xref: /illumos-gate/usr/src/cmd/sendmail/cf/m4/proto.m4 (revision 354507029a42e4bcb1ea64fc4685f2bfd4792db8)
1divert(-1)
2#
3# Copyright (c) 1998-2007 Sendmail, Inc. and its suppliers.
4#	All rights reserved.
5# Copyright (c) 1983, 1995 Eric P. Allman.  All rights reserved.
6# Copyright (c) 1988, 1993
7#	The Regents of the University of California.  All rights reserved.
8#
9# Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
10# Use is subject to license terms.
11#
12# ident	"%Z%%M%	%I%	%E% SMI"
13#
14# By using this file, you agree to the terms and conditions set
15# forth in the LICENSE file which can be found at the top level of
16# the sendmail distribution.
17#
18#
19divert(0)
20
21VERSIONID(`$Id: proto.m4,v 8.734 2008/01/24 23:42:01 ca Exp $')
22
23# level CF_LEVEL config file format
24V`'CF_LEVEL/ifdef(`VENDOR_NAME', `VENDOR_NAME', `Sun')
25divert(-1)
26
27dnl if MAILER(`local') not defined: do it ourself; be nice
28dnl maybe we should issue a warning?
29ifdef(`_MAILER_local_',`', `MAILER(local)')
30
31# do some sanity checking
32ifdef(`__OSTYPE__',,
33	`errprint(`*** ERROR: No system type defined (use OSTYPE macro)
34')')
35
36# pick our default mailers
37ifdef(`confSMTP_MAILER',, `define(`confSMTP_MAILER', `esmtp')')
38ifdef(`confLOCAL_MAILER',, `define(`confLOCAL_MAILER', `local')')
39ifdef(`confRELAY_MAILER',,
40	`define(`confRELAY_MAILER',
41		`ifdef(`_MAILER_smtp_', `relay',
42			`ifdef(`_MAILER_uucp', `uucp-new', `unknown')')')')
43ifdef(`confUUCP_MAILER',, `define(`confUUCP_MAILER', `uucp-old')')
44define(`_SMTP_', `confSMTP_MAILER')dnl		for readability only
45define(`_LOCAL_', `confLOCAL_MAILER')dnl	for readability only
46define(`_RELAY_', `confRELAY_MAILER')dnl	for readability only
47define(`_UUCP_', `confUUCP_MAILER')dnl		for readability only
48
49# back compatibility with old config files
50ifdef(`confDEF_GROUP_ID',
51`errprint(`*** confDEF_GROUP_ID is obsolete.
52    Use confDEF_USER_ID with a colon in the value instead.
53')')
54ifdef(`confREAD_TIMEOUT',
55`errprint(`*** confREAD_TIMEOUT is obsolete.
56    Use individual confTO_<timeout> parameters instead.
57')')
58ifdef(`confMESSAGE_TIMEOUT',
59	`define(`_ARG_', index(confMESSAGE_TIMEOUT, /))
60	 ifelse(_ARG_, -1,
61		`define(`confTO_QUEUERETURN', confMESSAGE_TIMEOUT)',
62		`define(`confTO_QUEUERETURN',
63			substr(confMESSAGE_TIMEOUT, 0, _ARG_))
64		 define(`confTO_QUEUEWARN',
65			substr(confMESSAGE_TIMEOUT, eval(_ARG_+1)))')')
66ifdef(`confMIN_FREE_BLOCKS', `ifelse(index(confMIN_FREE_BLOCKS, /), -1,,
67`errprint(`*** compound confMIN_FREE_BLOCKS is obsolete.
68    Use confMAX_MESSAGE_SIZE for the second part of the value.
69')')')
70
71
72# Sanity check on ldap_routing feature
73# If the user doesn't specify a new map, they better have given as a
74# default LDAP specification which has the LDAP base (and most likely the host)
75ifdef(`confLDAP_DEFAULT_SPEC',, `ifdef(`_LDAP_ROUTING_WARN_', `errprint(`
76WARNING: Using default FEATURE(ldap_routing) map definition(s)
77without setting confLDAP_DEFAULT_SPEC option.
78')')')dnl
79
80# clean option definitions below....
81define(`_OPTION', `ifdef(`$2', `O $1`'ifelse(defn(`$2'), `',, `=$2')', `#O $1`'ifelse(`$3', `',,`=$3')')')dnl
82
83dnl required to "rename" the check_* rulesets...
84define(`_U_',ifdef(`_DELAY_CHECKS_',`',`_'))
85dnl default relaying denied message
86ifdef(`confRELAY_MSG', `', `define(`confRELAY_MSG',
87ifdef(`_USE_AUTH_', `"550 Relaying denied. Proper authentication required."', `"550 Relaying denied"'))')
88ifdef(`confRCPTREJ_MSG', `', `define(`confRCPTREJ_MSG', `"550 Mailbox disabled for this recipient"')')
89define(`_CODE553', `553')
90divert(0)dnl
91
92# override file safeties - setting this option compromises system security,
93# addressing the actual file configuration problem is preferred
94# need to set this before any file actions are encountered in the cf file
95_OPTION(DontBlameSendmail, `confDONT_BLAME_SENDMAIL', `safe')
96
97# default LDAP map specification
98# need to set this now before any LDAP maps are defined
99_OPTION(LDAPDefaultSpec, `confLDAP_DEFAULT_SPEC', `-h localhost')
100
101##################
102#   local info   #
103##################
104
105# my LDAP cluster
106# need to set this before any LDAP lookups are done (including classes)
107ifdef(`confLDAP_CLUSTER', `D{sendmailMTACluster}`'confLDAP_CLUSTER', `#D{sendmailMTACluster}$m')
108
109Cwlocalhost
110ifdef(`USE_CW_FILE',
111`# file containing names of hosts for which we receive email
112Fw`'confCW_FILE',
113	`dnl')
114
115# my official domain name
116# ... `define' this only if sendmail cannot automatically determine your domain
117ifdef(`confDOMAIN_NAME', `Dj`'confDOMAIN_NAME', `#Dj$w.Foo.COM')
118
119# host/domain names ending with a token in class P are canonical
120CP.
121
122ifdef(`UUCP_RELAY',
123`# UUCP relay host
124DY`'UUCP_RELAY
125CPUUCP
126
127')dnl
128ifdef(`BITNET_RELAY',
129`#  BITNET relay host
130DB`'BITNET_RELAY
131CPBITNET
132
133')dnl
134ifdef(`DECNET_RELAY',
135`define(`_USE_DECNET_SYNTAX_', 1)dnl
136# DECnet relay host
137DC`'DECNET_RELAY
138CPDECNET
139
140')dnl
141ifdef(`FAX_RELAY',
142`# FAX relay host
143DF`'FAX_RELAY
144CPFAX
145
146')dnl
147# "Smart" relay host (may be null)
148DS`'ifdef(`SMART_HOST', `SMART_HOST')
149
150ifdef(`LUSER_RELAY', `dnl
151# place to which unknown users should be forwarded
152Kuser user -m -a<>
153DL`'LUSER_RELAY',
154`dnl')
155
156# operators that cannot be in local usernames (i.e., network indicators)
157CO @ % ifdef(`_NO_UUCP_', `', `!')
158
159# a class with just dot (for identifying canonical names)
160C..
161
162# a class with just a left bracket (for identifying domain literals)
163C[[
164
165ifdef(`_ACCESS_TABLE_', `dnl
166# access_db acceptance class
167C{Accept}OK RELAY
168ifdef(`_DELAY_COMPAT_8_10_',`dnl
169ifdef(`_BLACKLIST_RCPT_',`dnl
170# possible access_db RHS for spam friends/haters
171C{SpamTag}SPAMFRIEND SPAMHATER')')',
172`dnl')
173
174dnl mark for "domain is ok" (resolved or accepted anyway)
175define(`_RES_OK_', `OKR')dnl
176ifdef(`_ACCEPT_UNRESOLVABLE_DOMAINS_',`dnl',`dnl
177# Resolve map (to check if a host exists in check_mail)
178Kresolve host -a<_RES_OK_> -T<TEMP>')
179C{ResOk}_RES_OK_
180
181ifdef(`_NEED_MACRO_MAP_', `dnl
182ifdef(`_MACRO_MAP_', `', `# macro storage map
183define(`_MACRO_MAP_', `1')dnl
184Kmacro macro')', `dnl')
185
186ifdef(`confCR_FILE', `dnl
187# Hosts for which relaying is permitted ($=R)
188FR`'confCR_FILE',
189`dnl')
190
191define(`TLS_SRV_TAG', `"TLS_Srv"')dnl
192define(`TLS_CLT_TAG', `"TLS_Clt"')dnl
193define(`TLS_RCPT_TAG', `"TLS_Rcpt"')dnl
194define(`TLS_TRY_TAG', `"Try_TLS"')dnl
195define(`SRV_FEAT_TAG', `"Srv_Features"')dnl
196dnl this may be useful in other contexts too
197ifdef(`_ARITH_MAP_', `', `# arithmetic map
198define(`_ARITH_MAP_', `1')dnl
199Karith arith')
200ifdef(`_ACCESS_TABLE_', `dnl
201ifdef(`_MACRO_MAP_', `', `# macro storage map
202define(`_MACRO_MAP_', `1')dnl
203Kmacro macro')
204# possible values for TLS_connection in access map
205C{Tls}VERIFY ENCR', `dnl')
206ifdef(`_CERT_REGEX_ISSUER_', `dnl
207# extract relevant part from cert issuer
208KCERTIssuer regex _CERT_REGEX_ISSUER_', `dnl')
209ifdef(`_CERT_REGEX_SUBJECT_', `dnl
210# extract relevant part from cert subject
211KCERTSubject regex _CERT_REGEX_SUBJECT_', `dnl')
212
213ifdef(`LOCAL_RELAY', `dnl
214# who I send unqualified names to if `FEATURE(stickyhost)' is used
215# (null means deliver locally)
216DR`'LOCAL_RELAY')
217
218ifdef(`MAIL_HUB', `dnl
219# who gets all local email traffic
220# ($R has precedence for unqualified names if `FEATURE(stickyhost)' is used)
221DH`'MAIL_HUB')
222
223# dequoting map
224Kdequote dequote`'ifdef(`confDEQUOTE_OPTS', ` confDEQUOTE_OPTS', `')
225
226divert(0)dnl	# end of nullclient diversion
227# class E: names that should be exposed as from this host, even if we masquerade
228# class L: names that should be delivered locally, even if we have a relay
229# class M: domains that should be converted to $M
230# class N: domains that should not be converted to $M
231#CL root
232undivert(5)dnl
233ifdef(`_VIRTHOSTS_', `CR$={VirtHost}', `dnl')
234
235ifdef(`MASQUERADE_NAME', `dnl
236# who I masquerade as (null for no masquerading) (see also $=M)
237DM`'MASQUERADE_NAME')
238
239# my name for error messages
240ifdef(`confMAILER_NAME', `Dn`'confMAILER_NAME', `#DnMAILER-DAEMON')
241
242undivert(6)dnl LOCAL_CONFIG
243include(_CF_DIR_`m4/version.m4')
244
245###############
246#   Options   #
247###############
248ifdef(`confAUTO_REBUILD',
249`errprint(WARNING: `confAUTO_REBUILD' is no longer valid.
250	There was a potential for a denial of service attack if this is set.
251)')dnl
252
253# strip message body to 7 bits on input?
254_OPTION(SevenBitInput, `confSEVEN_BIT_INPUT', `False')
255
256# 8-bit data handling
257_OPTION(EightBitMode, `confEIGHT_BIT_HANDLING', `pass8')
258
259# wait for alias file rebuild (default units: minutes)
260_OPTION(AliasWait, `confALIAS_WAIT', `5m')
261
262# location of alias file
263_OPTION(AliasFile, `ALIAS_FILE', `MAIL_SETTINGS_DIR`'aliases')
264
265# minimum number of free blocks on filesystem
266_OPTION(MinFreeBlocks, `confMIN_FREE_BLOCKS', `100')
267
268# maximum message size
269_OPTION(MaxMessageSize, `confMAX_MESSAGE_SIZE', `0')
270
271# substitution for space (blank) characters
272_OPTION(BlankSub, `confBLANK_SUB', `_')
273
274# avoid connecting to "expensive" mailers on initial submission?
