1826 lines
57 KiB
Plaintext
1826 lines
57 KiB
Plaintext
|
#
|
|||
|
# Copyright (c) 1998-2004 Sendmail, Inc. and its suppliers.
|
|||
|
# All rights reserved.
|
|||
|
# Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved.
|
|||
|
# Copyright (c) 1988, 1993
|
|||
|
# The Regents of the University of California. All rights reserved.
|
|||
|
#
|
|||
|
# By using this file, you agree to the terms and conditions set
|
|||
|
# forth in the LICENSE file which can be found at the top level of
|
|||
|
# the sendmail distribution.
|
|||
|
#
|
|||
|
#
|
|||
|
|
|||
|
######################################################################
|
|||
|
######################################################################
|
|||
|
#####
|
|||
|
##### SENDMAIL CONFIGURATION FILE
|
|||
|
#####
|
|||
|
##### built by root@gibbons on Thu Nov 10 11:40:01 EST 2005
|
|||
|
##### in /etc/mail
|
|||
|
##### using /usr/share/sendmail-cf/ as configuration include directory
|
|||
|
#####
|
|||
|
######################################################################
|
|||
|
#####
|
|||
|
##### DO NOT EDIT THIS FILE! Only edit the source .mc file.
|
|||
|
#####
|
|||
|
######################################################################
|
|||
|
######################################################################
|
|||
|
|
|||
|
##### $Id: cfhead.m4,v 8.116 2004/01/28 22:02:22 ca Exp $ #####
|
|||
|
##### $Id: cf.m4,v 8.32 1999/02/07 07:26:14 gshapiro Exp $ #####
|
|||
|
##### setup for Red Hat Linux #####
|
|||
|
##### $Id: linux.m4,v 8.13 2000/09/17 17:30:00 gshapiro Exp $ #####
|
|||
|
|
|||
|
|
|||
|
|
|||
|
##### $Id: local_procmail.m4,v 8.22 2002/11/17 04:24:19 ca Exp $ #####
|
|||
|
|
|||
|
|
|||
|
##### $Id: no_default_msa.m4,v 8.2 2001/02/14 05:03:22 gshapiro Exp $ #####
|
|||
|
|
|||
|
##### $Id: smrsh.m4,v 8.14 1999/11/18 05:06:23 ca Exp $ #####
|
|||
|
|
|||
|
##### $Id: mailertable.m4,v 8.25 2002/06/27 23:23:57 gshapiro Exp $ #####
|
|||
|
|
|||
|
##### $Id: virtusertable.m4,v 8.23 2002/06/27 23:23:57 gshapiro Exp $ #####
|
|||
|
|
|||
|
##### $Id: redirect.m4,v 8.15 1999/08/06 01:47:36 gshapiro Exp $ #####
|
|||
|
|
|||
|
##### $Id: always_add_domain.m4,v 8.11 2000/09/12 22:00:53 ca Exp $ #####
|
|||
|
|
|||
|
##### $Id: use_cw_file.m4,v 8.11 2001/08/26 20:58:57 gshapiro Exp $ #####
|
|||
|
|
|||
|
|
|||
|
##### $Id: use_ct_file.m4,v 8.11 2001/08/26 20:58:57 gshapiro Exp $ #####
|
|||
|
|
|||
|
|
|||
|
##### $Id: local_procmail.m4,v 8.22 2002/11/17 04:24:19 ca Exp $ #####
|
|||
|
|
|||
|
##### $Id: access_db.m4,v 8.26 2004/06/24 18:10:02 ca Exp $ #####
|
|||
|
|
|||
|
##### $Id: blacklist_recipients.m4,v 8.13 1999/04/02 02:25:13 gshapiro Exp $ #####
|
|||
|
|
|||
|
##### $Id: accept_unresolvable_domains.m4,v 8.10 1999/02/07 07:26:07 gshapiro Exp $ #####
|
|||
|
|
|||
|
|
|||
|
##### $Id: proto.m4,v 8.718 2005/08/24 18:07:23 ca Exp $ #####
|
|||
|
|
|||
|
# level 10 config file format
|
|||
|
V10/Berkeley
|
|||
|
|
|||
|
# override file safeties - setting this option compromises system security,
|
|||
|
# addressing the actual file configuration problem is preferred
|
|||
|
# need to set this before any file actions are encountered in the cf file
|
|||
|
#O DontBlameSendmail=safe
|
|||
|
|
|||
|
# default LDAP map specification
|
|||
|
# need to set this now before any LDAP maps are defined
|
|||
|
#O LDAPDefaultSpec=-h localhost
|
|||
|
|
|||
|
##################
|
|||
|
# local info #
|
|||
|
##################
|
|||
|
|
|||
|
# my LDAP cluster
|
|||
|
# need to set this before any LDAP lookups are done (including classes)
|
|||
|
#D{sendmailMTACluster}$m
|
|||
|
|
|||
|
Cwlocalhost
|
|||
|
# file containing names of hosts for which we receive email
|
|||
|
Fw/etc/mail/local-host-names
|
|||
|
|
|||
|
# my official domain name
|
|||
|
# ... define this only if sendmail cannot automatically determine your domain
|
|||
|
#Dj$w.Foo.COM
|
|||
|
|
|||
|
# host/domain names ending with a token in class P are canonical
|
|||
|
CP.
|
|||
|
|
|||
|
# "Smart" relay host (may be null)
|
|||
|
DS
|
|||
|
|
|||
|
|
|||
|
# operators that cannot be in local usernames (i.e., network indicators)
|
|||
|
CO @ % !
|
|||
|
|
|||
|
# a class with just dot (for identifying canonical names)
|
|||
|
C..
|
|||
|
|
|||
|
# a class with just a left bracket (for identifying domain literals)
|
|||
|
C[[
|
|||
|
|
|||
|
# access_db acceptance class
|
|||
|
C{Accept}OK RELAY
|
|||
|
|
|||
|
|
|||
|
C{ResOk}OKR
|
|||
|
|
|||
|
|
|||
|
# Hosts for which relaying is permitted ($=R)
|
|||
|
FR-o /etc/mail/relay-domains
|
|||
|
|
|||
|
# arithmetic map
|
|||
|
Karith arith
|
|||
|
# macro storage map
|
|||
|
Kmacro macro
|
|||
|
# possible values for TLS_connection in access map
|
|||
|
C{Tls}VERIFY ENCR
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
# dequoting map
|
|||
|
Kdequote dequote
|
|||
|
|
|||
|
# class E: names that should be exposed as from this host, even if we masquerade
|
|||
|
# class L: names that should be delivered locally, even if we have a relay
|
|||
|
# class M: domains that should be converted to $M
|
|||
|
# class N: domains that should not be converted to $M
|
|||
|
#CL root
|
|||
|
C{E}root
|
|||
|
C{w}localhost.localdomain
|
|||
|
|
|||
|
|
|||
|
|
|||
|
# my name for error messages
|
|||
|
DnMAILER-DAEMON
|
|||
|
|
|||
|
|
|||
|
# Mailer table (overriding domains)
|
|||
|
Kmailertable hash -o /etc/mail/mailertable.db
|
|||
|
|
|||
|
# Virtual user table (maps incoming users)
|
|||
|
Kvirtuser hash -o /etc/mail/virtusertable.db
|
|||
|
|
|||
|
CPREDIRECT
|
|||
|
|
|||
|
# Access list database (for spam stomping)
|
|||
|
Kaccess hash -T<TMPF> -o /etc/mail/access.db
|
|||
|
|
|||
|
# Configuration version number
|
|||
|
DZ8.13.5
|
|||
|
|
|||
|
|
|||
|
###############
|
|||
|
# Options #
|
|||
|
###############
|
|||
|
|
|||
|
# strip message body to 7 bits on input?
|
|||
|
O SevenBitInput=False
|
|||
|
|
|||
|
# 8-bit data handling
|
|||
|
#O EightBitMode=pass8
|
|||
|
|
|||
|
# wait for alias file rebuild (default units: minutes)
|
|||
|
O AliasWait=10
|
|||
|
|
|||
|
# location of alias file
|
|||
|
O AliasFile=/etc/aliases
|
|||
|
|
|||
|
# minimum number of free blocks on filesystem
|
|||
|
O MinFreeBlocks=100
|
|||
|
|
|||
|
# maximum message size
|
|||
|
#O MaxMessageSize=0
|
|||
|
|
|||
|
# substitution for space (blank) characters
|
|||
|
O BlankSub=.
