Lines Matching refs:dnl
25 dnl if MAILER(`local') not defined: do it ourself; be nice
26 dnl maybe we should issue a warning?
42 define(`_SMTP_', `confSMTP_MAILER')dnl for readability only
43 define(`_LOCAL_', `confLOCAL_MAILER')dnl for readability only
44 define(`_RELAY_', `confRELAY_MAILER')dnl for readability only
45 define(`_UUCP_', `confUUCP_MAILER')dnl for readability only
76 ')')')dnl
79 …PTION', `ifdef(`$2', `O $1`'ifelse(defn(`$2'), `',, `=$2')', `#O $1`'ifelse(`$3', `',,`=$3')')')dnl
81 dnl required to "rename" the check_* rulesets...
83 dnl default relaying denied message
88 divert(0)dnl
111 `dnl')
125 ')dnl
131 ')dnl
133 `define(`_USE_DECNET_SYNTAX_', 1)dnl
138 ')dnl
144 ')dnl
148 ifdef(`LUSER_RELAY', `dnl
152 `dnl')
163 ifdef(`_ACCESS_TABLE_', `dnl
166 ifdef(`_DELAY_COMPAT_8_10_',`dnl
167 ifdef(`_BLACKLIST_RCPT_',`dnl
170 `dnl')
172 dnl mark for "domain is ok" (resolved or accepted anyway)
173 define(`_RES_OK_', `OKR')dnl
174 ifdef(`_ACCEPT_UNRESOLVABLE_DOMAINS_',`dnl',`dnl
179 ifdef(`_NEED_MACRO_MAP_', `dnl
181 define(`_MACRO_MAP_', `1')dnl
182 Kmacro macro')', `dnl')
184 ifdef(`confCR_FILE', `dnl
187 `dnl')
189 define(`TLS_SRV_TAG', `"TLS_Srv"')dnl
190 define(`TLS_CLT_TAG', `"TLS_Clt"')dnl
191 define(`TLS_RCPT_TAG', `"TLS_Rcpt"')dnl
192 define(`TLS_TRY_TAG', `"Try_TLS"')dnl
193 define(`SRV_FEAT_TAG', `"Srv_Features"')dnl
194 dnl this may be useful in other contexts too
196 define(`_ARITH_MAP_', `1')dnl
198 ifdef(`_ACCESS_TABLE_', `dnl
200 define(`_MACRO_MAP_', `1')dnl
203 C{Tls}VERIFY ENCR', `dnl')
204 ifdef(`_CERT_REGEX_ISSUER_', `dnl
206 KCERTIssuer regex _CERT_REGEX_ISSUER_', `dnl')
207 ifdef(`_CERT_REGEX_SUBJECT_', `dnl
209 KCERTSubject regex _CERT_REGEX_SUBJECT_', `dnl')
211 ifdef(`LOCAL_RELAY', `dnl
216 ifdef(`MAIL_HUB', `dnl
224 divert(0)dnl # end of nullclient diversion
230 undivert(5)dnl
231 ifdef(`_VIRTHOSTS_', `CR$={VirtHost}', `dnl')
233 ifdef(`MASQUERADE_NAME', `dnl
240 undivert(6)dnl LOCAL_CONFIG
249 )')dnl
345 ifelse(defn(`confDAEMON_OPTIONS'), `', `dnl',
348 )'dnl
353 ifdef(`_NO_MSA_', `dnl', `O DaemonPortOptions=Port=587, Name=MSA, M=E')
356 ifelse(defn(`confCLIENT_OPTIONS'), `', `dnl',
358 )'dnl
651 ifelse(len(X`'_MAIL_FILTERS_DEF), `1', `dnl', `dnl
710 ifdef(`_NO_UUCP_', `dnl', `Tuucp')
711 ifdef(`confTRUSTED_USERS', `T`'confTRUSTED_USERS', `dnl')
717 ifdef(`confFROM_HEADER',, `define(`confFROM_HEADER', `$?x$x <$g>$|$g$.')')dnl
718 ifdef(`confMESSAGEID_HEADER',, `define(`confMESSAGEID_HEADER', `<$t.$i@$j>')')dnl
772 ifdef(`_USE_DEPRECATED_ROUTE_ADDR_',`dnl
777 dnl XXX: IPv6 colon conflict
778 ifdef(`NO_NETINET6', `dnl',
781 dnl',`dnl
784 ifdef(`NO_NETINET6', `dnl',
787 dnl')
798 dnl This is flagged as an error in S0; no need to silently fix it here.
799 dnl # do some sanity checking
800 dnl R$* < @ $~[ $* : $* > $* $1 < @ $2 $3 > $4 nix colons in addrs
802 ifdef(`_NO_UUCP_', `dnl',
813 `dnl')
832 ifdef(`_NO_UUCP_', `dnl',
840 ifdef(`_DOMAIN_TABLE_', `dnl
842 R$* < @ $+ > $* $: $1 < @ $(domaintable $2 $) > $3', `dnl')
844 undivert(2)dnl LOCAL_RULE_3
846 ifdef(`_BITDOMAIN_TABLE_', `dnl
848 R$* < @ $+ .BITNET > $* $: $1 < @ $(bitdomain $2 $: $2.BITNET $) > $3', `dnl')
850 ifdef(`_UUDOMAIN_TABLE_', `dnl
852 R$* < @ $+ .UUCP > $* $: $1 < @ $(uudomain $2 $: $2.UUCP $) > $3', `dnl')
854 ifdef(`_NO_UUCP_', `dnl',
860 `R$* < @ $=U . UUCP > $* $@ $1 < @ $2 . UUCP . > $3', `dnl')
862 `R$* < @ $=V . UUCP > $* $@ $1 < @ $2 . UUCP . > $3', `dnl')
864 `R$* < @ $=W . UUCP > $* $@ $1 < @ $2 . UUCP . > $3', `dnl')
866 `R$* < @ $=X . UUCP > $* $@ $1 < @ $2 . UUCP . > $3', `dnl')
868 `R$* < @ $=Y . UUCP > $* $@ $1 < @ $2 . UUCP . > $3', `dnl')
870 ifdef(`_NO_CANONIFY_', `dnl', `dnl
877 dnl apply the next rule only for hostnames not in class P
878 dnl this even works for phrases in class P since . is in class P
879 dnl which daemon flags are set?
