cf/m4/proto.m4

c2aa98e2SPeter Wemmdivert(-1)
c2aa98e2SPeter Wemm#
605302a5SGregory Neil Shapiro# Copyright (c) 1998-2002 Sendmail, Inc. and its suppliers.
06f25ae9SGregory Neil Shapiro#	All rights reserved.
c2aa98e2SPeter Wemm# Copyright (c) 1983, 1995 Eric P. Allman.  All rights reserved.
c2aa98e2SPeter Wemm# Copyright (c) 1988, 1993
c2aa98e2SPeter Wemm#	The Regents of the University of California.  All rights reserved.
c2aa98e2SPeter Wemm#
c2aa98e2SPeter Wemm# By using this file, you agree to the terms and conditions set
c2aa98e2SPeter Wemm# forth in the LICENSE file which can be found at the top level of
c2aa98e2SPeter Wemm# the sendmail distribution.
c2aa98e2SPeter Wemm#
c2aa98e2SPeter Wemm#
c2aa98e2SPeter Wemmdivert(0)
c2aa98e2SPeter Wemm
fabecb74SGregory Neil ShapiroVERSIONID(`$Id: proto.m4,v 8.649.2.14 2002/12/30 15:46:02 ca Exp $')
c2aa98e2SPeter Wemm
06f25ae9SGregory Neil Shapiro# level CF_LEVEL config file format
06f25ae9SGregory Neil ShapiroV`'CF_LEVEL/ifdef(`VENDOR_NAME', `VENDOR_NAME', `Berkeley')
c2aa98e2SPeter Wemmdivert(-1)
c2aa98e2SPeter Wemm
40266059SGregory Neil Shapirodnl if MAILER(`local') not defined: do it ourself; be nice
40266059SGregory Neil Shapirodnl maybe we should issue a warning?
40266059SGregory Neil Shapiroifdef(`_MAILER_local_',`', `MAILER(local)')
40266059SGregory Neil Shapiro
c2aa98e2SPeter Wemm# do some sanity checking
c2aa98e2SPeter Wemmifdef(`__OSTYPE__',,
06f25ae9SGregory Neil Shapiro	`errprint(`*** ERROR: No system type defined (use OSTYPE macro)
06f25ae9SGregory Neil Shapiro')')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# pick our default mailers
c2aa98e2SPeter Wemmifdef(`confSMTP_MAILER',, `define(`confSMTP_MAILER', `esmtp')')
c2aa98e2SPeter Wemmifdef(`confLOCAL_MAILER',, `define(`confLOCAL_MAILER', `local')')
c2aa98e2SPeter Wemmifdef(`confRELAY_MAILER',,
c2aa98e2SPeter Wemm	`define(`confRELAY_MAILER',
c2aa98e2SPeter Wemm		`ifdef(`_MAILER_smtp_', `relay',
c2aa98e2SPeter Wemm			`ifdef(`_MAILER_uucp', `uucp-new', `unknown')')')')
c2aa98e2SPeter Wemmifdef(`confUUCP_MAILER',, `define(`confUUCP_MAILER', `uucp-old')')
c2aa98e2SPeter Wemmdefine(`_SMTP_', `confSMTP_MAILER')dnl		for readability only
c2aa98e2SPeter Wemmdefine(`_LOCAL_', `confLOCAL_MAILER')dnl	for readability only
c2aa98e2SPeter Wemmdefine(`_RELAY_', `confRELAY_MAILER')dnl	for readability only
c2aa98e2SPeter Wemmdefine(`_UUCP_', `confUUCP_MAILER')dnl		for readability only
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# back compatibility with old config files
c2aa98e2SPeter Wemmifdef(`confDEF_GROUP_ID',
06f25ae9SGregory Neil Shapiro`errprint(`*** confDEF_GROUP_ID is obsolete.
06f25ae9SGregory Neil Shapiro    Use confDEF_USER_ID with a colon in the value instead.
06f25ae9SGregory Neil Shapiro')')
c2aa98e2SPeter Wemmifdef(`confREAD_TIMEOUT',
06f25ae9SGregory Neil Shapiro`errprint(`*** confREAD_TIMEOUT is obsolete.
06f25ae9SGregory Neil Shapiro    Use individual confTO_<timeout> parameters instead.
06f25ae9SGregory Neil Shapiro')')
c2aa98e2SPeter Wemmifdef(`confMESSAGE_TIMEOUT',
c2aa98e2SPeter Wemm	`define(`_ARG_', index(confMESSAGE_TIMEOUT, /))
c2aa98e2SPeter Wemm	 ifelse(_ARG_, -1,
c2aa98e2SPeter Wemm		`define(`confTO_QUEUERETURN', confMESSAGE_TIMEOUT)',
c2aa98e2SPeter Wemm		`define(`confTO_QUEUERETURN',
c2aa98e2SPeter Wemm			substr(confMESSAGE_TIMEOUT, 0, _ARG_))
c2aa98e2SPeter Wemm		 define(`confTO_QUEUEWARN',
c2aa98e2SPeter Wemm			substr(confMESSAGE_TIMEOUT, eval(_ARG_+1)))')')
c2aa98e2SPeter Wemmifdef(`confMIN_FREE_BLOCKS', `ifelse(index(confMIN_FREE_BLOCKS, /), -1,,
06f25ae9SGregory Neil Shapiro`errprint(`*** compound confMIN_FREE_BLOCKS is obsolete.
06f25ae9SGregory Neil Shapiro    Use confMAX_MESSAGE_SIZE for the second part of the value.
06f25ae9SGregory Neil Shapiro')')')
06f25ae9SGregory Neil Shapiro
06f25ae9SGregory Neil Shapiro
06f25ae9SGregory Neil Shapiro# Sanity check on ldap_routing feature
06f25ae9SGregory Neil Shapiro# If the user doesn't specify a new map, they better have given as a
06f25ae9SGregory Neil Shapiro# default LDAP specification which has the LDAP base (and most likely the host)
06f25ae9SGregory Neil Shapiroifdef(`confLDAP_DEFAULT_SPEC',, `ifdef(`_LDAP_ROUTING_WARN_', `errprint(`
06f25ae9SGregory Neil ShapiroWARNING: Using default FEATURE(ldap_routing) map definition(s)
06f25ae9SGregory Neil Shapirowithout setting confLDAP_DEFAULT_SPEC option.
06f25ae9SGregory Neil Shapiro')')')dnl
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# clean option definitions below....
06f25ae9SGregory Neil Shapirodefine(`_OPTION', `ifdef(`$2', `O $1`'ifelse(defn(`$2'), `',, `=$2')', `#O $1`'ifelse(`$3', `',,`=$3')')')dnl
c2aa98e2SPeter Wemm
06f25ae9SGregory Neil Shapirodnl required to "rename" the check_* rulesets...
06f25ae9SGregory Neil Shapirodefine(`_U_',ifdef(`_DELAY_CHECKS_',`',`_'))
06f25ae9SGregory Neil Shapirodnl default relaying denied message
40266059SGregory Neil Shapiroifdef(`confRELAY_MSG', `', `define(`confRELAY_MSG',
40266059SGregory Neil Shapiroifdef(`_USE_AUTH_', `"550 Relaying denied. Proper authentication required."', `"550 Relaying denied"'))')
40266059SGregory Neil Shapiroifdef(`confRCPTREJ_MSG', `', `define(`confRCPTREJ_MSG', `"550 Mailbox disabled for this recipient"')')
40266059SGregory Neil Shapirodefine(`_CODE553', `553')
c2aa98e2SPeter Wemmdivert(0)dnl
c2aa98e2SPeter Wemm
06f25ae9SGregory Neil Shapiro# override file safeties - setting this option compromises system security,
06f25ae9SGregory Neil Shapiro# addressing the actual file configuration problem is preferred
06f25ae9SGregory Neil Shapiro# need to set this before any file actions are encountered in the cf file
06f25ae9SGregory Neil Shapiro_OPTION(DontBlameSendmail, `confDONT_BLAME_SENDMAIL', `safe')
06f25ae9SGregory Neil Shapiro
06f25ae9SGregory Neil Shapiro# default LDAP map specification
06f25ae9SGregory Neil Shapiro# need to set this now before any LDAP maps are defined
06f25ae9SGregory Neil Shapiro_OPTION(LDAPDefaultSpec, `confLDAP_DEFAULT_SPEC', `-h localhost')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm##################
c2aa98e2SPeter Wemm#   local info   #
c2aa98e2SPeter Wemm##################
c2aa98e2SPeter Wemm
40266059SGregory Neil Shapiro# my LDAP cluster
40266059SGregory Neil Shapiro# need to set this before any LDAP lookups are done (including classes)
40266059SGregory Neil Shapiroifdef(`confLDAP_CLUSTER', `D{sendmailMTACluster}`'confLDAP_CLUSTER', `#D{sendmailMTACluster}$m')
40266059SGregory Neil Shapiro
c2aa98e2SPeter WemmCwlocalhost
c2aa98e2SPeter Wemmifdef(`USE_CW_FILE',
c2aa98e2SPeter Wemm`# file containing names of hosts for which we receive email
c2aa98e2SPeter WemmFw`'confCW_FILE',
c2aa98e2SPeter Wemm	`dnl')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# my official domain name
c2aa98e2SPeter Wemm# ... `define' this only if sendmail cannot automatically determine your domain
c2aa98e2SPeter Wemmifdef(`confDOMAIN_NAME', `Dj`'confDOMAIN_NAME', `#Dj$w.Foo.COM')
c2aa98e2SPeter Wemm
c2aa98e2SPeter WemmCP.
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemmifdef(`UUCP_RELAY',
c2aa98e2SPeter Wemm`# UUCP relay host
c2aa98e2SPeter WemmDY`'UUCP_RELAY
c2aa98e2SPeter WemmCPUUCP
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm')dnl
c2aa98e2SPeter Wemmifdef(`BITNET_RELAY',
c2aa98e2SPeter Wemm`#  BITNET relay host
c2aa98e2SPeter WemmDB`'BITNET_RELAY
c2aa98e2SPeter WemmCPBITNET
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm')dnl
c2aa98e2SPeter Wemmifdef(`DECNET_RELAY',
c2aa98e2SPeter Wemm`define(`_USE_DECNET_SYNTAX_', 1)dnl
c2aa98e2SPeter Wemm# DECnet relay host
c2aa98e2SPeter WemmDC`'DECNET_RELAY
c2aa98e2SPeter WemmCPDECNET
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm')dnl
c2aa98e2SPeter Wemmifdef(`FAX_RELAY',
c2aa98e2SPeter Wemm`# FAX relay host
c2aa98e2SPeter WemmDF`'FAX_RELAY
c2aa98e2SPeter WemmCPFAX
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm')dnl
c2aa98e2SPeter Wemm# "Smart" relay host (may be null)
40266059SGregory Neil ShapiroDS`'ifdef(`SMART_HOST', `SMART_HOST')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemmifdef(`LUSER_RELAY', `dnl
c2aa98e2SPeter Wemm# place to which unknown users should be forwarded
c2aa98e2SPeter WemmKuser user -m -a<>
c2aa98e2SPeter WemmDL`'LUSER_RELAY',
c2aa98e2SPeter Wemm`dnl')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# operators that cannot be in local usernames (i.e., network indicators)
c2aa98e2SPeter WemmCO @ % ifdef(`_NO_UUCP_', `', `!')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# a class with just dot (for identifying canonical names)
c2aa98e2SPeter WemmC..
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# a class with just a left bracket (for identifying domain literals)
c2aa98e2SPeter WemmC[[
c2aa98e2SPeter Wemm
06f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl
06f25ae9SGregory Neil Shapiro# access_db acceptance class
06f25ae9SGregory Neil ShapiroC{Accept}OK RELAY
40266059SGregory Neil Shapiroifdef(`_DELAY_COMPAT_8_10_',`dnl
06f25ae9SGregory Neil Shapiroifdef(`_BLACKLIST_RCPT_',`dnl
06f25ae9SGregory Neil Shapiro# possible access_db RHS for spam friends/haters
06f25ae9SGregory Neil ShapiroC{SpamTag}SPAMFRIEND SPAMHATER')')',
c2aa98e2SPeter Wemm`dnl')
c2aa98e2SPeter Wemm
40266059SGregory Neil Shapirodnl mark for "domain is ok" (resolved or accepted anyway)
40266059SGregory Neil Shapirodefine(`_RES_OK_', `OKR')dnl
c2aa98e2SPeter Wemmifdef(`_ACCEPT_UNRESOLVABLE_DOMAINS_',`dnl',`dnl
c2aa98e2SPeter Wemm# Resolve map (to check if a host exists in check_mail)
40266059SGregory Neil ShapiroKresolve host -a<_RES_OK_> -T<TEMP>')
40266059SGregory Neil ShapiroC{ResOk}_RES_OK_
c2aa98e2SPeter Wemm
13058a91SGregory Neil Shapiroifdef(`_NEED_MACRO_MAP_', `dnl
13058a91SGregory Neil Shapiroifdef(`_MACRO_MAP_', `', `# macro storage map
13058a91SGregory Neil Shapirodefine(`_MACRO_MAP_', `1')dnl
13058a91SGregory Neil ShapiroKmacro macro')', `dnl')
42e5d165SGregory Neil Shapiro
c2aa98e2SPeter Wemmifdef(`confCR_FILE', `dnl
42e5d165SGregory Neil Shapiro# Hosts for which relaying is permitted ($=R)
c2aa98e2SPeter WemmFR`'confCR_FILE',
c2aa98e2SPeter Wemm`dnl')
c2aa98e2SPeter Wemm
40266059SGregory Neil Shapirodefine(`TLS_SRV_TAG', `"TLS_Srv"')dnl
40266059SGregory Neil Shapirodefine(`TLS_CLT_TAG', `"TLS_Clt"')dnl
40266059SGregory Neil Shapirodefine(`TLS_RCPT_TAG', `"TLS_Rcpt"')dnl
40266059SGregory Neil Shapirodefine(`TLS_TRY_TAG', `"Try_TLS"')dnl
40266059SGregory Neil Shapirodefine(`SRV_FEAT_TAG', `"Srv_Features"')dnl
06f25ae9SGregory Neil Shapirodnl this may be useful in other contexts too
06f25ae9SGregory Neil Shapiroifdef(`_ARITH_MAP_', `', `# arithmetic map
06f25ae9SGregory Neil Shapirodefine(`_ARITH_MAP_', `1')dnl
06f25ae9SGregory Neil ShapiroKarith arith')
06f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl
40266059SGregory Neil Shapiroifdef(`_MACRO_MAP_', `', `# macro storage map
40266059SGregory Neil Shapirodefine(`_MACRO_MAP_', `1')dnl
40266059SGregory Neil ShapiroKmacro macro')
40266059SGregory Neil Shapiro# possible values for TLS_connection in access map
06f25ae9SGregory Neil ShapiroC{tls}VERIFY ENCR', `dnl')
06f25ae9SGregory Neil Shapiroifdef(`_CERT_REGEX_ISSUER_', `dnl
06f25ae9SGregory Neil Shapiro# extract relevant part from cert issuer
06f25ae9SGregory Neil ShapiroKCERTIssuer regex _CERT_REGEX_ISSUER_', `dnl')
06f25ae9SGregory Neil Shapiroifdef(`_CERT_REGEX_SUBJECT_', `dnl
06f25ae9SGregory Neil Shapiro# extract relevant part from cert subject
06f25ae9SGregory Neil ShapiroKCERTSubject regex _CERT_REGEX_SUBJECT_', `dnl')
06f25ae9SGregory Neil Shapiro
40266059SGregory Neil Shapiroifdef(`LOCAL_RELAY', `dnl
fabecb74SGregory Neil Shapiro# who I send unqualified names to if `FEATURE(stickyhost)' is used
13bd1963SGregory Neil Shapiro# (null means deliver locally)
40266059SGregory Neil ShapiroDR`'LOCAL_RELAY')
c2aa98e2SPeter Wemm
40266059SGregory Neil Shapiroifdef(`MAIL_HUB', `dnl
13bd1963SGregory Neil Shapiro# who gets all local email traffic
fabecb74SGregory Neil Shapiro# ($R has precedence for unqualified names if `FEATURE(stickyhost)' is used)
40266059SGregory Neil ShapiroDH`'MAIL_HUB')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# dequoting map
40266059SGregory Neil ShapiroKdequote dequote`'ifdef(`confDEQUOTE_OPTS', ` confDEQUOTE_OPTS', `')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemmdivert(0)dnl	# end of nullclient diversion
c2aa98e2SPeter Wemm# class E: names that should be exposed as from this host, even if we masquerade
06f25ae9SGregory Neil Shapiro# class L: names that should be delivered locally, even if we have a relay
c2aa98e2SPeter Wemm# class M: domains that should be converted to $M
06f25ae9SGregory Neil Shapiro# class N: domains that should not be converted to $M
c2aa98e2SPeter Wemm#CL root
c2aa98e2SPeter Wemmundivert(5)dnl
06f25ae9SGregory Neil Shapiroifdef(`_VIRTHOSTS_', `CR$={VirtHost}', `dnl')
c2aa98e2SPeter Wemm
40266059SGregory Neil Shapiroifdef(`MASQUERADE_NAME', `dnl
c2aa98e2SPeter Wemm# who I masquerade as (null for no masquerading) (see also $=M)
40266059SGregory Neil ShapiroDM`'MASQUERADE_NAME')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# my name for error messages
c2aa98e2SPeter Wemmifdef(`confMAILER_NAME', `Dn`'confMAILER_NAME', `#DnMAILER-DAEMON')
c2aa98e2SPeter Wemm
06f25ae9SGregory Neil Shapiroundivert(6)dnl LOCAL_CONFIG
c2aa98e2SPeter Wemminclude(_CF_DIR_`m4/version.m4')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm###############
c2aa98e2SPeter Wemm#   Options   #
c2aa98e2SPeter Wemm###############
40266059SGregory Neil Shapiroifdef(`confAUTO_REBUILD',
40266059SGregory Neil Shapiro`errprint(WARNING: `confAUTO_REBUILD' is no longer valid.
40266059SGregory Neil Shapiro	There was a potential for a denial of service attack if this is set.
40266059SGregory Neil Shapiro)')dnl
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# strip message body to 7 bits on input?
06f25ae9SGregory Neil Shapiro_OPTION(SevenBitInput, `confSEVEN_BIT_INPUT', `False')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# 8-bit data handling
8774250cSGregory Neil Shapiro_OPTION(EightBitMode, `confEIGHT_BIT_HANDLING', `pass8')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# wait for alias file rebuild (default units: minutes)
06f25ae9SGregory Neil Shapiro_OPTION(AliasWait, `confALIAS_WAIT', `5m')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# location of alias file
06f25ae9SGregory Neil Shapiro_OPTION(AliasFile, `ALIAS_FILE', `MAIL_SETTINGS_DIR`'aliases')
06f25ae9SGregory Neil Shapiro
c2aa98e2SPeter Wemm# minimum number of free blocks on filesystem
06f25ae9SGregory Neil Shapiro_OPTION(MinFreeBlocks, `confMIN_FREE_BLOCKS', `100')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# maximum message size
06f25ae9SGregory Neil Shapiro_OPTION(MaxMessageSize, `confMAX_MESSAGE_SIZE', `1000000')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# substitution for space (blank) characters
06f25ae9SGregory Neil Shapiro_OPTION(BlankSub, `confBLANK_SUB', `_')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# avoid connecting to "expensive" mailers on initial submission?
06f25ae9SGregory Neil Shapiro_OPTION(HoldExpensive, `confCON_EXPENSIVE', `False')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# checkpoint queue runs after every N successful deliveries
06f25ae9SGregory Neil Shapiro_OPTION(CheckpointInterval, `confCHECKPOINT_INTERVAL', `10')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# default delivery mode
06f25ae9SGregory Neil Shapiro_OPTION(DeliveryMode, `confDELIVERY_MODE', `background')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# error message header/file
06f25ae9SGregory Neil Shapiro_OPTION(ErrorHeader, `confERROR_MESSAGE', `MAIL_SETTINGS_DIR`'error-header')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# error mode
06f25ae9SGregory Neil Shapiro_OPTION(ErrorMode, `confERROR_MODE', `print')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# save Unix-style "From_" lines at top of header?
06f25ae9SGregory Neil Shapiro_OPTION(SaveFromLine, `confSAVE_FROM_LINES', `False')
c2aa98e2SPeter Wemm
40266059SGregory Neil Shapiro# queue file mode (qf files)
40266059SGregory Neil Shapiro_OPTION(QueueFileMode, `confQUEUE_FILE_MODE', `0600')
40266059SGregory Neil Shapiro
c2aa98e2SPeter Wemm# temporary file mode
06f25ae9SGregory Neil Shapiro_OPTION(TempFileMode, `confTEMP_FILE_MODE', `0600')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# match recipients against GECOS field?
06f25ae9SGregory Neil Shapiro_OPTION(MatchGECOS, `confMATCH_GECOS', `False')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# maximum hop count
40266059SGregory Neil Shapiro_OPTION(MaxHopCount, `confMAX_HOP', `25')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# location of help file
06f25ae9SGregory Neil ShapiroO HelpFile=ifdef(`HELP_FILE', HELP_FILE, `MAIL_SETTINGS_DIR`'helpfile')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# ignore dots as terminators in incoming messages?
06f25ae9SGregory Neil Shapiro_OPTION(IgnoreDots, `confIGNORE_DOTS', `False')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# name resolver options
06f25ae9SGregory Neil Shapiro_OPTION(ResolverOptions, `confBIND_OPTS', `+AAONLY')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# deliver MIME-encapsulated error messages?
06f25ae9SGregory Neil Shapiro_OPTION(SendMimeErrors, `confMIME_FORMAT_ERRORS', `True')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# Forward file search path
06f25ae9SGregory Neil Shapiro_OPTION(ForwardPath, `confFORWARD_PATH', `/var/forward/$u:$z/.forward.$w:$z/.forward')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# open connection cache size
06f25ae9SGregory Neil Shapiro_OPTION(ConnectionCacheSize, `confMCI_CACHE_SIZE', `2')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# open connection cache timeout
06f25ae9SGregory Neil Shapiro_OPTION(ConnectionCacheTimeout, `confMCI_CACHE_TIMEOUT', `5m')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# persistent host status directory
06f25ae9SGregory Neil Shapiro_OPTION(HostStatusDirectory, `confHOST_STATUS_DIRECTORY', `.hoststat')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# single thread deliveries (requires HostStatusDirectory)?
06f25ae9SGregory Neil Shapiro_OPTION(SingleThreadDelivery, `confSINGLE_THREAD_DELIVERY', `False')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# use Errors-To: header?
06f25ae9SGregory Neil Shapiro_OPTION(UseErrorsTo, `confUSE_ERRORS_TO', `False')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# log level
06f25ae9SGregory Neil Shapiro_OPTION(LogLevel, `confLOG_LEVEL', `10')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# send to me too, even in an alias expansion?
06f25ae9SGregory Neil Shapiro_OPTION(MeToo, `confME_TOO', `True')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# verify RHS in newaliases?
06f25ae9SGregory Neil Shapiro_OPTION(CheckAliases, `confCHECK_ALIASES', `False')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# default messages to old style headers if no special punctuation?
06f25ae9SGregory Neil Shapiro_OPTION(OldStyleHeaders, `confOLD_STYLE_HEADERS', `False')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# SMTP daemon options
06f25ae9SGregory Neil Shapiroifelse(defn(`confDAEMON_OPTIONS'), `', `dnl',
605302a5SGregory Neil Shapiro`errprint(WARNING: `confDAEMON_OPTIONS' is no longer valid.
605302a5SGregory Neil Shapiro	Use `DAEMON_OPTIONS()'; see cf/README.
06f25ae9SGregory Neil Shapiro)'dnl
06f25ae9SGregory Neil Shapiro`DAEMON_OPTIONS(`confDAEMON_OPTIONS')')
42e5d165SGregory Neil Shapiroifelse(defn(`_DPO_'), `',
40266059SGregory Neil Shapiro`ifdef(`_NETINET6_', `O DaemonPortOptions=Name=MTA-v4, Family=inet
40266059SGregory Neil ShapiroO DaemonPortOptions=Name=MTA-v6, Family=inet6',`O DaemonPortOptions=Name=MTA')', `_DPO_')
06f25ae9SGregory Neil Shapiroifdef(`_NO_MSA_', `dnl', `O DaemonPortOptions=Port=587, Name=MSA, M=E')
06f25ae9SGregory Neil Shapiro
06f25ae9SGregory Neil Shapiro# SMTP client options
40266059SGregory Neil Shapiroifelse(defn(`confCLIENT_OPTIONS'), `', `dnl',
40266059SGregory Neil Shapiro`errprint(WARNING: `confCLIENT_OPTIONS' is no longer valid.  See cf/README for more information.
40266059SGregory Neil Shapiro)'dnl
40266059SGregory Neil Shapiro`CLIENT_OPTIONS(`confCLIENT_OPTIONS')')
40266059SGregory Neil Shapiroifelse(defn(`_CPO_'), `',
40266059SGregory Neil Shapiro`#O ClientPortOptions=Family=inet, Address=0.0.0.0', `_CPO_')
40266059SGregory Neil Shapiro
40266059SGregory Neil Shapiro# Modifiers to `define' {daemon_flags} for direct submissions
40266059SGregory Neil Shapiro_OPTION(DirectSubmissionModifiers, `confDIRECT_SUBMISSION_MODIFIERS', `')
40266059SGregory Neil Shapiro
40266059SGregory Neil Shapiro# Use as mail submission program? See sendmail/SECURITY
40266059SGregory Neil Shapiro_OPTION(UseMSP, `confUSE_MSP', `')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# privacy flags
06f25ae9SGregory Neil Shapiro_OPTION(PrivacyOptions, `confPRIVACY_FLAGS', `authwarnings')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# who (if anyone) should get extra copies of error messages
06f25ae9SGregory Neil Shapiro_OPTION(PostmasterCopy, `confCOPY_ERRORS_TO', `Postmaster')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# slope of queue-only function
06f25ae9SGregory Neil Shapiro_OPTION(QueueFactor, `confQUEUE_FACTOR', `600000')
c2aa98e2SPeter Wemm
40266059SGregory Neil Shapiro# limit on number of concurrent queue runners
40266059SGregory Neil Shapiro_OPTION(MaxQueueChildren, `confMAX_QUEUE_CHILDREN', `')
40266059SGregory Neil Shapiro
40266059SGregory Neil Shapiro# maximum number of queue-runners per queue-grouping with multiple queues
40266059SGregory Neil Shapiro_OPTION(MaxRunnersPerQueue, `confMAX_RUNNERS_PER_QUEUE', `1')
40266059SGregory Neil Shapiro
40266059SGregory Neil Shapiro# priority of queue runners (nice(3))
40266059SGregory Neil Shapiro_OPTION(NiceQueueRun, `confNICE_QUEUE_RUN', `')
40266059SGregory Neil Shapiro
40266059SGregory Neil Shapiro# shall we sort the queue by hostname first?
40266059SGregory Neil Shapiro_OPTION(QueueSortOrder, `confQUEUE_SORT_ORDER', `priority')
40266059SGregory Neil Shapiro
40266059SGregory Neil Shapiro# minimum time in queue before retry
40266059SGregory Neil Shapiro_OPTION(MinQueueAge, `confMIN_QUEUE_AGE', `30m')
40266059SGregory Neil Shapiro
40266059SGregory Neil Shapiro# how many jobs can you process in the queue?
