submit.cf revision 90792
1# 2# Copyright (c) 1998-2001 Sendmail, Inc. and its suppliers. 3# All rights reserved. 4# Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved. 5# Copyright (c) 1988, 1993 6# The Regents of the University of California. All rights reserved. 7# 8# By using this file, you agree to the terms and conditions set 9# forth in the LICENSE file which can be found at the top level of 10# the sendmail distribution. 11# 12# 13 14###################################################################### 15###################################################################### 16##### 17##### SENDMAIL CONFIGURATION FILE 18##### 19##### 20###################################################################### 21##### 22##### DO NOT EDIT THIS FILE! Only edit the source .mc file. 23##### 24###################################################################### 25###################################################################### 26 27##### $Id: cfhead.m4,v 8.107 2001/07/22 03:25:37 ca Exp $ ##### 28##### $Id: cf.m4,v 8.32 1999/02/07 07:26:14 gshapiro Exp $ ##### 29##### $Id: submit.mc,v 8.5 2001/09/08 01:20:53 gshapiro Exp $ ##### 30##### $Id: msp.m4,v 1.29 2001/12/13 23:56:38 gshapiro Exp $ ##### 31 32##### $Id: no_default_msa.m4,v 8.2 2001/02/14 05:03:22 gshapiro Exp $ ##### 33 34 35##### $Id: proto.m4,v 8.628 2001/12/28 19:02:40 ca Exp $ ##### 36 37# level 10 config file format 38V10/Berkeley 39 40# override file safeties - setting this option compromises system security, 41# addressing the actual file configuration problem is preferred 42# need to set this before any file actions are encountered in the cf file 43#O DontBlameSendmail=safe 44 45# default LDAP map specification 46# need to set this now before any LDAP maps are defined 47#O LDAPDefaultSpec=-h localhost 48 49################## 50# local info # 51################## 52 53# my LDAP cluster 54# need to set this before any LDAP lookups are done (including classes) 55#D{sendmailMTACluster}$m 56 57Cwlocalhost 58 59# my official domain name 60# ... define this only if sendmail cannot automatically determine your domain 61#Dj$w.Foo.COM 62 63CP. 64 65# "Smart" relay host (may be null) 66DS 67 68 69# operators that cannot be in local usernames (i.e., network indicators) 70CO @ % ! 71 72# a class with just dot (for identifying canonical names) 73C.. 74 75# a class with just a left bracket (for identifying domain literals) 76C[[ 77 78 79# Resolve map (to check if a host exists in check_mail) 80Kresolve host -a<OKR> -T<TEMP> 81C{ResOk}OKR 82 83 84# Hosts for which relaying is permitted ($=R) 85FR-o /etc/mail/relay-domains 86 87# arithmetic map 88Karith arith 89 90 91 92 93 94# dequoting map 95Kdequote dequote 96 97# class E: names that should be exposed as from this host, even if we masquerade 98# class L: names that should be delivered locally, even if we have a relay 99# class M: domains that should be converted to $M 100# class N: domains that should not be converted to $M 101#CL root 102 103 104 105# my name for error messages 106DnMAILER-DAEMON 107 108 109D{MTAHost}localhost 110 111 112# Configuration version number 113DZ8.12.2/Submit 114 115 116############### 117# Options # 118############### 119 120# strip message body to 7 bits on input? 121O SevenBitInput=False 122 123# 8-bit data handling 124#O EightBitMode=pass8 125 126# wait for alias file rebuild (default units: minutes) 127O AliasWait=10 128 129# location of alias file 130O AliasFile 131 132# minimum number of free blocks on filesystem 133O MinFreeBlocks=100 134 135# maximum message size 136#O MaxMessageSize=1000000 137 138# substitution for space (blank) characters 139O BlankSub=. 140 141# avoid connecting to "expensive" mailers on initial submission? 142O HoldExpensive=False 143 144# checkpoint queue runs after every N successful deliveries 145#O CheckpointInterval=10 146 147# default delivery mode 148O DeliveryMode=i 149 150# error message header/file 151#O ErrorHeader=/etc/mail/error-header 152 153# error mode 154#O ErrorMode=print 155 156# save Unix-style "From_" lines at top of header? 157#O SaveFromLine=False 158 159# queue file mode (qf files) 160O QueueFileMode=0660 161 162# temporary file mode 163O TempFileMode=0600 164 165# match recipients against GECOS field? 166#O MatchGECOS=False 167 168# maximum hop count 169#O MaxHopCount=25 170 171# location of help file 172O HelpFile=/etc/mail/helpfile 173 174# ignore dots as terminators in incoming messages? 175#O IgnoreDots=False 176 177# name resolver options 178#O ResolverOptions=+AAONLY 179 180# deliver MIME-encapsulated error messages? 181O SendMimeErrors=True 182 183# Forward file search path 184O ForwardPath 185 186# open connection cache size 187O ConnectionCacheSize=2 188 189# open connection cache timeout 190O ConnectionCacheTimeout=5m 191 192# persistent host status directory 193#O HostStatusDirectory=.hoststat 194 195# single thread deliveries (requires HostStatusDirectory)? 196#O SingleThreadDelivery=False 197 198# use Errors-To: header? 199O UseErrorsTo=False 200 201# log level 202O LogLevel=9 203 204# send to me too, even in an alias expansion? 205#O MeToo=True 206 207# verify RHS in newaliases? 208O CheckAliases=False 209 210# default messages to old style headers if no special punctuation? 