory Neil Shapiro 194006f25ae9SGregory Neil Shapiro# is user trusted to authenticate as someone else? 194106f25ae9SGregory Neil Shapirodnl AUTH= parameter from MAIL command 194206f25ae9SGregory Neil ShapiroStrust_auth 194306f25ae9SGregory Neil ShapiroR$* $: $&{auth_type} $| $1 194406f25ae9SGregory Neil Shapiro# required by RFC 2554 section 4. 194506f25ae9SGregory Neil ShapiroR$@ $| $* $#error $@ 5.7.1 $: "550 not authenticated" 194606f25ae9SGregory Neil Shapirodnl seems to be useful... 194706f25ae9SGregory Neil ShapiroR$* $| $&{auth_authen} $@ identical 194806f25ae9SGregory Neil ShapiroR$* $| <$&{auth_authen}> $@ identical 194906f25ae9SGregory Neil Shapirodnl call user supplied code 195006f25ae9SGregory Neil ShapiroR$* $| $* $: $1 $| $>"Local_trust_auth" $1 195106f25ae9SGregory Neil ShapiroR$* $| $#$* $#$2 195206f25ae9SGregory Neil Shapirodnl default: error 195306f25ae9SGregory Neil ShapiroR$* $#error $@ 5.7.1 $: "550 " $&{auth_authen} " not allowed to act as " $&{auth_author} 195406f25ae9SGregory Neil Shapiro 195506f25ae9SGregory Neil Shapirodnl empty ruleset definition so it can be called 195606f25ae9SGregory Neil ShapiroSLocal_trust_auth 195706f25ae9SGregory Neil Shapiro 195806f25ae9SGregory Neil Shapiroifdef(`_FFR_TLS_O_T', `dnl 195906f25ae9SGregory Neil ShapiroSoffer_tls 196006f25ae9SGregory Neil ShapiroR$* $: $>LookUpDomain <$&{client_name}> <?> <> <! TLS_OFF_TAG> 196106f25ae9SGregory Neil ShapiroR<?>$* $: $>LookUpAddress <$&{client_addr}> <?> <> <! TLS_OFF_TAG> 196206f25ae9SGregory Neil ShapiroR<?>$* $: <$(access TLS_OFF_TAG: $: ? $)> 196306f25ae9SGregory Neil ShapiroR<?>$* $@ OK 196406f25ae9SGregory Neil ShapiroR<NO> <> $#error $@ 5.7.1 $: "550 do not offer TLS for " $&{client_name} " ["$&{client_addr}"]" 196506f25ae9SGregory Neil Shapiro 196606f25ae9SGregory Neil ShapiroStry_tls 196706f25ae9SGregory Neil ShapiroR$* $: $>LookUpDomain <$&{server_name}> <?> <> <! TLS_TRY_TAG> 196806f25ae9SGregory Neil ShapiroR<?>$* $: $>LookUpAddress <$&{server_addr}> <?> <> <! TLS_TRY_TAG> 196906f25ae9SGregory Neil ShapiroR<?>$* $: <$(access TLS_TRY_TAG: $: ? $)> 197006f25ae9SGregory Neil ShapiroR<?>$* $@ OK 1971193538b7SGregory Neil ShapiroR<NO>$* $#error $@ 5.7.1 $: "550 do not try TLS with " $&{server_name} " ["$&{server_addr}"]" 197206f25ae9SGregory Neil Shapiro')dnl 197306f25ae9SGregory Neil Shapiro 197406f25ae9SGregory Neil Shapiro# is connection with client "good" enough? (done in server) 197506f25ae9SGregory Neil Shapiro# input: ${verify} $| (MAIL|STARTTLS) 197606f25ae9SGregory Neil Shapirodnl MAIL: called from check_mail 197706f25ae9SGregory Neil Shapirodnl STARTTLS: called from smtp() after STARTTLS has been accepted 197806f25ae9SGregory Neil ShapiroStls_client 197906f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 198006f25ae9SGregory Neil Shapirodnl ignore second arg for now 198106f25ae9SGregory Neil Shapirodnl maybe use it to distinguish permanent/temporary error? 198206f25ae9SGregory Neil Shapirodnl if MAIL: permanent (STARTTLS has not been offered) 198306f25ae9SGregory Neil Shapirodnl if STARTTLS: temporary (offered but maybe failed) 198406f25ae9SGregory Neil ShapiroR$* $| $* $: $1 $| $>LookUpDomain <$&{client_name}> <?