40266059SGregory Neil Shapiro_OPTION(MaxQueueRunSize, `confMAX_QUEUE_RUN_SIZE', `10000')
40266059SGregory Neil Shapiro
40266059SGregory Neil Shapiro# perform initial split of envelope without checking MX records
40266059SGregory Neil Shapiro_OPTION(FastSplit, `confFAST_SPLIT', `1')
40266059SGregory Neil Shapiro
c2aa98e2SPeter Wemm# queue directory
06f25ae9SGregory Neil ShapiroO QueueDirectory=ifdef(`QUEUE_DIR', QUEUE_DIR, `/var/spool/mqueue')
c2aa98e2SPeter Wemm
40266059SGregory Neil Shapiro# key for shared memory; 0 to turn off
40266059SGregory Neil Shapiro_OPTION(SharedMemoryKey, `confSHARED_MEMORY_KEY', `0')
40266059SGregory Neil Shapiro
605302a5SGregory Neil Shapiroifdef(`confSHARED_MEMORY_KEY_FILE', `dnl
605302a5SGregory Neil Shapiro# file to store key for shared memory (if SharedMemoryKey = -1)
605302a5SGregory Neil ShapiroO SharedMemoryKeyFile=confSHARED_MEMORY_KEY_FILE')
605302a5SGregory Neil Shapiro
c2aa98e2SPeter Wemm# timeouts (many of these)
06f25ae9SGregory Neil Shapiro_OPTION(Timeout.initial, `confTO_INITIAL', `5m')
06f25ae9SGregory Neil Shapiro_OPTION(Timeout.connect, `confTO_CONNECT', `5m')
40266059SGregory Neil Shapiro_OPTION(Timeout.aconnect, `confTO_ACONNECT', `0s')
06f25ae9SGregory Neil Shapiro_OPTION(Timeout.iconnect, `confTO_ICONNECT', `5m')
06f25ae9SGregory Neil Shapiro_OPTION(Timeout.helo, `confTO_HELO', `5m')
06f25ae9SGregory Neil Shapiro_OPTION(Timeout.mail, `confTO_MAIL', `10m')
06f25ae9SGregory Neil Shapiro_OPTION(Timeout.rcpt, `confTO_RCPT', `1h')
06f25ae9SGregory Neil Shapiro_OPTION(Timeout.datainit, `confTO_DATAINIT', `5m')
06f25ae9SGregory Neil Shapiro_OPTION(Timeout.datablock, `confTO_DATABLOCK', `1h')
06f25ae9SGregory Neil Shapiro_OPTION(Timeout.datafinal, `confTO_DATAFINAL', `1h')
06f25ae9SGregory Neil Shapiro_OPTION(Timeout.rset, `confTO_RSET', `5m')
06f25ae9SGregory Neil Shapiro_OPTION(Timeout.quit, `confTO_QUIT', `2m')
06f25ae9SGregory Neil Shapiro_OPTION(Timeout.misc, `confTO_MISC', `2m')
06f25ae9SGregory Neil Shapiro_OPTION(Timeout.command, `confTO_COMMAND', `1h')
06f25ae9SGregory Neil Shapiro_OPTION(Timeout.ident, `confTO_IDENT', `5s')
06f25ae9SGregory Neil Shapiro_OPTION(Timeout.fileopen, `confTO_FILEOPEN', `60s')
06f25ae9SGregory Neil Shapiro_OPTION(Timeout.control, `confTO_CONTROL', `2m')
06f25ae9SGregory Neil Shapiro_OPTION(Timeout.queuereturn, `confTO_QUEUERETURN', `5d')
06f25ae9SGregory Neil Shapiro_OPTION(Timeout.queuereturn.normal, `confTO_QUEUERETURN_NORMAL', `5d')
06f25ae9SGregory Neil Shapiro_OPTION(Timeout.queuereturn.urgent, `confTO_QUEUERETURN_URGENT', `2d')
06f25ae9SGregory Neil Shapiro_OPTION(Timeout.queuereturn.non-urgent, `confTO_QUEUERETURN_NONURGENT', `7d')
06f25ae9SGregory Neil Shapiro_OPTION(Timeout.queuewarn, `confTO_QUEUEWARN', `4h')
06f25ae9SGregory Neil Shapiro_OPTION(Timeout.queuewarn.normal, `confTO_QUEUEWARN_NORMAL', `4h')
06f25ae9SGregory Neil Shapiro_OPTION(Timeout.queuewarn.urgent, `confTO_QUEUEWARN_URGENT', `1h')
06f25ae9SGregory Neil Shapiro_OPTION(Timeout.queuewarn.non-urgent, `confTO_QUEUEWARN_NONURGENT', `12h')
06f25ae9SGregory Neil Shapiro_OPTION(Timeout.hoststatus, `confTO_HOSTSTATUS', `30m')
06f25ae9SGregory Neil Shapiro_OPTION(Timeout.resolver.retrans, `confTO_RESOLVER_RETRANS', `5s')
06f25ae9SGregory Neil Shapiro_OPTION(Timeout.resolver.retrans.first, `confTO_RESOLVER_RETRANS_FIRST', `5s')
06f25ae9SGregory Neil Shapiro_OPTION(Timeout.resolver.retrans.normal, `confTO_RESOLVER_RETRANS_NORMAL', `5s')
06f25ae9SGregory Neil Shapiro_OPTION(Timeout.resolver.retry, `confTO_RESOLVER_RETRY', `4')
06f25ae9SGregory Neil Shapiro_OPTION(Timeout.resolver.retry.first, `confTO_RESOLVER_RETRY_FIRST', `4')
06f25ae9SGregory Neil Shapiro_OPTION(Timeout.resolver.retry.normal, `confTO_RESOLVER_RETRY_NORMAL', `4')
40266059SGregory Neil Shapiro_OPTION(Timeout.lhlo, `confTO_LHLO', `2m')
40266059SGregory Neil Shapiro_OPTION(Timeout.auth, `confTO_AUTH', `10m')
40266059SGregory Neil Shapiro_OPTION(Timeout.starttls, `confTO_STARTTLS', `1h')
40266059SGregory Neil Shapiro
40266059SGregory Neil Shapiro# time for DeliverBy; extension disabled if less than 0
40266059SGregory Neil Shapiro_OPTION(DeliverByMin, `confDELIVER_BY_MIN', `0')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# should we not prune routes in route-addr syntax addresses?
06f25ae9SGregory Neil Shapiro_OPTION(DontPruneRoutes, `confDONT_PRUNE_ROUTES', `False')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# queue up everything before forking?
06f25ae9SGregory Neil Shapiro_OPTION(SuperSafe, `confSAFE_QUEUE', `True')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# status file
06f25ae9SGregory Neil ShapiroO StatusFile=ifdef(`STATUS_FILE', `STATUS_FILE', `MAIL_SETTINGS_DIR`'statistics')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# time zone handling:
c2aa98e2SPeter Wemm#  if undefined, use system default
c2aa98e2SPeter Wemm#  if defined but null, use TZ envariable passed in
c2aa98e2SPeter Wemm#  if defined and non-null, use that info
c2aa98e2SPeter Wemmifelse(confTIME_ZONE, `USE_SYSTEM', `#O TimeZoneSpec=',
c2aa98e2SPeter Wemm	confTIME_ZONE, `USE_TZ', `O TimeZoneSpec=',
c2aa98e2SPeter Wemm	`O TimeZoneSpec=confTIME_ZONE')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# default UID (can be username or userid:groupid)
06f25ae9SGregory Neil Shapiro_OPTION(DefaultUser, `confDEF_USER_ID', `mailnull')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# list of locations of user database file (null means no lookup)
06f25ae9SGregory Neil Shapiro_OPTION(UserDatabaseSpec, `confUSERDB_SPEC', `MAIL_SETTINGS_DIR`'userdb')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# fallback MX host
06f25ae9SGregory Neil Shapiro_OPTION(FallbackMXhost, `confFALLBACK_MX', `fall.back.host.net')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# if we are the best MX host for a site, try it directly instead of config err
06f25ae9SGregory Neil Shapiro_OPTION(TryNullMXList, `confTRY_NULL_MX_LIST', `False')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# load average at which we just queue messages
06f25ae9SGregory Neil Shapiro_OPTION(QueueLA, `confQUEUE_LA', `8')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# load average at which we refuse connections
06f25ae9SGregory Neil Shapiro_OPTION(RefuseLA, `confREFUSE_LA', `12')
c2aa98e2SPeter Wemm
40266059SGregory Neil Shapiro# load average at which we delay connections; 0 means no limit
40266059SGregory Neil Shapiro_OPTION(DelayLA, `confDELAY_LA', `0')
40266059SGregory Neil Shapiro
c2aa98e2SPeter Wemm# maximum number of children we allow at one time
739ac4d4SGregory Neil Shapiro_OPTION(MaxDaemonChildren, `confMAX_DAEMON_CHILDREN', `0')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# maximum number of new connections per second
193538b7SGregory Neil Shapiro_OPTION(ConnectionRateThrottle, `confCONNECTION_RATE_THROTTLE', `0')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# work recipient factor
06f25ae9SGregory Neil Shapiro_OPTION(RecipientFactor, `confWORK_RECIPIENT_FACTOR', `30000')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# deliver each queued job in a separate process?
06f25ae9SGregory Neil Shapiro_OPTION(ForkEachJob, `confSEPARATE_PROC', `False')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# work class factor
06f25ae9SGregory Neil Shapiro_OPTION(ClassFactor, `confWORK_CLASS_FACTOR', `1800')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# work time factor
06f25ae9SGregory Neil Shapiro_OPTION(RetryFactor, `confWORK_TIME_FACTOR', `90000')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# default character set
06f25ae9SGregory Neil Shapiro_OPTION(DefaultCharSet, `confDEF_CHAR_SET', `iso-8859-1')
c2aa98e2SPeter Wemm
40266059SGregory Neil Shapiro# service switch file (name hardwired on Solaris, Ultrix, OSF/1, others)
06f25ae9SGregory Neil Shapiro_OPTION(ServiceSwitchFile, `confSERVICE_SWITCH_FILE', `MAIL_SETTINGS_DIR`'service.switch')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# hosts file (normally /etc/hosts)
06f25ae9SGregory Neil Shapiro_OPTION(HostsFile, `confHOSTS_FILE', `/etc/hosts')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# dialup line delay on connection failure
06f25ae9SGregory Neil Shapiro_OPTION(DialDelay, `confDIAL_DELAY', `10s')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# action to take if there are no recipients in the message
06f25ae9SGregory Neil Shapiro_OPTION(NoRecipientAction, `confNO_RCPT_ACTION', `add-to-undisclosed')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# chrooted environment for writing to files
06f25ae9SGregory Neil Shapiro_OPTION(SafeFileEnvironment, `confSAFE_FILE_ENV', `/arch')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# are colons OK in addresses?
06f25ae9SGregory Neil Shapiro_OPTION(ColonOkInAddr, `confCOLON_OK_IN_ADDR', `True')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# shall I avoid expanding CNAMEs (violates protocols)?
06f25ae9SGregory Neil Shapiro_OPTION(DontExpandCnames, `confDONT_EXPAND_CNAMES', `False')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# SMTP initial login message (old $e macro)
06f25ae9SGregory Neil Shapiro_OPTION(SmtpGreetingMessage, `confSMTP_LOGIN_MSG', `$j Sendmail $v ready at $b')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# UNIX initial From header format (old $l macro)
06f25ae9SGregory Neil Shapiro_OPTION(UnixFromLine, `confFROM_LINE', `From $g $d')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# From: lines that have embedded newlines are unwrapped onto one line
06f25ae9SGregory Neil Shapiro_OPTION(SingleLineFromHeader, `confSINGLE_LINE_FROM_HEADER', `False')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# Allow HELO SMTP command that does not `include' a host name
06f25ae9SGregory Neil Shapiro_OPTION(AllowBogusHELO, `confALLOW_BOGUS_HELO', `False')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# Characters to be quoted in a full name phrase (@,;:\()[] are automatic)
06f25ae9SGregory Neil Shapiro_OPTION(MustQuoteChars, `confMUST_QUOTE_CHARS', `.')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# delimiter (operator) characters (old $o macro)
06f25ae9SGregory Neil Shapiro_OPTION(OperatorChars, `confOPERATORS', `.:@[]')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# shall I avoid calling initgroups(3) because of high NIS costs?
06f25ae9SGregory Neil Shapiro_OPTION(DontInitGroups, `confDONT_INIT_GROUPS', `False')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# are group-writable `:include:' and .forward files (un)trustworthy?
40266059SGregory Neil Shapiro# True (the default) means they are not trustworthy.
06f25ae9SGregory Neil Shapiro_OPTION(UnsafeGroupWrites, `confUNSAFE_GROUP_WRITES', `True')
40266059SGregory Neil Shapiroifdef(`confUNSAFE_GROUP_WRITES',
40266059SGregory Neil Shapiro`errprint(`WARNING: confUNSAFE_GROUP_WRITES is deprecated; use confDONT_BLAME_SENDMAIL.
40266059SGregory Neil Shapiro')')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# where do errors that occur when sending errors get sent?
06f25ae9SGregory Neil Shapiro_OPTION(DoubleBounceAddress, `confDOUBLE_BOUNCE_ADDRESS', `postmaster')
06f25ae9SGregory Neil Shapiro
06f25ae9SGregory Neil Shapiro# where to save bounces if all else fails
06f25ae9SGregory Neil Shapiro_OPTION(DeadLetterDrop, `confDEAD_LETTER_DROP', `/var/tmp/dead.letter')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# what user id do we assume for the majority of the processing?
06f25ae9SGregory Neil Shapiro_OPTION(RunAsUser, `confRUN_AS_USER', `sendmail')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# maximum number of recipients per SMTP envelope
06f25ae9SGregory Neil Shapiro_OPTION(MaxRecipientsPerMessage, `confMAX_RCPTS_PER_MESSAGE', `100')
c2aa98e2SPeter Wemm
40266059SGregory Neil Shapiro# limit the rate recipients per SMTP envelope are accepted
40266059SGregory Neil Shapiro# once the threshold number of recipients have been rejected
40266059SGregory Neil Shapiro_OPTION(BadRcptThrottle, `confBAD_RCPT_THROTTLE', `20')
40266059SGregory Neil Shapiro
c2aa98e2SPeter Wemm# shall we get local names from our installed interfaces?
06f25ae9SGregory Neil Shapiro_OPTION(DontProbeInterfaces, `confDONT_PROBE_INTERFACES', `False')
c2aa98e2SPeter Wemm
06f25ae9SGregory Neil Shapiro# Return-Receipt-To: header implies DSN request
06f25ae9SGregory Neil Shapiro_OPTION(RrtImpliesDsn, `confRRT_IMPLIES_DSN', `False')
06f25ae9SGregory Neil Shapiro
06f25ae9SGregory Neil Shapiro# override connection address (for testing)
06f25ae9SGregory Neil Shapiro_OPTION(ConnectOnlyTo, `confCONNECT_ONLY_TO', `0.0.0.0')
06f25ae9SGregory Neil Shapiro
06f25ae9SGregory Neil Shapiro# Trusted user for file ownership and starting the daemon
06f25ae9SGregory Neil Shapiro_OPTION(TrustedUser, `confTRUSTED_USER', `root')
06f25ae9SGregory Neil Shapiro
06f25ae9SGregory Neil Shapiro# Control socket for daemon management
06f25ae9SGregory Neil Shapiro_OPTION(ControlSocketName, `confCONTROL_SOCKET_NAME', `/var/spool/mqueue/.control')
06f25ae9SGregory Neil Shapiro
06f25ae9SGregory Neil Shapiro# Maximum MIME header length to protect MUAs
06f25ae9SGregory Neil Shapiro_OPTION(MaxMimeHeaderLength, `confMAX_MIME_HEADER_LENGTH', `0/0')
06f25ae9SGregory Neil Shapiro
06f25ae9SGregory Neil Shapiro# Maximum length of the sum of all headers
06f25ae9SGregory Neil Shapiro_OPTION(MaxHeadersLength, `confMAX_HEADERS_LENGTH', `32768')
06f25ae9SGregory Neil Shapiro
06f25ae9SGregory Neil Shapiro# Maximum depth of alias recursion
06f25ae9SGregory Neil Shapiro_OPTION(MaxAliasRecursion, `confMAX_ALIAS_RECURSION', `10')
06f25ae9SGregory Neil Shapiro
06f25ae9SGregory Neil Shapiro# location of pid file
06f25ae9SGregory Neil Shapiro_OPTION(PidFile, `confPID_FILE', `/var/run/sendmail.pid')
06f25ae9SGregory Neil Shapiro
06f25ae9SGregory Neil Shapiro# Prefix string for the process title shown on 'ps' listings
06f25ae9SGregory Neil Shapiro_OPTION(ProcessTitlePrefix, `confPROCESS_TITLE_PREFIX', `prefix')
06f25ae9SGregory Neil Shapiro
06f25ae9SGregory Neil Shapiro# Data file (df) memory-buffer file maximum size
06f25ae9SGregory Neil Shapiro_OPTION(DataFileBufferSize, `confDF_BUFFER_SIZE', `4096')
06f25ae9SGregory Neil Shapiro
06f25ae9SGregory Neil Shapiro# Transcript file (xf) memory-buffer file maximum size
06f25ae9SGregory Neil Shapiro_OPTION(XscriptFileBufferSize, `confXF_BUFFER_SIZE', `4096')
06f25ae9SGregory Neil Shapiro
40266059SGregory Neil Shapiro# lookup type to find information about local mailboxes
40266059SGregory Neil Shapiro_OPTION(MailboxDatabase, `confMAILBOX_DATABASE', `pw')
40266059SGregory Neil Shapiro
06f25ae9SGregory Neil Shapiro# list of authentication mechanisms
40266059SGregory Neil Shapiro_OPTION(AuthMechanisms, `confAUTH_MECHANISMS', `EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5')
06f25ae9SGregory Neil Shapiro
06f25ae9SGregory Neil Shapiro# default authentication information for outgoing connections
06f25ae9SGregory Neil Shapiro_OPTION(DefaultAuthInfo, `confDEF_AUTH_INFO', `MAIL_SETTINGS_DIR`'default-auth-info')
06f25ae9SGregory Neil Shapiro
06f25ae9SGregory Neil Shapiro# SMTP AUTH flags
06f25ae9SGregory Neil Shapiro_OPTION(AuthOptions, `confAUTH_OPTIONS', `')
06f25ae9SGregory Neil Shapiro
40266059SGregory Neil Shapiro# SMTP AUTH maximum encryption strength
40266059SGregory Neil Shapiro_OPTION(AuthMaxBits, `confAUTH_MAX_BITS', `')
40266059SGregory Neil Shapiro
40266059SGregory Neil Shapiro# SMTP STARTTLS server options
40266059SGregory Neil Shapiro_OPTION(TLSSrvOptions, `confTLS_SRV_OPTIONS', `')
40266059SGregory Neil Shapiro
06f25ae9SGregory Neil Shapiro# Input mail filters
06f25ae9SGregory Neil Shapiro_OPTION(InputMailFilters, `confINPUT_MAIL_FILTERS', `')
06f25ae9SGregory Neil Shapiro
739ac4d4SGregory Neil Shapiroifelse(len(X`'_MAIL_FILTERS_DEF), `1', `dnl', `dnl
06f25ae9SGregory Neil Shapiro# Milter options
40266059SGregory Neil Shapiro_OPTION(Milter.LogLevel, `confMILTER_LOG_LEVEL', `')
06f25ae9SGregory Neil Shapiro_OPTION(Milter.macros.connect, `confMILTER_MACROS_CONNECT', `')
06f25ae9SGregory Neil Shapiro_OPTION(Milter.macros.helo, `confMILTER_MACROS_HELO', `')
06f25ae9SGregory Neil Shapiro_OPTION(Milter.macros.envfrom, `confMILTER_MACROS_ENVFROM', `')
06f25ae9SGregory Neil Shapiro_OPTION(Milter.macros.envrcpt, `confMILTER_MACROS_ENVRCPT', `')')
06f25ae9SGregory Neil Shapiro
06f25ae9SGregory Neil Shapiro# CA directory
13bd1963SGregory Neil Shapiro_OPTION(CACertPath, `confCACERT_PATH', `')
06f25ae9SGregory Neil Shapiro# CA file
13bd1963SGregory Neil Shapiro_OPTION(CACertFile, `confCACERT', `')
06f25ae9SGregory Neil Shapiro# Server Cert
06f25ae9SGregory Neil Shapiro_OPTION(ServerCertFile, `confSERVER_CERT', `')
06f25ae9SGregory Neil Shapiro# Server private key
06f25ae9SGregory Neil Shapiro_OPTION(ServerKeyFile, `confSERVER_KEY', `')
06f25ae9SGregory Neil Shapiro# Client Cert
06f25ae9SGregory Neil Shapiro_OPTION(ClientCertFile, `confCLIENT_CERT', `')
06f25ae9SGregory Neil Shapiro# Client private key
06f25ae9SGregory Neil Shapiro_OPTION(ClientKeyFile, `confCLIENT_KEY', `')
06f25ae9SGregory Neil Shapiro# DHParameters (only required if DSA/DH is used)
06f25ae9SGregory Neil Shapiro_OPTION(DHParameters, `confDH_PARAMETERS', `')
06f25ae9SGregory Neil Shapiro# Random data source (required for systems without /dev/urandom under OpenSSL)
06f25ae9SGregory Neil Shapiro_OPTION(RandFile, `confRAND_FILE', `')
06f25ae9SGregory Neil Shapiro
40266059SGregory Neil Shapiro############################
40266059SGregory Neil Shapiro`# QUEUE GROUP DEFINITIONS  #'
40266059SGregory Neil Shapiro############################
40266059SGregory Neil Shapiro_QUEUE_GROUP_
065a643dSPeter Wemm
c2aa98e2SPeter Wemm###########################
c2aa98e2SPeter Wemm#   Message precedences   #
c2aa98e2SPeter Wemm###########################
c2aa98e2SPeter Wemm
c2aa98e2SPeter WemmPfirst-class=0
c2aa98e2SPeter WemmPspecial-delivery=100
c2aa98e2SPeter WemmPlist=-30
c2aa98e2SPeter WemmPbulk=-60
c2aa98e2SPeter WemmPjunk=-100
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm#####################
c2aa98e2SPeter Wemm#   Trusted users   #
c2aa98e2SPeter Wemm#####################
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# this is equivalent to setting class "t"
06f25ae9SGregory Neil Shapiroifdef(`_USE_CT_FILE_', `', `#')Ft`'ifdef(`confCT_FILE', confCT_FILE, `MAIL_SETTINGS_DIR`'trusted-users')
c2aa98e2SPeter WemmTroot
c2aa98e2SPeter WemmTdaemon
c2aa98e2SPeter Wemmifdef(`_NO_UUCP_', `dnl', `Tuucp')
c2aa98e2SPeter Wemmifdef(`confTRUSTED_USERS', `T`'confTRUSTED_USERS', `dnl')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm#########################
c2aa98e2SPeter Wemm#   Format of headers   #
c2aa98e2SPeter Wemm#########################
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemmifdef(`confFROM_HEADER',, `define(`confFROM_HEADER', `$?x$x <$g>$|$g$.')')dnl
c2aa98e2SPeter WemmH?P?Return-Path: <$g>
c2aa98e2SPeter WemmHReceived: confRECEIVED_HEADER
c2aa98e2SPeter WemmH?D?Resent-Date: $a
c2aa98e2SPeter WemmH?D?Date: $a
c2aa98e2SPeter WemmH?F?Resent-From: confFROM_HEADER
c2aa98e2SPeter WemmH?F?From: confFROM_HEADER
c2aa98e2SPeter WemmH?x?Full-Name: $x
c2aa98e2SPeter Wemm# HPosted-Date: $a
c2aa98e2SPeter Wemm# H?l?Received-Date: $b
c2aa98e2SPeter WemmH?M?Resent-Message-Id: <$t.$i@$j>
c2aa98e2SPeter WemmH?M?Message-Id: <$t.$i@$j>
06f25ae9SGregory Neil Shapiro
c2aa98e2SPeter Wemm#
c2aa98e2SPeter Wemm######################################################################
c2aa98e2SPeter Wemm######################################################################
c2aa98e2SPeter Wemm#####
c2aa98e2SPeter Wemm#####			REWRITING RULES
c2aa98e2SPeter Wemm#####
c2aa98e2SPeter Wemm######################################################################
c2aa98e2SPeter Wemm######################################################################
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm############################################
c2aa98e2SPeter Wemm###  Ruleset 3 -- Name Canonicalization  ###
c2aa98e2SPeter Wemm############################################
06f25ae9SGregory Neil ShapiroScanonify=3
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# handle null input (translate to <@> special case)
c2aa98e2SPeter WemmR$@			$@ <@>
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# strip group: syntax (not inside angle brackets!) and trailing semicolon
c2aa98e2SPeter WemmR$*			$: $1 <@>			mark addresses
c2aa98e2SPeter WemmR$* < $* > $* <@>	$: $1 < $2 > $3			unmark <addr>
c2aa98e2SPeter WemmR@ $* <@>		$: @ $1				unmark @host:...
40266059SGregory Neil ShapiroR$* [ IPv6 : $+ ] <@>	$: $1 [ IPv6 : $2 ]		unmark IPv6 addr
c2aa98e2SPeter WemmR$* :: $* <@>		$: $1 :: $2			unmark node::addr
c2aa98e2SPeter WemmR:`include': $* <@>	$: :`include': $1			unmark :`include':...
c2aa98e2SPeter WemmR$* : $* [ $* ]		$: $1 : $2 [ $3 ] <@>		remark if leading colon
c2aa98e2SPeter WemmR$* : $* <@>		$: $2				strip colon if marked
c2aa98e2SPeter WemmR$* <@>			$: $1				unmark
c2aa98e2SPeter WemmR$* ;			   $1				strip trailing semi
193538b7SGregory Neil ShapiroR$* < $+ :; > $*	$@ $2 :; <@>			catch <list:;>
c2aa98e2SPeter WemmR$* < $* ; >		   $1 < $2 >			bogus bracketed semi
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# null input now results from list:; syntax
c2aa98e2SPeter WemmR$@			$@ :; <@>
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# strip angle brackets -- note RFC733 heuristic to get innermost item
c2aa98e2SPeter WemmR$*			$: < $1 >			housekeeping <>
c2aa98e2SPeter WemmR$+ < $* >		   < $2 >			strip excess on left
c2aa98e2SPeter WemmR< $* > $+		   < $1 >			strip excess on right
c2aa98e2SPeter WemmR<>			$@ < @ >			MAIL FROM:<> case
c2aa98e2SPeter WemmR< $+ >			$: $1				remove housekeeping <>
c2aa98e2SPeter Wemm
06f25ae9SGregory Neil Shapiroifdef(`_USE_DEPRECATED_ROUTE_ADDR_',`dnl
c2aa98e2SPeter Wemm# make sure <@a,@b,@c:user@d> syntax is easy to parse -- undone later
c2aa98e2SPeter WemmR@ $+ , $+		@ $1 : $2			change all "," to ":"
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# localize and dispose of route-based addresses
40266059SGregory Neil Shapirodnl XXX: IPv6 colon conflict
40266059SGregory Neil Shapiroifdef(`NO_NETINET6', `dnl',
40266059SGregory Neil Shapiro`R@ [$+] : $+		$@ $>Canonify2 < @ [$1] > : $2	handle <route-addr>')
06f25ae9SGregory Neil ShapiroR@ $+ : $+		$@ $>Canonify2 < @$1 > : $2	handle <route-addr>
06f25ae9SGregory Neil Shapirodnl',`dnl
06f25ae9SGregory Neil Shapiro# strip route address <@a,@b,@c:user@d> -> <user@d>
06f25ae9SGregory Neil ShapiroR@ $+ , $+		$2
40266059SGregory Neil Shapiroifdef(`NO_NETINET6', `dnl',
40266059SGregory Neil Shapiro`R@ [ $* ] : $+		$2')
06f25ae9SGregory Neil ShapiroR@ $+ : $+		$2
06f25ae9SGregory Neil Shapirodnl')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# find focus for list syntax
06f25ae9SGregory Neil ShapiroR $+ : $* ; @ $+	$@ $>Canonify2 $1 : $2 ; < @ $3 >	list syntax
c2aa98e2SPeter WemmR $+ : $* ;		$@ $1 : $2;			list syntax
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# find focus for @ syntax addresses
c2aa98e2SPeter WemmR$+ @ $+		$: $1 < @ $2 >			focus on domain
c2aa98e2SPeter WemmR$+ < $+ @ $+ >		$1 $2 < @ $3 >			move gaze right
06f25ae9SGregory Neil ShapiroR$+ < @ $+ >		$@ $>Canonify2 $1 < @ $2 >	already canonical
c2aa98e2SPeter Wemm
40266059SGregory Neil Shapirodnl This is flagged as an error in S0; no need to silently fix it here.
40266059SGregory Neil Shapirodnl # do some sanity checking
40266059SGregory Neil Shapirodnl R$* < @ $~[ $* : $* > $*	$1 < @ $2 $3 > $4	nix colons in addrs
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemmifdef(`_NO_UUCP_', `dnl',
c2aa98e2SPeter Wemm`# convert old-style addresses to a domain-based address
06f25ae9SGregory Neil ShapiroR$- ! $+		$@ $>Canonify2 $2 < @ $1 .UUCP >	resolve uucp names
06f25ae9SGregory Neil ShapiroR$+ . $- ! $+		$@ $>Canonify2 $3 < @ $1 . $2 >		domain uucps
06f25ae9SGregory Neil ShapiroR$+ ! $+		$@ $>Canonify2 $2 < @ $1 .UUCP >	uucp subdomains
c2aa98e2SPeter Wemm')
c2aa98e2SPeter Wemmifdef(`_USE_DECNET_SYNTAX_',
c2aa98e2SPeter Wemm`# convert node::user addresses into a domain-based address
06f25ae9SGregory Neil ShapiroR$- :: $+		$@ $>Canonify2 $2 < @ $1 .DECNET >	resolve DECnet names
06f25ae9SGregory Neil ShapiroR$- . $- :: $+		$@ $>Canonify2 $3 < @ $1.$2 .DECNET >	numeric DECnet addr
c2aa98e2SPeter Wemm',
c2aa98e2SPeter Wemm	`dnl')
c2aa98e2SPeter Wemm# if we have % signs, take the rightmost one
c2aa98e2SPeter WemmR$* % $*		$1 @ $2				First make them all @s.
c2aa98e2SPeter WemmR$* @ $* @ $*		$1 % $2 @ $3			Undo all but the last.