211O OldStyleHeaders=True 212 213# SMTP daemon options 214 215O DaemonPortOptions=Name=NoMTA, Addr=127.0.0.1, M=E 216 217# SMTP client options 218#O ClientPortOptions=Family=inet, Address=0.0.0.0 219 220# Modifiers to define {daemon_flags} for direct submissions 221#O DirectSubmissionModifiers 222 223# Use as mail submission program? See sendmail/SECURITY 224O UseMSP=True 225 226# privacy flags 227O PrivacyOptions=goaway,noetrn,restrictqrun 228 229# who (if anyone) should get extra copies of error messages 230#O PostmasterCopy=Postmaster 231 232# slope of queue-only function 233#O QueueFactor=600000 234 235# limit on number of concurrent queue runners 236#O MaxQueueChildren 237 238# maximum number of queue-runners per queue-grouping with multiple queues 239#O MaxRunnersPerQueue=1 240 241# priority of queue runners (nice(3)) 242#O NiceQueueRun 243 244# shall we sort the queue by hostname first? 245#O QueueSortOrder=priority 246 247# minimum time in queue before retry 248#O MinQueueAge=30m 249 250# how many jobs can you process in the queue? 251#O MaxQueueRunSize=10000 252 253# perform initial split of envelope without checking MX records 254#O FastSplit=1 255 256# queue directory 257O QueueDirectory=/var/spool/clientmqueue 258 259# key for shared memory; 0 to turn off 260#O SharedMemoryKey=0 261 262# timeouts (many of these) 263#O Timeout.initial=5m 264#O Timeout.connect=5m 265#O Timeout.aconnect=0s 266#O Timeout.iconnect=5m 267#O Timeout.helo=5m 268#O Timeout.mail=10m 269#O Timeout.rcpt=1h 270#O Timeout.datainit=5m 271#O Timeout.datablock=1h 272#O Timeout.datafinal=1h 273#O Timeout.rset=5m 274#O Timeout.quit=2m 275#O Timeout.misc=2m 276#O Timeout.command=1h 277#O Timeout.ident=5s 278#O Timeout.fileopen=60s 279#O Timeout.control=2m 280O Timeout.queuereturn=5d 281#O Timeout.queuereturn.normal=5d 282#O Timeout.queuereturn.urgent=2d 283#O Timeout.queuereturn.non-urgent=7d 284O Timeout.queuewarn=4h 285#O Timeout.queuewarn.normal=4h 286#O Timeout.queuewarn.urgent=1h 287#O Timeout.queuewarn.non-urgent=12h 288#O Timeout.hoststatus=30m 289#O Timeout.resolver.retrans=5s 290#O Timeout.resolver.retrans.first=5s 291#O Timeout.resolver.retrans.normal=5s 292#O Timeout.resolver.retry=4 293#O Timeout.resolver.retry.first=4 294#O Timeout.resolver.retry.normal=4 295#O Timeout.lhlo=2m 296#O Timeout.auth=10m 297#O Timeout.starttls=1h 298 299# time for DeliverBy; extension disabled if less than 0 300#O DeliverByMin=0 301 302# should we not prune routes in route-addr syntax addresses? 303#O DontPruneRoutes=False 304 305# queue up everything before forking? 306O SuperSafe=True 307 308# status file 309O StatusFile=/var/spool/clientmqueue/sm-client.st 310 311# time zone handling: 312# if undefined, use system default 313# if defined but null, use TZ envariable passed in 314# if defined and non-null, use that info 315#O TimeZoneSpec= 316 317# default UID (can be username or userid:groupid) 318#O DefaultUser=mailnull 319 320# list of locations of user database file (null means no lookup) 321#O UserDatabaseSpec=/etc/mail/userdb 322 323# fallback MX host 324#O FallbackMXhost=fall.back.host.net 325 326# if we are the best MX host for a site, try it directly instead of config err 327#O TryNullMXList=False 328 329# load average at which we just queue messages 330#O QueueLA=8 331 332# load average at which we refuse connections 333#O RefuseLA=12 334 335# load average at which we delay connections; 0 means no limit 336#O DelayLA=0 337 338# maximum number of children we allow at one time 339#O MaxDaemonChildren=12 340 341# maximum number of new connections per second 342#O ConnectionRateThrottle=0 343 344# work recipient factor 345#O RecipientFactor=30000 346 347# deliver each queued job in a separate process? 348#O ForkEachJob=False 349 350# work class factor 351#O ClassFactor=1800 352 353# work time factor 354#O RetryFactor=90000 355 356# default character set 357#O DefaultCharSet=iso-8859-1 358 359# service switch file (name hardwired on Solaris, Ultrix, OSF/1, others) 360#O ServiceSwitchFile=/etc/mail/service.switch 361 362# hosts file (normally /etc/hosts) 363#O HostsFile=/etc/hosts 364 365# dialup line delay on connection failure 366#O DialDelay=10s 367 368# action to take if there are no recipients in the message 369#O NoRecipientAction=add-to-undisclosed 370 371# chrooted environment for writing to files 372#O SafeFileEnvironment=/arch 373 374# are colons OK in addresses? 375#O ColonOkInAddr=True 376 377# shall I avoid expanding CNAMEs (violates protocols)? 378#O DontExpandCnames=False 379 380# SMTP initial login message (old $e macro) 381O SmtpGreetingMessage=$j Sendmail $v/$Z; $b 382 383# UNIX initial From header format (old $l macro) 384O UnixFromLine=From $g $d 385 386# From: lines that have embedded newlines are unwrapped onto one line 387#O SingleLineFromHeader=False 388 389# Allow HELO SMTP command that does not include a host name 390#O AllowBogusHELO=False 391 392# Characters to be quoted in a full name phrase (@,;:\()[] are automatic) 393#O MustQuoteChars=. 394 395# delimiter (operator) characters (old $o macro) 396O OperatorChars=.:%@!^/[]+ 397 398# shall I avoid calling initgroups(3) because of high NIS costs? 399#O DontInitGroups=False 400 401# are group-writable :include: and .forward files (un)trustworthy? 402# True (the default) means they are not trustworthy. 