|
|||
|
|
|||
|
# avoid connecting to "expensive" mailers on initial submission?
|
|||
|
O HoldExpensive=False
|
|||
|
|
|||
|
# checkpoint queue runs after every N successful deliveries
|
|||
|
#O CheckpointInterval=10
|
|||
|
|
|||
|
# default delivery mode
|
|||
|
O DeliveryMode=background
|
|||
|
|
|||
|
# error message header/file
|
|||
|
#O ErrorHeader=/etc/mail/error-header
|
|||
|
|
|||
|
# error mode
|
|||
|
#O ErrorMode=print
|
|||
|
|
|||
|
# save Unix-style "From_" lines at top of header?
|
|||
|
#O SaveFromLine=False
|
|||
|
|
|||
|
# queue file mode (qf files)
|
|||
|
#O QueueFileMode=0600
|
|||
|
|
|||
|
# temporary file mode
|
|||
|
O TempFileMode=0600
|
|||
|
|
|||
|
# match recipients against GECOS field?
|
|||
|
#O MatchGECOS=False
|
|||
|
|
|||
|
# maximum hop count
|
|||
|
#O MaxHopCount=25
|
|||
|
|
|||
|
# location of help file
|
|||
|
O HelpFile=/etc/mail/helpfile
|
|||
|
|
|||
|
# ignore dots as terminators in incoming messages?
|
|||
|
#O IgnoreDots=False
|
|||
|
|
|||
|
# name resolver options
|
|||
|
#O ResolverOptions=+AAONLY
|
|||
|
|
|||
|
# deliver MIME-encapsulated error messages?
|
|||
|
O SendMimeErrors=True
|
|||
|
|
|||
|
# Forward file search path
|
|||
|
O ForwardPath=$z/.forward.$w:$z/.forward
|
|||
|
|
|||
|
# open connection cache size
|
|||
|
O ConnectionCacheSize=2
|
|||
|
|
|||
|
# open connection cache timeout
|
|||
|
O ConnectionCacheTimeout=5m
|
|||
|
|
|||
|
# persistent host status directory
|
|||
|
#O HostStatusDirectory=.hoststat
|
|||
|
|
|||
|
# single thread deliveries (requires HostStatusDirectory)?
|
|||
|
#O SingleThreadDelivery=False
|
|||
|
|
|||
|
# use Errors-To: header?
|
|||
|
O UseErrorsTo=False
|
|||
|
|
|||
|
# log level
|
|||
|
O LogLevel=9
|
|||
|
|
|||
|
# send to me too, even in an alias expansion?
|
|||
|
#O MeToo=True
|
|||
|
|
|||
|
# verify RHS in newaliases?
|
|||
|
O CheckAliases=False
|
|||
|
|
|||
|
# default messages to old style headers if no special punctuation?
|
|||
|
O OldStyleHeaders=True
|
|||
|
|
|||
|
# SMTP daemon options
|
|||
|
|
|||
|
O DaemonPortOptions=Port=smtp,Addr=127.0.0.1, Name=MTA
|
|||
|
|
|||
|
# SMTP client options
|
|||
|
#O ClientPortOptions=Family=inet, Address=0.0.0.0
|
|||
|
|
|||
|
# Modifiers to define {daemon_flags} for direct submissions
|
|||
|
#O DirectSubmissionModifiers
|
|||
|
|
|||
|
# Use as mail submission program? See sendmail/SECURITY
|
|||
|
#O UseMSP
|
|||
|
|
|||
|
# privacy flags
|
|||
|
O PrivacyOptions=authwarnings,novrfy,noexpn,restrictqrun
|
|||
|
|
|||
|
# who (if anyone) should get extra copies of error messages
|
|||
|
#O PostmasterCopy=Postmaster
|
|||
|
|
|||
|
# slope of queue-only function
|
|||
|
#O QueueFactor=600000
|
|||
|
|
|||
|
# limit on number of concurrent queue runners
|
|||
|
#O MaxQueueChildren
|
|||
|
|
|||
|
# maximum number of queue-runners per queue-grouping with multiple queues
|
|||
|
#O MaxRunnersPerQueue=1
|
|||
|
|
|||
|
# priority of queue runners (nice(3))
|
|||
|
#O NiceQueueRun
|
|||
|
|
|||
|
# shall we sort the queue by hostname first?
|
|||
|
#O QueueSortOrder=priority
|
|||
|
|
|||
|
# minimum time in queue before retry
|
|||
|
#O MinQueueAge=30m
|
|||
|
|
|||
|
# how many jobs can you process in the queue?
|
|||
|
#O MaxQueueRunSize=0
|
|||
|
|
|||
|
# perform initial split of envelope without checking MX records
|
|||
|
#O FastSplit=1
|
|||
|
|
|||
|
# queue directory
|
|||
|
O QueueDirectory=/var/spool/mqueue
|
|||
|
|
|||
|
# key for shared memory; 0 to turn off
|
|||
|
#O SharedMemoryKey=0
|
|||
|
|
|||
|
|
|||
|
|
|||
|
# timeouts (many of these)
|
|||
|
#O Timeout.initial=5m
|
|||
|
O Timeout.connect=1m
|
|||
|
#O Timeout.aconnect=0s
|
|||
|
#O Timeout.iconnect=5m
|
|||
|
#O Timeout.helo=5m
|
|||
|
#O Timeout.mail=10m
|
|||
|
#O Timeout.rcpt=1h
|
|||
|
#O Timeout.datainit=5m
|
|||
|
#O Timeout.datablock=1h
|
|||
|
#O Timeout.datafinal=1h
|
|||
|
#O Timeout.rset=5m
|
|||
|
#O Timeout.quit=2m
|
|||
|
#O Timeout.misc=2m
|
|||
|
#O Timeout.command=1h
|
|||
|
O Timeout.ident=0
|
|||
|
#O Timeout.fileopen=60s
|
|||
|
#O Timeout.control=2m
|
|||
|
O Timeout.queuereturn=5d
|
|||
|
#O Timeout.queuereturn.normal=5d
|
|||
|
#O Timeout.queuereturn.urgent=2d
|
|||
|
#O Timeout.queuereturn.non-urgent=7d
|
|||
|
#O Timeout.queuereturn.dsn=5d
|
|||
|
O Timeout.queuewarn=4h
|
|||
|
#O Timeout.queuewarn.normal=4h
|
|||
|
#O Timeout.queuewarn.urgent=1h
|
|||
|
#O Timeout.queuewarn.non-urgent=12h
|
|||
|
#O Timeout.queuewarn.dsn=4h
|
|||
|
#O Timeout.hoststatus=30m
|
|||
|
#O Timeout.resolver.retrans=5s
|
|||
|
#O Timeout.resolver.retrans.first=5s
|
|||
|
#O Timeout.resolver.retrans.normal=5s
|
|||
|
#O Timeout.resolver.retry=4
|
|||
|
#O Timeout.resolver.retry.first=4
|
|||
|
#O Timeout.resolver.retry.normal=4
|
|||
|
#O Timeout.lhlo=2m
|
|||
|
#O Timeout.auth=10m
|
|||
|
#O Timeout.starttls=1h
|
|||
|
|
|||
|
# time for DeliverBy; extension disabled if less than 0
|
|||
|
#O DeliverByMin=0
|
|||
|
|
|||
|
# should we not prune routes in route-addr syntax addresses?
|
|||
|
#O DontPruneRoutes=False
|
|||
|
|
|||
|
# queue up everything before forking?
|
|||
|
O SuperSafe=True
|
|||
|
|
|||
|
# status file
|
|||
|
O StatusFile=/var/log/mail/statistics
|
|||
|
|
|||
|
# time zone handling:
|
|||
|
# if undefined, use system default
|
|||
|
# if defined but null, use TZ envariable passed in
|
|||
|
# if defined and non-null, use that info
|
|||
|
#O TimeZoneSpec=
|
|||
|
|
|||
|
# default UID (can be username or userid:groupid)
|
|||
|
O DefaultUser=8:12
|
|||
|
|
|||
|
# list of locations of user database file (null means no lookup)
|
|||
|
O UserDatabaseSpec=/etc/mail/userdb.db
|
|||
|
|
|||
|
# fallback MX host
|
|||
|
#O FallbackMXhost=fall.back.host.net
|
|||
|
|
|||
|
# fallback smart host
|
|||
|
#O FallbackSmartHost=fall.back.host.net
|
|||
|
|
|||
|
# if we are the best MX host for a site, try it directly instead of config err
|
|||
|
O TryNullMXList=true
|
|||
|
|
|||
|
# load average at which we just queue messages
|
|||
|
#O QueueLA=8
|
|||
|
|
|||
|
# load average at which we refuse connections
|
|||
|
#O RefuseLA=12
|
|||
|
|
|||
|
# log interval when refusing connections for this long
|
|||
|
#O RejectLogInterval=3h
|
|||
|
|
|||
|
# load average at which we delay connections; 0 means no limit
|
|||
|
#O DelayLA=0
|
|||
|
|
|||
|
# maximum number of children we allow at one time
|
|||
|
#O MaxDaemonChildren=0
|
|||
|
|
|||
|
# maximum number of new connections per second
|
|||
|
#O ConnectionRateThrottle=0
|
|||
|
|
|||
|
# Width of the window
|
|||
|
#O ConnectionRateWindowSize=60s
|
|||
|
|
|||
|
# work recipient factor
|
|||
|
#O RecipientFactor=30000
|
|||
|
|
|||
|
# deliver each queued job in a separate process?
|
|||
|
#O ForkEachJob=False
|
|||
|
|
|||
|
# work class factor
|
|||
|
#O ClassFactor=1800
|
|||
|
|
|||
|
# work time factor
|
|||
|
#O RetryFactor=90000
|
|||
|
|
|||
|
# default character set
|
|||
|
#O DefaultCharSet=unknown-8bit
|
|||
|
|
|||
|
# service switch file (name hardwired on Solaris, Ultrix, OSF/1, others)
|
|||
|
#O ServiceSwitchFile=/etc/mail/service.switch
|
|||
|
|
|||
|
# hosts file (normally /etc/hosts)
|
|||
|
#O HostsFile=/etc/hosts
|
|||
|
|
|||
|
# dialup line delay on connection failure
|
|||
|
#O DialDelay=0s
|
|||
|
|
|||
|
# action to take if there are no recipients in the message
|
|||
|
#O NoRecipientAction=none
|
|||
|
|
|||
|
# chrooted environment for writing to files
|
|||
|
#O SafeFileEnvironment
|
|||
|
|
|||
|
# are colons OK in addresses?
|
|||
|
#O ColonOkInAddr=True
|
|||
|
|
|||
|
# shall I avoid expanding CNAMEs (violates protocols)?
|
|||
|
#O DontExpandCnames=False
|
|||
|
|
|||
|
# SMTP initial login message (old $e macro)
|
|||
|
O SmtpGreetingMessage=$j Sendmail $v/$Z; $b
|
|||
|
|
|||
|
# UNIX initial From header format (old $l macro)
|
|||
|
O UnixFromLine=From $g $d
|
|||
|
|
|||
|
# From: lines that have embedded newlines are unwrapped onto one line
|
|||
|
#O SingleLineFromHeader=False
|
|||
|
|
|||
|
# Allow HELO SMTP command that does not include a host name
|
|||
|
#O AllowBogusHELO=False
|
|||
|
|
|||
|
# Characters to be quoted in a full name phrase (@,;:\()[] are automatic)
|
|||
|
#O MustQuoteChars=.
|
|||
|
|
|||
|
# delimiter (operator) characters (old $o macro)
|
|||
|
O OperatorChars=.:%@!^/[]+
|
|||
|
|
|||
|
# shall I avoid calling initgroups(3) because of high NIS costs?
|
|||
|
#O DontInitGroups=False
|
|||
|
|
|||
|
# are group-writable :include: and .forward files (un)trustworthy?
|
|||
|
# True (the default) means they are not trustworthy.
|
|||
|
#O UnsafeGroupWrites=True
|
|||
|
|
|||
|
|
|||
|
# where do errors that occur when sending errors get sent?
|
|||
|
#O DoubleBounceAddress=postmaster
|
|||
|
|
|||
|
# where to save bounces if all else fails
|
|||
|
#O DeadLetterDrop=/var/tmp/dead.letter
|
|||
|
|
|||
|
# what user id do we assume for the majority of the processing?
|
|||
|
#O RunAsUser=sendmail
|
|||
|
|
|||
|
# maximum number of recipients per SMTP envelope
|
|||
|
#O MaxRecipientsPerMessage=0
|
|||
|
|
|||
|
# limit the rate recipients per SMTP envelope are accepted
|
|||
|
# once the threshold number of recipients have been rejected
|
|||
|
#O BadRcptThrottle=0
|
|||
|
|
|||
|
# shall we get local names from our installed interfaces?
|
|||
|
O DontProbeInterfaces=true
|
|||
|
|
|||
|
# Return-Receipt-To: header implies DSN request
|
|||
|
#O RrtImpliesDsn=False
|
|||
|
|
|||
|
# override connection address (for testing)
|
|||
|
#O ConnectOnlyTo=0.0.0.0
|
|||
|
|
|||
|
# Trusted user for file ownership and starting the daemon
|
|||
|
#O TrustedUser=root
|
|||
|
|
|||
|
# Control socket for daemon management
|
|||
|
#O ControlSocketName=/var/spool/mqueue/.control
|
|||
|
|
|||
|
# Maximum MIME header length to protect MUAs
|
|||
|
#O MaxMimeHeaderLength=0/0
|
|||
|
|
|||
|
# Maximum length of the sum of all headers
|
|||
|
#O MaxHeadersLength=32768
|
|||
|
|
|||
|
# Maximum depth of alias recursion
|
|||
|
#O MaxAliasRecursion=10
|
|||
|
|
|||
|
# location of pid file
|
|||
|
#O PidFile=/var/run/sendmail.pid
|
|||
|
|
|||
|
# Prefix string for the process title shown on 'ps' listings
|
|||
|
#O ProcessTitlePrefix=prefix
|
|||
|
|
|||
|
# Data file (df) memory-buffer file maximum size
|
|||
|
#O DataFileBufferSize=4096
|
|||
|
|
|||
|
# Transcript file (xf) memory-buffer file maximum size
|
|||
|
#O XscriptFileBufferSize=4096
|
|||
|
|
|||
|
# lookup type to find information about local mailboxes
|
|||
|
#O MailboxDatabase=pw
|
|||
|
|
|||
|
# override compile time flag REQUIRES_DIR_FSYNC
|
|||
|
#O RequiresDirfsync=true
|
|||
|
|
|||
|
# list of authentication mechanisms
|
|||
|
#O AuthMechanisms=EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5
|
|||
|
|
|||
|
# Authentication realm
|
|||
|
#O AuthRealm
|
|||
|
|
|||
|
# default authentication information for outgoing connections
|
|||
|
#O DefaultAuthInfo=/etc/mail/default-auth-info
|
|||
|
|
|||
|
# SMTP AUTH flags
|
|||
|
O AuthOptions=A
|
|||
|
|
|||
|
# SMTP AUTH maximum encryption strength
|
|||
|
#O AuthMaxBits
|
|||
|
|
|||
|
# SMTP STARTTLS server options
|
|||
|
#O TLSSrvOptions
|
|||
|
|
|||
|
# Input mail filters
|
|||
|
#O InputMailFilters
|
|||
|
|
|||
|
|
|||
|
# CA directory
|
|||
|
#O CACertPath
|
|||
|
# CA file
|
|||
|
#O CACertFile
|
|||
|
# Server Cert
|
|||
|
#O ServerCertFile
|
|||
|
# Server private key
|
|||
|
#O ServerKeyFile
|
|||
|
# Client Cert
|
|||
|
#O ClientCertFile
|
|||
|
# Client private key
|
|||
|
#O ClientKeyFile
|
|||
|
# File containing certificate revocation lists
|
|||
|
#O CRLFile
|
|||
|
# DHParameters (only required if DSA/DH is used)
|
|||
|
#O DHParameters
|
|||
|
# Random data source (required for systems without /dev/urandom under OpenSSL)
|
|||
|
#O RandFile
|
|||
|
|
|||
|
############################
|
|||
|
# QUEUE GROUP DEFINITIONS #
|
|||
|
############################
|
|||
|
|
|||
|
|
|||
|
###########################
|
|||
|
# Message precedences #
|
|||
|
###########################
|
|||
|
|
|||
|
Pfirst-class=0
|
|||
|
Pspecial-delivery=100
|
|||
|
Plist=-30
|
|||
|
Pbulk=-60
|
|||
|
Pjunk=-100
|
|||
|
|
|||
|
#####################
|
|||
|
# Trusted users #
|
|||
|
#####################
|
|||
|
|
|||
|
# this is equivalent to setting class "t"
|
|||
|
Ft/etc/mail/trusted-users
|
|||
|
Troot
|
|||
|
Tdaemon
|
|||
|
Tuucp
|
|||
|
|
|||
|
#########################
|
|||
|
# Format of headers #
|
|||
|
#########################
|
|||
|
|
|||
|
H?P?Return-Path: <$g>
|
|||
|
HReceived: $?sfrom $s $.$?_($?s$|from $.$_)
|
|||
|
$.$?{auth_type}(authenticated$?{auth_ssf} bits=${auth_ssf}$.)
