· 6 years ago · Nov 14, 2019, 08:56 AM
1#
2# Copyright (c) 1998-2004, 2009, 2010 Proofpoint, Inc. and its suppliers.
3# All rights reserved.
4# Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved.
5# Copyright (c) 1988, 1993
6# The Regents of the University of California. All rights reserved.
7#
8# By using this file, you agree to the terms and conditions set
9# forth in the LICENSE file which can be found at the top level of
10# the sendmail distribution.
11#
12# $FreeBSD: releng/12.0/contrib/sendmail/cf/m4/cfhead.m4 285229 2015-07-07 02:59:02Z gshapiro $
13#
14
15######################################################################
16######################################################################
17#####
18##### SENDMAIL CONFIGURATION FILE
19#####
20#####
21######################################################################
22#####
23##### DO NOT EDIT THIS FILE! Only edit the source .mc file.
24#####
25######################################################################
26######################################################################
27
28##### $Id: cfhead.m4,v 8.122 2013-11-22 20:51:13 ca Exp $ #####
29##### $Id: cf.m4,v 8.33 2013-11-22 20:51:13 ca Exp $ #####
30
31##### $FreeBSD: releng/12.0/etc/sendmail/freebsd.mc 285230 2015-07-07 03:00:57Z gshapiro $ #####
32
33##### $Id: freebsd6.m4,v 1.2 2013-11-22 20:51:15 ca Exp $ #####
34
35
36##### $Id: generic.m4,v 8.16 2013-11-22 20:51:10 ca Exp $ #####
37
38##### $Id: redirect.m4,v 8.16 2013-11-22 20:51:11 ca Exp $ #####
39
40##### $Id: use_cw_file.m4,v 8.12 2013-11-22 20:51:11 ca Exp $ #####
41
42
43
44
45##### $Id: access_db.m4,v 8.28 2013-11-22 20:51:11 ca Exp $ #####
46
47
48##### $Id: blacklist_recipients.m4,v 8.14 2013-11-22 20:51:11 ca Exp $ #####
49
50
51##### $Id: local_lmtp.m4,v 8.18 2013-11-22 20:51:11 ca Exp $ #####
52
53
54##### $Id: mailertable.m4,v 8.26 2013-11-22 20:51:11 ca Exp $ #####
55
56
57##### $Id: virtusertable.m4,v 8.24 2013-11-22 20:51:11 ca Exp $ #####
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77##### $Id: proto.m4,v 8.762 2013-11-22 20:51:13 ca Exp $ #####
78
79# level 10 config file format
80V10/Berkeley
81
82# override file safeties - setting this option compromises system security,
83# addressing the actual file configuration problem is preferred
84# need to set this before any file actions are encountered in the cf file
85#O DontBlameSendmail=safe
86
87# default LDAP map specification
88# need to set this now before any LDAP maps are defined
89#O LDAPDefaultSpec=-h localhost
90
91##################
92# local info #
93##################
94
95# my LDAP cluster
96# need to set this before any LDAP lookups are done (including classes)
97#D{sendmailMTACluster}$m
98
99Cwlocalhost
100# file containing names of hosts for which we receive email
101Fw-o /etc/mail/local-host-names
102
103# my official domain name
104# ... define this only if sendmail cannot automatically determine your domain
105#Dj$w.Foo.COM
106
107# host/domain names ending with a token in class P are canonical
108CP.
109
110# "Smart" relay host (may be null)
111DS
112
113
114# operators that cannot be in local usernames (i.e., network indicators)
115CO @ % !
116
117# a class with just dot (for identifying canonical names)
118C..
119
120# a class with just a left bracket (for identifying domain literals)
121C[[
122
123# access_db acceptance class
124C{Accept}OK RELAY
125
126
127# Resolve map (to check if a host exists in check_mail)
128Kresolve host -a<OKR> -T<TEMP>
129C{ResOk}OKR
130
131
132# Hosts for which relaying is permitted ($=R)
133FR-o /etc/mail/relay-domains
134
135# arithmetic map
136Karith arith
137# macro storage map
138Kmacro macro
139# possible values for TLS_connection in access map
140C{Tls}VERIFY ENCR
141
142
143
144
145
146# dequoting map
147Kdequote dequote
148
149# class E: names that should be exposed as from this host, even if we masquerade
150# class L: names that should be delivered locally, even if we have a relay
151# class M: domains that should be converted to $M
152# class N: domains that should not be converted to $M
153#CL root
154C{E}root
155
156
157
158# my name for error messages
159DnMAILER-DAEMON
160
161
162CPREDIRECT
163
164# Access list database (for spam stomping)
165Kaccess hash -o -T<TMPF> /etc/mail/access
166
167# Mailer table (overriding domains)
168Kmailertable hash -o /etc/mail/mailertable
169
170# Virtual user table (maps incoming users)
171Kvirtuser hash -o /etc/mail/virtusertable
172
173# Configuration version number
174DZ8.15.2
175
176
177###############
178# Options #
179###############
180
181# strip message body to 7 bits on input?
182O SevenBitInput=False
183
184# 8-bit data handling
185#O EightBitMode=pass8
186
187# wait for alias file rebuild (default units: minutes)
188O AliasWait=10
189
190# location of alias file
191O AliasFile=/etc/mail/aliases
192
193# minimum number of free blocks on filesystem
194O MinFreeBlocks=100
195
196# maximum message size
197#O MaxMessageSize=0
198
199# substitution for space (blank) characters
200O BlankSub=.
201
202# avoid connecting to "expensive" mailers on initial submission?
203O HoldExpensive=False
204
205# checkpoint queue runs after every N successful deliveries
206#O CheckpointInterval=10
207
208# default delivery mode
209O DeliveryMode=background
210
211# error message header/file
212#O ErrorHeader=/etc/mail/error-header
213
214# error mode
215#O ErrorMode=print
216
217# save Unix-style "From_" lines at top of header?
218#O SaveFromLine=False
219
220# queue file mode (qf files)
221#O QueueFileMode=0600
222
223# temporary file mode
224O TempFileMode=0600
225
226# match recipients against GECOS field?
227#O MatchGECOS=False
228
229# maximum hop count
230#O MaxHopCount=25
231
232# location of help file
233O HelpFile=/etc/mail/helpfile
234
235# ignore dots as terminators in incoming messages?
236#O IgnoreDots=False
237
238# name resolver options
239O ResolverOptions=WorkAroundBrokenAAAA
240
241# deliver MIME-encapsulated error messages?
242O SendMimeErrors=True
243
244# Forward file search path
245O ForwardPath=$z/.forward.$w+$h:$z/.forward+$h:$z/.forward.$w:$z/.forward
246
247# open connection cache size
248O ConnectionCacheSize=2
249
250# open connection cache timeout
251O ConnectionCacheTimeout=5m
252
253# persistent host status directory
254#O HostStatusDirectory=.hoststat
255
256# single thread deliveries (requires HostStatusDirectory)?
257#O SingleThreadDelivery=False
258
259# use Errors-To: header?
260O UseErrorsTo=False
261
262# use compressed IPv6 address format?
263#O UseCompressedIPv6Addresses
264
265# log level
266O LogLevel=9
267
268# send to me too, even in an alias expansion?
269#O MeToo=True
270
271# verify RHS in newaliases?
272O CheckAliases=False
273
274# default messages to old style headers if no special punctuation?
275O OldStyleHeaders=True
276
277# SMTP daemon options
278
279O DaemonPortOptions=Name=IPv4, Family=inet
280O DaemonPortOptions=Name=IPv6, Family=inet6, Modifiers=O
281O DaemonPortOptions=Port=587, Name=MSA, M=E
282
283# SMTP client options
284#O ClientPortOptions=Family=inet, Address=0.0.0.0
285
286# Modifiers to define {daemon_flags} for direct submissions
287#O DirectSubmissionModifiers
288
289# Use as mail submission program? See sendmail/SECURITY
290#O UseMSP
291
292# privacy flags
293O PrivacyOptions=authwarnings,noexpn,novrfy
294
295# who (if anyone) should get extra copies of error messages
296#O PostmasterCopy=Postmaster
297
298# slope of queue-only function
299#O QueueFactor=600000
300
301# limit on number of concurrent queue runners
302#O MaxQueueChildren
303
304# maximum number of queue-runners per queue-grouping with multiple queues
305#O MaxRunnersPerQueue=1
306
307# priority of queue runners (nice(3))
308#O NiceQueueRun
309
310# shall we sort the queue by hostname first?
311#O QueueSortOrder=priority
312
313# minimum time in queue before retry
314#O MinQueueAge=30m
315
316# maximum time in queue before retry (if > 0; only for exponential delay)
317#O MaxQueueAge
318
319# how many jobs can you process in the queue?
