190792Sgshapiro# 2261363Sgshapiro# Copyright (c) 1998-2004, 2009, 2010 Proofpoint, Inc. and its suppliers. 390792Sgshapiro# All rights reserved. 490792Sgshapiro# Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved. 590792Sgshapiro# Copyright (c) 1988, 1993 690792Sgshapiro# The Regents of the University of California. All rights reserved. 790792Sgshapiro# 890792Sgshapiro# By using this file, you agree to the terms and conditions set 990792Sgshapiro# forth in the LICENSE file which can be found at the top level of 1090792Sgshapiro# the sendmail distribution. 1190792Sgshapiro# 1290792Sgshapiro# 1390792Sgshapiro 1490792Sgshapiro###################################################################### 1590792Sgshapiro###################################################################### 1690792Sgshapiro##### 1790792Sgshapiro##### SENDMAIL CONFIGURATION FILE 1890792Sgshapiro##### 19285303Sgshapiro##### built by ca@sandman.dev-lab.sendmail.com on Thu Jul 2 05:24:31 PDT 2015 20285303Sgshapiro##### in /x/ca/smi.git/sendmail/OpenSource/sendmail-8.15.2/cf/cf 21132943Sgshapiro##### using ../ as configuration include directory 2290792Sgshapiro##### 2390792Sgshapiro###################################################################### 2490792Sgshapiro##### 2590792Sgshapiro##### DO NOT EDIT THIS FILE! Only edit the source .mc file. 2690792Sgshapiro##### 2790792Sgshapiro###################################################################### 2890792Sgshapiro###################################################################### 2990792Sgshapiro 30266692Sgshapiro##### $Id: cfhead.m4,v 8.122 2013-11-22 20:51:13 ca Exp $ ##### 31266692Sgshapiro##### $Id: cf.m4,v 8.33 2013-11-22 20:51:13 ca Exp $ ##### 32266692Sgshapiro##### $Id: submit.mc,v 8.15 2013-11-22 20:51:08 ca Exp $ ##### 33266692Sgshapiro##### $Id: msp.m4,v 1.34 2013-11-22 20:51:11 ca Exp $ ##### 3490792Sgshapiro 35266692Sgshapiro##### $Id: no_default_msa.m4,v 8.3 2013-11-22 20:51:11 ca Exp $ ##### 3690792Sgshapiro 3790792Sgshapiro 38266692Sgshapiro##### $Id: proto.m4,v 8.762 2013-11-22 20:51:13 ca Exp $ ##### 3990792Sgshapiro 4090792Sgshapiro# level 10 config file format 4190792SgshapiroV10/Berkeley 4290792Sgshapiro 4390792Sgshapiro# override file safeties - setting this option compromises system security, 4490792Sgshapiro# addressing the actual file configuration problem is preferred 4590792Sgshapiro# need to set this before any file actions are encountered in the cf file 4690792Sgshapiro#O DontBlameSendmail=safe 4790792Sgshapiro 4890792Sgshapiro# default LDAP map specification 4990792Sgshapiro# need to set this now before any LDAP maps are defined 5090792Sgshapiro#O LDAPDefaultSpec=-h localhost 5190792Sgshapiro 5290792Sgshapiro################## 5390792Sgshapiro# local info # 5490792Sgshapiro################## 5590792Sgshapiro 5690792Sgshapiro# my LDAP cluster 5790792Sgshapiro# need to set this before any LDAP lookups are done (including classes) 5890792Sgshapiro#D{sendmailMTACluster}$m 5990792Sgshapiro 6090792SgshapiroCwlocalhost 6190792Sgshapiro 6290792Sgshapiro# my official domain name 6390792Sgshapiro# ... define this only if sendmail cannot automatically determine your domain 6490792Sgshapiro#Dj$w.Foo.COM 6590792Sgshapiro 66125820Sgshapiro# host/domain names ending with a token in class P are canonical 6790792SgshapiroCP. 6890792Sgshapiro 6990792Sgshapiro# "Smart" relay host (may be null) 7090792SgshapiroDS 7190792Sgshapiro 7290792Sgshapiro 7390792Sgshapiro# operators that cannot be in local usernames (i.e., network indicators) 7490792SgshapiroCO @ % ! 7590792Sgshapiro 7690792Sgshapiro# a class with just dot (for identifying canonical names) 7790792SgshapiroC.. 7890792Sgshapiro 7990792Sgshapiro# a class with just a left bracket (for identifying domain literals) 8090792SgshapiroC[[ 8190792Sgshapiro 8290792Sgshapiro 8390792Sgshapiro# Resolve map (to check if a host exists in check_mail) 8490792SgshapiroKresolve host -a<OKR> -T<TEMP> 8590792SgshapiroC{ResOk}OKR 8690792Sgshapiro 8790792Sgshapiro 8890792Sgshapiro# Hosts for which relaying is permitted ($=R) 8990792SgshapiroFR-o /etc/mail/relay-domains 9090792Sgshapiro 9190792Sgshapiro# arithmetic map 9290792SgshapiroKarith arith 9390792Sgshapiro 9490792Sgshapiro 9590792Sgshapiro 9690792Sgshapiro 9790792Sgshapiro 9890792Sgshapiro# dequoting map 9990792SgshapiroKdequote dequote 10090792Sgshapiro 10190792Sgshapiro# class E: names that should be exposed as from this host, even if we masquerade 10290792Sgshapiro# class L: names that should be delivered locally, even if we have a relay 10390792Sgshapiro# class M: domains that should be converted to $M 10490792Sgshapiro# class N: domains that should not be converted to $M 10590792Sgshapiro#CL root 10690792Sgshapiro 10790792Sgshapiro 10890792Sgshapiro 10990792Sgshapiro# my name for error messages 11090792SgshapiroDnMAILER-DAEMON 11190792Sgshapiro 11290792Sgshapiro 113110560SgshapiroD{MTAHost}[127.0.0.1] 11490792Sgshapiro 11590792Sgshapiro 11690792Sgshapiro# Configuration version number 117285303SgshapiroDZ8.15.2/Submit 11890792Sgshapiro 11990792Sgshapiro 12090792Sgshapiro############### 12190792Sgshapiro# Options # 12290792Sgshapiro############### 12390792Sgshapiro 12490792Sgshapiro# strip message body to 7 bits on input? 12590792SgshapiroO SevenBitInput=False 12690792Sgshapiro 12790792Sgshapiro# 8-bit data handling 12890792Sgshapiro#O EightBitMode=pass8 12990792Sgshapiro 13090792Sgshapiro# wait for alias file rebuild (default units: minutes) 13190792SgshapiroO AliasWait=10 13290792Sgshapiro 13390792Sgshapiro# location of alias file 13494334Sgshapiro#O AliasFile=/etc/mail/aliases 13590792Sgshapiro 13690792Sgshapiro# minimum number of free blocks on filesystem 13790792SgshapiroO MinFreeBlocks=100 13890792Sgshapiro 13990792Sgshapiro# maximum message size 140132943Sgshapiro#O MaxMessageSize=0 14190792Sgshapiro 14290792Sgshapiro# substitution for space (blank) characters 14390792SgshapiroO BlankSub=. 14490792Sgshapiro 14590792Sgshapiro# avoid connecting to "expensive" mailers on initial submission? 14690792SgshapiroO HoldExpensive=False 14790792Sgshapiro 14890792Sgshapiro# checkpoint queue runs after every N successful deliveries 14990792Sgshapiro#O CheckpointInterval=10 15090792Sgshapiro 15190792Sgshapiro# default delivery mode 15290792SgshapiroO DeliveryMode=i 15390792Sgshapiro 15490792Sgshapiro# error message header/file 15590792Sgshapiro#O ErrorHeader=/etc/mail/error-header 15690792Sgshapiro 15790792Sgshapiro# error mode 15890792Sgshapiro#O ErrorMode=print 15990792Sgshapiro 16090792Sgshapiro# save Unix-style "From_" lines at top of header? 16190792Sgshapiro#O SaveFromLine=False 16290792Sgshapiro 16390792Sgshapiro# queue file mode (qf files) 16490792SgshapiroO QueueFileMode=0660 16590792Sgshapiro 16690792Sgshapiro# temporary file mode 16790792SgshapiroO TempFileMode=0600 16890792Sgshapiro 16990792Sgshapiro# match recipients against GECOS field? 17090792Sgshapiro#O MatchGECOS=False 17190792Sgshapiro 17290792Sgshapiro# maximum hop count 17390792Sgshapiro#O MaxHopCount=25 17490792Sgshapiro 17590792Sgshapiro# location of help file 17690792SgshapiroO HelpFile=/etc/mail/helpfile 17790792Sgshapiro 17890792Sgshapiro# ignore dots as terminators in incoming messages? 17990792Sgshapiro#O IgnoreDots=False 18090792Sgshapiro 18190792Sgshapiro# name resolver options 18290792Sgshapiro#O ResolverOptions=+AAONLY 18390792Sgshapiro 18490792Sgshapiro# deliver MIME-encapsulated error messages? 18590792SgshapiroO SendMimeErrors=True 18690792Sgshapiro 18790792Sgshapiro# Forward file search path 18890792SgshapiroO ForwardPath 18990792Sgshapiro 19090792Sgshapiro# open connection cache size 19190792SgshapiroO ConnectionCacheSize=2 19290792Sgshapiro 19390792Sgshapiro# open connection cache timeout 19490792SgshapiroO ConnectionCacheTimeout=5m 19590792Sgshapiro 19690792Sgshapiro# persistent host status directory 19790792Sgshapiro#O HostStatusDirectory=.hoststat 19890792Sgshapiro 19990792Sgshapiro# single thread deliveries (requires HostStatusDirectory)? 20090792Sgshapiro#O SingleThreadDelivery=False 20190792Sgshapiro 20290792Sgshapiro# use Errors-To: header? 20390792SgshapiroO UseErrorsTo=False 20490792Sgshapiro 205285303Sgshapiro# use compressed IPv6 address format? 206285303Sgshapiro#O UseCompressedIPv6Addresses 207285303Sgshapiro 20890792Sgshapiro# log level 20990792SgshapiroO LogLevel=9 21090792Sgshapiro 21190792Sgshapiro# send to me too, even in an alias expansion? 