submit.cf revision 120256
1# 2# Copyright (c) 1998-2003 Sendmail, Inc. and its suppliers. 3# All rights reserved. 4# Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved. 5# Copyright (c) 1988, 1993 6# The Regents of the University of California. All rights reserved. 7# 8# By using this file, you agree to the terms and conditions set 9# forth in the LICENSE file which can be found at the top level of 10# the sendmail distribution. 11# 12# 13 14###################################################################### 15###################################################################### 16##### 17##### SENDMAIL CONFIGURATION FILE 18##### 19##### 20###################################################################### 21##### 22##### DO NOT EDIT THIS FILE! Only edit the source .mc file. 23##### 24###################################################################### 25###################################################################### 26 27##### $Id: cfhead.m4,v 8.108.2.3 2003/04/03 17:51:51 ca Exp $ ##### 28##### $Id: cf.m4,v 8.32 1999/02/07 07:26:14 gshapiro Exp $ ##### 29##### $Id: submit.mc,v 8.6.2.7 2003/09/10 22:11:56 ca Exp $ ##### 30##### $Id: msp.m4,v 1.32 2002/03/26 22:02:03 ca Exp $ ##### 31 32##### $Id: no_default_msa.m4,v 8.2 2001/02/14 05:03:22 gshapiro Exp $ ##### 33 34 35##### $Id: proto.m4,v 8.649.2.24 2003/08/04 21:14:26 ca Exp $ ##### 36 37# level 10 config file format 38V10/Berkeley 39 40# override file safeties - setting this option compromises system security, 41# addressing the actual file configuration problem is preferred 42# need to set this before any file actions are encountered in the cf file 43#O DontBlameSendmail=safe 44 45# default LDAP map specification 46# need to set this now before any LDAP maps are defined 47#O LDAPDefaultSpec=-h localhost 48 49################## 50# local info # 51################## 52 53# my LDAP cluster 54# need to set this before any LDAP lookups are done (including classes) 55#D{sendmailMTACluster}$m 56 57Cwlocalhost 58 59# my official domain name 60# ... define this only if sendmail cannot automatically determine your domain 61#Dj$w.Foo.COM 62 63CP. 64 65# "Smart" relay host (may be null) 66DS 67 68 69# operators that cannot be in local usernames (i.e., network indicators) 70CO @ % ! 71 72# a class with just dot (for identifying canonical names) 73C.. 74 75# a class with just a left bracket (for identifying domain literals) 76C[[ 77 78 79# Resolve map (to check if a host exists in check_mail) 80Kresolve host -a<OKR> -T<TEMP> 81C{ResOk}OKR 82 83 84# Hosts for which relaying is permitted ($=R) 85FR-o /etc/mail/relay-domains 86 87# arithmetic map 88Karith arith 89 90 91 92 93 94# dequoting map 95Kdequote dequote 96 97# class E: names that should be exposed as from this host, even if we masquerade 98# class L: names that should be delivered locally, even if we have a relay 99# class M: domains that should be converted to $M 100# class N: domains that should not be converted to $M 101#CL root 102 103 104 105# my name for error messages 106DnMAILER-DAEMON 107 108 109D{MTAHost}[127.0.0.1] 110 111 112# Configuration version number 113DZ8.12.10/Submit 114 115 116############### 117# Options # 118############### 119 120# strip message body to 7 bits on input? 121O SevenBitInput=False 122 123# 8-bit data handling 124#O EightBitMode=pass8 125 126# wait for alias file rebuild (default units: minutes) 127O AliasWait=10 128 129# location of alias file 130#O AliasFile=/etc/mail/aliases 131 132# minimum number of free blocks on filesystem 133O MinFreeBlocks=100 134 135# maximum message size 136#O MaxMessageSize=1000000 137 138# substitution for space (blank) characters 139O BlankSub=. 140 141# avoid connecting to "expensive" mailers on initial submission? 142O HoldExpensive=False 143 144# checkpoint queue runs after every N successful deliveries 145#O CheckpointInterval=10 146 147# default delivery mode 148O DeliveryMode=i 149 150# error message header/file 151#O ErrorHeader=/etc/mail/error-header 152 153# error mode 154#O ErrorMode=print 155 156# save Unix-style "From_" lines at top of header? 157#O SaveFromLine=False 158 159# queue file mode (qf files) 160O QueueFileMode=0660 161 162# temporary file mode 163O TempFileMode=0600 164 165# match recipients against GECOS field? 166#O MatchGECOS=False 167 168# maximum hop count 169#O MaxHopCount=25 170 171# location of help file 172O HelpFile=/etc/mail/helpfile 173 174# ignore dots as terminators in incoming messages? 175#O IgnoreDots=False 176 177# name resolver options 178#O ResolverOptions=+AAONLY 179 180# deliver MIME-encapsulated error messages? 181O SendMimeErrors=True 182 183# Forward file search path 184O ForwardPath 185 186# open connection cache size 187O ConnectionCacheSize=2 188 189# open connection cache timeout 190O ConnectionCacheTimeout=5m 191 192# persistent host status directory 193#O HostStatusDirectory=.hoststat 194 195# single thread deliveries (requires HostStatusDirectory)? 196#O SingleThreadDelivery=False 197 198# use Errors-To: header? 199O UseErrorsTo=False 200 201# log level 202O LogLevel=9 203 204# send to me too, even in an alias expansion? 205#O MeToo=True 206 207# verify RHS in newaliases? 208O CheckAliases=False 209 210# default messages to old style headers if no special punctuation? 