320#O MaxQueueRunSize=0
321
322# perform initial split of envelope without checking MX records
323#O FastSplit=1
324
325# queue directory
326O QueueDirectory=/var/spool/mqueue
327
328# key for shared memory; 0 to turn off, -1 to auto-select
329#O SharedMemoryKey=0
330
331# file to store auto-selected key for shared memory (SharedMemoryKey = -1)
332#O SharedMemoryKeyFile
333
334# timeouts (many of these)
335#O Timeout.initial=5m
336#O Timeout.connect=5m
337#O Timeout.aconnect=0s
338#O Timeout.iconnect=5m
339#O Timeout.helo=5m
340#O Timeout.mail=10m
341#O Timeout.rcpt=1h
342#O Timeout.datainit=5m
343#O Timeout.datablock=1h
344#O Timeout.datafinal=1h
345#O Timeout.rset=5m
346#O Timeout.quit=2m
347#O Timeout.misc=2m
348#O Timeout.command=1h
349#O Timeout.ident=5s
350#O Timeout.fileopen=60s
351#O Timeout.control=2m
352O Timeout.queuereturn=5d
353#O Timeout.queuereturn.normal=5d
354#O Timeout.queuereturn.urgent=2d
355#O Timeout.queuereturn.non-urgent=7d
356#O Timeout.queuereturn.dsn=5d
357O Timeout.queuewarn=4h
358#O Timeout.queuewarn.normal=4h
359#O Timeout.queuewarn.urgent=1h
360#O Timeout.queuewarn.non-urgent=12h
361#O Timeout.queuewarn.dsn=4h
362#O Timeout.hoststatus=30m
363#O Timeout.resolver.retrans=5s
364#O Timeout.resolver.retrans.first=5s
365#O Timeout.resolver.retrans.normal=5s
366#O Timeout.resolver.retry=4
367#O Timeout.resolver.retry.first=4
368#O Timeout.resolver.retry.normal=4
369#O Timeout.lhlo=2m
370#O Timeout.auth=10m
371#O Timeout.starttls=1h
372
373# time for DeliverBy; extension disabled if less than 0
374#O DeliverByMin=0
375
376# should we not prune routes in route-addr syntax addresses?
377#O DontPruneRoutes=False
378
379# queue up everything before forking?
380O SuperSafe=True
381
382# status file
383O StatusFile=/var/log/sendmail.st
384
385# time zone handling:
386# if undefined, use system default
387# if defined but null, use TZ envariable passed in
388# if defined and non-null, use that info
389#O TimeZoneSpec=
390
391# default UID (can be username or userid:groupid)
392#O DefaultUser=mailnull
393
394# list of locations of user database file (null means no lookup)
395#O UserDatabaseSpec=/etc/mail/userdb
396
397# fallback MX host
398#O FallbackMXhost=fall.back.host.net
399
400# fallback smart host
401#O FallbackSmartHost=fall.back.host.net
402
403# if we are the best MX host for a site, try it directly instead of config err
404#O TryNullMXList=False
405
406# load average at which we just queue messages
407#O QueueLA=8
408
409# load average at which we refuse connections
410#O RefuseLA=12
411
412# log interval when refusing connections for this long
413#O RejectLogInterval=3h
414
415# load average at which we delay connections; 0 means no limit
416#O DelayLA=0
417
418# maximum number of children we allow at one time
419#O MaxDaemonChildren=0
420
421# maximum number of new connections per second
422#O ConnectionRateThrottle=0
423
424# Width of the window
425#O ConnectionRateWindowSize=60s
426
427# work recipient factor
428#O RecipientFactor=30000
429
430# deliver each queued job in a separate process?
431#O ForkEachJob=False
432
433# work class factor
434#O ClassFactor=1800
435
436# work time factor
437#O RetryFactor=90000
438
439# default character set
440#O DefaultCharSet=unknown-8bit
441
442# service switch file (name hardwired on Solaris, Ultrix, OSF/1, others)
443#O ServiceSwitchFile=/etc/mail/service.switch
444
445# hosts file (normally /etc/hosts)
446#O HostsFile=/etc/hosts
447
448# dialup line delay on connection failure
449#O DialDelay=0s
450
451# action to take if there are no recipients in the message
452O NoRecipientAction=add-to-undisclosed
453
454# chrooted environment for writing to files
455#O SafeFileEnvironment
456
457# are colons OK in addresses?
458#O ColonOkInAddr=True
459
460# shall I avoid expanding CNAMEs (violates protocols)?
461#O DontExpandCnames=False
462
463# SMTP initial login message (old $e macro)
464O SmtpGreetingMessage=$j Sendmail $v/$Z; $b
465
466# UNIX initial From header format (old $l macro)
467O UnixFromLine=From $g $d
468
469# From: lines that have embedded newlines are unwrapped onto one line
470#O SingleLineFromHeader=False
471
472# Allow HELO SMTP command that does not include a host name
473#O AllowBogusHELO=False
474
475# Characters to be quoted in a full name phrase (@,;:\()[] are automatic)
476#O MustQuoteChars=.
477
478# delimiter (operator) characters (old $o macro)
479O OperatorChars=.:%@!^/[]+
480
481# shall I avoid calling initgroups(3) because of high NIS costs?
482#O DontInitGroups=False
483
484# are group-writable :include: and .forward files (un)trustworthy?
485# True (the default) means they are not trustworthy.
486#O UnsafeGroupWrites=True
487
488
489# where do errors that occur when sending errors get sent?
490#O DoubleBounceAddress=postmaster
491
492# issue temporary errors (4xy) instead of permanent errors (5xy)?
493#O SoftBounce=False
494
495# where to save bounces if all else fails
496#O DeadLetterDrop=/var/tmp/dead.letter
497
498# what user id do we assume for the majority of the processing?
499#O RunAsUser=sendmail
500
501# maximum number of recipients per SMTP envelope
502#O MaxRecipientsPerMessage=0
503
504# limit the rate recipients per SMTP envelope are accepted
505# once the threshold number of recipients have been rejected
506#O BadRcptThrottle=0
507
508
509# shall we get local names from our installed interfaces?
510#O DontProbeInterfaces=False
511
512# Return-Receipt-To: header implies DSN request
513#O RrtImpliesDsn=False
514
515# override connection address (for testing)
516#O ConnectOnlyTo=0.0.0.0
517
518# Trusted user for file ownership and starting the daemon
519#O TrustedUser=root
520
521# Control socket for daemon management
522#O ControlSocketName=/var/spool/mqueue/.control
523
524# Maximum MIME header length to protect MUAs
525#O MaxMimeHeaderLength=0/0
526
527# Maximum length of the sum of all headers
528O MaxHeadersLength=32768
529
530# Maximum depth of alias recursion
531#O MaxAliasRecursion=10
532
533# location of pid file
534#O PidFile=/var/run/sendmail.pid
535
536# Prefix string for the process title shown on 'ps' listings
537#O ProcessTitlePrefix=prefix
538
539# Data file (df) memory-buffer file maximum size
540#O DataFileBufferSize=4096
541
542# Transcript file (xf) memory-buffer file maximum size
543#O XscriptFileBufferSize=4096
544
545# lookup type to find information about local mailboxes
546#O MailboxDatabase=pw
547
548# override compile time flag REQUIRES_DIR_FSYNC
549#O RequiresDirfsync=true
550
551# list of authentication mechanisms
552#O AuthMechanisms=EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5
553
554# Authentication realm
555#O AuthRealm
556
557# default authentication information for outgoing connections
558#O DefaultAuthInfo=/etc/mail/default-auth-info
559
560# SMTP AUTH flags
561#O AuthOptions
562
563# SMTP AUTH maximum encryption strength
564#O AuthMaxBits
565
566# SMTP STARTTLS server options
567#O TLSSrvOptions
568
569# SSL cipherlist
570#O CipherList
571# server side SSL options
572#O ServerSSLOptions
573# client side SSL options
574#O ClientSSLOptions
575
576# Input mail filters
577#O InputMailFilters
578
579
580# CA directory
581O CACertPath=/etc/mail/certs
582# CA file
583O CACertFile=/etc/mail/certs/cacert.pem
584# Server Cert
585O ServerCertFile=/etc/mail/certs/host.cert
586# Server private key
587O ServerKeyFile=/etc/mail/certs/host.key
588# Client Cert
589O ClientCertFile=/etc/mail/certs/host.cert
590# Client private key
591O ClientKeyFile=/etc/mail/certs/host.key
592# File containing certificate revocation lists
593#O CRLFile
594# DHParameters (only required if DSA/DH is used)
595O DHParameters=/etc/mail/certs/dh.param
596# Random data source (required for systems without /dev/urandom under OpenSSL)
597#O RandFile
598# fingerprint algorithm (digest) to use for the presented cert
599#O CertFingerprintAlgorithm
600
601# Maximum number of "useless" commands before slowing down
602#O MaxNOOPCommands=20
603
604# Name to use for EHLO (defaults to $j)
605#O HeloName
606
607
608
609############################
610# QUEUE GROUP DEFINITIONS #
611############################
612
613
614###########################
615# Message precedences #
616###########################
617
618Pfirst-class=0
619Pspecial-delivery=100
620Plist=-30
621Pbulk=-60
622Pjunk=-100
623
624#####################
625# Trusted users #
626#####################
627
628# this is equivalent to setting class "t"
629#Ft/etc/mail/trusted-users
630Troot
631Tdaemon
632Tuucp
633
634#########################
635# Format of headers #
636#########################
637
638H?P?Return-Path: <$g>
639HReceived: $?sfrom $s $.$?_($?s$|from $.$_)
640 $.$?{auth_type}(authenticated$?{auth_ssf} bits=${auth_ssf}$.)
641 $.by $j ($v/$Z)$?r with $r$. id $i$?{tls_version}
642 (version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify})$.$?u
643 for $u; $|;
644 $.$b$?g
645 (envelope-from $g)$.
646H?D?Resent-Date: $a
647H?D?Date: $a
648H?F?Resent-From: $?x$x <$g>$|$g$.
649H?F?From: $?x$x <$g>$|$g$.
650H?x?Full-Name: $x
651# HPosted-Date: $a
652# H?l?Received-Date: $b
653H?M?Resent-Message-Id: <$t.$i@$j>
654H?M?Message-Id: <$t.$i@$j>
655
656#
657
658######################################################################
659######################################################################
660#####
661##### REWRITING RULES
662#####
663######################################################################
664######################################################################
665
666############################################
667### Ruleset 3 -- Name Canonicalization ###
668############################################
669Scanonify=3
670
671# handle null input (translate to <@> special case)
672R$@ $@ <@>
673
674# strip group: syntax (not inside angle brackets!) and trailing semicolon
675R$* $: $1 <@> mark addresses
676R$* < $* > $* <@> $: $1 < $2 > $3 unmark <addr>
677R@ $* <@> $: @ $1 unmark @host:...