403#O UnsafeGroupWrites=True 404 405 406# where do errors that occur when sending errors get sent? 407#O DoubleBounceAddress=postmaster 408 409# where to save bounces if all else fails 410#O DeadLetterDrop=/var/tmp/dead.letter 411 412# what user id do we assume for the majority of the processing? 413O RunAsUser=smmsp 414 415# maximum number of recipients per SMTP envelope 416#O MaxRecipientsPerMessage=100 417 418# limit the rate recipients per SMTP envelope are accepted 419# once the threshold number of recipients have been rejected 420#O BadRcptThrottle=20 421 422# shall we get local names from our installed interfaces? 423O DontProbeInterfaces=True 424 425# Return-Receipt-To: header implies DSN request 426#O RrtImpliesDsn=False 427 428# override connection address (for testing) 429#O ConnectOnlyTo=0.0.0.0 430 431# Trusted user for file ownership and starting the daemon 432O TrustedUser=smmsp 433 434# Control socket for daemon management 435#O ControlSocketName=/var/spool/mqueue/.control 436 437# Maximum MIME header length to protect MUAs 438#O MaxMimeHeaderLength=0/0 439 440# Maximum length of the sum of all headers 441#O MaxHeadersLength=32768 442 443# Maximum depth of alias recursion 444#O MaxAliasRecursion=10 445 446# location of pid file 447O PidFile=/var/spool/clientmqueue/sm-client.pid 448 449# Prefix string for the process title shown on 'ps' listings 450#O ProcessTitlePrefix=prefix 451 452# Data file (df) memory-buffer file maximum size 453#O DataFileBufferSize=4096 454 455# Transcript file (xf) memory-buffer file maximum size 456#O XscriptFileBufferSize=4096 457 458# lookup type to find information about local mailboxes 459#O MailboxDatabase=pw 460 461# list of authentication mechanisms 462#O AuthMechanisms=EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5 463 464# default authentication information for outgoing connections 465#O DefaultAuthInfo=/etc/mail/default-auth-info 466 467# SMTP AUTH flags 468#O AuthOptions 469 470# SMTP AUTH maximum encryption strength 471#O AuthMaxBits 472 473# SMTP STARTTLS server options 474#O TLSSrvOptions 475 476# Input mail filters 477#O InputMailFilters 478 479 480 481# CA directory 482#O CACERTPath 483# CA file 484#O CACERTFile 485# Server Cert 486#O ServerCertFile 487# Server private key 488#O ServerKeyFile 489# Client Cert 490#O ClientCertFile 491# Client private key 492#O ClientKeyFile 493# DHParameters (only required if DSA/DH is used) 494#O DHParameters 495# Random data source (required for systems without /dev/urandom under OpenSSL) 496#O RandFile 497 498############################ 499# QUEUE GROUP DEFINITIONS # 500############################ 501 502 503########################### 504# Message precedences # 505########################### 506 507Pfirst-class=0 508Pspecial-delivery=100 509Plist=-30 510Pbulk=-60 511Pjunk=-100 512 513##################### 514# Trusted users # 515##################### 516 517# this is equivalent to setting class "t" 518#Ft/etc/mail/trusted-users 519Troot 520Tdaemon 521Tuucp 522 523######################### 524# Format of headers # 525######################### 526 527H?P?Return-Path: <$g> 528HReceived: $?sfrom $s $.$?_($?s$|from $.$_) 529 $.$?{auth_type}(authenticated$?{auth_ssf} bits=${auth_ssf}$.) 530 $.by $j ($v/$Z)$?r with $r$. id $i$?{tls_version} 531 (version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify})$.$?u 532 for $u; $|; 533 $.$b 534H?D?Resent-Date: $a 535H?D?Date: $a 536H?F?Resent-From: $?x$x <$g>$|$g$. 537H?F?From: $?x$x <$g>$|$g$. 538H?x?Full-Name: $x 539# HPosted-Date: $a 540# H?l?Received-Date: $b 541H?M?Resent-Message-Id: <$t.$i@$j> 542H?M?Message-Id: <$t.$i@$j> 543 544# 545###################################################################### 546###################################################################### 547##### 548##### REWRITING RULES 549##### 550###################################################################### 551###################################################################### 552 553############################################ 554### Ruleset 3 -- Name Canonicalization ### 555############################################ 556Scanonify=3 557 558# handle null input (translate to <@> special case) 559R$@ $@ <@> 560 561# strip group: syntax (not inside angle brackets!) and trailing semicolon 562R$* $: $1 <@> mark addresses 563R$* < $* > $* <@> $: $1 < $2 > $3 unmark <addr> 564R@ $* <@> $: @ $1 unmark @host:... 565R$* [ IPv6 : $+ ] <@> $: $1 [ IPv6 : $2 ] unmark IPv6 addr 566R$* :: $* <@> $: $1 :: $2 unmark node::addr 567R:include: $* <@> $: :include: $1 unmark :include:... 