275_OPTION(HoldExpensive, `confCON_EXPENSIVE', `False')
276
277# checkpoint queue runs after every N successful deliveries
278_OPTION(CheckpointInterval, `confCHECKPOINT_INTERVAL', `10')
279
280# default delivery mode
281_OPTION(DeliveryMode, `confDELIVERY_MODE', `background')
282
283# error message header/file
284_OPTION(ErrorHeader, `confERROR_MESSAGE', `MAIL_SETTINGS_DIR`'error-header')
285
286# error mode
287_OPTION(ErrorMode, `confERROR_MODE', `print')
288
289# save Unix-style "From_" lines at top of header?
290_OPTION(SaveFromLine, `confSAVE_FROM_LINES', `False')
291
292# queue file mode (qf files)
293_OPTION(QueueFileMode, `confQUEUE_FILE_MODE', `0600')
294
295# temporary file mode
296_OPTION(TempFileMode, `confTEMP_FILE_MODE', `0600')
297
298# match recipients against GECOS field?
299_OPTION(MatchGECOS, `confMATCH_GECOS', `False')
300
301# maximum hop count
302_OPTION(MaxHopCount, `confMAX_HOP', `25')
303
304# location of help file
305O HelpFile=ifdef(`HELP_FILE', HELP_FILE, `MAIL_SETTINGS_DIR`'helpfile')
306
307# ignore dots as terminators in incoming messages?
308_OPTION(IgnoreDots, `confIGNORE_DOTS', `False')
309
310# name resolver options
311_OPTION(ResolverOptions, `confBIND_OPTS', `+AAONLY')
312
313# deliver MIME-encapsulated error messages?
314_OPTION(SendMimeErrors, `confMIME_FORMAT_ERRORS', `True')
315
316# Forward file search path
317_OPTION(ForwardPath, `confFORWARD_PATH', `/var/forward/$u:$z/.forward.$w:$z/.forward')
318
319# open connection cache size
320_OPTION(ConnectionCacheSize, `confMCI_CACHE_SIZE', `2')
321
322# open connection cache timeout
323_OPTION(ConnectionCacheTimeout, `confMCI_CACHE_TIMEOUT', `5m')
324
325# persistent host status directory
326_OPTION(HostStatusDirectory, `confHOST_STATUS_DIRECTORY', `.hoststat')
327
328# single thread deliveries (requires HostStatusDirectory)?
329_OPTION(SingleThreadDelivery, `confSINGLE_THREAD_DELIVERY', `False')
330
331# use Errors-To: header?
332_OPTION(UseErrorsTo, `confUSE_ERRORS_TO', `False')
333
334# log level
335_OPTION(LogLevel, `confLOG_LEVEL', `10')
336
337# send to me too, even in an alias expansion?
338_OPTION(MeToo, `confME_TOO', `True')
339
340# verify RHS in newaliases?
341_OPTION(CheckAliases, `confCHECK_ALIASES', `False')
342
343# default messages to old style headers if no special punctuation?
344_OPTION(OldStyleHeaders, `confOLD_STYLE_HEADERS', `False')
345
346# SMTP daemon options
347ifelse(defn(`confDAEMON_OPTIONS'), `', `dnl',
348`errprint(WARNING: `confDAEMON_OPTIONS' is no longer valid.
349	Use `DAEMON_OPTIONS()'; see cf/README.
350)'dnl
351`DAEMON_OPTIONS(`confDAEMON_OPTIONS')')
352ifelse(defn(`_DPO_'), `',
353`ifdef(`_NETINET6_', `O DaemonPortOptions=Name=MTA-v4, Family=inet
354O DaemonPortOptions=Name=MTA-v6, Family=inet6',`O DaemonPortOptions=Name=MTA')', `_DPO_')
355ifdef(`_NO_MSA_', `dnl', `O DaemonPortOptions=Port=587, Name=MSA, M=E')
356
357# SMTP client options
358ifelse(defn(`confCLIENT_OPTIONS'), `', `dnl',
359`errprint(WARNING: `confCLIENT_OPTIONS' is no longer valid.  See cf/README for more information.
360)'dnl
361`CLIENT_OPTIONS(`confCLIENT_OPTIONS')')
362ifelse(defn(`_CPO_'), `',
363`#O ClientPortOptions=Family=inet, Address=0.0.0.0', `_CPO_')
364
365# Modifiers to `define' {daemon_flags} for direct submissions
366_OPTION(DirectSubmissionModifiers, `confDIRECT_SUBMISSION_MODIFIERS', `')
367
368# Use as mail submission program? See sendmail/SECURITY
369_OPTION(UseMSP, `confUSE_MSP', `')
370
371# privacy flags
372_OPTION(PrivacyOptions, `confPRIVACY_FLAGS', `authwarnings')
373
374# who (if anyone) should get extra copies of error messages
375_OPTION(PostmasterCopy, `confCOPY_ERRORS_TO', `Postmaster')
376
377# slope of queue-only function
378_OPTION(QueueFactor, `confQUEUE_FACTOR', `600000')
379
380# limit on number of concurrent queue runners
381_OPTION(MaxQueueChildren, `confMAX_QUEUE_CHILDREN', `')
382
383# maximum number of queue-runners per queue-grouping with multiple queues
384_OPTION(MaxRunnersPerQueue, `confMAX_RUNNERS_PER_QUEUE', `1')
385
386# priority of queue runners (nice(3))
387_OPTION(NiceQueueRun, `confNICE_QUEUE_RUN', `')
388
389# shall we sort the queue by hostname first?
390_OPTION(QueueSortOrder, `confQUEUE_SORT_ORDER', `priority')
391
392# minimum time in queue before retry
393_OPTION(MinQueueAge, `confMIN_QUEUE_AGE', `30m')
394
395# how many jobs can you process in the queue?
396_OPTION(MaxQueueRunSize, `confMAX_QUEUE_RUN_SIZE', `0')
397
398# perform initial split of envelope without checking MX records
399_OPTION(FastSplit, `confFAST_SPLIT', `1')
400
401# queue directory
402O QueueDirectory=ifdef(`QUEUE_DIR', QUEUE_DIR, `/var/spool/mqueue')
403
404# key for shared memory; 0 to turn off, -1 to auto-select
405_OPTION(SharedMemoryKey, `confSHARED_MEMORY_KEY', `0')
406
407# file to store auto-selected key for shared memory (SharedMemoryKey = -1)
408_OPTION(SharedMemoryKeyFile, `confSHARED_MEMORY_KEY_FILE', `')
409
410# timeouts (many of these)
411_OPTION(Timeout.initial, `confTO_INITIAL', `5m')
412_OPTION(Timeout.connect, `confTO_CONNECT', `5m')
413_OPTION(Timeout.aconnect, `confTO_ACONNECT', `0s')
414_OPTION(Timeout.iconnect, `confTO_ICONNECT', `5m')
415_OPTION(Timeout.helo, `confTO_HELO', `5m')
416_OPTION(Timeout.mail, `confTO_MAIL', `10m')
417_OPTION(Timeout.rcpt, `confTO_RCPT', `1h')
418_OPTION(Timeout.datainit, `confTO_DATAINIT', `5m')
419_OPTION(Timeout.datablock, `confTO_DATABLOCK', `1h')
420_OPTION(Timeout.datafinal, `confTO_DATAFINAL', `1h')
421_OPTION(Timeout.rset, `confTO_RSET', `5m')
422_OPTION(Timeout.quit, `confTO_QUIT', `2m')
423_OPTION(Timeout.misc, `confTO_MISC', `2m')
424_OPTION(Timeout.command, `confTO_COMMAND', `1h')
425_OPTION(Timeout.ident, `confTO_IDENT', `5s')
426_OPTION(Timeout.fileopen, `confTO_FILEOPEN', `60s')
427_OPTION(Timeout.control, `confTO_CONTROL', `2m')
428_OPTION(Timeout.queuereturn, `confTO_QUEUERETURN', `5d')
429_OPTION(Timeout.queuereturn.normal, `confTO_QUEUERETURN_NORMAL', `5d')
430_OPTION(Timeout.queuereturn.urgent, `confTO_QUEUERETURN_URGENT', `2d')
431_OPTION(Timeout.queuereturn.non-urgent, `confTO_QUEUERETURN_NONURGENT', `7d')
432_OPTION(Timeout.queuereturn.dsn, `confTO_QUEUERETURN_DSN', `5d')
433_OPTION(Timeout.queuewarn, `confTO_QUEUEWARN', `4h')
434_OPTION(Timeout.queuewarn.normal, `confTO_QUEUEWARN_NORMAL', `4h')
435_OPTION(Timeout.queuewarn.urgent, `confTO_QUEUEWARN_URGENT', `1h')
436_OPTION(Timeout.queuewarn.non-urgent, `confTO_QUEUEWARN_NONURGENT', `12h')
437_OPTION(Timeout.queuewarn.dsn, `confTO_QUEUEWARN_DSN', `4h')
438_OPTION(Timeout.hoststatus, `confTO_HOSTSTATUS', `30m')
439_OPTION(Timeout.resolver.retrans, `confTO_RESOLVER_RETRANS', `5s')
440_OPTION(Timeout.resolver.retrans.first, `confTO_RESOLVER_RETRANS_FIRST', `5s')
441_OPTION(Timeout.resolver.retrans.normal, `confTO_RESOLVER_RETRANS_NORMAL', `5s')
442_OPTION(Timeout.resolver.retry, `confTO_RESOLVER_RETRY', `4')
443_OPTION(Timeout.resolver.retry.first, `confTO_RESOLVER_RETRY_FIRST', `4')
444_OPTION(Timeout.resolver.retry.normal, `confTO_RESOLVER_RETRY_NORMAL', `4')
445_OPTION(Timeout.lhlo, `confTO_LHLO', `2m')
446_OPTION(Timeout.auth, `confTO_AUTH', `10m')
447_OPTION(Timeout.starttls, `confTO_STARTTLS', `1h')
448
449# time for DeliverBy; extension disabled if less than 0
450_OPTION(DeliverByMin, `confDELIVER_BY_MIN', `0')
451
452# should we not prune routes in route-addr syntax addresses?
453_OPTION(DontPruneRoutes, `confDONT_PRUNE_ROUTES', `False')
454
455# queue up everything before forking?
456_OPTION(SuperSafe, `confSAFE_QUEUE', `True')
457
458# status file
459_OPTION(StatusFile, `STATUS_FILE')
460
461# time zone handling:
462#  if undefined, use system default
463#  if defined but null, use TZ envariable passed in
464#  if defined and non-null, use that info
465ifelse(confTIME_ZONE, `USE_SYSTEM', `#O TimeZoneSpec=',
466	confTIME_ZONE, `USE_TZ', `O TimeZoneSpec=',
467	`O TimeZoneSpec=confTIME_ZONE')
468
469# default UID (can be username or userid:groupid)
470_OPTION(DefaultUser, `confDEF_USER_ID', `mailnull')
471
472# list of locations of user database file (null means no lookup)
473_OPTION(UserDatabaseSpec, `confUSERDB_SPEC', `MAIL_SETTINGS_DIR`'userdb')
474
475# fallback MX host
476_OPTION(FallbackMXhost, `confFALLBACK_MX', `fall.back.host.net')
477
478# fallback smart host
479_OPTION(FallbackSmartHost, `confFALLBACK_SMARTHOST', `fall.back.host.net')
480
481# if we are the best MX host for a site, try it directly instead of config err
482_OPTION(TryNullMXList, `confTRY_NULL_MX_LIST', `False')
483
484# load average at which we just queue messages
485_OPTION(QueueLA, `confQUEUE_LA', `8')
486
487# load average at which we refuse connections
488_OPTION(RefuseLA, `confREFUSE_LA', `12')
489
490# log interval when refusing connections for this long
491_OPTION(RejectLogInterval, `confREJECT_LOG_INTERVAL', `3h')
492
493# load average at which we delay connections; 0 means no limit
494_OPTION(DelayLA, `confDELAY_LA', `0')
495
496# maximum number of children we allow at one time
497_OPTION(MaxDaemonChildren, `confMAX_DAEMON_CHILDREN', `0')
498
499# maximum number of new connections per second
500_OPTION(ConnectionRateThrottle, `confCONNECTION_RATE_THROTTLE', `0')
501
502# Width of the window
503_OPTION(ConnectionRateWindowSize, `confCONNECTION_RATE_WINDOW_SIZE', `60s')
504
505# work recipient factor
506_OPTION(RecipientFactor, `confWORK_RECIPIENT_FACTOR', `30000')
507
508# deliver each queued job in a separate process?