678R$* [ IPv6 : $+ ] <@> $: $1 [ IPv6 : $2 ] unmark IPv6 addr
679R$* :: $* <@> $: $1 :: $2 unmark node::addr
680R:include: $* <@> $: :include: $1 unmark :include:...
681R$* : $* [ $* ] $: $1 : $2 [ $3 ] <@> remark if leading colon
682R$* : $* <@> $: $2 strip colon if marked
683R$* <@> $: $1 unmark
684R$* ; $1 strip trailing semi
685R$* < $+ :; > $* $@ $2 :; <@> catch <list:;>
686R$* < $* ; > $1 < $2 > bogus bracketed semi
687
688# null input now results from list:; syntax
689R$@ $@ :; <@>
690
691# strip angle brackets -- note RFC733 heuristic to get innermost item
692R$* $: < $1 > housekeeping <>
693R$+ < $* > < $2 > strip excess on left
694R< $* > $+ < $1 > strip excess on right
695R<> $@ < @ > MAIL FROM:<> case
696R< $+ > $: $1 remove housekeeping <>
697
698# strip route address <@a,@b,@c:user@d> -> <user@d>
699R@ $+ , $+ $2
700R@ [ $* ] : $+ $2
701R@ $+ : $+ $2
702
703# find focus for list syntax
704R $+ : $* ; @ $+ $@ $>Canonify2 $1 : $2 ; < @ $3 > list syntax
705R $+ : $* ; $@ $1 : $2; list syntax
706
707# find focus for @ syntax addresses
708R$+ @ $+ $: $1 < @ $2 > focus on domain
709R$+ < $+ @ $+ > $1 $2 < @ $3 > move gaze right
710R$+ < @ $+ > $@ $>Canonify2 $1 < @ $2 > already canonical
711
712
713# convert old-style addresses to a domain-based address
714R$- ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > resolve uucp names
715R$+ . $- ! $+ $@ $>Canonify2 $3 < @ $1 . $2 > domain uucps
716R$+ ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > uucp subdomains
717
718# if we have % signs, take the rightmost one
719R$* % $* $1 @ $2 First make them all @s.
720R$* @ $* @ $* $1 % $2 @ $3 Undo all but the last.
721
722R$* @ $* $@ $>Canonify2 $1 < @ $2 > Insert < > and finish
723
724# else we must be a local name
725R$* $@ $>Canonify2 $1
726
727
728################################################
729### Ruleset 96 -- bottom half of ruleset 3 ###
730################################################
731
732SCanonify2=96
733
734# handle special cases for local names
735R$* < @ localhost > $* $: $1 < @ $j . > $2 no domain at all
736R$* < @ localhost . $m > $* $: $1 < @ $j . > $2 local domain
737R$* < @ localhost . UUCP > $* $: $1 < @ $j . > $2 .UUCP domain
738
739# check for IPv4/IPv6 domain literal
740R$* < @ [ $+ ] > $* $: $1 < @@ [ $2 ] > $3 mark [addr]
741R$* < @@ $=w > $* $: $1 < @ $j . > $3 self-literal
742R$* < @@ $+ > $* $@ $1 < @ $2 > $3 canon IP addr
743
744
745
746
747
748# if really UUCP, handle it immediately
749
750# try UUCP traffic as a local address
751R$* < @ $+ . UUCP > $* $: $1 < @ $[ $2 $] . UUCP . > $3
752R$* < @ $+ . . UUCP . > $* $@ $1 < @ $2 . > $3
753
754# hostnames ending in class P are always canonical
755R$* < @ $* $=P > $* $: $1 < @ $2 $3 . > $4
756R$* < @ $* $~P > $* $: $&{daemon_flags} $| $1 < @ $2 $3 > $4
757R$* CC $* $| $* < @ $+.$+ > $* $: $3 < @ $4.$5 . > $6
758R$* CC $* $| $* $: $3
759# pass to name server to make hostname canonical
760R$* $| $* < @ $* > $* $: $2 < @ $[ $3 $] > $4
761R$* $| $* $: $2
762
763# local host aliases and pseudo-domains are always canonical
764R$* < @ $=w > $* $: $1 < @ $2 . > $3
765R$* < @ $=M > $* $: $1 < @ $2 . > $3
766R$* < @ $={VirtHost} > $* $: $1 < @ $2 . > $3
767R$* < @ $* . . > $* $1 < @ $2 . > $3
768
769
770##################################################
771### Ruleset 4 -- Final Output Post-rewriting ###
772##################################################
773Sfinal=4
774
775R$+ :; <@> $@ $1 : handle <list:;>
776R$* <@> $@ handle <> and list:;
777
778# strip trailing dot off possibly canonical name
779R$* < @ $+ . > $* $1 < @ $2 > $3
780
781# eliminate internal code
782R$* < @ *LOCAL* > $* $1 < @ $j > $2
783
784# externalize local domain info
785R$* < $+ > $* $1 $2 $3 defocus
786R@ $+ : @ $+ : $+ @ $1 , @ $2 : $3 <route-addr> canonical
787R@ $* $@ @ $1 ... and exit
788
789# UUCP must always be presented in old form
790R$+ @ $- . UUCP $2!$1 u@h.UUCP => h!u
791
792# delete duplicate local names
793R$+ % $=w @ $=w $1 @ $2 u%host@host => u@host
794
795
796
797##############################################################
798### Ruleset 97 -- recanonicalize and call ruleset zero ###
799### (used for recursive calls) ###
800##############################################################
801
802SRecurse=97
803R$* $: $>canonify $1
804R$* $@ $>parse $1
805
806
807######################################
808### Ruleset 0 -- Parse Address ###
809######################################
810
811Sparse=0
812
813R$* $: $>Parse0 $1 initial parsing
814R<@> $#local $: <@> special case error msgs
815R$* $: $>ParseLocal $1 handle local hacks
816R$* $: $>Parse1 $1 final parsing
817
818#
819# Parse0 -- do initial syntax checking and eliminate local addresses.
820# This should either return with the (possibly modified) input
821# or return with a #error mailer. It should not return with a
822# #mailer other than the #error mailer.
823#
824
825SParse0
826R<@> $@ <@> special case error msgs
827R$* : $* ; <@> $#error $@ 5.1.3 $: "553 List:; syntax illegal for recipient addresses"
828R@ <@ $* > < @ $1 > catch "@@host" bogosity
829R<@ $+> $#error $@ 5.1.3 $: "553 User address required"
830R$+ <@> $#error $@ 5.1.3 $: "553 Hostname required"
831R$* $: <> $1
832R<> $* < @ [ $* ] : $+ > $* $1 < @ [ $2 ] : $3 > $4
833R<> $* < @ [ $* ] , $+ > $* $1 < @ [ $2 ] , $3 > $4
834R<> $* < @ [ $* ] $+ > $* $#error $@ 5.1.2 $: "553 Invalid address"
835R<> $* < @ [ $+ ] > $* $1 < @ [ $2 ] > $3
836R<> $* <$* : $* > $* $#error $@ 5.1.3 $: "553 Colon illegal in host name part"
837R<> $* $1
838R$* < @ . $* > $* $#error $@ 5.1.2 $: "553 Invalid host name"
839R$* < @ $* .. $* > $* $#error $@ 5.1.2 $: "553 Invalid host name"
840R$* < @ $* @ > $* $#error $@ 5.1.2 $: "553 Invalid route address"
841R$* @ $* < @ $* > $* $#error $@ 5.1.3 $: "553 Invalid route address"
842R$* , $~O $* $#error $@ 5.1.3 $: "553 Invalid route address"
843
844
845# now delete the local info -- note $=O to find characters that cause forwarding
846R$* < @ > $* $@ $>Parse0 $>canonify $1 user@ => user
847R< @ $=w . > : $* $@ $>Parse0 $>canonify $2 @here:... -> ...
848R$- < @ $=w . > $: $(dequote $1 $) < @ $2 . > dequote "foo"@here
849R< @ $+ > $#error $@ 5.1.3 $: "553 User address required"
850R$* $=O $* < @ $=w . > $@ $>Parse0 $>canonify $1 $2 $3 ...@here -> ...
851R$- $: $(dequote $1 $) < @ *LOCAL* > dequote "foo"
852R< @ *LOCAL* > $#error $@ 5.1.3 $: "553 User address required"
853R$* $=O $* < @ *LOCAL* >
854 $@ $>Parse0 $>canonify $1 $2 $3 ...@*LOCAL* -> ...
855R$* < @ *LOCAL* > $: $1
856
857
858#
859# Parse1 -- the bottom half of ruleset 0.