881 dnl the other rules in this section only apply if the hostname
882 dnl does not end in class P hence no further checks are done here
883 dnl if this ever changes make sure the lookups are "protected" again!
884 ifdef(`_NO_CANONIFY_', `dnl
885 dnl do not canonify unless:
886 dnl domain ends in class {Canonify} (this does not work if the intersection
887 dnl with class P is non-empty)
888 dnl or {daemon_flags} has c set
893 dnl trailing dot? -> do not apply _CANONIFY_HOSTS_
897 ifdef(`_CANONIFY_HOSTS_', `dnl
898 dnl this should only apply to unqualified hostnames
899 dnl but if a valid character inside an unqualified hostname is an OperatorChar
900 dnl then $- does not work.
902 R$* $| $* < @ $* > $* $: $2 < @ $[ $3 $] > $4', `dnl')', `dnl
903 dnl _NO_CANONIFY_ is not set: canonify unless:
904 dnl {daemon_flags} contains CC (do not canonify)
905 dnl but add a trailing dot to qualified hostnames so other rules will work
906 dnl should we do this for every hostname: even unqualified?
909 ifdef(`_FFR_NOCANONIFY_HEADERS', `dnl
913 R$* h $* $| $* $: $3', `dnl')
916 dnl remove {daemon_flags} for other cases
924 ifdef(`_VIRTUSER_TABLE_', `dnl
925 dnl virtual hosts are also canonical
929 `dnl')
930 ifdef(`_GENERICS_TABLE_', `dnl
931 dnl hosts for genericstable are also canonical
935 `dnl')
936 dnl remove superfluous dots (maybe repeatedly) which may have been added
937 dnl by one of the rules before
960 ifdef(`_NO_UUCP_', `dnl',
967 `dnl')
1008 dnl allow tricks like [host1]:[host2]
1011 dnl but no a@[b]c
1018 dnl no a@b@
1020 dnl no a@b@c
1022 dnl comma only allowed before @; this check is not complete
1028 dnl', `dnl')
1047 ifdef(`_LDAP_ROUTING_', `dnl
1051 `dnl')
1055 dnl there is no check whether this is really an IP number
1061 `dnl')
1063 ifdef(`_VIRTUSER_TABLE_', `dnl
1065 ifdef(`_VIRTUSER_STOP_ONE_LEVEL_RECURSION_',`dnl
1066 dnl this is not a documented option
1067 dnl it stops looping in virtusertable mapping if input and output
1068 dnl are identical, i.e., if address A is mapped to A.
1069 dnl it does not deal with multi-level recursion
1075 `dnl')
1077 dnl input: <!> local<@domain>
1081 dnl input: <result-of-lookup | @> local<@domain> | <!> local<@domain>
1083 dnl if <@> local<@domain>: no match but try lookup
1084 dnl user+detail: try user++@domain if detail not empty
1087 dnl user+detail: try user+*@domain
1090 dnl user+detail: try user@domain
1093 dnl try default entry: @domain
1094 dnl ++@domain
1096 dnl +*@domain
1098 dnl @domain if +detail exists
1099 dnl if no match, change marker to prevent a second @domain lookup
1101 dnl without +detail
1103 dnl no match
1105 dnl remove mark
1109 ifdef(`_VIRTUSER_STOP_ONE_LEVEL_RECURSION_',`dnl
1115 dnl', `dnl')
1116 dnl this is not a documented option
1117 dnl it performs no looping at all for virtusertable
1121 dnl', `dnl')
1124 ifdef(`_MAILER_usenet_', `dnl
1125 R$+ . USENET < @ $=w . > $#usenet $@ usenet $: $1 handle usenet specially', `dnl')
1131 dnl $H empty (but @$=w.)
1137 ifdef(`_MAILER_TABLE_', `dnl
1142 dnl it is $~[ instead of $- to avoid matches on IPv6 addresses
1145 `dnl')
1146 undivert(4)dnl UUCP rules from `MAILER(uucp)'
1148 ifdef(`_NO_UUCP_', `dnl',
1152 `dnl')
1155 `dnl')
1158 `dnl')')
1163 `dnl')
1166 `dnl')
1169 `dnl')
1174 `dnl')')
1182 `dnl')')
1186 `dnl')
1190 undivert(1)', `dnl')
1215 ifdef(`_PRESERVE_LUSER_HOST_', `dnl
1223 ')dnl
1225 ifdef(`_FFR_5_', `dnl
1230 ifdef(`_PRESERVE_LOCAL_PLUS_DETAIL_', `', `dnl
1238 ifdef(`LUSER_RELAY', `dnl
1240 ifdef(`_PRESERVE_LOCAL_PLUS_DETAIL_', `dnl
1247 ifdef(`_PRESERVE_LUSER_HOST_', `dnl
1249 dnl')
1251 ifdef(`MAIL_HUB', `dnl
1252 R< > $+ $: < $H > $1 try hub', `dnl')
1253 ifdef(`LOCAL_RELAY', `dnl
1254 R< > $+ $: < $R > $1 try relay', `dnl')
1255 ifdef(`_PRESERVE_LOCAL_PLUS_DETAIL_', `dnl
1256 R< > $+ $@ $1', `dnl
1258 ifdef(`_PRESERVE_LUSER_HOST_', `dnl
1266 ifdef(`_PRESERVE_LUSER_HOST_', `dnl
1272 ifdef(`_PRESERVE_LUSER_HOST_', `dnl
1273 dnl it is $~[ instead of $- to avoid matches on IPv6 addresses
1276 ifdef(`_PRESERVE_LUSER_HOST_', `dnl
1280 ifdef(`_MAILER_TABLE_', `dnl
1281 ifdef(`_LDAP_ROUTING_', `dnl
1284 dnl input: <Domain> FullAddress
1293 `dnl')
1297 dnl input: LeftPartOfDomain <RightPartOfDomain> FullAddress
1301 dnl shift and check
1302 dnl %2 is not documented in cf/README
1304 dnl it is $~[ instead of $- to avoid matches on IPv6 addresses
1307 dnl is $2 always empty?