509_OPTION(ForkEachJob, `confSEPARATE_PROC', `False')
510
511# work class factor
512_OPTION(ClassFactor, `confWORK_CLASS_FACTOR', `1800')
513
514# work time factor
515_OPTION(RetryFactor, `confWORK_TIME_FACTOR', `90000')
516
517# default character set
518_OPTION(DefaultCharSet, `confDEF_CHAR_SET', `unknown-8bit')
519
520# service switch file (name hardwired on Solaris, Ultrix, OSF/1, others)
521_OPTION(ServiceSwitchFile, `confSERVICE_SWITCH_FILE', `MAIL_SETTINGS_DIR`'service.switch')
522
523# hosts file (normally /etc/hosts)
524_OPTION(HostsFile, `confHOSTS_FILE', `/etc/hosts')
525
526# dialup line delay on connection failure
527_OPTION(DialDelay, `confDIAL_DELAY', `0s')
528
529# action to take if there are no recipients in the message
530_OPTION(NoRecipientAction, `confNO_RCPT_ACTION', `none')
531
532# chrooted environment for writing to files
533_OPTION(SafeFileEnvironment, `confSAFE_FILE_ENV', `')
534
535# are colons OK in addresses?
536_OPTION(ColonOkInAddr, `confCOLON_OK_IN_ADDR', `True')
537
538# shall I avoid expanding CNAMEs (violates protocols)?
539_OPTION(DontExpandCnames, `confDONT_EXPAND_CNAMES', `False')
540
541# SMTP initial login message (old $e macro)
542_OPTION(SmtpGreetingMessage, `confSMTP_LOGIN_MSG', `$j Sendmail $v ready at $b')
543
544# UNIX initial From header format (old $l macro)
545_OPTION(UnixFromLine, `confFROM_LINE', `From $g $d')
546
547# From: lines that have embedded newlines are unwrapped onto one line
548_OPTION(SingleLineFromHeader, `confSINGLE_LINE_FROM_HEADER', `False')
549
550# Allow HELO SMTP command that does not `include' a host name
551_OPTION(AllowBogusHELO, `confALLOW_BOGUS_HELO', `False')
552
553# Characters to be quoted in a full name phrase (@,;:\()[] are automatic)
554_OPTION(MustQuoteChars, `confMUST_QUOTE_CHARS', `.')
555
556# delimiter (operator) characters (old $o macro)
557_OPTION(OperatorChars, `confOPERATORS', `.:@[]')
558
559# shall I avoid calling initgroups(3) because of high NIS costs?
560_OPTION(DontInitGroups, `confDONT_INIT_GROUPS', `False')
561
562# are group-writable `:include:' and .forward files (un)trustworthy?
563# True (the default) means they are not trustworthy.
564_OPTION(UnsafeGroupWrites, `confUNSAFE_GROUP_WRITES', `True')
565ifdef(`confUNSAFE_GROUP_WRITES',
566`errprint(`WARNING: confUNSAFE_GROUP_WRITES is deprecated; use confDONT_BLAME_SENDMAIL.
567')')
568
569# where do errors that occur when sending errors get sent?
570_OPTION(DoubleBounceAddress, `confDOUBLE_BOUNCE_ADDRESS', `postmaster')
571
572# issue temporary errors (4xy) instead of permanent errors (5xy)?
573_OPTION(SoftBounce, `confSOFT_BOUNCE', `False')
574
575# where to save bounces if all else fails
576_OPTION(DeadLetterDrop, `confDEAD_LETTER_DROP', `/var/tmp/dead.letter')
577
578# what user id do we assume for the majority of the processing?
579_OPTION(RunAsUser, `confRUN_AS_USER', `sendmail')
580
581# maximum number of recipients per SMTP envelope
582_OPTION(MaxRecipientsPerMessage, `confMAX_RCPTS_PER_MESSAGE', `0')
583
584# limit the rate recipients per SMTP envelope are accepted
585# once the threshold number of recipients have been rejected
586_OPTION(BadRcptThrottle, `confBAD_RCPT_THROTTLE', `0')
587
588# shall we get local names from our installed interfaces?
589_OPTION(DontProbeInterfaces, `confDONT_PROBE_INTERFACES', `False')
590
591# Return-Receipt-To: header implies DSN request
592_OPTION(RrtImpliesDsn, `confRRT_IMPLIES_DSN', `False')
593
594# override connection address (for testing)
595_OPTION(ConnectOnlyTo, `confCONNECT_ONLY_TO', `0.0.0.0')
596
597# Trusted user for file ownership and starting the daemon
598_OPTION(TrustedUser, `confTRUSTED_USER', `root')
599
600# Control socket for daemon management
601_OPTION(ControlSocketName, `confCONTROL_SOCKET_NAME', `/var/spool/mqueue/.control')
602
603# Maximum MIME header length to protect MUAs
604_OPTION(MaxMimeHeaderLength, `confMAX_MIME_HEADER_LENGTH', `2048/1024')
605
606# Maximum length of the sum of all headers
607_OPTION(MaxHeadersLength, `confMAX_HEADERS_LENGTH', `32768')
608
609# Maximum depth of alias recursion
610_OPTION(MaxAliasRecursion, `confMAX_ALIAS_RECURSION', `10')
611
612# location of pid file
613_OPTION(PidFile, `confPID_FILE', `/var/run/sendmail.pid')
614
615# Prefix string for the process title shown on 'ps' listings
616_OPTION(ProcessTitlePrefix, `confPROCESS_TITLE_PREFIX', `prefix')
617
618# Data file (df) memory-buffer file maximum size
619_OPTION(DataFileBufferSize, `confDF_BUFFER_SIZE', `4096')
620
621# Transcript file (xf) memory-buffer file maximum size
622_OPTION(XscriptFileBufferSize, `confXF_BUFFER_SIZE', `4096')
623
624# lookup type to find information about local mailboxes
625_OPTION(MailboxDatabase, `confMAILBOX_DATABASE', `pw')
626
627# override compile time flag REQUIRES_DIR_FSYNC
628_OPTION(RequiresDirfsync, `confREQUIRES_DIR_FSYNC', `true')
629
630# list of authentication mechanisms
631_OPTION(AuthMechanisms, `confAUTH_MECHANISMS', `EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5')
632
633# Authentication realm
634_OPTION(AuthRealm, `confAUTH_REALM', `')
635
636# default authentication information for outgoing connections
637_OPTION(DefaultAuthInfo, `confDEF_AUTH_INFO', `MAIL_SETTINGS_DIR`'default-auth-info')
638
639# SMTP AUTH flags
640_OPTION(AuthOptions, `confAUTH_OPTIONS', `')
641
642# SMTP AUTH maximum encryption strength
643_OPTION(AuthMaxBits, `confAUTH_MAX_BITS', `')
644
645# SMTP STARTTLS server options
646_OPTION(TLSSrvOptions, `confTLS_SRV_OPTIONS', `')
647
648# Input mail filters
649_OPTION(InputMailFilters, `confINPUT_MAIL_FILTERS', `')
650
651ifelse(len(X`'_MAIL_FILTERS_DEF), `1', `dnl', `dnl
652# Milter options
653_OPTION(Milter.LogLevel, `confMILTER_LOG_LEVEL', `')
654_OPTION(Milter.macros.connect, `confMILTER_MACROS_CONNECT', `')
655_OPTION(Milter.macros.helo, `confMILTER_MACROS_HELO', `')
656_OPTION(Milter.macros.envfrom, `confMILTER_MACROS_ENVFROM', `')
657_OPTION(Milter.macros.envrcpt, `confMILTER_MACROS_ENVRCPT', `')
658_OPTION(Milter.macros.eom, `confMILTER_MACROS_EOM', `')
659_OPTION(Milter.macros.eoh, `confMILTER_MACROS_EOH', `')
660_OPTION(Milter.macros.data, `confMILTER_MACROS_DATA', `')')
661
662# CA directory
663_OPTION(CACertPath, `confCACERT_PATH', `')
664# CA file
665_OPTION(CACertFile, `confCACERT', `')
666# Server Cert
667_OPTION(ServerCertFile, `confSERVER_CERT', `')
668# Server private key
669_OPTION(ServerKeyFile, `confSERVER_KEY', `')
670# Client Cert
671_OPTION(ClientCertFile, `confCLIENT_CERT', `')
672# Client private key
673_OPTION(ClientKeyFile, `confCLIENT_KEY', `')
674# File containing certificate revocation lists
675_OPTION(CRLFile, `confCRL', `')
676# DHParameters (only required if DSA/DH is used)
677_OPTION(DHParameters, `confDH_PARAMETERS', `')
678# Random data source (required for systems without /dev/urandom under OpenSSL)
679_OPTION(RandFile, `confRAND_FILE', `')
680
681# Maximum number of "useless" commands before slowing down
682_OPTION(MaxNOOPCommands, `confMAX_NOOP_COMMANDS', `20')
683
684# Name to use for EHLO (defaults to $j)
685_OPTION(HeloName, `confHELO_NAME')
686
687############################
688`# QUEUE GROUP DEFINITIONS  #'
689############################
690_QUEUE_GROUP_
691
692###########################
693#   Message precedences   #
694###########################
695
696Pfirst-class=0
697Pspecial-delivery=100
698Plist=-30
699Pbulk=-60
700Pjunk=-100
701
702#####################
703#   Trusted users   #
704#####################
705
706# this is equivalent to setting class "t"
707ifdef(`_USE_CT_FILE_', `', `#')Ft`'ifdef(`confCT_FILE', confCT_FILE, `MAIL_SETTINGS_DIR`'trusted-users')
708Troot
709Tdaemon
710ifdef(`_NO_UUCP_', `dnl', `Tuucp')
711ifdef(`confTRUSTED_USERS', `T`'confTRUSTED_USERS', `dnl')
712
713#########################
714#   Format of headers   #
715#########################
716
717ifdef(`confFROM_HEADER',, `define(`confFROM_HEADER', `$?x$x <$g>$|$g$.')')dnl
718ifdef(`confMESSAGEID_HEADER',, `define(`confMESSAGEID_HEADER', `<$t.$i@$j>')')dnl
719H?P?Return-Path: <$g>
720HReceived: confRECEIVED_HEADER
721H?D?Resent-Date: $a
722H?D?Date: $a
723H?F?Resent-From: confFROM_HEADER
724H?F?From: confFROM_HEADER
725H?x?Full-Name: $x
726# HPosted-Date: $a
727# H?l?Received-Date: $b
728H?M?Resent-Message-Id: confMESSAGEID_HEADER
729H?M?Message-Id: confMESSAGEID_HEADER
730
731#
732######################################################################
733######################################################################
734#####
735#####			REWRITING RULES
736#####
737######################################################################
738######################################################################
739
740############################################
741###  Ruleset 3 -- Name Canonicalization  ###
742############################################
743Scanonify=3
744
745# handle null input (translate to <@> special case)
746R$@			$@ <@>
747
748# strip group: syntax (not inside angle brackets!) and trailing semicolon
749R$*			$: $1 <@>			mark addresses
750R$* < $* > $* <@>	$: $1 < $2 > $3			unmark <addr>
751R@ $* <@>		$: @ $1				unmark @host:...
752R$* [ IPv6 : $+ ] <@>	$: $1 [ IPv6 : $2 ]		unmark IPv6 addr
753R$* :: $* <@>		$: $1 :: $2			unmark node::addr
754R:`include': $* <@>	$: :`include': $1			unmark :`include':...