568R$* : $* [ $* ] $: $1 : $2 [ $3 ] <@> remark if leading colon 569R$* : $* <@> $: $2 strip colon if marked 570R$* <@> $: $1 unmark 571R$* ; $1 strip trailing semi 572R$* < $+ :; > $* $@ $2 :; <@> catch <list:;> 573R$* < $* ; > $1 < $2 > bogus bracketed semi 574 575# null input now results from list:; syntax 576R$@ $@ :; <@> 577 578# strip angle brackets -- note RFC733 heuristic to get innermost item 579R$* $: < $1 > housekeeping <> 580R$+ < $* > < $2 > strip excess on left 581R< $* > $+ < $1 > strip excess on right 582R<> $@ < @ > MAIL FROM:<> case 583R< $+ > $: $1 remove housekeeping <> 584 585# strip route address <@a,@b,@c:user@d> -> <user@d> 586R@ $+ , $+ $2 587R@ [ $* ] : $+ $2 588R@ $+ : $+ $2 589 590# find focus for list syntax 591R $+ : $* ; @ $+ $@ $>Canonify2 $1 : $2 ; < @ $3 > list syntax 592R $+ : $* ; $@ $1 : $2; list syntax 593 594# find focus for @ syntax addresses 595R$+ @ $+ $: $1 < @ $2 > focus on domain 596R$+ < $+ @ $+ > $1 $2 < @ $3 > move gaze right 597R$+ < @ $+ > $@ $>Canonify2 $1 < @ $2 > already canonical 598 599 600# convert old-style addresses to a domain-based address 601R$- ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > resolve uucp names 602R$+ . $- ! $+ $@ $>Canonify2 $3 < @ $1 . $2 > domain uucps 603R$+ ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > uucp subdomains 604 605# convert node::user addresses into a domain-based address 606R$- :: $+ $@ $>Canonify2 $2 < @ $1 .DECNET > resolve DECnet names 607R$- . $- :: $+ $@ $>Canonify2 $3 < @ $1.$2 .DECNET > numeric DECnet addr 608 609# if we have % signs, take the rightmost one 610R$* % $* $1 @ $2 First make them all @s. 611R$* @ $* @ $* $1 % $2 @ $3 Undo all but the last. 612R$* @ $* $@ $>Canonify2 $1 < @ $2 > Insert < > and finish 613 614# else we must be a local name 615R$* $@ $>Canonify2 $1 616 617 618################################################ 619### Ruleset 96 -- bottom half of ruleset 3 ### 620################################################ 621 622SCanonify2=96 623 624# handle special cases for local names 625R$* < @ localhost > $* $: $1 < @ $j . > $2 no domain at all 626R$* < @ localhost . $m > $* $: $1 < @ $j . > $2 local domain 627R$* < @ localhost . UUCP > $* $: $1 < @ $j . > $2 .UUCP domain 628 629# check for IPv4/IPv6 domain literal 630R$* < @ [ $+ ] > $* $: $1 < @@ [ $2 ] > $3 mark [addr] 631R$* < @@ $=w > $* $: $1 < @ $j . > $3 self-literal 632R$* < @@ $+ > $* $@ $1 < @ $2 > $3 canon IP addr 633 634 635 636 637 638# if really UUCP, handle it immediately 639 640# try UUCP traffic as a local address 641R$* < @ $+ . UUCP > $* $: $1 < @ $[ $2 $] . UUCP . > $3 642R$* < @ $+ . . UUCP . > $* $@ $1 < @ $2 . > $3 643 644# hostnames ending in class P are always canonical 645R$* < @ $* $=P > $* $: $1 < @ $2 $3 . > $4 646R$* < @ $* $~P > $* $: $&{daemon_flags} $| $1 < @ $2 $3 > $4 647R$* CC $* $| $* < @ $+.$+ > $* $: $3 < @ $4.$5 . > $6 648R$* CC $* $| $* $: $3 649# pass to name server to make hostname canonical 650R$* $| $* < @ $* > $* $: $2 < @ $[ $3 $] > $4 651R$* $| $* $: $2 652 653# local host aliases and pseudo-domains are always canonical 654R$* < @ $=w > $* $: $1 < @ $2 . > $3 655R$* < @ $=M > $* $: $1 < @ $2 . > $3 656R$* < @ $* . . > $* $1 < @ $2 . > $3 657 658 659################################################## 660### Ruleset 4 -- Final Output Post-rewriting ### 661################################################## 662Sfinal=4 663 664R$+ :; <@> $@ $1 : handle <list:;> 665R$* <@> $@ handle <> and list:; 666 667# strip trailing dot off possibly canonical name 668R$* < @ $+ . > $* $1 < @ $2 > $3 669 670# eliminate internal code 671R$* < @ *LOCAL* > $* $1 < @ $j > $2 672 673# externalize local domain info 674R$* < $+ > $* $1 $2 $3 defocus 675R@ $+ : @ $+ : $+ @ $1 , @ $2 : $3 <route-addr> canonical 676R@ $* $@ @ $1 ... and exit 677 678# UUCP must always be presented in old form 679R$+ @ $- . UUCP $2!$1 u@h.UUCP => h!u 680 681# put DECnet back in :: form 682R$+ @ $+ . DECNET $2 :: $1 u@h.DECNET => h::u 683# delete duplicate local names 684R$+ % $=w @ $=w $1 @ $2 u%host@host => u@host 685 686 687 688############################################################## 689### Ruleset 97 -- recanonicalize and call ruleset zero ### 690### (used for recursive calls) ### 691############################################################## 692 693SRecurse=97 694R$* $: $>canonify $1 695R$* $@ $>parse $1 696 697 698###################################### 699### Ruleset 0 -- Parse Address ### 700###################################### 701 702Sparse=0 703 704R$* $: $>Parse0 $1 initial parsing 705R<@> $#local $: <@> special case error msgs 706R$* $: $>ParseLocal $1 handle local hacks 707R$* $: $>Parse1 $1 final parsing 708 709# 710# Parse0 -- do initial syntax checking and eliminate local addresses. 711# This should either return with the (possibly modified) input 712# or return with a #error mailer. It should not return with a 713# #mailer other than the #error mailer. 714# 715 716SParse0 717R<@> $@ <@> special case error msgs 718R$* : $* ; <@> $#error $@ 5.1.3 $: "553 List:; syntax illegal for recipient addresses" 719R@ <@ $* > < @ $1 > catch "@@host" bogosity 720R<@ $+> $#error $@ 5.1.3 $: "553 User address required" 721R$+ <@> $#error $@ 5.1.3 $: "553 Hostname required" 722R$* $: <> $1 723R<> $* < @ [ $* ] : $+ > $* $1 < @ [ $2 ] : $3 > $4 724R<> $* < @ [ $* ] , $+ > $* $1 < @ [ $2 ] , $3 > $4 725R<> $* < @ [ $* ] $+ > $* $#error $@ 5.1.2 $: "553 Invalid address" 726R<> $* < @ [ $+ ] > $* $1 < @ [ $2 ] > $3 727R<> $* <$* : $* > $* $#error $@ 5.1.3 $: "553 Colon illegal in host name part" 728R<> $* $1 729R$* < @ . $* > $* $#error $@ 5.1.2 $: "553 Invalid host name" 730R$* < @ $* .. $* > $* $#error $@ 5.1.2 $: "553 Invalid host name" 731R$* < @ $* @ > $* $#error $@ 5.1.2 $: "553 Invalid route address" 732R$* @ $* < @ $* > $* $#error $@ 5.1.3 $: "553 Invalid route address" 733R$* , $~O $* $#error $@ 5.1.3 $: "553 Invalid route address" 734 735 736# now delete the local info -- note $=O to find characters that cause forwarding 737R$* < @ > $* $@ $>Parse0 $>canonify $1 user@ => user 738R< @ $=w . > : $* $@ $>Parse0 $>canonify $2 @here:... -> ... 