1310 dnl return full address
1312 `dnl')
1316 dnl input: in general: <[mailer:]host> lp<@domain>rest
1317 dnl <> address -> address
1318 dnl <error:d.s.n:text> -> error
1319 dnl <error:keyword:text> -> error
1320 dnl <error:text> -> error
1321 dnl <mailer:user@host> lp<@domain>rest -> mailer host user
1322 dnl <mailer:host> address -> mailer host address
1323 dnl <localdomain> address -> address
1324 dnl <host> address -> relay host address
1333 dnl it is $~[ instead of $- to avoid matches on IPv6 addresses
1341 dnl input: <user> address
1342 dnl <x> <@host> : rest -> Recurse rest
1343 dnl <x> p1 $=O p2 <@host> -> Recurse p1 $=O p2
1344 dnl <> user <@host> rest -> local user@host user
1345 dnl <> user -> local user user
1346 dnl <user@host> lp <@domain> rest -> <user> lp <@host> [cont]
1347 dnl <user> lp <@host> rest -> local lp@host user
1348 dnl <user> lp -> local lp user
1376 ifdef(`_GENERICS_TABLE_', `dnl
1379 dnl if generics should be applied add a @ as mark
1383 dnl workspace: either user<@domain> or <user@domain> user <@domain> @
1384 dnl ignore the first case for now
1385 dnl if it has the mark lookup full address
1386 dnl broken: %1 is full address not just detail
1388 dnl workspace: ... or <match|@user@domain> user <@domain>
1389 dnl no match, try user+detail@domain
1394 dnl no match, remove mark
1396 dnl no match, try @domain for exceptions
1398 dnl workspace: ... or <match> user <@domain>
1399 dnl no match, try local part
1406 `dnl')
1411 ifdef(`MASQUERADE_NAME', `dnl
1417 ifdef(`_LIMITED_MASQUERADE_', `dnl',
1424 ifdef(`_LIMITED_MASQUERADE_', `dnl',
1429 dnl', `dnl no masquerading
1430 dnl just fix *LOCAL* leftovers
1447 undivert(3)dnl LOCAL_RULE_0
1449 ifdef(`_LDAP_ROUTING_', `dnl
1473 ifelse(_LDAP_ROUTE_MAPTEMP_, `_TEMPFAIL_', `dnl
1481 ifelse(_LDAP_ROUTE_DETAIL_, `_PRESERVE_', `dnl
1490 ifelse(_LDAP_ROUTE_DETAIL_, `_PRESERVE_', `dnl
1491 ifdef(`_MAILER_TABLE_', `dnl
1495 ifdef(`_MAILER_TABLE_', `dnl
1507 ifdef(`_MAILER_TABLE_', `dnl
1515 R<> <> <$+> <$+ + $* @ $+> <> $@ $>LDAPExpand <$1> <$2 @ $4> <+$3>')dnl
1522 ifelse(_LDAP_ROUTE_DETAIL_, `_PRESERVE_', `dnl
1527 ifelse(_LDAP_ROUTING_, `_MUST_EXIST_', `dnl
1532 ifdef(`_LDAP_SENDER_MUST_EXIST_', `dnl
1536 `dnl
1539 `dnl')
1543 ifdef(`_ACCESS_TABLE_', `dnl', `divert(-1)')
1550 dnl must not be empty
1555 dnl returns: <default> <passthru>
1556 dnl <result> <passthru>
1560 dnl workspace <key> <default> <passthru> <mark>
1561 dnl lookup with tag (in front, no delimiter here)
1562 dnl 2 3 4 5
1564 dnl workspace <result-of-lookup|?> <key> <default> <passthru> <mark>
1565 dnl lookup without tag?
1566 dnl 1 2 3 4
1568 ifdef(`_LOOKUPDOTDOMAIN_', `dnl omit first component: lookup .rest
1569 dnl XXX apply this also to IP addresses?
1570 dnl currently it works the wrong way round for [1.2.3.4]
1571 dnl 1 2 3 4 5 6
1573 dnl 1 2 3 4 5
1574 R<?> <$+.$+> <$+> <+ $-> <$*> $: < $(access .$2 $: ? $) > <$1.$2> <$3> <+ $4> <$5>', `dnl')
1575 ifdef(`_ACCESS_SKIP_', `dnl
1576 dnl found SKIP: return <default> and <passthru>
1577 dnl 1 2 3 4 5
1578 R<SKIP> <$+> <$+> <$- $-> <$*> $@ <$2> <$5>', `dnl')
1579 dnl not found: IPv4 net (no check is done whether it is an IP number!)
1580 dnl 1 2 3 4 5 6
1582 ifdef(`NO_NETINET6', `dnl',
1583 `dnl not found: IPv6 net
1584 dnl (could be merged with previous rule if we have a class containing .:)
1585 dnl 1 2 3 4 5 6
1588 dnl not found, but subdomain: try again
1589 dnl 1 2 3 4 5 6
1591 ifdef(`_FFR_LOOKUPTAG_', `dnl lookup Tag:
1592 dnl 1 2 3 4
1593 R<?> <$+> <$+> <! $-> <$*> $: < $(access $3`'_TAG_DELIM_ $: ? $) > <$1> <$2> <! $3> <$4>', `dnl')
1594 dnl not found, no subdomain: return <default> and <passthru>
1595 dnl 1 2 3 4 5
1597 ifdef(`_ATMPF_', `dnl tempfail?
1598 dnl 2 3 4 5 6
1599 R<$* _ATMPF_> <$+> <$+> <$- $-> <$*> $@ <_ATMPF_> <$6>', `dnl')
1600 dnl return <result of lookup> and <passthru>
1601 dnl 2 3 4 5 6
1610 dnl must not be empty
1615 dnl returns: <default> <passthru>
1616 dnl <result> <passthru>
1620 dnl lookup with tag
1621 dnl 2 3 4 5
1623 dnl lookup without tag
1624 dnl 1 2 3 4
1626 dnl workspace <result-of-lookup|?> <key> <default> <mark> <passthru>
1627 ifdef(`_ACCESS_SKIP_', `dnl
1628 dnl found SKIP: return <default> and <passthru>
1629 dnl 1 2 3 4 5
1630 R<SKIP> <$+> <$+> <$- $-> <$*> $@ <$2> <$5>', `dnl')
1631 ifdef(`NO_NETINET6', `dnl',
1632 `dnl no match; IPv6: remove last part
1633 dnl 1 2 3 4 5 6
1636 dnl no match; IPv4: remove last part
1637 dnl 1 2 3 4 5 6
1639 dnl no match: return default
1640 dnl 1 2 3 4 5
1642 ifdef(`_ATMPF_', `dnl tempfail?