755R$* : $* [ $* ]		$: $1 : $2 [ $3 ] <@>		remark if leading colon
756R$* : $* <@>		$: $2				strip colon if marked
757R$* <@>			$: $1				unmark
758R$* ;			   $1				strip trailing semi
759R$* < $+ :; > $*	$@ $2 :; <@>			catch <list:;>
760R$* < $* ; >		   $1 < $2 >			bogus bracketed semi
761
762# null input now results from list:; syntax
763R$@			$@ :; <@>
764
765# strip angle brackets -- note RFC733 heuristic to get innermost item
766R$*			$: < $1 >			housekeeping <>
767R$+ < $* >		   < $2 >			strip excess on left
768R< $* > $+		   < $1 >			strip excess on right
769R<>			$@ < @ >			MAIL FROM:<> case
770R< $+ >			$: $1				remove housekeeping <>
771
772ifdef(`_USE_DEPRECATED_ROUTE_ADDR_',`dnl
773# make sure <@a,@b,@c:user@d> syntax is easy to parse -- undone later
774R@ $+ , $+		@ $1 : $2			change all "," to ":"
775
776# localize and dispose of route-based addresses
777dnl XXX: IPv6 colon conflict
778ifdef(`NO_NETINET6', `dnl',
779`R@ [$+] : $+		$@ $>Canonify2 < @ [$1] > : $2	handle <route-addr>')
780R@ $+ : $+		$@ $>Canonify2 < @$1 > : $2	handle <route-addr>
781dnl',`dnl
782# strip route address <@a,@b,@c:user@d> -> <user@d>
783R@ $+ , $+		$2
784ifdef(`NO_NETINET6', `dnl',
785`R@ [ $* ] : $+		$2')
786R@ $+ : $+		$2
787dnl')
788
789# find focus for list syntax
790R $+ : $* ; @ $+	$@ $>Canonify2 $1 : $2 ; < @ $3 >	list syntax
791R $+ : $* ;		$@ $1 : $2;			list syntax
792
793# find focus for @ syntax addresses
794R$+ @ $+		$: $1 < @ $2 >			focus on domain
795R$+ < $+ @ $+ >		$1 $2 < @ $3 >			move gaze right
796R$+ < @ $+ >		$@ $>Canonify2 $1 < @ $2 >	already canonical
797
798dnl This is flagged as an error in S0; no need to silently fix it here.
799dnl # do some sanity checking
800dnl R$* < @ $~[ $* : $* > $*	$1 < @ $2 $3 > $4	nix colons in addrs
801
802ifdef(`_NO_UUCP_', `dnl',
803`# convert old-style addresses to a domain-based address
804R$- ! $+		$@ $>Canonify2 $2 < @ $1 .UUCP >	resolve uucp names
805R$+ . $- ! $+		$@ $>Canonify2 $3 < @ $1 . $2 >		domain uucps
806R$+ ! $+		$@ $>Canonify2 $2 < @ $1 .UUCP >	uucp subdomains
807')
808ifdef(`_USE_DECNET_SYNTAX_',
809`# convert node::user addresses into a domain-based address
810R$- :: $+		$@ $>Canonify2 $2 < @ $1 .DECNET >	resolve DECnet names
811R$- . $- :: $+		$@ $>Canonify2 $3 < @ $1.$2 .DECNET >	numeric DECnet addr
812',
813	`dnl')
814# if we have % signs, take the rightmost one
815R$* % $*		$1 @ $2				First make them all @s.
816R$* @ $* @ $*		$1 % $2 @ $3			Undo all but the last.
817R$* @ $*		$@ $>Canonify2 $1 < @ $2 >	Insert < > and finish
818
819# else we must be a local name
820R$*			$@ $>Canonify2 $1
821
822
823################################################
824###  Ruleset 96 -- bottom half of ruleset 3  ###
825################################################
826
827SCanonify2=96
828
829# handle special cases for local names
830R$* < @ localhost > $*		$: $1 < @ $j . > $2		no domain at all
831R$* < @ localhost . $m > $*	$: $1 < @ $j . > $2		local domain
832ifdef(`_NO_UUCP_', `dnl',
833`R$* < @ localhost . UUCP > $*	$: $1 < @ $j . > $2		.UUCP domain')
834
835# check for IPv4/IPv6 domain literal
836R$* < @ [ $+ ] > $*		$: $1 < @@ [ $2 ] > $3		mark [addr]
837R$* < @@ $=w > $*		$: $1 < @ $j . > $3		self-literal
838R$* < @@ $+ > $*		$@ $1 < @ $2 > $3		canon IP addr
839
840ifdef(`_DOMAIN_TABLE_', `dnl
841# look up domains in the domain table
842R$* < @ $+ > $* 		$: $1 < @ $(domaintable $2 $) > $3', `dnl')
843
844undivert(2)dnl LOCAL_RULE_3
845
846ifdef(`_BITDOMAIN_TABLE_', `dnl
847# handle BITNET mapping
848R$* < @ $+ .BITNET > $*		$: $1 < @ $(bitdomain $2 $: $2.BITNET $) > $3', `dnl')
849
850ifdef(`_UUDOMAIN_TABLE_', `dnl
851# handle UUCP mapping
852R$* < @ $+ .UUCP > $*		$: $1 < @ $(uudomain $2 $: $2.UUCP $) > $3', `dnl')
853
854ifdef(`_NO_UUCP_', `dnl',
855`ifdef(`UUCP_RELAY',
856`# pass UUCP addresses straight through
857R$* < @ $+ . UUCP > $*		$@ $1 < @ $2 . UUCP . > $3',
858`# if really UUCP, handle it immediately
859ifdef(`_CLASS_U_',
860`R$* < @ $=U . UUCP > $*	$@ $1 < @ $2 . UUCP . > $3', `dnl')
861ifdef(`_CLASS_V_',
862`R$* < @ $=V . UUCP > $*	$@ $1 < @ $2 . UUCP . > $3', `dnl')
863ifdef(`_CLASS_W_',
864`R$* < @ $=W . UUCP > $*	$@ $1 < @ $2 . UUCP . > $3', `dnl')
865ifdef(`_CLASS_X_',
866`R$* < @ $=X . UUCP > $*	$@ $1 < @ $2 . UUCP . > $3', `dnl')
867ifdef(`_CLASS_Y_',
868`R$* < @ $=Y . UUCP > $*	$@ $1 < @ $2 . UUCP . > $3', `dnl')
869
870ifdef(`_NO_CANONIFY_', `dnl', `dnl
871# try UUCP traffic as a local address
872R$* < @ $+ . UUCP > $*		$: $1 < @ $[ $2 $] . UUCP . > $3
873R$* < @ $+ . . UUCP . > $*	$@ $1 < @ $2 . > $3')
874')')
875# hostnames ending in class P are always canonical
876R$* < @ $* $=P > $*		$: $1 < @ $2 $3 . > $4
877dnl apply the next rule only for hostnames not in class P
878dnl this even works for phrases in class P since . is in class P
879dnl which daemon flags are set?
880R$* < @ $* $~P > $*		$: $&{daemon_flags} $| $1 < @ $2 $3 > $4
881dnl the other rules in this section only apply if the hostname
882dnl does not end in class P hence no further checks are done here
883dnl if this ever changes make sure the lookups are "protected" again!
884ifdef(`_NO_CANONIFY_', `dnl
885dnl do not canonify unless:
886dnl domain ends in class {Canonify} (this does not work if the intersection
887dnl	with class P is non-empty)
888dnl or {daemon_flags} has c set
889# pass to name server to make hostname canonical if in class {Canonify}
890R$* $| $* < @ $* $={Canonify} > $*	$: $2 < @ $[ $3 $4 $] > $5
891# pass to name server to make hostname canonical if requested
892R$* c $* $| $* < @ $* > $*	$: $3 < @ $[ $4 $] > $5
893dnl trailing dot? -> do not apply _CANONIFY_HOSTS_
894R$* $| $* < @ $+ . > $*		$: $2 < @ $3 . > $4
895# add a trailing dot to qualified hostnames so other rules will work
896R$* $| $* < @ $+.$+ > $*	$: $2 < @ $3.$4 . > $5
897ifdef(`_CANONIFY_HOSTS_', `dnl
898dnl this should only apply to unqualified hostnames
899dnl but if a valid character inside an unqualified hostname is an OperatorChar
900dnl then $- does not work.
901# lookup unqualified hostnames
902R$* $| $* < @ $* > $*		$: $2 < @ $[ $3 $] > $4', `dnl')', `dnl
903dnl _NO_CANONIFY_ is not set: canonify unless:
904dnl {daemon_flags} contains CC (do not canonify)
905dnl but add a trailing dot to qualified hostnames so other rules will work
906dnl should we do this for every hostname: even unqualified?
907R$* CC $* $| $* < @ $+.$+ > $*	$: $3 < @ $4.$5 . > $6
908R$* CC $* $| $*			$: $3
909ifdef(`_FFR_NOCANONIFY_HEADERS', `dnl
910# do not canonify header addresses
911R$* $| $* < @ $* $~P > $*	$: $&{addr_type} $| $2 < @ $3 $4 > $5
912R$* h $* $| $* < @ $+.$+ > $*	$: $3 < @ $4.$5 . > $6
913R$* h $* $| $*			$: $3', `dnl')
914# pass to name server to make hostname canonical
915R$* $| $* < @ $* > $*		$: $2 < @ $[ $3 $] > $4')
916dnl remove {daemon_flags} for other cases
917R$* $| $*			$: $2
918
919# local host aliases and pseudo-domains are always canonical
920R$* < @ $=w > $*		$: $1 < @ $2 . > $3
921ifdef(`_MASQUERADE_ENTIRE_DOMAIN_',
922`R$* < @ $* $=M > $*		$: $1 < @ $2 $3 . > $4',
923`R$* < @ $=M > $*		$: $1 < @ $2 . > $3')
924ifdef(`_VIRTUSER_TABLE_', `dnl
925dnl virtual hosts are also canonical
926ifdef(`_VIRTUSER_ENTIRE_DOMAIN_',
927`R$* < @ $* $={VirtHost} > $* 	$: $1 < @ $2 $3 . > $4',
928`R$* < @ $={VirtHost} > $* 	$: $1 < @ $2 . > $3')',
929`dnl')
930ifdef(`_GENERICS_TABLE_', `dnl
931dnl hosts for genericstable are also canonical
932ifdef(`_GENERICS_ENTIRE_DOMAIN_',
933`R$* < @ $* $=G > $* 	$: $1 < @ $2 $3 . > $4',
934`R$* < @ $=G > $* 	$: $1 < @ $2 . > $3')',
935`dnl')
936dnl remove superfluous dots (maybe repeatedly) which may have been added
937dnl by one of the rules before
938R$* < @ $* . . > $*		$1 < @ $2 . > $3
939
940
941##################################################
942###  Ruleset 4 -- Final Output Post-rewriting  ###
943##################################################
944Sfinal=4
945
946R$+ :; <@>		$@ $1 :				handle <list:;>
947R$* <@>			$@				handle <> and list:;
948
949# strip trailing dot off possibly canonical name
950R$* < @ $+ . > $*	$1 < @ $2 > $3
951
952# eliminate internal code
953R$* < @ *LOCAL* > $*	$1 < @ $j > $2
954
955# externalize local domain info
956R$* < $+ > $*		$1 $2 $3			defocus
957R@ $+ : @ $+ : $+	@ $1 , @ $2 : $3		<route-addr> canonical
958R@ $*			$@ @ $1				... and exit
959
960ifdef(`_NO_UUCP_', `dnl',
961`# UUCP must always be presented in old form
962R$+ @ $- . UUCP		$2!$1				u@h.UUCP => h!u')
963
964ifdef(`_USE_DECNET_SYNTAX_',
965`# put DECnet back in :: form
966R$+ @ $+ . DECNET	$2 :: $1			u@h.DECNET => h::u',
967	`dnl')
968# delete duplicate local names
969R$+ % $=w @ $=w		$1 @ $2				u%host@host => u@host
970
971
972
973##############################################################
974###   Ruleset 97 -- recanonicalize and call ruleset zero   ###
975###		   (used for recursive calls)		   ###
976##############################################################
977
978SRecurse=97
979R$*			$: $>canonify $1
980R$*			$@ $>parse $1
981
982
983######################################
984###   Ruleset 0 -- Parse Address   ###
985######################################
986
987Sparse=0
988
989R$*			$: $>Parse0 $1		initial parsing
990R<@>			$#_LOCAL_ $: <@>		special case error msgs
991R$*			$: $>ParseLocal $1	handle local hacks
992R$*			$: $>Parse1 $1		final parsing
993
994#
995#  Parse0 -- do initial syntax checking and eliminate local addresses.