211O OldStyleHeaders=True 212 213# SMTP daemon options 214 215O DaemonPortOptions=Name=NoMTA, Addr=127.0.0.1, M=E 216 217# SMTP client options 218#O ClientPortOptions=Family=inet, Address=0.0.0.0 219 220# Modifiers to define {daemon_flags} for direct submissions 221#O DirectSubmissionModifiers 222 223# Use as mail submission program? See sendmail/SECURITY 224O UseMSP=True 225 226# privacy flags 227O PrivacyOptions=goaway,noetrn,restrictqrun 228 229# who (if anyone) should get extra copies of error messages 230#O PostmasterCopy=Postmaster 231 232# slope of queue-only function 233#O QueueFactor=600000 234 235# limit on number of concurrent queue runners 236#O MaxQueueChildren 237 238# maximum number of queue-runners per queue-grouping with multiple queues 239#O MaxRunnersPerQueue=1 240 241# priority of queue runners (nice(3)) 242#O NiceQueueRun 243 244# shall we sort the queue by hostname first? 245#O QueueSortOrder=priority 246 247# minimum time in queue before retry 248#O MinQueueAge=30m 249 250# how many jobs can you process in the queue? 251#O MaxQueueRunSize=10000 252 253# perform initial split of envelope without checking MX records 254#O FastSplit=1 255 256# queue directory 257O QueueDirectory=/var/spool/clientmqueue 258 259# key for shared memory; 0 to turn off 260#O SharedMemoryKey=0 261 262 263 264# timeouts (many of these) 265#O Timeout.initial=5m 266#O Timeout.connect=5m 267#O Timeout.aconnect=0s 268#O Timeout.iconnect=5m 269#O Timeout.helo=5m 270#O Timeout.mail=10m 271#O Timeout.rcpt=1h 272#O Timeout.datainit=5m 273#O Timeout.datablock=1h 274#O Timeout.datafinal=1h 275#O Timeout.rset=5m 276#O Timeout.quit=2m 277#O Timeout.misc=2m 278#O Timeout.command=1h 279#O Timeout.ident=5s 280#O Timeout.fileopen=60s 281#O Timeout.control=2m 282O Timeout.queuereturn=5d 283#O Timeout.queuereturn.normal=5d 284#O Timeout.queuereturn.urgent=2d 285#O Timeout.queuereturn.non-urgent=7d 286 287O Timeout.queuewarn=4h 288#O Timeout.queuewarn.normal=4h 289#O Timeout.queuewarn.urgent=1h 290#O Timeout.queuewarn.non-urgent=12h 291 292#O Timeout.hoststatus=30m 293#O Timeout.resolver.retrans=5s 294#O Timeout.resolver.retrans.first=5s 295#O Timeout.resolver.retrans.normal=5s 296#O Timeout.resolver.retry=4 297#O Timeout.resolver.retry.first=4 298#O Timeout.resolver.retry.normal=4 299#O Timeout.lhlo=2m 300#O Timeout.auth=10m 301#O Timeout.starttls=1h 302 303# time for DeliverBy; extension disabled if less than 0 304#O DeliverByMin=0 305 306# should we not prune routes in route-addr syntax addresses? 307#O DontPruneRoutes=False 308 309# queue up everything before forking? 310O SuperSafe=True 311 312# status file 313O StatusFile=/var/spool/clientmqueue/sm-client.st 314 315# time zone handling: 316# if undefined, use system default 317# if defined but null, use TZ envariable passed in 318# if defined and non-null, use that info 319O TimeZoneSpec= 320 321# default UID (can be username or userid:groupid) 322#O DefaultUser=mailnull 323 324# list of locations of user database file (null means no lookup) 325#O UserDatabaseSpec=/etc/mail/userdb 326 327# fallback MX host 328#O FallbackMXhost=fall.back.host.net 329 330# if we are the best MX host for a site, try it directly instead of config err 331#O TryNullMXList=False 332 333# load average at which we just queue messages 334#O QueueLA=8 335 336# load average at which we refuse connections 337#O RefuseLA=12 338 339# load average at which we delay connections; 0 means no limit 340#O DelayLA=0 341 342# maximum number of children we allow at one time 343#O MaxDaemonChildren=0 344 345# maximum number of new connections per second 346#O ConnectionRateThrottle=0 347 348# work recipient factor 349#O RecipientFactor=30000 350 351# deliver each queued job in a separate process? 352#O ForkEachJob=False 353 354# work class factor 355#O ClassFactor=1800 356 357# work time factor 358#O RetryFactor=90000 359 360# default character set 361#O DefaultCharSet=iso-8859-1 362 363# service switch file (name hardwired on Solaris, Ultrix, OSF/1, others) 364#O ServiceSwitchFile=/etc/mail/service.switch 365 366# hosts file (normally /etc/hosts) 367#O HostsFile=/etc/hosts 368 369# dialup line delay on connection failure 370#O DialDelay=10s 371 372# action to take if there are no recipients in the message 373#O NoRecipientAction=add-to-undisclosed 374 375# chrooted environment for writing to files 376#O SafeFileEnvironment=/arch 377 378# are colons OK in addresses? 379#O ColonOkInAddr=True 380 381# shall I avoid expanding CNAMEs (violates protocols)? 382#O DontExpandCnames=False 383 384# SMTP initial login message (old $e macro) 385O SmtpGreetingMessage=$j Sendmail $v/$Z; $b 386 387# UNIX initial From header format (old $l macro) 388O UnixFromLine=From $g $d 389 390# From: lines that have embedded newlines are unwrapped onto one line 391#O SingleLineFromHeader=False 392 393# Allow HELO SMTP command that does not include a host name 394#O AllowBogusHELO=False 395 396# Characters to be quoted in a full name phrase (@,;:\()[] are automatic) 397#O MustQuoteChars=. 398 399# delimiter (operator) characters (old $o macro) 400O OperatorChars=.:%@!^/[]+ 401 402# shall I avoid calling initgroups(3) because of high NIS costs? 403O DontInitGroups=True 404 405# are group-writable :include: and .forward files (un)trustworthy? 406# True (the default) means they are not trustworthy. 