1643 dnl 2 3 4 5 6
1644 R<$* _ATMPF_> <$+> <$+> <$- $-> <$*> $@ <_ATMPF_> <$6>', `dnl')
1645 dnl match: return result
1646 dnl 2 3 4 5 6
1648 dnl endif _ACCESS_TABLE_
1660 dnl user%host%host<@domain>
1661 dnl host!user<@domain>
1666 ifdef(`_USE_DEPRECATED_ROUTE_ADDR_',`dnl
1670 dnl')
1685 dnl mark and canonify address
1687 dnl workspace: <?> localpart<@domain[.]>
1689 dnl workspace: <?> localpart<@domain>
1694 dnl no $=O in localpart: return
1697 dnl workspace: <NO> localpart<@domain>, where localpart contains $=O
1698 dnl mark everything which has an "authorized" domain with <RELAY>
1699 ifdef(`_RELAY_ENTIRE_DOMAIN_', `dnl
1701 R<NO> $* < @ $* $=m > $: <RELAY> $1 < @ $2 $3 >', `dnl')
1702 dnl workspace: <(NO|RELAY)> localpart<@domain>, where localpart contains $=O
1703 dnl if mark is <NO> then change it to <RELAY> if domain is "authorized"
1705 dnl what if access map returns something else than RELAY?
1706 dnl we are only interested in RELAY entries...
1707 dnl other To: entries: blacklist recipient; generic entries?
1708 dnl if it is an error we probably do not want to relay anyway
1711 ifdef(`_ACCESS_TABLE_', `dnl
1713 R<NO> $* < @ $+ > $: <$(access $2 $: NO $)> $1 < @ $2 >',`dnl')',
1715 ifdef(`_ACCESS_TABLE_', `dnl
1717 R<$+> <$+> $: <$1> $2',`dnl')')
1720 ifdef(`_RELAY_MX_SERVED_', `dnl
1721 dnl do "we" ($=w) act as backup MX server for the destination domain?
1724 dnl yes: mark it as <RELAY>
1726 dnl no: put old <NO> mark back
1727 R<MX> < : $* : > < $+ > $: <NO> $2', `dnl')
1729 dnl do we relay to this recipient domain?
1731 dnl something else
1739 ifdef(`_CONTROL_IMMEDIATE_',`dnl
1741 ifdef(`_RATE_CONTROL_IMMEDIATE_',`dnl
1742 dnl workspace: ignored...
1743 R$* $: $>"RateControl" dummy', `dnl')
1744 ifdef(`_CONN_CONTROL_IMMEDIATE_',`dnl
1745 dnl workspace: ignored...
1746 R$* $: $>"ConnControl" dummy', `dnl')
1747 dnl')
1751 ifdef(`_USE_CLIENT_PTR_',`dnl
1752 R$* $| $* $: $&{client_ptr} $| $2', `dnl')
1763 ifdef(`_ACCESS_TABLE_', `dnl
1764 dnl workspace: {client_name} $| {client_addr}
1766 dnl workspace: <result-of-lookup> <{client_addr}>
1767 dnl OR $| $+ if client_name is empty
1769 dnl workspace: <result-of-lookup> <{client_addr}>
1771 dnl workspace: <result-of-lookup> (<>|<{client_addr}>)
1773 dnl workspace: <result-of-lookup> (<>|<{client_addr}>) | OK
1778 dnl error tag
1781 …_ATMPF_> <$*> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
1782 dnl generic error from access map
1783 R<$+> <$*> $#error $: $1', `dnl')
1785 ifdef(`_RBL_',`dnl
1787 dnl workspace: ignored...
1792 `dnl')
1793 ifdef(`_RATE_CONTROL_',`dnl
1794 ifdef(`_RATE_CONTROL_IMMEDIATE_',`', `dnl
1795 dnl workspace: ignored...
1796 R$* $: $>"RateControl" dummy')', `dnl')
1797 ifdef(`_CONN_CONTROL_',`dnl
1798 ifdef(`_CONN_CONTROL_IMMEDIATE_',`',`dnl
1799 dnl workspace: ignored...
1800 R$* $: $>"ConnControl" dummy')', `dnl')
1802 ifdef(`_REQUIRE_RDNS_', `dnl
1809 ', `dnl')
1828 dnl done first: we can require authentication for every mail transaction
1829 dnl workspace: address as given by MAIL FROM: (sender)
1832 dnl undo damage: remove result of tls_client call
1835 dnl workspace: address as given by MAIL FROM:
1837 ifdef(`_ACCEPT_UNQUALIFIED_SENDERS_',`dnl',`dnl
1838 dnl do some additional checks
1839 dnl no user@host
1840 dnl no user@localhost (if nonlocal sender)
1841 dnl this is a pretty simple canonification, it will not catch every case
1842 dnl just make sure the address has <> around it (which is required by
1843 dnl the RFC anyway, maybe we should complain if they are missing...)
1844 dnl dirty trick: if it is user@host, just add a dot: user@host. this will
1845 dnl not be modified by host lookups.
1849 dnl workspace: <@> <address>
1850 dnl prepend daemon_flags
1852 dnl workspace: ${daemon_flags} $| <@> <address>
1853 dnl do not allow these at all or only from local systems?
1855 dnl accept unqualified sender: change mark to avoid test
1857 dnl workspace: ${daemon_flags} $| <@> <address>
1858 dnl or: <? ${client_name} > <address>
1859 dnl or: <?> <address>
1860 dnl remove daemon_flags
1868 ifdef(`_NO_UUCP_', `dnl',
1871 dnl workspace: < ? $&{client_name} > <user@localhost|host>
1872 dnl or: <@> <address>
1873 dnl or: <?> <address> (thanks to u in ${daemon_flags})
1875 dnl workspace: < ? $&{client_name} > <user@localhost|host>
1876 dnl or: <address>
1877 dnl or: <?> <address> (thanks to u in ${daemon_flags})
1880 dnl remove <?> (happens only if ${client_name} == "" or u in ${daemon_flags})
1882 dnl workspace: address (or <address>)
1884 dnl workspace: <?> CanonicalAddress (i.e. address in canonical form localpart<@host>)
1885 dnl there is nothing behind the <@host> so no trailing $* needed
1889 dnl workspace <mark> CanonicalAddress where mark is ? or OK
1890 dnl A sender address with my local host name ($j) is safe
1897 dnl workspace <mark> CanonicalAddress where mark is ?, _RES_OK_, PERM, TEMP
1898 dnl mark is ? iff the address is user (wo @domain)
1900 ifdef(`_ACCESS_TABLE_', `dnl
1902 dnl should we remove +ext from user?