996#	This should either return with the (possibly modified) input
997#	or return with a #error mailer.  It should not return with a
998#	#mailer other than the #error mailer.
999#
1000
1001SParse0
1002R<@>			$@ <@>			special case error msgs
1003R$* : $* ; <@>		$#error $@ 5.1.3 $: "_CODE553 List:; syntax illegal for recipient addresses"
1004R@ <@ $* >		< @ $1 >		catch "@@host" bogosity
1005R<@ $+>			$#error $@ 5.1.3 $: "_CODE553 User address required"
1006R$+ <@>			$#error $@ 5.1.3 $: "_CODE553 Hostname required"
1007R$*			$: <> $1
1008dnl allow tricks like [host1]:[host2]
1009R<> $* < @ [ $* ] : $+ > $*	$1 < @ [ $2 ] : $3 > $4
1010R<> $* < @ [ $* ] , $+ > $*	$1 < @ [ $2 ] , $3 > $4
1011dnl but no a@[b]c
1012R<> $* < @ [ $* ] $+ > $*	$#error $@ 5.1.2 $: "_CODE553 Invalid address"
1013R<> $* < @ [ $+ ] > $*		$1 < @ [ $2 ] > $3
1014R<> $* <$* : $* > $*	$#error $@ 5.1.3 $: "_CODE553 Colon illegal in host name part"
1015R<> $*			$1
1016R$* < @ . $* > $*	$#error $@ 5.1.2 $: "_CODE553 Invalid host name"
1017R$* < @ $* .. $* > $*	$#error $@ 5.1.2 $: "_CODE553 Invalid host name"
1018dnl no a@b@
1019R$* < @ $* @ > $*	$#error $@ 5.1.2 $: "_CODE553 Invalid route address"
1020dnl no a@b@c
1021R$* @ $* < @ $* > $*	$#error $@ 5.1.3 $: "_CODE553 Invalid route address"
1022dnl comma only allowed before @; this check is not complete
1023R$* , $~O $*		$#error $@ 5.1.3 $: "_CODE553 Invalid route address"
1024
1025ifdef(`_STRICT_RFC821_', `# more RFC 821 checks
1026R$* . < @ $* > $*	$#error $@ 5.1.2 $: "_CODE553 Local part must not end with a dot"
1027R. $* < @ $* > $*	$#error $@ 5.1.2 $: "_CODE553 Local part must not begin with a dot"
1028dnl', `dnl')
1029
1030# now delete the local info -- note $=O to find characters that cause forwarding
1031R$* < @ > $*		$@ $>Parse0 $>canonify $1	user@ => user
1032R< @ $=w . > : $*	$@ $>Parse0 $>canonify $2	@here:... -> ...
1033R$- < @ $=w . >		$: $(dequote $1 $) < @ $2 . >	dequote "foo"@here
1034R< @ $+ >		$#error $@ 5.1.3 $: "_CODE553 User address required"
1035R$* $=O $* < @ $=w . >	$@ $>Parse0 $>canonify $1 $2 $3	...@here -> ...
1036R$- 			$: $(dequote $1 $) < @ *LOCAL* >	dequote "foo"
1037R< @ *LOCAL* >		$#error $@ 5.1.3 $: "_CODE553 User address required"
1038R$* $=O $* < @ *LOCAL* >
1039			$@ $>Parse0 $>canonify $1 $2 $3	...@*LOCAL* -> ...
1040R$* < @ *LOCAL* >	$: $1
1041
1042#
1043#  Parse1 -- the bottom half of ruleset 0.
1044#
1045
1046SParse1
1047ifdef(`_LDAP_ROUTING_', `dnl
1048# handle LDAP routing for hosts in $={LDAPRoute}
1049R$+ < @ $={LDAPRoute} . >	$: $>LDAPExpand <$1 < @ $2 . >> <$1 @ $2> <>
1050R$+ < @ $={LDAPRouteEquiv} . >	$: $>LDAPExpand <$1 < @ $2 . >> <$1 @ $M> <>',
1051`dnl')
1052
1053ifdef(`_MAILER_smtp_',
1054`# handle numeric address spec
1055dnl there is no check whether this is really an IP number
1056R$* < @ [ $+ ] > $*	$: $>ParseLocal $1 < @ [ $2 ] > $3	numeric internet spec
1057R$* < @ [ $+ ] > $*	$: $1 < @ [ $2 ] : $S > $3	Add smart host to path
1058R$* < @ [ $+ ] : > $*		$#_SMTP_ $@ [$2] $: $1 < @ [$2] > $3	no smarthost: send
1059R$* < @ [ $+ ] : $- : $*> $*	$#$3 $@ $4 $: $1 < @ [$2] > $5	smarthost with mailer
1060R$* < @ [ $+ ] : $+ > $*	$#_SMTP_ $@ $3 $: $1 < @ [$2] > $4	smarthost without mailer',
1061	`dnl')
1062
1063ifdef(`_VIRTUSER_TABLE_', `dnl
1064# handle virtual users
1065ifdef(`_VIRTUSER_STOP_ONE_LEVEL_RECURSION_',`dnl
1066dnl this is not a documented option
1067dnl it stops looping in virtusertable mapping if input and output
1068dnl are identical, i.e., if address A is mapped to A.
1069dnl it does not deal with multi-level recursion
1070# handle full domains in RHS of virtusertable
1071R$+ < @ $+ >			$: $(macro {RecipientAddress} $) $1 < @ $2 >
1072R$+ < @ $+ > 			$: <?> $1 < @ $2 > $| $>final $1 < @ $2 >
1073R<?> $+ $| $+			$: $1 $(macro {RecipientAddress} $@ $2 $)
1074R<?> $+ $| $*			$: $1',
1075`dnl')
1076R$+			$: <!> $1		Mark for lookup
1077dnl input: <!> local<@domain>
1078ifdef(`_VIRTUSER_ENTIRE_DOMAIN_',
1079`R<!> $+ < @ $* $={VirtHost} . > 	$: < $(virtuser $1 @ $2 $3 $@ $1 $: @ $) > $1 < @ $2 $3 . >',
1080`R<!> $+ < @ $={VirtHost} . > 	$: < $(virtuser $1 @ $2 $@ $1 $: @ $) > $1 < @ $2 . >')
1081dnl input: <result-of-lookup | @> local<@domain> | <!> local<@domain>
1082R<!> $+ < @ $=w . > 	$: < $(virtuser $1 @ $2 $@ $1 $: @ $) > $1 < @ $2 . >
1083dnl if <@> local<@domain>: no match but try lookup
1084dnl user+detail: try user++@domain if detail not empty
1085R<@> $+ + $+ < @ $* . >
1086			$: < $(virtuser $1 + + @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . >
1087dnl user+detail: try user+*@domain
1088R<@> $+ + $* < @ $* . >
1089			$: < $(virtuser $1 + * @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . >
1090dnl user+detail: try user@domain
1091R<@> $+ + $* < @ $* . >
1092			$: < $(virtuser $1 @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . >
1093dnl try default entry: @domain
1094dnl ++@domain
1095R<@> $+ + $+ < @ $+ . >	$: < $(virtuser + + @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . >
1096dnl +*@domain
1097R<@> $+ + $* < @ $+ . >	$: < $(virtuser + * @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . >
1098dnl @domain if +detail exists
1099dnl if no match, change marker to prevent a second @domain lookup
1100R<@> $+ + $* < @ $+ . >	$: < $(virtuser @ $3 $@ $1 $@ $2 $@ +$2 $: ! $) > $1 + $2 < @ $3 . >
1101dnl without +detail
1102R<@> $+ < @ $+ . >	$: < $(virtuser @ $2 $@ $1 $: @ $) > $1 < @ $2 . >
1103dnl no match
1104R<@> $+			$: $1
1105dnl remove mark
1106R<!> $+			$: $1
1107R< error : $-.$-.$- : $+ > $* 	$#error $@ $1.$2.$3 $: $4
1108R< error : $- $+ > $* 	$#error $@ $(dequote $1 $) $: $2
1109ifdef(`_VIRTUSER_STOP_ONE_LEVEL_RECURSION_',`dnl
1110# check virtuser input address against output address, if same, skip recursion
1111R< $+ > $+ < @ $+ >				$: < $1 > $2 < @ $3 > $| $1
1112# it is the same: stop now
1113R< $+ > $+ < @ $+ > $| $&{RecipientAddress}	$: $>ParseLocal $>Parse0 $>canonify $1
1114R< $+ > $+ < @ $+ > $| $* 			$: < $1 > $2 < @ $3 >
1115dnl', `dnl')
1116dnl this is not a documented option
1117dnl it performs no looping at all for virtusertable
1118ifdef(`_NO_VIRTUSER_RECURSION_',
1119`R< $+ > $+ < @ $+ >	$: $>ParseLocal $>Parse0 $>canonify $1',
1120`R< $+ > $+ < @ $+ >	$: $>Recurse $1')
1121dnl', `dnl')
1122
1123# short circuit local delivery so forwarded email works
1124ifdef(`_MAILER_usenet_', `dnl
1125R$+ . USENET < @ $=w . >	$#usenet $@ usenet $: $1	handle usenet specially', `dnl')
1126
1127
1128ifdef(`_STICKY_LOCAL_DOMAIN_',
1129`R$+ < @ $=w . >		$: < $H > $1 < @ $2 . >		first try hub
1130R< $+ > $+ < $+ >	$>MailerToTriple < $1 > $2 < $3 >	yep ....
1131dnl $H empty (but @$=w.)
1132R< > $+ + $* < $+ >	$#_LOCAL_ $: $1 + $2		plussed name?
1133R< > $+ < $+ >		$#_LOCAL_ $: @ $1			nope, local address',
1134`R$=L < @ $=w . >	$#_LOCAL_ $: @ $1			special local names
1135R$+ < @ $=w . >		$#_LOCAL_ $: $1			regular local name')
1136
1137ifdef(`_MAILER_TABLE_', `dnl
1138# not local -- try mailer table lookup
1139R$* <@ $+ > $*		$: < $2 > $1 < @ $2 > $3	extract host name
1140R< $+ . > $*		$: < $1 > $2			strip trailing dot
1141R< $+ > $*		$: < $(mailertable $1 $) > $2	lookup
1142dnl it is $~[ instead of $- to avoid matches on IPv6 addresses
1143R< $~[ : $* > $* 	$>MailerToTriple < $1 : $2 > $3		check -- resolved?