21290792Sgshapiro#O MeToo=True 21390792Sgshapiro 21490792Sgshapiro# verify RHS in newaliases? 21590792SgshapiroO CheckAliases=False 21690792Sgshapiro 21790792Sgshapiro# default messages to old style headers if no special punctuation? 21890792SgshapiroO OldStyleHeaders=True 21990792Sgshapiro 22090792Sgshapiro# SMTP daemon options 22190792Sgshapiro 22290792SgshapiroO DaemonPortOptions=Name=NoMTA, Addr=127.0.0.1, M=E 22390792Sgshapiro 22490792Sgshapiro# SMTP client options 22590792Sgshapiro#O ClientPortOptions=Family=inet, Address=0.0.0.0 22690792Sgshapiro 22790792Sgshapiro# Modifiers to define {daemon_flags} for direct submissions 22890792Sgshapiro#O DirectSubmissionModifiers 22990792Sgshapiro 23090792Sgshapiro# Use as mail submission program? See sendmail/SECURITY 23190792SgshapiroO UseMSP=True 23290792Sgshapiro 23390792Sgshapiro# privacy flags 23490792SgshapiroO PrivacyOptions=goaway,noetrn,restrictqrun 23590792Sgshapiro 23690792Sgshapiro# who (if anyone) should get extra copies of error messages 23790792Sgshapiro#O PostmasterCopy=Postmaster 23890792Sgshapiro 23990792Sgshapiro# slope of queue-only function 24090792Sgshapiro#O QueueFactor=600000 24190792Sgshapiro 24290792Sgshapiro# limit on number of concurrent queue runners 24390792Sgshapiro#O MaxQueueChildren 24490792Sgshapiro 24590792Sgshapiro# maximum number of queue-runners per queue-grouping with multiple queues 24690792Sgshapiro#O MaxRunnersPerQueue=1 24790792Sgshapiro 24890792Sgshapiro# priority of queue runners (nice(3)) 24990792Sgshapiro#O NiceQueueRun 25090792Sgshapiro 25190792Sgshapiro# shall we sort the queue by hostname first? 25290792Sgshapiro#O QueueSortOrder=priority 25390792Sgshapiro 25490792Sgshapiro# minimum time in queue before retry 25590792Sgshapiro#O MinQueueAge=30m 25690792Sgshapiro 257285303Sgshapiro# maximum time in queue before retry (if > 0; only for exponential delay) 258285303Sgshapiro#O MaxQueueAge 259285303Sgshapiro 26090792Sgshapiro# how many jobs can you process in the queue? 261157001Sgshapiro#O MaxQueueRunSize=0 26290792Sgshapiro 26390792Sgshapiro# perform initial split of envelope without checking MX records 26490792Sgshapiro#O FastSplit=1 26590792Sgshapiro 26690792Sgshapiro# queue directory 26790792SgshapiroO QueueDirectory=/var/spool/clientmqueue 26890792Sgshapiro 269168515Sgshapiro# key for shared memory; 0 to turn off, -1 to auto-select 27090792Sgshapiro#O SharedMemoryKey=0 27190792Sgshapiro 272168515Sgshapiro# file to store auto-selected key for shared memory (SharedMemoryKey = -1) 273168515Sgshapiro#O SharedMemoryKeyFile 27494334Sgshapiro 27590792Sgshapiro# timeouts (many of these) 27690792Sgshapiro#O Timeout.initial=5m 27790792Sgshapiro#O Timeout.connect=5m 27890792Sgshapiro#O Timeout.aconnect=0s 27990792Sgshapiro#O Timeout.iconnect=5m 28090792Sgshapiro#O Timeout.helo=5m 28190792Sgshapiro#O Timeout.mail=10m 28290792Sgshapiro#O Timeout.rcpt=1h 28390792Sgshapiro#O Timeout.datainit=5m 28490792Sgshapiro#O Timeout.datablock=1h 28590792Sgshapiro#O Timeout.datafinal=1h 28690792Sgshapiro#O Timeout.rset=5m 28790792Sgshapiro#O Timeout.quit=2m 28890792Sgshapiro#O Timeout.misc=2m 28990792Sgshapiro#O Timeout.command=1h 290132943Sgshapiro#O Timeout.ident=5s 29190792Sgshapiro#O Timeout.fileopen=60s 29290792Sgshapiro#O Timeout.control=2m 29390792SgshapiroO Timeout.queuereturn=5d 29490792Sgshapiro#O Timeout.queuereturn.normal=5d 29590792Sgshapiro#O Timeout.queuereturn.urgent=2d 29690792Sgshapiro#O Timeout.queuereturn.non-urgent=7d 297132943Sgshapiro#O Timeout.queuereturn.dsn=5d 29890792SgshapiroO Timeout.queuewarn=4h 29990792Sgshapiro#O Timeout.queuewarn.normal=4h 30090792Sgshapiro#O Timeout.queuewarn.urgent=1h 30190792Sgshapiro#O Timeout.queuewarn.non-urgent=12h 302132943Sgshapiro#O Timeout.queuewarn.dsn=4h 30390792Sgshapiro#O Timeout.hoststatus=30m 30490792Sgshapiro#O Timeout.resolver.retrans=5s 30590792Sgshapiro#O Timeout.resolver.retrans.first=5s 30690792Sgshapiro#O Timeout.resolver.retrans.normal=5s 30790792Sgshapiro#O Timeout.resolver.retry=4 30890792Sgshapiro#O Timeout.resolver.retry.first=4 30990792Sgshapiro#O Timeout.resolver.retry.normal=4 31090792Sgshapiro#O Timeout.lhlo=2m 31190792Sgshapiro#O Timeout.auth=10m 31290792Sgshapiro#O Timeout.starttls=1h 31390792Sgshapiro 31490792Sgshapiro# time for DeliverBy; extension disabled if less than 0 31590792Sgshapiro#O DeliverByMin=0 31690792Sgshapiro 31790792Sgshapiro# should we not prune routes in route-addr syntax addresses? 31890792Sgshapiro#O DontPruneRoutes=False 31990792Sgshapiro 32090792Sgshapiro# queue up everything before forking? 32190792SgshapiroO SuperSafe=True 32290792Sgshapiro 32390792Sgshapiro# status file 32490792SgshapiroO StatusFile=/var/spool/clientmqueue/sm-client.st 32590792Sgshapiro 32690792Sgshapiro# time zone handling: 32790792Sgshapiro# if undefined, use system default 32890792Sgshapiro# if defined but null, use TZ envariable passed in 32990792Sgshapiro# if defined and non-null, use that info 33094334SgshapiroO TimeZoneSpec= 33190792Sgshapiro 33290792Sgshapiro# default UID (can be username or userid:groupid) 33390792Sgshapiro#O DefaultUser=mailnull 33490792Sgshapiro 33590792Sgshapiro# list of locations of user database file (null means no lookup) 33690792Sgshapiro#O UserDatabaseSpec=/etc/mail/userdb 33790792Sgshapiro 33890792Sgshapiro# fallback MX host 33990792Sgshapiro#O FallbackMXhost=fall.back.host.net 34090792Sgshapiro 341132943Sgshapiro# fallback smart host 342132943Sgshapiro#O FallbackSmartHost=fall.back.host.net 343132943Sgshapiro 34490792Sgshapiro# if we are the best MX host for a site, try it directly instead of config err 34590792Sgshapiro#O TryNullMXList=False 34690792Sgshapiro 34790792Sgshapiro# load average at which we just queue messages 34890792Sgshapiro#O QueueLA=8 34990792Sgshapiro 35090792Sgshapiro# load average at which we refuse connections 35190792Sgshapiro#O RefuseLA=12 35290792Sgshapiro 353132943Sgshapiro# log interval when refusing connections for this long 354132943Sgshapiro#O RejectLogInterval=3h 355132943Sgshapiro 35690792Sgshapiro# load average at which we delay connections; 0 means no limit 35790792Sgshapiro#O DelayLA=0 35890792Sgshapiro 35990792Sgshapiro# maximum number of children we allow at one time 36098841Sgshapiro#O MaxDaemonChildren=0 36190792Sgshapiro 36290792Sgshapiro# maximum number of new connections per second 36390792Sgshapiro#O ConnectionRateThrottle=0 36490792Sgshapiro 365132943Sgshapiro# Width of the window 366132943Sgshapiro#O ConnectionRateWindowSize=60s 367132943Sgshapiro 36890792Sgshapiro# work recipient factor 36990792Sgshapiro#O RecipientFactor=30000 37090792Sgshapiro 37190792Sgshapiro# deliver each queued job in a separate process? 37290792Sgshapiro#O ForkEachJob=False 37390792Sgshapiro 37490792Sgshapiro# work class factor 37590792Sgshapiro#O ClassFactor=1800 37690792Sgshapiro 37790792Sgshapiro# work time factor 37890792Sgshapiro#O RetryFactor=90000 37990792Sgshapiro 38090792Sgshapiro# default character set 381141858Sgshapiro#O DefaultCharSet=unknown-8bit 38290792Sgshapiro 38390792Sgshapiro# service switch file (name hardwired on Solaris, Ultrix, OSF/1, others) 38490792Sgshapiro#O ServiceSwitchFile=/etc/mail/service.switch 38590792Sgshapiro 38690792Sgshapiro# hosts file (normally /etc/hosts) 38790792Sgshapiro#O HostsFile=/etc/hosts 38890792Sgshapiro 38990792Sgshapiro# dialup line delay on connection failure 390157001Sgshapiro#O DialDelay=0s 39190792Sgshapiro 39290792Sgshapiro# action to take if there are no recipients in the message 393157001Sgshapiro#O NoRecipientAction=none 39490792Sgshapiro 39590792Sgshapiro# chrooted environment for writing to files 396157001Sgshapiro#O SafeFileEnvironment 39790792Sgshapiro 39890792Sgshapiro# are colons OK in addresses? 39990792Sgshapiro#O ColonOkInAddr=True 40090792Sgshapiro 40190792Sgshapiro# shall I avoid expanding CNAMEs (violates protocols)? 40290792Sgshapiro#O DontExpandCnames=False 40390792Sgshapiro 40490792Sgshapiro# SMTP initial login message (old $e macro) 40590792SgshapiroO SmtpGreetingMessage=$j Sendmail $v/$Z; $b 40690792Sgshapiro 40790792Sgshapiro# UNIX initial From header format (old $l macro) 40890792SgshapiroO UnixFromLine=From $g $d 40990792Sgshapiro 41090792Sgshapiro# From: lines that have embedded newlines are unwrapped onto one line 41190792Sgshapiro#O SingleLineFromHeader=False 41290792Sgshapiro 41390792Sgshapiro# Allow HELO SMTP command that does not include a host name 41490792Sgshapiro#O AllowBogusHELO=False 41590792Sgshapiro 41690792Sgshapiro# Characters to be quoted in a full name phrase (@,;:\()[] are automatic) 41790792Sgshapiro#O MustQuoteChars=. 