|
|||
|
$.by $j ($v/$Z)$?r with $r$. id $i$?{tls_version}
|
|||
|
(version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify})$.$?u
|
|||
|
for $u; $|;
|
|||
|
$.$b
|
|||
|
H?D?Resent-Date: $a
|
|||
|
H?D?Date: $a
|
|||
|
H?F?Resent-From: $?x$x <$g>$|$g$.
|
|||
|
H?F?From: $?x$x <$g>$|$g$.
|
|||
|
H?x?Full-Name: $x
|
|||
|
# HPosted-Date: $a
|
|||
|
# H?l?Received-Date: $b
|
|||
|
H?M?Resent-Message-Id: <$t.$i@$j>
|
|||
|
H?M?Message-Id: <$t.$i@$j>
|
|||
|
|
|||
|
#
|
|||
|
######################################################################
|
|||
|
######################################################################
|
|||
|
#####
|
|||
|
##### REWRITING RULES
|
|||
|
#####
|
|||
|
######################################################################
|
|||
|
######################################################################
|
|||
|
|
|||
|
############################################
|
|||
|
### Ruleset 3 -- Name Canonicalization ###
|
|||
|
############################################
|
|||
|
Scanonify=3
|
|||
|
|
|||
|
# handle null input (translate to <@> special case)
|
|||
|
R$@ $@ <@>
|
|||
|
|
|||
|
# strip group: syntax (not inside angle brackets!) and trailing semicolon
|
|||
|
R$* $: $1 <@> mark addresses
|
|||
|
R$* < $* > $* <@> $: $1 < $2 > $3 unmark <addr>
|
|||
|
R@ $* <@> $: @ $1 unmark @host:...
|
|||
|
R$* [ IPv6 : $+ ] <@> $: $1 [ IPv6 : $2 ] unmark IPv6 addr
|
|||
|
R$* :: $* <@> $: $1 :: $2 unmark node::addr
|
|||
|
R:include: $* <@> $: :include: $1 unmark :include:...
|
|||
|
R$* : $* [ $* ] $: $1 : $2 [ $3 ] <@> remark if leading colon
|
|||
|
R$* : $* <@> $: $2 strip colon if marked
|
|||
|
R$* <@> $: $1 unmark
|
|||
|
R$* ; $1 strip trailing semi
|
|||
|
R$* < $+ :; > $* $@ $2 :; <@> catch <list:;>
|
|||
|
R$* < $* ; > $1 < $2 > bogus bracketed semi
|
|||
|
|
|||
|
# null input now results from list:; syntax
|
|||
|
R$@ $@ :; <@>
|
|||
|
|
|||
|
# strip angle brackets -- note RFC733 heuristic to get innermost item
|
|||
|
R$* $: < $1 > housekeeping <>
|
|||
|
R$+ < $* > < $2 > strip excess on left
|
|||
|
R< $* > $+ < $1 > strip excess on right
|
|||
|
R<> $@ < @ > MAIL FROM:<> case
|
|||
|
R< $+ > $: $1 remove housekeeping <>
|
|||
|
|
|||
|
# strip route address <@a,@b,@c:user@d> -> <user@d>
|
|||
|
R@ $+ , $+ $2
|
|||
|
R@ [ $* ] : $+ $2
|
|||
|
R@ $+ : $+ $2
|
|||
|
|
|||
|
# find focus for list syntax
|
|||
|
R $+ : $* ; @ $+ $@ $>Canonify2 $1 : $2 ; < @ $3 > list syntax
|
|||
|
R $+ : $* ; $@ $1 : $2; list syntax
|
|||
|
|
|||
|
# find focus for @ syntax addresses
|
|||
|
R$+ @ $+ $: $1 < @ $2 > focus on domain
|
|||
|
R$+ < $+ @ $+ > $1 $2 < @ $3 > move gaze right
|
|||
|
R$+ < @ $+ > $@ $>Canonify2 $1 < @ $2 > already canonical
|
|||
|
|
|||
|
|
|||
|
# convert old-style addresses to a domain-based address
|
|||
|
R$- ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > resolve uucp names
|
|||
|
R$+ . $- ! $+ $@ $>Canonify2 $3 < @ $1 . $2 > domain uucps
|
|||
|
R$+ ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > uucp subdomains
|
|||
|
|
|||
|
# if we have % signs, take the rightmost one
|
|||
|
R$* % $* $1 @ $2 First make them all @s.
|
|||
|
R$* @ $* @ $* $1 % $2 @ $3 Undo all but the last.
|
|||
|
R$* @ $* $@ $>Canonify2 $1 < @ $2 > Insert < > and finish
|
|||
|
|
|||
|
# else we must be a local name
|
|||
|
R$* $@ $>Canonify2 $1
|
|||
|
|
|||
|
|
|||
|
################################################
|
|||
|
### Ruleset 96 -- bottom half of ruleset 3 ###
|
|||
|
################################################
|
|||
|
|
|||
|
SCanonify2=96
|
|||
|
|
|||
|
# handle special cases for local names
|
|||
|
R$* < @ localhost > $* $: $1 < @ $j . > $2 no domain at all
|
|||
|
R$* < @ localhost . $m > $* $: $1 < @ $j . > $2 local domain
|
|||
|
R$* < @ localhost . UUCP > $* $: $1 < @ $j . > $2 .UUCP domain
|
|||
|
|
|||
|
# check for IPv4/IPv6 domain literal
|
|||
|
R$* < @ [ $+ ] > $* $: $1 < @@ [ $2 ] > $3 mark [addr]
|
|||
|
R$* < @@ $=w > $* $: $1 < @ $j . > $3 self-literal
|
|||
|
R$* < @@ $+ > $* $@ $1 < @ $2 > $3 canon IP addr
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
# if really UUCP, handle it immediately
|
|||
|
|
|||
|
# try UUCP traffic as a local address
|
|||
|
R$* < @ $+ . UUCP > $* $: $1 < @ $[ $2 $] . UUCP . > $3
|
|||
|
R$* < @ $+ . . UUCP . > $* $@ $1 < @ $2 . > $3
|
|||
|
|
|||
|
# hostnames ending in class P are always canonical
|
|||
|
R$* < @ $* $=P > $* $: $1 < @ $2 $3 . > $4
|
|||
|
R$* < @ $* $~P > $* $: $&{daemon_flags} $| $1 < @ $2 $3 > $4
|
|||
|
R$* CC $* $| $* < @ $+.$+ > $* $: $3 < @ $4.$5 . > $6
|
|||
|
R$* CC $* $| $* $: $3
|
|||
|
# pass to name server to make hostname canonical
|
|||
|
R$* $| $* < @ $* > $* $: $2 < @ $[ $3 $] > $4
|
|||
|
R$* $| $* $: $2
|
|||
|
|
|||
|
# local host aliases and pseudo-domains are always canonical
|
|||
|
R$* < @ $=w > $* $: $1 < @ $2 . > $3
|
|||
|
R$* < @ $=M > $* $: $1 < @ $2 . > $3
|
|||
|
R$* < @ $={VirtHost} > $* $: $1 < @ $2 . > $3
|
|||
|
R$* < @ $* . . > $* $1 < @ $2 . > $3
|
|||
|
|
|||
|
|
|||
|
##################################################
|
|||
|
### Ruleset 4 -- Final Output Post-rewriting ###
|
|||
|
##################################################
|
|||
|
Sfinal=4
|
|||
|
|
|||
|
R$+ :; <@> $@ $1 : handle <list:;>
|
|||
|
R$* <@> $@ handle <> and list:;
|
|||
|
|
|||
|
# strip trailing dot off possibly canonical name
|
|||
|
R$* < @ $+ . > $* $1 < @ $2 > $3
|
|||
|
|
|||
|
# eliminate internal code
|
|||
|
R$* < @ *LOCAL* > $* $1 < @ $j > $2
|
|||
|
|
|||
|
# externalize local domain info
|
|||
|
R$* < $+ > $* $1 $2 $3 defocus
|
|||
|
R@ $+ : @ $+ : $+ @ $1 , @ $2 : $3 <route-addr> canonical
|
|||
|
R@ $* $@ @ $1 ... and exit
|
|||
|
|
|||
|
# UUCP must always be presented in old form
|
|||
|
R$+ @ $- . UUCP $2!$1 u@h.UUCP => h!u
|
|||
|
|
|||
|
# delete duplicate local names
|
|||
|
R$+ % $=w @ $=w $1 @ $2 u%host@host => u@host
|
|||
|
|
|||
|
|
|||
|
|
|||
|
##############################################################
|
|||
|
### Ruleset 97 -- recanonicalize and call ruleset zero ###
|
|||
|
### (used for recursive calls) ###
|
|||
|
##############################################################
|
|||
|
|
|||
|
SRecurse=97
|
|||
|
R$* $: $>canonify $1
|
|||
|
R$* $@ $>parse $1
|
|||
|
|
|||
|
|
|||
|
######################################
|
|||
|
### Ruleset 0 -- Parse Address ###
|
|||
|
######################################
|
|||
|
|
|||
|
Sparse=0
|
|||
|
|
|||
|
R$* $: $>Parse0 $1 initial parsing
|
|||
|
R<@> $#local $: <@> special case error msgs
|
|||
|
R$* $: $>ParseLocal $1 handle local hacks
|
|||
|
R$* $: $>Parse1 $1 final parsing
|
|||
|
|
|||
|
#
|
|||
|
# Parse0 -- do initial syntax checking and eliminate local addresses.
|
|||
|
# This should either return with the (possibly modified) input
|
|||
|
# or return with a #error mailer. It should not return with a
|
|||
|
# #mailer other than the #error mailer.
|
|||
|
#
|
|||
|
|
|||
|
SParse0
|
|||
|
R<@> $@ <@> special case error msgs
|
|||
|
R$* : $* ; <@> $#error $@ 5.1.3 $: "553 List:; syntax illegal for recipient addresses"
|
|||
|
R@ <@ $* > < @ $1 > catch "@@host" bogosity
|
|||
|
R<@ $+> $#error $@ 5.1.3 $: "553 User address required"
|
|||
|
R$+ <@> $#error $@ 5.1.3 $: "553 Hostname required"
|
|||
|
R$* $: <> $1
|
|||
|
R<> $* < @ [ $* ] : $+ > $* $1 < @ [ $2 ] : $3 > $4
|
|||
|
R<> $* < @ [ $* ] , $+ > $* $1 < @ [ $2 ] , $3 > $4
|
|||
|
R<> $* < @ [ $* ] $+ > $* $#error $@ 5.1.2 $: "553 Invalid address"
|
|||
|
R<> $* < @ [ $+ ] > $* $1 < @ [ $2 ] > $3
|
|||
|
R<> $* <$* : $* > $* $#error $@ 5.1.3 $: "553 Colon illegal in host name part"
|
|||
|
R<> $* $1
|
|||
|
R$* < @ . $* > $* $#error $@ 5.1.2 $: "553 Invalid host name"
|
|||
|
R$* < @ $* .. $* > $* $#error $@ 5.1.2 $: "553 Invalid host name"
|
|||
|
R$* < @ $* @ > $* $#error $@ 5.1.2 $: "553 Invalid route address"
|
|||
|
R$* @ $* < @ $* > $* $#error $@ 5.1.3 $: "553 Invalid route address"
|
|||
|
R$* , $~O $* $#error $@ 5.1.3 $: "553 Invalid route address"
|
|||
|
|
|||
|
|
|||
|
# now delete the local info -- note $=O to find characters that cause forwarding
|
|||
|
R$* < @ > $* $@ $>Parse0 $>canonify $1 user@ => user
|
|||
|
R< @ $=w . > : $* $@ $>Parse0 $>canonify $2 @here:... -> ...