06f25ae9SGregory Neil ShapiroR$* @ $*		$@ $>Canonify2 $1 < @ $2 >	Insert < > and finish
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# else we must be a local name
06f25ae9SGregory Neil ShapiroR$*			$@ $>Canonify2 $1
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm################################################
c2aa98e2SPeter Wemm###  Ruleset 96 -- bottom half of ruleset 3  ###
c2aa98e2SPeter Wemm################################################
c2aa98e2SPeter Wemm
06f25ae9SGregory Neil ShapiroSCanonify2=96
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# handle special cases for local names
c2aa98e2SPeter WemmR$* < @ localhost > $*		$: $1 < @ $j . > $2		no domain at all
c2aa98e2SPeter WemmR$* < @ localhost . $m > $*	$: $1 < @ $j . > $2		local domain
c2aa98e2SPeter Wemmifdef(`_NO_UUCP_', `dnl',
c2aa98e2SPeter Wemm`R$* < @ localhost . UUCP > $*	$: $1 < @ $j . > $2		.UUCP domain')
06f25ae9SGregory Neil Shapiro
40266059SGregory Neil Shapiro# check for IPv4/IPv6 domain literal
40266059SGregory Neil ShapiroR$* < @ [ $+ ] > $*		$: $1 < @@ [ $2 ] > $3		mark [addr]
c2aa98e2SPeter WemmR$* < @@ $=w > $*		$: $1 < @ $j . > $3		self-literal
c2aa98e2SPeter WemmR$* < @@ $+ > $*		$@ $1 < @ $2 > $3		canon IP addr
c2aa98e2SPeter Wemm
06f25ae9SGregory Neil Shapiroifdef(`_DOMAIN_TABLE_', `dnl
c2aa98e2SPeter Wemm# look up domains in the domain table
c2aa98e2SPeter WemmR$* < @ $+ > $* 		$: $1 < @ $(domaintable $2 $) > $3', `dnl')
c2aa98e2SPeter Wemm
06f25ae9SGregory Neil Shapiroundivert(2)dnl LOCAL_RULE_3
c2aa98e2SPeter Wemm
06f25ae9SGregory Neil Shapiroifdef(`_BITDOMAIN_TABLE_', `dnl
c2aa98e2SPeter Wemm# handle BITNET mapping
c2aa98e2SPeter WemmR$* < @ $+ .BITNET > $*		$: $1 < @ $(bitdomain $2 $: $2.BITNET $) > $3', `dnl')
c2aa98e2SPeter Wemm
06f25ae9SGregory Neil Shapiroifdef(`_UUDOMAIN_TABLE_', `dnl
c2aa98e2SPeter Wemm# handle UUCP mapping
c2aa98e2SPeter WemmR$* < @ $+ .UUCP > $*		$: $1 < @ $(uudomain $2 $: $2.UUCP $) > $3', `dnl')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemmifdef(`_NO_UUCP_', `dnl',
c2aa98e2SPeter Wemm`ifdef(`UUCP_RELAY',
c2aa98e2SPeter Wemm`# pass UUCP addresses straight through
c2aa98e2SPeter WemmR$* < @ $+ . UUCP > $*		$@ $1 < @ $2 . UUCP . > $3',
c2aa98e2SPeter Wemm`# if really UUCP, handle it immediately
c2aa98e2SPeter Wemmifdef(`_CLASS_U_',
c2aa98e2SPeter Wemm`R$* < @ $=U . UUCP > $*	$@ $1 < @ $2 . UUCP . > $3', `dnl')
c2aa98e2SPeter Wemmifdef(`_CLASS_V_',
c2aa98e2SPeter Wemm`R$* < @ $=V . UUCP > $*	$@ $1 < @ $2 . UUCP . > $3', `dnl')
c2aa98e2SPeter Wemmifdef(`_CLASS_W_',
c2aa98e2SPeter Wemm`R$* < @ $=W . UUCP > $*	$@ $1 < @ $2 . UUCP . > $3', `dnl')
c2aa98e2SPeter Wemmifdef(`_CLASS_X_',
c2aa98e2SPeter Wemm`R$* < @ $=X . UUCP > $*	$@ $1 < @ $2 . UUCP . > $3', `dnl')
c2aa98e2SPeter Wemmifdef(`_CLASS_Y_',
c2aa98e2SPeter Wemm`R$* < @ $=Y . UUCP > $*	$@ $1 < @ $2 . UUCP . > $3', `dnl')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemmifdef(`_NO_CANONIFY_', `dnl', `dnl
c2aa98e2SPeter Wemm# try UUCP traffic as a local address
c2aa98e2SPeter WemmR$* < @ $+ . UUCP > $*		$: $1 < @ $[ $2 $] . UUCP . > $3
c2aa98e2SPeter WemmR$* < @ $+ . . UUCP . > $*	$@ $1 < @ $2 . > $3')
c2aa98e2SPeter Wemm')')
06f25ae9SGregory Neil Shapiro# hostnames ending in class P are always canonical
06f25ae9SGregory Neil ShapiroR$* < @ $* $=P > $*		$: $1 < @ $2 $3 . > $4
06f25ae9SGregory Neil Shapirodnl apply the next rule only for hostnames not in class P
06f25ae9SGregory Neil Shapirodnl this even works for phrases in class P since . is in class P
06f25ae9SGregory Neil Shapirodnl which daemon flags are set?
06f25ae9SGregory Neil ShapiroR$* < @ $* $~P > $*		$: $&{daemon_flags} $| $1 < @ $2 $3 > $4
06f25ae9SGregory Neil Shapirodnl the other rules in this section only apply if the hostname
06f25ae9SGregory Neil Shapirodnl does not end in class P hence no further checks are done here
06f25ae9SGregory Neil Shapirodnl if this ever changes make sure the lookups are "protected" again!
06f25ae9SGregory Neil Shapiroifdef(`_NO_CANONIFY_', `dnl
06f25ae9SGregory Neil Shapirodnl do not canonify unless:
06f25ae9SGregory Neil Shapirodnl domain ends in class {Canonify} (this does not work if the intersection
06f25ae9SGregory Neil Shapirodnl	with class P is non-empty)
06f25ae9SGregory Neil Shapirodnl or {daemon_flags} has c set
06f25ae9SGregory Neil Shapiro# pass to name server to make hostname canonical if in class {Canonify}
06f25ae9SGregory Neil ShapiroR$* $| $* < @ $* $={Canonify} > $*	$: $2 < @ $[ $3 $4 $] > $5
06f25ae9SGregory Neil Shapiro# pass to name server to make hostname canonical if requested
06f25ae9SGregory Neil ShapiroR$* c $* $| $* < @ $* > $*	$: $3 < @ $[ $4 $] > $5
06f25ae9SGregory Neil Shapirodnl trailing dot? -> do not apply _CANONIFY_HOSTS_
06f25ae9SGregory Neil ShapiroR$* $| $* < @ $+ . > $*		$: $2 < @ $3 . > $4
06f25ae9SGregory Neil Shapiro# add a trailing dot to qualified hostnames so other rules will work
06f25ae9SGregory Neil ShapiroR$* $| $* < @ $+.$+ > $*	$: $2 < @ $3.$4 . > $5
06f25ae9SGregory Neil Shapiroifdef(`_CANONIFY_HOSTS_', `dnl
06f25ae9SGregory Neil Shapirodnl this should only apply to unqualified hostnames
06f25ae9SGregory Neil Shapirodnl but if a valid character inside an unqualified hostname is an OperatorChar
06f25ae9SGregory Neil Shapirodnl then $- does not work.
06f25ae9SGregory Neil Shapiro# lookup unqualified hostnames
06f25ae9SGregory Neil ShapiroR$* $| $* < @ $* > $*		$: $2 < @ $[ $3 $] > $4', `dnl')', `dnl
06f25ae9SGregory Neil Shapirodnl _NO_CANONIFY_ is not set: canonify unless:
06f25ae9SGregory Neil Shapirodnl {daemon_flags} contains CC (do not canonify)
193538b7SGregory Neil Shapirodnl but add a trailing dot to qualified hostnames so other rules will work
193538b7SGregory Neil Shapirodnl should we do this for every hostname: even unqualified?
193538b7SGregory Neil ShapiroR$* CC $* $| $* < @ $+.$+ > $*	$: $3 < @ $4.$5 . > $6
06f25ae9SGregory Neil ShapiroR$* CC $* $| $*			$: $3
40266059SGregory Neil Shapiroifdef(`_FFR_NOCANONIFY_HEADERS', `dnl
40266059SGregory Neil Shapiro# do not canonify header addresses
40266059SGregory Neil ShapiroR$* $| $* < @ $* $~P > $*	$: $&{addr_type} $| $2 < @ $3 $4 > $5
40266059SGregory Neil ShapiroR$* h $* $| $* < @ $+.$+ > $*	$: $3 < @ $4.$5 . > $6
40266059SGregory Neil ShapiroR$* h $* $| $*			$: $3', `dnl')
c2aa98e2SPeter Wemm# pass to name server to make hostname canonical
06f25ae9SGregory Neil ShapiroR$* $| $* < @ $* > $*		$: $2 < @ $[ $3 $] > $4')
06f25ae9SGregory Neil Shapirodnl remove {daemon_flags} for other cases
06f25ae9SGregory Neil ShapiroR$* $| $*			$: $2
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# local host aliases and pseudo-domains are always canonical
c2aa98e2SPeter WemmR$* < @ $=w > $*		$: $1 < @ $2 . > $3
c2aa98e2SPeter Wemmifdef(`_MASQUERADE_ENTIRE_DOMAIN_',
c2aa98e2SPeter Wemm`R$* < @ $* $=M > $*		$: $1 < @ $2 $3 . > $4',
c2aa98e2SPeter Wemm`R$* < @ $=M > $*		$: $1 < @ $2 . > $3')
06f25ae9SGregory Neil Shapiroifdef(`_VIRTUSER_TABLE_', `dnl
06f25ae9SGregory Neil Shapirodnl virtual hosts are also canonical
06f25ae9SGregory Neil Shapiroifdef(`_VIRTUSER_ENTIRE_DOMAIN_',
06f25ae9SGregory Neil Shapiro`R$* < @ $* $={VirtHost} > $* 	$: $1 < @ $2 $3 . > $4',
06f25ae9SGregory Neil Shapiro`R$* < @ $={VirtHost} > $* 	$: $1 < @ $2 . > $3')',
06f25ae9SGregory Neil Shapiro`dnl')
40266059SGregory Neil Shapiroifdef(`_GENERICS_TABLE_', `dnl
40266059SGregory Neil Shapirodnl hosts for genericstable are also canonical
40266059SGregory Neil Shapiroifdef(`_GENERICS_ENTIRE_DOMAIN_',
40266059SGregory Neil Shapiro`R$* < @ $* $=G > $* 	$: $1 < @ $2 $3 . > $4',
40266059SGregory Neil Shapiro`R$* < @ $=G > $* 	$: $1 < @ $2 . > $3')',
40266059SGregory Neil Shapiro`dnl')
06f25ae9SGregory Neil Shapirodnl remove superfluous dots (maybe repeatedly) which may have been added
06f25ae9SGregory Neil Shapirodnl by one of the rules before
c2aa98e2SPeter WemmR$* < @ $* . . > $*		$1 < @ $2 . > $3
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm##################################################
c2aa98e2SPeter Wemm###  Ruleset 4 -- Final Output Post-rewriting  ###
c2aa98e2SPeter Wemm##################################################
06f25ae9SGregory Neil ShapiroSfinal=4
c2aa98e2SPeter Wemm
193538b7SGregory Neil ShapiroR$+ :; <@>		$@ $1 :				handle <list:;>
c2aa98e2SPeter WemmR$* <@>			$@				handle <> and list:;
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# strip trailing dot off possibly canonical name
c2aa98e2SPeter WemmR$* < @ $+ . > $*	$1 < @ $2 > $3
c2aa98e2SPeter Wemm
06f25ae9SGregory Neil Shapiro# eliminate internal code
c2aa98e2SPeter WemmR$* < @ *LOCAL* > $*	$1 < @ $j > $2
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# externalize local domain info
c2aa98e2SPeter WemmR$* < $+ > $*		$1 $2 $3			defocus
c2aa98e2SPeter WemmR@ $+ : @ $+ : $+	@ $1 , @ $2 : $3		<route-addr> canonical
c2aa98e2SPeter WemmR@ $*			$@ @ $1				... and exit
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemmifdef(`_NO_UUCP_', `dnl',
c2aa98e2SPeter Wemm`# UUCP must always be presented in old form
c2aa98e2SPeter WemmR$+ @ $- . UUCP		$2!$1				u@h.UUCP => h!u')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemmifdef(`_USE_DECNET_SYNTAX_',
c2aa98e2SPeter Wemm`# put DECnet back in :: form
c2aa98e2SPeter WemmR$+ @ $+ . DECNET	$2 :: $1			u@h.DECNET => h::u',
c2aa98e2SPeter Wemm	`dnl')
c2aa98e2SPeter Wemm# delete duplicate local names
c2aa98e2SPeter WemmR$+ % $=w @ $=w		$1 @ $2				u%host@host => u@host
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm##############################################################
c2aa98e2SPeter Wemm###   Ruleset 97 -- recanonicalize and call ruleset zero   ###
c2aa98e2SPeter Wemm###		   (used for recursive calls)		   ###
c2aa98e2SPeter Wemm##############################################################
c2aa98e2SPeter Wemm
06f25ae9SGregory Neil ShapiroSRecurse=97
06f25ae9SGregory Neil ShapiroR$*			$: $>canonify $1
06f25ae9SGregory Neil ShapiroR$*			$@ $>parse $1
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm######################################
c2aa98e2SPeter Wemm###   Ruleset 0 -- Parse Address   ###
c2aa98e2SPeter Wemm######################################
c2aa98e2SPeter Wemm
06f25ae9SGregory Neil ShapiroSparse=0
c2aa98e2SPeter Wemm
c2aa98e2SPeter WemmR$*			$: $>Parse0 $1		initial parsing
c2aa98e2SPeter WemmR<@>			$#_LOCAL_ $: <@>		special case error msgs
06f25ae9SGregory Neil ShapiroR$*			$: $>ParseLocal $1	handle local hacks
c2aa98e2SPeter WemmR$*			$: $>Parse1 $1		final parsing
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm#
c2aa98e2SPeter Wemm#  Parse0 -- do initial syntax checking and eliminate local addresses.
c2aa98e2SPeter Wemm#	This should either return with the (possibly modified) input
c2aa98e2SPeter Wemm#	or return with a #error mailer.  It should not return with a
c2aa98e2SPeter Wemm#	#mailer other than the #error mailer.
c2aa98e2SPeter Wemm#
c2aa98e2SPeter Wemm
c2aa98e2SPeter WemmSParse0
c2aa98e2SPeter WemmR<@>			$@ <@>			special case error msgs
40266059SGregory Neil ShapiroR$* : $* ; <@>		$#error $@ 5.1.3 $: "_CODE553 List:; syntax illegal for recipient addresses"
06f25ae9SGregory Neil ShapiroR@ <@ $* >		< @ $1 >		catch "@@host" bogosity
40266059SGregory Neil ShapiroR<@ $+>			$#error $@ 5.1.3 $: "_CODE553 User address required"
40266059SGregory Neil ShapiroR$+ <@>			$#error $@ 5.1.3 $: "_CODE553 Hostname required"
c2aa98e2SPeter WemmR$*			$: <> $1
40266059SGregory Neil Shapirodnl allow tricks like [host1]:[host2]
40266059SGregory Neil ShapiroR<> $* < @ [ $* ] : $+ > $*	$1 < @ [ $2 ] : $3 > $4
40266059SGregory Neil ShapiroR<> $* < @ [ $* ] , $+ > $*	$1 < @ [ $2 ] , $3 > $4
40266059SGregory Neil Shapirodnl but no a@[b]c
40266059SGregory Neil ShapiroR<> $* < @ [ $* ] $+ > $*	$#error $@ 5.1.2 $: "_CODE553 Invalid address"
c2aa98e2SPeter WemmR<> $* < @ [ $+ ] > $*		$1 < @ [ $2 ] > $3
40266059SGregory Neil ShapiroR<> $* <$* : $* > $*	$#error $@ 5.1.3 $: "_CODE553 Colon illegal in host name part"
c2aa98e2SPeter WemmR<> $*			$1
40266059SGregory Neil ShapiroR$* < @ . $* > $*	$#error $@ 5.1.2 $: "_CODE553 Invalid host name"
40266059SGregory Neil ShapiroR$* < @ $* .. $* > $*	$#error $@ 5.1.2 $: "_CODE553 Invalid host name"
40266059SGregory Neil Shapirodnl no a@b@
40266059SGregory Neil ShapiroR$* < @ $* @ > $*	$#error $@ 5.1.2 $: "_CODE553 Invalid route address"
40266059SGregory Neil Shapirodnl no a@b@c
40266059SGregory Neil ShapiroR$* @ $* < @ $* > $*	$#error $@ 5.1.3 $: "_CODE553 Invalid route address"
06f25ae9SGregory Neil Shapirodnl comma only allowed before @; this check is not complete
40266059SGregory Neil ShapiroR$* , $~O $*		$#error $@ 5.1.3 $: "_CODE553 Invalid route address"
40266059SGregory Neil Shapiro
40266059SGregory Neil Shapiroifdef(`_STRICT_RFC821_', `# more RFC 821 checks
40266059SGregory Neil ShapiroR$* . < @ $* > $*	$#error $@ 5.1.2 $: "_CODE553 Local part must not end with a dot"
40266059SGregory Neil ShapiroR. $* < @ $* > $*	$#error $@ 5.1.2 $: "_CODE553 Local part must not begin with a dot"
40266059SGregory Neil Shapirodnl', `dnl')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# now delete the local info -- note $=O to find characters that cause forwarding
06f25ae9SGregory Neil ShapiroR$* < @ > $*		$@ $>Parse0 $>canonify $1	user@ => user
06f25ae9SGregory Neil ShapiroR< @ $=w . > : $*	$@ $>Parse0 $>canonify $2	@here:... -> ...
c2aa98e2SPeter WemmR$- < @ $=w . >		$: $(dequote $1 $) < @ $2 . >	dequote "foo"@here
40266059SGregory Neil ShapiroR< @ $+ >		$#error $@ 5.1.3 $: "_CODE553 User address required"
06f25ae9SGregory Neil ShapiroR$* $=O $* < @ $=w . >	$@ $>Parse0 $>canonify $1 $2 $3	...@here -> ...
c2aa98e2SPeter WemmR$- 			$: $(dequote $1 $) < @ *LOCAL* >	dequote "foo"
40266059SGregory Neil ShapiroR< @ *LOCAL* >		$#error $@ 5.1.3 $: "_CODE553 User address required"
c2aa98e2SPeter WemmR$* $=O $* < @ *LOCAL* >
06f25ae9SGregory Neil Shapiro			$@ $>Parse0 $>canonify $1 $2 $3	...@*LOCAL* -> ...
c2aa98e2SPeter WemmR$* < @ *LOCAL* >	$: $1
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm#
c2aa98e2SPeter Wemm#  Parse1 -- the bottom half of ruleset 0.
c2aa98e2SPeter Wemm#
c2aa98e2SPeter Wemm
c2aa98e2SPeter WemmSParse1
06f25ae9SGregory Neil Shapiroifdef(`_LDAP_ROUTING_', `dnl
06f25ae9SGregory Neil Shapiro# handle LDAP routing for hosts in $={LDAPRoute}
40266059SGregory Neil ShapiroR$+ < @ $={LDAPRoute} . >	$: $>LDAPExpand <$1 < @ $2 . >> <$1 @ $2> <>
40266059SGregory Neil ShapiroR$+ < @ $={LDAPRouteEquiv} . >	$: $>LDAPExpand <$1 < @ $2 . >> <$1 @ $M> <>',
c2aa98e2SPeter Wemm`dnl')
c2aa98e2SPeter Wemm
06f25ae9SGregory Neil Shapiroifdef(`_MAILER_smtp_',
06f25ae9SGregory Neil Shapiro`# handle numeric address spec
06f25ae9SGregory Neil Shapirodnl there is no check whether this is really an IP number
06f25ae9SGregory Neil ShapiroR$* < @ [ $+ ] > $*	$: $>ParseLocal $1 < @ [ $2 ] > $3	numeric internet spec
06f25ae9SGregory Neil ShapiroR$* < @ [ $+ ] > $*	$1 < @ [ $2 ] : $S > $3		Add smart host to path
06f25ae9SGregory Neil ShapiroR$* < @ [ $+ ] : > $*		$#_SMTP_ $@ [$2] $: $1 < @ [$2] > $3	no smarthost: send
06f25ae9SGregory Neil ShapiroR$* < @ [ $+ ] : $- : $*> $*	$#$3 $@ $4 $: $1 < @ [$2] > $5	smarthost with mailer
06f25ae9SGregory Neil ShapiroR$* < @ [ $+ ] : $+ > $*	$#_SMTP_ $@ $3 $: $1 < @ [$2] > $4	smarthost without mailer',
06f25ae9SGregory Neil Shapiro	`dnl')
06f25ae9SGregory Neil Shapiro
06f25ae9SGregory Neil Shapiroifdef(`_VIRTUSER_TABLE_', `dnl
c2aa98e2SPeter Wemm# handle virtual users
40266059SGregory Neil Shapiroifdef(`_VIRTUSER_STOP_ONE_LEVEL_RECURSION_',`dnl
40266059SGregory Neil Shapirodnl this is not a documented option
40266059SGregory Neil Shapirodnl it stops looping in virtusertable mapping if input and output
40266059SGregory Neil Shapirodnl are identical, i.e., if address A is mapped to A.
40266059SGregory Neil Shapirodnl it does not deal with multi-level recursion
40266059SGregory Neil Shapiro# handle full domains in RHS of virtusertable
40266059SGregory Neil ShapiroR$+ < @ $+ >			$: $(macro {RecipientAddress} $) $1 < @ $2 >
40266059SGregory Neil ShapiroR$+ < @ $+ > 			$: <?> $1 < @ $2 > $| $>final $1 < @ $2 >
40266059SGregory Neil ShapiroR<?> $+ $| $+			$: $1 $(macro {RecipientAddress} $@ $2 $)
40266059SGregory Neil ShapiroR<?> $+ $| $*			$: $1',
40266059SGregory Neil Shapiro`dnl')
06f25ae9SGregory Neil ShapiroR$+			$: <!> $1		Mark for lookup
40266059SGregory Neil Shapirodnl input: <!> local<@domain>
06f25ae9SGregory Neil Shapiroifdef(`_VIRTUSER_ENTIRE_DOMAIN_',
06f25ae9SGregory Neil Shapiro`R<!> $+ < @ $* $={VirtHost} . > 	$: < $(virtuser $1 @ $2 $3 $@ $1 $: @ $) > $1 < @ $2 $3 . >',
06f25ae9SGregory Neil Shapiro`R<!> $+ < @ $={VirtHost} . > 	$: < $(virtuser $1 @ $2 $@ $1 $: @ $) > $1 < @ $2 . >')
40266059SGregory Neil Shapirodnl input: <result-of-lookup | @> local<@domain> | <!> local<@domain>
06f25ae9SGregory Neil ShapiroR<!> $+ < @ $=w . > 	$: < $(virtuser $1 @ $2 $@ $1 $: @ $) > $1 < @ $2 . >
40266059SGregory Neil Shapirodnl if <@> local<@domain>: no match but try lookup
40266059SGregory Neil Shapirodnl user+detail: try user++@domain if detail not empty
40266059SGregory Neil ShapiroR<@> $+ + $+ < @ $* . >
40266059SGregory Neil Shapiro			$: < $(virtuser $1 + + @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . >
40266059SGregory Neil Shapirodnl user+detail: try user+*@domain
c2aa98e2SPeter WemmR<@> $+ + $* < @ $* . >
40266059SGregory Neil Shapiro			$: < $(virtuser $1 + * @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . >
40266059SGregory Neil Shapirodnl user+detail: try user@domain
c2aa98e2SPeter WemmR<@> $+ + $* < @ $* . >
40266059SGregory Neil Shapiro			$: < $(virtuser $1 @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . >
06f25ae9SGregory Neil Shapirodnl try default entry: @domain
40266059SGregory Neil Shapirodnl ++@domain
40266059SGregory Neil ShapiroR<@> $+ + $+ < @ $+ . >	$: < $(virtuser + + @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . >
06f25ae9SGregory Neil Shapirodnl +*@domain
40266059SGregory Neil ShapiroR<@> $+ + $* < @ $+ . >	$: < $(virtuser + * @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . >
06f25ae9SGregory Neil Shapirodnl @domain if +detail exists
94c01205SGregory Neil Shapirodnl if no match, change marker to prevent a second @domain lookup
94c01205SGregory Neil ShapiroR<@> $+ + $* < @ $+ . >	$: < $(virtuser @ $3 $@ $1 $@ $2 $@ +$2 $: ! $) > $1 + $2 < @ $3 . >
94c01205SGregory Neil Shapirodnl without +detail
c2aa98e2SPeter WemmR<@> $+ < @ $+ . >	$: < $(virtuser @ $2 $@ $1 $: @ $) > $1 < @ $2 . >
40266059SGregory Neil Shapirodnl no match
c2aa98e2SPeter WemmR<@> $+			$: $1
40266059SGregory Neil Shapirodnl remove mark
06f25ae9SGregory Neil ShapiroR<!> $+			$: $1
06f25ae9SGregory Neil ShapiroR< error : $-.$-.$- : $+ > $* 	$#error $@ $1.$2.$3 $: $4
c2aa98e2SPeter WemmR< error : $- $+ > $* 	$#error $@ $(dequote $1 $) $: $2
40266059SGregory Neil Shapiroifdef(`_VIRTUSER_STOP_ONE_LEVEL_RECURSION_',`dnl
40266059SGregory Neil Shapiro# check virtuser input address against output address, if same, skip recursion
40266059SGregory Neil ShapiroR< $+ > $+ < @ $+ >				$: < $1 > $2 < @ $3 > $| $1
40266059SGregory Neil Shapiro# it is the same: stop now
40266059SGregory Neil ShapiroR< $+ > $+ < @ $+ > $| $&{RecipientAddress}	$: $>ParseLocal $>Parse0 $>canonify $1
40266059SGregory Neil ShapiroR< $+ > $+ < @ $+ > $| $* 			$: < $1 > $2 < @ $3 >
40266059SGregory Neil Shapirodnl', `dnl')
13058a91SGregory Neil Shapirodnl this is not a documented option
13058a91SGregory Neil Shapirodnl it performs no looping at all for virtusertable
8774250cSGregory Neil Shapiroifdef(`_NO_VIRTUSER_RECURSION_',
8774250cSGregory Neil Shapiro`R< $+ > $+ < @ $+ >	$: $>ParseLocal $>Parse0 $>canonify $1',
8774250cSGregory Neil Shapiro`R< $+ > $+ < @ $+ >	$: $>Recurse $1')
8774250cSGregory Neil Shapirodnl', `dnl')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# short circuit local delivery so forwarded email works
c2aa98e2SPeter Wemmifdef(`_MAILER_usenet_', `dnl
06f25ae9SGregory Neil ShapiroR$+ . USENET < @ $=w . >	$#usenet $@ usenet $: $1	handle usenet specially', `dnl')
42e5d165SGregory Neil Shapiro
42e5d165SGregory Neil Shapiro
c2aa98e2SPeter Wemmifdef(`_STICKY_LOCAL_DOMAIN_',
c2aa98e2SPeter Wemm`R$+ < @ $=w . >		$: < $H > $1 < @ $2 . >		first try hub
06f25ae9SGregory Neil ShapiroR< $+ > $+ < $+ >	$>MailerToTriple < $1 > $2 < $3 >	yep ....
06f25ae9SGregory Neil Shapirodnl $H empty (but @$=w.)
c2aa98e2SPeter WemmR< > $+ + $* < $+ >	$#_LOCAL_ $: $1 + $2		plussed name?
c2aa98e2SPeter WemmR< > $+ < $+ >		$#_LOCAL_ $: @ $1			nope, local address',
c2aa98e2SPeter Wemm`R$=L < @ $=w . >	$#_LOCAL_ $: @ $1			special local names
c2aa98e2SPeter WemmR$+ < @ $=w . >		$#_LOCAL_ $: $1			regular local name')
c2aa98e2SPeter Wemm
06f25ae9SGregory Neil Shapiroifdef(`_MAILER_TABLE_', `dnl
c2aa98e2SPeter Wemm# not local -- try mailer table lookup
c2aa98e2SPeter WemmR$* <@ $+ > $*		$: < $2 > $1 < @ $2 > $3	extract host name
c2aa98e2SPeter WemmR< $+ . > $*		$: < $1 > $2			strip trailing dot
c2aa98e2SPeter WemmR< $+ > $*		$: < $(mailertable $1 $) > $2	lookup
06f25ae9SGregory Neil Shapirodnl it is $~[ instead of $- to avoid matches on IPv6 addresses
06f25ae9SGregory Neil ShapiroR< $~[ : $* > $* 	$>MailerToTriple < $1 : $2 > $3		check -- resolved?