407#O UnsafeGroupWrites=True 408 409 410# where do errors that occur when sending errors get sent? 411#O DoubleBounceAddress=postmaster 412 413# where to save bounces if all else fails 414#O DeadLetterDrop=/var/tmp/dead.letter 415 416# what user id do we assume for the majority of the processing? 417O RunAsUser=smmsp 418 419# maximum number of recipients per SMTP envelope 420#O MaxRecipientsPerMessage=100 421 422# limit the rate recipients per SMTP envelope are accepted 423# once the threshold number of recipients have been rejected 424#O BadRcptThrottle=20 425 426# shall we get local names from our installed interfaces? 427O DontProbeInterfaces=True 428 429# Return-Receipt-To: header implies DSN request 430#O RrtImpliesDsn=False 431 432# override connection address (for testing) 433#O ConnectOnlyTo=0.0.0.0 434 435# Trusted user for file ownership and starting the daemon 436O TrustedUser=smmsp 437 438# Control socket for daemon management 439#O ControlSocketName=/var/spool/mqueue/.control 440 441# Maximum MIME header length to protect MUAs 442#O MaxMimeHeaderLength=2048/1024 443 444# Maximum length of the sum of all headers 445#O MaxHeadersLength=32768 446 447# Maximum depth of alias recursion 448#O MaxAliasRecursion=10 449 450# location of pid file 451O PidFile=/var/spool/clientmqueue/sm-client.pid 452 453# Prefix string for the process title shown on 'ps' listings 454#O ProcessTitlePrefix=prefix 455 456# Data file (df) memory-buffer file maximum size 457#O DataFileBufferSize=4096 458 459# Transcript file (xf) memory-buffer file maximum size 460#O XscriptFileBufferSize=4096 461 462# lookup type to find information about local mailboxes 463#O MailboxDatabase=pw 464 465# list of authentication mechanisms 466#O AuthMechanisms=EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5 467 468# default authentication information for outgoing connections 469#O DefaultAuthInfo=/etc/mail/default-auth-info 470 471# SMTP AUTH flags 472#O AuthOptions 473 474# SMTP AUTH maximum encryption strength 475#O AuthMaxBits 476 477# SMTP STARTTLS server options 478#O TLSSrvOptions 479 480# Input mail filters 481#O InputMailFilters 482 483 484# CA directory 485#O CACertPath 486# CA file 487#O CACertFile 488# Server Cert 489#O ServerCertFile 490# Server private key 491#O ServerKeyFile 492# Client Cert 493#O ClientCertFile 494# Client private key 495#O ClientKeyFile 496# DHParameters (only required if DSA/DH is used) 497#O DHParameters 498# Random data source (required for systems without /dev/urandom under OpenSSL) 499#O RandFile 500 501############################ 502# QUEUE GROUP DEFINITIONS # 503############################ 504 505 506########################### 507# Message precedences # 508########################### 509 510Pfirst-class=0 511Pspecial-delivery=100 512Plist=-30 513Pbulk=-60 514Pjunk=-100 515 516##################### 517# Trusted users # 518##################### 519 520# this is equivalent to setting class "t" 521#Ft/etc/mail/trusted-users 522Troot 523Tdaemon 524Tuucp 525 526######################### 527# Format of headers # 528######################### 529 530H?P?Return-Path: <$g> 531HReceived: $?sfrom $s $.$?_($?s$|from $.$_) 532 $.$?{auth_type}(authenticated$?{auth_ssf} bits=${auth_ssf}$.) 533 $.by $j ($v/$Z)$?r with $r$. id $i$?{tls_version} 534 (version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify})$.$?u 535 for $u; $|; 536 $.$b 537H?D?Resent-Date: $a 538H?D?Date: $a 539H?F?Resent-From: $?x$x <$g>$|$g$. 540H?F?From: $?x$x <$g>$|$g$. 541H?x?Full-Name: $x 542# HPosted-Date: $a 543# H?l?Received-Date: $b 544H?M?Resent-Message-Id: <$t.$i@$j> 545H?M?Message-Id: <$t.$i@$j> 546 547# 548###################################################################### 549###################################################################### 550##### 551##### REWRITING RULES 552##### 553###################################################################### 554###################################################################### 555 556############################################ 557### Ruleset 3 -- Name Canonicalization ### 558############################################ 559Scanonify=3 560 561# handle null input (translate to <@> special case) 562R$@ $@ <@> 563 564# strip group: syntax (not inside angle brackets!) and trailing semicolon 565R$* $: $1 <@> mark addresses 566R$* < $* > $* <@> $: $1 < $2 > $3 unmark <addr> 567R@ $* <@> $: @ $1 unmark @host:... 568R$* [ IPv6 : $+ ] <@> $: $1 [ IPv6 : $2 ] unmark IPv6 addr 569R$* :: $* <@> $: $1 :: $2 unmark node::addr 570R:include: $* <@> $: :include: $1 unmark :include:... 