1903 dnl workspace: <mark> CanonicalAddress where mark is: ?, _RES_OK_, PERM, TEMP
1906 dnl workspace: @<mark> <CanonicalAddress> $| <@type:address> ....
1907 dnl $| is used as delimiter, otherwise false matches may occur: <user<@domain>>
1908 dnl will only return user<@domain when "reversing" the args
1910 dnl workspace: <@><mark> <CanonicalAddress> $| <result>
1912 dnl workspace: <result> <mark> <CanonicalAddress>
1914 dnl required form:
1915 dnl <ResultOfLookup|mark> CanonicalAddress
1917 R<$+> <$+> <$*> $: <$1> $3 relevant result, keep it', `dnl')
1918 dnl workspace <ResultOfLookup|mark> CanonicalAddress
1919 dnl mark is ? iff the address is user (wo @domain)
1921 ifdef(`_ACCEPT_UNQUALIFIED_SENDERS_',`dnl',`dnl
1923 dnl prepend daemon_flags
1925 dnl accept unqualified sender: change mark to avoid test
1927 dnl remove daemon_flags
1938 ifdef(`_ACCESS_TABLE_', `dnl
1943 dnl error tag
1946 …R<_ATMPF_> $* $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
1947 dnl generic error from access map
1949 `dnl')
1950 dnl workspace: @ CanonicalAddress (i.e. address in canonical form localpart<@host>)
1952 ifdef(`_BADMX_CHK_', `dnl
1976 `dnl')
1998 ifdef(`_REQUIRE_QUAL_RCPT_', `dnl
1999 dnl this code checks for user@host where host is not a FQHN.
2000 dnl it is not activated.
2001 dnl notice: code to check for a recipient without a domain name is
2002 dnl available down below; look for the same macro.
2003 dnl this check is done here because the name might be qualified by the
2004 dnl canonicalization.
2006 dnl very simple canonification: make sure the address is in < >
2012 dnl prepend daemon_flags
2014 dnl workspace: ${daemon_flags} $| <@> <address>
2015 dnl _r_equire qual.rcpt: ok
2017 dnl do not allow these at all or only from local systems?
2022 dnl remove daemon_flags for other cases
2023 R$* $| <@> $* $: $2', `dnl')
2025 dnl ##################################################################
2026 dnl call subroutines for recipient and relay
2027 dnl possible returns from subroutines:
2028 dnl $#TEMP temporary failure
2029 dnl $#error permanent failure (or temporary if from access map)
2030 dnl $#other stop processing
2031 dnl RELAY RELAYing allowed
2032 dnl other otherwise
2035 dnl temporary failure? remove mark @ and remember
2037 dnl error or ok (stop)
2039 ifdef(`_PROMISCUOUS_RELAY_', `divert(-1)', `dnl')
2041 dnl something else: call check sender (relay)
2043 dnl temporary failure: call check sender (relay)
2045 dnl temporary failure? return that
2047 dnl error or ok (stop)
2050 dnl something else: return previous temp failure
2058 dnl input: recipient address (RCPT TO)
2059 dnl output: see explanation at call
2062 ifdef(`_LOOSE_RELAY_CHECK_',`dnl
2067 ifdef(`_BESTMX_IS_LOCAL_',`dnl
2068 ifelse(_BESTMX_IS_LOCAL_, `', `dnl
2071 `dnl
2078 ifdef(`_BLACKLIST_RCPT_',`dnl
2079 ifdef(`_ACCESS_TABLE_', `dnl
2082 dnl user is now tagged with @ to be consistent with check_mail
2083 dnl and to distinguish users from hosts (com would be host, com@ would be user)
2087 dnl $| is used as delimiter, otherwise false matches may occur: <user<@domain>>
2088 dnl will only return user<@domain when "reversing" the args
2092 dnl we may have to filter here because otherwise some RHSs
2093 dnl would be interpreted as generic error messages...
2094 dnl error messages should be "tagged" by prefixing them with error: !
2095 dnl that would make a lot of things easier.
2097 ifdef(`_ACCESS_SKIP_', `dnl
2098 R<SKIP> <$*> $: @ $1 mark address as no match', `dnl')
2099 ifdef(`_DELAY_COMPAT_8_10_',`dnl
2100 dnl compatility with 8.11/8.10:
2101 dnl we have to filter these because otherwise they would be interpreted
2102 dnl as generic error message...
2103 dnl error messages should be "tagged" by prefixing them with error: !
2104 dnl that would make a lot of things easier.
2105 dnl maybe we should stop checks already here (if SPAM_xyx)?
2110 dnl error tag
2113 …R<_ATMPF_> $* $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
2114 dnl generic error from access map
2116 R@ $* $1 remove mark', `dnl')', `dnl')
2118 ifdef(`_PROMISCUOUS_RELAY_', `divert(-1)', `dnl')
2125 dnl workspace: localpart<@domain> $| result of Local_Relay_Auth
2127 dnl if Local_Relay_Auth returns NO then do not check $={TrustAuthMech}
2130 dnl workspace: localpart<@domain> [ $| ${auth_type} ]
2131 dnl empty ${auth_type}?
2133 dnl mechanism ${auth_type} accepted?
2134 dnl use $# to override further tests (delay_checks): see check_rcpt below
2136 dnl remove ${auth_type}
2138 dnl workspace: localpart<@domain> | localpart
2141 R$* ! $* $: <REMOTE> $2 < @ BANG_PATH >', `dnl')
2143 ifdef(`_RELAY_ENTIRE_DOMAIN_', `dnl
2144 R$+ < @ $* $=m > $@ RELAY', `dnl')
2148 ifdef(`_ACCESS_TABLE_', `dnl
2149 ifdef(`_RELAY_FULL_ADDR_', `dnl
2153 dnl workspace: <Result-of-lookup | ?> <localpart<@domain>>
2154 R<?> <$+ < @ $+ >> $: <$(access $2 $: ? $)> <$1 < @ $2 >>',`dnl')',
2156 ifdef(`_ACCESS_TABLE_', `dnl
2157 ifdef(`_RELAY_FULL_ADDR_', `dnl
2162 ifdef(`_ACCESS_TABLE_', `dnl
2163 dnl workspace: <Result-of-lookup | ?> <localpart<@domain>>
2165 …$* _ATMPF_> $* $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
2166 R<$*> <$*> $: $2',`dnl')
2169 ifdef(`_RELAY_MX_SERVED_', `dnl
2172 dnl this must not necessarily happen if the client is checked first...