06f25ae9SGregory Neil ShapiroR< $+ > $*		$: $>Mailertable <$1> $2		try domain',
c2aa98e2SPeter Wemm`dnl')
06f25ae9SGregory Neil Shapiroundivert(4)dnl UUCP rules from `MAILER(uucp)'
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemmifdef(`_NO_UUCP_', `dnl',
c2aa98e2SPeter Wemm`# resolve remotely connected UUCP links (if any)
c2aa98e2SPeter Wemmifdef(`_CLASS_V_',
06f25ae9SGregory Neil Shapiro`R$* < @ $=V . UUCP . > $*		$: $>MailerToTriple < $V > $1 <@$2.UUCP.> $3',
c2aa98e2SPeter Wemm	`dnl')
c2aa98e2SPeter Wemmifdef(`_CLASS_W_',
06f25ae9SGregory Neil Shapiro`R$* < @ $=W . UUCP . > $*		$: $>MailerToTriple < $W > $1 <@$2.UUCP.> $3',
c2aa98e2SPeter Wemm	`dnl')
c2aa98e2SPeter Wemmifdef(`_CLASS_X_',
06f25ae9SGregory Neil Shapiro`R$* < @ $=X . UUCP . > $*		$: $>MailerToTriple < $X > $1 <@$2.UUCP.> $3',
c2aa98e2SPeter Wemm	`dnl')')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# resolve fake top level domains by forwarding to other hosts
c2aa98e2SPeter Wemmifdef(`BITNET_RELAY',
06f25ae9SGregory Neil Shapiro`R$*<@$+.BITNET.>$*	$: $>MailerToTriple < $B > $1 <@$2.BITNET.> $3	user@host.BITNET',
c2aa98e2SPeter Wemm	`dnl')
c2aa98e2SPeter Wemmifdef(`DECNET_RELAY',
06f25ae9SGregory Neil Shapiro`R$*<@$+.DECNET.>$*	$: $>MailerToTriple < $C > $1 <@$2.DECNET.> $3	user@host.DECNET',
c2aa98e2SPeter Wemm	`dnl')
c2aa98e2SPeter Wemmifdef(`_MAILER_pop_',
c2aa98e2SPeter Wemm`R$+ < @ POP. >		$#pop $: $1			user@POP',
c2aa98e2SPeter Wemm	`dnl')
c2aa98e2SPeter Wemmifdef(`_MAILER_fax_',
c2aa98e2SPeter Wemm`R$+ < @ $+ .FAX. >	$#fax $@ $2 $: $1		user@host.FAX',
c2aa98e2SPeter Wemm`ifdef(`FAX_RELAY',
06f25ae9SGregory Neil Shapiro`R$*<@$+.FAX.>$*		$: $>MailerToTriple < $F > $1 <@$2.FAX.> $3	user@host.FAX',
c2aa98e2SPeter Wemm	`dnl')')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemmifdef(`UUCP_RELAY',
c2aa98e2SPeter Wemm`# forward non-local UUCP traffic to our UUCP relay
06f25ae9SGregory Neil ShapiroR$*<@$*.UUCP.>$*		$: $>MailerToTriple < $Y > $1 <@$2.UUCP.> $3	uucp mail',
c2aa98e2SPeter Wemm`ifdef(`_MAILER_uucp_',
c2aa98e2SPeter Wemm`# forward other UUCP traffic straight to UUCP
c2aa98e2SPeter WemmR$* < @ $+ .UUCP. > $*		$#_UUCP_ $@ $2 $: $1 < @ $2 .UUCP. > $3	user@host.UUCP',
c2aa98e2SPeter Wemm	`dnl')')
c2aa98e2SPeter Wemmifdef(`_MAILER_usenet_', `
c2aa98e2SPeter Wemm# addresses sent to net.group.USENET will get forwarded to a newsgroup
06f25ae9SGregory Neil ShapiroR$+ . USENET		$#usenet $@ usenet $: $1',
c2aa98e2SPeter Wemm	`dnl')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemmifdef(`_LOCAL_RULES_',
c2aa98e2SPeter Wemm`# figure out what should stay in our local mail system
c2aa98e2SPeter Wemmundivert(1)', `dnl')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# pass names that still have a host to a smarthost (if defined)
06f25ae9SGregory Neil ShapiroR$* < @ $* > $*		$: $>MailerToTriple < $S > $1 < @ $2 > $3	glue on smarthost name
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# deal with other remote names
c2aa98e2SPeter Wemmifdef(`_MAILER_smtp_',
c2aa98e2SPeter Wemm`R$* < @$* > $*		$#_SMTP_ $@ $2 $: $1 < @ $2 > $3	user@host.domain',
40266059SGregory Neil Shapiro`R$* < @$* > $*		$#error $@ 5.1.2 $: "_CODE553 Unrecognized host name " $2')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# handle locally delivered names
c2aa98e2SPeter WemmR$=L			$#_LOCAL_ $: @ $1		special local names
c2aa98e2SPeter WemmR$+			$#_LOCAL_ $: $1			regular local names
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm###########################################################################
c2aa98e2SPeter Wemm###   Ruleset 5 -- special rewriting after aliases have been expanded   ###
c2aa98e2SPeter Wemm###########################################################################
c2aa98e2SPeter Wemm
06f25ae9SGregory Neil ShapiroSLocal_localaddr
06f25ae9SGregory Neil ShapiroSlocaladdr=5
06f25ae9SGregory Neil ShapiroR$+			$: $1 $| $>"Local_localaddr" $1
40266059SGregory Neil ShapiroR$+ $| $#ok		$@ $1			no change
06f25ae9SGregory Neil ShapiroR$+ $| $#$*		$#$2
06f25ae9SGregory Neil ShapiroR$+ $| $*		$: $1
c2aa98e2SPeter Wemm
40266059SGregory Neil Shapiroifdef(`_PRESERVE_LUSER_HOST_', `dnl
40266059SGregory Neil Shapiro# Preserve rcpt_host in {Host}
40266059SGregory Neil ShapiroR$+			$: $1 $| $&h $| $&{Host}	check h and {Host}
40266059SGregory Neil ShapiroR$+ $| $|		$: $(macro {Host} $@ $) $1	no h or {Host}
40266059SGregory Neil ShapiroR$+ $| $| $+		$: $1			h not set, {Host} set
40266059SGregory Neil ShapiroR$+ $| +$* $| $*	$: $1			h is +detail, {Host} set
6a2f2ff3SGregory Neil ShapiroR$+ $| $* @ $+ $| $*	$: $(macro {Host} $@ @$3 $) $1	set {Host} to host in h
40266059SGregory Neil ShapiroR$+ $| $+ $| $*		$: $(macro {Host} $@ @$2 $) $1	set {Host} to h
40266059SGregory Neil Shapiro')dnl
40266059SGregory Neil Shapiro
40266059SGregory Neil Shapiroifdef(`_FFR_5_', `dnl
42e5d165SGregory Neil Shapiro# Preserve host in a macro
42e5d165SGregory Neil ShapiroR$+			$: $(macro {LocalAddrHost} $) $1
42e5d165SGregory Neil ShapiroR$+ @ $+		$: $(macro {LocalAddrHost} $@ @ $2 $) $1')
c2aa98e2SPeter Wemm
40266059SGregory Neil Shapiroifdef(`_PRESERVE_LOCAL_PLUS_DETAIL_', `', `dnl
42e5d165SGregory Neil Shapiro# deal with plussed users so aliases work nicely
42e5d165SGregory Neil ShapiroR$+ + *			$#_LOCAL_ $@ $&h $: $1`'ifdef(`_FFR_5_', ` $&{LocalAddrHost}')
42e5d165SGregory Neil ShapiroR$+ + $*		$#_LOCAL_ $@ + $2 $: $1 + *`'ifdef(`_FFR_5_', ` $&{LocalAddrHost}')
42e5d165SGregory Neil Shapiro')
c2aa98e2SPeter Wemm# prepend an empty "forward host" on the front
c2aa98e2SPeter WemmR$+			$: <> $1
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemmifdef(`LUSER_RELAY', `dnl
c2aa98e2SPeter Wemm# send unrecognized local users to a relay host
40266059SGregory Neil Shapiroifdef(`_PRESERVE_LOCAL_PLUS_DETAIL_', `dnl
42e5d165SGregory Neil ShapiroR< > $+ + $*		$: < ? $L > <+ $2> $(user $1 $)	look up user+
42e5d165SGregory Neil ShapiroR< > $+			$: < ? $L > < > $(user $1 $)	look up user
42e5d165SGregory Neil ShapiroR< ? $* > < $* > $+ <>	$: < > $3 $2			found; strip $L
42e5d165SGregory Neil ShapiroR< ? $* > < $* > $+	$: < $1 > $3 $2			not found', `
06f25ae9SGregory Neil ShapiroR< > $+ 		$: < $L > $(user $1 $)		look up user
40266059SGregory Neil ShapiroR< $* > $+ <>		$: < > $2			found; strip $L')
40266059SGregory Neil Shapiroifdef(`_PRESERVE_LUSER_HOST_', `dnl
40266059SGregory Neil ShapiroR< $+ > $+		$: < $1 > $2 $&{Host}')
40266059SGregory Neil Shapirodnl')
c2aa98e2SPeter Wemm
40266059SGregory Neil Shapiroifdef(`MAIL_HUB', `dnl
40266059SGregory Neil ShapiroR< > $+			$: < $H > $1			try hub', `dnl')
40266059SGregory Neil Shapiroifdef(`LOCAL_RELAY', `dnl
40266059SGregory Neil ShapiroR< > $+			$: < $R > $1			try relay', `dnl')
40266059SGregory Neil Shapiroifdef(`_PRESERVE_LOCAL_PLUS_DETAIL_', `dnl
40266059SGregory Neil ShapiroR< > $+			$@ $1', `dnl
06f25ae9SGregory Neil ShapiroR< > $+			$: < > < $1 <> $&h >		nope, restore +detail
40266059SGregory Neil Shapiroifdef(`_PRESERVE_LUSER_HOST_', `dnl
40266059SGregory Neil ShapiroR< > < $+ @ $+ <> + $* >	$: < > < $1 + $3 @ $2 >	check whether +detail')
06f25ae9SGregory Neil ShapiroR< > < $+ <> + $* >	$: < > < $1 + $2 >		check whether +detail
06f25ae9SGregory Neil ShapiroR< > < $+ <> $* >	$: < > < $1 >			else discard
c2aa98e2SPeter WemmR< > < $+ + $* > $*	   < > < $1 > + $2 $3		find the user part
42e5d165SGregory Neil ShapiroR< > < $+ > + $*	$#_LOCAL_ $@ $2 $: @ $1`'ifdef(`_FFR_5_', ` $&{LocalAddrHost}')		strip the extra +
c2aa98e2SPeter WemmR< > < $+ >		$@ $1				no +detail
2e43090eSPeter WemmR$+			$: $1 <> $&h			add +detail back in
40266059SGregory Neil Shapiroifdef(`_PRESERVE_LUSER_HOST_', `dnl
40266059SGregory Neil ShapiroR$+ @ $+ <> + $*	$: $1 + $3 @ $2			check whether +detail')
2e43090eSPeter WemmR$+ <> + $*		$: $1 + $2			check whether +detail
42e5d165SGregory Neil ShapiroR$+ <> $*		$: $1				else discard')
06f25ae9SGregory Neil ShapiroR< local : $* > $*	$: $>MailerToTriple < local : $1 > $2	no host extension
06f25ae9SGregory Neil ShapiroR< error : $* > $*	$: $>MailerToTriple < error : $1 > $2	no host extension
40266059SGregory Neil Shapiroifdef(`_PRESERVE_LUSER_HOST_', `dnl
40266059SGregory Neil Shapirodnl it is $~[ instead of $- to avoid matches on IPv6 addresses
40266059SGregory Neil ShapiroR< $~[ : $+ > $+ @ $+	$: $>MailerToTriple < $1 : $2 > $3 < @ $4 >')
40266059SGregory Neil ShapiroR< $~[ : $+ > $+	$: $>MailerToTriple < $1 : $2 > $3 < @ $2 >
40266059SGregory Neil Shapiroifdef(`_PRESERVE_LUSER_HOST_', `dnl
40266059SGregory Neil ShapiroR< $+ > $+ @ $+		$@ $>MailerToTriple < $1 > $2 < @ $3 >')
06f25ae9SGregory Neil ShapiroR< $+ > $+		$@ $>MailerToTriple < $1 > $2 < @ $1 >
c2aa98e2SPeter Wemm
06f25ae9SGregory Neil Shapiroifdef(`_MAILER_TABLE_', `dnl
40266059SGregory Neil Shapiroifdef(`_LDAP_ROUTING_', `dnl
40266059SGregory Neil Shapiro###################################################################
40266059SGregory Neil Shapiro###  Ruleset LDAPMailertable -- mailertable lookup for LDAP     ###
40266059SGregory Neil Shapirodnl input: <Domain> FullAddress
40266059SGregory Neil Shapiro###################################################################
40266059SGregory Neil Shapiro
40266059SGregory Neil ShapiroSLDAPMailertable
40266059SGregory Neil ShapiroR< $+ > $*		$: < $(mailertable $1 $) > $2		lookup
40266059SGregory Neil ShapiroR< $~[ : $* > $*	$>MailerToTriple < $1 : $2 > $3		check resolved?
40266059SGregory Neil ShapiroR< $+ > $*		$: < $1 > $>Mailertable <$1> $2		try domain
40266059SGregory Neil ShapiroR< $+ > $#$*		$#$2					found
40266059SGregory Neil ShapiroR< $+ > $*		$#_RELAY_ $@ $1 $: $2			not found, direct relay',
40266059SGregory Neil Shapiro`dnl')
40266059SGregory Neil Shapiro
c2aa98e2SPeter Wemm###################################################################
c2aa98e2SPeter Wemm###  Ruleset 90 -- try domain part of mailertable entry 	###
06f25ae9SGregory Neil Shapirodnl input: LeftPartOfDomain <RightPartOfDomain> FullAddress
c2aa98e2SPeter Wemm###################################################################
c2aa98e2SPeter Wemm
06f25ae9SGregory Neil ShapiroSMailertable=90
06f25ae9SGregory Neil Shapirodnl shift and check
06f25ae9SGregory Neil Shapirodnl %2 is not documented in cf/README
c2aa98e2SPeter WemmR$* <$- . $+ > $*	$: $1$2 < $(mailertable .$3 $@ $1$2 $@ $2 $) > $4
06f25ae9SGregory Neil Shapirodnl it is $~[ instead of $- to avoid matches on IPv6 addresses
06f25ae9SGregory Neil ShapiroR$* <$~[ : $* > $*	$>MailerToTriple < $2 : $3 > $4		check -- resolved?
06f25ae9SGregory Neil ShapiroR$* < . $+ > $* 	$@ $>Mailertable $1 . <$2> $3		no -- strip & try again
06f25ae9SGregory Neil Shapirodnl is $2 always empty?
c2aa98e2SPeter WemmR$* < $* > $*		$: < $(mailertable . $@ $1$2 $) > $3	try "."
06f25ae9SGregory Neil ShapiroR< $~[ : $* > $*	$>MailerToTriple < $1 : $2 > $3		"." found?
06f25ae9SGregory Neil Shapirodnl return full address
c2aa98e2SPeter WemmR< $* > $*		$@ $2				no mailertable match',
c2aa98e2SPeter Wemm`dnl')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm###################################################################
c2aa98e2SPeter Wemm###  Ruleset 95 -- canonify mailer:[user@]host syntax to triple	###
06f25ae9SGregory Neil Shapirodnl input: in general: <[mailer:]host> lp<@domain>rest
06f25ae9SGregory Neil Shapirodnl	<> address				-> address
06f25ae9SGregory Neil Shapirodnl	<error:d.s.n:text>			-> error
06f25ae9SGregory Neil Shapirodnl	<error:text>				-> error
06f25ae9SGregory Neil Shapirodnl	<mailer:user@host> lp<@domain>rest	-> mailer host user
06f25ae9SGregory Neil Shapirodnl	<mailer:host> address			-> mailer host address
06f25ae9SGregory Neil Shapirodnl	<localdomain> address			-> address
06f25ae9SGregory Neil Shapirodnl	<host> address				-> relay host address
c2aa98e2SPeter Wemm###################################################################
c2aa98e2SPeter Wemm
06f25ae9SGregory Neil ShapiroSMailerToTriple=95
c2aa98e2SPeter WemmR< > $*				$@ $1			strip off null relay
06f25ae9SGregory Neil ShapiroR< error : $-.$-.$- : $+ > $* 	$#error $@ $1.$2.$3 $: $4
c2aa98e2SPeter WemmR< error : $- $+ > $*		$#error $@ $(dequote $1 $) $: $2
c2aa98e2SPeter WemmR< local : $* > $*		$>CanonLocal < $1 > $2
40266059SGregory Neil Shapirodnl it is $~[ instead of $- to avoid matches on IPv6 addresses
40266059SGregory Neil ShapiroR< $~[ : $+ @ $+ > $*<$*>$*	$# $1 $@ $3 $: $2<@$3>	use literal user
40266059SGregory Neil ShapiroR< $~[ : $+ > $*		$# $1 $@ $2 $: $3	try qualified mailer
c2aa98e2SPeter WemmR< $=w > $*			$@ $2			delete local host
c2aa98e2SPeter WemmR< $+ > $*			$#_RELAY_ $@ $1 $: $2	use unqualified mailer
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm###################################################################
c2aa98e2SPeter Wemm###  Ruleset CanonLocal -- canonify local: syntax		###
06f25ae9SGregory Neil Shapirodnl input: <user> address
06f25ae9SGregory Neil Shapirodnl <x> <@host> : rest			-> Recurse rest
06f25ae9SGregory Neil Shapirodnl <x> p1 $=O p2 <@host>		-> Recurse p1 $=O p2
06f25ae9SGregory Neil Shapirodnl <> user <@host> rest		-> local user@host user
06f25ae9SGregory Neil Shapirodnl <> user				-> local user user
06f25ae9SGregory Neil Shapirodnl <user@host> lp <@domain> rest	-> <user> lp <@host> [cont]
06f25ae9SGregory Neil Shapirodnl <user> lp <@host> rest		-> local lp@host user
06f25ae9SGregory Neil Shapirodnl <user> lp				-> local lp user
c2aa98e2SPeter Wemm###################################################################
c2aa98e2SPeter Wemm
c2aa98e2SPeter WemmSCanonLocal
2e43090eSPeter Wemm# strip local host from routed addresses
06f25ae9SGregory Neil ShapiroR< $* > < @ $+ > : $+		$@ $>Recurse $3
06f25ae9SGregory Neil ShapiroR< $* > $+ $=O $+ < @ $+ >	$@ $>Recurse $2 $3 $4
2e43090eSPeter Wemm
c2aa98e2SPeter Wemm# strip trailing dot from any host name that may appear
c2aa98e2SPeter WemmR< $* > $* < @ $* . >		$: < $1 > $2 < @ $3 >
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# handle local: syntax -- use old user, either with or without host
c2aa98e2SPeter WemmR< > $* < @ $* > $*		$#_LOCAL_ $@ $1@$2 $: $1
c2aa98e2SPeter WemmR< > $+				$#_LOCAL_ $@ $1    $: $1
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# handle local:user@host syntax -- ignore host part
c2aa98e2SPeter WemmR< $+ @ $+ > $* < @ $* >	$: < $1 > $3 < @ $4 >
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# handle local:user syntax
c2aa98e2SPeter WemmR< $+ > $* <@ $* > $*		$#_LOCAL_ $@ $2@$3 $: $1
c2aa98e2SPeter WemmR< $+ > $* 			$#_LOCAL_ $@ $2    $: $1
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm###################################################################
c2aa98e2SPeter Wemm###  Ruleset 93 -- convert header names to masqueraded form	###
c2aa98e2SPeter Wemm###################################################################
c2aa98e2SPeter Wemm
06f25ae9SGregory Neil ShapiroSMasqHdr=93
c2aa98e2SPeter Wemm
06f25ae9SGregory Neil Shapiroifdef(`_GENERICS_TABLE_', `dnl
c2aa98e2SPeter Wemm# handle generics database
c2aa98e2SPeter Wemmifdef(`_GENERICS_ENTIRE_DOMAIN_',
06f25ae9SGregory Neil Shapirodnl if generics should be applied add a @ as mark
c2aa98e2SPeter Wemm`R$+ < @ $* $=G . >	$: < $1@$2$3 > $1 < @ $2$3 . > @	mark',
c2aa98e2SPeter Wemm`R$+ < @ $=G . >	$: < $1@$2 > $1 < @ $2 . > @	mark')
c2aa98e2SPeter WemmR$+ < @ *LOCAL* >	$: < $1@$j > $1 < @ *LOCAL* > @	mark
06f25ae9SGregory Neil Shapirodnl workspace: either user<@domain> or <user@domain> user <@domain> @
06f25ae9SGregory Neil Shapirodnl ignore the first case for now
06f25ae9SGregory Neil Shapirodnl if it has the mark lookup full address
40266059SGregory Neil Shapirodnl broken: %1 is full address not just detail
06f25ae9SGregory Neil ShapiroR< $+ > $+ < $* > @	$: < $(generics $1 $: @ $1 $) > $2 < $3 >
06f25ae9SGregory Neil Shapirodnl workspace: ... or <match|@user@domain> user <@domain>
06f25ae9SGregory Neil Shapirodnl no match, try user+detail@domain
06f25ae9SGregory Neil ShapiroR<@$+ + $* @ $+> $+ < @ $+ >
06f25ae9SGregory Neil Shapiro		$: < $(generics $1+*@$3 $@ $2 $:@$1 + $2@$3 $) >  $4 < @ $5 >
06f25ae9SGregory Neil ShapiroR<@$+ + $* @ $+> $+ < @ $+ >
06f25ae9SGregory Neil Shapiro		$: < $(generics $1@$3 $: $) > $4 < @ $5 >
06f25ae9SGregory Neil Shapirodnl no match, remove mark
06f25ae9SGregory Neil ShapiroR<@$+ > $+ < @ $+ >	$: < > $2 < @ $3 >
06f25ae9SGregory Neil Shapirodnl no match, try @domain for exceptions
06f25ae9SGregory Neil ShapiroR< > $+ < @ $+ . >	$: < $(generics @$2 $@ $1 $: $) > $1 < @ $2 . >
06f25ae9SGregory Neil Shapirodnl workspace: ... or <match> user <@domain>
06f25ae9SGregory Neil Shapirodnl no match, try local part
c2aa98e2SPeter WemmR< > $+ < @ $+ > 	$: < $(generics $1 $: $) > $1 < @ $2 >
06f25ae9SGregory Neil ShapiroR< > $+ + $* < @ $+ > 	$: < $(generics $1+* $@ $2 $: $) > $1 + $2 < @ $3 >
06f25ae9SGregory Neil ShapiroR< > $+ + $* < @ $+ > 	$: < $(generics $1 $: $) > $1 + $2 < @ $3 >
06f25ae9SGregory Neil ShapiroR< $* @ $* > $* < $* >	$@ $>canonify $1 @ $2		found qualified
06f25ae9SGregory Neil ShapiroR< $+ > $* < $* >	$: $>canonify $1 @ *LOCAL*	found unqualified
c2aa98e2SPeter WemmR< > $*			$: $1				not found',
c2aa98e2SPeter Wemm`dnl')
c2aa98e2SPeter Wemm
06f25ae9SGregory Neil Shapiro# do not masquerade anything in class N
06f25ae9SGregory Neil ShapiroR$* < @ $* $=N . >	$@ $1 < @ $2 $3 . >
06f25ae9SGregory Neil Shapiro
40266059SGregory Neil Shapiroifdef(`MASQUERADE_NAME', `dnl
c2aa98e2SPeter Wemm# special case the users that should be exposed
c2aa98e2SPeter WemmR$=E < @ *LOCAL* >	$@ $1 < @ $j . >		leave exposed
c2aa98e2SPeter Wemmifdef(`_MASQUERADE_ENTIRE_DOMAIN_',
c2aa98e2SPeter Wemm`R$=E < @ $* $=M . >	$@ $1 < @ $2 $3 . >',
c2aa98e2SPeter Wemm`R$=E < @ $=M . >	$@ $1 < @ $2 . >')
c2aa98e2SPeter Wemmifdef(`_LIMITED_MASQUERADE_', `dnl',
c2aa98e2SPeter Wemm`R$=E < @ $=w . >	$@ $1 < @ $2 . >')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# handle domain-specific masquerading
c2aa98e2SPeter Wemmifdef(`_MASQUERADE_ENTIRE_DOMAIN_',
c2aa98e2SPeter Wemm`R$* < @ $* $=M . > $*	$: $1 < @ $2 $3 . @ $M > $4	convert masqueraded doms',
c2aa98e2SPeter Wemm`R$* < @ $=M . > $*	$: $1 < @ $2 . @ $M > $3	convert masqueraded doms')
c2aa98e2SPeter Wemmifdef(`_LIMITED_MASQUERADE_', `dnl',
c2aa98e2SPeter Wemm`R$* < @ $=w . > $*	$: $1 < @ $2 . @ $M > $3')
c2aa98e2SPeter WemmR$* < @ *LOCAL* > $*	$: $1 < @ $j . @ $M > $2
c2aa98e2SPeter WemmR$* < @ $+ @ > $*	$: $1 < @ $2 > $3		$M is null
c2aa98e2SPeter WemmR$* < @ $+ @ $+ > $*	$: $1 < @ $3 . > $4		$M is not null
40266059SGregory Neil Shapirodnl', `dnl no masquerading
40266059SGregory Neil Shapirodnl just fix *LOCAL* leftovers
40266059SGregory Neil ShapiroR$* < @ *LOCAL* >	$@ $1 < @ $j . >')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm###################################################################
c2aa98e2SPeter Wemm###  Ruleset 94 -- convert envelope names to masqueraded form	###
c2aa98e2SPeter Wemm###################################################################
c2aa98e2SPeter Wemm
06f25ae9SGregory Neil ShapiroSMasqEnv=94
c2aa98e2SPeter Wemmifdef(`_MASQUERADE_ENVELOPE_',
06f25ae9SGregory Neil Shapiro`R$+			$@ $>MasqHdr $1',
c2aa98e2SPeter Wemm`R$* < @ *LOCAL* > $*	$: $1 < @ $j . > $2')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm###################################################################
c2aa98e2SPeter Wemm###  Ruleset 98 -- local part of ruleset zero (can be null)	###
c2aa98e2SPeter Wemm###################################################################
c2aa98e2SPeter Wemm
06f25ae9SGregory Neil ShapiroSParseLocal=98
06f25ae9SGregory Neil Shapiroundivert(3)dnl LOCAL_RULE_0
c2aa98e2SPeter Wemm
06f25ae9SGregory Neil Shapiroifdef(`_LDAP_ROUTING_', `dnl
40266059SGregory Neil Shapiro######################################################################
40266059SGregory Neil Shapiro###  LDAPExpand: Expand address using LDAP routing
40266059SGregory Neil Shapiro###
40266059SGregory Neil Shapiro###	Parameters:
40266059SGregory Neil Shapiro###		<$1> -- parsed address (user < @ domain . >) (pass through)
40266059SGregory Neil Shapiro###		<$2> -- RFC822 address (user @ domain) (used for lookup)
40266059SGregory Neil Shapiro###		<$3> -- +detail information
40266059SGregory Neil Shapiro###
40266059SGregory Neil Shapiro###	Returns:
40266059SGregory Neil Shapiro###		Mailer triplet ($#mailer $@ host $: address)
40266059SGregory Neil Shapiro###		Parsed address (user < @ domain . >)
40266059SGregory Neil Shapiro######################################################################
40266059SGregory Neil Shapiro
06f25ae9SGregory Neil ShapiroSLDAPExpand
06f25ae9SGregory Neil Shapiro# do the LDAP lookups
40266059SGregory Neil ShapiroR<$+><$+><$*>	$: <$(ldapmra $2 $: $)> <$(ldapmh $2 $: $)> <$1> <$2> <$3>
06f25ae9SGregory Neil Shapiro
605302a5SGregory Neil Shapiro# look for temporary failures (return original address, MTA will queue up)
959366dcSGregory Neil ShapiroR<$* <TMPF>> <$*> <$+> <$+> <$*>	$@ $3
959366dcSGregory Neil ShapiroR<$*> <$* <TMPF>> <$+> <$+> <$*>	$@ $3
605302a5SGregory Neil Shapiro
06f25ae9SGregory Neil Shapiro# if mailRoutingAddress and local or non-existant mailHost,
06f25ae9SGregory Neil Shapiro# return the new mailRoutingAddress
40266059SGregory Neil Shapiroifelse(_LDAP_ROUTE_DETAIL_, `_PRESERVE_', `dnl
40266059SGregory Neil ShapiroR<$+@$+> <$=w> <$+> <$+> <$*>	$@ $>Parse0 $>canonify $1 $6 @ $2
40266059SGregory Neil ShapiroR<$+@$+> <> <$+> <$+> <$*>	$@ $>Parse0 $>canonify $1 $5 @ $2')
40266059SGregory Neil ShapiroR<$+> <$=w> <$+> <$+> <$*>	$@ $>Parse0 $>canonify $1
40266059SGregory Neil ShapiroR<$+> <> <$+> <$+> <$*>		$@ $>Parse0 $>canonify $1
06f25ae9SGregory Neil Shapiro
94c01205SGregory Neil Shapiro
06f25ae9SGregory Neil Shapiro# if mailRoutingAddress and non-local mailHost,
06f25ae9SGregory Neil Shapiro# relay to mailHost with new mailRoutingAddress
40266059SGregory Neil Shapiroifelse(_LDAP_ROUTE_DETAIL_, `_PRESERVE_', `dnl
40266059SGregory Neil Shapiroifdef(`_MAILER_TABLE_', `dnl
40266059SGregory Neil Shapiro# check mailertable for host, relay from there
40266059SGregory Neil ShapiroR<$+@$+> <$+> <$+> <$+> <$*>	$>LDAPMailertable <$3> $>canonify $1 $6 @ $2',
40266059SGregory Neil Shapiro`R<$+@$+> <$+> <$+> <$+> <$*>	$#_RELAY_ $@ $3 $: $>canonify $1 $6 @ $2')')
40266059SGregory Neil Shapiroifdef(`_MAILER_TABLE_', `dnl
40266059SGregory Neil Shapiro# check mailertable for host, relay from there
40266059SGregory Neil ShapiroR<$+> <$+> <$+> <$+> <$*>	$>LDAPMailertable <$2> $>canonify $1',
40266059SGregory Neil Shapiro`R<$+> <$+> <$+> <$+> <$*>	$#_RELAY_ $@ $2 $: $>canonify $1')
06f25ae9SGregory Neil Shapiro
06f25ae9SGregory Neil Shapiro# if no mailRoutingAddress and local mailHost,
06f25ae9SGregory Neil Shapiro# return original address
40266059SGregory Neil ShapiroR<> <$=w> <$+> <$+> <$*>	$@ $2
06f25ae9SGregory Neil Shapiro
94c01205SGregory Neil Shapiro
06f25ae9SGregory Neil Shapiro# if no mailRoutingAddress and non-local mailHost,
06f25ae9SGregory Neil Shapiro# relay to mailHost with original address
40266059SGregory Neil Shapiroifdef(`_MAILER_TABLE_', `dnl
40266059SGregory Neil Shapiro# check mailertable for host, relay from there
40266059SGregory Neil ShapiroR<> <$+> <$+> <$+> <$*>		$>LDAPMailertable <$1> $2',
40266059SGregory Neil Shapiro`R<> <$+> <$+> <$+> <$*>	$#_RELAY_ $@ $1 $: $2')
06f25ae9SGregory Neil Shapiro
40266059SGregory Neil Shapiroifdef(`_LDAP_ROUTE_DETAIL_',
40266059SGregory Neil Shapiro`# if no mailRoutingAddress and no mailHost,
40266059SGregory Neil Shapiro# try without +detail
40266059SGregory Neil ShapiroR<> <> <$+> <$+ + $* @ $+> <>	$@ $>LDAPExpand <$1> <$2 @ $4> <+$3>')dnl
40266059SGregory Neil Shapiro
40266059SGregory Neil Shapiro# if still no mailRoutingAddress and no mailHost,
06f25ae9SGregory Neil Shapiro# try @domain
40266059SGregory Neil Shapiroifelse(_LDAP_ROUTE_DETAIL_, `_PRESERVE_', `dnl
40266059SGregory Neil ShapiroR<> <> <$+> <$+ + $* @ $+> <>	$@ $>LDAPExpand <$1> <@ $4> <+$3>')
40266059SGregory Neil ShapiroR<> <> <$+> <$+ @ $+> <$*>	$@ $>LDAPExpand <$1> <@ $3> <$4>
06f25ae9SGregory Neil Shapiro
06f25ae9SGregory Neil Shapiro# if no mailRoutingAddress and no mailHost and this was a domain attempt,
06f25ae9SGregory Neil Shapiroifelse(_LDAP_ROUTING_, `_MUST_EXIST_', `dnl
06f25ae9SGregory Neil Shapiro# user does not exist
40266059SGregory Neil ShapiroR<> <> <$+> <@ $+> <$*>		$: <?> < $&{addr_type} > < $1 >
40266059SGregory Neil Shapiro# only give error for envelope recipient
40266059SGregory Neil ShapiroR<?> <e r> <$+>			$#error $@ nouser $: "550 User unknown"
40266059SGregory Neil ShapiroR<?> <$*> <$+>			$@ $2',
06f25ae9SGregory Neil Shapiro`dnl
06f25ae9SGregory Neil Shapiro# return the original address
40266059SGregory Neil ShapiroR<> <> <$+> <@ $+> <$*>		$@ $1')',
06f25ae9SGregory Neil Shapiro`dnl')
06f25ae9SGregory Neil Shapiro
06f25ae9SGregory Neil Shapiroifelse(substr(confDELIVERY_MODE,0,1), `d', `errprint(`WARNING: Antispam rules not available in deferred delivery mode.