739R$- < @ $=w . > $: $(dequote $1 $) < @ $2 . > dequote "foo"@here 740R< @ $+ > $#error $@ 5.1.3 $: "553 User address required" 741R$* $=O $* < @ $=w . > $@ $>Parse0 $>canonify $1 $2 $3 ...@here -> ... 742R$- $: $(dequote $1 $) < @ *LOCAL* > dequote "foo" 743R< @ *LOCAL* > $#error $@ 5.1.3 $: "553 User address required" 744R$* $=O $* < @ *LOCAL* > 745 $@ $>Parse0 $>canonify $1 $2 $3 ...@*LOCAL* -> ... 746R$* < @ *LOCAL* > $: $1 747 748# 749# Parse1 -- the bottom half of ruleset 0. 750# 751 752SParse1 753 754# handle numeric address spec 755R$* < @ [ $+ ] > $* $: $>ParseLocal $1 < @ [ $2 ] > $3 numeric internet spec 756R$* < @ [ $+ ] > $* $1 < @ [ $2 ] : $S > $3 Add smart host to path 757R$* < @ [ $+ ] : > $* $#esmtp $@ [$2] $: $1 < @ [$2] > $3 no smarthost: send 758R$* < @ [ $+ ] : $- : $*> $* $#$3 $@ $4 $: $1 < @ [$2] > $5 smarthost with mailer 759R$* < @ [ $+ ] : $+ > $* $#esmtp $@ $3 $: $1 < @ [$2] > $4 smarthost without mailer 760 761 762# short circuit local delivery so forwarded email works 763 764 765R$=L < @ $=w . > $#local $: @ $1 special local names 766R$+ < @ $=w . > $#local $: $1 regular local name 767 768 769# resolve remotely connected UUCP links (if any) 770 771# resolve fake top level domains by forwarding to other hosts 772 773 774 775# pass names that still have a host to a smarthost (if defined) 776R$* < @ $* > $* $: $>MailerToTriple < $S > $1 < @ $2 > $3 glue on smarthost name 777 778# deal with other remote names 779R$* < @$* > $* $#esmtp $@ $2 $: $1 < @ $2 > $3 user@host.domain 780 781# handle locally delivered names 782R$=L $#local $: @ $1 special local names 783R$+ $#local $: $1 regular local names 784 785########################################################################### 786### Ruleset 5 -- special rewriting after aliases have been expanded ### 787########################################################################### 788 789SLocal_localaddr 790Slocaladdr=5 791R$+ $: $1 $| $>"Local_localaddr" $1 792R$+ $| $#ok $@ $1 no change 793R$+ $| $#$* $#$2 794R$+ $| $* $: $1 795 796 797 798 799# deal with plussed users so aliases work nicely 800R$+ + * $#local $@ $&h $: $1 801R$+ + $* $#local $@ + $2 $: $1 + * 802 803# prepend an empty "forward host" on the front 804R$+ $: <> $1 805 806 807 808R< > $+ $: < > < $1 <> $&h > nope, restore +detail 809 810R< > < $+ <> + $* > $: < > < $1 + $2 > check whether +detail 811R< > < $+ <> $* > $: < > < $1 > else discard 812R< > < $+ + $* > $* < > < $1 > + $2 $3 find the user part 813R< > < $+ > + $* $#local $@ $2 $: @ $1 strip the extra + 814R< > < $+ > $@ $1 no +detail 815R$+ $: $1 <> $&h add +detail back in 816 817R$+ <> + $* $: $1 + $2 check whether +detail 818R$+ <> $* $: $1 else discard 819R< local : $* > $* $: $>MailerToTriple < local : $1 > $2 no host extension 820R< error : $* > $* $: $>MailerToTriple < error : $1 > $2 no host extension 821 822R< $~[ : $+ > $+ $: $>MailerToTriple < $1 : $2 > $3 < @ $2 > 823 824R< $+ > $+ $@ $>MailerToTriple < $1 > $2 < @ $1 > 825 826 827################################################################### 828### Ruleset 95 -- canonify mailer:[user@]host syntax to triple ### 829################################################################### 830 831SMailerToTriple=95 832R< > $* $@ $1 strip off null relay 833R< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4 834R< error : $- $+ > $* $#error $@ $(dequote $1 $) $: $2 835R< local : $* > $* $>CanonLocal < $1 > $2 836R< $~[ : $+ @ $+ > $*<$*>$* $# $1 $@ $3 $: $2<@$3> use literal user 837R< $~[ : $+ > $* $# $1 $@ $2 $: $3 try qualified mailer 838R< $=w > $* $@ $2 delete local host 839R< $+ > $* $#relay $@ $1 $: $2 use unqualified mailer 840 841################################################################### 842### Ruleset CanonLocal -- canonify local: syntax ### 843################################################################### 844 845SCanonLocal 846# strip local host from routed addresses 847R< $* > < @ $+ > : $+ $@ $>Recurse $3 848R< $* > $+ $=O $+ < @ $+ > $@ $>Recurse $2 $3 $4 849 850# strip trailing dot from any host name that may appear 851R< $* > $* < @ $* . > $: < $1 > $2 < @ $3 > 852 853# handle local: syntax -- use old user, either with or without host 854R< > $* < @ $* > $* $#local $@ $1@$2 $: $1 855R< > $+ $#local $@ $1 $: $1 856 857# handle local:user@host syntax -- ignore host part 858R< $+ @ $+ > $* < @ $* > $: < $1 > $3 < @ $4 > 859 860# handle local:user syntax 861R< $+ > $* <@ $* > $* $#local $@ $2@$3 $: $1 862R< $+ > $* $#local $@ $2 $: $1 863 864################################################################### 865### Ruleset 93 -- convert header names to masqueraded form ### 866################################################################### 867 868SMasqHdr=93 869 870 871# do not masquerade anything in class N 872R$* < @ $* $=N . > $@ $1 < @ $2 $3 . > 873 874R$* < @ *LOCAL* > $@ $1 < @ $j . > 875 876################################################################### 877### Ruleset 94 -- convert envelope names to masqueraded form ### 878################################################################### 879 880SMasqEnv=94 881R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2 882 883################################################################### 884### Ruleset 98 -- local part of ruleset zero (can be null) ### 885################################################################### 886 887SParseLocal=98 888 889 890 891 892###################################################################### 893### CanonAddr -- Convert an address into a standard form for 894### relay checking. Route address syntax is 895### crudely converted into a %-hack address. 