571R$* : $* [ $* ] $: $1 : $2 [ $3 ] <@> remark if leading colon 572R$* : $* <@> $: $2 strip colon if marked 573R$* <@> $: $1 unmark 574R$* ; $1 strip trailing semi 575R$* < $+ :; > $* $@ $2 :; <@> catch <list:;> 576R$* < $* ; > $1 < $2 > bogus bracketed semi 577 578# null input now results from list:; syntax 579R$@ $@ :; <@> 580 581# strip angle brackets -- note RFC733 heuristic to get innermost item 582R$* $: < $1 > housekeeping <> 583R$+ < $* > < $2 > strip excess on left 584R< $* > $+ < $1 > strip excess on right 585R<> $@ < @ > MAIL FROM:<> case 586R< $+ > $: $1 remove housekeeping <> 587 588# strip route address <@a,@b,@c:user@d> -> <user@d> 589R@ $+ , $+ $2 590R@ [ $* ] : $+ $2 591R@ $+ : $+ $2 592 593# find focus for list syntax 594R $+ : $* ; @ $+ $@ $>Canonify2 $1 : $2 ; < @ $3 > list syntax 595R $+ : $* ; $@ $1 : $2; list syntax 596 597# find focus for @ syntax addresses 598R$+ @ $+ $: $1 < @ $2 > focus on domain 599R$+ < $+ @ $+ > $1 $2 < @ $3 > move gaze right 600R$+ < @ $+ > $@ $>Canonify2 $1 < @ $2 > already canonical 601 602 603# convert old-style addresses to a domain-based address 604R$- ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > resolve uucp names 605R$+ . $- ! $+ $@ $>Canonify2 $3 < @ $1 . $2 > domain uucps 606R$+ ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > uucp subdomains 607 608# convert node::user addresses into a domain-based address 609R$- :: $+ $@ $>Canonify2 $2 < @ $1 .DECNET > resolve DECnet names 610R$- . $- :: $+ $@ $>Canonify2 $3 < @ $1.$2 .DECNET > numeric DECnet addr 611 612# if we have % signs, take the rightmost one 613R$* % $* $1 @ $2 First make them all @s. 614R$* @ $* @ $* $1 % $2 @ $3 Undo all but the last. 615R$* @ $* $@ $>Canonify2 $1 < @ $2 > Insert < > and finish 616 617# else we must be a local name 618R$* $@ $>Canonify2 $1 619 620 621################################################ 622### Ruleset 96 -- bottom half of ruleset 3 ### 623################################################ 624 625SCanonify2=96 626 627# handle special cases for local names 628R$* < @ localhost > $* $: $1 < @ $j . > $2 no domain at all 629R$* < @ localhost . $m > $* $: $1 < @ $j . > $2 local domain 630R$* < @ localhost . UUCP > $* $: $1 < @ $j . > $2 .UUCP domain 631 632# check for IPv4/IPv6 domain literal 633R$* < @ [ $+ ] > $* $: $1 < @@ [ $2 ] > $3 mark [addr] 634R$* < @@ $=w > $* $: $1 < @ $j . > $3 self-literal 635R$* < @@ $+ > $* $@ $1 < @ $2 > $3 canon IP addr 636 637 638 639 640 641# if really UUCP, handle it immediately 642 643# try UUCP traffic as a local address 644R$* < @ $+ . UUCP > $* $: $1 < @ $[ $2 $] . UUCP . > $3 645R$* < @ $+ . . UUCP . > $* $@ $1 < @ $2 . > $3 646 647# hostnames ending in class P are always canonical 648R$* < @ $* $=P > $* $: $1 < @ $2 $3 . > $4 649R$* < @ $* $~P > $* $: $&{daemon_flags} $| $1 < @ $2 $3 > $4 650R$* CC $* $| $* < @ $+.$+ > $* $: $3 < @ $4.$5 . > $6 651R$* CC $* $| $* $: $3 652# pass to name server to make hostname canonical 653R$* $| $* < @ $* > $* $: $2 < @ $[ $3 $] > $4 654R$* $| $* $: $2 655 656# local host aliases and pseudo-domains are always canonical 657R$* < @ $=w > $* $: $1 < @ $2 . > $3 658R$* < @ $=M > $* $: $1 < @ $2 . > $3 659R$* < @ $* . . > $* $1 < @ $2 . > $3 660 661 662################################################## 663### Ruleset 4 -- Final Output Post-rewriting ### 664################################################## 665Sfinal=4 666 667R$+ :; <@> $@ $1 : handle <list:;> 668R$* <@> $@ handle <> and list:; 669 670# strip trailing dot off possibly canonical name 671R$* < @ $+ . > $* $1 < @ $2 > $3 672 673# eliminate internal code 674R$* < @ *LOCAL* > $* $1 < @ $j > $2 675 676# externalize local domain info 677R$* < $+ > $* $1 $2 $3 defocus 678R@ $+ : @ $+ : $+ @ $1 , @ $2 : $3 <route-addr> canonical 679R@ $* $@ @ $1 ... and exit 680 681# UUCP must always be presented in old form 682R$+ @ $- . UUCP $2!$1 u@h.UUCP => h!u 683 684# put DECnet back in :: form 685R$+ @ $+ . DECNET $2 :: $1 u@h.DECNET => h::u 686# delete duplicate local names 687R$+ % $=w @ $=w $1 @ $2 u%host@host => u@host 688 689 690 691############################################################## 692### Ruleset 97 -- recanonicalize and call ruleset zero ### 693### (used for recursive calls) ### 694############################################################## 695 696SRecurse=97 697R$* $: $>canonify $1 698R$* $@ $>parse $1 699 700 701###################################### 702### Ruleset 0 -- Parse Address ### 703###################################### 704 705Sparse=0 706 707R$* $: $>Parse0 $1 initial parsing 708R<@> $#local $: <@> special case error msgs 709R$* $: $>ParseLocal $1 handle local hacks 710R$* $: $>Parse1 $1 final parsing 711 712# 713# Parse0 -- do initial syntax checking and eliminate local addresses. 714# This should either return with the (possibly modified) input 715# or return with a #error mailer. It should not return with a 716# #mailer other than the #error mailer. 717# 718 719SParse0 720R<@> $@ <@> special case error msgs 721R$* : $* ; <@> $#error $@ 5.1.3 $: "553 List:; syntax illegal for recipient addresses" 722R@ <@ $* > < @ $1 > catch "@@host" bogosity 723R<@ $+> $#error $@ 5.1.3 $: "553 User address required" 724R$+ <@> $#error $@ 5.1.3 $: "553 Hostname required" 725R$* $: <> $1 726R<> $* < @ [ $* ] : $+ > $* $1 < @ [ $2 ] : $3 > $4 727R<> $* < @ [ $* ] , $+ > $* $1 < @ [ $2 ] , $3 > $4 728R<> $* < @ [ $* ] $+ > $* $#error $@ 5.1.2 $: "553 Invalid address" 729R<> $* < @ [ $+ ] > $* $1 < @ [ $2 ] > $3 730R<> $* <$* : $* > $* $#error $@ 5.1.3 $: "553 Colon illegal in host name part" 731R<> $* $1 732R$* < @ . $* > $* $#error $@ 5.1.2 $: "553 Invalid host name" 733R$* < @ $* .. $* > $* $#error $@ 5.1.2 $: "553 Invalid host name" 734R$* < @ $* @ > $* $#error $@ 5.1.2 $: "553 Invalid route address" 735R$* @ $* < @ $* > $* $#error $@ 5.1.3 $: "553 Invalid route address" 736R$* , $~O $* $#error $@ 5.1.3 $: "553 Invalid route address" 737 738 739# now delete the local info -- note $=O to find characters that cause forwarding 740R$* < @ > $* $@ $>Parse0 $>canonify $1 user@ => user 741R< @ $=w . > : $* $@ $>Parse0 $>canonify $2 @here:... -> ... 