41890792Sgshapiro 41990792Sgshapiro# delimiter (operator) characters (old $o macro) 42090792SgshapiroO OperatorChars=.:%@!^/[]+ 42190792Sgshapiro 42290792Sgshapiro# shall I avoid calling initgroups(3) because of high NIS costs? 423110560SgshapiroO DontInitGroups=True 42490792Sgshapiro 42590792Sgshapiro# are group-writable :include: and .forward files (un)trustworthy? 42690792Sgshapiro# True (the default) means they are not trustworthy. 42790792Sgshapiro#O UnsafeGroupWrites=True 42890792Sgshapiro 42990792Sgshapiro 43090792Sgshapiro# where do errors that occur when sending errors get sent? 43190792Sgshapiro#O DoubleBounceAddress=postmaster 43290792Sgshapiro 433168515Sgshapiro# issue temporary errors (4xy) instead of permanent errors (5xy)? 434168515Sgshapiro#O SoftBounce=False 435168515Sgshapiro 43690792Sgshapiro# where to save bounces if all else fails 43790792Sgshapiro#O DeadLetterDrop=/var/tmp/dead.letter 43890792Sgshapiro 43990792Sgshapiro# what user id do we assume for the majority of the processing? 44090792SgshapiroO RunAsUser=smmsp 44190792Sgshapiro 44290792Sgshapiro# maximum number of recipients per SMTP envelope 443132943Sgshapiro#O MaxRecipientsPerMessage=0 44490792Sgshapiro 44590792Sgshapiro# limit the rate recipients per SMTP envelope are accepted 44690792Sgshapiro# once the threshold number of recipients have been rejected 447132943Sgshapiro#O BadRcptThrottle=0 44890792Sgshapiro 449203004Sgshapiro 45090792Sgshapiro# shall we get local names from our installed interfaces? 45190792SgshapiroO DontProbeInterfaces=True 45290792Sgshapiro 45390792Sgshapiro# Return-Receipt-To: header implies DSN request 45490792Sgshapiro#O RrtImpliesDsn=False 45590792Sgshapiro 45690792Sgshapiro# override connection address (for testing) 45790792Sgshapiro#O ConnectOnlyTo=0.0.0.0 45890792Sgshapiro 45990792Sgshapiro# Trusted user for file ownership and starting the daemon 46090792SgshapiroO TrustedUser=smmsp 46190792Sgshapiro 46290792Sgshapiro# Control socket for daemon management 46390792Sgshapiro#O ControlSocketName=/var/spool/mqueue/.control 46490792Sgshapiro 46590792Sgshapiro# Maximum MIME header length to protect MUAs 466132943Sgshapiro#O MaxMimeHeaderLength=0/0 46790792Sgshapiro 46890792Sgshapiro# Maximum length of the sum of all headers 46990792Sgshapiro#O MaxHeadersLength=32768 47090792Sgshapiro 47190792Sgshapiro# Maximum depth of alias recursion 47290792Sgshapiro#O MaxAliasRecursion=10 47390792Sgshapiro 47490792Sgshapiro# location of pid file 47590792SgshapiroO PidFile=/var/spool/clientmqueue/sm-client.pid 47690792Sgshapiro 47790792Sgshapiro# Prefix string for the process title shown on 'ps' listings 47890792Sgshapiro#O ProcessTitlePrefix=prefix 47990792Sgshapiro 48090792Sgshapiro# Data file (df) memory-buffer file maximum size 48190792Sgshapiro#O DataFileBufferSize=4096 48290792Sgshapiro 48390792Sgshapiro# Transcript file (xf) memory-buffer file maximum size 48490792Sgshapiro#O XscriptFileBufferSize=4096 48590792Sgshapiro 48690792Sgshapiro# lookup type to find information about local mailboxes 48790792Sgshapiro#O MailboxDatabase=pw 48890792Sgshapiro 489132943Sgshapiro# override compile time flag REQUIRES_DIR_FSYNC 490132943Sgshapiro#O RequiresDirfsync=true 491132943Sgshapiro 49290792Sgshapiro# list of authentication mechanisms 49390792Sgshapiro#O AuthMechanisms=EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5 49490792Sgshapiro 495132943Sgshapiro# Authentication realm 496132943Sgshapiro#O AuthRealm 497132943Sgshapiro 49890792Sgshapiro# default authentication information for outgoing connections 49990792Sgshapiro#O DefaultAuthInfo=/etc/mail/default-auth-info 50090792Sgshapiro 50190792Sgshapiro# SMTP AUTH flags 50290792Sgshapiro#O AuthOptions 50390792Sgshapiro 50490792Sgshapiro# SMTP AUTH maximum encryption strength 50590792Sgshapiro#O AuthMaxBits 50690792Sgshapiro 50790792Sgshapiro# SMTP STARTTLS server options 50890792Sgshapiro#O TLSSrvOptions 50990792Sgshapiro 510285303Sgshapiro# SSL cipherlist 511285303Sgshapiro#O CipherList 512285303Sgshapiro# server side SSL options 513285303Sgshapiro#O ServerSSLOptions 514285303Sgshapiro# client side SSL options 515285303Sgshapiro#O ClientSSLOptions 516203004Sgshapiro 51790792Sgshapiro# Input mail filters 51890792Sgshapiro#O InputMailFilters 51990792Sgshapiro 52090792Sgshapiro 52190792Sgshapiro# CA directory 522110560Sgshapiro#O CACertPath 52390792Sgshapiro# CA file 524110560Sgshapiro#O CACertFile 52590792Sgshapiro# Server Cert 52690792Sgshapiro#O ServerCertFile 52790792Sgshapiro# Server private key 52890792Sgshapiro#O ServerKeyFile 52990792Sgshapiro# Client Cert 53090792Sgshapiro#O ClientCertFile 53190792Sgshapiro# Client private key 53290792Sgshapiro#O ClientKeyFile 533132943Sgshapiro# File containing certificate revocation lists 534132943Sgshapiro#O CRLFile 53590792Sgshapiro# DHParameters (only required if DSA/DH is used) 53690792Sgshapiro#O DHParameters 53790792Sgshapiro# Random data source (required for systems without /dev/urandom under OpenSSL) 53890792Sgshapiro#O RandFile 539285303Sgshapiro# fingerprint algorithm (digest) to use for the presented cert 540285303Sgshapiro#O CertFingerprintAlgorithm 54190792Sgshapiro 542168515Sgshapiro# Maximum number of "useless" commands before slowing down 543168515Sgshapiro#O MaxNOOPCommands=20 544168515Sgshapiro 545168515Sgshapiro# Name to use for EHLO (defaults to $j) 546168515Sgshapiro#O HeloName 547168515Sgshapiro 548285303Sgshapiro 549285303Sgshapiro 55090792Sgshapiro############################ 55190792Sgshapiro# QUEUE GROUP DEFINITIONS # 55290792Sgshapiro############################ 55390792Sgshapiro 55490792Sgshapiro 55590792Sgshapiro########################### 55690792Sgshapiro# Message precedences # 55790792Sgshapiro########################### 55890792Sgshapiro 55990792SgshapiroPfirst-class=0 56090792SgshapiroPspecial-delivery=100 56190792SgshapiroPlist=-30 56290792SgshapiroPbulk=-60 56390792SgshapiroPjunk=-100 56490792Sgshapiro 56590792Sgshapiro##################### 56690792Sgshapiro# Trusted users # 56790792Sgshapiro##################### 56890792Sgshapiro 56990792Sgshapiro# this is equivalent to setting class "t" 57090792Sgshapiro#Ft/etc/mail/trusted-users 57190792SgshapiroTroot 57290792SgshapiroTdaemon 57390792SgshapiroTuucp 57490792Sgshapiro 57590792Sgshapiro######################### 57690792Sgshapiro# Format of headers # 57790792Sgshapiro######################### 57890792Sgshapiro 57990792SgshapiroH?P?Return-Path: <$g> 58090792SgshapiroHReceived: $?sfrom $s $.$?_($?s$|from $.$_) 58190792Sgshapiro $.$?{auth_type}(authenticated$?{auth_ssf} bits=${auth_ssf}$.) 58290792Sgshapiro $.by $j ($v/$Z)$?r with $r$. id $i$?{tls_version} 58390792Sgshapiro (version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify})$.$?u 58490792Sgshapiro for $u; $|; 58590792Sgshapiro $.$b 58690792SgshapiroH?D?Resent-Date: $a 58790792SgshapiroH?D?Date: $a 58890792SgshapiroH?F?Resent-From: $?x$x <$g>$|$g$. 58990792SgshapiroH?F?From: $?x$x <$g>$|$g$. 59090792SgshapiroH?x?Full-Name: $x 59190792Sgshapiro# HPosted-Date: $a 59290792Sgshapiro# H?l?Received-Date: $b 59390792SgshapiroH?M?Resent-Message-Id: <$t.$i@$j> 59490792SgshapiroH?M?Message-Id: <$t.$i@$j> 59590792Sgshapiro 59690792Sgshapiro# 59790792Sgshapiro###################################################################### 59890792Sgshapiro###################################################################### 59990792Sgshapiro##### 60090792Sgshapiro##### REWRITING RULES 60190792Sgshapiro##### 60290792Sgshapiro###################################################################### 60390792Sgshapiro###################################################################### 60490792Sgshapiro 60590792Sgshapiro############################################ 60690792Sgshapiro### Ruleset 3 -- Name Canonicalization ### 60790792Sgshapiro############################################ 60890792SgshapiroScanonify=3 60990792Sgshapiro 61090792Sgshapiro# handle null input (translate to <@> special case) 61190792SgshapiroR$@ $@ <@> 61290792Sgshapiro 61390792Sgshapiro# strip group: syntax (not inside angle brackets!) and trailing semicolon 61490792SgshapiroR$* $: $1 <@> mark addresses 61590792SgshapiroR$* < $* > $* <@> $: $1 < $2 > $3 unmark <addr> 61690792SgshapiroR@ $* <@> $: @ $1 unmark @host:... 