896### 897### Parameters: 898### $1 -- full recipient address 899### 900### Returns: 901### parsed address, not in source route form 902###################################################################### 903 904SCanonAddr 905R$* $: $>Parse0 $>canonify $1 make domain canonical 906 907 908###################################################################### 909### ParseRecipient -- Strip off hosts in $=R as well as possibly 910### $* $=m or the access database. 911### Check user portion for host separators. 912### 913### Parameters: 914### $1 -- full recipient address 915### 916### Returns: 917### parsed, non-local-relaying address 918###################################################################### 919 920SParseRecipient 921R$* $: <?> $>CanonAddr $1 922R<?> $* < @ $* . > <?> $1 < @ $2 > strip trailing dots 923R<?> $- < @ $* > $: <?> $(dequote $1 $) < @ $2 > dequote local part 924 925# if no $=O character, no host in the user portion, we are done 926R<?> $* $=O $* < @ $* > $: <NO> $1 $2 $3 < @ $4> 927R<?> $* $@ $1 928 929 930R<NO> $* < @ $* $=R > $: <RELAY> $1 < @ $2 $3 > 931 932 933 934R<RELAY> $* < @ $* > $@ $>ParseRecipient $1 935R<$+> $* $@ $2 936 937 938###################################################################### 939### check_relay -- check hostname/address on SMTP startup 940###################################################################### 941 942SLocal_check_relay 943Scheck_relay 944R$* $: $1 $| $>"Local_check_relay" $1 945R$* $| $* $| $#$* $#$3 946R$* $| $* $| $* $@ $>"Basic_check_relay" $1 $| $2 947 948SBasic_check_relay 949# check for deferred delivery mode 950R$* $: < ${deliveryMode} > $1 951R< d > $* $@ deferred 952R< $* > $* $: $2 953 954 955 956 957###################################################################### 958### check_mail -- check SMTP `MAIL FROM:' command argument 959###################################################################### 960 961SLocal_check_mail 962Scheck_mail 963R$* $: $1 $| $>"Local_check_mail" $1 964R$* $| $#$* $#$2 965R$* $| $* $@ $>"Basic_check_mail" $1 966 967SBasic_check_mail 968# check for deferred delivery mode 969R$* $: < ${deliveryMode} > $1 970R< d > $* $@ deferred 971R< $* > $* $: $2 972 973# authenticated? 974R$* $: $1 $| $>"tls_client" $&{verify} $| MAIL 975R$* $| $#$+ $#$2 976R$* $| $* $: $1 977 978R<> $@ <OK> we MUST accept <> (RFC 1123) 979R$+ $: <?> $1 980R<?><$+> $: <@> <$1> 981R<?>$+ $: <@> <$1> 982R$* $: $&{daemon_flags} $| $1 983R$* f $* $| <@> < $* @ $- > $: < ? $&{client_name} > < $3 @ $4 > 984R$* u $* $| <@> < $* > $: <?> < $3 > 985R$* $| $* $: $2 986# handle case of @localhost on address 987R<@> < $* @ localhost > $: < ? $&{client_name} > < $1 @ localhost > 988R<@> < $* @ [127.0.0.1] > 989 $: < ? $&{client_name} > < $1 @ [127.0.0.1] > 990R<@> < $* @ localhost.$m > 991 $: < ? $&{client_name} > < $1 @ localhost.$m > 992R<@> < $* @ localhost.UUCP > 993 $: < ? $&{client_name} > < $1 @ localhost.UUCP > 994R<@> $* $: $1 no localhost as domain 995R<? $=w> $* $: $2 local client: ok 996R<? $+> <$+> $#error $@ 5.5.4 $: "553 Real domain name required for sender address" 997R<?> $* $: $1 998R$* $: <?> $>CanonAddr $1 canonify sender address and mark it 999R<?> $* < @ $+ . > <?> $1 < @ $2 > strip trailing dots 1000# handle non-DNS hostnames (*.bitnet, *.decnet, *.uucp, etc) 1001R<?> $* < @ $* $=P > $: <OK> $1 < @ $2 $3 > 1002R<?> $* < @ $+ > $: <? $(resolve $2 $: $2 <PERM> $) > $1 < @ $2 > 1003R<? $* <$->> $* < @ $+ > 1004 $: <$2> $3 < @ $4 > 1005 1006 1007# handle case of no @domain on address 1008R<?> $* $: $&{daemon_flags} $| <?> $1 1009R$* u $* $| <?> $* $: <OKR> $3 1010R$* $| $* $: $2 1011R<?> $* $: < ? $&{client_name} > $1 1012R<?> $* $@ <OK> ...local unqualed ok 1013R<? $+> $* $#error $@ 5.5.4 $: "553 Domain name required for sender address " $&f 1014 ...remote is not 1015# check results 1016R<?> $* $: @ $1 mark address: nothing known about it 1017R<$={ResOk}> $* $@ <OKR> domain ok: stop 1018R<TEMP> $* $#error $@ 4.1.8 $: "451 Domain of sender address " $&f " does not resolve" 1019R<PERM> $* $#error $@ 5.1.8 $: "553 Domain of sender address " $&f " does not exist" 1020 1021###################################################################### 1022### check_rcpt -- check SMTP `RCPT TO:' command argument 1023###################################################################### 1024 1025SLocal_check_rcpt 1026Scheck_rcpt 1027R$* $: $1 $| $>"Local_check_rcpt" $1 1028R$* $| $#$* $#$2 1029R$* $| $* $@ $>"Basic_check_rcpt" $1 1030 1031SBasic_check_rcpt 1032# empty address? 