|
|||
|
R$- < @ $=w . > $: $(dequote $1 $) < @ $2 . > dequote "foo"@here
|
|||
|
R< @ $+ > $#error $@ 5.1.3 $: "553 User address required"
|
|||
|
R$* $=O $* < @ $=w . > $@ $>Parse0 $>canonify $1 $2 $3 ...@here -> ...
|
|||
|
R$- $: $(dequote $1 $) < @ *LOCAL* > dequote "foo"
|
|||
|
R< @ *LOCAL* > $#error $@ 5.1.3 $: "553 User address required"
|
|||
|
R$* $=O $* < @ *LOCAL* >
|
|||
|
$@ $>Parse0 $>canonify $1 $2 $3 ...@*LOCAL* -> ...
|
|||
|
R$* < @ *LOCAL* > $: $1
|
|||
|
|
|||
|
#
|
|||
|
# Parse1 -- the bottom half of ruleset 0.
|
|||
|
#
|
|||
|
|
|||
|
SParse1
|
|||
|
|
|||
|
# handle numeric address spec
|
|||
|
R$* < @ [ $+ ] > $* $: $>ParseLocal $1 < @ [ $2 ] > $3 numeric internet spec
|
|||
|
R$* < @ [ $+ ] > $* $: $1 < @ [ $2 ] : $S > $3 Add smart host to path
|
|||
|
R$* < @ [ $+ ] : > $* $#esmtp $@ [$2] $: $1 < @ [$2] > $3 no smarthost: send
|
|||
|
R$* < @ [ $+ ] : $- : $*> $* $#$3 $@ $4 $: $1 < @ [$2] > $5 smarthost with mailer
|
|||
|
R$* < @ [ $+ ] : $+ > $* $#esmtp $@ $3 $: $1 < @ [$2] > $4 smarthost without mailer
|
|||
|
|
|||
|
# handle virtual users
|
|||
|
R$+ $: <!> $1 Mark for lookup
|
|||
|
R<!> $+ < @ $={VirtHost} . > $: < $(virtuser $1 @ $2 $@ $1 $: @ $) > $1 < @ $2 . >
|
|||
|
R<!> $+ < @ $=w . > $: < $(virtuser $1 @ $2 $@ $1 $: @ $) > $1 < @ $2 . >
|
|||
|
R<@> $+ + $+ < @ $* . >
|
|||
|
$: < $(virtuser $1 + + @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . >
|
|||
|
R<@> $+ + $* < @ $* . >
|
|||
|
$: < $(virtuser $1 + * @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . >
|
|||
|
R<@> $+ + $* < @ $* . >
|
|||
|
$: < $(virtuser $1 @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . >
|
|||
|
R<@> $+ + $+ < @ $+ . > $: < $(virtuser + + @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . >
|
|||
|
R<@> $+ + $* < @ $+ . > $: < $(virtuser + * @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . >
|
|||
|
R<@> $+ + $* < @ $+ . > $: < $(virtuser @ $3 $@ $1 $@ $2 $@ +$2 $: ! $) > $1 + $2 < @ $3 . >
|
|||
|
R<@> $+ < @ $+ . > $: < $(virtuser @ $2 $@ $1 $: @ $) > $1 < @ $2 . >
|
|||
|
R<@> $+ $: $1
|
|||
|
R<!> $+ $: $1
|
|||
|
R< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4
|
|||
|
R< error : $- $+ > $* $#error $@ $(dequote $1 $) $: $2
|
|||
|
R< $+ > $+ < @ $+ > $: $>Recurse $1
|
|||
|
|
|||
|
# short circuit local delivery so forwarded email works
|
|||
|
|
|||
|
|
|||
|
R$=L < @ $=w . > $#local $: @ $1 special local names
|
|||
|
R$+ < @ $=w . > $#local $: $1 regular local name
|
|||
|
|
|||
|
# not local -- try mailer table lookup
|
|||
|
R$* <@ $+ > $* $: < $2 > $1 < @ $2 > $3 extract host name
|
|||
|
R< $+ . > $* $: < $1 > $2 strip trailing dot
|
|||
|
R< $+ > $* $: < $(mailertable $1 $) > $2 lookup
|
|||
|
R< $~[ : $* > $* $>MailerToTriple < $1 : $2 > $3 check -- resolved?
|
|||
|
R< $+ > $* $: $>Mailertable <$1> $2 try domain
|
|||
|
|
|||
|
# resolve remotely connected UUCP links (if any)
|
|||
|
|
|||
|
# resolve fake top level domains by forwarding to other hosts
|
|||
|
|
|||
|
|
|||
|
|
|||
|
# pass names that still have a host to a smarthost (if defined)
|
|||
|
R$* < @ $* > $* $: $>MailerToTriple < $S > $1 < @ $2 > $3 glue on smarthost name
|
|||
|
|
|||
|
# deal with other remote names
|
|||
|
R$* < @$* > $* $#esmtp $@ $2 $: $1 < @ $2 > $3 user@host.domain
|
|||
|
|
|||
|
# handle locally delivered names
|
|||
|
R$=L $#local $: @ $1 special local names
|
|||
|
R$+ $#local $: $1 regular local names
|
|||
|
|
|||
|
###########################################################################
|
|||
|
### Ruleset 5 -- special rewriting after aliases have been expanded ###
|
|||
|
###########################################################################
|
|||
|
|
|||
|
SLocal_localaddr
|
|||
|
Slocaladdr=5
|
|||
|
R$+ $: $1 $| $>"Local_localaddr" $1
|
|||
|
R$+ $| $#ok $@ $1 no change
|
|||
|
R$+ $| $#$* $#$2
|
|||
|
R$+ $| $* $: $1
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
# deal with plussed users so aliases work nicely
|
|||
|
R$+ + * $#local $@ $&h $: $1
|
|||
|
R$+ + $* $#local $@ + $2 $: $1 + *
|
|||
|
|
|||
|
# prepend an empty "forward host" on the front
|
|||
|
R$+ $: <> $1
|
|||
|
|
|||
|
|
|||
|
|
|||
|
R< > $+ $: < > < $1 <> $&h > nope, restore +detail
|
|||
|
|
|||
|
R< > < $+ <> + $* > $: < > < $1 + $2 > check whether +detail
|
|||
|
R< > < $+ <> $* > $: < > < $1 > else discard
|
|||
|
R< > < $+ + $* > $* < > < $1 > + $2 $3 find the user part
|
|||
|
R< > < $+ > + $* $#local $@ $2 $: @ $1 strip the extra +
|
|||
|
R< > < $+ > $@ $1 no +detail
|
|||
|
R$+ $: $1 <> $&h add +detail back in
|
|||
|
|
|||
|
R$+ <> + $* $: $1 + $2 check whether +detail
|
|||
|
R$+ <> $* $: $1 else discard
|
|||
|
R< local : $* > $* $: $>MailerToTriple < local : $1 > $2 no host extension
|
|||
|
R< error : $* > $* $: $>MailerToTriple < error : $1 > $2 no host extension
|
|||
|
|
|||
|
R< $~[ : $+ > $+ $: $>MailerToTriple < $1 : $2 > $3 < @ $2 >
|
|||
|
|
|||
|
R< $+ > $+ $@ $>MailerToTriple < $1 > $2 < @ $1 >
|
|||
|
|
|||
|
|
|||
|
###################################################################
|
|||
|
### Ruleset 90 -- try domain part of mailertable entry ###
|
|||
|
###################################################################
|
|||
|
|
|||
|
SMailertable=90
|
|||
|
R$* <$- . $+ > $* $: $1$2 < $(mailertable .$3 $@ $1$2 $@ $2 $) > $4
|
|||
|
R$* <$~[ : $* > $* $>MailerToTriple < $2 : $3 > $4 check -- resolved?
|
|||
|
R$* < . $+ > $* $@ $>Mailertable $1 . <$2> $3 no -- strip & try again
|
|||
|
R$* < $* > $* $: < $(mailertable . $@ $1$2 $) > $3 try "."
|
|||
|
R< $~[ : $* > $* $>MailerToTriple < $1 : $2 > $3 "." found?
|
|||
|
R< $* > $* $@ $2 no mailertable match
|
|||
|
|
|||
|
###################################################################
|
|||
|
### Ruleset 95 -- canonify mailer:[user@]host syntax to triple ###
|
|||
|
###################################################################
|
|||
|
|
|||
|
SMailerToTriple=95
|
|||
|
R< > $* $@ $1 strip off null relay
|
|||
|
R< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4
|
|||
|
R< error : $- : $+ > $* $#error $@ $(dequote $1 $) $: $2
|
|||
|
R< error : $+ > $* $#error $: $1
|
|||
|
R< local : $* > $* $>CanonLocal < $1 > $2
|
|||
|
R< $~[ : $+ @ $+ > $*<$*>$* $# $1 $@ $3 $: $2<@$3> use literal user
|
|||
|
R< $~[ : $+ > $* $# $1 $@ $2 $: $3 try qualified mailer
|
|||
|
R< $=w > $* $@ $2 delete local host
|
|||
|
R< $+ > $* $#relay $@ $1 $: $2 use unqualified mailer
|
|||
|
|
|||
|
###################################################################
|
|||
|
### Ruleset CanonLocal -- canonify local: syntax ###
|
|||
|
###################################################################
|
|||
|
|
|||
|
SCanonLocal
|
|||
|
# strip local host from routed addresses
|
|||
|
R< $* > < @ $+ > : $+ $@ $>Recurse $3
|
|||
|
R< $* > $+ $=O $+ < @ $+ > $@ $>Recurse $2 $3 $4
|
|||
|
|
|||
|
# strip trailing dot from any host name that may appear
|
|||
|
R< $* > $* < @ $* . > $: < $1 > $2 < @ $3 >
|
|||
|
|
|||
|
# handle local: syntax -- use old user, either with or without host
|
|||
|
R< > $* < @ $* > $* $#local $@ $1@$2 $: $1
|
|||
|
R< > $+ $#local $@ $1 $: $1
|
|||
|
|
|||
|
# handle local:user@host syntax -- ignore host part
|
|||
|
R< $+ @ $+ > $* < @ $* > $: < $1 > $3 < @ $4 >
|
|||
|
|
|||
|
# handle local:user syntax
|
|||
|
R< $+ > $* <@ $* > $* $#local $@ $2@$3 $: $1
|
|||
|
R< $+ > $* $#local $@ $2 $: $1
|
|||
|
|
|||
|
###################################################################
|
|||
|
### Ruleset 93 -- convert header names to masqueraded form ###
|
|||
|
###################################################################
|
|||
|
|
|||
|
SMasqHdr=93
|
|||
|
|
|||
|
|
|||
|
# do not masquerade anything in class N
|
|||
|
R$* < @ $* $=N . > $@ $1 < @ $2 $3 . >
|
|||
|
|
|||
|
R$* < @ *LOCAL* > $@ $1 < @ $j . >
|
|||
|
|
|||
|
###################################################################
|
|||
|
### Ruleset 94 -- convert envelope names to masqueraded form ###
|
|||
|
###################################################################
|
|||
|
|
|||
|
SMasqEnv=94
|
|||
|
R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
|
|||
|
|
|||
|
###################################################################
|
|||
|
### Ruleset 98 -- local part of ruleset zero (can be null) ###
|
|||
|
###################################################################
|
|||
|
|
|||
|
SParseLocal=98
|
|||
|
|
|||
|
# addresses sent to foo@host.REDIRECT will give a 551 error code
|
|||
|
R$* < @ $+ .REDIRECT. > $: $1 < @ $2 . REDIRECT . > < ${opMode} >
|
|||
|
R$* < @ $+ .REDIRECT. > <i> $: $1 < @ $2 . REDIRECT. >
|
|||
|
R$* < @ $+ .REDIRECT. > < $- > $#error $@ 5.1.1 $: "551 User has moved; please try " <$1@$2>