742R$- < @ $=w . > $: $(dequote $1 $) < @ $2 . > dequote "foo"@here 743R< @ $+ > $#error $@ 5.1.3 $: "553 User address required" 744R$* $=O $* < @ $=w . > $@ $>Parse0 $>canonify $1 $2 $3 ...@here -> ... 745R$- $: $(dequote $1 $) < @ *LOCAL* > dequote "foo" 746R< @ *LOCAL* > $#error $@ 5.1.3 $: "553 User address required" 747R$* $=O $* < @ *LOCAL* > 748 $@ $>Parse0 $>canonify $1 $2 $3 ...@*LOCAL* -> ... 749R$* < @ *LOCAL* > $: $1 750 751# 752# Parse1 -- the bottom half of ruleset 0. 753# 754 755SParse1 756 757# handle numeric address spec 758R$* < @ [ $+ ] > $* $: $>ParseLocal $1 < @ [ $2 ] > $3 numeric internet spec 759R$* < @ [ $+ ] > $* $: $1 < @ [ $2 ] : $S > $3 Add smart host to path 760R$* < @ [ $+ ] : > $* $#esmtp $@ [$2] $: $1 < @ [$2] > $3 no smarthost: send 761R$* < @ [ $+ ] : $- : $*> $* $#$3 $@ $4 $: $1 < @ [$2] > $5 smarthost with mailer 762R$* < @ [ $+ ] : $+ > $* $#esmtp $@ $3 $: $1 < @ [$2] > $4 smarthost without mailer 763 764 765# short circuit local delivery so forwarded email works 766 767 768R$=L < @ $=w . > $#local $: @ $1 special local names 769R$+ < @ $=w . > $#local $: $1 regular local name 770 771 772# resolve remotely connected UUCP links (if any) 773 774# resolve fake top level domains by forwarding to other hosts 775 776 777 778# pass names that still have a host to a smarthost (if defined) 779R$* < @ $* > $* $: $>MailerToTriple < $S > $1 < @ $2 > $3 glue on smarthost name 780 781# deal with other remote names 782R$* < @$* > $* $#esmtp $@ $2 $: $1 < @ $2 > $3 user@host.domain 783 784# handle locally delivered names 785R$=L $#local $: @ $1 special local names 786R$+ $#local $: $1 regular local names 787 788########################################################################### 789### Ruleset 5 -- special rewriting after aliases have been expanded ### 790########################################################################### 791 792SLocal_localaddr 793Slocaladdr=5 794R$+ $: $1 $| $>"Local_localaddr" $1 795R$+ $| $#ok $@ $1 no change 796R$+ $| $#$* $#$2 797R$+ $| $* $: $1 798 799 800 801 802# deal with plussed users so aliases work nicely 803R$+ + * $#local $@ $&h $: $1 804R$+ + $* $#local $@ + $2 $: $1 + * 805 806# prepend an empty "forward host" on the front 807R$+ $: <> $1 808 809 810 811R< > $+ $: < > < $1 <> $&h > nope, restore +detail 812 813R< > < $+ <> + $* > $: < > < $1 + $2 > check whether +detail 814R< > < $+ <> $* > $: < > < $1 > else discard 815R< > < $+ + $* > $* < > < $1 > + $2 $3 find the user part 816R< > < $+ > + $* $#local $@ $2 $: @ $1 strip the extra + 817R< > < $+ > $@ $1 no +detail 818R$+ $: $1 <> $&h add +detail back in 819 820R$+ <> + $* $: $1 + $2 check whether +detail 821R$+ <> $* $: $1 else discard 822R< local : $* > $* $: $>MailerToTriple < local : $1 > $2 no host extension 823R< error : $* > $* $: $>MailerToTriple < error : $1 > $2 no host extension 824 825R< $~[ : $+ > $+ $: $>MailerToTriple < $1 : $2 > $3 < @ $2 > 826 827R< $+ > $+ $@ $>MailerToTriple < $1 > $2 < @ $1 > 828 829 830################################################################### 831### Ruleset 95 -- canonify mailer:[user@]host syntax to triple ### 832################################################################### 833 834SMailerToTriple=95 835R< > $* $@ $1 strip off null relay 836R< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4 837R< error : $- : $+ > $* $#error $@ $(dequote $1 $) $: $2 838R< error : $+ > $* $#error $: $1 839R< local : $* > $* $>CanonLocal < $1 > $2 840R< $~[ : $+ @ $+ > $*<$*>$* $# $1 $@ $3 $: $2<@$3> use literal user 841R< $~[ : $+ > $* $# $1 $@ $2 $: $3 try qualified mailer 842R< $=w > $* $@ $2 delete local host 843R< $+ > $* $#relay $@ $1 $: $2 use unqualified mailer 844 845################################################################### 846### Ruleset CanonLocal -- canonify local: syntax ### 847################################################################### 848 849SCanonLocal 850# strip local host from routed addresses 851R< $* > < @ $+ > : $+ $@ $>Recurse $3 852R< $* > $+ $=O $+ < @ $+ > $@ $>Recurse $2 $3 $4 853 854# strip trailing dot from any host name that may appear 855R< $* > $* < @ $* . > $: < $1 > $2 < @ $3 > 856 857# handle local: syntax -- use old user, either with or without host 858R< > $* < @ $* > $* $#local $@ $1@$2 $: $1 859R< > $+ $#local $@ $1 $: $1 860 861# handle local:user@host syntax -- ignore host part 862R< $+ @ $+ > $* < @ $* > $: < $1 > $3 < @ $4 > 863 864# handle local:user syntax 865R< $+ > $* <@ $* > $* $#local $@ $2@$3 $: $1 866R< $+ > $* $#local $@ $2 $: $1 867 868################################################################### 869### Ruleset 93 -- convert header names to masqueraded form ### 870################################################################### 871 872SMasqHdr=93 873 874 875# do not masquerade anything in class N 876R$* < @ $* $=N . > $@ $1 < @ $2 $3 . > 877 878R$* < @ *LOCAL* > $@ $1 < @ $j . > 879 880################################################################### 881### Ruleset 94 -- convert envelope names to masqueraded form ### 882################################################################### 883 884SMasqEnv=94 885R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2 886 887################################################################### 888### Ruleset 98 -- local part of ruleset zero (can be null) ### 889################################################################### 890 891SParseLocal=98 892 893 894 895 896###################################################################### 897### CanonAddr -- Convert an address into a standard form for 898### relay checking. Route address syntax is 899### crudely converted into a %-hack address. 