1144R< $+ > $*		$: $>Mailertable <$1> $2		try domain',
1145`dnl')
1146undivert(4)dnl UUCP rules from `MAILER(uucp)'
1147
1148ifdef(`_NO_UUCP_', `dnl',
1149`# resolve remotely connected UUCP links (if any)
1150ifdef(`_CLASS_V_',
1151`R$* < @ $=V . UUCP . > $*		$: $>MailerToTriple < $V > $1 <@$2.UUCP.> $3',
1152	`dnl')
1153ifdef(`_CLASS_W_',
1154`R$* < @ $=W . UUCP . > $*		$: $>MailerToTriple < $W > $1 <@$2.UUCP.> $3',
1155	`dnl')
1156ifdef(`_CLASS_X_',
1157`R$* < @ $=X . UUCP . > $*		$: $>MailerToTriple < $X > $1 <@$2.UUCP.> $3',
1158	`dnl')')
1159
1160# resolve fake top level domains by forwarding to other hosts
1161ifdef(`BITNET_RELAY',
1162`R$*<@$+.BITNET.>$*	$: $>MailerToTriple < $B > $1 <@$2.BITNET.> $3	user@host.BITNET',
1163	`dnl')
1164ifdef(`DECNET_RELAY',
1165`R$*<@$+.DECNET.>$*	$: $>MailerToTriple < $C > $1 <@$2.DECNET.> $3	user@host.DECNET',
1166	`dnl')
1167ifdef(`_MAILER_pop_',
1168`R$+ < @ POP. >		$#pop $: $1			user@POP',
1169	`dnl')
1170ifdef(`_MAILER_fax_',
1171`R$+ < @ $+ .FAX. >	$#fax $@ $2 $: $1		user@host.FAX',
1172`ifdef(`FAX_RELAY',
1173`R$*<@$+.FAX.>$*		$: $>MailerToTriple < $F > $1 <@$2.FAX.> $3	user@host.FAX',
1174	`dnl')')
1175
1176ifdef(`UUCP_RELAY',
1177`# forward non-local UUCP traffic to our UUCP relay
1178R$*<@$*.UUCP.>$*		$: $>MailerToTriple < $Y > $1 <@$2.UUCP.> $3	uucp mail',
1179`ifdef(`_MAILER_uucp_',
1180`# forward other UUCP traffic straight to UUCP
1181R$* < @ $+ .UUCP. > $*		$#_UUCP_ $@ $2 $: $1 < @ $2 .UUCP. > $3	user@host.UUCP',
1182	`dnl')')
1183ifdef(`_MAILER_usenet_', `
1184# addresses sent to net.group.USENET will get forwarded to a newsgroup
1185R$+ . USENET		$#usenet $@ usenet $: $1',
1186	`dnl')
1187
1188ifdef(`_LOCAL_RULES_',
1189`# figure out what should stay in our local mail system
1190undivert(1)', `dnl')
1191
1192# pass names that still have a host to a smarthost (if defined)
1193R$* < @ $* > $*		$: $>MailerToTriple < $S > $1 < @ $2 > $3	glue on smarthost name
1194
1195# deal with other remote names
1196ifdef(`_MAILER_smtp_',
1197`R$* < @$* > $*		$#_SMTP_ $@ $2 $: $1 < @ $2 > $3	user@host.domain',
1198`R$* < @$* > $*		$#error $@ 5.1.2 $: "_CODE553 Unrecognized host name " $2')
1199
1200# handle locally delivered names
1201R$=L			$#_LOCAL_ $: @ $1		special local names
1202R$+			$#_LOCAL_ $: $1			regular local names
1203
1204###########################################################################
1205###   Ruleset 5 -- special rewriting after aliases have been expanded   ###
1206###########################################################################
1207
1208SLocal_localaddr
1209Slocaladdr=5
1210R$+			$: $1 $| $>"Local_localaddr" $1
1211R$+ $| $#ok		$@ $1			no change
1212R$+ $| $#$*		$#$2
1213R$+ $| $*		$: $1
1214
1215ifdef(`_PRESERVE_LUSER_HOST_', `dnl
1216# Preserve rcpt_host in {Host}
1217R$+			$: $1 $| $&h $| $&{Host}	check h and {Host}
1218R$+ $| $|		$: $(macro {Host} $@ $) $1	no h or {Host}
1219R$+ $| $| $+		$: $1			h not set, {Host} set
1220R$+ $| +$* $| $*	$: $1			h is +detail, {Host} set
1221R$+ $| $* @ $+ $| $*	$: $(macro {Host} $@ @$3 $) $1	set {Host} to host in h
1222R$+ $| $+ $| $*		$: $(macro {Host} $@ @$2 $) $1	set {Host} to h
1223')dnl
1224
1225ifdef(`_FFR_5_', `dnl
1226# Preserve host in a macro
1227R$+			$: $(macro {LocalAddrHost} $) $1
1228R$+ @ $+		$: $(macro {LocalAddrHost} $@ @ $2 $) $1')
1229
1230ifdef(`_PRESERVE_LOCAL_PLUS_DETAIL_', `', `dnl
1231# deal with plussed users so aliases work nicely
1232R$+ + *			$#_LOCAL_ $@ $&h $: $1`'ifdef(`_FFR_5_', ` $&{LocalAddrHost}')
1233R$+ + $*		$#_LOCAL_ $@ + $2 $: $1 + *`'ifdef(`_FFR_5_', ` $&{LocalAddrHost}')
1234')
1235# prepend an empty "forward host" on the front
1236R$+			$: <> $1
1237
1238ifdef(`LUSER_RELAY', `dnl
1239# send unrecognized local users to a relay host
1240ifdef(`_PRESERVE_LOCAL_PLUS_DETAIL_', `dnl
1241R< > $+ + $*		$: < ? $L > <+ $2> $(user $1 $)	look up user+
1242R< > $+			$: < ? $L > < > $(user $1 $)	look up user
1243R< ? $* > < $* > $+ <>	$: < > $3 $2			found; strip $L
1244R< ? $* > < $* > $+	$: < $1 > $3 $2			not found', `
1245R< > $+ 		$: < $L > $(user $1 $)		look up user
1246R< $* > $+ <>		$: < > $2			found; strip $L')
1247ifdef(`_PRESERVE_LUSER_HOST_', `dnl
1248R< $+ > $+		$: < $1 > $2 $&{Host}')
1249dnl')
1250
1251ifdef(`MAIL_HUB', `dnl
1252R< > $+			$: < $H > $1			try hub', `dnl')
1253ifdef(`LOCAL_RELAY', `dnl
1254R< > $+			$: < $R > $1			try relay', `dnl')
1255ifdef(`_PRESERVE_LOCAL_PLUS_DETAIL_', `dnl
1256R< > $+			$@ $1', `dnl
1257R< > $+			$: < > < $1 <> $&h >		nope, restore +detail
1258ifdef(`_PRESERVE_LUSER_HOST_', `dnl
1259R< > < $+ @ $+ <> + $* >	$: < > < $1 + $3 @ $2 >	check whether +detail')
1260R< > < $+ <> + $* >	$: < > < $1 + $2 >		check whether +detail
1261R< > < $+ <> $* >	$: < > < $1 >			else discard
1262R< > < $+ + $* > $*	   < > < $1 > + $2 $3		find the user part
1263R< > < $+ > + $*	$#_LOCAL_ $@ $2 $: @ $1`'ifdef(`_FFR_5_', ` $&{LocalAddrHost}')		strip the extra +
1264R< > < $+ >		$@ $1				no +detail
1265R$+			$: $1 <> $&h			add +detail back in
1266ifdef(`_PRESERVE_LUSER_HOST_', `dnl
1267R$+ @ $+ <> + $*	$: $1 + $3 @ $2			check whether +detail')
1268R$+ <> + $*		$: $1 + $2			check whether +detail
1269R$+ <> $*		$: $1				else discard')
1270R< local : $* > $*	$: $>MailerToTriple < local : $1 > $2	no host extension
1271R< error : $* > $*	$: $>MailerToTriple < error : $1 > $2	no host extension
1272ifdef(`_PRESERVE_LUSER_HOST_', `dnl
1273dnl it is $~[ instead of $- to avoid matches on IPv6 addresses
1274R< $~[ : $+ > $+ @ $+	$: $>MailerToTriple < $1 : $2 > $3 < @ $4 >')
1275R< $~[ : $+ > $+	$: $>MailerToTriple < $1 : $2 > $3 < @ $2 >
1276ifdef(`_PRESERVE_LUSER_HOST_', `dnl
1277R< $+ > $+ @ $+		$@ $>MailerToTriple < $1 > $2 < @ $3 >')
1278R< $+ > $+		$@ $>MailerToTriple < $1 > $2 < @ $1 >
1279
1280ifdef(`_MAILER_TABLE_', `dnl
1281ifdef(`_LDAP_ROUTING_', `dnl
1282###################################################################
1283###  Ruleset LDAPMailertable -- mailertable lookup for LDAP     ###
1284dnl input: <Domain> FullAddress
1285###################################################################
1286
1287SLDAPMailertable
1288R< $+ > $*		$: < $(mailertable $1 $) > $2		lookup
1289R< $~[ : $* > $*	$>MailerToTriple < $1 : $2 > $3		check resolved?
1290R< $+ > $*		$: < $1 > $>Mailertable <$1> $2		try domain
1291R< $+ > $#$*		$#$2					found
1292R< $+ > $*		$#_RELAY_ $@ $1 $: $2			not found, direct relay',
1293`dnl')
1294
1295###################################################################
1296###  Ruleset 90 -- try domain part of mailertable entry 	###
1297dnl input: LeftPartOfDomain <RightPartOfDomain> FullAddress
1298###################################################################
1299
1300SMailertable=90
1301dnl shift and check
1302dnl %2 is not documented in cf/README
1303R$* <$- . $+ > $*	$: $1$2 < $(mailertable .$3 $@ $1$2 $@ $2 $) > $4
1304dnl it is $~[ instead of $- to avoid matches on IPv6 addresses
1305R$* <$~[ : $* > $*	$>MailerToTriple < $2 : $3 > $4		check -- resolved?
1306R$* < . $+ > $* 	$@ $>Mailertable $1 . <$2> $3		no -- strip & try again
1307dnl is $2 always empty?
1308R$* < $* > $*		$: < $(mailertable . $@ $1$2 $) > $3	try "."
1309R< $~[ : $* > $*	$>MailerToTriple < $1 : $2 > $3		"." found?