860#
861
862SParse1
863
864# handle numeric address spec
865R$* < @ [ $+ ] > $* $: $>ParseLocal $1 < @ [ $2 ] > $3 numeric internet spec
866R$* < @ [ $+ ] > $* $: $1 < @ [ $2 ] : $S > $3 Add smart host to path
867R$* < @ [ $+ ] : > $* $#esmtp $@ [$2] $: $1 < @ [$2] > $3 no smarthost: send
868R$* < @ [ $+ ] : $- : $*> $* $#$3 $@ $4 $: $1 < @ [$2] > $5 smarthost with mailer
869R$* < @ [ $+ ] : $+ > $* $#esmtp $@ $3 $: $1 < @ [$2] > $4 smarthost without mailer
870
871# handle virtual users
872R$+ $: <!> $1 Mark for lookup
873R<!> $+ < @ $={VirtHost} . > $: < $(virtuser $1 @ $2 $@ $1 $: @ $) > $1 < @ $2 . >
874R<!> $+ < @ $=w . > $: < $(virtuser $1 @ $2 $@ $1 $: @ $) > $1 < @ $2 . >
875R<@> $+ + $+ < @ $* . >
876 $: < $(virtuser $1 + + @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . >
877R<@> $+ + $* < @ $* . >
878 $: < $(virtuser $1 + * @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . >
879R<@> $+ + $* < @ $* . >
880 $: < $(virtuser $1 @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . >
881R<@> $+ + $+ < @ $+ . > $: < $(virtuser + + @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . >
882R<@> $+ + $* < @ $+ . > $: < $(virtuser + * @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . >
883R<@> $+ + $* < @ $+ . > $: < $(virtuser @ $3 $@ $1 $@ $2 $@ +$2 $: ! $) > $1 + $2 < @ $3 . >
884R<@> $+ < @ $+ . > $: < $(virtuser @ $2 $@ $1 $: @ $) > $1 < @ $2 . >
885R<@> $+ $: $1
886R<!> $+ $: $1
887R< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4
888R< error : $- $+ > $* $#error $@ $(dequote $1 $) $: $2
889R< $+ > $+ < @ $+ > $: $>Recurse $1
890
891# short circuit local delivery so forwarded email works
892
893
894R$=L < @ $=w . > $#local $: @ $1 special local names
895R$+ < @ $=w . > $#local $: $1 regular local name
896
897# not local -- try mailer table lookup
898R$* <@ $+ > $* $: < $2 > $1 < @ $2 > $3 extract host name
899R< $+ . > $* $: < $1 > $2 strip trailing dot
900R< $+ > $* $: < $(mailertable $1 $) > $2 lookup
901R< $~[ : $* > $* $>MailerToTriple < $1 : $2 > $3 check -- resolved?
902R< $+ > $* $: $>Mailertable <$1> $2 try domain
903
904# resolve remotely connected UUCP links (if any)
905
906# resolve fake top level domains by forwarding to other hosts
907
908
909
910# pass names that still have a host to a smarthost (if defined)
911R$* < @ $* > $* $: $>MailerToTriple < $S > $1 < @ $2 > $3 glue on smarthost name
912
913# deal with other remote names
914R$* < @$* > $* $#esmtp $@ $2 $: $1 < @ $2 > $3 user@host.domain
915
916# handle locally delivered names
917R$=L $#local $: @ $1 special local names
918R$+ $#local $: $1 regular local names
919
920
921
922###########################################################################
923### Ruleset 5 -- special rewriting after aliases have been expanded ###
924###########################################################################
925
926SLocal_localaddr
927Slocaladdr=5
928R$+ $: $1 $| $>"Local_localaddr" $1
929R$+ $| $#ok $@ $1 no change
930R$+ $| $#$* $#$2
931R$+ $| $* $: $1
932
933
934
935
936# deal with plussed users so aliases work nicely
937R$+ + * $#local $@ $&h $: $1
938R$+ + $* $#local $@ + $2 $: $1 + *
939
940# prepend an empty "forward host" on the front
941R$+ $: <> $1
942
943
944
945R< > $+ $: < > < $1 <> $&h > nope, restore +detail
946
947R< > < $+ <> + $* > $: < > < $1 + $2 > check whether +detail
948R< > < $+ <> $* > $: < > < $1 > else discard
949R< > < $+ + $* > $* < > < $1 > + $2 $3 find the user part
950R< > < $+ > + $* $#local $@ $2 $: @ $1 strip the extra +
951R< > < $+ > $@ $1 no +detail
952R$+ $: $1 <> $&h add +detail back in
953
954R$+ <> + $* $: $1 + $2 check whether +detail
955R$+ <> $* $: $1 else discard
956R< local : $* > $* $: $>MailerToTriple < local : $1 > $2 no host extension
957R< error : $* > $* $: $>MailerToTriple < error : $1 > $2 no host extension
958
959R< $~[ : $+ > $+ $: $>MailerToTriple < $1 : $2 > $3 < @ $2 >
960
961R< $+ > $+ $@ $>MailerToTriple < $1 > $2 < @ $1 >
962
963
964###################################################################
965### Ruleset 90 -- try domain part of mailertable entry ###
966###################################################################
967
968SMailertable=90
969R$* <$- . $+ > $* $: $1$2 < $(mailertable .$3 $@ $1$2 $@ $2 $) > $4
970R$* <$~[ : $* > $* $>MailerToTriple < $2 : $3 > $4 check -- resolved?
971R$* < . $+ > $* $@ $>Mailertable $1 . <$2> $3 no -- strip & try again
972R$* < $* > $* $: < $(mailertable . $@ $1$2 $) > $3 try "."
973R< $~[ : $* > $* $>MailerToTriple < $1 : $2 > $3 "." found?
974R< $* > $* $@ $2 no mailertable match
975
976###################################################################
977### Ruleset 95 -- canonify mailer:[user@]host syntax to triple ###
978###################################################################
979
980SMailerToTriple=95
981R< > $* $@ $1 strip off null relay
982R< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4
983R< error : $- : $+ > $* $#error $@ $(dequote $1 $) $: $2
984R< error : $+ > $* $#error $: $1
985R< local : $* > $* $>CanonLocal < $1 > $2
986R< $~[ : $+ @ $+ > $*<$*>$* $# $1 $@ $3 $: $2<@$3> use literal user
987R< $~[ : $+ > $* $# $1 $@ $2 $: $3 try qualified mailer
988R< $=w > $* $@ $2 delete local host
989R< $+ > $* $#relay $@ $1 $: $2 use unqualified mailer
990
991###################################################################
992### Ruleset CanonLocal -- canonify local: syntax ###
993###################################################################
994
995SCanonLocal
996# strip local host from routed addresses
997R< $* > < @ $+ > : $+ $@ $>Recurse $3
998R< $* > $+ $=O $+ < @ $+ > $@ $>Recurse $2 $3 $4
999
1000# strip trailing dot from any host name that may appear
1001R< $* > $* < @ $* . > $: < $1 > $2 < @ $3 >
1002
1003# handle local: syntax -- use old user, either with or without host
1004R< > $* < @ $* > $* $#local $@ $1@$2 $: $1
1005R< > $+ $#local $@ $1 $: $1
1006
1007# handle local:user@host syntax -- ignore host part
1008R< $+ @ $+ > $* < @ $* > $: < $1 > $3 < @ $4 >
1009
1010# handle local:user syntax
1011R< $+ > $* <@ $* > $* $#local $@ $2@$3 $: $1
1012R< $+ > $* $#local $@ $2 $: $1
1013
1014###################################################################
1015### Ruleset 93 -- convert header names to masqueraded form ###
1016###################################################################
1017
1018SMasqHdr=93
1019
1020
1021# do not masquerade anything in class N
1022R$* < @ $* $=N . > $@ $1 < @ $2 $3 . >
1023
1024R$* < @ *LOCAL* > $@ $1 < @ $j . >
1025
1026###################################################################
1027### Ruleset 94 -- convert envelope names to masqueraded form ###
1028###################################################################
1029
1030SMasqEnv=94
1031R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
1032
1033###################################################################
1034### Ruleset 98 -- local part of ruleset zero (can be null) ###
1035###################################################################
1036
1037SParseLocal=98
1038
1039# addresses sent to foo@host.REDIRECT will give a 551 error code
1040R$* < @ $+ .REDIRECT. > $: $1 < @ $2 . REDIRECT . > < ${opMode} >
1041R$* < @ $+ .REDIRECT. > <i> $: $1 < @ $2 . REDIRECT. >
1042R$* < @ $+ .REDIRECT. > < $- > $#error $@ 5.1.1 $: "551 User has moved; please try " <$1@$2>
1043
1044
1045
1046
1047
1048
1049######################################################################
1050### D: LookUpDomain -- search for domain in access database
1051###
1052### Parameters:
1053### <$1> -- key (domain name)
1054### <$2> -- default (what to return if not found in db)
1055### <$3> -- mark (must be <(!|+) single-token>)
1056### ! does lookup only with tag
1057### + does lookup with and without tag
1058### <$4> -- passthru (additional data passed unchanged through)
1059######################################################################
1060
1061SD
1062R<$*> <$+> <$- $-> <$*> $: < $(access $4:$1 $: ? $) > <$1> <$2> <$3 $4> <$5>
1063R<?> <$+> <$+> <+ $-> <$*> $: < $(access $1 $: ? $) > <$1> <$2> <+ $3> <$4>
1064R<?> <[$+.$-]> <$+> <$- $-> <$*> $@ $>D <[$1]> <$3> <$4 $5> <$6>
1065R<?> <[$+::$-]> <$+> <$- $-> <$*> $: $>D <[$1]> <$3> <$4 $5> <$6>
1066R<?> <[$+:$-]> <$+> <$- $-> <$*> $: $>D <[$1]> <$3> <$4 $5> <$6>
1067R<?> <$+.$+> <$+> <$- $-> <$*> $@ $>D <$2> <$3> <$4 $5> <$6>
1068R<?> <$+> <$+> <$- $-> <$*> $@ <$2> <$5>
1069R<$* <TMPF>> <$+> <$+> <$- $-> <$*> $@ <<TMPF>> <$6>
1070R<$*> <$+> <$+> <$- $-> <$*> $@ <$1> <$6>
1071
1072######################################################################
1073### A: LookUpAddress -- search for host address in access database
1074###
1075### Parameters:
1076### <$1> -- key (dot quadded host address)
1077### <$2> -- default (what to return if not found in db)
1078### <$3> -- mark (must be <(!|+) single-token>)
1079### ! does lookup only with tag
1080### + does lookup with and without tag
1081### <$4> -- passthru (additional data passed through)
1082######################################################################
1083
1084SA
1085R<$+> <$+> <$- $-> <$*> $: < $(access $4:$1 $: ? $) > <$1> <$2> <$3 $4> <$5>
1086R<?> <$+> <$+> <+ $-> <$*> $: < $(access $1 $: ? $) > <$1> <$2> <+ $3> <$4>
1087R<?> <$+::$-> <$+> <$- $-> <$*> $@ $>A <$1> <$3> <$4 $5> <$6>
1088R<?> <$+:$-> <$+> <$- $-> <$*> $@ $>A <$1> <$3> <$4 $5> <$6>
1089R<?> <$+.$-> <$+> <$- $-> <$*> $@ $>A <$1> <$3> <$4 $5> <$6>
1090R<?> <$+> <$+> <$- $-> <$*> $@ <$2> <$5>
1091R<$* <TMPF>> <$+> <$+> <$- $-> <$*> $@ <<TMPF>> <$6>
1092R<$*> <$+> <$+> <$- $-> <$*> $@ <$1> <$6>
1093
1094######################################################################
1095### CanonAddr -- Convert an address into a standard form for
1096### relay checking. Route address syntax is
1097### crudely converted into a %-hack address.