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
######################################################################
|
|||
|
### D: LookUpDomain -- search for domain in access database
|
|||
|
###
|
|||
|
### Parameters:
|
|||
|
### <$1> -- key (domain name)
|
|||
|
### <$2> -- default (what to return if not found in db)
|
|||
|
### <$3> -- mark (must be <(!|+) single-token>)
|
|||
|
### ! does lookup only with tag
|
|||
|
### + does lookup with and without tag
|
|||
|
### <$4> -- passthru (additional data passed unchanged through)
|
|||
|
######################################################################
|
|||
|
|
|||
|
SD
|
|||
|
R<$*> <$+> <$- $-> <$*> $: < $(access $4:$1 $: ? $) > <$1> <$2> <$3 $4> <$5>
|
|||
|
R<?> <$+> <$+> <+ $-> <$*> $: < $(access $1 $: ? $) > <$1> <$2> <+ $3> <$4>
|
|||
|
R<?> <[$+.$-]> <$+> <$- $-> <$*> $@ $>D <[$1]> <$3> <$4 $5> <$6>
|
|||
|
R<?> <[$+::$-]> <$+> <$- $-> <$*> $: $>D <[$1]> <$3> <$4 $5> <$6>
|
|||
|
R<?> <[$+:$-]> <$+> <$- $-> <$*> $: $>D <[$1]> <$3> <$4 $5> <$6>
|
|||
|
R<?> <$+.$+> <$+> <$- $-> <$*> $@ $>D <$2> <$3> <$4 $5> <$6>
|
|||
|
R<?> <$+> <$+> <$- $-> <$*> $@ <$2> <$5>
|
|||
|
R<$* <TMPF>> <$+> <$+> <$- $-> <$*> $@ <<TMPF>> <$6>
|
|||
|
R<$*> <$+> <$+> <$- $-> <$*> $@ <$1> <$6>
|
|||
|
|
|||
|
######################################################################
|
|||
|
### A: LookUpAddress -- search for host address in access database
|
|||
|
###
|
|||
|
### Parameters:
|
|||
|
### <$1> -- key (dot quadded host address)
|
|||
|
### <$2> -- default (what to return if not found in db)
|
|||
|
### <$3> -- mark (must be <(!|+) single-token>)
|
|||
|
### ! does lookup only with tag
|
|||
|
### + does lookup with and without tag
|
|||
|
### <$4> -- passthru (additional data passed through)
|
|||
|
######################################################################
|
|||
|
|
|||
|
SA
|
|||
|
R<$+> <$+> <$- $-> <$*> $: < $(access $4:$1 $: ? $) > <$1> <$2> <$3 $4> <$5>
|
|||
|
R<?> <$+> <$+> <+ $-> <$*> $: < $(access $1 $: ? $) > <$1> <$2> <+ $3> <$4>
|
|||
|
R<?> <$+::$-> <$+> <$- $-> <$*> $@ $>A <$1> <$3> <$4 $5> <$6>
|
|||
|
R<?> <$+:$-> <$+> <$- $-> <$*> $@ $>A <$1> <$3> <$4 $5> <$6>
|
|||
|
R<?> <$+.$-> <$+> <$- $-> <$*> $@ $>A <$1> <$3> <$4 $5> <$6>
|
|||
|
R<?> <$+> <$+> <$- $-> <$*> $@ <$2> <$5>
|
|||
|
R<$* <TMPF>> <$+> <$+> <$- $-> <$*> $@ <<TMPF>> <$6>
|
|||
|
R<$*> <$+> <$+> <$- $-> <$*> $@ <$1> <$6>
|
|||
|
|
|||
|
######################################################################
|
|||
|
### CanonAddr -- Convert an address into a standard form for
|
|||
|
### relay checking. Route address syntax is
|
|||
|
### crudely converted into a %-hack address.
|
|||
|
###
|
|||
|
### Parameters:
|
|||
|
### $1 -- full recipient address
|
|||
|
###
|
|||
|
### Returns:
|
|||
|
### parsed address, not in source route form
|
|||
|
######################################################################
|
|||
|
|
|||
|
SCanonAddr
|
|||
|
R$* $: $>Parse0 $>canonify $1 make domain canonical
|
|||
|
|
|||
|
|
|||
|
######################################################################
|
|||
|
### ParseRecipient -- Strip off hosts in $=R as well as possibly
|
|||
|
### $* $=m or the access database.
|
|||
|
### Check user portion for host separators.
|
|||
|
###
|
|||
|
### Parameters:
|
|||
|
### $1 -- full recipient address
|
|||
|
###
|
|||
|
### Returns:
|
|||
|
### parsed, non-local-relaying address
|
|||
|
######################################################################
|
|||
|
|
|||
|
SParseRecipient
|
|||
|
R$* $: <?> $>CanonAddr $1
|
|||
|
R<?> $* < @ $* . > <?> $1 < @ $2 > strip trailing dots
|
|||
|
R<?> $- < @ $* > $: <?> $(dequote $1 $) < @ $2 > dequote local part
|
|||
|
|
|||
|
# if no $=O character, no host in the user portion, we are done
|
|||
|
R<?> $* $=O $* < @ $* > $: <NO> $1 $2 $3 < @ $4>
|
|||
|
R<?> $* $@ $1
|
|||
|
|
|||
|
|
|||
|
R<NO> $* < @ $* $=R > $: <RELAY> $1 < @ $2 $3 >
|
|||
|
R<NO> $* < @ $+ > $: $>D <$2> <NO> <+ To> <$1 < @ $2 >>
|
|||
|
R<$+> <$+> $: <$1> $2
|
|||
|
|
|||
|
|
|||
|
|
|||
|
R<RELAY> $* < @ $* > $@ $>ParseRecipient $1
|
|||
|
R<$+> $* $@ $2
|
|||
|
|
|||
|
|
|||
|
######################################################################
|
|||
|
### check_relay -- check hostname/address on SMTP startup
|
|||
|
######################################################################
|
|||
|
|
|||
|
|
|||
|
|
|||
|
SLocal_check_relay
|
|||
|
Scheck_relay
|
|||
|
R$* $: $1 $| $>"Local_check_relay" $1
|
|||
|
R$* $| $* $| $#$* $#$3
|
|||
|
R$* $| $* $| $* $@ $>"Basic_check_relay" $1 $| $2
|
|||
|
|
|||
|
SBasic_check_relay
|
|||
|
# check for deferred delivery mode
|
|||
|
R$* $: < $&{deliveryMode} > $1
|
|||
|
R< d > $* $@ deferred
|
|||
|
R< $* > $* $: $2
|
|||
|
|
|||
|
R$+ $| $+ $: $>D < $1 > <?> <+ Connect> < $2 >
|
|||
|
R $| $+ $: $>A < $1 > <?> <+ Connect> <> empty client_name
|
|||
|
R<?> <$+> $: $>A < $1 > <?> <+ Connect> <> no: another lookup
|
|||
|
R<?> <$*> $: OK found nothing
|
|||
|
R<$={Accept}> <$*> $@ $1 return value of lookup
|
|||
|
R<REJECT> <$*> $#error $@ 5.7.1 $: "550 Access denied"
|
|||
|
R<DISCARD> <$*> $#discard $: discard
|
|||
|
R<QUARANTINE:$+> <$*> $#error $@ quarantine $: $1
|
|||
|
R<ERROR:$-.$-.$-:$+> <$*> $#error $@ $1.$2.$3 $: $4
|
|||
|
R<ERROR:$+> <$*> $#error $: $1
|
|||
|
R<$* <TMPF>> <$*> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
|
|||
|
R<$+> <$*> $#error $: $1
|
|||
|
|
|||
|
|
|||
|
|
|||
|
######################################################################
|
|||
|
### check_mail -- check SMTP `MAIL FROM:' command argument
|
|||
|
######################################################################
|
|||
|
|
|||
|
SLocal_check_mail
|
|||
|
Scheck_mail
|
|||
|
R$* $: $1 $| $>"Local_check_mail" $1
|
|||
|
R$* $| $#$* $#$2
|
|||
|
R$* $| $* $@ $>"Basic_check_mail" $1
|
|||
|
|
|||
|
SBasic_check_mail
|
|||
|
# check for deferred delivery mode
|
|||
|
R$* $: < $&{deliveryMode} > $1
|
|||
|
R< d > $* $@ deferred
|
|||
|
R< $* > $* $: $2
|
|||
|
|
|||
|
# authenticated?
|
|||
|
R$* $: $1 $| $>"tls_client" $&{verify} $| MAIL
|
|||
|
R$* $| $#$+ $#$2
|
|||
|
R$* $| $* $: $1
|
|||
|
|
|||
|
R<> $@ <OK> we MUST accept <> (RFC 1123)
|
|||
|
R$+ $: <?> $1
|
|||
|
R<?><$+> $: <@> <$1>
|
|||
|
R<?>$+ $: <@> <$1>
|
|||
|
R$* $: $&{daemon_flags} $| $1
|
|||
|
R$* f $* $| <@> < $* @ $- > $: < ? $&{client_name} > < $3 @ $4 >
|
|||
|
R$* u $* $| <@> < $* > $: <?> < $3 >
|
|||
|
R$* $| $* $: $2
|
|||
|
# handle case of @localhost on address
|
|||
|
R<@> < $* @ localhost > $: < ? $&{client_name} > < $1 @ localhost >
|
|||
|
R<@> < $* @ [127.0.0.1] >
|
|||
|
$: < ? $&{client_name} > < $1 @ [127.0.0.1] >
|
|||
|
R<@> < $* @ localhost.$m >
|
|||
|
$: < ? $&{client_name} > < $1 @ localhost.$m >
|
|||
|
R<@> < $* @ localhost.UUCP >
|
|||
|
$: < ? $&{client_name} > < $1 @ localhost.UUCP >
|
|||
|
R<@> $* $: $1 no localhost as domain
|
|||
|
R<? $=w> $* $: $2 local client: ok
|
|||
|
R<? $+> <$+> $#error $@ 5.5.4 $: "553 Real domain name required for sender address"
|
|||
|
R<?> $* $: $1
|
|||
|
R$* $: <?> $>CanonAddr $1 canonify sender address and mark it
|
|||
|
R<?> $* < @ $+ . > <?> $1 < @ $2 > strip trailing dots
|
|||
|
# handle non-DNS hostnames (*.bitnet, *.decnet, *.uucp, etc)
|
|||
|
R<?> $* < @ $* $=P > $: <OKR> $1 < @ $2 $3 >
|
|||
|
R<?> $* < @ $j > $: <OKR> $1 < @ $j >
|
|||
|
R<?> $* < @ $+ > $: <OKR> $1 < @ $2 > ... unresolvable OK
|
|||
|
|
|||
|
# check sender address: user@address, user@, address
|
|||
|
R<$+> $+ < @ $* > $: @<$1> <$2 < @ $3 >> $| <F:$2@$3> <U:$2@> <D:$3>
|
|||
|
R<$+> $+ $: @<$1> <$2> $| <U:$2@>
|
|||
|
R@ <$+> <$*> $| <$+> $: <@> <$1> <$2> $| $>SearchList <+ From> $| <$3> <>
|
|||
|
R<@> <$+> <$*> $| <$*> $: <$3> <$1> <$2> reverse result
|
|||
|
# retransform for further use
|
|||
|
R<?> <$+> <$*> $: <$1> $2 no match
|
|||
|
R<$+> <$+> <$*> $: <$1> $3 relevant result, keep it
|
|||
|
|
|||
|
# handle case of no @domain on address
|
|||
|
R<?> $* $: $&{daemon_flags} $| <?> $1
|
|||
|
R$* u $* $| <?> $* $: <OKR> $3
|
|||
|
R$* $| $* $: $2
|
|||
|
R<?> $* $: < ? $&{client_addr} > $1
|
|||
|
R<?> $* $@ <OKR> ...local unqualed ok
|
|||
|
R<? $+> $* $#error $@ 5.5.4 $: "553 Domain name required for sender address " $&f
|
|||
|
...remote is not
|
|||
|
# check results
|
|||
|
R<?> $* $: @ $1 mark address: nothing known about it
|
|||
|
R<$={ResOk}> $* $@ <OKR> domain ok: stop
|
|||
|
R<TEMP> $* $#error $@ 4.1.8 $: "451 Domain of sender address " $&f " does not resolve"
|
|||
|
R<PERM> $* $#error $@ 5.1.8 $: "553 Domain of sender address " $&f " does not exist"
|
|||
|
R<$={Accept}> $* $# $1 accept from access map
|
|||
|
R<DISCARD> $* $#discard $: discard
|
|||
|
R<QUARANTINE:$+> $* $#error $@ quarantine $: $1
|
|||
|
R<REJECT> $* $#error $@ 5.7.1 $: "550 Access denied"