2176 `dnl')
2182 dnl is it really? the standard requires user@domain, not just user
2183 dnl but we should accept it anyway (maybe making it an option:
2184 dnl RequireFQDN ?)
2185 dnl postmaster must be accepted without domain (DRUMS)
2186 ifdef(`_REQUIRE_QUAL_RCPT_', `dnl
2189 dnl prepend daemon_flags
2191 dnl workspace: ${daemon_flags} $| <?> localpart
2192 dnl do not allow these at all or only from local systems?
2193 dnl r flag? add client_name
2195 dnl no r flag: relay to local user (only local part)
2198 dnl client_name is empty
2200 dnl client_name is local
2202 dnl client_name is not local
2203 R<? $+> $+ $#error $@ 5.5.4 $: "553 Domain name required"', `dnl
2204 dnl no qualified recipient required
2206 dnl it is a remote user: remove mark and then check client
2208 dnl currently the recipient address is not used below
2212 dnl input: ignored
2213 dnl output: see explanation at call
2224 ifdef(`_ACCESS_TABLE_', `dnl
2227 ifdef(`_FFR_REJECT_IP_IN_CHECK_RCPT_',`dnl
2228 dnl this will cause rejections in cases like:
2229 dnl Connect:My.Host.Domain RELAY
2230 dnl Connect:My.Net REJECT
2231 dnl since in check_relay client_name is checked before client_addr
2233 …`R<_ATMPF_> $* $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
2234 R<$*> <$*> $: $2', `dnl')
2238 ifdef(`_RELAY_DB_FROM_', `define(`_RELAY_MAIL_FROM_', `1')')dnl
2239 ifdef(`_RELAY_LOCAL_FROM_', `define(`_RELAY_MAIL_FROM_', `1')')dnl
2240 ifdef(`_RELAY_MAIL_FROM_', `dnl
2241 dnl input: {client_addr} or something "broken"
2242 dnl just throw the input away; we do not need it.
2246 ifdef(`_RELAY_LOCAL_FROM_', `dnl
2248 R<?> $+ < @ $=w > $@ RELAY FROM local', `dnl')
2249 ifdef(`_RELAY_DB_FROM_', `dnl
2252 …R<@> <_ATMPF_> $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
2253 ', `dnl
2257 `dnl')
2258 dnl')', `dnl')
2259 dnl notice: the rulesets above do not leave a unique workspace behind.
2260 dnl it does not matter in this case because the following rule ignores
2261 dnl the input. otherwise these rules must "clean up" the workspace.
2264 dnl input: ignored
2269 dnl ${client_resolve} should be OK, so go ahead
2271 dnl should not be necessary since it has been done for client_addr already
2272 dnl this rule actually may cause a problem if {client_name} resolves to ""
2273 dnl however, this should not happen since the forward lookup should fail
2274 dnl and {client_resolve} should be TEMP or FAIL.
2275 dnl nevertheless, removing the rule doesn't hurt.
2276 dnl R<@> $@ RELAY
2277 dnl workspace: <@> ${client_name} (not empty)
2281 dnl workspace: <?> ${client_name} (canonified)
2283 ifdef(`_RELAY_ENTIRE_DOMAIN_', `dnl
2284 R<?> $* $=m $@ RELAY', `dnl')
2288 ifdef(`_ACCESS_TABLE_', `dnl
2290 R<?> <$*> $: <$(access $1 $: ? $)> <$1>',`dnl')',
2292 ifdef(`_ACCESS_TABLE_', `dnl
2293 R<?> $* $: $>D <$1> <?> <+ Connect> <$1>',`dnl')')
2294 ifdef(`_ACCESS_TABLE_', `dnl
2296 …$* _ATMPF_> $* $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
2297 R<$*> <$*> $: $2',`dnl')
2298 dnl end of _PROMISCUOUS_RELAY_
2300 ifdef(`_DELAY_CHECKS_',`dnl
2303 dnl it might have been only user (without <@domain>)
2311 dnl code repeated here from Basic_check_mail
2312 dnl only called from check_rcpt in delay mode if checkrcpt returns $#
2315 dnl return result from checkrcpt
2321 dnl code repeated here from Basic_check_mail
2322 dnl only called from check_rcpt in delay mode if stopping due to Friend/Hater
2325 dnl return result from friend/hater check
2331 dnl this test should be in the Basic_check_rcpt ruleset
2332 dnl which is the correct DSN code?
2336 dnl now we can simply stop checks by returning "$# xyz" instead of just "ok"
2337 dnl on error (or discard) stop now
2340 dnl otherwise call tls_client; see above
2344 `dnl lookup user@ and user@address
2347 ')')dnl
2348 dnl one of the next two rules is supposed to match
2349 dnl this code has been copied from BLACKLIST... etc
2350 dnl and simplified by omitting some < >.
2353 dnl R<?> $@ something_is_very_wrong_here
2357 dnl', `dnl')
2362 ')', `dnl')
2365 `dnl')
2370 dnl',`dnl')
2372 dnl run further checks: check_mail
2373 dnl should we "clean up" $&f?
2377 dnl recipient (canonical format) $| result of checkmail
2379 dnl run further checks: check_relay
2383 ', `dnl')
2385 ifdef(`_BLOCK_BAD_HELO_', `dnl
2387 dnl Bypass the test for users who have authenticated.
2390 dnl Bypass for local clients -- IP address starts with $=R
2392 dnl Bypass a "sendmail -bs" session, which use 0 for client ip address
2394 dnl Reject our IP - assumes "[ip]" is in class $=w
2396 dnl Reject our hostname
2398 dnl Pass anything else with a "." in the domain parameter
2400 dnl Reject if there was no "." or only an initial or final "."