06f25ae9SGregory Neil Shapiro')')
40266059SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl', `divert(-1)')
c2aa98e2SPeter Wemm######################################################################
40266059SGregory Neil Shapiro###  D: LookUpDomain -- search for domain in access database
c2aa98e2SPeter Wemm###
c2aa98e2SPeter Wemm###	Parameters:
c2aa98e2SPeter Wemm###		<$1> -- key (domain name)
c2aa98e2SPeter Wemm###		<$2> -- default (what to return if not found in db)
06f25ae9SGregory Neil Shapirodnl			must not be empty
40266059SGregory Neil Shapiro###		<$3> -- mark (must be <(!|+) single-token>)
06f25ae9SGregory Neil Shapiro###			! does lookup only with tag
06f25ae9SGregory Neil Shapiro###			+ does lookup with and without tag
40266059SGregory Neil Shapiro###		<$4> -- passthru (additional data passed unchanged through)
06f25ae9SGregory Neil Shapirodnl returns:		<default> <passthru>
06f25ae9SGregory Neil Shapirodnl 			<result> <passthru>
c2aa98e2SPeter Wemm######################################################################
c2aa98e2SPeter Wemm
40266059SGregory Neil ShapiroSD
06f25ae9SGregory Neil Shapirodnl workspace <key> <default> <passthru> <mark>
06f25ae9SGregory Neil Shapirodnl lookup with tag (in front, no delimiter here)
40266059SGregory Neil Shapirodnl    2    3  4    5
40266059SGregory Neil ShapiroR<$*> <$+> <$- $-> <$*>		$: < $(access $4`'_TAG_DELIM_`'$1 $: ? $) > <$1> <$2> <$3 $4> <$5>
06f25ae9SGregory Neil Shapirodnl workspace <result-of-lookup|?> <key> <default> <passthru> <mark>
06f25ae9SGregory Neil Shapirodnl lookup without tag?
40266059SGregory Neil Shapirodnl   1    2      3    4
40266059SGregory Neil ShapiroR<?> <$+> <$+> <+ $-> <$*>	$: < $(access $1 $: ? $) > <$1> <$2> <+ $3> <$4>
40266059SGregory Neil Shapiroifdef(`_LOOKUPDOTDOMAIN_', `dnl omit first component: lookup .rest
40266059SGregory Neil Shapirodnl XXX apply this also to IP addresses?
40266059SGregory Neil Shapirodnl currently it works the wrong way round for [1.2.3.4]
40266059SGregory Neil Shapirodnl   1  2    3    4  5    6
40266059SGregory Neil ShapiroR<?> <$+.$+> <$+> <$- $-> <$*>	$: < $(access $5`'_TAG_DELIM_`'.$2 $: ? $) > <$1.$2> <$3> <$4 $5> <$6>
40266059SGregory Neil Shapirodnl   1  2    3      4    5
40266059SGregory Neil ShapiroR<?> <$+.$+> <$+> <+ $-> <$*>	$: < $(access .$2 $: ? $) > <$1.$2> <$3> <+ $4> <$5>', `dnl')
40266059SGregory Neil Shapiroifdef(`_ACCESS_SKIP_', `dnl
40266059SGregory Neil Shapirodnl found SKIP: return <default> and <passthru>
40266059SGregory Neil Shapirodnl      1    2    3  4    5
40266059SGregory Neil ShapiroR<SKIP> <$+> <$+> <$- $-> <$*>	$@ <$2> <$5>', `dnl')
40266059SGregory Neil Shapirodnl not found: IPv4 net (no check is done whether it is an IP number!)
40266059SGregory Neil Shapirodnl    1  2     3    4  5    6
40266059SGregory Neil ShapiroR<?> <[$+.$-]> <$+> <$- $-> <$*>	$@ $>D <[$1]> <$3> <$4 $5> <$6>
40266059SGregory Neil Shapiroifdef(`NO_NETINET6', `dnl',
40266059SGregory Neil Shapiro`dnl not found: IPv6 net
40266059SGregory Neil Shapirodnl (could be merged with previous rule if we have a class containing .:)
40266059SGregory Neil Shapirodnl    1   2     3    4  5    6
40266059SGregory Neil ShapiroR<?> <[$+::$-]> <$+> <$- $-> <$*>	$: $>D <[$1]> <$3> <$4 $5> <$6>
40266059SGregory Neil ShapiroR<?> <[$+:$-]> <$+> <$- $-> <$*>	$: $>D <[$1]> <$3> <$4 $5> <$6>')
06f25ae9SGregory Neil Shapirodnl not found, but subdomain: try again
40266059SGregory Neil Shapirodnl   1  2    3    4  5    6
40266059SGregory Neil ShapiroR<?> <$+.$+> <$+> <$- $-> <$*>	$@ $>D <$2> <$3> <$4 $5> <$6>
40266059SGregory Neil Shapiroifdef(`_FFR_LOOKUPTAG_', `dnl lookup Tag:
40266059SGregory Neil Shapirodnl   1    2      3    4
40266059SGregory Neil ShapiroR<?> <$+> <$+> <! $-> <$*>	$: < $(access $3`'_TAG_DELIM_ $: ? $) > <$1> <$2> <! $3> <$4>', `dnl')
40266059SGregory Neil Shapirodnl not found, no subdomain: return <default> and <passthru>
40266059SGregory Neil Shapirodnl   1    2    3  4    5
40266059SGregory Neil ShapiroR<?> <$+> <$+> <$- $-> <$*>	$@ <$2> <$5>
40266059SGregory Neil Shapiroifdef(`_ATMPF_', `dnl tempfail?
40266059SGregory Neil Shapirodnl            2    3    4  5    6
40266059SGregory Neil ShapiroR<$* _ATMPF_> <$+> <$+> <$- $-> <$*>	$@ <_ATMPF_> <$6>', `dnl')
40266059SGregory Neil Shapirodnl return <result of lookup> and <passthru>
40266059SGregory Neil Shapirodnl    2    3    4  5    6
40266059SGregory Neil ShapiroR<$*> <$+> <$+> <$- $-> <$*>	$@ <$1> <$6>
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm######################################################################
40266059SGregory Neil Shapiro###  A: LookUpAddress -- search for host address in access database
c2aa98e2SPeter Wemm###
c2aa98e2SPeter Wemm###	Parameters:
c2aa98e2SPeter Wemm###		<$1> -- key (dot quadded host address)
c2aa98e2SPeter Wemm###		<$2> -- default (what to return if not found in db)
06f25ae9SGregory Neil Shapirodnl			must not be empty
40266059SGregory Neil Shapiro###		<$3> -- mark (must be <(!|+) single-token>)
06f25ae9SGregory Neil Shapiro###			! does lookup only with tag
06f25ae9SGregory Neil Shapiro###			+ does lookup with and without tag
40266059SGregory Neil Shapiro###		<$4> -- passthru (additional data passed through)
06f25ae9SGregory Neil Shapirodnl	returns:	<default> <passthru>
06f25ae9SGregory Neil Shapirodnl			<result> <passthru>
c2aa98e2SPeter Wemm######################################################################
c2aa98e2SPeter Wemm
40266059SGregory Neil ShapiroSA
06f25ae9SGregory Neil Shapirodnl lookup with tag
40266059SGregory Neil Shapirodnl    2    3  4    5
40266059SGregory Neil ShapiroR<$+> <$+> <$- $-> <$*>		$: < $(access $4`'_TAG_DELIM_`'$1 $: ? $) > <$1> <$2> <$3 $4> <$5>
06f25ae9SGregory Neil Shapirodnl lookup without tag
40266059SGregory Neil Shapirodnl   1    2      3    4
40266059SGregory Neil ShapiroR<?> <$+> <$+> <+ $-> <$*>	$: < $(access $1 $: ? $) > <$1> <$2> <+ $3> <$4>
40266059SGregory Neil Shapirodnl workspace <result-of-lookup|?> <key> <default> <mark> <passthru>
40266059SGregory Neil Shapiroifdef(`_ACCESS_SKIP_', `dnl
40266059SGregory Neil Shapirodnl found SKIP: return <default> and <passthru>
40266059SGregory Neil Shapirodnl      1    2    3  4    5
40266059SGregory Neil ShapiroR<SKIP> <$+> <$+> <$- $-> <$*>	$@ <$2> <$5>', `dnl')
40266059SGregory Neil Shapiroifdef(`NO_NETINET6', `dnl',
40266059SGregory Neil Shapiro`dnl no match; IPv6: remove last part
40266059SGregory Neil Shapirodnl   1   2    3    4  5    6
40266059SGregory Neil ShapiroR<?> <$+::$-> <$+> <$- $-> <$*>		$@ $>A <$1> <$3> <$4 $5> <$6>
40266059SGregory Neil ShapiroR<?> <$+:$-> <$+> <$- $-> <$*>		$@ $>A <$1> <$3> <$4 $5> <$6>')
06f25ae9SGregory Neil Shapirodnl no match; IPv4: remove last part
40266059SGregory Neil Shapirodnl   1  2    3    4  5    6
40266059SGregory Neil ShapiroR<?> <$+.$-> <$+> <$- $-> <$*>		$@ $>A <$1> <$3> <$4 $5> <$6>
06f25ae9SGregory Neil Shapirodnl no match: return default
40266059SGregory Neil Shapirodnl   1    2    3  4    5
40266059SGregory Neil ShapiroR<?> <$+> <$+> <$- $-> <$*>	$@ <$2> <$5>
40266059SGregory Neil Shapiroifdef(`_ATMPF_', `dnl tempfail?
40266059SGregory Neil Shapirodnl            2    3    4  5    6
40266059SGregory Neil ShapiroR<$* _ATMPF_> <$+> <$+> <$- $-> <$*>	$@ <_ATMPF_> <$6>', `dnl')
06f25ae9SGregory Neil Shapirodnl match: return result
40266059SGregory Neil Shapirodnl    2    3    4  5    6
40266059SGregory Neil ShapiroR<$*> <$+> <$+> <$- $-> <$*>	$@ <$1> <$6>
40266059SGregory Neil Shapirodnl endif _ACCESS_TABLE_
40266059SGregory Neil Shapirodivert(0)
c2aa98e2SPeter Wemm######################################################################
065a643dSPeter Wemm###  CanonAddr --	Convert an address into a standard form for
065a643dSPeter Wemm###			relay checking.  Route address syntax is
065a643dSPeter Wemm###			crudely converted into a %-hack address.
065a643dSPeter Wemm###
065a643dSPeter Wemm###	Parameters:
065a643dSPeter Wemm###		$1 -- full recipient address
065a643dSPeter Wemm###
065a643dSPeter Wemm###	Returns:
065a643dSPeter Wemm###		parsed address, not in source route form
06f25ae9SGregory Neil Shapirodnl		user%host%host<@domain>
06f25ae9SGregory Neil Shapirodnl		host!user<@domain>
065a643dSPeter Wemm######################################################################
065a643dSPeter Wemm
065a643dSPeter WemmSCanonAddr
06f25ae9SGregory Neil ShapiroR$*			$: $>Parse0 $>canonify $1	make domain canonical
06f25ae9SGregory Neil Shapiroifdef(`_USE_DEPRECATED_ROUTE_ADDR_',`dnl
065a643dSPeter WemmR< @ $+ > : $* @ $*	< @ $1 > : $2 % $3	change @ to % in src route
065a643dSPeter WemmR$* < @ $+ > : $* : $*	$3 $1 < @ $2 > : $4	change to % hack.
065a643dSPeter WemmR$* < @ $+ > : $*	$3 $1 < @ $2 >
06f25ae9SGregory Neil Shapirodnl')
065a643dSPeter Wemm
065a643dSPeter Wemm######################################################################
c2aa98e2SPeter Wemm###  ParseRecipient --	Strip off hosts in $=R as well as possibly
c2aa98e2SPeter Wemm###			$* $=m or the access database.
c2aa98e2SPeter Wemm###			Check user portion for host separators.
c2aa98e2SPeter Wemm###
c2aa98e2SPeter Wemm###	Parameters:
c2aa98e2SPeter Wemm###		$1 -- full recipient address
c2aa98e2SPeter Wemm###
c2aa98e2SPeter Wemm###	Returns:
c2aa98e2SPeter Wemm###		parsed, non-local-relaying address
c2aa98e2SPeter Wemm######################################################################
c2aa98e2SPeter Wemm
c2aa98e2SPeter WemmSParseRecipient
06f25ae9SGregory Neil Shapirodnl mark and canonify address
065a643dSPeter WemmR$*				$: <?> $>CanonAddr $1
06f25ae9SGregory Neil Shapirodnl workspace: <?> localpart<@domain[.]>
c2aa98e2SPeter WemmR<?> $* < @ $* . >		<?> $1 < @ $2 >			strip trailing dots
06f25ae9SGregory Neil Shapirodnl workspace: <?> localpart<@domain>
c2aa98e2SPeter WemmR<?> $- < @ $* >		$: <?> $(dequote $1 $) < @ $2 >	dequote local part
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# if no $=O character, no host in the user portion, we are done
c2aa98e2SPeter WemmR<?> $* $=O $* < @ $* >		$: <NO> $1 $2 $3 < @ $4>
06f25ae9SGregory Neil Shapirodnl no $=O in localpart: return
c2aa98e2SPeter WemmR<?> $*				$@ $1
c2aa98e2SPeter Wemm
40266059SGregory Neil Shapirodnl workspace: <NO> localpart<@domain>, where localpart contains $=O
06f25ae9SGregory Neil Shapirodnl mark everything which has an "authorized" domain with <RELAY>
c2aa98e2SPeter Wemmifdef(`_RELAY_ENTIRE_DOMAIN_', `dnl
c2aa98e2SPeter Wemm# if we relay, check username portion for user%host so host can be checked also
c2aa98e2SPeter WemmR<NO> $* < @ $* $=m >		$: <RELAY> $1 < @ $2 $3 >', `dnl')
06f25ae9SGregory Neil Shapirodnl workspace: <(NO|RELAY)> localpart<@domain>, where localpart contains $=O
06f25ae9SGregory Neil Shapirodnl if mark is <NO> then change it to <RELAY> if domain is "authorized"
40266059SGregory Neil Shapiro
40266059SGregory Neil Shapirodnl what if access map returns something else than RELAY?
40266059SGregory Neil Shapirodnl we are only interested in RELAY entries...
40266059SGregory Neil Shapirodnl other To: entries: blacklist recipient; generic entries?
40266059SGregory Neil Shapirodnl if it is an error we probably do not want to relay anyway
c2aa98e2SPeter Wemmifdef(`_RELAY_HOSTS_ONLY_',
c2aa98e2SPeter Wemm`R<NO> $* < @ $=R >		$: <RELAY> $1 < @ $2 >
06f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl
06f25ae9SGregory Neil ShapiroR<NO> $* < @ $+ >		$: <$(access To:$2 $: NO $)> $1 < @ $2 >
065a643dSPeter WemmR<NO> $* < @ $+ >		$: <$(access $2 $: NO $)> $1 < @ $2 >',`dnl')',
c2aa98e2SPeter Wemm`R<NO> $* < @ $* $=R >		$: <RELAY> $1 < @ $2 $3 >
06f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl
40266059SGregory Neil ShapiroR<NO> $* < @ $+ >		$: $>D <$2> <NO> <+ To> <$1 < @ $2 >>
c2aa98e2SPeter WemmR<$+> <$+>			$: <$1> $2',`dnl')')
065a643dSPeter Wemm
06f25ae9SGregory Neil Shapiro
40266059SGregory Neil Shapiroifdef(`_RELAY_MX_SERVED_', `dnl
40266059SGregory Neil Shapirodnl do "we" ($=w) act as backup MX server for the destination domain?
40266059SGregory Neil ShapiroR<NO> $* < @ $+ >		$: <MX> < : $(mxserved $2 $) : > < $1 < @$2 > >
40266059SGregory Neil ShapiroR<MX> < : $* <TEMP> : > $*	$#TEMP $@ 4.7.1 $: "450 Can not check MX records for recipient host " $1
40266059SGregory Neil Shapirodnl yes: mark it as <RELAY>
40266059SGregory Neil ShapiroR<MX> < $* : $=w. : $* > < $+ >	$: <RELAY> $4
40266059SGregory Neil Shapirodnl no: put old <NO> mark back
40266059SGregory Neil ShapiroR<MX> < : $* : > < $+ >		$: <NO> $2', `dnl')
40266059SGregory Neil Shapiro
40266059SGregory Neil Shapirodnl do we relay to this recipient domain?
c2aa98e2SPeter WemmR<RELAY> $* < @ $* >		$@ $>ParseRecipient $1
40266059SGregory Neil Shapirodnl something else
40266059SGregory Neil ShapiroR<$+> $*			$@ $2
c2aa98e2SPeter Wemm
06f25ae9SGregory Neil Shapiro
c2aa98e2SPeter Wemm######################################################################
c2aa98e2SPeter Wemm###  check_relay -- check hostname/address on SMTP startup
c2aa98e2SPeter Wemm######################################################################
c2aa98e2SPeter Wemm
c2aa98e2SPeter WemmSLocal_check_relay
06f25ae9SGregory Neil ShapiroScheck`'_U_`'relay
c2aa98e2SPeter WemmR$*			$: $1 $| $>"Local_check_relay" $1
c2aa98e2SPeter WemmR$* $| $* $| $#$*	$#$3
c2aa98e2SPeter WemmR$* $| $* $| $*		$@ $>"Basic_check_relay" $1 $| $2
c2aa98e2SPeter Wemm
c2aa98e2SPeter WemmSBasic_check_relay
c2aa98e2SPeter Wemm# check for deferred delivery mode
94c01205SGregory Neil ShapiroR$*			$: < $&{deliveryMode} > $1
c2aa98e2SPeter WemmR< d > $*		$@ deferred
c2aa98e2SPeter WemmR< $* > $*		$: $2
c2aa98e2SPeter Wemm
06f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl
42e5d165SGregory Neil Shapirodnl workspace: {client_name} $| {client_addr}
40266059SGregory Neil ShapiroR$+ $| $+		$: $>D < $1 > <?> <+ Connect> < $2 >
42e5d165SGregory Neil Shapirodnl workspace: <result-of-lookup> <{client_addr}>
13bd1963SGregory Neil Shapirodnl OR $| $+ if client_name is empty
13bd1963SGregory Neil ShapiroR   $| $+		$: $>A < $1 > <?> <+ Connect> <>	empty client_name
13bd1963SGregory Neil Shapirodnl workspace: <result-of-lookup> <{client_addr}>
40266059SGregory Neil ShapiroR<?> <$+>		$: $>A < $1 > <?> <+ Connect> <>	no: another lookup
40266059SGregory Neil Shapirodnl workspace: <result-of-lookup> (<>|<{client_addr}>)
40266059SGregory Neil ShapiroR<?> <$*>		$: OK				found nothing
40266059SGregory Neil Shapirodnl workspace: <result-of-lookup> (<>|<{client_addr}>) | OK
42e5d165SGregory Neil ShapiroR<$={Accept}> <$*>	$@ $1				return value of lookup
40266059SGregory Neil ShapiroR<REJECT> <$*>		$#error ifdef(`confREJECT_MSG', `$: "confREJECT_MSG"', `$@ 5.7.1 $: "550 Access denied"')
40266059SGregory Neil ShapiroR<DISCARD> <$*>		$#discard $: discard
40266059SGregory Neil Shapiroifdef(`_FFR_QUARANTINE',
40266059SGregory Neil Shapiro`R<QUARANTINE:$+> <$*>	$#error $@ quarantine $: $1', `dnl')
06f25ae9SGregory Neil Shapirodnl error tag
42e5d165SGregory Neil ShapiroR<ERROR:$-.$-.$-:$+> <$*>	$#error $@ $1.$2.$3 $: $4
42e5d165SGregory Neil ShapiroR<ERROR:$+> <$*>		$#error $: $1
40266059SGregory Neil Shapiroifdef(`_ATMPF_', `R<$* _ATMPF_> <$*>		$#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
06f25ae9SGregory Neil Shapirodnl generic error from access map
42e5d165SGregory Neil ShapiroR<$+> <$*>		$#error $: $1', `dnl')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemmifdef(`_RBL_',`dnl
06f25ae9SGregory Neil Shapiro# DNS based IP address spam list
40266059SGregory Neil Shapirodnl workspace: ignored...
c2aa98e2SPeter WemmR$*			$: $&{client_addr}
06f25ae9SGregory Neil ShapiroR$-.$-.$-.$-		$: <?> $(host $4.$3.$2.$1._RBL_. $: OK $)
06f25ae9SGregory Neil ShapiroR<?>OK			$: OKSOFAR
94c01205SGregory Neil ShapiroR<?>$+			$#error $@ 5.7.1 $: "550 Rejected: " $&{client_addr} " listed at _RBL_"',
c2aa98e2SPeter Wemm`dnl')
06f25ae9SGregory Neil Shapiroundivert(8)
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm######################################################################
c2aa98e2SPeter Wemm###  check_mail -- check SMTP ``MAIL FROM:'' command argument
c2aa98e2SPeter Wemm######################################################################
c2aa98e2SPeter Wemm
c2aa98e2SPeter WemmSLocal_check_mail
06f25ae9SGregory Neil ShapiroScheck`'_U_`'mail
c2aa98e2SPeter WemmR$*			$: $1 $| $>"Local_check_mail" $1
c2aa98e2SPeter WemmR$* $| $#$*		$#$2
c2aa98e2SPeter WemmR$* $| $*		$@ $>"Basic_check_mail" $1
c2aa98e2SPeter Wemm
c2aa98e2SPeter WemmSBasic_check_mail
c2aa98e2SPeter Wemm# check for deferred delivery mode
94c01205SGregory Neil ShapiroR$*			$: < $&{deliveryMode} > $1
c2aa98e2SPeter WemmR< d > $*		$@ deferred
c2aa98e2SPeter WemmR< $* > $*		$: $2
c2aa98e2SPeter Wemm
06f25ae9SGregory Neil Shapiro# authenticated?
06f25ae9SGregory Neil Shapirodnl done first: we can require authentication for every mail transaction
06f25ae9SGregory Neil Shapirodnl workspace: address as given by MAIL FROM: (sender)
06f25ae9SGregory Neil ShapiroR$*			$: $1 $| $>"tls_client" $&{verify} $| MAIL
06f25ae9SGregory Neil ShapiroR$* $| $#$+		$#$2
06f25ae9SGregory Neil Shapirodnl undo damage: remove result of tls_client call
06f25ae9SGregory Neil ShapiroR$* $| $*		$: $1
06f25ae9SGregory Neil Shapiro
06f25ae9SGregory Neil Shapirodnl workspace: address as given by MAIL FROM:
06f25ae9SGregory Neil ShapiroR<>			$@ <OK>			we MUST accept <> (RFC 1123)
06f25ae9SGregory Neil Shapiroifdef(`_ACCEPT_UNQUALIFIED_SENDERS_',`dnl',`dnl
06f25ae9SGregory Neil Shapirodnl do some additional checks
06f25ae9SGregory Neil Shapirodnl no user@host
06f25ae9SGregory Neil Shapirodnl no user@localhost (if nonlocal sender)
06f25ae9SGregory Neil Shapirodnl this is a pretty simple canonification, it will not catch every case
06f25ae9SGregory Neil Shapirodnl just make sure the address has <> around it (which is required by
06f25ae9SGregory Neil Shapirodnl the RFC anyway, maybe we should complain if they are missing...)
06f25ae9SGregory Neil Shapirodnl dirty trick: if it is user@host, just add a dot: user@host. this will
06f25ae9SGregory Neil Shapirodnl not be modified by host lookups.
06f25ae9SGregory Neil ShapiroR$+			$: <?> $1
06f25ae9SGregory Neil ShapiroR<?><$+>		$: <@> <$1>
06f25ae9SGregory Neil ShapiroR<?>$+			$: <@> <$1>
06f25ae9SGregory Neil Shapirodnl workspace: <@> <address>
06f25ae9SGregory Neil Shapirodnl prepend daemon_flags
06f25ae9SGregory Neil ShapiroR$*			$: $&{daemon_flags} $| $1
06f25ae9SGregory Neil Shapirodnl workspace: ${daemon_flags} $| <@> <address>
06f25ae9SGregory Neil Shapirodnl do not allow these at all or only from local systems?
06f25ae9SGregory Neil ShapiroR$* f $* $| <@> < $* @ $- >	$: < ? $&{client_name} > < $3 @ $4 >
06f25ae9SGregory Neil Shapirodnl accept unqualified sender: change mark to avoid test
06f25ae9SGregory Neil ShapiroR$* u $* $| <@> < $* >	$: <?> < $3 >
06f25ae9SGregory Neil Shapirodnl workspace: ${daemon_flags} $| <@> <address>
06f25ae9SGregory Neil Shapirodnl        or:                    <? ${client_name} > <address>
06f25ae9SGregory Neil Shapirodnl        or:                    <?> <address>
06f25ae9SGregory Neil Shapirodnl remove daemon_flags
06f25ae9SGregory Neil ShapiroR$* $| $*		$: $2
06f25ae9SGregory Neil Shapiro# handle case of @localhost on address
06f25ae9SGregory Neil ShapiroR<@> < $* @ localhost >	$: < ? $&{client_name} > < $1 @ localhost >
06f25ae9SGregory Neil ShapiroR<@> < $* @ [127.0.0.1] >
06f25ae9SGregory Neil Shapiro			$: < ? $&{client_name} > < $1 @ [127.0.0.1] >
06f25ae9SGregory Neil ShapiroR<@> < $* @ localhost.$m >
06f25ae9SGregory Neil Shapiro			$: < ? $&{client_name} > < $1 @ localhost.$m >
06f25ae9SGregory Neil Shapiroifdef(`_NO_UUCP_', `dnl',
06f25ae9SGregory Neil Shapiro`R<@> < $* @ localhost.UUCP >
06f25ae9SGregory Neil Shapiro			$: < ? $&{client_name} > < $1 @ localhost.UUCP >')
06f25ae9SGregory Neil Shapirodnl workspace: < ? $&{client_name} > <user@localhost|host>
06f25ae9SGregory Neil Shapirodnl	or:    <@> <address>
06f25ae9SGregory Neil Shapirodnl	or:    <?> <address>	(thanks to u in ${daemon_flags})
06f25ae9SGregory Neil ShapiroR<@> $*			$: $1			no localhost as domain
06f25ae9SGregory Neil Shapirodnl workspace: < ? $&{client_name} > <user@localhost|host>
06f25ae9SGregory Neil Shapirodnl	or:    <address>
06f25ae9SGregory Neil Shapirodnl	or:    <?> <address>	(thanks to u in ${daemon_flags})
06f25ae9SGregory Neil ShapiroR<? $=w> $*		$: $2			local client: ok
40266059SGregory Neil ShapiroR<? $+> <$+>		$#error $@ 5.5.4 $: "_CODE553 Real domain name required for sender address"
06f25ae9SGregory Neil Shapirodnl remove <?> (happens only if ${client_name} == "" or u in ${daemon_flags})
06f25ae9SGregory Neil ShapiroR<?> $*			$: $1')
06f25ae9SGregory Neil Shapirodnl workspace: address (or <address>)
06f25ae9SGregory Neil ShapiroR$*			$: <?> $>CanonAddr $1		canonify sender address and mark it
06f25ae9SGregory Neil Shapirodnl workspace: <?> CanonicalAddress (i.e. address in canonical form localpart<@host>)
06f25ae9SGregory Neil Shapirodnl there is nothing behind the <@host> so no trailing $* needed
065a643dSPeter WemmR<?> $* < @ $+ . >	<?> $1 < @ $2 >			strip trailing dots
c2aa98e2SPeter Wemm# handle non-DNS hostnames (*.bitnet, *.decnet, *.uucp, etc)
959366dcSGregory Neil ShapiroR<?> $* < @ $* $=P >	$: <_RES_OK_> $1 < @ $2 $3 >
06f25ae9SGregory Neil Shapirodnl workspace <mark> CanonicalAddress	where mark is ? or OK
94c01205SGregory Neil Shapirodnl A sender address with my local host name ($j) is safe
959366dcSGregory Neil ShapiroR<?> $* < @ $j >	$: <_RES_OK_> $1 < @ $j >
c2aa98e2SPeter Wemmifdef(`_ACCEPT_UNRESOLVABLE_DOMAINS_',
40266059SGregory Neil Shapiro`R<?> $* < @ $+ >	$: <_RES_OK_> $1 < @ $2 >		... unresolvable OK',
06f25ae9SGregory Neil Shapiro`R<?> $* < @ $+ >	$: <? $(resolve $2 $: $2 <PERM> $) > $1 < @ $2 >
06f25ae9SGregory Neil ShapiroR<? $* <$->> $* < @ $+ >
06f25ae9SGregory Neil Shapiro			$: <$2> $3 < @ $4 >')
40266059SGregory Neil Shapirodnl workspace <mark> CanonicalAddress	where mark is ?, _RES_OK_, PERM, TEMP
06f25ae9SGregory Neil Shapirodnl mark is ? iff the address is user (wo @domain)
c2aa98e2SPeter Wemm
06f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl
06f25ae9SGregory Neil Shapiro# check sender address: user@address, user@, address
06f25ae9SGregory Neil Shapirodnl should we remove +ext from user?