1098###
1099### Parameters:
1100### $1 -- full recipient address
1101###
1102### Returns:
1103### parsed address, not in source route form
1104######################################################################
1105
1106SCanonAddr
1107R$* $: $>Parse0 $>canonify $1 make domain canonical
1108
1109
1110######################################################################
1111### ParseRecipient -- Strip off hosts in $=R as well as possibly
1112### $* $=m or the access database.
1113### Check user portion for host separators.
1114###
1115### Parameters:
1116### $1 -- full recipient address
1117###
1118### Returns:
1119### parsed, non-local-relaying address
1120######################################################################
1121
1122SParseRecipient
1123R$* $: <?> $>CanonAddr $1
1124R<?> $* < @ $* . > <?> $1 < @ $2 > strip trailing dots
1125R<?> $- < @ $* > $: <?> $(dequote $1 $) < @ $2 > dequote local part
1126
1127# if no $=O character, no host in the user portion, we are done
1128R<?> $* $=O $* < @ $* > $: <NO> $1 $2 $3 < @ $4>
1129R<?> $* $@ $1
1130
1131
1132R<NO> $* < @ $* $=R > $: <RELAY> $1 < @ $2 $3 >
1133R<NO> $* < @ $+ > $: $>D <$2> <NO> <+ To> <$1 < @ $2 >>
1134R<$+> <$+> $: <$1> $2
1135
1136
1137
1138R<RELAY> $* < @ $* > $@ $>ParseRecipient $1
1139R<$+> $* $@ $2
1140
1141
1142######################################################################
1143### check_relay -- check hostname/address on SMTP startup
1144######################################################################
1145
1146
1147
1148SLocal_check_relay
1149Scheck_relay
1150R$* $: $1 $| $>"Local_check_relay" $1
1151R$* $| $* $| $#$* $#$3
1152R$* $| $* $| $* $@ $>"Basic_check_relay" $1 $| $2
1153
1154SBasic_check_relay
1155# check for deferred delivery mode
1156R$* $: < $&{deliveryMode} > $1
1157R< d > $* $@ deferred
1158R< $* > $* $: $2
1159
1160R$+ $| $+ $: $>D < $1 > <?> <+ Connect> < $2 >
1161R $| $+ $: $>A < $1 > <?> <+ Connect> <> empty client_name
1162R<?> <$+> $: $>A < $1 > <?> <+ Connect> <> no: another lookup
1163R<?> <$*> $: OK found nothing
1164R<$={Accept}> <$*> $@ $1 return value of lookup
1165R<REJECT> <$*> $#error $@ 5.7.1 $: "550 Access denied"
1166R<DISCARD> <$*> $#discard $: discard
1167R<QUARANTINE:$+> <$*> $#error $@ quarantine $: $1
1168R<ERROR:$-.$-.$-:$+> <$*> $#error $@ $1.$2.$3 $: $4
1169R<ERROR:$+> <$*> $#error $: $1
1170R<$* <TMPF>> <$*> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
1171R<$+> <$*> $#error $: $1
1172
1173
1174######################################################################
1175### check_mail -- check SMTP `MAIL FROM:' command argument
1176######################################################################
1177
1178SLocal_check_mail
1179Scheck_mail
1180R$* $: $1 $| $>"Local_check_mail" $1
1181R$* $| $#$* $#$2
1182R$* $| $* $@ $>"Basic_check_mail" $1
1183
1184SBasic_check_mail
1185# check for deferred delivery mode
1186R$* $: < $&{deliveryMode} > $1
1187R< d > $* $@ deferred
1188R< $* > $* $: $2
1189
1190# authenticated?
1191R$* $: $1 $| $>"tls_client" $&{verify} $| MAIL
1192R$* $| $#$+ $#$2
1193R$* $| $* $: $1
1194
1195R<> $@ <OK> we MUST accept <> (RFC 1123)
1196R$+ $: <?> $1
1197R<?><$+> $: <@> <$1>
1198R<?>$+ $: <@> <$1>
1199R$* $: $&{daemon_flags} $| $1
1200R$* f $* $| <@> < $* @ $- > $: < ? $&{client_name} > < $3 @ $4 >
1201R$* u $* $| <@> < $* > $: <?> < $3 >
1202R$* $| $* $: $2
1203# handle case of @localhost on address
1204R<@> < $* @ localhost > $: < ? $&{client_name} > < $1 @ localhost >
1205R<@> < $* @ [127.0.0.1] >
1206 $: < ? $&{client_name} > < $1 @ [127.0.0.1] >
1207R<@> < $* @ [IPv6:0:0:0:0:0:0:0:1] >
1208 $: < ? $&{client_name} > < $1 @ [IPv6:0:0:0:0:0:0:0:1] >
1209R<@> < $* @ [IPv6:::1] >
1210 $: < ? $&{client_name} > < $1 @ [IPv6:::1] >
1211R<@> < $* @ localhost.$m >
1212 $: < ? $&{client_name} > < $1 @ localhost.$m >
1213R<@> < $* @ localhost.UUCP >
1214 $: < ? $&{client_name} > < $1 @ localhost.UUCP >
1215R<@> $* $: $1 no localhost as domain
1216R<? $=w> $* $: $2 local client: ok
1217R<? $+> <$+> $#error $@ 5.5.4 $: "553 Real domain name required for sender address"
1218R<?> $* $: $1
1219R$* $: <?> $>CanonAddr $1 canonify sender address and mark it
1220R<?> $* < @ $+ . > <?> $1 < @ $2 > strip trailing dots
1221# handle non-DNS hostnames (*.bitnet, *.decnet, *.uucp, etc)
1222R<?> $* < @ $* $=P > $: <OKR> $1 < @ $2 $3 >
1223R<?> $* < @ $j > $: <OKR> $1 < @ $j >
1224R<?> $* < @ $+ > $: <? $(resolve $2 $: $2 <PERM> $) > $1 < @ $2 >
1225R<? $* <$->> $* < @ $+ >
1226 $: <$2> $3 < @ $4 >
1227
1228# check sender address: user@address, user@, address
1229R<$+> $+ < @ $* > $: @<$1> <$2 < @ $3 >> $| <F:$2@$3> <U:$2@> <D:$3>
1230R<$+> $+ $: @<$1> <$2> $| <U:$2@>
1231R@ <$+> <$*> $| <$+> $: <@> <$1> <$2> $| $>SearchList <+ From> $| <$3> <>
1232R<@> <$+> <$*> $| <$*> $: <$3> <$1> <$2> reverse result
1233# retransform for further use
1234R<?> <$+> <$*> $: <$1> $2 no match
1235R<$+> <$+> <$*> $: <$1> $3 relevant result, keep it
1236
1237# handle case of no @domain on address
1238R<?> $* $: $&{daemon_flags} $| <?> $1
1239R$* u $* $| <?> $* $: <OKR> $3
1240R$* $| $* $: $2
1241R<?> $* $: < ? $&{client_addr} > $1
1242R<?> $* $@ <OKR> ...local unqualed ok
1243R<? $+> $* $#error $@ 5.5.4 $: "553 Domain name required for sender address " $&f
1244 ...remote is not
1245# check results
1246R<?> $* $: @ $1 mark address: nothing known about it
1247R<$={ResOk}> $* $: @ $2 domain ok
1248R<TEMP> $* $#error $@ 4.1.8 $: "451 Domain of sender address " $&f " does not resolve"
1249R<PERM> $* $#error $@ 5.1.8 $: "553 Domain of sender address " $&f " does not exist"
1250R<$={Accept}> $* $# $1 accept from access map
1251R<DISCARD> $* $#discard $: discard
1252R<QUARANTINE:$+> $* $#error $@ quarantine $: $1
1253R<REJECT> $* $#error $@ 5.7.1 $: "550 Access denied"
1254R<ERROR:$-.$-.$-:$+> $* $#error $@ $1.$2.$3 $: $4
1255R<ERROR:$+> $* $#error $: $1
1256R<<TMPF>> $* $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
1257R<$+> $* $#error $: $1 error from access db
1258
1259
1260
1261######################################################################
1262### check_rcpt -- check SMTP `RCPT TO:' command argument
1263######################################################################
1264
1265SLocal_check_rcpt
1266Scheck_rcpt
1267R$* $: $1 $| $>"Local_check_rcpt" $1
1268R$* $| $#$* $#$2
1269R$* $| $* $@ $>"Basic_check_rcpt" $1
1270
1271SBasic_check_rcpt
1272# empty address?