> <> <! TLS_CLT_TAG> 198506f25ae9SGregory Neil ShapiroR$* $| <?>$* $: $1 $| $>LookUpAddress <$&{client_addr}> <?> <> <! TLS_CLT_TAG> 198606f25ae9SGregory Neil Shapirodnl do a default lookup: just TLS_CLT_TAG 198706f25ae9SGregory Neil ShapiroR$* $| <?>$* $: $1 $| <$(access TLS_CLT_TAG`'_TAG_DELIM_ $: ? $)> 198806f25ae9SGregory Neil ShapiroR$* $@ $>"tls_connection" $1', `dnl 198906f25ae9SGregory Neil ShapiroR$* $| $* $@ $>"tls_connection" $1') 199006f25ae9SGregory Neil Shapiro 199106f25ae9SGregory Neil Shapiro# is connection with server "good" enough? (done in client) 199206f25ae9SGregory Neil Shapirodnl i.e. has the server been authenticated and is encryption active? 199306f25ae9SGregory Neil Shapirodnl called from deliver() after STARTTLS command 199406f25ae9SGregory Neil Shapiro# input: ${verify} 199506f25ae9SGregory Neil ShapiroStls_server 199606f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 199706f25ae9SGregory Neil ShapiroR$* $: $1 $| $>LookUpDomain <$&{server_name}> <?> <> <! TLS_SRV_TAG> 199806f25ae9SGregory Neil ShapiroR$* $| <?>$* $: $1 $| $>LookUpAddress <$&{server_addr}> <?> <> <! TLS_SRV_TAG> 199906f25ae9SGregory Neil Shapirodnl do a default lookup: just TLS_SRV_TAG 200006f25ae9SGregory Neil ShapiroR$* $| <?>$* $: $1 $| <$(access TLS_SRV_TAG`'_TAG_DELIM_ $: ? $)> 200106f25ae9SGregory Neil ShapiroR$* $@ $>"tls_connection" $1', `dnl 200206f25ae9SGregory Neil ShapiroR$* $@ $>"tls_connection" $1') 200306f25ae9SGregory Neil Shapiro 200406f25ae9SGregory Neil ShapiroStls_connection 200506f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 200606f25ae9SGregory Neil Shapirodnl common ruleset for tls_{client|server} 200706f25ae9SGregory Neil Shapirodnl input: $&{verify} $| <ResultOfLookup> [<>] 200806f25ae9SGregory Neil Shapirodnl remove optional <> 200906f25ae9SGregory Neil ShapiroR$* $| <$*>$* $: $1 $| <$2> 201006f25ae9SGregory Neil Shapirodnl permanent or temporary error? 201106f25ae9SGregory Neil ShapiroR$* $| <PERM + $={tls} $*> $: $1 $| <503:5.7.0> <$2 $3> 201206f25ae9SGregory Neil ShapiroR$* $| <TEMP + $={tls} $*> $: $1 $| <403:4.7.0> <$2 $3> 201306f25ae9SGregory Neil Shapirodnl default case depends on TLS_PERM_ERR 201406f25ae9SGregory Neil ShapiroR$* $| <$={tls} $*> $: $1 $| <ifdef(`TLS_PERM_ERR', `503:5.7.0', `403:4.7.0')> <$2 $3> 201506f25ae9SGregory Neil Shapirodnl deal with TLS handshake failures: abort 201606f25ae9SGregory Neil ShapiroRSOFTWARE $| <$-:$+> $* $#error $@ $2 $: $1 " TLS handshake failed." 201706f25ae9SGregory Neil Shapirodnl no <reply:dns> i.e. not requirements in the access map 201806f25ae9SGregory Neil Shapirodnl use default error 201906f25ae9SGregory Neil ShapiroRSOFTWARE $| $* $#error $@ ifdef(`TLS_PERM_ERR', `5.7.0', `4.7.0') $: "ifdef(`TLS_PERM_ERR', `503', `403') TLS handshake failed." 