40266059SGregory Neil Shapirodnl workspace: <mark> CanonicalAddress where mark is: ?, _RES_OK_, PERM, TEMP
40266059SGregory Neil ShapiroR<$+> $+ < @ $* >	$: @<$1> <$2 < @ $3 >> $| <F:$2@$3> <U:$2@> <D:$3>
06f25ae9SGregory Neil ShapiroR<$+> $+		$: @<$1> <$2> $| <U:$2@>
06f25ae9SGregory Neil Shapirodnl workspace: @<mark> <CanonicalAddress> $| <@type:address> ....
06f25ae9SGregory Neil Shapirodnl $| is used as delimiter, otherwise false matches may occur: <user<@domain>>
06f25ae9SGregory Neil Shapirodnl will only return user<@domain when "reversing" the args
06f25ae9SGregory Neil ShapiroR@ <$+> <$*> $| <$+>	$: <@> <$1> <$2> $| $>SearchList <+ From> $| <$3> <>
06f25ae9SGregory Neil Shapirodnl workspace: <@><mark> <CanonicalAddress> $| <result>
06f25ae9SGregory Neil ShapiroR<@> <$+> <$*> $| <$*>	$: <$3> <$1> <$2>		reverse result
06f25ae9SGregory Neil Shapirodnl workspace: <result> <mark> <CanonicalAddress>
c2aa98e2SPeter Wemm# retransform for further use
06f25ae9SGregory Neil Shapirodnl required form:
06f25ae9SGregory Neil Shapirodnl <ResultOfLookup|mark> CanonicalAddress
06f25ae9SGregory Neil ShapiroR<?> <$+> <$*>		$: <$1> $2	no match
06f25ae9SGregory Neil ShapiroR<$+> <$+> <$*>		$: <$1> $3	relevant result, keep it', `dnl')
06f25ae9SGregory Neil Shapirodnl workspace <ResultOfLookup|mark> CanonicalAddress
06f25ae9SGregory Neil Shapirodnl mark is ? iff the address is user (wo @domain)
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemmifdef(`_ACCEPT_UNQUALIFIED_SENDERS_',`dnl',`dnl
c2aa98e2SPeter Wemm# handle case of no @domain on address
06f25ae9SGregory Neil Shapirodnl prepend daemon_flags
06f25ae9SGregory Neil ShapiroR<?> $*			$: $&{daemon_flags} $| <?> $1
06f25ae9SGregory Neil Shapirodnl accept unqualified sender: change mark to avoid test
40266059SGregory Neil ShapiroR$* u $* $| <?> $*	$: <_RES_OK_> $3
06f25ae9SGregory Neil Shapirodnl remove daemon_flags
06f25ae9SGregory Neil ShapiroR$* $| $*		$: $2
13bd1963SGregory Neil ShapiroR<?> $*			$: < ? $&{client_addr} > $1
959366dcSGregory Neil ShapiroR<?> $*			$@ <_RES_OK_>			...local unqualed ok
40266059SGregory Neil ShapiroR<? $+> $*		$#error $@ 5.5.4 $: "_CODE553 Domain name required for sender address " $&f
c2aa98e2SPeter Wemm							...remote is not')
c2aa98e2SPeter Wemm# check results
06f25ae9SGregory Neil ShapiroR<?> $*			$: @ $1		mark address: nothing known about it
40266059SGregory Neil ShapiroR<$={ResOk}> $*		$@ <_RES_OK_>	domain ok: stop
06f25ae9SGregory Neil ShapiroR<TEMP> $*		$#error $@ 4.1.8 $: "451 Domain of sender address " $&f " does not resolve"
40266059SGregory Neil ShapiroR<PERM> $*		$#error $@ 5.1.8 $: "_CODE553 Domain of sender address " $&f " does not exist"
06f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl
40266059SGregory Neil ShapiroR<$={Accept}> $*	$# $1		accept from access map
c2aa98e2SPeter WemmR<DISCARD> $*		$#discard $: discard
40266059SGregory Neil Shapiroifdef(`_FFR_QUARANTINE',
40266059SGregory Neil Shapiro`R<QUARANTINE:$+> $*	$#error $@ quarantine $: $1', `dnl')
06f25ae9SGregory Neil ShapiroR<REJECT> $*		$#error ifdef(`confREJECT_MSG', `$: "confREJECT_MSG"', `$@ 5.7.1 $: "550 Access denied"')
06f25ae9SGregory Neil Shapirodnl error tag
06f25ae9SGregory Neil ShapiroR<ERROR:$-.$-.$-:$+> $*		$#error $@ $1.$2.$3 $: $4
06f25ae9SGregory Neil ShapiroR<ERROR:$+> $*		$#error $: $1
40266059SGregory Neil Shapiroifdef(`_ATMPF_', `R<_ATMPF_> $*		$#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
06f25ae9SGregory Neil Shapirodnl generic error from access map
06f25ae9SGregory Neil ShapiroR<$+> $*		$#error $: $1		error from access db',
c2aa98e2SPeter Wemm`dnl')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm######################################################################
c2aa98e2SPeter Wemm###  check_rcpt -- check SMTP ``RCPT TO:'' command argument
c2aa98e2SPeter Wemm######################################################################
c2aa98e2SPeter Wemm
c2aa98e2SPeter WemmSLocal_check_rcpt
06f25ae9SGregory Neil ShapiroScheck`'_U_`'rcpt
c2aa98e2SPeter WemmR$*			$: $1 $| $>"Local_check_rcpt" $1
c2aa98e2SPeter WemmR$* $| $#$*		$#$2
c2aa98e2SPeter WemmR$* $| $*		$@ $>"Basic_check_rcpt" $1
c2aa98e2SPeter Wemm
c2aa98e2SPeter WemmSBasic_check_rcpt
40266059SGregory Neil Shapiro# empty address?
40266059SGregory Neil ShapiroR<>			$#error $@ nouser $: "553 User address required"
40266059SGregory Neil ShapiroR$@			$#error $@ nouser $: "553 User address required"
c2aa98e2SPeter Wemm# check for deferred delivery mode
94c01205SGregory Neil ShapiroR$*			$: < $&{deliveryMode} > $1
c2aa98e2SPeter WemmR< d > $*		$@ deferred
c2aa98e2SPeter WemmR< $* > $*		$: $2
c2aa98e2SPeter Wemm
06f25ae9SGregory Neil Shapiroifdef(`_REQUIRE_QUAL_RCPT_', `dnl
40266059SGregory Neil Shapirodnl this code checks for user@host where host is not a FQHN.
40266059SGregory Neil Shapirodnl it is not activated.
40266059SGregory Neil Shapirodnl notice: code to check for a recipient without a domain name is
40266059SGregory Neil Shapirodnl available down below; look for the same macro.
40266059SGregory Neil Shapirodnl this check is done here because the name might be qualified by the
40266059SGregory Neil Shapirodnl canonicalization.
40266059SGregory Neil Shapiro# require fully qualified domain part?
40266059SGregory Neil Shapirodnl very simple canonification: make sure the address is in < >
06f25ae9SGregory Neil ShapiroR$+			$: <?> $1
06f25ae9SGregory Neil ShapiroR<?> <$+>		$: <@> <$1>
06f25ae9SGregory Neil ShapiroR<?> $+			$: <@> <$1>
40266059SGregory Neil ShapiroR<@> < postmaster >	$: postmaster
13bd1963SGregory Neil ShapiroR<@> < $* @ $+ . $+ >	$: < $1 @ $2 . $3 >
06f25ae9SGregory Neil Shapirodnl prepend daemon_flags
40266059SGregory Neil ShapiroR<@> $*			$: $&{daemon_flags} $| <@> $1
06f25ae9SGregory Neil Shapirodnl workspace: ${daemon_flags} $| <@> <address>
06f25ae9SGregory Neil Shapirodnl do not allow these at all or only from local systems?
40266059SGregory Neil ShapiroR$* r $* $| <@> < $* @ $* >	$: < ? $&{client_name} > < $3 @ $4 >
06f25ae9SGregory Neil ShapiroR<?> < $* >		$: <$1>
06f25ae9SGregory Neil ShapiroR<? $=w> < $* >		$: <$1>
40266059SGregory Neil ShapiroR<? $+> <$+>		$#error $@ 5.5.4 $: "553 Fully qualified domain name required"
06f25ae9SGregory Neil Shapirodnl remove daemon_flags for other cases
06f25ae9SGregory Neil ShapiroR$* $| <@> $*		$: $2', `dnl')
06f25ae9SGregory Neil Shapiro
40266059SGregory Neil Shapirodnl ##################################################################
40266059SGregory Neil Shapirodnl call subroutines for recipient and relay
40266059SGregory Neil Shapirodnl possible returns from subroutines:
40266059SGregory Neil Shapirodnl $#TEMP	temporary failure
40266059SGregory Neil Shapirodnl $#error	permanent failure (or temporary if from access map)
40266059SGregory Neil Shapirodnl $#other	stop processing
40266059SGregory Neil Shapirodnl RELAY	RELAYing allowed
40266059SGregory Neil Shapirodnl other	otherwise
40266059SGregory Neil Shapiro######################################################################
40266059SGregory Neil ShapiroR$*			$: $1 $| @ $>"Rcpt_ok" $1
40266059SGregory Neil Shapirodnl temporary failure? remove mark @ and remember
40266059SGregory Neil ShapiroR$* $| @ $#TEMP $+	$: $1 $| T $2
40266059SGregory Neil Shapirodnl error or ok (stop)
40266059SGregory Neil ShapiroR$* $| @ $#$*		$#$2
40266059SGregory Neil Shapiroifdef(`_PROMISCUOUS_RELAY_', `divert(-1)', `dnl')
40266059SGregory Neil ShapiroR$* $| @ RELAY		$@ RELAY
40266059SGregory Neil Shapirodnl something else: call check sender (relay)
40266059SGregory Neil ShapiroR$* $| @ $*		$: O $| $>"Relay_ok" $1
40266059SGregory Neil Shapirodnl temporary failure: call check sender (relay)
40266059SGregory Neil ShapiroR$* $| T $+		$: T $2 $| $>"Relay_ok" $1
40266059SGregory Neil Shapirodnl temporary failure? return that
40266059SGregory Neil ShapiroR$* $| $#TEMP $+	$#error $2
40266059SGregory Neil Shapirodnl error or ok (stop)
40266059SGregory Neil ShapiroR$* $| $#$*		$#$2
40266059SGregory Neil ShapiroR$* $| RELAY		$@ RELAY
40266059SGregory Neil Shapirodnl something else: return previous temp failure
40266059SGregory Neil ShapiroR T $+ $| $*		$#error $1
40266059SGregory Neil Shapiro# anything else is bogus
40266059SGregory Neil ShapiroR$*			$#error $@ 5.7.1 $: confRELAY_MSG
40266059SGregory Neil Shapirodivert(0)
40266059SGregory Neil Shapiro
40266059SGregory Neil Shapiro######################################################################
40266059SGregory Neil Shapiro### Rcpt_ok: is the recipient ok?
40266059SGregory Neil Shapirodnl input: recipient address (RCPT TO)
40266059SGregory Neil Shapirodnl output: see explanation at call
40266059SGregory Neil Shapiro######################################################################
40266059SGregory Neil ShapiroSRcpt_ok
c2aa98e2SPeter Wemmifdef(`_LOOSE_RELAY_CHECK_',`dnl
065a643dSPeter WemmR$*			$: $>CanonAddr $1
c2aa98e2SPeter WemmR$* < @ $* . >		$1 < @ $2 >			strip trailing dots',
c2aa98e2SPeter Wemm`R$*			$: $>ParseRecipient $1		strip relayable hosts')
c2aa98e2SPeter Wemm
065a643dSPeter Wemmifdef(`_BESTMX_IS_LOCAL_',`dnl
065a643dSPeter Wemmifelse(_BESTMX_IS_LOCAL_, `', `dnl
065a643dSPeter Wemm# unlimited bestmx
065a643dSPeter WemmR$* < @ $* > $*			$: $1 < @ $2 @@ $(bestmx $2 $) > $3',
065a643dSPeter Wemm`dnl
065a643dSPeter Wemm# limit bestmx to $=B
2e43090eSPeter WemmR$* < @ $* $=B > $*		$: $1 < @ $2 $3 @@ $(bestmx $2 $3 $) > $4')
40266059SGregory Neil ShapiroR$* $=O $* < @ $* @@ $=w . > $*	$@ $>"Rcpt_ok" $1 $2 $3
065a643dSPeter WemmR$* < @ $* @@ $=w . > $*	$: $1 < @ $3 > $4
065a643dSPeter WemmR$* < @ $* @@ $* > $*		$: $1 < @ $2 > $4')
065a643dSPeter Wemm
c2aa98e2SPeter Wemmifdef(`_BLACKLIST_RCPT_',`dnl
06f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl
c2aa98e2SPeter Wemm# blacklist local users or any host from receiving mail
c2aa98e2SPeter WemmR$*			$: <?> $1
06f25ae9SGregory Neil Shapirodnl user is now tagged with @ to be consistent with check_mail
06f25ae9SGregory Neil Shapirodnl and to distinguish users from hosts (com would be host, com@ would be user)
40266059SGregory Neil ShapiroR<?> $+ < @ $=w >	$: <> <$1 < @ $2 >> $| <F:$1@$2> <U:$1@> <D:$2>
40266059SGregory Neil ShapiroR<?> $+ < @ $* >	$: <> <$1 < @ $2 >> $| <F:$1@$2> <D:$2>
06f25ae9SGregory Neil ShapiroR<?> $+			$: <> <$1> $| <U:$1@>
06f25ae9SGregory Neil Shapirodnl $| is used as delimiter, otherwise false matches may occur: <user<@domain>>
06f25ae9SGregory Neil Shapirodnl will only return user<@domain when "reversing" the args
06f25ae9SGregory Neil ShapiroR<> <$*> $| <$+>	$: <@> <$1> $| $>SearchList <+ To> $| <$2> <>
06f25ae9SGregory Neil ShapiroR<@> <$*> $| <$*>	$: <$2> <$1>		reverse result
06f25ae9SGregory Neil ShapiroR<?> <$*>		$: @ $1		mark address as no match
40266059SGregory Neil Shapirodnl we may have to filter here because otherwise some RHSs
40266059SGregory Neil Shapirodnl would be interpreted as generic error messages...
40266059SGregory Neil Shapirodnl error messages should be "tagged" by prefixing them with error: !
40266059SGregory Neil Shapirodnl that would make a lot of things easier.
06f25ae9SGregory Neil ShapiroR<$={Accept}> <$*>	$: @ $2		mark address as no match
40266059SGregory Neil Shapiroifdef(`_ACCESS_SKIP_', `dnl
40266059SGregory Neil ShapiroR<SKIP> <$*>		$: @ $1		mark address as no match', `dnl')
40266059SGregory Neil Shapiroifdef(`_DELAY_COMPAT_8_10_',`dnl
40266059SGregory Neil Shapirodnl compatility with 8.11/8.10:
06f25ae9SGregory Neil Shapirodnl we have to filter these because otherwise they would be interpreted
06f25ae9SGregory Neil Shapirodnl as generic error message...
06f25ae9SGregory Neil Shapirodnl error messages should be "tagged" by prefixing them with error: !
06f25ae9SGregory Neil Shapirodnl that would make a lot of things easier.
06f25ae9SGregory Neil Shapirodnl maybe we should stop checks already here (if SPAM_xyx)?
06f25ae9SGregory Neil ShapiroR<$={SpamTag}> <$*>	$: @ $2		mark address as no match')
40266059SGregory Neil ShapiroR<REJECT> $*		$#error $@ 5.2.1 $: confRCPTREJ_MSG
06f25ae9SGregory Neil ShapiroR<DISCARD> $*		$#discard $: discard
40266059SGregory Neil Shapiroifdef(`_FFR_QUARANTINE',
40266059SGregory Neil Shapiro`R<QUARANTINE:$+> $*	$#error $@ quarantine $: $1', `dnl')
06f25ae9SGregory Neil Shapirodnl error tag
06f25ae9SGregory Neil ShapiroR<ERROR:$-.$-.$-:$+> $*		$#error $@ $1.$2.$3 $: $4
06f25ae9SGregory Neil ShapiroR<ERROR:$+> $*		$#error $: $1
40266059SGregory Neil Shapiroifdef(`_ATMPF_', `R<_ATMPF_> $*		$#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
06f25ae9SGregory Neil Shapirodnl generic error from access map
06f25ae9SGregory Neil ShapiroR<$+> $*		$#error $: $1		error from access db
06f25ae9SGregory Neil ShapiroR@ $*			$1		remove mark', `dnl')', `dnl')
c2aa98e2SPeter Wemm
40266059SGregory Neil Shapiroifdef(`_PROMISCUOUS_RELAY_', `divert(-1)', `dnl')
40266059SGregory Neil Shapiro# authenticated via TLS?
40266059SGregory Neil ShapiroR$*			$: $1 $| $>RelayTLS	client authenticated?
06f25ae9SGregory Neil ShapiroR$* $| $# $+		$# $2			error/ok?
06f25ae9SGregory Neil ShapiroR$* $| $*		$: $1			no
06f25ae9SGregory Neil Shapiro
40266059SGregory Neil ShapiroR$*			$: $1 $| $>"Local_Relay_Auth" $&{auth_type}
40266059SGregory Neil Shapirodnl workspace: localpart<@domain> $| result of Local_Relay_Auth
40266059SGregory Neil ShapiroR$* $| $# $*		$# $2
40266059SGregory Neil Shapirodnl if Local_Relay_Auth returns NO then do not check $={TrustAuthMech}
40266059SGregory Neil ShapiroR$* $| NO		$: $1
40266059SGregory Neil ShapiroR$* $| $*		$: $1 $| $&{auth_type}
40266059SGregory Neil Shapirodnl workspace: localpart<@domain> [ $| ${auth_type} ]
06f25ae9SGregory Neil Shapirodnl empty ${auth_type}?
06f25ae9SGregory Neil ShapiroR$* $|			$: $1
06f25ae9SGregory Neil Shapirodnl mechanism ${auth_type} accepted?
06f25ae9SGregory Neil Shapirodnl use $# to override further tests (delay_checks): see check_rcpt below
40266059SGregory Neil ShapiroR$* $| $={TrustAuthMech}	$# RELAY
40266059SGregory Neil Shapirodnl remove ${auth_type}
06f25ae9SGregory Neil ShapiroR$* $| $*		$: $1
193538b7SGregory Neil Shapirodnl workspace: localpart<@domain> | localpart
06f25ae9SGregory Neil Shapiroifelse(defn(`_NO_UUCP_'), `r',
193538b7SGregory Neil Shapiro`R$* ! $* < @ $* >	$: <REMOTE> $2 < @ BANG_PATH >
193538b7SGregory Neil ShapiroR$* ! $* 		$: <REMOTE> $2 < @ BANG_PATH >', `dnl')
c2aa98e2SPeter Wemm# anything terminating locally is ok
c2aa98e2SPeter Wemmifdef(`_RELAY_ENTIRE_DOMAIN_', `dnl
40266059SGregory Neil ShapiroR$+ < @ $* $=m >	$@ RELAY', `dnl')
40266059SGregory Neil ShapiroR$+ < @ $=w >		$@ RELAY
c2aa98e2SPeter Wemmifdef(`_RELAY_HOSTS_ONLY_',
40266059SGregory Neil Shapiro`R$+ < @ $=R >		$@ RELAY
06f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl
06f25ae9SGregory Neil ShapiroR$+ < @ $+ >		$: <$(access To:$2 $: ? $)> <$1 < @ $2 >>
06f25ae9SGregory Neil Shapirodnl workspace: <Result-of-lookup | ?> <localpart<@domain>>
06f25ae9SGregory Neil ShapiroR<?> <$+ < @ $+ >>	$: <$(access $2 $: ? $)> <$1 < @ $2 >>',`dnl')',
40266059SGregory Neil Shapiro`R$+ < @ $* $=R >	$@ RELAY
06f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl
40266059SGregory Neil ShapiroR$+ < @ $+ >		$: $>D <$2> <?> <+ To> <$1 < @ $2 >>',`dnl')')
06f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl
06f25ae9SGregory Neil Shapirodnl workspace: <Result-of-lookup | ?> <localpart<@domain>>
40266059SGregory Neil ShapiroR<RELAY> $*		$@ RELAY
40266059SGregory Neil Shapiroifdef(`_ATMPF_', `R<$* _ATMPF_> $*		$#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
c2aa98e2SPeter WemmR<$*> <$*>		$: $2',`dnl')
c2aa98e2SPeter Wemm
06f25ae9SGregory Neil Shapiro
c2aa98e2SPeter Wemmifdef(`_RELAY_MX_SERVED_', `dnl
c2aa98e2SPeter Wemm# allow relaying for hosts which we MX serve
06f25ae9SGregory Neil ShapiroR$+ < @ $+ >		$: < : $(mxserved $2 $) : > $1 < @ $2 >
06f25ae9SGregory Neil Shapirodnl this must not necessarily happen if the client is checked first...
40266059SGregory Neil ShapiroR< : $* <TEMP> : > $*	$#TEMP $@ 4.7.1 $: "450 Can not check MX records for recipient host " $1
40266059SGregory Neil ShapiroR<$* : $=w . : $*> $*	$@ RELAY
065a643dSPeter WemmR< : $* : > $*		$: $2',
c2aa98e2SPeter Wemm`dnl')
c2aa98e2SPeter Wemm
c2aa98e2SPeter Wemm# check for local user (i.e. unqualified address)
c2aa98e2SPeter WemmR$*			$: <?> $1
065a643dSPeter WemmR<?> $* < @ $+ >	$: <REMOTE> $1 < @ $2 >
c2aa98e2SPeter Wemm# local user is ok
06f25ae9SGregory Neil Shapirodnl is it really? the standard requires user@domain, not just user
06f25ae9SGregory Neil Shapirodnl but we should accept it anyway (maybe making it an option:
06f25ae9SGregory Neil Shapirodnl RequireFQDN ?)
06f25ae9SGregory Neil Shapirodnl postmaster must be accepted without domain (DRUMS)
06f25ae9SGregory Neil Shapiroifdef(`_REQUIRE_QUAL_RCPT_', `dnl
40266059SGregory Neil ShapiroR<?> postmaster		$@ OK
06f25ae9SGregory Neil Shapiro# require qualified recipient?
06f25ae9SGregory Neil Shapirodnl prepend daemon_flags
06f25ae9SGregory Neil ShapiroR<?> $+			$: $&{daemon_flags} $| <?> $1
06f25ae9SGregory Neil Shapirodnl workspace: ${daemon_flags} $| <?> localpart
06f25ae9SGregory Neil Shapirodnl do not allow these at all or only from local systems?
06f25ae9SGregory Neil Shapirodnl r flag? add client_name
06f25ae9SGregory Neil ShapiroR$* r $* $| <?> $+	$: < ? $&{client_name} > <?> $3
06f25ae9SGregory Neil Shapirodnl no r flag: relay to local user (only local part)
06f25ae9SGregory Neil Shapiro# no qualified recipient required
40266059SGregory Neil ShapiroR$* $| <?> $+		$@ RELAY
06f25ae9SGregory Neil Shapirodnl client_name is empty
40266059SGregory Neil ShapiroR<?> <?> $+		$@ RELAY
06f25ae9SGregory Neil Shapirodnl client_name is local
40266059SGregory Neil ShapiroR<? $=w> <?> $+		$@ RELAY
06f25ae9SGregory Neil Shapirodnl client_name is not local
06f25ae9SGregory Neil ShapiroR<? $+> $+		$#error $@ 5.5.4 $: "553 Domain name required"', `dnl
06f25ae9SGregory Neil Shapirodnl no qualified recipient required
40266059SGregory Neil ShapiroR<?> $+			$@ RELAY')
06f25ae9SGregory Neil Shapirodnl it is a remote user: remove mark and then check client
c2aa98e2SPeter WemmR<$+> $*		$: $2
06f25ae9SGregory Neil Shapirodnl currently the recipient address is not used below
c2aa98e2SPeter Wemm
40266059SGregory Neil Shapiro######################################################################
40266059SGregory Neil Shapiro### Relay_ok: is the relay/sender ok?
40266059SGregory Neil Shapirodnl input: ignored
40266059SGregory Neil Shapirodnl output: see explanation at call
40266059SGregory Neil Shapiro######################################################################
40266059SGregory Neil ShapiroSRelay_ok
c2aa98e2SPeter Wemm# anything originating locally is ok
c2aa98e2SPeter Wemm# check IP address
c2aa98e2SPeter WemmR$*			$: $&{client_addr}
40266059SGregory Neil ShapiroR$@			$@ RELAY		originated locally
40266059SGregory Neil ShapiroR0			$@ RELAY		originated locally
13bd1963SGregory Neil ShapiroR127.0.0.1		$@ RELAY		originated locally
13bd1963SGregory Neil ShapiroRIPv6:::1		$@ RELAY		originated locally
40266059SGregory Neil ShapiroR$=R $*			$@ RELAY		relayable IP address
06f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl
40266059SGregory Neil ShapiroR$*			$: $>A <$1> <?> <+ Connect> <$1>
40266059SGregory Neil ShapiroR<RELAY> $* 		$@ RELAY		relayable IP address
959366dcSGregory Neil Shapiroifdef(`_FFR_REJECT_IP_IN_CHECK_RCPT_',`dnl
959366dcSGregory Neil Shapirodnl this will cause rejections in cases like:
959366dcSGregory Neil Shapirodnl Connect:My.Host.Domain	RELAY
959366dcSGregory Neil Shapirodnl Connect:My.Net		REJECT
959366dcSGregory Neil Shapirodnl since in check_relay client_name is checked before client_addr
959366dcSGregory Neil ShapiroR<REJECT> $* 		$@ REJECT		rejected IP address')
40266059SGregory Neil Shapiroifdef(`_ATMPF_', `R<_ATMPF_> $*		$#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
c2aa98e2SPeter WemmR<$*> <$*>		$: $2', `dnl')
c2aa98e2SPeter WemmR$*			$: [ $1 ]		put brackets around it...
40266059SGregory Neil ShapiroR$=w			$@ RELAY		... and see if it is local
c2aa98e2SPeter Wemm
06f25ae9SGregory Neil Shapiroifdef(`_RELAY_DB_FROM_', `define(`_RELAY_MAIL_FROM_', `1')')dnl
06f25ae9SGregory Neil Shapiroifdef(`_RELAY_LOCAL_FROM_', `define(`_RELAY_MAIL_FROM_', `1')')dnl
06f25ae9SGregory Neil Shapiroifdef(`_RELAY_MAIL_FROM_', `dnl
06f25ae9SGregory Neil Shapirodnl input: {client_addr} or something "broken"
06f25ae9SGregory Neil Shapirodnl just throw the input away; we do not need it.
06f25ae9SGregory Neil Shapiro# check whether FROM is allowed to use system as relay
06f25ae9SGregory Neil ShapiroR$*			$: <?> $>CanonAddr $&f
40266059SGregory Neil ShapiroR<?> $+ < @ $+ . >	<?> $1 < @ $2 >		remove trailing dot
c2aa98e2SPeter Wemmifdef(`_RELAY_LOCAL_FROM_', `dnl
06f25ae9SGregory Neil Shapiro# check whether local FROM is ok
40266059SGregory Neil ShapiroR<?> $+ < @ $=w >	$@ RELAY		FROM local', `dnl')
06f25ae9SGregory Neil Shapiroifdef(`_RELAY_DB_FROM_', `dnl
605302a5SGregory Neil ShapiroR<?> $+ < @ $+ >	$: <@> $>SearchList <! From> $| <F:$1@$2> ifdef(`_RELAY_DB_FROM_DOMAIN_', ifdef(`_RELAY_HOSTS_ONLY_', `<E:$2>', `<D:$2>')) <>
40266059SGregory Neil ShapiroR<@> <RELAY>		$@ RELAY		RELAY FROM sender ok
40266059SGregory Neil Shapiroifdef(`_ATMPF_', `R<@> <_ATMPF_>		$#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
40266059SGregory Neil Shapiro', `dnl
40266059SGregory Neil Shapiroifdef(`_RELAY_DB_FROM_DOMAIN_',
40266059SGregory Neil Shapiro`errprint(`*** ERROR: _RELAY_DB_FROM_DOMAIN_ requires _RELAY_DB_FROM_
06f25ae9SGregory Neil Shapiro')',
06f25ae9SGregory Neil Shapiro`dnl')
06f25ae9SGregory Neil Shapirodnl')', `dnl')
40266059SGregory Neil Shapirodnl notice: the rulesets above do not leave a unique workspace behind.