1273R<> $#error $@ nouser $: "553 User address required"
1274R$@ $#error $@ nouser $: "553 User address required"
1275# check for deferred delivery mode
1276R$* $: < $&{deliveryMode} > $1
1277R< d > $* $@ deferred
1278R< $* > $* $: $2
1279
1280
1281######################################################################
1282R$* $: $1 $| @ $>"Rcpt_ok" $1
1283R$* $| @ $#TEMP $+ $: $1 $| T $2
1284R$* $| @ $#$* $#$2
1285R$* $| @ RELAY $@ RELAY
1286R$* $| @ $* $: O $| $>"Relay_ok" $1
1287R$* $| T $+ $: T $2 $| $>"Relay_ok" $1
1288R$* $| $#TEMP $+ $#error $2
1289R$* $| $#$* $#$2
1290R$* $| RELAY $@ RELAY
1291R T $+ $| $* $#error $1
1292# anything else is bogus
1293R$* $#error $@ 5.7.1 $: "550 Relaying denied"
1294
1295
1296######################################################################
1297### Rcpt_ok: is the recipient ok?
1298######################################################################
1299SRcpt_ok
1300R$* $: $>ParseRecipient $1 strip relayable hosts
1301
1302
1303
1304# blacklist local users or any host from receiving mail
1305R$* $: <?> $1
1306R<?> $+ < @ $=w > $: <> <$1 < @ $2 >> $| <F:$1@$2> <U:$1@> <D:$2>
1307R<?> $+ < @ $* > $: <> <$1 < @ $2 >> $| <F:$1@$2> <D:$2>
1308R<?> $+ $: <> <$1> $| <U:$1@>
1309R<> <$*> $| <$+> $: <@> <$1> $| $>SearchList <+ To> $| <$2> <>
1310R<@> <$*> $| <$*> $: <$2> <$1> reverse result
1311R<?> <$*> $: @ $1 mark address as no match
1312R<$={Accept}> <$*> $: @ $2 mark address as no match
1313
1314R<REJECT> $* $#error $@ 5.2.1 $: "550 Mailbox disabled for this recipient"
1315R<DISCARD> $* $#discard $: discard
1316R<QUARANTINE:$+> $* $#error $@ quarantine $: $1
1317R<ERROR:$-.$-.$-:$+> $* $#error $@ $1.$2.$3 $: $4
1318R<ERROR:$+> $* $#error $: $1
1319R<<TMPF>> $* $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
1320R<$+> $* $#error $: $1 error from access db
1321R@ $* $1 remove mark
1322
1323# authenticated via TLS?
1324R$* $: $1 $| $>RelayTLS client authenticated?
1325R$* $| $# $+ $# $2 error/ok?
1326R$* $| $* $: $1 no
1327
1328R$* $: $1 $| $>"Local_Relay_Auth" $&{auth_type}
1329R$* $| $# $* $# $2
1330R$* $| NO $: $1
1331R$* $| $* $: $1 $| $&{auth_type}
1332R$* $| $: $1
1333R$* $| $={TrustAuthMech} $# RELAY
1334R$* $| $* $: $1
1335# anything terminating locally is ok
1336R$+ < @ $=w > $@ RELAY
1337R$+ < @ $* $=R > $@ RELAY
1338R$+ < @ $+ > $: $>D <$2> <?> <+ To> <$1 < @ $2 >>
1339R<RELAY> $* $@ RELAY
1340R<$* <TMPF>> $* $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
1341R<$*> <$*> $: $2
1342
1343
1344
1345# check for local user (i.e. unqualified address)
1346R$* $: <?> $1
1347R<?> $* < @ $+ > $: <REMOTE> $1 < @ $2 >
1348# local user is ok
1349R<?> $+ $@ RELAY
1350R<$+> $* $: $2
1351
1352######################################################################
1353### Relay_ok: is the relay/sender ok?
1354######################################################################
1355SRelay_ok
1356# anything originating locally is ok
1357# check IP address
1358R$* $: $&{client_addr}
1359R$@ $@ RELAY originated locally
1360R0 $@ RELAY originated locally
1361R127.0.0.1 $@ RELAY originated locally
1362RIPv6:0:0:0:0:0:0:0:1 $@ RELAY originated locally
1363RIPv6:::1 $@ RELAY originated locally
1364R$=R $* $@ RELAY relayable IP address
1365R$* $: $>A <$1> <?> <+ Connect> <$1>
1366R<RELAY> $* $@ RELAY relayable IP address
1367
1368R<<TMPF>> $* $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
1369R<$*> <$*> $: $2
1370R$* $: [ $1 ] put brackets around it...
1371R$=w $@ RELAY ... and see if it is local
1372
1373
1374# check client name: first: did it resolve?
1375R$* $: < $&{client_resolve} >
1376R<TEMP> $#TEMP $@ 4.4.0 $: "450 Relaying temporarily denied. Cannot resolve PTR record for " $&{client_addr}
1377R<FORGED> $#error $@ 5.7.1 $: "550 Relaying denied. IP name possibly forged " $&{client_name}
1378R<FAIL> $#error $@ 5.7.1 $: "550 Relaying denied. IP name lookup failed " $&{client_name}
1379R$* $: <@> $&{client_name}
1380# pass to name server to make hostname canonical
1381R<@> $* $=P $:<?> $1 $2
1382R<@> $+ $:<?> $[ $1 $]
1383R$* . $1 strip trailing dots
1384R<?> $=w $@ RELAY
1385R<?> $* $=R $@ RELAY
1386R<?> $* $: $>D <$1> <?> <+ Connect> <$1>
1387R<RELAY> $* $@ RELAY
1388R<$* <TMPF>> $* $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
1389R<$*> <$*> $: $2
1390
1391
1392
1393######################################################################
1394### F: LookUpFull -- search for an entry in access database
1395###
1396### lookup of full key (which should be an address) and
1397### variations if +detail exists: +* and without +detail
1398###
1399### Parameters:
1400### <$1> -- key
1401### <$2> -- default (what to return if not found in db)
1402### <$3> -- mark (must be <(!|+) single-token>)
1403### ! does lookup only with tag
1404### + does lookup with and without tag
1405### <$4> -- passthru (additional data passed unchanged through)
1406######################################################################
1407
1408SF
1409R<$+> <$*> <$- $-> <$*> $: <$(access $4:$1 $: ? $)> <$1> <$2> <$3 $4> <$5>
1410R<?> <$+> <$*> <+ $-> <$*> $: <$(access $1 $: ? $)> <$1> <$2> <+ $3> <$4>
1411R<?> <$+ + $* @ $+> <$*> <$- $-> <$*>
1412 $: <$(access $6:$1+*@$3 $: ? $)> <$1+$2@$3> <$4> <$5 $6> <$7>
1413R<?> <$+ + $* @ $+> <$*> <+ $-> <$*>
1414 $: <$(access $1+*@$3 $: ? $)> <$1+$2@$3> <$4> <+ $5> <$6>
1415R<?> <$+ + $* @ $+> <$*> <$- $-> <$*>
1416 $: <$(access $6:$1@$3 $: ? $)> <$1+$2@$3> <$4> <$5 $6> <$7>
1417R<?> <$+ + $* @ $+> <$*> <+ $-> <$*>
1418 $: <$(access $1@$3 $: ? $)> <$1+$2@$3> <$4> <+ $5> <$6>
1419R<?> <$+> <$*> <$- $-> <$*> $@ <$2> <$5>
1420R<$+ <TMPF>> <$*> <$- $-> <$*> $@ <<TMPF>> <$5>
1421R<$+> <$*> <$- $-> <$*> $@ <$1> <$5>
1422
1423######################################################################
1424### E: LookUpExact -- search for an entry in access database
1425###
1426### Parameters:
1427### <$1> -- key
1428### <$2> -- default (what to return if not found in db)
1429### <$3> -- mark (must be <(!|+) single-token>)
1430### ! does lookup only with tag
1431### + does lookup with and without tag
1432### <$4> -- passthru (additional data passed unchanged through)
1433######################################################################
1434
1435SE
1436R<$*> <$*> <$- $-> <$*> $: <$(access $4:$1 $: ? $)> <$1> <$2> <$3 $4> <$5>
1437R<?> <$+> <$*> <+ $-> <$*> $: <$(access $1 $: ? $)> <$1> <$2> <+ $3> <$4>
1438R<?> <$+> <$*> <$- $-> <$*> $@ <$2> <$5>
1439R<$+ <TMPF>> <$*> <$- $-> <$*> $@ <<TMPF>> <$5>
1440R<$+> <$*> <$- $-> <$*> $@ <$1> <$5>
1441
1442######################################################################
1443### U: LookUpUser -- search for an entry in access database
1444###
1445### lookup of key (which should be a local part) and
1446### variations if +detail exists: +* and without +detail
1447###
1448### Parameters:
1449### <$1> -- key (user@)
1450### <$2> -- default (what to return if not found in db)
1451### <$3> -- mark (must be <(!|+) single-token>)
1452### ! does lookup only with tag
1453### + does lookup with and without tag
1454### <$4> -- passthru (additional data passed unchanged through)
1455######################################################################
1456
1457SU
1458R<$+> <$*> <$- $-> <$*> $: <$(access $4:$1 $: ? $)> <$1> <$2> <$3 $4> <$5>
1459R<?> <$+> <$*> <+ $-> <$*> $: <$(access $1 $: ? $)> <$1> <$2> <+ $3> <$4>
1460R<?> <$+ + $* @> <$*> <$- $-> <$*>
1461 $: <$(access $5:$1+*@ $: ? $)> <$1+$2@> <$3> <$4 $5> <$6>
1462R<?> <$+ + $* @> <$*> <+ $-> <$*>
1463 $: <$(access $1+*@ $: ? $)> <$1+$2@> <$3> <+ $4> <$5>
1464R<?> <$+ + $* @> <$*> <$- $-> <$*>
1465 $: <$(access $5:$1@ $: ? $)> <$1+$2@> <$3> <$4 $5> <$6>
1466R<?> <$+ + $* @> <$*> <+ $-> <$*>
1467 $: <$(access $1@ $: ? $)> <$1+$2@> <$3> <+ $4> <$5>
1468R<?> <$+> <$*> <$- $-> <$*> $@ <$2> <$5>
1469R<$+ <TMPF>> <$*> <$- $-> <$*> $@ <<TMPF>> <$5>
1470R<$+> <$*> <$- $-> <$*> $@ <$1> <$5>
1471
1472######################################################################
1473### SearchList: search a list of items in the access map
1474### Parameters:
1475### <exact tag> $| <mark:address> <mark:address> ... <>
1476### where "exact" is either "+" or "!":
1477### <+ TAG> lookup with and w/o tag
1478### <! TAG> lookup with tag
1479### possible values for "mark" are:
1480### D: recursive host lookup (LookUpDomain)
1481### E: exact lookup, no modifications
1482### F: full lookup, try user+ext@domain and user@domain
1483### U: user lookup, try user+ext and user (input must have trailing @)
1484### return: <RHS of lookup> or <?> (not found)
1485######################################################################
1486
1487# class with valid marks for SearchList
1488C{Src}E F D U
1489SSearchList
1490# just call the ruleset with the name of the tag... nice trick...