61790792SgshapiroR$* [ IPv6 : $+ ] <@> $: $1 [ IPv6 : $2 ] unmark IPv6 addr 61890792SgshapiroR$* :: $* <@> $: $1 :: $2 unmark node::addr 61990792SgshapiroR:include: $* <@> $: :include: $1 unmark :include:... 62090792SgshapiroR$* : $* [ $* ] $: $1 : $2 [ $3 ] <@> remark if leading colon 62190792SgshapiroR$* : $* <@> $: $2 strip colon if marked 62290792SgshapiroR$* <@> $: $1 unmark 62390792SgshapiroR$* ; $1 strip trailing semi 62490792SgshapiroR$* < $+ :; > $* $@ $2 :; <@> catch <list:;> 62590792SgshapiroR$* < $* ; > $1 < $2 > bogus bracketed semi 62690792Sgshapiro 62790792Sgshapiro# null input now results from list:; syntax 62890792SgshapiroR$@ $@ :; <@> 62990792Sgshapiro 63090792Sgshapiro# strip angle brackets -- note RFC733 heuristic to get innermost item 63190792SgshapiroR$* $: < $1 > housekeeping <> 63290792SgshapiroR$+ < $* > < $2 > strip excess on left 63390792SgshapiroR< $* > $+ < $1 > strip excess on right 63490792SgshapiroR<> $@ < @ > MAIL FROM:<> case 63590792SgshapiroR< $+ > $: $1 remove housekeeping <> 63690792Sgshapiro 63790792Sgshapiro# strip route address <@a,@b,@c:user@d> -> <user@d> 63890792SgshapiroR@ $+ , $+ $2 63990792SgshapiroR@ [ $* ] : $+ $2 64090792SgshapiroR@ $+ : $+ $2 64190792Sgshapiro 64290792Sgshapiro# find focus for list syntax 64390792SgshapiroR $+ : $* ; @ $+ $@ $>Canonify2 $1 : $2 ; < @ $3 > list syntax 64490792SgshapiroR $+ : $* ; $@ $1 : $2; list syntax 64590792Sgshapiro 64690792Sgshapiro# find focus for @ syntax addresses 64790792SgshapiroR$+ @ $+ $: $1 < @ $2 > focus on domain 64890792SgshapiroR$+ < $+ @ $+ > $1 $2 < @ $3 > move gaze right 64990792SgshapiroR$+ < @ $+ > $@ $>Canonify2 $1 < @ $2 > already canonical 65090792Sgshapiro 65190792Sgshapiro 65290792Sgshapiro# convert old-style addresses to a domain-based address 65390792SgshapiroR$- ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > resolve uucp names 65490792SgshapiroR$+ . $- ! $+ $@ $>Canonify2 $3 < @ $1 . $2 > domain uucps 65590792SgshapiroR$+ ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > uucp subdomains 65690792Sgshapiro 65790792Sgshapiro# convert node::user addresses into a domain-based address 65890792SgshapiroR$- :: $+ $@ $>Canonify2 $2 < @ $1 .DECNET > resolve DECnet names 65990792SgshapiroR$- . $- :: $+ $@ $>Canonify2 $3 < @ $1.$2 .DECNET > numeric DECnet addr 66090792Sgshapiro 66190792Sgshapiro# if we have % signs, take the rightmost one 66290792SgshapiroR$* % $* $1 @ $2 First make them all @s. 66390792SgshapiroR$* @ $* @ $* $1 % $2 @ $3 Undo all but the last. 664285303Sgshapiro 66590792SgshapiroR$* @ $* $@ $>Canonify2 $1 < @ $2 > Insert < > and finish 66690792Sgshapiro 66790792Sgshapiro# else we must be a local name 66890792SgshapiroR$* $@ $>Canonify2 $1 66990792Sgshapiro 67090792Sgshapiro 67190792Sgshapiro################################################ 67290792Sgshapiro### Ruleset 96 -- bottom half of ruleset 3 ### 67390792Sgshapiro################################################ 67490792Sgshapiro 67590792SgshapiroSCanonify2=96 67690792Sgshapiro 67790792Sgshapiro# handle special cases for local names 67890792SgshapiroR$* < @ localhost > $* $: $1 < @ $j . > $2 no domain at all 67990792SgshapiroR$* < @ localhost . $m > $* $: $1 < @ $j . > $2 local domain 68090792SgshapiroR$* < @ localhost . UUCP > $* $: $1 < @ $j . > $2 .UUCP domain 68190792Sgshapiro 68290792Sgshapiro# check for IPv4/IPv6 domain literal 68390792SgshapiroR$* < @ [ $+ ] > $* $: $1 < @@ [ $2 ] > $3 mark [addr] 68490792SgshapiroR$* < @@ $=w > $* $: $1 < @ $j . > $3 self-literal 68590792SgshapiroR$* < @@ $+ > $* $@ $1 < @ $2 > $3 canon IP addr 68690792Sgshapiro 68790792Sgshapiro 68890792Sgshapiro 68990792Sgshapiro 69090792Sgshapiro 69190792Sgshapiro# if really UUCP, handle it immediately 69290792Sgshapiro 69390792Sgshapiro# try UUCP traffic as a local address 69490792SgshapiroR$* < @ $+ . UUCP > $* $: $1 < @ $[ $2 $] . UUCP . > $3 69590792SgshapiroR$* < @ $+ . . UUCP . > $* $@ $1 < @ $2 . > $3 69690792Sgshapiro 69790792Sgshapiro# hostnames ending in class P are always canonical 69890792SgshapiroR$* < @ $* $=P > $* $: $1 < @ $2 $3 . > $4 69990792SgshapiroR$* < @ $* $~P > $* $: $&{daemon_flags} $| $1 < @ $2 $3 > $4 70090792SgshapiroR$* CC $* $| $* < @ $+.$+ > $* $: $3 < @ $4.$5 . > $6 70190792SgshapiroR$* CC $* $| $* $: $3 70290792Sgshapiro# pass to name server to make hostname canonical 70390792SgshapiroR$* $| $* < @ $* > $* $: $2 < @ $[ $3 $] > $4 70490792SgshapiroR$* $| $* $: $2 70590792Sgshapiro 70690792Sgshapiro# local host aliases and pseudo-domains are always canonical 70790792SgshapiroR$* < @ $=w > $* $: $1 < @ $2 . > $3 70890792SgshapiroR$* < @ $=M > $* $: $1 < @ $2 . > $3 70990792SgshapiroR$* < @ $* . . > $* $1 < @ $2 . > $3 71090792Sgshapiro 71190792Sgshapiro 71290792Sgshapiro################################################## 71390792Sgshapiro### Ruleset 4 -- Final Output Post-rewriting ### 71490792Sgshapiro################################################## 71590792SgshapiroSfinal=4 71690792Sgshapiro 71790792SgshapiroR$+ :; <@> $@ $1 : handle <list:;> 71890792SgshapiroR$* <@> $@ handle <> and list:; 71990792Sgshapiro 72090792Sgshapiro# strip trailing dot off possibly canonical name 72190792SgshapiroR$* < @ $+ . > $* $1 < @ $2 > $3 72290792Sgshapiro 72390792Sgshapiro# eliminate internal code 72490792SgshapiroR$* < @ *LOCAL* > $* $1 < @ $j > $2 72590792Sgshapiro 72690792Sgshapiro# externalize local domain info 72790792SgshapiroR$* < $+ > $* $1 $2 $3 defocus 72890792SgshapiroR@ $+ : @ $+ : $+ @ $1 , @ $2 : $3 <route-addr> canonical 72990792SgshapiroR@ $* $@ @ $1 ... and exit 73090792Sgshapiro 73190792Sgshapiro# UUCP must always be presented in old form 73290792SgshapiroR$+ @ $- . UUCP $2!$1 u@h.UUCP => h!u 73390792Sgshapiro 73490792Sgshapiro# put DECnet back in :: form 73590792SgshapiroR$+ @ $+ . DECNET $2 :: $1 u@h.DECNET => h::u 73690792Sgshapiro# delete duplicate local names 73790792SgshapiroR$+ % $=w @ $=w $1 @ $2 u%host@host => u@host 73890792Sgshapiro 73990792Sgshapiro 74090792Sgshapiro 74190792Sgshapiro############################################################## 74290792Sgshapiro### Ruleset 97 -- recanonicalize and call ruleset zero ### 74390792Sgshapiro### (used for recursive calls) ### 74490792Sgshapiro############################################################## 74590792Sgshapiro 74690792SgshapiroSRecurse=97 74790792SgshapiroR$* $: $>canonify $1 74890792SgshapiroR$* $@ $>parse $1 74990792Sgshapiro 75090792Sgshapiro 75190792Sgshapiro###################################### 75290792Sgshapiro### Ruleset 0 -- Parse Address ### 75390792Sgshapiro###################################### 75490792Sgshapiro 75590792SgshapiroSparse=0 75690792Sgshapiro 75790792SgshapiroR$* $: $>Parse0 $1 initial parsing 75890792SgshapiroR<@> $#local $: <@> special case error msgs 75990792SgshapiroR$* $: $>ParseLocal $1 handle local hacks 76090792SgshapiroR$* $: $>Parse1 $1 final parsing 76190792Sgshapiro 76290792Sgshapiro# 76390792Sgshapiro# Parse0 -- do initial syntax checking and eliminate local addresses. 76490792Sgshapiro# This should either return with the (possibly modified) input 76590792Sgshapiro# or return with a #error mailer. It should not return with a 76690792Sgshapiro# #mailer other than the #error mailer. 76790792Sgshapiro# 76890792Sgshapiro 76990792SgshapiroSParse0 77090792SgshapiroR<@> $@ <@> special case error msgs 77190792SgshapiroR$* : $* ; <@> $#error $@ 5.1.3 $: "553 List:; syntax illegal for recipient addresses" 77290792SgshapiroR@ <@ $* > < @ $1 > catch "@@host" bogosity 77390792SgshapiroR<@ $+> $#error $@ 5.1.3 $: "553 User address required" 77490792SgshapiroR$+ <@> $#error $@ 5.1.3 $: "553 Hostname required" 77590792SgshapiroR$* $: <> $1 77690792SgshapiroR<> $* < @ [ $* ] : $+ > $* $1 < @ [ $2 ] : $3 > $4 77790792SgshapiroR<> $* < @ [ $* ] , $+ > $* $1 < @ [ $2 ] , $3 > $4 77890792SgshapiroR<> $* < @ [ $* ] $+ > $* $#error $@ 5.1.2 $: "553 Invalid address" 77990792SgshapiroR<> $* < @ [ $+ ] > $* $1 < @ [ $2 ] > $3 78090792SgshapiroR<> $* <$* : $* > $* $#error $@ 5.1.3 $: "553 Colon illegal in host name part" 78190792SgshapiroR<> $* $1 78290792SgshapiroR$* < @ . $* > $* $#error $@ 5.1.2 $: "553 Invalid host name" 78390792SgshapiroR$* < @ $* .. $* > $* $#error $@ 5.1.2 $: "553 Invalid host name" 78490792SgshapiroR$* < @ $* @ > $* $#error $@ 5.1.2 $: "553 Invalid route address" 78590792SgshapiroR$* @ $* < @ $* > $* $#error $@ 5.1.3 $: "553 Invalid route address" 78690792SgshapiroR$* , $~O $* $#error $@ 5.1.3 $: "553 Invalid route address" 78790792Sgshapiro 78890792Sgshapiro 78990792Sgshapiro# now delete the local info -- note $=O to find characters that cause forwarding 79090792SgshapiroR$* < @ > $* $@ $>Parse0 $>canonify $1 user@ => user 79190792SgshapiroR< @ $=w . > : $* $@ $>Parse0 $>canonify $2 @here:... -> ... 