2402 dnl Clean up the workspace
2404 ', `dnl')
2406 ifdef(`_ACCESS_TABLE_', `dnl', `divert(-1)')
2416 dnl must not be empty
2421 dnl returns: <default> <passthru>
2422 dnl <result> <passthru>
2426 dnl workspace: <key> <def> <o tag> <thru>
2427 dnl full lookup
2428 dnl 2 3 4 5
2430 dnl no match, try without tag
2431 dnl 1 2 3 4
2433 dnl no match, +detail: try +*
2434 dnl 1 2 3 4 5 6 7
2437 dnl no match, +detail: try +* without tag
2438 dnl 1 2 3 4 5 6
2441 dnl no match, +detail: try without +detail
2442 dnl 1 2 3 4 5 6 7
2445 dnl no match, +detail: try without +detail and without tag
2446 dnl 1 2 3 4 5 6
2449 dnl no match, return <default> <passthru>
2450 dnl 1 2 3 4 5
2452 ifdef(`_ATMPF_', `dnl tempfail?
2453 dnl 2 3 4 5
2454 R<$+ _ATMPF_> <$*> <$- $-> <$*> $@ <_ATMPF_> <$5>', `dnl')
2455 dnl match, return <match> <passthru>
2456 dnl 2 3 4 5
2465 dnl must not be empty
2470 dnl returns: <default> <passthru>
2471 dnl <result> <passthru>
2475 dnl 2 3 4 5
2477 dnl no match, try without tag
2478 dnl 1 2 3 4
2480 dnl no match, return default passthru
2481 dnl 1 2 3 4 5
2483 ifdef(`_ATMPF_', `dnl tempfail?
2484 dnl 2 3 4 5
2485 R<$+ _ATMPF_> <$*> <$- $-> <$*> $@ <_ATMPF_> <$5>', `dnl')
2486 dnl match, return <match> <passthru>
2487 dnl 2 3 4 5
2499 dnl must not be empty
2504 dnl returns: <default> <passthru>
2505 dnl <result> <passthru>
2509 dnl user lookups are always with trailing @
2510 dnl 2 3 4 5
2512 dnl no match, try without tag
2513 dnl 1 2 3 4
2515 dnl do not remove the @ from the lookup:
2516 dnl it is part of the +detail@ which is omitted for the lookup
2517 dnl no match, +detail: try +*
2518 dnl 1 2 3 4 5 6
2521 dnl no match, +detail: try +* without tag
2522 dnl 1 2 3 4 5
2525 dnl no match, +detail: try without +detail
2526 dnl 1 2 3 4 5 6
2529 dnl no match, +detail: try without +detail and without tag
2530 dnl 1 2 3 4 5
2533 dnl no match, return <default> <passthru>
2534 dnl 1 2 3 4 5
2536 ifdef(`_ATMPF_', `dnl tempfail?
2537 dnl 2 3 4 5
2538 R<$+ _ATMPF_> <$*> <$- $-> <$*> $@ <_ATMPF_> <$5>', `dnl')
2539 dnl match, return <match> <passthru>
2540 dnl 2 3 4 5
2547 dnl maybe we should have a @ (again) in front of the mark to
2548 dnl avoid errorneous matches (with error messages?)
2549 dnl if we can make sure that tag is always a single token
2550 dnl then we can omit the delimiter $|, otherwise we need it
2551 dnl to avoid errorneous matchs (first rule: D: if there
2552 dnl is that mark somewhere in the list, it will be taken).
2553 dnl moreover, we can do some tricks to enforce lookup with
2554 dnl the tag only, e.g.:
2558 dnl Warning: + and ! should be in OperatorChars (otherwise there must be
2559 dnl a blank between them and the tag.
2562 dnl A: recursive address lookup (LookUpAddress) [not yet required]
2570 dnl if A is activated: add it
2574 dnl 2 3 4
2576 dnl workspace: <o tag> $| <rest> $| <result of lookup> <>
2577 dnl no match and nothing left: return
2579 dnl no match but something left: continue
2581 dnl match: return
2583 dnl return result from recursive invocation
2585 dnl endif _ACCESS_TABLE_
2595 dnl empty ruleset definition so it can be called
2601 dnl seems to be useful...
2604 dnl call user supplied code
2607 dnl default: error
2623 ifdef(`_LOCAL_SRV_FEATURES_', `dnl
2626 R$* $| $* $: $1', `dnl')
2627 ifdef(`_ACCESS_TABLE_', `dnl
2632 ifdef(`_ATMPF_', `dnl tempfail?
2633 R<$* _ATMPF_>$* $#temp', `dnl')
2641 ifdef(`_LOCAL_TRY_TLS_', `dnl
2644 R$* $| $* $: $1', `dnl')
2645 ifdef(`_ACCESS_TABLE_', `dnl
2650 ifdef(`_ATMPF_', `dnl tempfail?
2651 R<$* _ATMPF_>$* $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
2657 dnl called from deliver() before RCPT command
2663 ifdef(`_LOCAL_TLS_RCPT_', `dnl
2666 R$* $| $* $: $1', `dnl')
2667 ifdef(`_ACCESS_TABLE_', `dnl
2668 dnl store name of other side
2670 dnl canonify recipient address
2672 dnl strip trailing dots
2674 dnl full address?
2676 dnl only localpart?
2678 dnl look it up
2679 dnl also look up a default value via E:
2681 dnl found nothing: stop here
2683 ifdef(`_ATMPF_', `dnl tempfail?
2684 …| <$* _ATMPF_> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
2685 dnl use the generic routine (for now)
2695 dnl MAIL: called from check_mail
2696 dnl STARTTLS: called from smtp() after STARTTLS has been accepted
2698 ifdef(`_LOCAL_TLS_CLIENT_', `dnl
2701 R$* <?> $* $: $1', `dnl')
2702 ifdef(`_ACCESS_TABLE_', `dnl
2703 dnl store name of other side
2705 dnl ignore second arg for now
2706 dnl maybe use it to distinguish permanent/temporary error?
2707 dnl if MAIL: permanent (STARTTLS has not been offered)
2708 dnl if STARTTLS: temporary (offered but maybe failed)
2711 dnl do a default lookup: just TLS_CLT_TAG
2713 ifdef(`_ATMPF_', `dnl tempfail?
2714 …| <$* _ATMPF_> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
2715 R$* $@ $>"TLS_connection" $1', `dnl
2725 dnl i.e. has the server been authenticated and is encryption active?
2726 dnl called from deliver() after STARTTLS command
2728 ifdef(`_LOCAL_TLS_SERVER_', `dnl
2731 R$* $| $* $: $1', `dnl')
2732 ifdef(`_ACCESS_TABLE_', `dnl
2733 dnl store name of other side
2737 dnl do a default lookup: just TLS_SRV_TAG
2739 ifdef(`_ATMPF_', `dnl tempfail?