1491R<$+> $| <$={Src}:$*> <$*> $: <$1> $| <$4> $| $>$2 <$3> <?> <$1> <>
1492R<$+> $| <> $| <?> <> $@ <?>
1493R<$+> $| <$+> $| <?> <> $@ $>SearchList <$1> $| <$2>
1494R<$+> $| <$*> $| <$+> <> $@ <$3>
1495R<$+> $| <$+> $@ <$2>
1496
1497
1498######################################################################
1499### trust_auth: is user trusted to authenticate as someone else?
1500###
1501### Parameters:
1502### $1: AUTH= parameter from MAIL command
1503######################################################################
1504
1505SLocal_trust_auth
1506Strust_auth
1507R$* $: $&{auth_type} $| $1
1508# required by RFC 2554 section 4.
1509R$@ $| $* $#error $@ 5.7.1 $: "550 not authenticated"
1510R$* $| $&{auth_authen} $@ identical
1511R$* $| <$&{auth_authen}> $@ identical
1512R$* $| $* $: $1 $| $>"Local_trust_auth" $2
1513R$* $| $#$* $#$2
1514R$* $#error $@ 5.7.1 $: "550 " $&{auth_authen} " not allowed to act as " $&{auth_author}
1515
1516######################################################################
1517### Relay_Auth: allow relaying based on authentication?
1518###
1519### Parameters:
1520### $1: ${auth_type}
1521######################################################################
1522SLocal_Relay_Auth
1523
1524######################################################################
1525### srv_features: which features to offer to a client?
1526### (done in server)
1527######################################################################
1528Ssrv_features
1529R$* $: $>D <$&{client_name}> <?> <! "Srv_Features"> <>
1530R<?>$* $: $>A <$&{client_addr}> <?> <! "Srv_Features"> <>
1531R<?>$* $: <$(access "Srv_Features": $: ? $)>
1532R<?>$* $@ OK
1533R<$* <TMPF>>$* $#temp
1534R<$+>$* $# $1
1535
1536######################################################################
1537### try_tls: try to use STARTTLS?
1538### (done in client)
1539######################################################################
1540Stry_tls
1541R$* $: $>D <$&{server_name}> <?> <! "Try_TLS"> <>
1542R<?>$* $: $>A <$&{server_addr}> <?> <! "Try_TLS"> <>
1543R<?>$* $: <$(access "Try_TLS": $: ? $)>
1544R<?>$* $@ OK
1545R<$* <TMPF>>$* $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
1546R<NO>$* $#error $@ 5.7.1 $: "550 do not try TLS with " $&{server_name} " ["$&{server_addr}"]"
1547
1548######################################################################
1549### tls_rcpt: is connection with server "good" enough?
1550### (done in client, per recipient)
1551###
1552### Parameters:
1553### $1: recipient
1554######################################################################
1555Stls_rcpt
1556R$* $: $(macro {TLS_Name} $@ $&{server_name} $) $1
1557R$+ $: <?> $>CanonAddr $1
1558R<?> $+ < @ $+ . > <?> $1 <@ $2 >
1559R<?> $+ < @ $+ > $: $1 <@ $2 > $| <F:$1@$2> <U:$1@> <D:$2> <E:>
1560R<?> $+ $: $1 $| <U:$1@> <E:>
1561R$* $| $+ $: $1 $| $>SearchList <! "TLS_Rcpt"> $| $2 <>
1562R$* $| <?> $@ OK
1563R$* $| <$* <TMPF>> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
1564R$* $| <$+> $@ $>"TLS_connection" $&{verify} $| <$2>
1565
1566######################################################################
1567### tls_client: is connection with client "good" enough?
1568### (done in server)
1569###
1570### Parameters:
1571### ${verify} $| (MAIL|STARTTLS)
1572######################################################################
1573Stls_client
1574R$* $: $(macro {TLS_Name} $@ $&{client_name} $) $1
1575R$* $| $* $: $1 $| $>D <$&{client_name}> <?> <! "TLS_Clt"> <>
1576R$* $| <?>$* $: $1 $| $>A <$&{client_addr}> <?> <! "TLS_Clt"> <>
1577R$* $| <?>$* $: $1 $| <$(access "TLS_Clt": $: ? $)>
1578R$* $| <$* <TMPF>> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
1579R$* $@ $>"TLS_connection" $1
1580
1581######################################################################
1582### tls_server: is connection with server "good" enough?
1583### (done in client)
1584###
1585### Parameter:
1586### ${verify}
1587######################################################################
1588Stls_server
1589R$* $: $(macro {TLS_Name} $@ $&{server_name} $) $1
1590R$* $: $1 $| $>D <$&{server_name}> <?> <! "TLS_Srv"> <>
1591R$* $| <?>$* $: $1 $| $>A <$&{server_addr}> <?> <! "TLS_Srv"> <>
1592R$* $| <?>$* $: $1 $| <$(access "TLS_Srv": $: ? $)>
1593R$* $| <$* <TMPF>> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
1594R$* $@ $>"TLS_connection" $1
1595
1596######################################################################
1597### TLS_connection: is TLS connection "good" enough?
1598###
1599### Parameters:
1600### ${verify} $| <Requirement> [<>]
1601### Requirement: RHS from access map, may be ? for none.
1602######################################################################
1603STLS_connection
1604R$* $| <$*>$* $: $1 $| <$2>
1605# create the appropriate error codes
1606R$* $| <PERM + $={Tls} $*> $: $1 $| <503:5.7.0> <$2 $3>
1607R$* $| <TEMP + $={Tls} $*> $: $1 $| <403:4.7.0> <$2 $3>
1608R$* $| <$={Tls} $*> $: $1 $| <403:4.7.0> <$2 $3>
1609# deal with TLS handshake failures: abort
1610RSOFTWARE $| <$-:$+> $* $#error $@ $2 $: $1 " TLS handshake failed."
1611RSOFTWARE $| $* $#error $@ 4.7.0 $: "403 TLS handshake failed."
1612# deal with TLS protocol errors: abort
1613RPROTOCOL $| <$-:$+> $* $#error $@ $2 $: $1 " STARTTLS failed."
1614RPROTOCOL $| $* $#error $@ 4.7.0 $: "403 STARTTLS failed."