|
|||
|
R<ERROR:$-.$-.$-:$+> $* $#error $@ $1.$2.$3 $: $4
|
|||
|
R<ERROR:$+> $* $#error $: $1
|
|||
|
R<<TMPF>> $* $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
|
|||
|
R<$+> $* $#error $: $1 error from access db
|
|||
|
|
|||
|
######################################################################
|
|||
|
### check_rcpt -- check SMTP `RCPT TO:' command argument
|
|||
|
######################################################################
|
|||
|
|
|||
|
SLocal_check_rcpt
|
|||
|
Scheck_rcpt
|
|||
|
R$* $: $1 $| $>"Local_check_rcpt" $1
|
|||
|
R$* $| $#$* $#$2
|
|||
|
R$* $| $* $@ $>"Basic_check_rcpt" $1
|
|||
|
|
|||
|
SBasic_check_rcpt
|
|||
|
# empty address?
|
|||
|
R<> $#error $@ nouser $: "553 User address required"
|
|||
|
R$@ $#error $@ nouser $: "553 User address required"
|
|||
|
# check for deferred delivery mode
|
|||
|
R$* $: < $&{deliveryMode} > $1
|
|||
|
R< d > $* $@ deferred
|
|||
|
R< $* > $* $: $2
|
|||
|
|
|||
|
|
|||
|
######################################################################
|
|||
|
R$* $: $1 $| @ $>"Rcpt_ok" $1
|
|||
|
R$* $| @ $#TEMP $+ $: $1 $| T $2
|
|||
|
R$* $| @ $#$* $#$2
|
|||
|
R$* $| @ RELAY $@ RELAY
|
|||
|
R$* $| @ $* $: O $| $>"Relay_ok" $1
|
|||
|
R$* $| T $+ $: T $2 $| $>"Relay_ok" $1
|
|||
|
R$* $| $#TEMP $+ $#error $2
|
|||
|
R$* $| $#$* $#$2
|
|||
|
R$* $| RELAY $@ RELAY
|
|||
|
R T $+ $| $* $#error $1
|
|||
|
# anything else is bogus
|
|||
|
R$* $#error $@ 5.7.1 $: "550 Relaying denied"
|
|||
|
|
|||
|
|
|||
|
######################################################################
|
|||
|
### Rcpt_ok: is the recipient ok?
|
|||
|
######################################################################
|
|||
|
SRcpt_ok
|
|||
|
R$* $: $>ParseRecipient $1 strip relayable hosts
|
|||
|
|
|||
|
|
|||
|
|
|||
|
# blacklist local users or any host from receiving mail
|
|||
|
R$* $: <?> $1
|
|||
|
R<?> $+ < @ $=w > $: <> <$1 < @ $2 >> $| <F:$1@$2> <U:$1@> <D:$2>
|
|||
|
R<?> $+ < @ $* > $: <> <$1 < @ $2 >> $| <F:$1@$2> <D:$2>
|
|||
|
R<?> $+ $: <> <$1> $| <U:$1@>
|
|||
|
R<> <$*> $| <$+> $: <@> <$1> $| $>SearchList <+ To> $| <$2> <>
|
|||
|
R<@> <$*> $| <$*> $: <$2> <$1> reverse result
|
|||
|
R<?> <$*> $: @ $1 mark address as no match
|
|||
|
R<$={Accept}> <$*> $: @ $2 mark address as no match
|
|||
|
|
|||
|
R<REJECT> $* $#error $@ 5.2.1 $: "550 Mailbox disabled for this recipient"
|
|||
|
R<DISCARD> $* $#discard $: discard
|
|||
|
R<QUARANTINE:$+> $* $#error $@ quarantine $: $1
|
|||
|
R<ERROR:$-.$-.$-:$+> $* $#error $@ $1.$2.$3 $: $4
|
|||
|
R<ERROR:$+> $* $#error $: $1
|
|||
|
R<<TMPF>> $* $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
|
|||
|
R<$+> $* $#error $: $1 error from access db
|
|||
|
R@ $* $1 remove mark
|
|||
|
|
|||
|
# authenticated via TLS?
|
|||
|
R$* $: $1 $| $>RelayTLS client authenticated?
|
|||
|
R$* $| $# $+ $# $2 error/ok?
|
|||
|
R$* $| $* $: $1 no
|
|||
|
|
|||
|
R$* $: $1 $| $>"Local_Relay_Auth" $&{auth_type}
|
|||
|
R$* $| $# $* $# $2
|
|||
|
R$* $| NO $: $1
|
|||
|
R$* $| $* $: $1 $| $&{auth_type}
|
|||
|
R$* $| $: $1
|
|||
|
R$* $| $={TrustAuthMech} $# RELAY
|
|||
|
R$* $| $* $: $1
|
|||
|
# anything terminating locally is ok
|
|||
|
R$+ < @ $=w > $@ RELAY
|
|||
|
R$+ < @ $* $=R > $@ RELAY
|
|||
|
R$+ < @ $+ > $: $>D <$2> <?> <+ To> <$1 < @ $2 >>
|
|||
|
R<RELAY> $* $@ RELAY
|
|||
|
R<$* <TMPF>> $* $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
|
|||
|
R<$*> <$*> $: $2
|
|||
|
|
|||
|
|
|||
|
|
|||
|
# check for local user (i.e. unqualified address)
|
|||
|
R$* $: <?> $1
|
|||
|
R<?> $* < @ $+ > $: <REMOTE> $1 < @ $2 >
|
|||
|
# local user is ok
|
|||
|
R<?> $+ $@ RELAY
|
|||
|
R<$+> $* $: $2
|
|||
|
|
|||
|
######################################################################
|
|||
|
### Relay_ok: is the relay/sender ok?
|
|||
|
######################################################################
|
|||
|
SRelay_ok
|
|||
|
# anything originating locally is ok
|
|||
|
# check IP address
|
|||
|
R$* $: $&{client_addr}
|
|||
|
R$@ $@ RELAY originated locally
|
|||
|
R0 $@ RELAY originated locally
|
|||
|
R127.0.0.1 $@ RELAY originated locally
|
|||
|
RIPv6:::1 $@ RELAY originated locally
|
|||
|
R$=R $* $@ RELAY relayable IP address
|
|||
|
R$* $: $>A <$1> <?> <+ Connect> <$1>
|
|||
|
R<RELAY> $* $@ RELAY relayable IP address
|
|||
|
|
|||
|
R<<TMPF>> $* $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
|
|||
|
R<$*> <$*> $: $2
|
|||
|
R$* $: [ $1 ] put brackets around it...
|
|||
|
R$=w $@ RELAY ... and see if it is local
|
|||
|
|
|||
|
|
|||
|
# check client name: first: did it resolve?
|
|||
|
R$* $: < $&{client_resolve} >
|
|||
|
R<TEMP> $#TEMP $@ 4.4.0 $: "450 Relaying temporarily denied. Cannot resolve PTR record for " $&{client_addr}
|
|||
|
R<FORGED> $#error $@ 5.7.1 $: "550 Relaying denied. IP name possibly forged " $&{client_name}
|
|||
|
R<FAIL> $#error $@ 5.7.1 $: "550 Relaying denied. IP name lookup failed " $&{client_name}
|
|||
|
R$* $: <@> $&{client_name}
|
|||
|
# pass to name server to make hostname canonical
|
|||
|
R<@> $* $=P $:<?> $1 $2
|
|||
|
R<@> $+ $:<?> $[ $1 $]