79290792SgshapiroR$- < @ $=w . > $: $(dequote $1 $) < @ $2 . > dequote "foo"@here 79390792SgshapiroR< @ $+ > $#error $@ 5.1.3 $: "553 User address required" 79490792SgshapiroR$* $=O $* < @ $=w . > $@ $>Parse0 $>canonify $1 $2 $3 ...@here -> ... 79590792SgshapiroR$- $: $(dequote $1 $) < @ *LOCAL* > dequote "foo" 79690792SgshapiroR< @ *LOCAL* > $#error $@ 5.1.3 $: "553 User address required" 79790792SgshapiroR$* $=O $* < @ *LOCAL* > 79890792Sgshapiro $@ $>Parse0 $>canonify $1 $2 $3 ...@*LOCAL* -> ... 79990792SgshapiroR$* < @ *LOCAL* > $: $1 80090792Sgshapiro 801285303Sgshapiro 80290792Sgshapiro# 80390792Sgshapiro# Parse1 -- the bottom half of ruleset 0. 80490792Sgshapiro# 80590792Sgshapiro 80690792SgshapiroSParse1 80790792Sgshapiro 80890792Sgshapiro# handle numeric address spec 80990792SgshapiroR$* < @ [ $+ ] > $* $: $>ParseLocal $1 < @ [ $2 ] > $3 numeric internet spec 810112810SgshapiroR$* < @ [ $+ ] > $* $: $1 < @ [ $2 ] : $S > $3 Add smart host to path 81190792SgshapiroR$* < @ [ $+ ] : > $* $#esmtp $@ [$2] $: $1 < @ [$2] > $3 no smarthost: send 81290792SgshapiroR$* < @ [ $+ ] : $- : $*> $* $#$3 $@ $4 $: $1 < @ [$2] > $5 smarthost with mailer 81390792SgshapiroR$* < @ [ $+ ] : $+ > $* $#esmtp $@ $3 $: $1 < @ [$2] > $4 smarthost without mailer 81490792Sgshapiro 81590792Sgshapiro 81690792Sgshapiro# short circuit local delivery so forwarded email works 81790792Sgshapiro 81890792Sgshapiro 81990792SgshapiroR$=L < @ $=w . > $#local $: @ $1 special local names 82090792SgshapiroR$+ < @ $=w . > $#local $: $1 regular local name 82190792Sgshapiro 82290792Sgshapiro 82390792Sgshapiro# resolve remotely connected UUCP links (if any) 82490792Sgshapiro 82590792Sgshapiro# resolve fake top level domains by forwarding to other hosts 82690792Sgshapiro 82790792Sgshapiro 82890792Sgshapiro 82990792Sgshapiro# pass names that still have a host to a smarthost (if defined) 83090792SgshapiroR$* < @ $* > $* $: $>MailerToTriple < $S > $1 < @ $2 > $3 glue on smarthost name 83190792Sgshapiro 83290792Sgshapiro# deal with other remote names 83390792SgshapiroR$* < @$* > $* $#esmtp $@ $2 $: $1 < @ $2 > $3 user@host.domain 83490792Sgshapiro 83590792Sgshapiro# handle locally delivered names 83690792SgshapiroR$=L $#local $: @ $1 special local names 83790792SgshapiroR$+ $#local $: $1 regular local names 83890792Sgshapiro 839285303Sgshapiro 840285303Sgshapiro 84190792Sgshapiro########################################################################### 84290792Sgshapiro### Ruleset 5 -- special rewriting after aliases have been expanded ### 84390792Sgshapiro########################################################################### 84490792Sgshapiro 84590792SgshapiroSLocal_localaddr 84690792SgshapiroSlocaladdr=5 84790792SgshapiroR$+ $: $1 $| $>"Local_localaddr" $1 84890792SgshapiroR$+ $| $#ok $@ $1 no change 84990792SgshapiroR$+ $| $#$* $#$2 85090792SgshapiroR$+ $| $* $: $1 85190792Sgshapiro 85290792Sgshapiro 85390792Sgshapiro 85490792Sgshapiro 85590792Sgshapiro# deal with plussed users so aliases work nicely 85690792SgshapiroR$+ + * $#local $@ $&h $: $1 85790792SgshapiroR$+ + $* $#local $@ + $2 $: $1 + * 85890792Sgshapiro 85990792Sgshapiro# prepend an empty "forward host" on the front 86090792SgshapiroR$+ $: <> $1 86190792Sgshapiro 86290792Sgshapiro 86390792Sgshapiro 86490792SgshapiroR< > $+ $: < > < $1 <> $&h > nope, restore +detail 86590792Sgshapiro 86690792SgshapiroR< > < $+ <> + $* > $: < > < $1 + $2 > check whether +detail 86790792SgshapiroR< > < $+ <> $* > $: < > < $1 > else discard 86890792SgshapiroR< > < $+ + $* > $* < > < $1 > + $2 $3 find the user part 86990792SgshapiroR< > < $+ > + $* $#local $@ $2 $: @ $1 strip the extra + 87090792SgshapiroR< > < $+ > $@ $1 no +detail 87190792SgshapiroR$+ $: $1 <> $&h add +detail back in 87290792Sgshapiro 87390792SgshapiroR$+ <> + $* $: $1 + $2 check whether +detail 87490792SgshapiroR$+ <> $* $: $1 else discard 87590792SgshapiroR< local : $* > $* $: $>MailerToTriple < local : $1 > $2 no host extension 87690792SgshapiroR< error : $* > $* $: $>MailerToTriple < error : $1 > $2 no host extension 87790792Sgshapiro 87890792SgshapiroR< $~[ : $+ > $+ $: $>MailerToTriple < $1 : $2 > $3 < @ $2 > 87990792Sgshapiro 88090792SgshapiroR< $+ > $+ $@ $>MailerToTriple < $1 > $2 < @ $1 > 88190792Sgshapiro 88290792Sgshapiro 88390792Sgshapiro################################################################### 88490792Sgshapiro### Ruleset 95 -- canonify mailer:[user@]host syntax to triple ### 88590792Sgshapiro################################################################### 88690792Sgshapiro 88790792SgshapiroSMailerToTriple=95 88890792SgshapiroR< > $* $@ $1 strip off null relay 88990792SgshapiroR< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4 890120256SgshapiroR< error : $- : $+ > $* $#error $@ $(dequote $1 $) $: $2 891120256SgshapiroR< error : $+ > $* $#error $: $1 89290792SgshapiroR< local : $* > $* $>CanonLocal < $1 > $2 89390792SgshapiroR< $~[ : $+ @ $+ > $*<$*>$* $# $1 $@ $3 $: $2<@$3> use literal user 89490792SgshapiroR< $~[ : $+ > $* $# $1 $@ $2 $: $3 try qualified mailer 89590792SgshapiroR< $=w > $* $@ $2 delete local host 89690792SgshapiroR< $+ > $* $#relay $@ $1 $: $2 use unqualified mailer 89790792Sgshapiro 89890792Sgshapiro################################################################### 89990792Sgshapiro### Ruleset CanonLocal -- canonify local: syntax ### 90090792Sgshapiro################################################################### 90190792Sgshapiro 90290792SgshapiroSCanonLocal 90390792Sgshapiro# strip local host from routed addresses 90490792SgshapiroR< $* > < @ $+ > : $+ $@ $>Recurse $3 90590792SgshapiroR< $* > $+ $=O $+ < @ $+ > $@ $>Recurse $2 $3 $4 90690792Sgshapiro 90790792Sgshapiro# strip trailing dot from any host name that may appear 90890792SgshapiroR< $* > $* < @ $* . > $: < $1 > $2 < @ $3 > 90990792Sgshapiro 91090792Sgshapiro# handle local: syntax -- use old user, either with or without host 91190792SgshapiroR< > $* < @ $* > $* $#local $@ $1@$2 $: $1 91290792SgshapiroR< > $+ $#local $@ $1 $: $1 91390792Sgshapiro 91490792Sgshapiro# handle local:user@host syntax -- ignore host part 91590792SgshapiroR< $+ @ $+ > $* < @ $* > $: < $1 > $3 < @ $4 > 91690792Sgshapiro 91790792Sgshapiro# handle local:user syntax 91890792SgshapiroR< $+ > $* <@ $* > $* $#local $@ $2@$3 $: $1 91990792SgshapiroR< $+ > $* $#local $@ $2 $: $1 92090792Sgshapiro 92190792Sgshapiro################################################################### 92290792Sgshapiro### Ruleset 93 -- convert header names to masqueraded form ### 92390792Sgshapiro################################################################### 92490792Sgshapiro 92590792SgshapiroSMasqHdr=93 92690792Sgshapiro 92790792Sgshapiro 92890792Sgshapiro# do not masquerade anything in class N 92990792SgshapiroR$* < @ $* $=N . > $@ $1 < @ $2 $3 . > 93090792Sgshapiro 93190792SgshapiroR$* < @ *LOCAL* > $@ $1 < @ $j . > 93290792Sgshapiro 93390792Sgshapiro################################################################### 93490792Sgshapiro### Ruleset 94 -- convert envelope names to masqueraded form ### 93590792Sgshapiro################################################################### 93690792Sgshapiro 93790792SgshapiroSMasqEnv=94 93890792SgshapiroR$* < @ *LOCAL* > $* $: $1 < @ $j . > $2 93990792Sgshapiro 94090792Sgshapiro################################################################### 94190792Sgshapiro### Ruleset 98 -- local part of ruleset zero (can be null) ### 94290792Sgshapiro################################################################### 94390792Sgshapiro 94490792SgshapiroSParseLocal=98 94590792Sgshapiro 94690792Sgshapiro 94790792Sgshapiro 94890792Sgshapiro 949244833Sgshapiro 950244833Sgshapiro 95190792Sgshapiro###################################################################### 95290792Sgshapiro### CanonAddr -- Convert an address into a standard form for 95390792Sgshapiro### relay checking. Route address syntax is 95490792Sgshapiro### crudely converted into a %-hack address. 