202006f25ae9SGregory Neil ShapiroR$* $| <$*> <VERIFY> $: <$2> <VERIFY> $1 202106f25ae9SGregory Neil ShapiroR$* $| <$*> <$={tls}:$->$* $: <$2> <$3:$4> $1 202206f25ae9SGregory Neil Shapirodnl some other value in access map: accept 202306f25ae9SGregory Neil Shapirodnl this also allows to override the default case (if used) 202406f25ae9SGregory Neil ShapiroR$* $| $* $@ OK 202506f25ae9SGregory Neil Shapiro# authentication required: give appropriate error 202606f25ae9SGregory Neil Shapiro# other side did authenticate (via STARTTLS) 202706f25ae9SGregory Neil Shapirodnl workspace: <SMTP:ESC> <{VERIFY,ENCR}[:BITS]> ${verify} 202806f25ae9SGregory Neil Shapirodnl only verification required and it succeeded 202906f25ae9SGregory Neil ShapiroR<$*><VERIFY> OK $@ OK 203006f25ae9SGregory Neil Shapirodnl verification required + some level of encryption 203106f25ae9SGregory Neil ShapiroR<$*><VERIFY:$-> OK $: <$1> <REQ:$2> 203206f25ae9SGregory Neil Shapirodnl just some level of encryption required 203306f25ae9SGregory Neil ShapiroR<$*><ENCR:$-> $* $: <$1> <REQ:$2> 203406f25ae9SGregory Neil Shapirodnl verification required but ${verify} is not set 203506f25ae9SGregory Neil ShapiroR<$-:$+><VERIFY $*> $#error $@ $2 $: $1 " authentication required" 203606f25ae9SGregory Neil ShapiroR<$-:$+><VERIFY $*> FAIL $#error $@ $2 $: $1 " authentication failed" 203706f25ae9SGregory Neil ShapiroR<$-:$+><VERIFY $*> NO $#error $@ $2 $: $1 " not authenticated" 203806f25ae9SGregory Neil ShapiroR<$-:$+><VERIFY $*> NONE $#error $@ $2 $: $1 " other side does not support STARTTLS" 203906f25ae9SGregory Neil Shapirodnl some other value for ${verify} 204006f25ae9SGregory Neil ShapiroR<$-:$+><VERIFY $*> $+ $#error $@ $2 $: $1 " authentication failure " $4 204106f25ae9SGregory Neil Shapirodnl some level of encryption required: get the maximum level 204206f25ae9SGregory Neil ShapiroR<$*><REQ:$-> $: <$1> <REQ:$2> $>max $&{cipher_bits} : $&{auth_ssf} 204306f25ae9SGregory Neil Shapirodnl compare required bits with actual bits 204406f25ae9SGregory Neil ShapiroR<$*><REQ:$-> $- $: <$1> <$2:$3> $(arith l $@ $3 $@ $2 $) 204506f25ae9SGregory Neil ShapiroR<$-:$+><$-:$-> TRUE $#error $@ $2 $: $1 " encryption too weak " $4 " less than " $3 204606f25ae9SGregory Neil Shapiro 204706f25ae9SGregory Neil ShapiroSmax 204806f25ae9SGregory Neil Shapirodnl compute the max of two values separated by : 204906f25ae9SGregory Neil ShapiroR: $: 0 205006f25ae9SGregory Neil ShapiroR:$- $: $1 205106f25ae9SGregory Neil ShapiroR$-: $: $1 205206f25ae9SGregory Neil ShapiroR$-:$- $: $(arith l $@ $1 $@ $2 $) : $1 : $2 205306f25ae9SGregory Neil ShapiroRTRUE:$-:$- $: $2 205406f25ae9SGregory Neil ShapiroR$-:$-:$- $: $2', 205506f25ae9SGregory Neil Shapiro`dnl use default error 205606f25ae9SGregory Neil Shapirodnl deal with TLS handshake failures: abort 205706f25ae9SGregory Neil ShapiroRSOFTWARE $#error $@ ifdef(`TLS_PERM_ERR', `5.7.0', `4.7.0') $: "ifdef(`TLS_PERM_ERR', `503', `403') TLS handshake."') 205806f25ae9SGregory Neil Shapiro 205906f25ae9SGregory Neil ShapiroSRelayAuth 206006f25ae9SGregory Neil Shapiro# authenticated? 206106f25ae9SGregory Neil Shapirodnl we do not allow relaying for anyone who can present a cert 206206f25ae9SGregory Neil Shapirodnl signed by a "trusted" CA. For example, even if we put verisigns 206306f25ae9SGregory Neil Shapirodnl CA in CERTPath so we can authenticate users, we do not allow 206406f25ae9SGregory Neil Shapirodnl them to abuse our server (they might be easier to get hold of, 206506f25ae9SGregory Neil Shapirodnl but anyway). 