|
|||
|
R$* . $1 strip trailing dots
|
|||
|
R<?> $=w $@ RELAY
|
|||
|
R<?> $* $=R $@ RELAY
|
|||
|
R<?> $* $: $>D <$1> <?> <+ Connect> <$1>
|
|||
|
R<RELAY> $* $@ RELAY
|
|||
|
R<$* <TMPF>> $* $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
|
|||
|
R<$*> <$*> $: $2
|
|||
|
|
|||
|
|
|||
|
######################################################################
|
|||
|
### F: LookUpFull -- search for an entry in access database
|
|||
|
###
|
|||
|
### lookup of full key (which should be an address) and
|
|||
|
### variations if +detail exists: +* and without +detail
|
|||
|
###
|
|||
|
### Parameters:
|
|||
|
### <$1> -- key
|
|||
|
### <$2> -- default (what to return if not found in db)
|
|||
|
### <$3> -- mark (must be <(!|+) single-token>)
|
|||
|
### ! does lookup only with tag
|
|||
|
### + does lookup with and without tag
|
|||
|
### <$4> -- passthru (additional data passed unchanged through)
|
|||
|
######################################################################
|
|||
|
|
|||
|
SF
|
|||
|
R<$+> <$*> <$- $-> <$*> $: <$(access $4:$1 $: ? $)> <$1> <$2> <$3 $4> <$5>
|
|||
|
R<?> <$+> <$*> <+ $-> <$*> $: <$(access $1 $: ? $)> <$1> <$2> <+ $3> <$4>
|
|||
|
R<?> <$+ + $* @ $+> <$*> <$- $-> <$*>
|
|||
|
$: <$(access $6:$1+*@$3 $: ? $)> <$1+$2@$3> <$4> <$5 $6> <$7>
|
|||
|
R<?> <$+ + $* @ $+> <$*> <+ $-> <$*>
|
|||
|
$: <$(access $1+*@$3 $: ? $)> <$1+$2@$3> <$4> <+ $5> <$6>
|
|||
|
R<?> <$+ + $* @ $+> <$*> <$- $-> <$*>
|
|||
|
$: <$(access $6:$1@$3 $: ? $)> <$1+$2@$3> <$4> <$5 $6> <$7>
|
|||
|
R<?> <$+ + $* @ $+> <$*> <+ $-> <$*>
|
|||
|
$: <$(access $1@$3 $: ? $)> <$1+$2@$3> <$4> <+ $5> <$6>
|
|||
|
R<?> <$+> <$*> <$- $-> <$*> $@ <$2> <$5>
|
|||
|
R<$+ <TMPF>> <$*> <$- $-> <$*> $@ <<TMPF>> <$5>
|
|||
|
R<$+> <$*> <$- $-> <$*> $@ <$1> <$5>
|
|||
|
|
|||
|
######################################################################
|
|||
|
### E: LookUpExact -- search for an entry in access database
|
|||
|
###
|
|||
|
### Parameters:
|
|||
|
### <$1> -- key
|
|||
|
### <$2> -- default (what to return if not found in db)
|
|||
|
### <$3> -- mark (must be <(!|+) single-token>)
|
|||
|
### ! does lookup only with tag
|
|||
|
### + does lookup with and without tag
|
|||
|
### <$4> -- passthru (additional data passed unchanged through)
|
|||
|
######################################################################
|
|||
|
|
|||
|
SE
|
|||
|
R<$*> <$*> <$- $-> <$*> $: <$(access $4:$1 $: ? $)> <$1> <$2> <$3 $4> <$5>
|
|||
|
R<?> <$+> <$*> <+ $-> <$*> $: <$(access $1 $: ? $)> <$1> <$2> <+ $3> <$4>
|
|||
|
R<?> <$+> <$*> <$- $-> <$*> $@ <$2> <$5>
|
|||
|
R<$+ <TMPF>> <$*> <$- $-> <$*> $@ <<TMPF>> <$5>
|
|||
|
R<$+> <$*> <$- $-> <$*> $@ <$1> <$5>
|
|||
|
|
|||
|
######################################################################
|
|||
|
### U: LookUpUser -- search for an entry in access database
|
|||
|
###
|
|||
|
### lookup of key (which should be a local part) and
|
|||
|
### variations if +detail exists: +* and without +detail
|
|||
|
###
|
|||
|
### Parameters:
|
|||
|
### <$1> -- key (user@)
|
|||
|
### <$2> -- default (what to return if not found in db)
|
|||
|
### <$3> -- mark (must be <(!|+) single-token>)
|
|||
|
### ! does lookup only with tag
|
|||
|
### + does lookup with and without tag
|
|||
|
### <$4> -- passthru (additional data passed unchanged through)
|
|||
|
######################################################################
|
|||
|
|
|||
|
SU
|
|||
|
R<$+> <$*> <$- $-> <$*> $: <$(access $4:$1 $: ? $)> <$1> <$2> <$3 $4> <$5>
|
|||
|
R<?> <$+> <$*> <+ $-> <$*> $: <$(access $1 $: ? $)> <$1> <$2> <+ $3> <$4>
|
|||
|
R<?> <$+ + $* @> <$*> <$- $-> <$*>
|
|||
|
$: <$(access $5:$1+*@ $: ? $)> <$1+$2@> <$3> <$4 $5> <$6>
|
|||
|
R<?> <$+ + $* @> <$*> <+ $-> <$*>
|
|||
|
$: <$(access $1+*@ $: ? $)> <$1+$2@> <$3> <+ $4> <$5>
|
|||
|
R<?> <$+ + $* @> <$*> <$- $-> <$*>
|
|||
|
$: <$(access $5:$1@ $: ? $)> <$1+$2@> <$3> <$4 $5> <$6>
|
|||
|
R<?> <$+ + $* @> <$*> <+ $-> <$*>
|
|||
|
$: <$(access $1@ $: ? $)> <$1+$2@> <$3> <+ $4> <$5>
|
|||
|
R<?> <$+> <$*> <$- $-> <$*> $@ <$2> <$5>
|
|||
|
R<$+ <TMPF>> <$*> <$- $-> <$*> $@ <<TMPF>> <$5>
|
|||
|
R<$+> <$*> <$- $-> <$*> $@ <$1> <$5>
|
|||
|
|
|||
|
######################################################################
|
|||
|
### SearchList: search a list of items in the access map
|
|||
|
### Parameters:
|
|||
|
### <exact tag> $| <mark:address> <mark:address> ... <>
|
|||
|
### where "exact" is either "+" or "!":
|
|||
|
### <+ TAG> lookup with and w/o tag
|
|||
|
### <! TAG> lookup with tag
|
|||
|
### possible values for "mark" are:
|
|||
|
### D: recursive host lookup (LookUpDomain)
|
|||
|
### E: exact lookup, no modifications
|
|||
|
### F: full lookup, try user+ext@domain and user@domain
|
|||
|
### U: user lookup, try user+ext and user (input must have trailing @)
|
|||
|
### return: <RHS of lookup> or <?> (not found)
|
|||
|
######################################################################
|
|||
|
|
|||
|
# class with valid marks for SearchList
|
|||
|
C{Src}E F D U
|
|||
|
SSearchList
|
|||
|
# just call the ruleset with the name of the tag... nice trick...
|
|||
|
R<$+> $| <$={Src}:$*> <$*> $: <$1> $| <$4> $| $>$2 <$3> <?> <$1> <>
|
|||
|
R<$+> $| <> $| <?> <> $@ <?>
|
|||
|
R<$+> $| <$+> $| <?> <> $@ $>SearchList <$1> $| <$2>
|
|||
|
R<$+> $| <$*> $| <$+> <> $@ <$3>
|
|||
|
R<$+> $| <$+> $@ <$2>
|
|||
|
|
|||
|
|
|||
|
######################################################################
|
|||
|
### trust_auth: is user trusted to authenticate as someone else?
|
|||
|
###
|
|||
|
### Parameters:
|
|||
|
### $1: AUTH= parameter from MAIL command
|
|||
|
######################################################################
|
|||
|
|
|||
|
SLocal_trust_auth
|
|||
|
Strust_auth
|
|||
|
R$* $: $&{auth_type} $| $1
|
|||
|
# required by RFC 2554 section 4.
|
|||
|
R$@ $| $* $#error $@ 5.7.1 $: "550 not authenticated"
|
|||
|
R$* $| $&{auth_authen} $@ identical
|
|||
|
R$* $| <$&{auth_authen}> $@ identical
|
|||
|
R$* $| $* $: $1 $| $>"Local_trust_auth" $2
|
|||
|
R$* $| $#$* $#$2
|
|||
|
R$* $#error $@ 5.7.1 $: "550 " $&{auth_authen} " not allowed to act as " $&{auth_author}
|
|||
|
|
|||
|
######################################################################
|
|||
|
### Relay_Auth: allow relaying based on authentication?
|
|||
|
###
|
|||
|
### Parameters:
|
|||
|
### $1: ${auth_type}
|
|||
|
######################################################################
|
|||
|
SLocal_Relay_Auth
|
|||
|
|
|||
|
######################################################################
|
|||
|
### srv_features: which features to offer to a client?
|
|||
|
### (done in server)
|
|||
|
######################################################################
|
|||
|
Ssrv_features
|
|||
|
R$* $: $>D <$&{client_name}> <?> <! "Srv_Features"> <>
|
|||
|
R<?>$* $: $>A <$&{client_addr}> <?> <! "Srv_Features"> <>
|
|||
|
R<?>$* $: <$(access "Srv_Features": $: ? $)>
|
|||
|
R<?>$* $@ OK
|
|||
|
R<$* <TMPF>>$* $#temp
|
|||
|
R<$+>$* $# $1
|
|||
|
|
|||
|
######################################################################
|
|||
|
### try_tls: try to use STARTTLS?
|
|||
|
### (done in client)
|
|||
|
######################################################################
|
|||
|
Stry_tls
|
|||
|
R$* $: $>D <$&{server_name}> <?> <! "Try_TLS"> <>
|
|||
|
R<?>$* $: $>A <$&{server_addr}> <?> <! "Try_TLS"> <>
|
|||
|
R<?>$* $: <$(access "Try_TLS": $: ? $)>
|
|||
|
R<?>$* $@ OK
|
|||
|
R<$* <TMPF>>$* $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
|
|||
|
R<NO>$* $#error $@ 5.7.1 $: "550 do not try TLS with " $&{server_name} " ["$&{server_addr}"]"
|
|||
|
|
|||
|
######################################################################
|
|||
|
### tls_rcpt: is connection with server "good" enough?
|
|||
|
### (done in client, per recipient)
|
|||
|
###
|
|||
|
### Parameters:
|
|||
|
### $1: recipient
|
|||
|
######################################################################
|
|||
|
Stls_rcpt
|
|||
|
R$* $: $(macro {TLS_Name} $@ $&{server_name} $) $1
|
|||
|
R$+ $: <?> $>CanonAddr $1
|
|||
|
R<?> $+ < @ $+ . > <?> $1 <@ $2 >
|
|||
|
R<?> $+ < @ $+ > $: $1 <@ $2 > $| <F:$1@$2> <U:$1@> <D:$2> <E:>
|
|||
|
R<?> $+ $: $1 $| <U:$1@> <E:>
|
|||
|
R$* $| $+ $: $1 $| $>SearchList <! "TLS_Rcpt"> $| $2 <>
|
|||
|
R$* $| <?> $@ OK
|
|||
|
R$* $| <$* <TMPF>> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
|
|||
|
R$* $| <$+> $@ $>"TLS_connection" $&{verify} $| <$2>
|
|||
|
|
|||
|
######################################################################
|
|||
|
### tls_client: is connection with client "good" enough?
|
|||
|
### (done in server)
|
|||
|
###
|
|||
|
### Parameters:
|
|||
|
### ${verify} $| (MAIL|STARTTLS)
|
|||
|
######################################################################
|
|||
|
Stls_client
|
|||
|
R$* $: $(macro {TLS_Name} $@ $&{server_name} $) $1
|
|||
|
R$* $| $* $: $1 $| $>D <$&{client_name}> <?> <! "TLS_Clt"> <>
|
|||
|
R$* $| <?>$* $: $1 $| $>A <$&{client_addr}> <?> <! "TLS_Clt"> <>
|
|||
|
R$* $| <?>$* $: $1 $| <$(access "TLS_Clt": $: ? $)>
|
|||
|
R$* $| <$* <TMPF>> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
|
|||
|
R$* $@ $>"TLS_connection" $1
|
|||
|
|
|||
|
######################################################################
|
|||
|
### tls_server: is connection with server "good" enough?
|
|||
|
### (done in client)
|
|||
|
###
|
|||
|
### Parameter:
|
|||
|
### ${verify}
|
|||
|
######################################################################
|
|||
|
Stls_server
|
|||
|
R$* $: $(macro {TLS_Name} $@ $&{server_name} $) $1
|
|||
|
R$* $: $1 $| $>D <$&{server_name}> <?> <! "TLS_Srv"> <>
|
|||
|
R$* $| <?>$* $: $1 $| $>A <$&{server_addr}> <?> <! "TLS_Srv"> <>
|
|||
|
R$* $| <?>$* $: $1 $| <$(access "TLS_Srv": $: ? $)>
|
|||
|
R$* $| <$* <TMPF>> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
|
|||
|
R$* $@ $>"TLS_connection" $1
|
|||
|
|
|||
|
######################################################################
|
|||
|
### TLS_connection: is TLS connection "good" enough?
|
|||
|
###
|
|||
|
### Parameters:
|
|||
|
### ${verify} $| <Requirement> [<>]
|
|||
|
### Requirement: RHS from access map, may be ? for none.
|
|||
|
######################################################################
|
|||
|
STLS_connection
|
|||
|
R$* $| <$*>$* $: $1 $| <$2>
|
|||
|
# create the appropriate error codes
|
|||
|
R$* $| <PERM + $={Tls} $*> $: $1 $| <503:5.7.0> <$2 $3>
|
|||
|
R$* $| <TEMP + $={Tls} $*> $: $1 $| <403:4.7.0> <$2 $3>
|
|||
|
R$* $| <$={Tls} $*> $: $1 $| <403:4.7.0> <$2 $3>
|
|||
|
# deal with TLS handshake failures: abort
|
|||
|
RSOFTWARE $| <$-:$+> $* $#error $@ $2 $: $1 " TLS handshake failed."
|
|||
|
RSOFTWARE $| $* $#error $@ 4.7.0 $: "403 TLS handshake failed."
|
|||
|
# deal with TLS protocol errors: abort
|
|||
|
RPROTOCOL $| <$-:$+> $* $#error $@ $2 $: $1 " STARTTLS failed."
|
|||
|
RPROTOCOL $| $* $#error $@ 4.7.0 $: "403 STARTTLS failed."
|
|||
|
R$* $| <$*> <VERIFY> $: <$2> <VERIFY> <> $1
|
|||
|
R$* $| <$*> <VERIFY + $+> $: <$2> <VERIFY> <$3> $1
|
|||
|
R$* $| <$*> <$={Tls}:$->$* $: <$2> <$3:$4> <> $1
|
|||
|
R$* $| <$*> <$={Tls}:$- + $+>$* $: <$2> <$3:$4> <$5> $1
|
|||
|
R$* $| $* $@ OK
|
|||
|
# authentication required: give appropriate error
|
|||
|
# other side did authenticate (via STARTTLS)
|
|||
|
R<$*><VERIFY> <> OK $@ OK
|
|||
|
R<$*><VERIFY> <$+> OK $: <$1> <REQ:0> <$2>
|
|||
|
R<$*><VERIFY:$-> <$*> OK $: <$1> <REQ:$2> <$3>
|
|||
|
R<$*><ENCR:$-> <$*> $* $: <$1> <REQ:$2> <$3>
|
|||
|
R<$-:$+><VERIFY $*> <$*> $#error $@ $2 $: $1 " authentication required"
|
|||
|
R<$-:$+><VERIFY $*> <$*> FAIL $#error $@ $2 $: $1 " authentication failed"
|
|||
|
R<$-:$+><VERIFY $*> <$*> NO $#error $@ $2 $: $1 " not authenticated"
|
|||
|
R<$-:$+><VERIFY $*> <$*> NOT $#error $@ $2 $: $1 " no authentication requested"
|
|||
|
R<$-:$+><VERIFY $*> <$*> NONE $#error $@ $2 $: $1 " other side does not support STARTTLS"
|
|||
|
R<$-:$+><VERIFY $*> <$*> $+ $#error $@ $2 $: $1 " authentication failure " $4
|
|||
|
R<$*><REQ:$-> <$*> $: <$1> <REQ:$2> <$3> $>max $&{cipher_bits} : $&{auth_ssf}
|
|||
|
R<$*><REQ:$-> <$*> $- $: <$1> <$2:$4> <$3> $(arith l $@ $4 $@ $2 $)
|
|||
|
R<$-:$+><$-:$-> <$*> TRUE $#error $@ $2 $: $1 " encryption too weak " $4 " less than " $3
|
|||
|
R<$-:$+><$-:$-> <$*> $* $: <$1:$2 ++ $5>
|
|||
|
R<$-:$+ ++ > $@ OK
|
|||
|
R<$-:$+ ++ $+ > $: <$1:$2> <$3>
|
|||
|
R<$-:$+> < $+ ++ $+ > <$1:$2> <$3> <$4>
|
|||
|
R<$-:$+> $+ $@ $>"TLS_req" $3 $| <$1:$2>
|
|||
|
|
|||
|
######################################################################
|
|||
|
### TLS_req: check additional TLS requirements
|
|||
|
###
|
|||
|
### Parameters: [<list> <of> <req>] $| <$-:$+>
|
|||
|
### $-: SMTP reply code
|
|||
|
### $+: Enhanced Status Code
|
|||
|
######################################################################
|
|||
|
STLS_req
|
|||
|
R $| $+ $@ OK
|
|||
|
R<CN> $* $| <$+> $: <CN:$&{TLS_Name}> $1 $| <$2>
|
|||
|
R<CN:$&{cn_subject}> $* $| <$+> $@ $>"TLS_req" $1 $| <$2>
|
|||
|
R<CN:$+> $* $| <$-:$+> $#error $@ $4 $: $3 " CN " $&{cn_subject} " does not match " $1
|
|||
|
R<CS:$&{cert_subject}> $* $| <$+> $@ $>"TLS_req" $1 $| <$2>
|
|||
|
R<CS:$+> $* $| <$-:$+> $#error $@ $4 $: $3 " Cert Subject " $&{cert_subject} " does not match " $1
|
|||
|
R<CI:$&{cert_issuer}> $* $| <$+> $@ $>"TLS_req" $1 $| <$2>
|
|||
|
R<CI:$+> $* $| <$-:$+> $#error $@ $4 $: $3 " Cert Issuer " $&{cert_issuer} " does not match " $1