95590792Sgshapiro### 95690792Sgshapiro### Parameters: 95790792Sgshapiro### $1 -- full recipient address 95890792Sgshapiro### 95990792Sgshapiro### Returns: 96090792Sgshapiro### parsed address, not in source route form 96190792Sgshapiro###################################################################### 96290792Sgshapiro 96390792SgshapiroSCanonAddr 96490792SgshapiroR$* $: $>Parse0 $>canonify $1 make domain canonical 96590792Sgshapiro 96690792Sgshapiro 96790792Sgshapiro###################################################################### 96890792Sgshapiro### ParseRecipient -- Strip off hosts in $=R as well as possibly 96990792Sgshapiro### $* $=m or the access database. 97090792Sgshapiro### Check user portion for host separators. 97190792Sgshapiro### 97290792Sgshapiro### Parameters: 97390792Sgshapiro### $1 -- full recipient address 97490792Sgshapiro### 97590792Sgshapiro### Returns: 97690792Sgshapiro### parsed, non-local-relaying address 97790792Sgshapiro###################################################################### 97890792Sgshapiro 97990792SgshapiroSParseRecipient 98090792SgshapiroR$* $: <?> $>CanonAddr $1 98190792SgshapiroR<?> $* < @ $* . > <?> $1 < @ $2 > strip trailing dots 98290792SgshapiroR<?> $- < @ $* > $: <?> $(dequote $1 $) < @ $2 > dequote local part 98390792Sgshapiro 98490792Sgshapiro# if no $=O character, no host in the user portion, we are done 98590792SgshapiroR<?> $* $=O $* < @ $* > $: <NO> $1 $2 $3 < @ $4> 98690792SgshapiroR<?> $* $@ $1 98790792Sgshapiro 98890792Sgshapiro 98990792SgshapiroR<NO> $* < @ $* $=R > $: <RELAY> $1 < @ $2 $3 > 99090792Sgshapiro 99190792Sgshapiro 99290792Sgshapiro 99390792SgshapiroR<RELAY> $* < @ $* > $@ $>ParseRecipient $1 99490792SgshapiroR<$+> $* $@ $2 99590792Sgshapiro 99690792Sgshapiro 99790792Sgshapiro###################################################################### 99890792Sgshapiro### check_relay -- check hostname/address on SMTP startup 99990792Sgshapiro###################################################################### 100090792Sgshapiro 1001132943Sgshapiro 1002132943Sgshapiro 100390792SgshapiroSLocal_check_relay 100490792SgshapiroScheck_relay 100590792SgshapiroR$* $: $1 $| $>"Local_check_relay" $1 100690792SgshapiroR$* $| $* $| $#$* $#$3 100790792SgshapiroR$* $| $* $| $* $@ $>"Basic_check_relay" $1 $| $2 100890792Sgshapiro 100990792SgshapiroSBasic_check_relay 101090792Sgshapiro# check for deferred delivery mode 101198121SgshapiroR$* $: < $&{deliveryMode} > $1 101290792SgshapiroR< d > $* $@ deferred 101390792SgshapiroR< $* > $* $: $2 101490792Sgshapiro 101590792Sgshapiro 101690792Sgshapiro 101790792Sgshapiro###################################################################### 101890792Sgshapiro### check_mail -- check SMTP `MAIL FROM:' command argument 101990792Sgshapiro###################################################################### 102090792Sgshapiro 102190792SgshapiroSLocal_check_mail 102290792SgshapiroScheck_mail 102390792SgshapiroR$* $: $1 $| $>"Local_check_mail" $1 102490792SgshapiroR$* $| $#$* $#$2 102590792SgshapiroR$* $| $* $@ $>"Basic_check_mail" $1 102690792Sgshapiro 102790792SgshapiroSBasic_check_mail 102890792Sgshapiro# check for deferred delivery mode 102998121SgshapiroR$* $: < $&{deliveryMode} > $1 103090792SgshapiroR< d > $* $@ deferred 103190792SgshapiroR< $* > $* $: $2 103290792Sgshapiro 103390792Sgshapiro# authenticated? 103490792SgshapiroR$* $: $1 $| $>"tls_client" $&{verify} $| MAIL 103590792SgshapiroR$* $| $#$+ $#$2 103690792SgshapiroR$* $| $* $: $1 103790792Sgshapiro 103890792SgshapiroR<> $@ <OK> we MUST accept <> (RFC 1123) 103990792SgshapiroR$+ $: <?> $1 104090792SgshapiroR<?><$+> $: <@> <$1> 104190792SgshapiroR<?>$+ $: <@> <$1> 104290792SgshapiroR$* $: $&{daemon_flags} $| $1 104390792SgshapiroR$* f $* $| <@> < $* @ $- > $: < ? $&{client_name} > < $3 @ $4 > 104490792SgshapiroR$* u $* $| <@> < $* > $: <?> < $3 > 104590792SgshapiroR$* $| $* $: $2 104690792Sgshapiro# handle case of @localhost on address 104790792SgshapiroR<@> < $* @ localhost > $: < ? $&{client_name} > < $1 @ localhost > 104890792SgshapiroR<@> < $* @ [127.0.0.1] > 104990792Sgshapiro $: < ? $&{client_name} > < $1 @ [127.0.0.1] > 1050285303SgshapiroR<@> < $* @ [IPv6:0:0:0:0:0:0:0:1] > 1051285303Sgshapiro $: < ? $&{client_name} > < $1 @ [IPv6:0:0:0:0:0:0:0:1] > 1052285303SgshapiroR<@> < $* @ [IPv6:::1] > 1053285303Sgshapiro $: < ? $&{client_name} > < $1 @ [IPv6:::1] > 105490792SgshapiroR<@> < $* @ localhost.$m > 105590792Sgshapiro $: < ? $&{client_name} > < $1 @ localhost.$m > 105690792SgshapiroR<@> < $* @ localhost.UUCP > 105790792Sgshapiro $: < ? $&{client_name} > < $1 @ localhost.UUCP > 105890792SgshapiroR<@> $* $: $1 no localhost as domain 105990792SgshapiroR<? $=w> $* $: $2 local client: ok 106090792SgshapiroR<? $+> <$+> $#error $@ 5.5.4 $: "553 Real domain name required for sender address" 106190792SgshapiroR<?> $* $: $1 106290792SgshapiroR$* $: <?> $>CanonAddr $1 canonify sender address and mark it 106390792SgshapiroR<?> $* < @ $+ . > <?> $1 < @ $2 > strip trailing dots 106490792Sgshapiro# handle non-DNS hostnames (*.bitnet, *.decnet, *.uucp, etc) 1065102528SgshapiroR<?> $* < @ $* $=P > $: <OKR> $1 < @ $2 $3 > 1066102528SgshapiroR<?> $* < @ $j > $: <OKR> $1 < @ $j > 106790792SgshapiroR<?> $* < @ $+ > $: <? $(resolve $2 $: $2 <PERM> $) > $1 < @ $2 > 106890792SgshapiroR<? $* <$->> $* < @ $+ > 106990792Sgshapiro $: <$2> $3 < @ $4 > 107090792Sgshapiro 107190792Sgshapiro 107290792Sgshapiro# handle case of no @domain on address 107390792SgshapiroR<?> $* $: $&{daemon_flags} $| <?> $1 107490792SgshapiroR$* u $* $| <?> $* $: <OKR> $3 107590792SgshapiroR$* $| $* $: $2 1076110560SgshapiroR<?> $* $: < ? $&{client_addr} > $1 1077102528SgshapiroR<?> $* $@ <OKR> ...local unqualed ok 107890792SgshapiroR<? $+> $* $#error $@ 5.5.4 $: "553 Domain name required for sender address " $&f 107990792Sgshapiro ...remote is not 108090792Sgshapiro# check results 108190792SgshapiroR<?> $* $: @ $1 mark address: nothing known about it 1082168515SgshapiroR<$={ResOk}> $* $: @ $2 domain ok 108390792SgshapiroR<TEMP> $* $#error $@ 4.1.8 $: "451 Domain of sender address " $&f " does not resolve" 108490792SgshapiroR<PERM> $* $#error $@ 5.1.8 $: "553 Domain of sender address " $&f " does not exist" 108590792Sgshapiro 1086168515Sgshapiro 1087168515Sgshapiro 108890792Sgshapiro###################################################################### 108990792Sgshapiro### check_rcpt -- check SMTP `RCPT TO:' command argument 109090792Sgshapiro###################################################################### 109190792Sgshapiro 109290792SgshapiroSLocal_check_rcpt 109390792SgshapiroScheck_rcpt 109490792SgshapiroR$* $: $1 $| $>"Local_check_rcpt" $1 109590792SgshapiroR$* $| $#$* $#$2 109690792SgshapiroR$* $| $* $@ $>"Basic_check_rcpt" $1 109790792Sgshapiro 109890792SgshapiroSBasic_check_rcpt 109990792Sgshapiro# empty address? 110090792SgshapiroR<> $#error $@ nouser $: "553 User address required" 110190792SgshapiroR$@ $#error $@ nouser $: "553 User address required" 110290792Sgshapiro# check for deferred delivery mode 110398121SgshapiroR$* $: < $&{deliveryMode} > $1 110490792SgshapiroR< d > $* $@ deferred 110590792SgshapiroR< $* > $* $: $2 110690792Sgshapiro 110790792Sgshapiro 110890792Sgshapiro###################################################################### 110990792SgshapiroR$* $: $1 $| @ $>"Rcpt_ok" $1 111090792SgshapiroR$* $| @ $#TEMP $+ $: $1 $| T $2 111190792SgshapiroR$* $| @ $#$* $#$2 111290792SgshapiroR$* $| @ RELAY $@ RELAY 111390792SgshapiroR$* $| @ $* $: O $| $>"Relay_ok" $1 111490792SgshapiroR$* $| T $+ $: T $2 $| $>"Relay_ok" $1 111590792SgshapiroR$* $| $#TEMP $+ $#error $2 111690792SgshapiroR$* $| $#$* $#$2 111790792SgshapiroR$* $| RELAY $@ RELAY 111890792SgshapiroR T $+ $| $* $#error $1 111990792Sgshapiro# anything else is bogus 112090792SgshapiroR$* $#error $@ 5.7.1 $: "550 Relaying denied" 112190792Sgshapiro 112290792Sgshapiro 112390792Sgshapiro###################################################################### 112490792Sgshapiro### Rcpt_ok: is the recipient ok? 112590792Sgshapiro###################################################################### 112690792SgshapiroSRcpt_ok 112790792SgshapiroR$* $: $>ParseRecipient $1 strip relayable hosts 112890792Sgshapiro 112990792Sgshapiro 113090792Sgshapiro 113190792Sgshapiro 113290792Sgshapiro# authenticated via TLS? 113390792SgshapiroR$* $: $1 $| $>RelayTLS client authenticated? 