206606f25ae9SGregory Neil Shapirodnl so here is the trick: if the verification succeeded 206706f25ae9SGregory Neil Shapirodnl we look up the cert issuer in the access map 206806f25ae9SGregory Neil Shapirodnl (maybe after extracting a part with a regular expression) 206906f25ae9SGregory Neil Shapirodnl if this returns RELAY we relay without further questions 207006f25ae9SGregory Neil Shapirodnl if it returns SUBJECT we perform a similar check on the 207106f25ae9SGregory Neil Shapirodnl cert subject. 207206f25ae9SGregory Neil ShapiroR$* $| OK $: $1 207306f25ae9SGregory Neil ShapiroR$* $| $* $@ NO not authenticated 207406f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl 207506f25ae9SGregory Neil Shapiroifdef(`_CERT_REGEX_ISSUER_', `dnl 207606f25ae9SGregory Neil ShapiroR$* $: $1 $| $(CERTIssuer $&{cert_issuer} $)', 207706f25ae9SGregory Neil Shapiro`R$* $: $1 $| $&{cert_issuer}') 207806f25ae9SGregory Neil ShapiroR$* $| $+ $: $1 $| $(access CERTISSUER:$2 $) 207906f25ae9SGregory Neil Shapirodnl use $# to stop further checks (delay_check) 208006f25ae9SGregory Neil ShapiroR$* $| RELAY $# RELAYCERTISSUER 208106f25ae9SGregory Neil Shapiroifdef(`_CERT_REGEX_SUBJECT_', `dnl 208206f25ae9SGregory Neil ShapiroR$* $| SUBJECT $: $1 $| <@> $(CERTSubject $&{cert_subject} $)', 208306f25ae9SGregory Neil Shapiro`R$* $| SUBJECT $: $1 $| <@> $&{cert_subject}') 208442e5d165SGregory Neil ShapiroR$* $| <@> $+ $: $1 $| <@> $(access CERTSUBJECT:$2 $) 208506f25ae9SGregory Neil ShapiroR$* $| <@> RELAY $# RELAYCERTSUBJECT 208606f25ae9SGregory Neil ShapiroR$* $| $* $: $1', `dnl') 208706f25ae9SGregory Neil Shapiro 208806f25ae9SGregory Neil Shapiroundivert(9)dnl LOCAL_RULESETS 208906f25ae9SGregory Neil Shapiroifdef(`_FFR_MILTER', ` 209006f25ae9SGregory Neil Shapiro# 209106f25ae9SGregory Neil Shapiro###################################################################### 209206f25ae9SGregory Neil Shapiro###################################################################### 209306f25ae9SGregory Neil Shapiro##### 209406f25ae9SGregory Neil Shapiro`##### MAIL FILTER DEFINITIONS' 209506f25ae9SGregory Neil Shapiro##### 209606f25ae9SGregory Neil Shapiro###################################################################### 209706f25ae9SGregory Neil Shapiro###################################################################### 209806f25ae9SGregory Neil Shapiro_MAIL_FILTERS_') 2099c2aa98e2SPeter Wemm# 2100c2aa98e2SPeter Wemm###################################################################### 2101c2aa98e2SPeter Wemm###################################################################### 2102c2aa98e2SPeter Wemm##### 2103c2aa98e2SPeter Wemm`##### MAILER DEFINITIONS' 2104c2aa98e2SPeter Wemm##### 2105c2aa98e2SPeter Wemm###################################################################### 2106c2aa98e2SPeter Wemm###################################################################### 210706f25ae9SGregory Neil Shapiroundivert(7)dnl MAILER_DEFINITIONS 210842e5d165SGregory Neil Shapiro 2109