|
|||
|
ROK $@ OK
|
|||
|
|
|||
|
######################################################################
|
|||
|
### max: return the maximum of two values separated by :
|
|||
|
###
|
|||
|
### Parameters: [$-]:[$-]
|
|||
|
######################################################################
|
|||
|
Smax
|
|||
|
R: $: 0
|
|||
|
R:$- $: $1
|
|||
|
R$-: $: $1
|
|||
|
R$-:$- $: $(arith l $@ $1 $@ $2 $) : $1 : $2
|
|||
|
RTRUE:$-:$- $: $2
|
|||
|
R$-:$-:$- $: $2
|
|||
|
|
|||
|
|
|||
|
######################################################################
|
|||
|
### RelayTLS: allow relaying based on TLS authentication
|
|||
|
###
|
|||
|
### Parameters:
|
|||
|
### none
|
|||
|
######################################################################
|
|||
|
SRelayTLS
|
|||
|
# authenticated?
|
|||
|
R$* $: <?> $&{verify}
|
|||
|
R<?> OK $: OK authenticated: continue
|
|||
|
R<?> $* $@ NO not authenticated
|
|||
|
R$* $: $&{cert_issuer}
|
|||
|
R$+ $: $(access CERTISSUER:$1 $)
|
|||
|
RRELAY $# RELAY
|
|||
|
RSUBJECT $: <@> $&{cert_subject}
|
|||
|
R<@> $+ $: <@> $(access CERTSUBJECT:$1 $)
|
|||
|
R<@> RELAY $# RELAY
|
|||
|
R$* $: NO
|
|||
|
|
|||
|
######################################################################
|
|||
|
### authinfo: lookup authinfo in the access map
|
|||
|
###
|
|||
|
### Parameters:
|
|||
|
### $1: {server_name}
|
|||
|
### $2: {server_addr}
|
|||
|
######################################################################
|
|||
|
Sauthinfo
|
|||
|
R$* $: $1 $| $>D <$&{server_name}> <?> <! AuthInfo> <>
|
|||
|
R$* $| <?>$* $: $1 $| $>A <$&{server_addr}> <?> <! AuthInfo> <>
|
|||
|
R$* $| <?>$* $: $1 $| <$(access AuthInfo: $: ? $)> <>
|
|||
|
R$* $| <?>$* $@ no no authinfo available
|
|||
|
R$* $| <$*> <> $# $2
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
#
|
|||
|
######################################################################
|
|||
|
######################################################################
|
|||
|
#####
|
|||
|
##### MAIL FILTER DEFINITIONS
|
|||
|
#####
|
|||
|
######################################################################
|
|||
|
######################################################################
|
|||
|
|
|||
|
#
|
|||
|
######################################################################
|
|||
|
######################################################################
|
|||
|
#####
|
|||
|
##### MAILER DEFINITIONS
|
|||
|
#####
|
|||
|
######################################################################
|
|||
|
######################################################################
|
|||
|
|
|||
|
#####################################
|
|||
|
### SMTP Mailer specification ###
|
|||
|
#####################################
|
|||
|
|
|||
|
##### $Id: smtp.m4,v 8.64 2001/04/03 01:52:54 gshapiro Exp $ #####
|
|||
|
|
|||
|
#
|
|||
|
# common sender and masquerading recipient rewriting
|
|||
|
#
|
|||
|
SMasqSMTP
|
|||
|
R$* < @ $* > $* $@ $1 < @ $2 > $3 already fully qualified
|
|||
|
R$+ $@ $1 < @ *LOCAL* > add local qualification
|
|||
|
|
|||
|
#
|
|||
|
# convert pseudo-domain addresses to real domain addresses
|
|||
|
#
|
|||
|
SPseudoToReal
|
|||
|
|
|||
|
# pass <route-addr>s through
|
|||
|
R< @ $+ > $* $@ < @ $1 > $2 resolve <route-addr>
|
|||
|
|
|||
|
# output fake domains as user%fake@relay
|
|||
|
|
|||
|
# do UUCP heuristics; note that these are shared with UUCP mailers
|
|||
|
R$+ < @ $+ .UUCP. > $: < $2 ! > $1 convert to UUCP form
|
|||
|
R$+ < @ $* > $* $@ $1 < @ $2 > $3 not UUCP form
|
|||
|
|
|||
|
# leave these in .UUCP form to avoid further tampering
|
|||
|
R< $&h ! > $- ! $+ $@ $2 < @ $1 .UUCP. >
|
|||
|
R< $&h ! > $-.$+ ! $+ $@ $3 < @ $1.$2 >
|
|||
|
R< $&h ! > $+ $@ $1 < @ $&h .UUCP. >
|
|||
|
R< $+ ! > $+ $: $1 ! $2 < @ $Y > use UUCP_RELAY
|
|||
|
R$+ < @ $~[ $* : $+ > $@ $1 < @ $4 > strip mailer: part
|
|||
|
R$+ < @ > $: $1 < @ *LOCAL* > if no UUCP_RELAY
|
|||
|
|
|||
|
|
|||
|
#
|
|||
|
# envelope sender rewriting
|
|||
|
#
|
|||
|
SEnvFromSMTP
|
|||
|
R$+ $: $>PseudoToReal $1 sender/recipient common
|
|||
|
R$* :; <@> $@ list:; special case
|
|||
|
R$* $: $>MasqSMTP $1 qualify unqual'ed names
|
|||
|
R$+ $: $>MasqEnv $1 do masquerading
|
|||
|
|
|||
|
|
|||
|
#
|
|||
|
# envelope recipient rewriting --
|
|||
|
# also header recipient if not masquerading recipients
|
|||
|
#
|
|||
|
SEnvToSMTP
|
|||
|
R$+ $: $>PseudoToReal $1 sender/recipient common
|
|||
|
R$+ $: $>MasqSMTP $1 qualify unqual'ed names
|
|||
|
R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
|
|||
|
|
|||
|
#
|
|||
|
# header sender and masquerading header recipient rewriting
|
|||
|
#
|
|||
|
SHdrFromSMTP
|
|||
|
R$+ $: $>PseudoToReal $1 sender/recipient common
|
|||
|
R:; <@> $@ list:; special case
|
|||
|
|
|||
|
# do special header rewriting
|
|||
|
R$* <@> $* $@ $1 <@> $2 pass null host through
|
|||
|
R< @ $* > $* $@ < @ $1 > $2 pass route-addr through
|
|||
|
R$* $: $>MasqSMTP $1 qualify unqual'ed names
|
|||
|
R$+ $: $>MasqHdr $1 do masquerading
|
|||
|
|
|||
|
|
|||
|
#
|
|||
|
# relay mailer header masquerading recipient rewriting
|
|||
|
#
|
|||
|
SMasqRelay
|
|||
|
R$+ $: $>MasqSMTP $1
|
|||
|
R$+ $: $>MasqHdr $1
|
|||
|
|
|||
|
Msmtp, P=[IPC], F=mDFMuX, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
|
|||
|
T=DNS/RFC822/SMTP,
|
|||
|
A=TCP $h
|
|||
|
Mesmtp, P=[IPC], F=mDFMuXa, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
|
|||
|
T=DNS/RFC822/SMTP,
|
|||
|
A=TCP $h
|
|||
|
Msmtp8, P=[IPC], F=mDFMuX8, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
|
|||
|
T=DNS/RFC822/SMTP,
|
|||
|
A=TCP $h
|
|||
|
Mdsmtp, P=[IPC], F=mDFMuXa%, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
|
|||
|
T=DNS/RFC822/SMTP,
|
|||
|
A=TCP $h
|
|||
|
Mrelay, P=[IPC], F=mDFMuXa8, S=EnvFromSMTP/HdrFromSMTP, R=MasqSMTP, E=\r\n, L=2040,
|
|||
|
T=DNS/RFC822/SMTP,
|
|||
|
A=TCP $h
|
|||
|
|
|||
|
|
|||
|
######################*****##############
|
|||
|
### PROCMAIL Mailer specification ###
|
|||
|
##################*****##################
|
|||
|
|
|||
|
##### $Id: procmail.m4,v 8.22 2001/11/12 23:11:34 ca Exp $ #####
|
|||
|
|
|||
|
Mprocmail, P=/usr/bin/procmail, F=DFMSPhnu9, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP/HdrFromSMTP,
|
|||
|
T=DNS/RFC822/X-Unix,
|
|||
|
A=procmail -Y -m $h $f $u
|
|||
|
|
|||
|
|
|||
|
##################################################
|
|||
|
### Local and Program Mailer specification ###
|
|||
|
##################################################
|
|||
|
|
|||
|
##### $Id: local.m4,v 8.59 2004/11/23 00:37:25 ca Exp $ #####
|
|||
|
|
|||
|
#
|
|||
|
# Envelope sender rewriting
|
|||
|
#
|
|||
|
SEnvFromL
|
|||
|
R<@> $n errors to mailer-daemon
|
|||
|
R@ <@ $*> $n temporarily bypass Sun bogosity
|
|||
|
R$+ $: $>AddDomain $1 add local domain if needed
|
|||
|
R$* $: $>MasqEnv $1 do masquerading
|
|||
|
|
|||
|
#
|
|||
|
# Envelope recipient rewriting
|
|||
|
#
|
|||
|
SEnvToL
|
|||
|
R$+ < @ $* > $: $1 strip host part
|
|||
|
|
|||
|
#
|
|||
|
# Header sender rewriting
|
|||
|
#
|
|||
|
SHdrFromL
|
|||
|
R<@> $n errors to mailer-daemon
|
|||
|
R@ <@ $*> $n temporarily bypass Sun bogosity
|
|||
|
R$+ $: $>AddDomain $1 add local domain if needed
|
|||
|
R$* $: $>MasqHdr $1 do masquerading
|
|||
|
|
|||
|
#
|
|||
|
# Header recipient rewriting
|
|||
|
#
|
|||
|
SHdrToL
|
|||
|
R$+ $: $>AddDomain $1 add local domain if needed
|
|||
|
R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
|
|||
|
|
|||
|
#
|
|||
|
# Common code to add local domain name (only if always-add-domain)
|
|||
|
#
|
|||
|
SAddDomain
|
|||
|
R$* < @ $* > $* $@ $1 < @ $2 > $3 already fully qualified
|
|||
|
|
|||
|
R$+ $@ $1 < @ *LOCAL* > add local qualification
|
|||
|
|
|||
|
Mlocal, P=/usr/bin/procmail, F=lsDFMAw5:/|@qSPfhn9, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL,
|
|||
|
T=DNS/RFC822/X-Unix,
|
|||
|
A=procmail -t -Y -a $h -d $u
|
|||
|
Mprog, P=/usr/sbin/smrsh, F=lsDFMoqeu9, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL, D=$z:/,
|
|||
|
T=X-Unix/X-Unix/X-Unix,
|
|||
|
A=smrsh -c $u
|
|||
|
|