40266059SGregory Neil Shapirodnl it does not matter in this case because the following rule ignores
40266059SGregory Neil Shapirodnl the input. otherwise these rules must "clean up" the workspace.
06f25ae9SGregory Neil Shapiro
06f25ae9SGregory Neil Shapiro# check client name: first: did it resolve?
06f25ae9SGregory Neil Shapirodnl input: ignored
06f25ae9SGregory Neil ShapiroR$*			$: < $&{client_resolve} >
40266059SGregory Neil ShapiroR<TEMP>			$#TEMP $@ 4.7.1 $: "450 Relaying temporarily denied. Cannot resolve PTR record for " $&{client_addr}
06f25ae9SGregory Neil ShapiroR<FORGED>		$#error $@ 5.7.1 $: "550 Relaying denied. IP name possibly forged " $&{client_name}
06f25ae9SGregory Neil ShapiroR<FAIL>			$#error $@ 5.7.1 $: "550 Relaying denied. IP name lookup failed " $&{client_name}
06f25ae9SGregory Neil Shapirodnl ${client_resolve} should be OK, so go ahead
40266059SGregory Neil ShapiroR$*			$: <@> $&{client_name}
06f25ae9SGregory Neil Shapirodnl should not be necessary since it has been done for client_addr already
13bd1963SGregory Neil Shapirodnl this rule actually may cause a problem if {client_name} resolves to ""
13bd1963SGregory Neil Shapirodnl however, this should not happen since the forward lookup should fail
13bd1963SGregory Neil Shapirodnl and {client_resolve} should be TEMP or FAIL.
13bd1963SGregory Neil Shapirodnl nevertheless, removing the rule doesn't hurt.
13bd1963SGregory Neil Shapirodnl R<@>			$@ RELAY
40266059SGregory Neil Shapirodnl workspace: <@> ${client_name} (not empty)
40266059SGregory Neil Shapiro# pass to name server to make hostname canonical
40266059SGregory Neil ShapiroR<@> $* $=P 		$:<?>  $1 $2
40266059SGregory Neil ShapiroR<@> $+			$:<?>  $[ $1 $]
40266059SGregory Neil Shapirodnl workspace: <?> ${client_name} (canonified)
40266059SGregory Neil ShapiroR$* .			$1			strip trailing dots
06f25ae9SGregory Neil Shapiroifdef(`_RELAY_ENTIRE_DOMAIN_', `dnl
40266059SGregory Neil ShapiroR<?> $* $=m		$@ RELAY', `dnl')
40266059SGregory Neil ShapiroR<?> $=w		$@ RELAY
06f25ae9SGregory Neil Shapiroifdef(`_RELAY_HOSTS_ONLY_',
40266059SGregory Neil Shapiro`R<?> $=R		$@ RELAY
06f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl
06f25ae9SGregory Neil ShapiroR<?> $*			$: <$(access Connect:$1 $: ? $)> <$1>
06f25ae9SGregory Neil ShapiroR<?> <$*>		$: <$(access $1 $: ? $)> <$1>',`dnl')',
40266059SGregory Neil Shapiro`R<?> $* $=R			$@ RELAY
06f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl
40266059SGregory Neil ShapiroR<?> $*			$: $>D <$1> <?> <+ Connect> <$1>',`dnl')')
06f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl
40266059SGregory Neil ShapiroR<RELAY> $*		$@ RELAY
40266059SGregory Neil Shapiroifdef(`_ATMPF_', `R<$* _ATMPF_> $*		$#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
06f25ae9SGregory Neil ShapiroR<$*> <$*>		$: $2',`dnl')
40266059SGregory Neil Shapirodnl end of _PROMISCUOUS_RELAY_
06f25ae9SGregory Neil Shapirodivert(0)
06f25ae9SGregory Neil Shapiroifdef(`_DELAY_CHECKS_',`dnl
06f25ae9SGregory Neil Shapiro# turn a canonical address in the form user<@domain>
06f25ae9SGregory Neil Shapiro# qualify unqual. addresses with $j
06f25ae9SGregory Neil Shapirodnl it might have been only user (without <@domain>)
06f25ae9SGregory Neil ShapiroSFullAddr
06f25ae9SGregory Neil ShapiroR$* <@ $+ . >		$1 <@ $2 >
06f25ae9SGregory Neil ShapiroR$* <@ $* >		$@ $1 <@ $2 >
06f25ae9SGregory Neil ShapiroR$+			$@ $1 <@ $j >
c2aa98e2SPeter Wemm
13bd1963SGregory Neil ShapiroSDelay_TLS_Client
13bd1963SGregory Neil Shapiro# authenticated?
13bd1963SGregory Neil Shapirodnl code repeated here from Basic_check_mail
13bd1963SGregory Neil Shapirodnl only called from check_rcpt in delay mode if checkrcpt returns $#
13bd1963SGregory Neil ShapiroR$*			$: $1 $| $>"tls_client" $&{verify} $| MAIL
13bd1963SGregory Neil ShapiroR$* $| $#$+		$#$2
13bd1963SGregory Neil Shapirodnl return result from checkrcpt
13bd1963SGregory Neil ShapiroR$*			$# $1
13bd1963SGregory Neil Shapiro
13bd1963SGregory Neil ShapiroSDelay_TLS_Client2
13bd1963SGregory Neil Shapiro# authenticated?
13bd1963SGregory Neil Shapirodnl code repeated here from Basic_check_mail
13bd1963SGregory Neil Shapirodnl only called from check_rcpt in delay mode if stopping due to Friend/Hater
13bd1963SGregory Neil ShapiroR$*			$: $1 $| $>"tls_client" $&{verify} $| MAIL
13bd1963SGregory Neil ShapiroR$* $| $#$+		$#$2
13bd1963SGregory Neil Shapirodnl return result from friend/hater check
13bd1963SGregory Neil ShapiroR$*			$@ $1
13bd1963SGregory Neil Shapiro
06f25ae9SGregory Neil Shapiro# call all necessary rulesets
06f25ae9SGregory Neil ShapiroScheck_rcpt
06f25ae9SGregory Neil Shapirodnl this test should be in the Basic_check_rcpt ruleset
06f25ae9SGregory Neil Shapirodnl which is the correct DSN code?
06f25ae9SGregory Neil Shapiro# R$@			$#error $@ 5.1.3 $: "553 Recipient address required"
13bd1963SGregory Neil Shapiro
06f25ae9SGregory Neil ShapiroR$+			$: $1 $| $>checkrcpt $1
06f25ae9SGregory Neil Shapirodnl now we can simply stop checks by returning "$# xyz" instead of just "ok"
13bd1963SGregory Neil Shapirodnl on error (or discard) stop now
13bd1963SGregory Neil ShapiroR$+ $| $#error $*	$#error $2
13bd1963SGregory Neil ShapiroR$+ $| $#discard $*	$#discard $2
13bd1963SGregory Neil Shapirodnl otherwise call tls_client; see above
13bd1963SGregory Neil ShapiroR$+ $| $#$*		$@ $>"Delay_TLS_Client" $2
06f25ae9SGregory Neil ShapiroR$+ $| $*		$: <?> $>FullAddr $>CanonAddr $1
06f25ae9SGregory Neil Shapiroifdef(`_SPAM_FH_',
06f25ae9SGregory Neil Shapiro`dnl lookup user@ and user@address
06f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `',
06f25ae9SGregory Neil Shapiro`errprint(`*** ERROR: FEATURE(`delay_checks', `argument') requires FEATURE(`access_db')
06f25ae9SGregory Neil Shapiro')')dnl
06f25ae9SGregory Neil Shapirodnl one of the next two rules is supposed to match
06f25ae9SGregory Neil Shapirodnl this code has been copied from BLACKLIST... etc
06f25ae9SGregory Neil Shapirodnl and simplified by omitting some < >.
40266059SGregory Neil ShapiroR<?> $+ < @ $=w >	$: <> $1 < @ $2 > $| <F: $1@$2 > <D: $2 > <U: $1@>
40266059SGregory Neil ShapiroR<?> $+ < @ $* >	$: <> $1 < @ $2 > $| <F: $1@$2 > <D: $2 >
06f25ae9SGregory Neil Shapirodnl R<?>		$@ something_is_very_wrong_here
40266059SGregory Neil Shapiro# lookup the addresses only with Spam tag
40266059SGregory Neil ShapiroR<> $* $| <$+>		$: <@> $1 $| $>SearchList <! Spam> $| <$2> <>
06f25ae9SGregory Neil ShapiroR<@> $* $| $*		$: $2 $1		reverse result
06f25ae9SGregory Neil Shapirodnl', `dnl')
06f25ae9SGregory Neil Shapiroifdef(`_SPAM_FRIEND_',
06f25ae9SGregory Neil Shapiro`# is the recipient a spam friend?
06f25ae9SGregory Neil Shapiroifdef(`_SPAM_HATER_',
13bd1963SGregory Neil Shapiro	`errprint(`*** ERROR: define either Hater or Friend -- not both.
06f25ae9SGregory Neil Shapiro')', `dnl')
13bd1963SGregory Neil ShapiroR<FRIEND> $+		$@ $>"Delay_TLS_Client2" SPAMFRIEND
06f25ae9SGregory Neil ShapiroR<$*> $+		$: $2',
06f25ae9SGregory Neil Shapiro`dnl')
06f25ae9SGregory Neil Shapiroifdef(`_SPAM_HATER_',
06f25ae9SGregory Neil Shapiro`# is the recipient no spam hater?
40266059SGregory Neil ShapiroR<HATER> $+		$: $1			spam hater: continue checks
13bd1963SGregory Neil ShapiroR<$*> $+		$@ $>"Delay_TLS_Client2" NOSPAMHATER	everyone else: stop
06f25ae9SGregory Neil Shapirodnl',`dnl')
06f25ae9SGregory Neil Shapirodnl run further checks: check_mail
06f25ae9SGregory Neil Shapirodnl should we "clean up" $&f?
40266059SGregory Neil Shapiroifdef(`_FFR_MAIL_MACRO',
40266059SGregory Neil Shapiro`R$*			$: $1 $| $>checkmail $&{mail_from}',
40266059SGregory Neil Shapiro`R$*			$: $1 $| $>checkmail <$&f>')
605302a5SGregory Neil Shapirodnl recipient (canonical format) $| result of checkmail
06f25ae9SGregory Neil ShapiroR$* $| $#$*		$#$2
06f25ae9SGregory Neil Shapirodnl run further checks: check_relay
605302a5SGregory Neil ShapiroR$* $| $*		$: $1 $| $>checkrelay $&{client_name} $| $&{client_addr}
06f25ae9SGregory Neil ShapiroR$* $| $#$*		$#$2
06f25ae9SGregory Neil ShapiroR$* $| $*		$: $1
06f25ae9SGregory Neil Shapiro', `dnl')
40266059SGregory Neil Shapiro
40266059SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl', `divert(-1)')
40266059SGregory Neil Shapiro######################################################################
40266059SGregory Neil Shapiro###  F: LookUpFull -- search for an entry in access database
40266059SGregory Neil Shapiro###
40266059SGregory Neil Shapiro###	lookup of full key (which should be an address) and
40266059SGregory Neil Shapiro###	variations if +detail exists: +* and without +detail
40266059SGregory Neil Shapiro###
40266059SGregory Neil Shapiro###	Parameters:
40266059SGregory Neil Shapiro###		<$1> -- key
40266059SGregory Neil Shapiro###		<$2> -- default (what to return if not found in db)
40266059SGregory Neil Shapirodnl			must not be empty
40266059SGregory Neil Shapiro###		<$3> -- mark (must be <(!|+) single-token>)
40266059SGregory Neil Shapiro###			! does lookup only with tag
40266059SGregory Neil Shapiro###			+ does lookup with and without tag
40266059SGregory Neil Shapiro###		<$4> -- passthru (additional data passed unchanged through)
40266059SGregory Neil Shapirodnl returns:		<default> <passthru>
40266059SGregory Neil Shapirodnl 			<result> <passthru>
40266059SGregory Neil Shapiro######################################################################
40266059SGregory Neil Shapiro
40266059SGregory Neil ShapiroSF
40266059SGregory Neil Shapirodnl workspace: <key> <def> <o tag> <thru>
40266059SGregory Neil Shapirodnl full lookup
40266059SGregory Neil Shapirodnl    2    3  4    5
40266059SGregory Neil ShapiroR<$+> <$*> <$- $-> <$*>		$: <$(access $4`'_TAG_DELIM_`'$1 $: ? $)> <$1> <$2> <$3 $4> <$5>
40266059SGregory Neil Shapirodnl no match, try without tag
40266059SGregory Neil Shapirodnl   1    2      3    4
40266059SGregory Neil ShapiroR<?> <$+> <$*> <+ $-> <$*>	$: <$(access $1 $: ? $)> <$1> <$2> <+ $3> <$4>
40266059SGregory Neil Shapirodnl no match, +detail: try +*
40266059SGregory Neil Shapirodnl   1    2    3    4    5  6    7
40266059SGregory Neil ShapiroR<?> <$+ + $* @ $+> <$*> <$- $-> <$*>
40266059SGregory Neil Shapiro			$: <$(access $6`'_TAG_DELIM_`'$1+*@$3 $: ? $)> <$1+$2@$3> <$4> <$5 $6> <$7>
40266059SGregory Neil Shapirodnl no match, +detail: try +* without tag
40266059SGregory Neil Shapirodnl   1    2    3    4      5    6
40266059SGregory Neil ShapiroR<?> <$+ + $* @ $+> <$*> <+ $-> <$*>
40266059SGregory Neil Shapiro			$: <$(access $1+*@$3 $: ? $)> <$1+$2@$3> <$4> <+ $5> <$6>
40266059SGregory Neil Shapirodnl no match, +detail: try without +detail
40266059SGregory Neil Shapirodnl   1    2    3    4    5  6    7
40266059SGregory Neil ShapiroR<?> <$+ + $* @ $+> <$*> <$- $-> <$*>
40266059SGregory Neil Shapiro			$: <$(access $6`'_TAG_DELIM_`'$1@$3 $: ? $)> <$1+$2@$3> <$4> <$5 $6> <$7>
40266059SGregory Neil Shapirodnl no match, +detail: try without +detail and without tag
40266059SGregory Neil Shapirodnl   1    2    3    4      5    6
40266059SGregory Neil ShapiroR<?> <$+ + $* @ $+> <$*> <+ $-> <$*>
40266059SGregory Neil Shapiro			$: <$(access $1@$3 $: ? $)> <$1+$2@$3> <$4> <+ $5> <$6>
40266059SGregory Neil Shapirodnl no match, return <default> <passthru>
40266059SGregory Neil Shapirodnl   1    2    3  4    5
40266059SGregory Neil ShapiroR<?> <$+> <$*> <$- $-> <$*>	$@ <$2> <$5>
40266059SGregory Neil Shapiroifdef(`_ATMPF_', `dnl tempfail?
40266059SGregory Neil Shapirodnl            2    3  4    5
40266059SGregory Neil ShapiroR<$+ _ATMPF_> <$*> <$- $-> <$*>	$@ <_ATMPF_> <$5>', `dnl')
40266059SGregory Neil Shapirodnl match, return <match> <passthru>
40266059SGregory Neil Shapirodnl    2    3  4    5
40266059SGregory Neil ShapiroR<$+> <$*> <$- $-> <$*>		$@ <$1> <$5>
40266059SGregory Neil Shapiro
40266059SGregory Neil Shapiro######################################################################
40266059SGregory Neil Shapiro###  E: LookUpExact -- search for an entry in access database
40266059SGregory Neil Shapiro###
40266059SGregory Neil Shapiro###	Parameters:
40266059SGregory Neil Shapiro###		<$1> -- key
40266059SGregory Neil Shapiro###		<$2> -- default (what to return if not found in db)
40266059SGregory Neil Shapirodnl			must not be empty
40266059SGregory Neil Shapiro###		<$3> -- mark (must be <(!|+) single-token>)
40266059SGregory Neil Shapiro###			! does lookup only with tag
40266059SGregory Neil Shapiro###			+ does lookup with and without tag
40266059SGregory Neil Shapiro###		<$4> -- passthru (additional data passed unchanged through)
40266059SGregory Neil Shapirodnl returns:		<default> <passthru>
40266059SGregory Neil Shapirodnl 			<result> <passthru>
40266059SGregory Neil Shapiro######################################################################
40266059SGregory Neil Shapiro
40266059SGregory Neil ShapiroSE
40266059SGregory Neil Shapirodnl    2    3  4    5
40266059SGregory Neil ShapiroR<$*> <$*> <$- $-> <$*>		$: <$(access $4`'_TAG_DELIM_`'$1 $: ? $)> <$1> <$2> <$3 $4> <$5>
40266059SGregory Neil Shapirodnl no match, try without tag
40266059SGregory Neil Shapirodnl   1    2      3    4
40266059SGregory Neil ShapiroR<?> <$+> <$*> <+ $-> <$*>	$: <$(access $1 $: ? $)> <$1> <$2> <+ $3> <$4>
40266059SGregory Neil Shapirodnl no match, return default passthru
40266059SGregory Neil Shapirodnl   1    2    3  4    5
40266059SGregory Neil ShapiroR<?> <$+> <$*> <$- $-> <$*>	$@ <$2> <$5>
40266059SGregory Neil Shapiroifdef(`_ATMPF_', `dnl tempfail?
40266059SGregory Neil Shapirodnl            2    3  4    5
40266059SGregory Neil ShapiroR<$+ _ATMPF_> <$*> <$- $-> <$*>	$@ <_ATMPF_> <$5>', `dnl')
40266059SGregory Neil Shapirodnl match, return <match> <passthru>
40266059SGregory Neil Shapirodnl    2    3  4    5
40266059SGregory Neil ShapiroR<$+> <$*> <$- $-> <$*>		$@ <$1> <$5>
40266059SGregory Neil Shapiro
40266059SGregory Neil Shapiro######################################################################
40266059SGregory Neil Shapiro###  U: LookUpUser -- search for an entry in access database
40266059SGregory Neil Shapiro###
40266059SGregory Neil Shapiro###	lookup of key (which should be a local part) and
40266059SGregory Neil Shapiro###	variations if +detail exists: +* and without +detail
40266059SGregory Neil Shapiro###
40266059SGregory Neil Shapiro###	Parameters:
40266059SGregory Neil Shapiro###		<$1> -- key (user@)
40266059SGregory Neil Shapiro###		<$2> -- default (what to return if not found in db)
40266059SGregory Neil Shapirodnl			must not be empty
40266059SGregory Neil Shapiro###		<$3> -- mark (must be <(!|+) single-token>)
40266059SGregory Neil Shapiro###			! does lookup only with tag
40266059SGregory Neil Shapiro###			+ does lookup with and without tag
40266059SGregory Neil Shapiro###		<$4> -- passthru (additional data passed unchanged through)
40266059SGregory Neil Shapirodnl returns:		<default> <passthru>
40266059SGregory Neil Shapirodnl 			<result> <passthru>
40266059SGregory Neil Shapiro######################################################################
40266059SGregory Neil Shapiro
40266059SGregory Neil ShapiroSU
40266059SGregory Neil Shapirodnl user lookups are always with trailing @
40266059SGregory Neil Shapirodnl    2    3  4    5
40266059SGregory Neil ShapiroR<$+> <$*> <$- $-> <$*>		$: <$(access $4`'_TAG_DELIM_`'$1 $: ? $)> <$1> <$2> <$3 $4> <$5>
40266059SGregory Neil Shapirodnl no match, try without tag
40266059SGregory Neil Shapirodnl   1    2      3    4
40266059SGregory Neil ShapiroR<?> <$+> <$*> <+ $-> <$*>	$: <$(access $1 $: ? $)> <$1> <$2> <+ $3> <$4>
40266059SGregory Neil Shapirodnl do not remove the @ from the lookup:
40266059SGregory Neil Shapirodnl it is part of the +detail@ which is omitted for the lookup
40266059SGregory Neil Shapirodnl no match, +detail: try +*
40266059SGregory Neil Shapirodnl   1    2      3    4  5    6
40266059SGregory Neil ShapiroR<?> <$+ + $* @> <$*> <$- $-> <$*>
40266059SGregory Neil Shapiro			$: <$(access $5`'_TAG_DELIM_`'$1+*@ $: ? $)> <$1+$2@> <$3> <$4 $5> <$6>
40266059SGregory Neil Shapirodnl no match, +detail: try +* without tag
40266059SGregory Neil Shapirodnl   1    2      3      4    5
40266059SGregory Neil ShapiroR<?> <$+ + $* @> <$*> <+ $-> <$*>
40266059SGregory Neil Shapiro			$: <$(access $1+*@ $: ? $)> <$1+$2@> <$3> <+ $4> <$5>
40266059SGregory Neil Shapirodnl no match, +detail: try without +detail
40266059SGregory Neil Shapirodnl   1    2      3    4  5    6
40266059SGregory Neil ShapiroR<?> <$+ + $* @> <$*> <$- $-> <$*>
40266059SGregory Neil Shapiro			$: <$(access $5`'_TAG_DELIM_`'$1@ $: ? $)> <$1+$2@> <$3> <$4 $5> <$6>
40266059SGregory Neil Shapirodnl no match, +detail: try without +detail and without tag
40266059SGregory Neil Shapirodnl   1    2      3      4    5
40266059SGregory Neil ShapiroR<?> <$+ + $* @> <$*> <+ $-> <$*>
40266059SGregory Neil Shapiro			$: <$(access $1@ $: ? $)> <$1+$2@> <$3> <+ $4> <$5>
40266059SGregory Neil Shapirodnl no match, return <default> <passthru>
40266059SGregory Neil Shapirodnl   1    2    3  4    5
40266059SGregory Neil ShapiroR<?> <$+> <$*> <$- $-> <$*>	$@ <$2> <$5>
40266059SGregory Neil Shapiroifdef(`_ATMPF_', `dnl tempfail?
40266059SGregory Neil Shapirodnl            2    3  4    5
40266059SGregory Neil ShapiroR<$+ _ATMPF_> <$*> <$- $-> <$*>	$@ <_ATMPF_> <$5>', `dnl')
40266059SGregory Neil Shapirodnl match, return <match> <passthru>
40266059SGregory Neil Shapirodnl    2    3  4    5
40266059SGregory Neil ShapiroR<$+> <$*> <$- $-> <$*>		$@ <$1> <$5>
40266059SGregory Neil Shapiro
06f25ae9SGregory Neil Shapiro######################################################################
06f25ae9SGregory Neil Shapiro###  SearchList: search a list of items in the access map
06f25ae9SGregory Neil Shapiro###	Parameters:
06f25ae9SGregory Neil Shapiro###		<exact tag> $| <mark:address> <mark:address> ... <>
06f25ae9SGregory Neil Shapirodnl	maybe we should have a @ (again) in front of the mark to
06f25ae9SGregory Neil Shapirodnl	avoid errorneous matches (with error messages?)
06f25ae9SGregory Neil Shapirodnl	if we can make sure that tag is always a single token
06f25ae9SGregory Neil Shapirodnl	then we can omit the delimiter $|, otherwise we need it
40266059SGregory Neil Shapirodnl	to avoid errorneous matchs (first rule: D: if there
06f25ae9SGregory Neil Shapirodnl	is that mark somewhere in the list, it will be taken).
06f25ae9SGregory Neil Shapirodnl	moreover, we can do some tricks to enforce lookup with
06f25ae9SGregory Neil Shapirodnl	the tag only, e.g.:
06f25ae9SGregory Neil Shapiro###	where "exact" is either "+" or "!":
06f25ae9SGregory Neil Shapiro###	<+ TAG>	lookup with and w/o tag
06f25ae9SGregory Neil Shapiro###	<! TAG>	lookup with tag
06f25ae9SGregory Neil Shapirodnl	Warning: + and ! should be in OperatorChars (otherwise there must be
06f25ae9SGregory Neil Shapirodnl		a blank between them and the tag.
06f25ae9SGregory Neil Shapiro###	possible values for "mark" are:
40266059SGregory Neil Shapiro###		D: recursive host lookup (LookUpDomain)
06f25ae9SGregory Neil Shapirodnl		A: recursive address lookup (LookUpAddress) [not yet required]
06f25ae9SGregory Neil Shapiro###		E: exact lookup, no modifications
06f25ae9SGregory Neil Shapiro###		F: full lookup, try user+ext@domain and user@domain
06f25ae9SGregory Neil Shapiro###		U: user lookup, try user+ext and user (input must have trailing @)
06f25ae9SGregory Neil Shapiro###	return: <RHS of lookup> or <?> (not found)
06f25ae9SGregory Neil Shapiro######################################################################
06f25ae9SGregory Neil Shapiro
06f25ae9SGregory Neil Shapiro# class with valid marks for SearchList
06f25ae9SGregory Neil Shapirodnl if A is activated: add it
40266059SGregory Neil ShapiroC{src}E F D U ifdef(`_FFR_SRCHLIST_A', `A')
06f25ae9SGregory Neil ShapiroSSearchList
40266059SGregory Neil Shapiro# just call the ruleset with the name of the tag... nice trick...
40266059SGregory Neil Shapirodnl       2       3    4
40266059SGregory Neil ShapiroR<$+> $| <$={src}:$*> <$*>	$: <$1> $| <$4> $| $>$2 <$3> <?> <$1> <>
40266059SGregory Neil Shapirodnl workspace: <o tag> $| <rest> $| <result of lookup> <>
40266059SGregory Neil Shapirodnl no match and nothing left: return
40266059SGregory Neil ShapiroR<$+> $| <> $| <?> <>		$@ <?>
40266059SGregory Neil Shapirodnl no match but something left: continue
40266059SGregory Neil ShapiroR<$+> $| <$+> $| <?> <>		$@ $>SearchList <$1> $| <$2>
40266059SGregory Neil Shapirodnl match: return
40266059SGregory Neil ShapiroR<$+> $| <$*> $| <$+> <>	$@ <$3>
06f25ae9SGregory Neil Shapirodnl return result from recursive invocation
40266059SGregory Neil ShapiroR<$+> $| <$+>			$@ <$2>
40266059SGregory Neil Shapirodnl endif _ACCESS_TABLE_
40266059SGregory Neil Shapirodivert(0)
06f25ae9SGregory Neil Shapiro
40266059SGregory Neil Shapiro######################################################################
40266059SGregory Neil Shapiro###  trust_auth: is user trusted to authenticate as someone else?
40266059SGregory Neil Shapiro###
40266059SGregory Neil Shapiro###	Parameters:
40266059SGregory Neil Shapiro###		$1: AUTH= parameter from MAIL command
40266059SGregory Neil Shapiro######################################################################
40266059SGregory Neil Shapiro
40266059SGregory Neil Shapirodnl empty ruleset definition so it can be called
40266059SGregory Neil ShapiroSLocal_trust_auth
06f25ae9SGregory Neil ShapiroStrust_auth
06f25ae9SGregory Neil ShapiroR$*			$: $&{auth_type} $| $1
06f25ae9SGregory Neil Shapiro# required by RFC 2554 section 4.
06f25ae9SGregory Neil ShapiroR$@ $| $*		$#error $@ 5.7.1 $: "550 not authenticated"
06f25ae9SGregory Neil Shapirodnl seems to be useful...
06f25ae9SGregory Neil ShapiroR$* $| $&{auth_authen}		$@ identical
06f25ae9SGregory Neil ShapiroR$* $| <$&{auth_authen}>	$@ identical
06f25ae9SGregory Neil Shapirodnl call user supplied code
06f25ae9SGregory Neil ShapiroR$* $| $*		$: $1 $| $>"Local_trust_auth" $1
06f25ae9SGregory Neil ShapiroR$* $| $#$*		$#$2
06f25ae9SGregory Neil Shapirodnl default: error
06f25ae9SGregory Neil ShapiroR$*			$#error $@ 5.7.1 $: "550 " $&{auth_authen} " not allowed to act as " $&{auth_author}
06f25ae9SGregory Neil Shapiro
40266059SGregory Neil Shapiro######################################################################
40266059SGregory Neil Shapiro###  Relay_Auth: allow relaying based on authentication?
40266059SGregory Neil Shapiro###
40266059SGregory Neil Shapiro###	Parameters:
40266059SGregory Neil Shapiro###		$1: ${auth_type}
40266059SGregory Neil Shapiro######################################################################
40266059SGregory Neil ShapiroSLocal_Relay_Auth
06f25ae9SGregory Neil Shapiro
40266059SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl
40266059SGregory Neil Shapiro######################################################################
40266059SGregory Neil Shapiro###  srv_features: which features to offer to a client?