900### 901### Parameters: 902### $1 -- full recipient address 903### 904### Returns: 905### parsed address, not in source route form 906###################################################################### 907 908SCanonAddr 909R$* $: $>Parse0 $>canonify $1 make domain canonical 910 911 912###################################################################### 913### ParseRecipient -- Strip off hosts in $=R as well as possibly 914### $* $=m or the access database. 915### Check user portion for host separators. 916### 917### Parameters: 918### $1 -- full recipient address 919### 920### Returns: 921### parsed, non-local-relaying address 922###################################################################### 923 924SParseRecipient 925R$* $: <?> $>CanonAddr $1 926R<?> $* < @ $* . > <?> $1 < @ $2 > strip trailing dots 927R<?> $- < @ $* > $: <?> $(dequote $1 $) < @ $2 > dequote local part 928 929# if no $=O character, no host in the user portion, we are done 930R<?> $* $=O $* < @ $* > $: <NO> $1 $2 $3 < @ $4> 931R<?> $* $@ $1 932 933 934R<NO> $* < @ $* $=R > $: <RELAY> $1 < @ $2 $3 > 935 936 937 938R<RELAY> $* < @ $* > $@ $>ParseRecipient $1 939R<$+> $* $@ $2 940 941 942###################################################################### 943### check_relay -- check hostname/address on SMTP startup 944###################################################################### 945 946SLocal_check_relay 947Scheck_relay 948R$* $: $1 $| $>"Local_check_relay" $1 949R$* $| $* $| $#$* $#$3 950R$* $| $* $| $* $@ $>"Basic_check_relay" $1 $| $2 951 952SBasic_check_relay 953# check for deferred delivery mode 954R$* $: < $&{deliveryMode} > $1 955R< d > $* $@ deferred 956R< $* > $* $: $2 957 958 959 960 961###################################################################### 962### check_mail -- check SMTP `MAIL FROM:' command argument 963###################################################################### 964 965SLocal_check_mail 966Scheck_mail 967R$* $: $1 $| $>"Local_check_mail" $1 968R$* $| $#$* $#$2 969R$* $| $* $@ $>"Basic_check_mail" $1 970 971SBasic_check_mail 972# check for deferred delivery mode 973R$* $: < $&{deliveryMode} > $1 974R< d > $* $@ deferred 975R< $* > $* $: $2 976 977# authenticated? 978R$* $: $1 $| $>"tls_client" $&{verify} $| MAIL 979R$* $| $#$+ $#$2 980R$* $| $* $: $1 981 982R<> $@ <OK> we MUST accept <> (RFC 1123) 983R$+ $: <?> $1 984R<?><$+> $: <@> <$1> 985R<?>$+ $: <@> <$1> 986R$* $: $&{daemon_flags} $| $1 987R$* f $* $| <@> < $* @ $- > $: < ? $&{client_name} > < $3 @ $4 > 988R$* u $* $| <@> < $* > $: <?> < $3 > 989R$* $| $* $: $2 990# handle case of @localhost on address 991R<@> < $* @ localhost > $: < ? $&{client_name} > < $1 @ localhost > 992R<@> < $* @ [127.0.0.1] > 993 $: < ? $&{client_name} > < $1 @ [127.0.0.1] > 994R<@> < $* @ localhost.$m > 995 $: < ? $&{client_name} > < $1 @ localhost.$m > 996R<@> < $* @ localhost.UUCP > 997 $: < ? $&{client_name} > < $1 @ localhost.UUCP > 998R<@> $* $: $1 no localhost as domain 999R<? $=w> $* $: $2 local client: ok 1000R<? $+> <$+> $#error $@ 5.5.4 $: "553 Real domain name required for sender address" 1001R<?> $* $: $1 1002R$* $: <?> $>CanonAddr $1 canonify sender address and mark it 1003R<?> $* < @ $+ . > <?> $1 < @ $2 > strip trailing dots 1004# handle non-DNS hostnames (*.bitnet, *.decnet, *.uucp, etc) 1005R<?> $* < @ $* $=P > $: <OKR> $1 < @ $2 $3 > 1006R<?> $* < @ $j > $: <OKR> $1 < @ $j > 1007R<?> $* < @ $+ > $: <? $(resolve $2 $: $2 <PERM> $) > $1 < @ $2 > 1008R<? $* <$->> $* < @ $+ > 1009 $: <$2> $3 < @ $4 > 1010 1011 1012# handle case of no @domain on address 1013R<?> $* $: $&{daemon_flags} $| <?> $1 1014R$* u $* $| <?> $* $: <OKR> $3 1015R$* $| $* $: $2 1016R<?> $* $: < ? $&{client_addr} > $1 1017R<?> $* $@ <OKR> ...local unqualed ok 1018R<? $+> $* $#error $@ 5.5.4 $: "553 Domain name required for sender address " $&f 1019 ...remote is not 1020# check results 1021R<?> $* $: @ $1 mark address: nothing known about it 1022R<$={ResOk}> $* $@ <OKR> domain ok: stop 1023R<TEMP> $* $#error $@ 4.1.8 $: "451 Domain of sender address " $&f " does not resolve" 1024R<PERM> $* $#error $@ 5.1.8 $: "553 Domain of sender address " $&f " does not exist" 1025 1026###################################################################### 1027### check_rcpt -- check SMTP `RCPT TO:' command argument 1028###################################################################### 1029 1030SLocal_check_rcpt 1031Scheck_rcpt 1032R$* $: $1 $| $>"Local_check_rcpt" $1 1033R$* $| $#$* $#$2 1034R$* $| $* $@ $>"Basic_check_rcpt" $1 1035 1036SBasic_check_rcpt 1037# empty address? 