113490792SgshapiroR$* $| $# $+ $# $2 error/ok? 113590792SgshapiroR$* $| $* $: $1 no 113690792Sgshapiro 113790792SgshapiroR$* $: $1 $| $>"Local_Relay_Auth" $&{auth_type} 113890792SgshapiroR$* $| $# $* $# $2 113990792SgshapiroR$* $| NO $: $1 114090792SgshapiroR$* $| $* $: $1 $| $&{auth_type} 114190792SgshapiroR$* $| $: $1 114290792SgshapiroR$* $| $={TrustAuthMech} $# RELAY 114390792SgshapiroR$* $| $* $: $1 114490792Sgshapiro# anything terminating locally is ok 114590792SgshapiroR$+ < @ $=w > $@ RELAY 114690792SgshapiroR$+ < @ $* $=R > $@ RELAY 114790792Sgshapiro 114890792Sgshapiro 114990792Sgshapiro 1150132943Sgshapiro 115190792Sgshapiro# check for local user (i.e. unqualified address) 115290792SgshapiroR$* $: <?> $1 115390792SgshapiroR<?> $* < @ $+ > $: <REMOTE> $1 < @ $2 > 115490792Sgshapiro# local user is ok 115590792SgshapiroR<?> $+ $@ RELAY 115690792SgshapiroR<$+> $* $: $2 115790792Sgshapiro 115890792Sgshapiro###################################################################### 115990792Sgshapiro### Relay_ok: is the relay/sender ok? 116090792Sgshapiro###################################################################### 116190792SgshapiroSRelay_ok 116290792Sgshapiro# anything originating locally is ok 116390792Sgshapiro# check IP address 116490792SgshapiroR$* $: $&{client_addr} 116590792SgshapiroR$@ $@ RELAY originated locally 116690792SgshapiroR0 $@ RELAY originated locally 1167110560SgshapiroR127.0.0.1 $@ RELAY originated locally 1168285303SgshapiroRIPv6:0:0:0:0:0:0:0:1 $@ RELAY originated locally 1169110560SgshapiroRIPv6:::1 $@ RELAY originated locally 117090792SgshapiroR$=R $* $@ RELAY relayable IP address 117190792SgshapiroR$* $: [ $1 ] put brackets around it... 117290792SgshapiroR$=w $@ RELAY ... and see if it is local 117390792Sgshapiro 117490792Sgshapiro 117590792Sgshapiro# check client name: first: did it resolve? 117690792SgshapiroR$* $: < $&{client_resolve} > 1177132943SgshapiroR<TEMP> $#TEMP $@ 4.4.0 $: "450 Relaying temporarily denied. Cannot resolve PTR record for " $&{client_addr} 117890792SgshapiroR<FORGED> $#error $@ 5.7.1 $: "550 Relaying denied. IP name possibly forged " $&{client_name} 117990792SgshapiroR<FAIL> $#error $@ 5.7.1 $: "550 Relaying denied. IP name lookup failed " $&{client_name} 118090792SgshapiroR$* $: <@> $&{client_name} 118190792Sgshapiro# pass to name server to make hostname canonical 118290792SgshapiroR<@> $* $=P $:<?> $1 $2 118390792SgshapiroR<@> $+ $:<?> $[ $1 $] 118490792SgshapiroR$* . $1 strip trailing dots 118590792SgshapiroR<?> $=w $@ RELAY 118690792SgshapiroR<?> $* $=R $@ RELAY 118790792Sgshapiro 118890792Sgshapiro 118990792Sgshapiro 119090792Sgshapiro 1191168515Sgshapiro 119290792Sgshapiro###################################################################### 119390792Sgshapiro### trust_auth: is user trusted to authenticate as someone else? 119490792Sgshapiro### 119590792Sgshapiro### Parameters: 119690792Sgshapiro### $1: AUTH= parameter from MAIL command 119790792Sgshapiro###################################################################### 119890792Sgshapiro 119990792SgshapiroSLocal_trust_auth 120090792SgshapiroStrust_auth 120190792SgshapiroR$* $: $&{auth_type} $| $1 120290792Sgshapiro# required by RFC 2554 section 4. 120390792SgshapiroR$@ $| $* $#error $@ 5.7.1 $: "550 not authenticated" 120490792SgshapiroR$* $| $&{auth_authen} $@ identical 120590792SgshapiroR$* $| <$&{auth_authen}> $@ identical 1206120256SgshapiroR$* $| $* $: $1 $| $>"Local_trust_auth" $2 120790792SgshapiroR$* $| $#$* $#$2 120890792SgshapiroR$* $#error $@ 5.7.1 $: "550 " $&{auth_authen} " not allowed to act as " $&{auth_author} 120990792Sgshapiro 121090792Sgshapiro###################################################################### 121190792Sgshapiro### Relay_Auth: allow relaying based on authentication? 121290792Sgshapiro### 121390792Sgshapiro### Parameters: 121490792Sgshapiro### $1: ${auth_type} 121590792Sgshapiro###################################################################### 121690792SgshapiroSLocal_Relay_Auth 121790792Sgshapiro 1218132943Sgshapiro###################################################################### 1219132943Sgshapiro### srv_features: which features to offer to a client? 1220132943Sgshapiro### (done in server) 1221132943Sgshapiro###################################################################### 1222132943SgshapiroSsrv_features 122390792Sgshapiro 122490792Sgshapiro 122590792Sgshapiro###################################################################### 1226132943Sgshapiro### try_tls: try to use STARTTLS? 1227132943Sgshapiro### (done in client) 1228132943Sgshapiro###################################################################### 1229132943SgshapiroStry_tls 1230132943Sgshapiro 1231132943Sgshapiro 1232132943Sgshapiro###################################################################### 1233132943Sgshapiro### tls_rcpt: is connection with server "good" enough? 1234132943Sgshapiro### (done in client, per recipient) 1235132943Sgshapiro### 1236132943Sgshapiro### Parameters: 1237132943Sgshapiro### $1: recipient 1238132943Sgshapiro###################################################################### 1239132943SgshapiroStls_rcpt 1240132943Sgshapiro 1241132943Sgshapiro 1242132943Sgshapiro###################################################################### 124390792Sgshapiro### tls_client: is connection with client "good" enough? 124490792Sgshapiro### (done in server) 124590792Sgshapiro### 124690792Sgshapiro### Parameters: 124790792Sgshapiro### ${verify} $| (MAIL|STARTTLS) 124890792Sgshapiro###################################################################### 124990792SgshapiroStls_client 125090792SgshapiroR$* $| $* $@ $>"TLS_connection" $1 125190792Sgshapiro 125290792Sgshapiro###################################################################### 125390792Sgshapiro### tls_server: is connection with server "good" enough? 125490792Sgshapiro### (done in client) 125590792Sgshapiro### 125690792Sgshapiro### Parameter: 125790792Sgshapiro### ${verify} 125890792Sgshapiro###################################################################### 125990792SgshapiroStls_server 126090792SgshapiroR$* $@ $>"TLS_connection" $1 126190792Sgshapiro 126290792Sgshapiro###################################################################### 126390792Sgshapiro### TLS_connection: is TLS connection "good" enough? 126490792Sgshapiro### 126590792Sgshapiro### Parameters: 126690792Sgshapiro### ${verify} 126790792Sgshapiro### Requirement: RHS from access map, may be ? for none. 126890792Sgshapiro###################################################################### 126990792SgshapiroSTLS_connection 127090792SgshapiroRSOFTWARE $#error $@ 4.7.0 $: "403 TLS handshake." 127190792Sgshapiro 127290792Sgshapiro 1273285303Sgshapiro 1274285303Sgshapiro 127590792Sgshapiro###################################################################### 127690792Sgshapiro### RelayTLS: allow relaying based on TLS authentication 127790792Sgshapiro### 127890792Sgshapiro### Parameters: 127990792Sgshapiro### none 128090792Sgshapiro###################################################################### 128190792SgshapiroSRelayTLS 128290792Sgshapiro# authenticated? 128390792Sgshapiro 128490792Sgshapiro###################################################################### 128590792Sgshapiro### authinfo: lookup authinfo in the access map 128690792Sgshapiro### 128790792Sgshapiro### Parameters: 128890792Sgshapiro### $1: {server_name} 128990792Sgshapiro### $2: {server_addr} 129090792Sgshapiro###################################################################### 129190792SgshapiroSauthinfo 129290792Sgshapiro 129390792Sgshapiro 129490792Sgshapiro 129590792Sgshapiro 1296132943Sgshapiro 1297132943Sgshapiro 1298132943Sgshapiro 1299132943Sgshapiro 130090792SgshapiroSLocal_localaddr 130190792SgshapiroR$+ $: $>ParseRecipient $1 130290792SgshapiroR$* < @ $+ > $* $#relay $@ ${MTAHost} $: $1 < @ $2 > $3 130390792Sgshapiro# DECnet 130490792SgshapiroR$+ :: $+ $#relay $@ ${MTAHost} $: $1 :: $2 130590792SgshapiroR$* $#relay $@ ${MTAHost} $: $1 < @ $j > 130690792Sgshapiro# 130790792Sgshapiro###################################################################### 130890792Sgshapiro###################################################################### 130990792Sgshapiro##### 131090792Sgshapiro##### MAIL FILTER DEFINITIONS 131190792Sgshapiro##### 131290792Sgshapiro###################################################################### 131390792Sgshapiro###################################################################### 