1310dnl return full address
1311R< $* > $*		$@ $2				no mailertable match',
1312`dnl')
1313
1314###################################################################
1315###  Ruleset 95 -- canonify mailer:[user@]host syntax to triple	###
1316dnl input: in general: <[mailer:]host> lp<@domain>rest
1317dnl	<> address				-> address
1318dnl	<error:d.s.n:text>			-> error
1319dnl	<error:keyword:text>			-> error
1320dnl	<error:text>				-> error
1321dnl	<mailer:user@host> lp<@domain>rest	-> mailer host user
1322dnl	<mailer:host> address			-> mailer host address
1323dnl	<localdomain> address			-> address
1324dnl	<host> address				-> relay host address
1325###################################################################
1326
1327SMailerToTriple=95
1328R< > $*				$@ $1			strip off null relay
1329R< error : $-.$-.$- : $+ > $* 	$#error $@ $1.$2.$3 $: $4
1330R< error : $- : $+ > $*		$#error $@ $(dequote $1 $) $: $2
1331R< error : $+ > $*		$#error $: $1
1332R< local : $* > $*		$>CanonLocal < $1 > $2
1333dnl it is $~[ instead of $- to avoid matches on IPv6 addresses
1334R< $~[ : $+ @ $+ > $*<$*>$*	$# $1 $@ $3 $: $2<@$3>	use literal user
1335R< $~[ : $+ > $*		$# $1 $@ $2 $: $3	try qualified mailer
1336R< $=w > $*			$@ $2			delete local host
1337R< $+ > $*			$#_RELAY_ $@ $1 $: $2	use unqualified mailer
1338
1339###################################################################
1340###  Ruleset CanonLocal -- canonify local: syntax		###
1341dnl input: <user> address
1342dnl <x> <@host> : rest			-> Recurse rest
1343dnl <x> p1 $=O p2 <@host>		-> Recurse p1 $=O p2
1344dnl <> user <@host> rest		-> local user@host user
1345dnl <> user				-> local user user
1346dnl <user@host> lp <@domain> rest	-> <user> lp <@host> [cont]
1347dnl <user> lp <@host> rest		-> local lp@host user
1348dnl <user> lp				-> local lp user
1349###################################################################
1350
1351SCanonLocal
1352# strip local host from routed addresses
1353R< $* > < @ $+ > : $+		$@ $>Recurse $3
1354R< $* > $+ $=O $+ < @ $+ >	$@ $>Recurse $2 $3 $4
1355
1356# strip trailing dot from any host name that may appear
1357R< $* > $* < @ $* . >		$: < $1 > $2 < @ $3 >
1358
1359# handle local: syntax -- use old user, either with or without host
1360R< > $* < @ $* > $*		$#_LOCAL_ $@ $1@$2 $: $1
1361R< > $+				$#_LOCAL_ $@ $1    $: $1
1362
1363# handle local:user@host syntax -- ignore host part
1364R< $+ @ $+ > $* < @ $* >	$: < $1 > $3 < @ $4 >
1365
1366# handle local:user syntax
1367R< $+ > $* <@ $* > $*		$#_LOCAL_ $@ $2@$3 $: $1
1368R< $+ > $* 			$#_LOCAL_ $@ $2    $: $1
1369
1370###################################################################
1371###  Ruleset 93 -- convert header names to masqueraded form	###
1372###################################################################
1373
1374SMasqHdr=93
1375
1376ifdef(`_GENERICS_TABLE_', `dnl
1377# handle generics database
1378ifdef(`_GENERICS_ENTIRE_DOMAIN_',
1379dnl if generics should be applied add a @ as mark
1380`R$+ < @ $* $=G . >	$: < $1@$2$3 > $1 < @ $2$3 . > @	mark',
1381`R$+ < @ $=G . >	$: < $1@$2 > $1 < @ $2 . > @	mark')
1382R$+ < @ *LOCAL* >	$: < $1@$j > $1 < @ *LOCAL* > @	mark
1383dnl workspace: either user<@domain> or <user@domain> user <@domain> @
1384dnl ignore the first case for now
1385dnl if it has the mark lookup full address
1386dnl broken: %1 is full address not just detail
1387R< $+ > $+ < $* > @	$: < $(generics $1 $: @ $1 $) > $2 < $3 >
1388dnl workspace: ... or <match|@user@domain> user <@domain>
1389dnl no match, try user+detail@domain
1390R<@$+ + $* @ $+> $+ < @ $+ >
1391		$: < $(generics $1+*@$3 $@ $2 $:@$1 + $2@$3 $) >  $4 < @ $5 >
1392R<@$+ + $* @ $+> $+ < @ $+ >
1393		$: < $(generics $1@$3 $: $) > $4 < @ $5 >
1394dnl no match, remove mark
1395R<@$+ > $+ < @ $+ >	$: < > $2 < @ $3 >
1396dnl no match, try @domain for exceptions
1397R< > $+ < @ $+ . >	$: < $(generics @$2 $@ $1 $: $) > $1 < @ $2 . >
1398dnl workspace: ... or <match> user <@domain>
1399dnl no match, try local part
1400R< > $+ < @ $+ > 	$: < $(generics $1 $: $) > $1 < @ $2 >
1401R< > $+ + $* < @ $+ > 	$: < $(generics $1+* $@ $2 $: $) > $1 + $2 < @ $3 >
1402R< > $+ + $* < @ $+ > 	$: < $(generics $1 $: $) > $1 + $2 < @ $3 >
1403R< $* @ $* > $* < $* >	$@ $>canonify $1 @ $2		found qualified
1404R< $+ > $* < $* >	$: $>canonify $1 @ *LOCAL*	found unqualified
1405R< > $*			$: $1				not found',
1406`dnl')
1407
1408# do not masquerade anything in class N
1409R$* < @ $* $=N . >	$@ $1 < @ $2 $3 . >
1410
1411ifdef(`MASQUERADE_NAME', `dnl
1412# special case the users that should be exposed
1413R$=E < @ *LOCAL* >	$@ $1 < @ $j . >		leave exposed
1414ifdef(`_MASQUERADE_ENTIRE_DOMAIN_',
1415`R$=E < @ $* $=M . >	$@ $1 < @ $2 $3 . >',
1416`R$=E < @ $=M . >	$@ $1 < @ $2 . >')
1417ifdef(`_LIMITED_MASQUERADE_', `dnl',
1418`R$=E < @ $=w . >	$@ $1 < @ $2 . >')
1419
1420# handle domain-specific masquerading
1421ifdef(`_MASQUERADE_ENTIRE_DOMAIN_',
1422`R$* < @ $* $=M . > $*	$: $1 < @ $2 $3 . @ $M > $4	convert masqueraded doms',
1423`R$* < @ $=M . > $*	$: $1 < @ $2 . @ $M > $3	convert masqueraded doms')
1424ifdef(`_LIMITED_MASQUERADE_', `dnl',
1425`R$* < @ $=w . > $*	$: $1 < @ $2 . @ $M > $3')
1426R$* < @ *LOCAL* > $*	$: $1 < @ $j . @ $M > $2
1427R$* < @ $+ @ > $*	$: $1 < @ $2 > $3		$M is null
1428R$* < @ $+ @ $+ > $*	$: $1 < @ $3 . > $4		$M is not null
1429dnl', `dnl no masquerading
1430dnl just fix *LOCAL* leftovers
1431R$* < @ *LOCAL* >	$@ $1 < @ $j . >')
1432
1433###################################################################
1434###  Ruleset 94 -- convert envelope names to masqueraded form	###
1435###################################################################
1436
1437SMasqEnv=94
1438ifdef(`_MASQUERADE_ENVELOPE_',
1439`R$+			$@ $>MasqHdr $1',
1440`R$* < @ *LOCAL* > $*	$: $1 < @ $j . > $2')
1441
1442###################################################################
1443###  Ruleset 98 -- local part of ruleset zero (can be null)	###
1444###################################################################
1445
1446SParseLocal=98
1447undivert(3)dnl LOCAL_RULE_0
1448
1449ifdef(`_LDAP_ROUTING_', `dnl
1450######################################################################
1451###  LDAPExpand: Expand address using LDAP routing
1452###
1453###	Parameters:
1454###		<$1> -- parsed address (user < @ domain . >) (pass through)
1455###		<$2> -- RFC822 address (user @ domain) (used for lookup)
1456###		<$3> -- +detail information
1457###
1458###	Returns:
1459###		Mailer triplet ($#mailer $@ host $: address)
1460###		Parsed address (user < @ domain . >)
1461######################################################################
1462
1463# SMTP operation modes
1464C{SMTPOpModes} s d D
1465
1466SLDAPExpand
1467# do the LDAP lookups
1468R<$+><$+><$*>	$: <$(ldapmra $2 $: $)> <$(ldapmh $2 $: $)> <$1> <$2> <$3>
1469
1470# look for temporary failures and...
1471R<$* <TMPF>> <$*> <$+> <$+> <$*>	$: $&{opMode} $| TMPF <$&{addr_type}> $| $3
1472R<$*> <$* <TMPF>> <$+> <$+> <$*>	$: $&{opMode} $| TMPF <$&{addr_type}> $| $3
1473ifelse(_LDAP_ROUTE_MAPTEMP_, `_TEMPFAIL_', `dnl
1474# ... temp fail RCPT SMTP commands
1475R$={SMTPOpModes} $| TMPF <e r> $| $+	$#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."')
1476# ... return original address for MTA to queue up
1477R$* $| TMPF <$*> $| $+			$@ $3
1478
1479# if mailRoutingAddress and local or non-existant mailHost,
1480# return the new mailRoutingAddress
1481ifelse(_LDAP_ROUTE_DETAIL_, `_PRESERVE_', `dnl
1482R<$+@$+> <$=w> <$+> <$+> <$*>	$@ $>Parse0 $>canonify $1 $6 @ $2
1483R<$+@$+> <> <$+> <$+> <$*>	$@ $>Parse0 $>canonify $1 $5 @ $2')
1484R<$+> <$=w> <$+> <$+> <$*>	$@ $>Parse0 $>canonify $1
1485R<$+> <> <$+> <$+> <$*>		$@ $>Parse0 $>canonify $1
1486
1487
1488# if mailRoutingAddress and non-local mailHost,
1489# relay to mailHost with new mailRoutingAddress
1490ifelse(_LDAP_ROUTE_DETAIL_, `_PRESERVE_', `dnl
1491ifdef(`_MAILER_TABLE_', `dnl
1492# check mailertable for host, relay from there
1493R<$+@$+> <$+> <$+> <$+> <$*>	$>LDAPMailertable <$3> $>canonify $1 $6 @ $2',
1494`R<$+@$+> <$+> <$+> <$+> <$*>	$#_RELAY_ $@ $3 $: $>canonify $1 $6 @ $2')')
1495ifdef(`_MAILER_TABLE_', `dnl
1496# check mailertable for host, relay from there
1497R<$+> <$+> <$+> <$+> <$*>	$>LDAPMailertable <$2> $>canonify $1',
1498`R<$+> <$+> <$+> <$+> <$*>	$#_RELAY_ $@ $2 $: $>canonify $1')
1499
1500# if no mailRoutingAddress and local mailHost,
1501# return original address
1502R<> <$=w> <$+> <$+> <$*>	$@ $2
1503
1504
1505# if no mailRoutingAddress and non-local mailHost,
1506# relay to mailHost with original address
1507ifdef(`_MAILER_TABLE_', `dnl
1508# check mailertable for host, relay from there
1509R<> <$+> <$+> <$+> <$*>		$>LDAPMailertable <$1> $2',
1510`R<> <$+> <$+> <$+> <$*>	$#_RELAY_ $@ $1 $: $2')
1511
1512ifdef(`_LDAP_ROUTE_DETAIL_',
1513`# if no mailRoutingAddress and no mailHost,
1514# try without +detail
1515R<> <> <$+> <$+ + $* @ $+> <>	$@ $>LDAPExpand <$1> <$2 @ $4> <+$3>')dnl
1516
1517ifdef(`_LDAP_ROUTE_NODOMAIN_', `dnl', `
1518# if still no mailRoutingAddress and no mailHost,
1519# try @domain
1520ifelse(_LDAP_ROUTE_DETAIL_, `_PRESERVE_', `dnl
1521R<> <> <$+> <$+ + $* @ $+> <>	$@ $>LDAPExpand <$1> <@ $4> <+$3>')
1522R<> <> <$+> <$+ @ $+> <$*>	$@ $>LDAPExpand <$1> <@ $3> <$4>')
1523
1524# if no mailRoutingAddress and no mailHost and this was a domain attempt,
1525ifelse(_LDAP_ROUTING_, `_MUST_EXIST_', `dnl
1526# user does not exist
1527R<> <> <$+> <@ $+> <$*>		$: <?> < $&{addr_type} > < $1 >
1528# only give error for envelope recipient
1529R<?> <e r> <$+>			$#error $@ nouser $: "550 User unknown"
1530ifdef(`_LDAP_SENDER_MUST_EXIST_', `dnl
1531# and the sender too
1532R<?> <e s> <$+>			$#error $@ nouser $: "550 User unknown"')
1533R<?> <$*> <$+>			$@ $2',
1534`dnl
1535# return the original address
1536R<> <> <$+> <@ $+> <$*>		$@ $1')',
1537`dnl')
1538
1539ifelse(substr(confDELIVERY_MODE,0,1), `d', `errprint(`WARNING: Antispam rules not available in deferred delivery mode.
1540')')
1541ifdef(`_ACCESS_TABLE_', `dnl', `divert(-1)')
1542######################################################################
1543###  D: LookUpDomain -- search for domain in access database
1544###
1545###	Parameters:
1546###		<$1> -- key (domain name)
1547###		<$2> -- default (what to return if not found in db)
1548dnl			must not be empty
1549###		<$3> -- mark (must be <(!|+) single-token>)
1550###			! does lookup only with tag
1551###			+ does lookup with and without tag
1552###		<$4> -- passthru (additional data passed unchanged through)
1553dnl returns:		<default> <passthru>
1554dnl 			<result> <passthru>
1555######################################################################
1556
1557SD
1558dnl workspace <key> <default> <passthru> <mark>
1559dnl lookup with tag (in front, no delimiter here)
1560dnl    2    3  4    5
1561R<$*> <$+> <$- $-> <$*>		$: < $(access $4`'_TAG_DELIM_`'$1 $: ? $) > <$1> <$2> <$3 $4> <$5>
1562dnl workspace <result-of-lookup|?> <key> <default> <passthru> <mark>
1563dnl lookup without tag?
1564dnl   1    2      3    4
1565R<?> <$+> <$+> <+ $-> <$*>	$: < $(access $1 $: ? $) > <$1> <$2> <+ $3> <$4>
1566ifdef(`_LOOKUPDOTDOMAIN_', `dnl omit first component: lookup .rest
1567dnl XXX apply this also to IP addresses?
1568dnl currently it works the wrong way round for [1.2.3.4]
1569dnl   1  2    3    4  5    6
1570R<?> <$+.$+> <$+> <$- $-> <$*>	$: < $(access $5`'_TAG_DELIM_`'.$2 $: ? $) > <$1.$2> <$3> <$4 $5> <$6>
1571dnl   1  2    3      4    5
1572R<?> <$+.$+> <$+> <+ $-> <$*>	$: < $(access .$2 $: ? $) > <$1.$2> <$3> <+ $4> <$5>', `dnl')
1573ifdef(`_ACCESS_SKIP_', `dnl
1574dnl found SKIP: return <default> and <passthru>
1575dnl      1    2    3  4    5
1576R<SKIP> <$+> <$+> <$- $-> <$*>	$@ <$2> <$5>', `dnl')
1577dnl not found: IPv4 net (no check is done whether it is an IP number!)