1033R<> $#error $@ nouser $: "553 User address required" 1034R$@ $#error $@ nouser $: "553 User address required" 1035# check for deferred delivery mode 1036R$* $: < ${deliveryMode} > $1 1037R< d > $* $@ deferred 1038R< $* > $* $: $2 1039 1040 1041###################################################################### 1042R$* $: $1 $| @ $>"Rcpt_ok" $1 1043R$* $| @ $#TEMP $+ $: $1 $| T $2 1044R$* $| @ $#$* $#$2 1045R$* $| @ RELAY $@ RELAY 1046R$* $| @ $* $: O $| $>"Relay_ok" $1 1047R$* $| T $+ $: T $2 $| $>"Relay_ok" $1 1048R$* $| $#TEMP $+ $#error $2 1049R$* $| $#$* $#$2 1050R$* $| RELAY $@ RELAY 1051R T $+ $| $* $#error $1 1052# anything else is bogus 1053R$* $#error $@ 5.7.1 $: "550 Relaying denied" 1054 1055 1056###################################################################### 1057### Rcpt_ok: is the recipient ok? 1058###################################################################### 1059SRcpt_ok 1060R$* $: $>ParseRecipient $1 strip relayable hosts 1061 1062 1063 1064 1065# authenticated via TLS? 1066R$* $: $1 $| $>RelayTLS client authenticated? 1067R$* $| $# $+ $# $2 error/ok? 1068R$* $| $* $: $1 no 1069 1070R$* $: $1 $| $>"Local_Relay_Auth" $&{auth_type} 1071R$* $| $# $* $# $2 1072R$* $| NO $: $1 1073R$* $| $* $: $1 $| $&{auth_type} 1074R$* $| $: $1 1075R$* $| $={TrustAuthMech} $# RELAY 1076R$* $| $* $: $1 1077# anything terminating locally is ok 1078R$+ < @ $=w > $@ RELAY 1079R$+ < @ $* $=R > $@ RELAY 1080 1081 1082 1083# check for local user (i.e. unqualified address) 1084R$* $: <?> $1 1085R<?> $* < @ $+ > $: <REMOTE> $1 < @ $2 > 1086# local user is ok 1087R<?> $+ $@ RELAY 1088R<$+> $* $: $2 1089 1090###################################################################### 1091### Relay_ok: is the relay/sender ok? 1092###################################################################### 1093SRelay_ok 1094# anything originating locally is ok 1095# check IP address 1096R$* $: $&{client_addr} 1097R$@ $@ RELAY originated locally 1098R0 $@ RELAY originated locally 1099R$=R $* $@ RELAY relayable IP address 1100R$* $: [ $1 ] put brackets around it... 1101R$=w $@ RELAY ... and see if it is local 1102 1103 1104# check client name: first: did it resolve? 1105R$* $: < $&{client_resolve} > 1106R<TEMP> $#TEMP $@ 4.7.1 $: "450 Relaying temporarily denied. Cannot resolve PTR record for " $&{client_addr} 1107R<FORGED> $#error $@ 5.7.1 $: "550 Relaying denied. IP name possibly forged " $&{client_name} 1108R<FAIL> $#error $@ 5.7.1 $: "550 Relaying denied. IP name lookup failed " $&{client_name} 1109R$* $: <@> $&{client_name} 1110R<@> $@ RELAY 1111# pass to name server to make hostname canonical 1112R<@> $* $=P $:<?> $1 $2 1113R<@> $+ $:<?> $[ $1 $] 1114R$* . $1 strip trailing dots 1115R<?> $=w $@ RELAY 1116R<?> $* $=R $@ RELAY 1117 1118 1119 1120 1121###################################################################### 1122### trust_auth: is user trusted to authenticate as someone else? 1123### 1124### Parameters: 1125### $1: AUTH= parameter from MAIL command 1126###################################################################### 1127 1128SLocal_trust_auth 1129Strust_auth 1130R$* $: $&{auth_type} $| $1 1131# required by RFC 2554 section 4. 1132R$@ $| $* $#error $@ 5.7.1 $: "550 not authenticated" 1133R$* $| $&{auth_authen} $@ identical 1134R$* $| <$&{auth_authen}> $@ identical 1135R$* $| $* $: $1 $| $>"Local_trust_auth" $1 1136R$* $| $#$* $#$2 1137R$* $#error $@ 5.7.1 $: "550 " $&{auth_authen} " not allowed to act as " $&{auth_author} 1138 1139###################################################################### 1140### Relay_Auth: allow relaying based on authentication? 1141### 1142### Parameters: 1143### $1: ${auth_type} 1144###################################################################### 1145SLocal_Relay_Auth 1146 1147 1148 1149###################################################################### 1150### tls_client: is connection with client "good" enough? 1151### (done in server) 1152### 1153### Parameters: 1154### ${verify} $| (MAIL|STARTTLS) 1155###################################################################### 1156Stls_client 1157R$* $| $* $@ $>"TLS_connection" $1 1158 1159###################################################################### 1160### tls_server: is connection with server "good" enough? 1161### (done in client) 1162### 1163### Parameter: 1164### ${verify} 1165###################################################################### 1166Stls_server 1167R$* $@ $>"TLS_connection" $1 1168 1169###################################################################### 1170### TLS_connection: is TLS connection "good" enough? 1171### 1172### Parameters: 1173### ${verify} 1174### Requirement: RHS from access map, may be ? for none. 1175###################################################################### 1176STLS_connection 1177RSOFTWARE $#error $@ 4.7.0 $: "403 TLS handshake." 1178 1179 1180###################################################################### 1181### RelayTLS: allow relaying based on TLS authentication 1182### 1183### Parameters: 1184### none 1185###################################################################### 1186SRelayTLS 1187# authenticated? 