40266059SGregory Neil Shapiro###	(done in server)
40266059SGregory Neil Shapiro######################################################################
40266059SGregory Neil ShapiroSsrv_features
40266059SGregory Neil Shapiroifdef(`_LOCAL_SRV_FEATURES_', `dnl
40266059SGregory Neil ShapiroR$*			$: $1 $| $>"Local_srv_features" $1
40266059SGregory Neil ShapiroR$* $| $#$*		$#$2
40266059SGregory Neil ShapiroR$* $| $*		$: $1', `dnl')
40266059SGregory Neil ShapiroR$*		$: $>D <$&{client_name}> <?> <! SRV_FEAT_TAG> <>
40266059SGregory Neil ShapiroR<?>$*		$: $>A <$&{client_addr}> <?> <! SRV_FEAT_TAG> <>
40266059SGregory Neil ShapiroR<?>$*		$: <$(access SRV_FEAT_TAG`'_TAG_DELIM_ $: ? $)>
06f25ae9SGregory Neil ShapiroR<?>$*		$@ OK
40266059SGregory Neil Shapiroifdef(`_ATMPF_', `dnl tempfail?
40266059SGregory Neil ShapiroR<$* _ATMPF_>$*	$#temp', `dnl')
40266059SGregory Neil ShapiroR<$+>$*		$# $1
06f25ae9SGregory Neil Shapiro
40266059SGregory Neil Shapiro######################################################################
40266059SGregory Neil Shapiro###  try_tls: try to use STARTTLS?
40266059SGregory Neil Shapiro###	(done in client)
40266059SGregory Neil Shapiro######################################################################
06f25ae9SGregory Neil ShapiroStry_tls
40266059SGregory Neil Shapiroifdef(`_LOCAL_TRY_TLS_', `dnl
40266059SGregory Neil ShapiroR$*			$: $1 $| $>"Local_try_tls" $1
40266059SGregory Neil ShapiroR$* $| $#$*		$#$2
40266059SGregory Neil ShapiroR$* $| $*		$: $1', `dnl')
40266059SGregory Neil ShapiroR$*		$: $>D <$&{server_name}> <?> <! TLS_TRY_TAG> <>
40266059SGregory Neil ShapiroR<?>$*		$: $>A <$&{server_addr}> <?> <! TLS_TRY_TAG> <>
40266059SGregory Neil ShapiroR<?>$*		$: <$(access TLS_TRY_TAG`'_TAG_DELIM_ $: ? $)>
06f25ae9SGregory Neil ShapiroR<?>$*		$@ OK
40266059SGregory Neil Shapiroifdef(`_ATMPF_', `dnl tempfail?
40266059SGregory Neil ShapiroR<$* _ATMPF_>$*	$#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
193538b7SGregory Neil ShapiroR<NO>$*		$#error $@ 5.7.1 $: "550 do not try TLS with " $&{server_name} " ["$&{server_addr}"]"
06f25ae9SGregory Neil Shapiro
40266059SGregory Neil Shapiro######################################################################
40266059SGregory Neil Shapiro###  tls_rcpt: is connection with server "good" enough?
40266059SGregory Neil Shapiro###	(done in client, per recipient)
40266059SGregory Neil Shapirodnl called from deliver() before RCPT command
40266059SGregory Neil Shapiro###
40266059SGregory Neil Shapiro###	Parameters:
40266059SGregory Neil Shapiro###		$1: recipient
40266059SGregory Neil Shapiro######################################################################
40266059SGregory Neil ShapiroStls_rcpt
40266059SGregory Neil Shapiroifdef(`_LOCAL_TLS_RCPT_', `dnl
40266059SGregory Neil ShapiroR$*			$: $1 $| $>"Local_tls_rcpt" $1
40266059SGregory Neil ShapiroR$* $| $#$*		$#$2
40266059SGregory Neil ShapiroR$* $| $*		$: $1', `dnl')
40266059SGregory Neil Shapirodnl store name of other side
40266059SGregory Neil ShapiroR$*			$: $(macro {TLS_Name} $@ $&{server_name} $) $1
40266059SGregory Neil Shapirodnl canonify recipient address
40266059SGregory Neil ShapiroR$+			$: <?> $>CanonAddr $1
40266059SGregory Neil Shapirodnl strip trailing dots
40266059SGregory Neil ShapiroR<?> $+ < @ $+ . >	<?> $1 <@ $2 >
40266059SGregory Neil Shapirodnl full address?
40266059SGregory Neil ShapiroR<?> $+ < @ $+ >	$: $1 <@ $2 > $| <F:$1@$2> <U:$1@> <D:$2> <E:>
40266059SGregory Neil Shapirodnl only localpart?
40266059SGregory Neil ShapiroR<?> $+			$: $1 $| <U:$1@> <E:>
40266059SGregory Neil Shapirodnl look it up
40266059SGregory Neil Shapirodnl also look up a default value via E:
40266059SGregory Neil ShapiroR$* $| $+	$: $1 $| $>SearchList <! TLS_RCPT_TAG> $| $2 <>
40266059SGregory Neil Shapirodnl found nothing: stop here
40266059SGregory Neil ShapiroR$* $| <?>	$@ OK
40266059SGregory Neil Shapiroifdef(`_ATMPF_', `dnl tempfail?
40266059SGregory Neil ShapiroR$* $| <$* _ATMPF_>	$#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
40266059SGregory Neil Shapirodnl use the generic routine (for now)
40266059SGregory Neil ShapiroR$* $| <$+>	$@ $>"TLS_connection" $&{verify} $| <$2>')
40266059SGregory Neil Shapiro
40266059SGregory Neil Shapiro######################################################################
40266059SGregory Neil Shapiro###  tls_client: is connection with client "good" enough?
40266059SGregory Neil Shapiro###	(done in server)
40266059SGregory Neil Shapiro###
40266059SGregory Neil Shapiro###	Parameters:
40266059SGregory Neil Shapiro###		${verify} $| (MAIL|STARTTLS)
40266059SGregory Neil Shapiro######################################################################
06f25ae9SGregory Neil Shapirodnl MAIL: called from check_mail
06f25ae9SGregory Neil Shapirodnl STARTTLS: called from smtp() after STARTTLS has been accepted
06f25ae9SGregory Neil ShapiroStls_client
40266059SGregory Neil Shapiroifdef(`_LOCAL_TLS_CLIENT_', `dnl
40266059SGregory Neil ShapiroR$*			$: $1 $| $>"Local_tls_client" $1
40266059SGregory Neil ShapiroR$* $| $#$*		$#$2
40266059SGregory Neil ShapiroR$* $| $*		$: $1', `dnl')
06f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl
40266059SGregory Neil Shapirodnl store name of other side
40266059SGregory Neil ShapiroR$*		$: $(macro {TLS_Name} $@ $&{server_name} $) $1
06f25ae9SGregory Neil Shapirodnl ignore second arg for now
06f25ae9SGregory Neil Shapirodnl maybe use it to distinguish permanent/temporary error?
06f25ae9SGregory Neil Shapirodnl if MAIL: permanent (STARTTLS has not been offered)
06f25ae9SGregory Neil Shapirodnl if STARTTLS: temporary (offered but maybe failed)
40266059SGregory Neil ShapiroR$* $| $*	$: $1 $| $>D <$&{client_name}> <?> <! TLS_CLT_TAG> <>
40266059SGregory Neil ShapiroR$* $| <?>$*	$: $1 $| $>A <$&{client_addr}> <?> <! TLS_CLT_TAG> <>
06f25ae9SGregory Neil Shapirodnl do a default lookup: just TLS_CLT_TAG
06f25ae9SGregory Neil ShapiroR$* $| <?>$*	$: $1 $| <$(access TLS_CLT_TAG`'_TAG_DELIM_ $: ? $)>
40266059SGregory Neil Shapiroifdef(`_ATMPF_', `dnl tempfail?
40266059SGregory Neil ShapiroR$* $| <$* _ATMPF_>	$#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
40266059SGregory Neil ShapiroR$*		$@ $>"TLS_connection" $1', `dnl
40266059SGregory Neil ShapiroR$* $| $*	$@ $>"TLS_connection" $1')
06f25ae9SGregory Neil Shapiro
40266059SGregory Neil Shapiro######################################################################
40266059SGregory Neil Shapiro###  tls_server: is connection with server "good" enough?
40266059SGregory Neil Shapiro###	(done in client)
40266059SGregory Neil Shapiro###
40266059SGregory Neil Shapiro###	Parameter:
40266059SGregory Neil Shapiro###		${verify}
40266059SGregory Neil Shapiro######################################################################
06f25ae9SGregory Neil Shapirodnl i.e. has the server been authenticated and is encryption active?
06f25ae9SGregory Neil Shapirodnl called from deliver() after STARTTLS command
06f25ae9SGregory Neil ShapiroStls_server
40266059SGregory Neil Shapiroifdef(`_LOCAL_TLS_SERVER_', `dnl
40266059SGregory Neil ShapiroR$*			$: $1 $| $>"Local_tls_server" $1
40266059SGregory Neil ShapiroR$* $| $#$*		$#$2
40266059SGregory Neil ShapiroR$* $| $*		$: $1', `dnl')
06f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl
40266059SGregory Neil Shapirodnl store name of other side
40266059SGregory Neil ShapiroR$*		$: $(macro {TLS_Name} $@ $&{server_name} $) $1
40266059SGregory Neil ShapiroR$*		$: $1 $| $>D <$&{server_name}> <?> <! TLS_SRV_TAG> <>
40266059SGregory Neil ShapiroR$* $| <?>$*	$: $1 $| $>A <$&{server_addr}> <?> <! TLS_SRV_TAG> <>
06f25ae9SGregory Neil Shapirodnl do a default lookup: just TLS_SRV_TAG
06f25ae9SGregory Neil ShapiroR$* $| <?>$*	$: $1 $| <$(access TLS_SRV_TAG`'_TAG_DELIM_ $: ? $)>
40266059SGregory Neil Shapiroifdef(`_ATMPF_', `dnl tempfail?
40266059SGregory Neil ShapiroR$* $| <$* _ATMPF_>	$#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
40266059SGregory Neil ShapiroR$*		$@ $>"TLS_connection" $1', `dnl
40266059SGregory Neil ShapiroR$*		$@ $>"TLS_connection" $1')
06f25ae9SGregory Neil Shapiro
40266059SGregory Neil Shapiro######################################################################
40266059SGregory Neil Shapiro###  TLS_connection: is TLS connection "good" enough?
40266059SGregory Neil Shapiro###
40266059SGregory Neil Shapiro###	Parameters:
06f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl
40266059SGregory Neil Shapiro###		${verify} $| <Requirement> [<>]', `dnl
40266059SGregory Neil Shapiro###		${verify}')
40266059SGregory Neil Shapiro###		Requirement: RHS from access map, may be ? for none.
40266059SGregory Neil Shapirodnl	syntax for Requirement:
40266059SGregory Neil Shapirodnl	[(PERM|TEMP)+] (VERIFY[:bits]|ENCR:bits) [+extensions]
40266059SGregory Neil Shapirodnl	extensions: could be a list of further requirements
40266059SGregory Neil Shapirodnl		for now: CN:string	{cn_subject} == string
40266059SGregory Neil Shapiro######################################################################
40266059SGregory Neil ShapiroSTLS_connection
40266059SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl', `dnl use default error
40266059SGregory Neil Shapirodnl deal with TLS handshake failures: abort
40266059SGregory Neil ShapiroRSOFTWARE	$#error $@ ifdef(`TLS_PERM_ERR', `5.7.0', `4.7.0') $: "ifdef(`TLS_PERM_ERR', `503', `403') TLS handshake."
40266059SGregory Neil Shapirodivert(-1)')
06f25ae9SGregory Neil Shapirodnl common ruleset for tls_{client|server}
40266059SGregory Neil Shapirodnl input: ${verify} $| <ResultOfLookup> [<>]
06f25ae9SGregory Neil Shapirodnl remove optional <>
06f25ae9SGregory Neil ShapiroR$* $| <$*>$*			$: $1 $| <$2>
40266059SGregory Neil Shapirodnl workspace: ${verify} $| <ResultOfLookup>
40266059SGregory Neil Shapiro# create the appropriate error codes
06f25ae9SGregory Neil Shapirodnl permanent or temporary error?
06f25ae9SGregory Neil ShapiroR$* $| <PERM + $={tls} $*>	$: $1 $| <503:5.7.0> <$2 $3>
06f25ae9SGregory Neil ShapiroR$* $| <TEMP + $={tls} $*>	$: $1 $| <403:4.7.0> <$2 $3>
06f25ae9SGregory Neil Shapirodnl default case depends on TLS_PERM_ERR
06f25ae9SGregory Neil ShapiroR$* $| <$={tls} $*>		$: $1 $| <ifdef(`TLS_PERM_ERR', `503:5.7.0', `403:4.7.0')> <$2 $3>
40266059SGregory Neil Shapirodnl workspace: ${verify} $| [<SMTP:ESC>] <ResultOfLookup>
40266059SGregory Neil Shapiro# deal with TLS handshake failures: abort
06f25ae9SGregory Neil ShapiroRSOFTWARE $| <$-:$+> $* 	$#error $@ $2 $: $1 " TLS handshake failed."
06f25ae9SGregory Neil Shapirodnl no <reply:dns> i.e. not requirements in the access map
06f25ae9SGregory Neil Shapirodnl use default error
06f25ae9SGregory Neil ShapiroRSOFTWARE $| $* 		$#error $@ ifdef(`TLS_PERM_ERR', `5.7.0', `4.7.0') $: "ifdef(`TLS_PERM_ERR', `503', `403') TLS handshake failed."
40266059SGregory Neil ShapiroR$* $| <$*> <VERIFY>		$: <$2> <VERIFY> <> $1
40266059SGregory Neil Shapirodnl separate optional requirements
40266059SGregory Neil ShapiroR$* $| <$*> <VERIFY + $+>	$: <$2> <VERIFY> <$3> $1
40266059SGregory Neil ShapiroR$* $| <$*> <$={tls}:$->$*	$: <$2> <$3:$4> <> $1
40266059SGregory Neil Shapirodnl separate optional requirements
40266059SGregory Neil ShapiroR$* $| <$*> <$={tls}:$- + $+>$*	$: <$2> <$3:$4> <$5> $1
06f25ae9SGregory Neil Shapirodnl some other value in access map: accept
06f25ae9SGregory Neil Shapirodnl this also allows to override the default case (if used)
06f25ae9SGregory Neil ShapiroR$* $| $*			$@ OK
06f25ae9SGregory Neil Shapiro# authentication required: give appropriate error
06f25ae9SGregory Neil Shapiro# other side did authenticate (via STARTTLS)
40266059SGregory Neil Shapirodnl workspace: <SMTP:ESC> <{VERIFY,ENCR}[:BITS]> <[extensions]> ${verify}
06f25ae9SGregory Neil Shapirodnl only verification required and it succeeded
40266059SGregory Neil ShapiroR<$*><VERIFY> <> OK		$@ OK
40266059SGregory Neil Shapirodnl verification required and it succeeded but extensions are given
40266059SGregory Neil Shapirodnl change it to <SMTP:ESC> <REQ:0>  <extensions>
40266059SGregory Neil ShapiroR<$*><VERIFY> <$+> OK		$: <$1> <REQ:0> <$2>
06f25ae9SGregory Neil Shapirodnl verification required + some level of encryption
40266059SGregory Neil ShapiroR<$*><VERIFY:$-> <$*> OK	$: <$1> <REQ:$2> <$3>
06f25ae9SGregory Neil Shapirodnl just some level of encryption required
40266059SGregory Neil ShapiroR<$*><ENCR:$-> <$*> $*		$: <$1> <REQ:$2> <$3>
40266059SGregory Neil Shapirodnl workspace:
40266059SGregory Neil Shapirodnl 1. <SMTP:ESC> <VERIFY [:bits]>  <[extensions]> {verify} (!= OK)
40266059SGregory Neil Shapirodnl 2. <SMTP:ESC> <REQ:bits>  <[extensions]>
40266059SGregory Neil Shapirodnl verification required but ${verify} is not set (case 1.)
40266059SGregory Neil ShapiroR<$-:$+><VERIFY $*> <$*>	$#error $@ $2 $: $1 " authentication required"
40266059SGregory Neil ShapiroR<$-:$+><VERIFY $*> <$*> FAIL	$#error $@ $2 $: $1 " authentication failed"
40266059SGregory Neil ShapiroR<$-:$+><VERIFY $*> <$*> NO	$#error $@ $2 $: $1 " not authenticated"
40266059SGregory Neil ShapiroR<$-:$+><VERIFY $*> <$*> NOT	$#error $@ $2 $: $1 " no authentication requested"
40266059SGregory Neil ShapiroR<$-:$+><VERIFY $*> <$*> NONE	$#error $@ $2 $: $1 " other side does not support STARTTLS"
06f25ae9SGregory Neil Shapirodnl some other value for ${verify}
40266059SGregory Neil ShapiroR<$-:$+><VERIFY $*> <$*> $+	$#error $@ $2 $: $1 " authentication failure " $4
40266059SGregory Neil Shapirodnl some level of encryption required: get the maximum level (case 2.)
40266059SGregory Neil ShapiroR<$*><REQ:$-> <$*>		$: <$1> <REQ:$2> <$3> $>max $&{cipher_bits} : $&{auth_ssf}
06f25ae9SGregory Neil Shapirodnl compare required bits with actual bits
40266059SGregory Neil ShapiroR<$*><REQ:$-> <$*> $-		$: <$1> <$2:$4> <$3> $(arith l $@ $4 $@ $2 $)
40266059SGregory Neil ShapiroR<$-:$+><$-:$-> <$*> TRUE	$#error $@ $2 $: $1 " encryption too weak " $4 " less than " $3
40266059SGregory Neil Shapirodnl strength requirements fulfilled
40266059SGregory Neil Shapirodnl TLS Additional Requirements Separator
40266059SGregory Neil Shapirodnl this should be something which does not appear in the extensions itself
40266059SGregory Neil Shapirodnl @ could be part of a CN, DN, etc...
40266059SGregory Neil Shapirodnl use < > ? those are encoded in CN, DN, ...
40266059SGregory Neil Shapirodefine(`_TLS_ARS_', `++')dnl
40266059SGregory Neil Shapirodnl workspace:
40266059SGregory Neil Shapirodnl <SMTP:ESC> <REQ:bits> <extensions> result-of-compare
40266059SGregory Neil ShapiroR<$-:$+><$-:$-> <$*> $*		$: <$1:$2 _TLS_ARS_ $5>
40266059SGregory Neil Shapirodnl workspace: <SMTP:ESC _TLS_ARS_ extensions>
40266059SGregory Neil Shapirodnl continue: check  extensions
40266059SGregory Neil ShapiroR<$-:$+ _TLS_ARS_ >			$@ OK
40266059SGregory Neil Shapirodnl split extensions into own list
40266059SGregory Neil ShapiroR<$-:$+ _TLS_ARS_ $+ >			$: <$1:$2> <$3>
40266059SGregory Neil ShapiroR<$-:$+> < $+ _TLS_ARS_ $+ >		<$1:$2> <$3> <$4>
40266059SGregory Neil ShapiroR<$-:$+> $+			$@ $>"TLS_req" $3 $| <$1:$2>
06f25ae9SGregory Neil Shapiro
40266059SGregory Neil Shapiro######################################################################
40266059SGregory Neil Shapiro###  TLS_req: check additional TLS requirements
40266059SGregory Neil Shapiro###
40266059SGregory Neil Shapiro###	Parameters: [<list> <of> <req>] $| <$-:$+>
40266059SGregory Neil Shapiro###		$-: SMTP reply code
40266059SGregory Neil Shapiro###		$+: Enhanced Status Code
40266059SGregory Neil Shapirodnl  further requirements for this ruleset:
40266059SGregory Neil Shapirodnl	name of "other side" is stored is {TLS_name} (client/server_name)
40266059SGregory Neil Shapirodnl
40266059SGregory Neil Shapirodnl	currently only CN[:common_name] is implemented
40266059SGregory Neil Shapirodnl	right now this is only a logical AND
40266059SGregory Neil Shapirodnl	i.e. all requirements must be true
40266059SGregory Neil Shapirodnl	how about an OR? CN must be X or CN must be Y or ..
40266059SGregory Neil Shapirodnl	use a macro to compute this as a trivial sequential
40266059SGregory Neil Shapirodnl	operations (no precedences etc)?
40266059SGregory Neil Shapiro######################################################################
40266059SGregory Neil ShapiroSTLS_req
40266059SGregory Neil Shapirodnl no additional requirements: ok
40266059SGregory Neil ShapiroR $| $+		$@ OK
40266059SGregory Neil Shapirodnl require CN: but no CN specified: use name of other side
40266059SGregory Neil ShapiroR<CN> $* $| <$+>		$: <CN:$&{TLS_Name}> $1 $| <$2>
40266059SGregory Neil Shapirodnl match, check rest
40266059SGregory Neil ShapiroR<CN:$&{cn_subject}> $* $| <$+>		$@ $>"TLS_req" $1 $| <$2>
40266059SGregory Neil Shapirodnl CN does not match
40266059SGregory Neil Shapirodnl  1   2      3  4
40266059SGregory Neil ShapiroR<CN:$+> $* $| <$-:$+>	$#error $@ $4 $: $3 " CN " $&{cn_subject} " does not match " $1
40266059SGregory Neil Shapirodnl cert subject
40266059SGregory Neil ShapiroR<CS:$&{cert_subject}> $* $| <$+>	$@ $>"TLS_req" $1 $| <$2>
40266059SGregory Neil Shapirodnl CS does not match
40266059SGregory Neil Shapirodnl  1   2      3  4
13bd1963SGregory Neil ShapiroR<CS:$+> $* $| <$-:$+>	$#error $@ $4 $: $3 " Cert Subject " $&{cert_subject} " does not match " $1
40266059SGregory Neil Shapirodnl match, check rest
40266059SGregory Neil ShapiroR<CI:$&{cert_issuer}> $* $| <$+>	$@ $>"TLS_req" $1 $| <$2>
40266059SGregory Neil Shapirodnl CI does not match
40266059SGregory Neil Shapirodnl  1   2      3  4
13bd1963SGregory Neil ShapiroR<CI:$+> $* $| <$-:$+>	$#error $@ $4 $: $3 " Cert Issuer " $&{cert_issuer} " does not match " $1
40266059SGregory Neil Shapirodnl return from recursive call
40266059SGregory Neil ShapiroROK			$@ OK
40266059SGregory Neil Shapiro
40266059SGregory Neil Shapiro######################################################################
40266059SGregory Neil Shapiro###  max: return the maximum of two values separated by :
40266059SGregory Neil Shapiro###
40266059SGregory Neil Shapiro###	Parameters: [$-]:[$-]
40266059SGregory Neil Shapiro######################################################################
06f25ae9SGregory Neil ShapiroSmax
06f25ae9SGregory Neil ShapiroR:		$: 0
06f25ae9SGregory Neil ShapiroR:$-		$: $1
06f25ae9SGregory Neil ShapiroR$-:		$: $1
06f25ae9SGregory Neil ShapiroR$-:$-		$: $(arith l $@ $1 $@ $2 $) : $1 : $2
06f25ae9SGregory Neil ShapiroRTRUE:$-:$-	$: $2
40266059SGregory Neil ShapiroR$-:$-:$-	$: $2
40266059SGregory Neil Shapirodnl endif _ACCESS_TABLE_
40266059SGregory Neil Shapirodivert(0)
06f25ae9SGregory Neil Shapiro
40266059SGregory Neil Shapiro######################################################################
40266059SGregory Neil Shapiro###  RelayTLS: allow relaying based on TLS authentication
40266059SGregory Neil Shapiro###
40266059SGregory Neil Shapiro###	Parameters:
40266059SGregory Neil Shapiro###		none
40266059SGregory Neil Shapiro######################################################################
40266059SGregory Neil ShapiroSRelayTLS
06f25ae9SGregory Neil Shapiro# authenticated?
06f25ae9SGregory Neil Shapirodnl we do not allow relaying for anyone who can present a cert
06f25ae9SGregory Neil Shapirodnl signed by a "trusted" CA. For example, even if we put verisigns
13bd1963SGregory Neil Shapirodnl CA in CertPath so we can authenticate users, we do not allow
06f25ae9SGregory Neil Shapirodnl them to abuse our server (they might be easier to get hold of,
06f25ae9SGregory Neil Shapirodnl but anyway).
06f25ae9SGregory Neil Shapirodnl so here is the trick: if the verification succeeded
06f25ae9SGregory Neil Shapirodnl we look up the cert issuer in the access map
06f25ae9SGregory Neil Shapirodnl (maybe after extracting a part with a regular expression)
06f25ae9SGregory Neil Shapirodnl if this returns RELAY we relay without further questions
06f25ae9SGregory Neil Shapirodnl if it returns SUBJECT we perform a similar check on the
06f25ae9SGregory Neil Shapirodnl cert subject.
06f25ae9SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl
40266059SGregory Neil ShapiroR$*			$: <?> $&{verify}
40266059SGregory Neil ShapiroR<?> OK			$: OK		authenticated: continue
40266059SGregory Neil ShapiroR<?> $*			$@ NO		not authenticated
06f25ae9SGregory Neil Shapiroifdef(`_CERT_REGEX_ISSUER_', `dnl
40266059SGregory Neil ShapiroR$*			$: $(CERTIssuer $&{cert_issuer} $)',
40266059SGregory Neil Shapiro`R$*			$: $&{cert_issuer}')
40266059SGregory Neil ShapiroR$+			$: $(access CERTISSUER`'_TAG_DELIM_`'$1 $)
06f25ae9SGregory Neil Shapirodnl use $# to stop further checks (delay_check)
40266059SGregory Neil ShapiroRRELAY			$# RELAY
06f25ae9SGregory Neil Shapiroifdef(`_CERT_REGEX_SUBJECT_', `dnl
40266059SGregory Neil ShapiroRSUBJECT		$: <@> $(CERTSubject $&{cert_subject} $)',
40266059SGregory Neil Shapiro`RSUBJECT		$: <@> $&{cert_subject}')
40266059SGregory Neil ShapiroR<@> $+			$: <@> $(access CERTSUBJECT`'_TAG_DELIM_`'$1 $)
40266059SGregory Neil ShapiroR<@> RELAY		$# RELAY
40266059SGregory Neil ShapiroR$*			$: NO', `dnl')
40266059SGregory Neil Shapiro
40266059SGregory Neil Shapiro######################################################################
40266059SGregory Neil Shapiro###  authinfo: lookup authinfo in the access map
40266059SGregory Neil Shapiro###
40266059SGregory Neil Shapiro###	Parameters:
40266059SGregory Neil Shapiro###		$1: {server_name}
40266059SGregory Neil Shapiro###		$2: {server_addr}
40266059SGregory Neil Shapirodnl	both are currently ignored
40266059SGregory Neil Shapirodnl if it should be done via another map, we either need to restrict
40266059SGregory Neil Shapirodnl functionality (it calls D and A) or copy those rulesets (or add another
40266059SGregory Neil Shapirodnl parameter which I want to avoid, it's quite complex already)
40266059SGregory Neil Shapiro######################################################################
40266059SGregory Neil Shapirodnl omit this ruleset if neither is defined?
40266059SGregory Neil Shapirodnl it causes DefaultAuthInfo to be ignored
40266059SGregory Neil Shapirodnl (which may be considered a good thing).
40266059SGregory Neil ShapiroSauthinfo
40266059SGregory Neil Shapiroifdef(`_AUTHINFO_TABLE_', `dnl
40266059SGregory Neil ShapiroR$*		$: <$(authinfo AuthInfo:$&{server_name} $: ? $)>
40266059SGregory Neil ShapiroR<?>		$: <$(authinfo AuthInfo:$&{server_addr} $: ? $)>
40266059SGregory Neil ShapiroR<?>		$: <$(authinfo AuthInfo: $: ? $)>
40266059SGregory Neil ShapiroR<?>		$@ no				no authinfo available
40266059SGregory Neil ShapiroR<$*>		$# $1
40266059SGregory Neil Shapirodnl', `dnl
40266059SGregory Neil Shapiroifdef(`_ACCESS_TABLE_', `dnl
40266059SGregory Neil ShapiroR$*		$: $1 $| $>D <$&{server_name}> <?> <! AuthInfo> <>
40266059SGregory Neil ShapiroR$* $| <?>$*	$: $1 $| $>A <$&{server_addr}> <?> <! AuthInfo> <>
40266059SGregory Neil ShapiroR$* $| <?>$*	$: $1 $| <$(access AuthInfo`'_TAG_DELIM_ $: ? $)> <>
40266059SGregory Neil ShapiroR$* $| <?>$*	$@ no				no authinfo available
40266059SGregory Neil ShapiroR$* $| <$*> <>	$# $2
40266059SGregory Neil Shapirodnl', `dnl')')
06f25ae9SGregory Neil Shapiro
06f25ae9SGregory Neil Shapiroundivert(9)dnl LOCAL_RULESETS
06f25ae9SGregory Neil Shapiro#
06f25ae9SGregory Neil Shapiro######################################################################
06f25ae9SGregory Neil Shapiro######################################################################
06f25ae9SGregory Neil Shapiro#####
06f25ae9SGregory Neil Shapiro`#####			MAIL FILTER DEFINITIONS'
06f25ae9SGregory Neil Shapiro#####
06f25ae9SGregory Neil Shapiro######################################################################
06f25ae9SGregory Neil Shapiro######################################################################
40266059SGregory Neil Shapiro_MAIL_FILTERS_
c2aa98e2SPeter Wemm#
c2aa98e2SPeter Wemm######################################################################
c2aa98e2SPeter Wemm######################################################################
c2aa98e2SPeter Wemm#####
c2aa98e2SPeter Wemm`#####			MAILER DEFINITIONS'
c2aa98e2SPeter Wemm#####
c2aa98e2SPeter Wemm######################################################################
c2aa98e2SPeter Wemm######################################################################
06f25ae9SGregory Neil Shapiroundivert(7)dnl MAILER_DEFINITIONS
42e5d165SGregory Neil Shapiro