1038R<> $#error $@ nouser $: "553 User address required" 1039R$@ $#error $@ nouser $: "553 User address required" 1040# check for deferred delivery mode 1041R$* $: < $&{deliveryMode} > $1 1042R< d > $* $@ deferred 1043R< $* > $* $: $2 1044 1045 1046###################################################################### 1047R$* $: $1 $| @ $>"Rcpt_ok" $1 1048R$* $| @ $#TEMP $+ $: $1 $| T $2 1049R$* $| @ $#$* $#$2 1050R$* $| @ RELAY $@ RELAY 1051R$* $| @ $* $: O $| $>"Relay_ok" $1 1052R$* $| T $+ $: T $2 $| $>"Relay_ok" $1 1053R$* $| $#TEMP $+ $#error $2 1054R$* $| $#$* $#$2 1055R$* $| RELAY $@ RELAY 1056R T $+ $| $* $#error $1 1057# anything else is bogus 1058R$* $#error $@ 5.7.1 $: "550 Relaying denied" 1059 1060 1061###################################################################### 1062### Rcpt_ok: is the recipient ok? 1063###################################################################### 1064SRcpt_ok 1065R$* $: $>ParseRecipient $1 strip relayable hosts 1066 1067 1068 1069 1070# authenticated via TLS? 1071R$* $: $1 $| $>RelayTLS client authenticated? 1072R$* $| $# $+ $# $2 error/ok? 1073R$* $| $* $: $1 no 1074 1075R$* $: $1 $| $>"Local_Relay_Auth" $&{auth_type} 1076R$* $| $# $* $# $2 1077R$* $| NO $: $1 1078R$* $| $* $: $1 $| $&{auth_type} 1079R$* $| $: $1 1080R$* $| $={TrustAuthMech} $# RELAY 1081R$* $| $* $: $1 1082# anything terminating locally is ok 1083R$+ < @ $=w > $@ RELAY 1084R$+ < @ $* $=R > $@ RELAY 1085 1086 1087 1088# check for local user (i.e. unqualified address) 1089R$* $: <?> $1 1090R<?> $* < @ $+ > $: <REMOTE> $1 < @ $2 > 1091# local user is ok 1092R<?> $+ $@ RELAY 1093R<$+> $* $: $2 1094 1095###################################################################### 1096### Relay_ok: is the relay/sender ok? 1097###################################################################### 1098SRelay_ok 1099# anything originating locally is ok 1100# check IP address 1101R$* $: $&{client_addr} 1102R$@ $@ RELAY originated locally 1103R0 $@ RELAY originated locally 1104R127.0.0.1 $@ RELAY originated locally 1105RIPv6:::1 $@ RELAY originated locally 1106R$=R $* $@ RELAY relayable IP address 1107R$* $: [ $1 ] put brackets around it... 1108R$=w $@ RELAY ... and see if it is local 1109 1110 1111# check client name: first: did it resolve? 1112R$* $: < $&{client_resolve} > 1113R<TEMP> $#TEMP $@ 4.7.1 $: "450 Relaying temporarily denied. Cannot resolve PTR record for " $&{client_addr} 1114R<FORGED> $#error $@ 5.7.1 $: "550 Relaying denied. IP name possibly forged " $&{client_name} 1115R<FAIL> $#error $@ 5.7.1 $: "550 Relaying denied. IP name lookup failed " $&{client_name} 1116R$* $: <@> $&{client_name} 1117# pass to name server to make hostname canonical 1118R<@> $* $=P $:<?> $1 $2 1119R<@> $+ $:<?> $[ $1 $] 1120R$* . $1 strip trailing dots 1121R<?> $=w $@ RELAY 1122R<?> $* $=R $@ RELAY 1123 1124 1125 1126 1127###################################################################### 1128### trust_auth: is user trusted to authenticate as someone else? 1129### 1130### Parameters: 1131### $1: AUTH= parameter from MAIL command 1132###################################################################### 1133 1134SLocal_trust_auth 1135Strust_auth 1136R$* $: $&{auth_type} $| $1 1137# required by RFC 2554 section 4. 1138R$@ $| $* $#error $@ 5.7.1 $: "550 not authenticated" 1139R$* $| $&{auth_authen} $@ identical 1140R$* $| <$&{auth_authen}> $@ identical 1141R$* $| $* $: $1 $| $>"Local_trust_auth" $2 1142R$* $| $#$* $#$2 1143R$* $#error $@ 5.7.1 $: "550 " $&{auth_authen} " not allowed to act as " $&{auth_author} 1144 1145###################################################################### 1146### Relay_Auth: allow relaying based on authentication? 1147### 1148### Parameters: 1149### $1: ${auth_type} 1150###################################################################### 1151SLocal_Relay_Auth 1152 1153 1154 1155###################################################################### 1156### tls_client: is connection with client "good" enough? 1157### (done in server) 1158### 1159### Parameters: 1160### ${verify} $| (MAIL|STARTTLS) 1161###################################################################### 1162Stls_client 1163R$* $| $* $@ $>"TLS_connection" $1 1164 1165###################################################################### 1166### tls_server: is connection with server "good" enough? 1167### (done in client) 1168### 1169### Parameter: 1170### ${verify} 1171###################################################################### 1172Stls_server 1173R$* $@ $>"TLS_connection" $1 1174 1175###################################################################### 1176### TLS_connection: is TLS connection "good" enough? 1177### 1178### Parameters: 1179### ${verify} 1180### Requirement: RHS from access map, may be ? for none. 1181###################################################################### 1182STLS_connection 1183RSOFTWARE $#error $@ 4.7.0 $: "403 TLS handshake." 1184 1185 1186###################################################################### 1187### RelayTLS: allow relaying based on TLS authentication 1188### 1189### Parameters: 1190### none 1191###################################################################### 1192SRelayTLS 1193# authenticated? 