1188 1189###################################################################### 1190### authinfo: lookup authinfo in the access map 1191### 1192### Parameters: 1193### $1: {server_name} 1194### $2: {server_addr} 1195###################################################################### 1196Sauthinfo 1197 1198 1199 1200 1201SLocal_localaddr 1202R$+ $: $>ParseRecipient $1 1203R$* < @ $+ > $* $#relay $@ ${MTAHost} $: $1 < @ $2 > $3 1204# DECnet 1205R$+ :: $+ $#relay $@ ${MTAHost} $: $1 :: $2 1206R$* $#relay $@ ${MTAHost} $: $1 < @ $j > 1207# 1208###################################################################### 1209###################################################################### 1210##### 1211##### MAIL FILTER DEFINITIONS 1212##### 1213###################################################################### 1214###################################################################### 1215 1216# 1217###################################################################### 1218###################################################################### 1219##### 1220##### MAILER DEFINITIONS 1221##### 1222###################################################################### 1223###################################################################### 1224 1225 1226################################################## 1227### Local and Program Mailer specification ### 1228################################################## 1229 1230##### $Id: local.m4,v 8.58 2000/10/26 01:58:29 ca Exp $ ##### 1231 1232# 1233# Envelope sender rewriting 1234# 1235SEnvFromL 1236R<@> $n errors to mailer-daemon 1237R@ <@ $*> $n temporarily bypass Sun bogosity 1238R$+ $: $>AddDomain $1 add local domain if needed 1239R$* $: $>MasqEnv $1 do masquerading 1240 1241# 1242# Envelope recipient rewriting 1243# 1244SEnvToL 1245R$+ < @ $* > $: $1 strip host part 1246R$+ + $* $: < $&{addr_type} > $1 + $2 mark with addr type 1247R<e s> $+ + $* $: $1 remove +detail for sender 1248R< $* > $+ $: $2 else remove mark 1249 1250# 1251# Header sender rewriting 1252# 1253SHdrFromL 1254R<@> $n errors to mailer-daemon 1255R@ <@ $*> $n temporarily bypass Sun bogosity 1256R$+ $: $>AddDomain $1 add local domain if needed 1257R$* $: $>MasqHdr $1 do masquerading 1258 1259# 1260# Header recipient rewriting 1261# 1262SHdrToL 1263R$+ $: $>AddDomain $1 add local domain if needed 1264R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2 1265 1266# 1267# Common code to add local domain name (only if always-add-domain) 1268# 1269SAddDomain 1270 1271Mlocal, P=[IPC], F=lmDFMuXkw5, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL, 1272 T=DNS/RFC822/SMTP, 1273 A=TCP $h 1274Mprog, P=[IPC], F=lmDFMuXk5, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL, D=$z:/, 1275 T=X-Unix/X-Unix/X-Unix, 1276 A=TCP $h 1277 1278##################################### 1279### SMTP Mailer specification ### 1280##################################### 1281 1282##### $Id: smtp.m4,v 8.64 2001/04/03 01:52:54 gshapiro Exp $ ##### 1283 1284# 1285# common sender and masquerading recipient rewriting 1286# 1287SMasqSMTP 1288R$* < @ $* > $* $@ $1 < @ $2 > $3 already fully qualified 1289R$+ $@ $1 < @ *LOCAL* > add local qualification 1290 1291# 1292# convert pseudo-domain addresses to real domain addresses 1293# 1294SPseudoToReal 1295 1296# pass <route-addr>s through 1297R< @ $+ > $* $@ < @ $1 > $2 resolve <route-addr> 1298 1299# output fake domains as user%fake@relay 1300 1301# do UUCP heuristics; note that these are shared with UUCP mailers 1302R$+ < @ $+ .UUCP. > $: < $2 ! > $1 convert to UUCP form 1303R$+ < @ $* > $* $@ $1 < @ $2 > $3 not UUCP form 1304 1305# leave these in .UUCP form to avoid further tampering 1306R< $&h ! > $- ! $+ $@ $2 < @ $1 .UUCP. > 1307R< $&h ! > $-.$+ ! $+ $@ $3 < @ $1.$2 > 1308R< $&h ! > $+ $@ $1 < @ $&h .UUCP. > 1309R< $+ ! > $+ $: $1 ! $2 < @ $Y > use UUCP_RELAY 1310R$+ < @ $~[ $* : $+ > $@ $1 < @ $4 > strip mailer: part 1311R$+ < @ > $: $1 < @ *LOCAL* > if no UUCP_RELAY 1312 1313 1314# 1315# envelope sender rewriting 1316# 1317SEnvFromSMTP 1318R$+ $: $>PseudoToReal $1 sender/recipient common 1319R$* :; <@> $@ list:; special case 1320R$* $: $>MasqSMTP $1 qualify unqual'ed names 1321R$+ $: $>MasqEnv $1 do masquerading 1322 1323 1324# 1325# envelope recipient rewriting -- 1326# also header recipient if not masquerading recipients 1327# 1328SEnvToSMTP 1329R$+ $: $>PseudoToReal $1 sender/recipient common 1330R$+ $: $>MasqSMTP $1 qualify unqual'ed names 1331R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2 1332 1333# 1334# header sender and masquerading header recipient rewriting 1335# 1336SHdrFromSMTP 1337R$+ $: $>PseudoToReal $1 sender/recipient common 1338R:; <@> $@ list:; special case 1339 1340# do special header rewriting 1341R$* <@> $* $@ $1 <@> $2 pass null host through 1342R< @ $* > $* $@ < @ $1 > $2 pass route-addr through 1343R$* $: $>MasqSMTP $1 qualify unqual'ed names 1344R$+ $: $>MasqHdr $1 do masquerading 1345 1346 1347# 1348# relay mailer header masquerading recipient rewriting 1349# 1350SMasqRelay 1351R$+ $: $>MasqSMTP $1 1352R$+ $: $>MasqHdr $1 1353 1354Msmtp, P=[IPC], F=mDFMuXk05, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990, 1355 T=DNS/RFC822/SMTP, 1356 A=TCP $h 1357Mesmtp, P=[IPC], F=mDFMuXak05, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990, 1358 T=DNS/RFC822/SMTP, 1359 A=TCP $h 1360Msmtp8, P=[IPC], F=mDFMuX8k05, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990, 1361 T=DNS/RFC822/SMTP, 1362 A=TCP $h 1363Mdsmtp, P=[IPC], F=mDFMuXa%k05, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990, 1364 T=DNS/RFC822/SMTP, 1365 A=TCP $h 1366Mrelay, P=[IPC], F=mDFMuXa8k0, S=EnvFromSMTP/HdrFromSMTP, R=MasqSMTP, E=\r\n, L=2040, 1367 T=DNS/RFC822/SMTP, 1368 A=TCP $h 1369 1370