1615R$* $| <$*> <VERIFY> $: <$2> <VERIFY> <> $1
1616R$* $| <$*> <VERIFY + $+> $: <$2> <VERIFY> <$3> $1
1617R$* $| <$*> <$={Tls}:$->$* $: <$2> <$3:$4> <> $1
1618R$* $| <$*> <$={Tls}:$- + $+>$* $: <$2> <$3:$4> <$5> $1
1619R$* $| $* $@ OK
1620# authentication required: give appropriate error
1621# other side did authenticate (via STARTTLS)
1622R<$*><VERIFY> <> OK $@ OK
1623R<$*><VERIFY> <$+> OK $: <$1> <REQ:0> <$2>
1624R<$*><VERIFY:$-> <$*> OK $: <$1> <REQ:$2> <$3>
1625R<$*><ENCR:$-> <$*> $* $: <$1> <REQ:$2> <$3>
1626R<$-:$+><VERIFY $*> <$*> $#error $@ $2 $: $1 " authentication required"
1627R<$-:$+><VERIFY $*> <$*> FAIL $#error $@ $2 $: $1 " authentication failed"
1628R<$-:$+><VERIFY $*> <$*> NO $#error $@ $2 $: $1 " not authenticated"
1629R<$-:$+><VERIFY $*> <$*> NOT $#error $@ $2 $: $1 " no authentication requested"
1630R<$-:$+><VERIFY $*> <$*> NONE $#error $@ $2 $: $1 " other side does not support STARTTLS"
1631R<$-:$+><VERIFY $*> <$*> $+ $#error $@ $2 $: $1 " authentication failure " $4
1632R<$*><REQ:$-> <$*> $: <$1> <REQ:$2> <$3> $>max $&{cipher_bits} : $&{auth_ssf}
1633R<$*><REQ:$-> <$*> $- $: <$1> <$2:$4> <$3> $(arith l $@ $4 $@ $2 $)
1634R<$-:$+><$-:$-> <$*> TRUE $#error $@ $2 $: $1 " encryption too weak " $4 " less than " $3
1635R<$-:$+><$-:$-> <$*> $* $: <$1:$2 ++ $5>
1636R<$-:$+ ++ > $@ OK
1637R<$-:$+ ++ $+ > $: <$1:$2> <$3>
1638R<$-:$+> < $+ ++ $+ > <$1:$2> <$3> <$4>
1639R<$-:$+> $+ $@ $>"TLS_req" $3 $| <$1:$2>
1640
1641######################################################################
1642### TLS_req: check additional TLS requirements
1643###
1644### Parameters: [<list> <of> <req>] $| <$-:$+>
1645### $-: SMTP reply code
1646### $+: Enhanced Status Code
1647######################################################################
1648STLS_req
1649R $| $+ $@ OK
1650R<CN> $* $| <$+> $: <CN:$&{TLS_Name}> $1 $| <$2>
1651R<CN:$&{cn_subject}> $* $| <$+> $@ $>"TLS_req" $1 $| <$2>
1652R<CN:$+> $* $| <$-:$+> $#error $@ $4 $: $3 " CN " $&{cn_subject} " does not match " $1
1653R<CS:$&{cert_subject}> $* $| <$+> $@ $>"TLS_req" $1 $| <$2>
1654R<CS:$+> $* $| <$-:$+> $#error $@ $4 $: $3 " Cert Subject " $&{cert_subject} " does not match " $1
1655R<CI:$&{cert_issuer}> $* $| <$+> $@ $>"TLS_req" $1 $| <$2>
1656R<CI:$+> $* $| <$-:$+> $#error $@ $4 $: $3 " Cert Issuer " $&{cert_issuer} " does not match " $1
1657ROK $@ OK
1658
1659######################################################################
1660### max: return the maximum of two values separated by :
1661###
1662### Parameters: [$-]:[$-]
1663######################################################################
1664Smax
1665R: $: 0
1666R:$- $: $1
1667R$-: $: $1
1668R$-:$- $: $(arith l $@ $1 $@ $2 $) : $1 : $2
1669RTRUE:$-:$- $: $2
1670R$-:$-:$- $: $2
1671
1672
1673
1674
1675######################################################################
1676### RelayTLS: allow relaying based on TLS authentication
1677###
1678### Parameters:
1679### none
1680######################################################################
1681SRelayTLS
1682# authenticated?
1683R$* $: <?> $&{verify}
1684R<?> OK $: OK authenticated: continue
1685R<?> $* $@ NO not authenticated
1686R$* $: $&{cert_issuer}
1687R$+ $: $(access CERTISSUER:$1 $)
1688RRELAY $# RELAY
1689RSUBJECT $: <@> $&{cert_subject}
1690R<@> $+ $: <@> $(access CERTSUBJECT:$1 $)
1691R<@> RELAY $# RELAY
1692R$* $: NO
1693
1694######################################################################
1695### authinfo: lookup authinfo in the access map
1696###
1697### Parameters:
1698### $1: {server_name}
1699### $2: {server_addr}
1700######################################################################
1701Sauthinfo
1702R$* $: $1 $| $>D <$&{server_name}> <?> <! AuthInfo> <>
1703R$* $| <?>$* $: $1 $| $>A <$&{server_addr}> <?> <! AuthInfo> <>
1704R$* $| <?>$* $: $1 $| <$(access AuthInfo: $: ? $)> <>
1705R$* $| <?>$* $@ no no authinfo available
1706R$* $| <$*> <> $# $2
1707
1708
1709
1710
1711
1712#
1713
1714######################################################################
1715######################################################################
1716#####
1717##### MAIL FILTER DEFINITIONS
1718#####
1719######################################################################
1720######################################################################
1721
1722#
1723
1724######################################################################
1725######################################################################
1726#####
1727##### MAILER DEFINITIONS
1728#####
1729######################################################################
1730######################################################################
1731
1732
1733##################################################
1734### Local and Program Mailer specification ###
1735##################################################
1736
1737##### $Id: local.m4,v 8.60 2013-11-22 20:51:14 ca Exp $ #####
1738
1739#
1740# Envelope sender rewriting
1741#
1742SEnvFromL
1743R<@> $n errors to mailer-daemon
1744R@ <@ $*> $n temporarily bypass Sun bogosity
1745R$+ $: $>AddDomain $1 add local domain if needed
1746R$* $: $>MasqEnv $1 do masquerading
1747
1748#
1749# Envelope recipient rewriting
1750#
1751SEnvToL
1752R$+ < @ $* > $: $1 strip host part
1753R$+ + $* $: < $&{addr_type} > $1 + $2 mark with addr type
1754R<e s> $+ + $* $: $1 remove +detail for sender
1755R< $* > $+ $: $2 else remove mark
1756
1757#
1758# Header sender rewriting
1759#
1760SHdrFromL
1761R<@> $n errors to mailer-daemon
1762R@ <@ $*> $n temporarily bypass Sun bogosity
1763R$+ $: $>AddDomain $1 add local domain if needed
1764R$* $: $>MasqHdr $1 do masquerading
1765
1766#
1767# Header recipient rewriting
1768#
1769SHdrToL
1770R$+ $: $>AddDomain $1 add local domain if needed
1771R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
1772
1773#
1774# Common code to add local domain name (only if always-add-domain)
1775#
1776SAddDomain
1777
1778Mlocal, P=/usr/libexec/mail.local, F=lsDFMAw5:/|@qPSXmnz9, S=EnvFromSMTP/HdrFromL, R=EnvToL/HdrToL,
1779 T=DNS/RFC822/SMTP,
1780 A=mail.local -l
1781Mprog, P=/bin/sh, F=lsDFMoqeu9, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL, D=$z:/,
1782 T=X-Unix/X-Unix/X-Unix,
1783 A=sh -c $u
1784
1785#####################################
1786### SMTP Mailer specification ###
1787#####################################
1788
1789##### $Id: smtp.m4,v 8.66 2013-11-22 20:51:14 ca Exp $ #####
1790
1791#
1792# common sender and masquerading recipient rewriting
1793#
1794SMasqSMTP
1795R$* < @ $* > $* $@ $1 < @ $2 > $3 already fully qualified
1796R$+ $@ $1 < @ *LOCAL* > add local qualification
1797
1798#
1799# convert pseudo-domain addresses to real domain addresses
1800#
1801SPseudoToReal
1802
1803# pass <route-addr>s through
1804R< @ $+ > $* $@ < @ $1 > $2 resolve <route-addr>
1805
1806# output fake domains as user%fake@relay
1807
1808# do UUCP heuristics; note that these are shared with UUCP mailers
1809R$+ < @ $+ .UUCP. > $: < $2 ! > $1 convert to UUCP form
1810R$+ < @ $* > $* $@ $1 < @ $2 > $3 not UUCP form
1811
1812# leave these in .UUCP form to avoid further tampering
1813R< $&h ! > $- ! $+ $@ $2 < @ $1 .UUCP. >
1814R< $&h ! > $-.$+ ! $+ $@ $3 < @ $1.$2 >
1815R< $&h ! > $+ $@ $1 < @ $&h .UUCP. >
1816R< $+ ! > $+ $: $1 ! $2 < @ $Y > use UUCP_RELAY
1817R$+ < @ $~[ $* : $+ > $@ $1 < @ $4 > strip mailer: part
1818R$+ < @ > $: $1 < @ *LOCAL* > if no UUCP_RELAY
1819
1820
1821#
1822# envelope sender rewriting
1823#
1824SEnvFromSMTP
1825R$+ $: $>PseudoToReal $1 sender/recipient common
1826R$* :; <@> $@ list:; special case
1827R$* $: $>MasqSMTP $1 qualify unqual'ed names
1828R$+ $: $>MasqEnv $1 do masquerading
1829
1830
1831#
1832# envelope recipient rewriting --
1833# also header recipient if not masquerading recipients
1834#
1835SEnvToSMTP
1836R$+ $: $>PseudoToReal $1 sender/recipient common
1837R$+ $: $>MasqSMTP $1 qualify unqual'ed names
1838R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
1839
1840#
1841# header sender and masquerading header recipient rewriting
1842#
1843SHdrFromSMTP
1844R$+ $: $>PseudoToReal $1 sender/recipient common
1845R:; <@> $@ list:; special case
1846
1847# do special header rewriting
1848R$* <@> $* $@ $1 <@> $2 pass null host through
1849R< @ $* > $* $@ < @ $1 > $2 pass route-addr through
1850R$* $: $>MasqSMTP $1 qualify unqual'ed names
1851R$+ $: $>MasqHdr $1 do masquerading
1852
1853
1854#
1855# relay mailer header masquerading recipient rewriting
1856#
1857SMasqRelay
1858R$+ $: $>MasqSMTP $1
1859R$+ $: $>MasqHdr $1
1860
1861Msmtp, P=[IPC], F=mDFMuX, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
1862 T=DNS/RFC822/SMTP,
1863 A=TCP $h
1864Mesmtp, P=[IPC], F=mDFMuXa, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
1865 T=DNS/RFC822/SMTP,
1866 A=TCP $h
1867Msmtp8, P=[IPC], F=mDFMuX8, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
1868 T=DNS/RFC822/SMTP,
1869 A=TCP $h
1870Mdsmtp, P=[IPC], F=mDFMuXa%, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
1871 T=DNS/RFC822/SMTP,
1872 A=TCP $h
1873Mrelay, P=[IPC], F=mDFMuXa8, S=EnvFromSMTP/HdrFromSMTP, R=MasqSMTP, E=\r\n, L=2040,
1874 T=DNS/RFC822/SMTP,
1875 A=TCP $h