131490792Sgshapiro 131590792Sgshapiro# 131690792Sgshapiro###################################################################### 131790792Sgshapiro###################################################################### 131890792Sgshapiro##### 131990792Sgshapiro##### MAILER DEFINITIONS 132090792Sgshapiro##### 132190792Sgshapiro###################################################################### 132290792Sgshapiro###################################################################### 132390792Sgshapiro 132490792Sgshapiro 132590792Sgshapiro################################################## 132690792Sgshapiro### Local and Program Mailer specification ### 132790792Sgshapiro################################################## 132890792Sgshapiro 1329266692Sgshapiro##### $Id: local.m4,v 8.60 2013-11-22 20:51:14 ca Exp $ ##### 133090792Sgshapiro 133190792Sgshapiro# 133290792Sgshapiro# Envelope sender rewriting 133390792Sgshapiro# 133490792SgshapiroSEnvFromL 133590792SgshapiroR<@> $n errors to mailer-daemon 133690792SgshapiroR@ <@ $*> $n temporarily bypass Sun bogosity 133790792SgshapiroR$+ $: $>AddDomain $1 add local domain if needed 133890792SgshapiroR$* $: $>MasqEnv $1 do masquerading 133990792Sgshapiro 134090792Sgshapiro# 134190792Sgshapiro# Envelope recipient rewriting 134290792Sgshapiro# 134390792SgshapiroSEnvToL 134490792SgshapiroR$+ < @ $* > $: $1 strip host part 134590792SgshapiroR$+ + $* $: < $&{addr_type} > $1 + $2 mark with addr type 134690792SgshapiroR<e s> $+ + $* $: $1 remove +detail for sender 134790792SgshapiroR< $* > $+ $: $2 else remove mark 134890792Sgshapiro 134990792Sgshapiro# 135090792Sgshapiro# Header sender rewriting 135190792Sgshapiro# 135290792SgshapiroSHdrFromL 135390792SgshapiroR<@> $n errors to mailer-daemon 135490792SgshapiroR@ <@ $*> $n temporarily bypass Sun bogosity 135590792SgshapiroR$+ $: $>AddDomain $1 add local domain if needed 135690792SgshapiroR$* $: $>MasqHdr $1 do masquerading 135790792Sgshapiro 135890792Sgshapiro# 135990792Sgshapiro# Header recipient rewriting 136090792Sgshapiro# 136190792SgshapiroSHdrToL 136290792SgshapiroR$+ $: $>AddDomain $1 add local domain if needed 136390792SgshapiroR$* < @ *LOCAL* > $* $: $1 < @ $j . > $2 136490792Sgshapiro 136590792Sgshapiro# 136690792Sgshapiro# Common code to add local domain name (only if always-add-domain) 136790792Sgshapiro# 136890792SgshapiroSAddDomain 136990792Sgshapiro 137090792SgshapiroMlocal, P=[IPC], F=lmDFMuXkw5, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL, 137190792Sgshapiro T=DNS/RFC822/SMTP, 137290792Sgshapiro A=TCP $h 137390792SgshapiroMprog, P=[IPC], F=lmDFMuXk5, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL, D=$z:/, 137490792Sgshapiro T=X-Unix/X-Unix/X-Unix, 137590792Sgshapiro A=TCP $h 137690792Sgshapiro 137790792Sgshapiro##################################### 137890792Sgshapiro### SMTP Mailer specification ### 137990792Sgshapiro##################################### 138090792Sgshapiro 1381266692Sgshapiro##### $Id: smtp.m4,v 8.66 2013-11-22 20:51:14 ca Exp $ ##### 138290792Sgshapiro 138390792Sgshapiro# 138490792Sgshapiro# common sender and masquerading recipient rewriting 138590792Sgshapiro# 138690792SgshapiroSMasqSMTP 138790792SgshapiroR$* < @ $* > $* $@ $1 < @ $2 > $3 already fully qualified 138890792SgshapiroR$+ $@ $1 < @ *LOCAL* > add local qualification 138990792Sgshapiro 139090792Sgshapiro# 139190792Sgshapiro# convert pseudo-domain addresses to real domain addresses 139290792Sgshapiro# 139390792SgshapiroSPseudoToReal 139490792Sgshapiro 139590792Sgshapiro# pass <route-addr>s through 139690792SgshapiroR< @ $+ > $* $@ < @ $1 > $2 resolve <route-addr> 139790792Sgshapiro 139890792Sgshapiro# output fake domains as user%fake@relay 139990792Sgshapiro 140090792Sgshapiro# do UUCP heuristics; note that these are shared with UUCP mailers 140190792SgshapiroR$+ < @ $+ .UUCP. > $: < $2 ! > $1 convert to UUCP form 140290792SgshapiroR$+ < @ $* > $* $@ $1 < @ $2 > $3 not UUCP form 140390792Sgshapiro 140490792Sgshapiro# leave these in .UUCP form to avoid further tampering 140590792SgshapiroR< $&h ! > $- ! $+ $@ $2 < @ $1 .UUCP. > 140690792SgshapiroR< $&h ! > $-.$+ ! $+ $@ $3 < @ $1.$2 > 140790792SgshapiroR< $&h ! > $+ $@ $1 < @ $&h .UUCP. > 140890792SgshapiroR< $+ ! > $+ $: $1 ! $2 < @ $Y > use UUCP_RELAY 140990792SgshapiroR$+ < @ $~[ $* : $+ > $@ $1 < @ $4 > strip mailer: part 141090792SgshapiroR$+ < @ > $: $1 < @ *LOCAL* > if no UUCP_RELAY 141190792Sgshapiro 141290792Sgshapiro 141390792Sgshapiro# 141490792Sgshapiro# envelope sender rewriting 141590792Sgshapiro# 141690792SgshapiroSEnvFromSMTP 141790792SgshapiroR$+ $: $>PseudoToReal $1 sender/recipient common 141890792SgshapiroR$* :; <@> $@ list:; special case 141990792SgshapiroR$* $: $>MasqSMTP $1 qualify unqual'ed names 142090792SgshapiroR$+ $: $>MasqEnv $1 do masquerading 142190792Sgshapiro 142290792Sgshapiro 142390792Sgshapiro# 142490792Sgshapiro# envelope recipient rewriting -- 142590792Sgshapiro# also header recipient if not masquerading recipients 142690792Sgshapiro# 142790792SgshapiroSEnvToSMTP 142890792SgshapiroR$+ $: $>PseudoToReal $1 sender/recipient common 142990792SgshapiroR$+ $: $>MasqSMTP $1 qualify unqual'ed names 143090792SgshapiroR$* < @ *LOCAL* > $* $: $1 < @ $j . > $2 143190792Sgshapiro 143290792Sgshapiro# 143390792Sgshapiro# header sender and masquerading header recipient rewriting 143490792Sgshapiro# 143590792SgshapiroSHdrFromSMTP 143690792SgshapiroR$+ $: $>PseudoToReal $1 sender/recipient common 143790792SgshapiroR:; <@> $@ list:; special case 143890792Sgshapiro 143990792Sgshapiro# do special header rewriting 144090792SgshapiroR$* <@> $* $@ $1 <@> $2 pass null host through 144190792SgshapiroR< @ $* > $* $@ < @ $1 > $2 pass route-addr through 144290792SgshapiroR$* $: $>MasqSMTP $1 qualify unqual'ed names 144390792SgshapiroR$+ $: $>MasqHdr $1 do masquerading 144490792Sgshapiro 144590792Sgshapiro 144690792Sgshapiro# 144790792Sgshapiro# relay mailer header masquerading recipient rewriting 144890792Sgshapiro# 144990792SgshapiroSMasqRelay 145090792SgshapiroR$+ $: $>MasqSMTP $1 145190792SgshapiroR$+ $: $>MasqHdr $1 145290792Sgshapiro 145394334SgshapiroMsmtp, P=[IPC], F=mDFMuXk5, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990, 145490792Sgshapiro T=DNS/RFC822/SMTP, 145590792Sgshapiro A=TCP $h 145694334SgshapiroMesmtp, P=[IPC], F=mDFMuXak5, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990, 145790792Sgshapiro T=DNS/RFC822/SMTP, 145890792Sgshapiro A=TCP $h 145994334SgshapiroMsmtp8, P=[IPC], F=mDFMuX8k5, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990, 146090792Sgshapiro T=DNS/RFC822/SMTP, 146190792Sgshapiro A=TCP $h 146294334SgshapiroMdsmtp, P=[IPC], F=mDFMuXa%k5, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990, 146390792Sgshapiro T=DNS/RFC822/SMTP, 146490792Sgshapiro A=TCP $h 146594334SgshapiroMrelay, P=[IPC], F=mDFMuXa8k, S=EnvFromSMTP/HdrFromSMTP, R=MasqSMTP, E=\r\n, L=2040, 146690792Sgshapiro T=DNS/RFC822/SMTP, 146790792Sgshapiro A=TCP $h 146890792Sgshapiro 1469132943Sgshapiro### submit.mc ### 1470132943Sgshapiro# divert(-1) 1471132943Sgshapiro# # 1472285303Sgshapiro# # Copyright (c) 2001-2003, 2014 Proofpoint, Inc. and its suppliers. 1473132943Sgshapiro# # All rights reserved. 1474132943Sgshapiro# # 1475132943Sgshapiro# # By using this file, you agree to the terms and conditions set 1476132943Sgshapiro# # forth in the LICENSE file which can be found at the top level of 1477132943Sgshapiro# # the sendmail distribution. 1478132943Sgshapiro# # 1479132943Sgshapiro# # 1480132943Sgshapiro# 1481132943Sgshapiro# # 1482132943Sgshapiro# # This is the prototype file for a set-group-ID sm-msp sendmail that 1483132943Sgshapiro# # acts as a initial mail submission program. 1484132943Sgshapiro# # 1485132943Sgshapiro# 1486132943Sgshapiro# divert(0)dnl 1487266692Sgshapiro# VERSIONID(`$Id: submit.mc,v 8.15 2013-11-22 20:51:08 ca Exp $') 1488132943Sgshapiro# define(`confCF_VERSION', `Submit')dnl 1489132943Sgshapiro# define(`__OSTYPE__',`')dnl dirty hack to keep proto.m4 from complaining 1490132943Sgshapiro# define(`_USE_DECNET_SYNTAX_', `1')dnl support DECnet 1491132943Sgshapiro# define(`confTIME_ZONE', `USE_TZ')dnl 1492132943Sgshapiro# define(`confDONT_INIT_GROUPS', `True')dnl 1493132943Sgshapiro# dnl 1494285303Sgshapiro# dnl If you use IPv6 only, change [127.0.0.1] to [IPv6:0:0:0:0:0:0:0:1] 1495132943Sgshapiro# FEATURE(`msp', `[127.0.0.1]')dnl 1496