2740 …| <$* _ATMPF_> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
2741 R$* $@ $>"TLS_connection" $1', `dnl
2748 ifdef(`_ACCESS_TABLE_', `dnl
2749 ### ${verify} $| <Requirement> [<>]', `dnl
2752 dnl syntax for Requirement:
2753 dnl [(PERM|TEMP)+] (VERIFY[:bits]|ENCR:bits) [+extensions]
2754 dnl extensions: could be a list of further requirements
2755 dnl for now: CN:string {cn_subject} == string
2758 ifdef(`_ACCESS_TABLE_', `dnl', `dnl use default error
2759 dnl deal with TLS handshake failures: abort
2762 dnl common ruleset for tls_{client|server}
2763 dnl input: ${verify} $| <ResultOfLookup> [<>]
2764 dnl remove optional <>
2766 dnl workspace: ${verify} $| <ResultOfLookup>
2768 dnl permanent or temporary error?
2771 dnl default case depends on TLS_PERM_ERR
2773 dnl workspace: ${verify} $| [<SMTP:ESC>] <ResultOfLookup>
2776 dnl no <reply:dns> i.e. not requirements in the access map
2777 dnl use default error
2781 dnl no <reply:dns> i.e. not requirements in the access map
2782 dnl use default error
2785 dnl separate optional requirements
2788 dnl separate optional requirements
2790 dnl some other value in access map: accept
2791 dnl this also allows to override the default case (if used)
2795 dnl workspace: <SMTP:ESC> <{VERIFY,ENCR}[:BITS]> <[extensions]> ${verify}
2796 dnl only verification required and it succeeded
2798 dnl verification required and it succeeded but extensions are given
2799 dnl change it to <SMTP:ESC> <REQ:0> <extensions>
2801 dnl verification required + some level of encryption
2803 dnl just some level of encryption required
2805 dnl workspace:
2806 dnl 1. <SMTP:ESC> <VERIFY [:bits]> <[extensions]> {verify} (!= OK)
2807 dnl 2. <SMTP:ESC> <REQ:bits> <[extensions]>
2808 dnl verification required but ${verify} is not set (case 1.)
2814 dnl some other value for ${verify}
2816 dnl some level of encryption required: get the maximum level (case 2.)
2818 dnl compare required bits with actual bits
2821 dnl strength requirements fulfilled
2822 dnl TLS Additional Requirements Separator
2823 dnl this should be something which does not appear in the extensions itself
2824 dnl @ could be part of a CN, DN, etc...
2825 dnl use < > ? those are encoded in CN, DN, ...
2826 define(`_TLS_ARS_', `++')dnl
2827 dnl workspace:
2828 dnl <SMTP:ESC> <REQ:bits> <extensions> result-of-compare
2830 dnl workspace: <SMTP:ESC _TLS_ARS_ extensions>
2831 dnl continue: check extensions
2833 dnl split extensions into own list
2844 dnl further requirements for this ruleset:
2845 dnl name of "other side" is stored is {TLS_name} (client/server_name)
2846 dnl
2847 dnl currently only CN[:common_name] is implemented
2848 dnl right now this is only a logical AND
2849 dnl i.e. all requirements must be true
2850 dnl how about an OR? CN must be X or CN must be Y or ..
2851 dnl use a macro to compute this as a trivial sequential
2852 dnl operations (no precedences etc)?
2855 dnl no additional requirements: ok
2857 dnl require CN: but no CN specified: use name of other side
2859 dnl match, check rest
2861 dnl CN does not match
2862 dnl 1 2 3 4
2864 dnl cert subject
2866 dnl CS does not match
2867 dnl 1 2 3 4
2869 dnl match, check rest
2871 dnl CI does not match
2872 dnl 1 2 3 4
2874 dnl return from recursive call
2889 dnl endif _ACCESS_TABLE_
2900 dnl we do not allow relaying for anyone who can present a cert
2901 dnl signed by a "trusted" CA. For example, even if we put verisigns
2902 dnl CA in CertPath so we can authenticate users, we do not allow
2903 dnl them to abuse our server (they might be easier to get hold of,
2904 dnl but anyway).
2905 dnl so here is the trick: if the verification succeeded
2906 dnl we look up the cert issuer in the access map
2907 dnl (maybe after extracting a part with a regular expression)
2908 dnl if this returns RELAY we relay without further questions
2909 dnl if it returns SUBJECT we perform a similar check on the
2910 dnl cert subject.
2911 ifdef(`_ACCESS_TABLE_', `dnl
2915 ifdef(`_CERT_REGEX_ISSUER_', `dnl
2919 dnl use $# to stop further checks (delay_check)
2921 ifdef(`_CERT_REGEX_SUBJECT_', `dnl
2926 R$* $: NO', `dnl')
2934 dnl both are currently ignored
2935 dnl if it should be done via another map, we either need to restrict
2936 dnl functionality (it calls D and A) or copy those rulesets (or add another
2937 dnl parameter which I want to avoid, it's quite complex already)
2939 dnl omit this ruleset if neither is defined?
2940 dnl it causes DefaultAuthInfo to be ignored
2941 dnl (which may be considered a good thing).
2943 ifdef(`_AUTHINFO_TABLE_', `dnl
2949 dnl', `dnl
2950 ifdef(`_ACCESS_TABLE_', `dnl
2956 dnl', `dnl')')
2958 ifdef(`_RATE_CONTROL_',`dnl
2965 ifdef(`_ACCESS_TABLE_', `dnl
2967 dnl also look up a default value via E:
2969 dnl found nothing: stop here
2971 ifdef(`_ATMPF_', `dnl tempfail?
2972 R<$* _ATMPF_> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
2973 dnl use the generic routine (for now)
2976 dnl log this? Connection rate $&{client_rate} exceeds limit $1.
2980 ifdef(`_CONN_CONTROL_',`dnl
2987 ifdef(`_ACCESS_TABLE_', `dnl
2989 dnl also look up a default value via E:
2991 dnl found nothing: stop here
2993 ifdef(`_ATMPF_', `dnl tempfail?
2994 R<$* _ATMPF_> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
2995 dnl use the generic routine (for now)
2998 dnl log this: Open connections $&{client_connections} exceeds limit $1.
3002 undivert(9)dnl LOCAL_RULESETS
3020 undivert(7)dnl MAILER_DEFINITIONS