1194 1195###################################################################### 1196### authinfo: lookup authinfo in the access map 1197### 1198### Parameters: 1199### $1: {server_name} 1200### $2: {server_addr} 1201###################################################################### 1202Sauthinfo 1203 1204 1205 1206 1207SLocal_localaddr 1208R$+ $: $>ParseRecipient $1 1209R$* < @ $+ > $* $#relay $@ ${MTAHost} $: $1 < @ $2 > $3 1210# DECnet 1211R$+ :: $+ $#relay $@ ${MTAHost} $: $1 :: $2 1212R$* $#relay $@ ${MTAHost} $: $1 < @ $j > 1213# 1214###################################################################### 1215###################################################################### 1216##### 1217##### MAIL FILTER DEFINITIONS 1218##### 1219###################################################################### 1220###################################################################### 1221 1222# 1223###################################################################### 1224###################################################################### 1225##### 1226##### MAILER DEFINITIONS 1227##### 1228###################################################################### 1229###################################################################### 1230 1231 1232################################################## 1233### Local and Program Mailer specification ### 1234################################################## 1235 1236##### $Id: local.m4,v 8.58 2000/10/26 01:58:29 ca Exp $ ##### 1237 1238# 1239# Envelope sender rewriting 1240# 1241SEnvFromL 1242R<@> $n errors to mailer-daemon 1243R@ <@ $*> $n temporarily bypass Sun bogosity 1244R$+ $: $>AddDomain $1 add local domain if needed 1245R$* $: $>MasqEnv $1 do masquerading 1246 1247# 1248# Envelope recipient rewriting 1249# 1250SEnvToL 1251R$+ < @ $* > $: $1 strip host part 1252R$+ + $* $: < $&{addr_type} > $1 + $2 mark with addr type 1253R<e s> $+ + $* $: $1 remove +detail for sender 1254R< $* > $+ $: $2 else remove mark 1255 1256# 1257# Header sender rewriting 1258# 1259SHdrFromL 1260R<@> $n errors to mailer-daemon 1261R@ <@ $*> $n temporarily bypass Sun bogosity 1262R$+ $: $>AddDomain $1 add local domain if needed 1263R$* $: $>MasqHdr $1 do masquerading 1264 1265# 1266# Header recipient rewriting 1267# 1268SHdrToL 1269R$+ $: $>AddDomain $1 add local domain if needed 1270R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2 1271 1272# 1273# Common code to add local domain name (only if always-add-domain) 1274# 1275SAddDomain 1276 1277Mlocal, P=[IPC], F=lmDFMuXkw5, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL, 1278 T=DNS/RFC822/SMTP, 1279 A=TCP $h 1280Mprog, P=[IPC], F=lmDFMuXk5, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL, D=$z:/, 1281 T=X-Unix/X-Unix/X-Unix, 1282 A=TCP $h 1283 1284##################################### 1285### SMTP Mailer specification ### 1286##################################### 1287 1288##### $Id: smtp.m4,v 8.64 2001/04/03 01:52:54 gshapiro Exp $ ##### 1289 1290# 1291# common sender and masquerading recipient rewriting 1292# 1293SMasqSMTP 1294R$* < @ $* > $* $@ $1 < @ $2 > $3 already fully qualified 1295R$+ $@ $1 < @ *LOCAL* > add local qualification 1296 1297# 1298# convert pseudo-domain addresses to real domain addresses 1299# 1300SPseudoToReal 1301 1302# pass <route-addr>s through 1303R< @ $+ > $* $@ < @ $1 > $2 resolve <route-addr> 1304 1305# output fake domains as user%fake@relay 1306 1307# do UUCP heuristics; note that these are shared with UUCP mailers 1308R$+ < @ $+ .UUCP. > $: < $2 ! > $1 convert to UUCP form 1309R$+ < @ $* > $* $@ $1 < @ $2 > $3 not UUCP form 1310 1311# leave these in .UUCP form to avoid further tampering 1312R< $&h ! > $- ! $+ $@ $2 < @ $1 .UUCP. > 1313R< $&h ! > $-.$+ ! $+ $@ $3 < @ $1.$2 > 1314R< $&h ! > $+ $@ $1 < @ $&h .UUCP. > 1315R< $+ ! > $+ $: $1 ! $2 < @ $Y > use UUCP_RELAY 1316R$+ < @ $~[ $* : $+ > $@ $1 < @ $4 > strip mailer: part 1317R$+ < @ > $: $1 < @ *LOCAL* > if no UUCP_RELAY 1318 1319 1320# 1321# envelope sender rewriting 1322# 1323SEnvFromSMTP 1324R$+ $: $>PseudoToReal $1 sender/recipient common 1325R$* :; <@> $@ list:; special case 1326R$* $: $>MasqSMTP $1 qualify unqual'ed names 1327R$+ $: $>MasqEnv $1 do masquerading 1328 1329 1330# 1331# envelope recipient rewriting -- 1332# also header recipient if not masquerading recipients 1333# 1334SEnvToSMTP 1335R$+ $: $>PseudoToReal $1 sender/recipient common 1336R$+ $: $>MasqSMTP $1 qualify unqual'ed names 1337R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2 1338 1339# 1340# header sender and masquerading header recipient rewriting 1341# 1342SHdrFromSMTP 1343R$+ $: $>PseudoToReal $1 sender/recipient common 1344R:; <@> $@ list:; special case 1345 1346# do special header rewriting 1347R$* <@> $* $@ $1 <@> $2 pass null host through 1348R< @ $* > $* $@ < @ $1 > $2 pass route-addr through 1349R$* $: $>MasqSMTP $1 qualify unqual'ed names 1350R$+ $: $>MasqHdr $1 do masquerading 1351 1352 1353# 1354# relay mailer header masquerading recipient rewriting 1355# 1356SMasqRelay 1357R$+ $: $>MasqSMTP $1 1358R$+ $: $>MasqHdr $1 1359 1360Msmtp, P=[IPC], F=mDFMuXk5, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990, 1361 T=DNS/RFC822/SMTP, 1362 A=TCP $h 1363Mesmtp, P=[IPC], F=mDFMuXak5, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990, 1364 T=DNS/RFC822/SMTP, 1365 A=TCP $h 1366Msmtp8, P=[IPC], F=mDFMuX8k5, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990, 1367 T=DNS/RFC822/SMTP, 1368 A=TCP $h 1369Mdsmtp, P=[IPC], F=mDFMuXa%k5, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990, 1370 T=DNS/RFC822/SMTP, 1371 A=TCP $h 1372Mrelay, P=[IPC], F=mDFMuXa8k, S=EnvFromSMTP/HdrFromSMTP, R=MasqSMTP, E=\r\n, L=2040, 1373 T=DNS/RFC822/SMTP, 1374 A=TCP $h 1375 1376