1578dnl    1  2     3    4  5    6
1579R<?> <[$+.$-]> <$+> <$- $-> <$*>	$@ $>D <[$1]> <$3> <$4 $5> <$6>
1580ifdef(`NO_NETINET6', `dnl',
1581`dnl not found: IPv6 net
1582dnl (could be merged with previous rule if we have a class containing .:)
1583dnl    1   2     3    4  5    6
1584R<?> <[$+::$-]> <$+> <$- $-> <$*>	$: $>D <[$1]> <$3> <$4 $5> <$6>
1585R<?> <[$+:$-]> <$+> <$- $-> <$*>	$: $>D <[$1]> <$3> <$4 $5> <$6>')
1586dnl not found, but subdomain: try again
1587dnl   1  2    3    4  5    6
1588R<?> <$+.$+> <$+> <$- $-> <$*>	$@ $>D <$2> <$3> <$4 $5> <$6>
1589ifdef(`_FFR_LOOKUPTAG_', `dnl lookup Tag:
1590dnl   1    2      3    4
1591R<?> <$+> <$+> <! $-> <$*>	$: < $(access $3`'_TAG_DELIM_ $: ? $) > <$1> <$2> <! $3> <$4>', `dnl')
1592dnl not found, no subdomain: return <default> and <passthru>
1593dnl   1    2    3  4    5
1594R<?> <$+> <$+> <$- $-> <$*>	$@ <$2> <$5>
1595ifdef(`_ATMPF_', `dnl tempfail?
1596dnl            2    3    4  5    6
1597R<$* _ATMPF_> <$+> <$+> <$- $-> <$*>	$@ <_ATMPF_> <$6>', `dnl')
1598dnl return <result of lookup> and <passthru>
1599dnl    2    3    4  5    6
1600R<$*> <$+> <$+> <$- $-> <$*>	$@ <$1> <$6>
1601
1602######################################################################
1603###  A: LookUpAddress -- search for host address in access database
1604###
1605###	Parameters:
1606###		<$1> -- key (dot quadded host address)
1607###		<$2> -- default (what to return if not found in db)
1608dnl			must not be empty
1609###		<$3> -- mark (must be <(!|+) single-token>)
1610###			! does lookup only with tag
1611###			+ does lookup with and without tag
1612###		<$4> -- passthru (additional data passed through)
1613dnl	returns:	<default> <passthru>
1614dnl			<result> <passthru>
1615######################################################################
1616
1617SA
1618dnl lookup with tag
1619dnl    2    3  4    5
1620R<$+> <$+> <$- $-> <$*>		$: < $(access $4`'_TAG_DELIM_`'$1 $: ? $) > <$1> <$2> <$3 $4> <$5>
1621dnl lookup without tag
1622dnl   1    2      3    4
1623R<?> <$+> <$+> <+ $-> <$*>	$: < $(access $1 $: ? $) > <$1> <$2> <+ $3> <$4>
1624dnl workspace <result-of-lookup|?> <key> <default> <mark> <passthru>
1625ifdef(`_ACCESS_SKIP_', `dnl
1626dnl found SKIP: return <default> and <passthru>
1627dnl      1    2    3  4    5
1628R<SKIP> <$+> <$+> <$- $-> <$*>	$@ <$2> <$5>', `dnl')
1629ifdef(`NO_NETINET6', `dnl',
1630`dnl no match; IPv6: remove last part
1631dnl   1   2    3    4  5    6
1632R<?> <$+::$-> <$+> <$- $-> <$*>		$@ $>A <$1> <$3> <$4 $5> <$6>
1633R<?> <$+:$-> <$+> <$- $-> <$*>		$@ $>A <$1> <$3> <$4 $5> <$6>')
1634dnl no match; IPv4: remove last part
1635dnl   1  2    3    4  5    6
1636R<?> <$+.$-> <$+> <$- $-> <$*>		$@ $>A <$1> <$3> <$4 $5> <$6>
1637dnl no match: return default
1638dnl   1    2    3  4    5
1639R<?> <$+> <$+> <$- $-> <$*>	$@ <$2> <$5>
1640ifdef(`_ATMPF_', `dnl tempfail?
1641dnl            2    3    4  5    6
1642R<$* _ATMPF_> <$+> <$+> <$- $-> <$*>	$@ <_ATMPF_> <$6>', `dnl')
1643dnl match: return result
1644dnl    2    3    4  5    6
1645R<$*> <$+> <$+> <$- $-> <$*>	$@ <$1> <$6>
1646dnl endif _ACCESS_TABLE_
1647divert(0)
1648######################################################################
1649###  CanonAddr --	Convert an address into a standard form for
1650###			relay checking.  Route address syntax is
1651###			crudely converted into a %-hack address.
1652###
1653###	Parameters:
1654###		$1 -- full recipient address
1655###
1656###	Returns:
1657###		parsed address, not in source route form
1658dnl		user%host%host<@domain>
1659dnl		host!user<@domain>
1660######################################################################
1661
1662SCanonAddr
1663R$*			$: $>Parse0 $>canonify $1	make domain canonical
1664ifdef(`_USE_DEPRECATED_ROUTE_ADDR_',`dnl
1665R< @ $+ > : $* @ $*	< @ $1 > : $2 % $3	change @ to % in src route
1666R$* < @ $+ > : $* : $*	$3 $1 < @ $2 > : $4	change to % hack.
1667R$* < @ $+ > : $*	$3 $1 < @ $2 >
1668dnl')
1669
1670######################################################################
1671###  ParseRecipient --	Strip off hosts in $=R as well as possibly
1672###			$* $=m or the access database.
1673###			Check user portion for host separators.
1674###
1675###	Parameters:
1676###		$1 -- full recipient address
1677###
1678###	Returns:
1679###		parsed, non-local-relaying address
1680######################################################################
1681
1682SParseRecipient
1683dnl mark and canonify address
1684R$*				$: <?> $>CanonAddr $1
1685dnl workspace: <?> localpart<@domain[.]>
1686R<?> $* < @ $* . >		<?> $1 < @ $2 >			strip trailing dots
1687dnl workspace: <?> localpart<@domain>
1688R<?> $- < @ $* >		$: <?> $(dequote $1 $) < @ $2 >	dequote local part
1689
1690# if no $=O character, no host in the user portion, we are done
1691R<?> $* $=O $* < @ $* >		$: <NO> $1 $2 $3 < @ $4>
1692dnl no $=O in localpart: return
1693R<?> $*				$@ $1
1694
1695dnl workspace: <NO> localpart<@domain>, where localpart contains $=O
1696dnl mark everything which has an "authorized" domain with <RELAY>
1697ifdef(`_RELAY_ENTIRE_DOMAIN_', `dnl
1698# if we relay, check username portion for user%host so host can be checked also
1699R<NO> $* < @ $* $=m >		$: <RELAY> $1 < @ $2 $3 >', `dnl')
1700dnl workspace: <(NO|RELAY)> localpart<@domain>, where localpart contains $=O
1701dnl if mark is <NO> then change it to <RELAY> if domain is "authorized"
1702
1703dnl what if access map returns something else than RELAY?
1704dnl we are only interested in RELAY entries...
1705dnl other To: entries: blacklist recipient; generic entries?
1706dnl if it is an error we probably do not want to relay anyway
1707ifdef(`_RELAY_HOSTS_ONLY_',
1708`R<NO> $* < @ $=R >		$: <RELAY> $1 < @ $2 >
1709ifdef(`_ACCESS_TABLE_', `dnl
1710R<NO> $* < @ $+ >		$: <$(access To:$2 $: NO $)> $1 < @ $2 >
1711R<NO> $* < @ $+ >		$: <$(access $2 $: NO $)> $1 < @ $2 >',`dnl')',
1712`R<NO> $* < @ $* $=R >		$: <RELAY> $1 < @ $2 $3 >
1713ifdef(`_ACCESS_TABLE_', `dnl
1714R<NO> $* < @ $+ >		$: $>D <$2> <NO> <+ To> <$1 < @ $2 >>
1715R<$+> <$+>			$: <$1> $2',`dnl')')
1716
1717
1718ifdef(`_RELAY_MX_SERVED_', `dnl
1719dnl do "we" ($=w) act as backup MX server for the destination domain?
1720R<NO> $* < @ $+ >		$: <MX> < : $(mxserved $2 $) : > < $1 < @$2 > >
1721R<MX> < : $* <TEMP> : > $*	$#TEMP $@ 4.4.0 $: "450 Can not check MX records for recipient host " $1
1722dnl yes: mark it as <RELAY>
1723R<MX> < $* : $=w. : $* > < $+ >	$: <RELAY> $4
1724dnl no: put old <NO> mark back
1725R<MX> < : $* : > < $+ >		$: <NO> $2', `dnl')
1726
1727dnl do we relay to this recipient domain?
1728R<RELAY> $* < @ $* >		$@ $>ParseRecipient $1
1729dnl something else
1730R<$+> $*			$@ $2
1731
1732
1733######################################################################
1734###  check_relay -- check hostname/address on SMTP startup
1735######################################################################
1736
1737ifdef(`_CONTROL_IMMEDIATE_',`dnl
1738Scheck_relay
1739ifdef(`_RATE_CONTROL_IMMEDIATE_',`dnl
1740dnl workspace: ignored...
1741R$*		$: $>"RateControl" dummy', `dnl')
1742ifdef(`_CONN_CONTROL_IMMEDIATE_',`dnl
1743dnl workspace: ignored...
1744R$*		$: $>"ConnControl" dummy', `dnl')
1745dnl')
1746
1747SLocal_check_relay
1748Scheck`'_U_`'relay
1749ifdef(`_USE_CLIENT_PTR_',`dnl
1750R$* $| $*		$: $&{client_ptr} $| $2', `dnl')
1751R$*			$: $1 $| $>"Local_check_relay" $1
1752R$* $| $* $| $#$*	$#$3
1753R$* $| $* $| $*		$@ $>"Basic_check_relay" $1 $| $2
1754
1755SBasic_check_relay
1756# check for deferred delivery mode
1757R$*			$: < $&{deliveryMode} > $1
1758R< d > $*		$@ deferred
1759R< $* > $*		$: $2
1760
1761ifdef(`_ACCESS_TABLE_', `dnl
1762dnl workspace: {client_name} $| {client_addr}
1763R$+ $| $+		$: $>D < $1 > <?> <+ Connect> < $2 >
1764dnl workspace: <result-of-lookup> <{client_addr}>
1765dnl OR $| $+ if client_name is empty
1766R   $| $+		$: $>A < $1 > <?> <+ Connect> <>	empty client_name
1767dnl workspace: <result-of-lookup> <{client_addr}>
1768R<?> <$+>		$: $>A < $1 > <?> <+ Connect> <>	no: another lookup
1769dnl workspace: <result-of-lookup> (<>|<{client_addr}>)
1770R<?> <$*>		$: OK				found nothing
1771dnl workspace: <result-of-lookup> (<>|<{client_addr}>) | OK
1772R<$={Accept}> <$*>	$@ $1				return value of lookup
1773R<REJECT> <$*>		$#error ifdef(`confREJECT_MSG', `$: confREJECT_MSG', `$@ 5.7.1 $: "550 Access denied"')
1774R<DISCARD> <$*>		$#discard $: discard
1775R<QUARANTINE:$+> <$*>	$#error $@ quarantine $: $1
1776dnl error tag
1777R<ERROR:$-.$-.$-:$+> <$*>	$#error $@ $1.$2.$3 $: $4
1778R<ERROR:$+> <$*>		$#error $: $1
1779ifdef(`_ATMPF_', `R<$* _ATMPF_> <$*>		$#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
1780dnl generic error from access map
1781R<$+> <$*>		$#error $: $1', `dnl')
1782
1783ifdef(`_RBL_',`dnl
1784# DNS based IP address spam list
1785dnl workspace: ignored...
1786R$*			$: $&{client_addr}
1787R$-.$-.$-.$-		$: <?> $(host $4.$3.$2.$1._RBL_. $: OK $)
1788R<?>OK			$: OKSOFAR
1789R<?>$+			$#error $@ 5.7.1 $: "550 Rejected: " $&{client_addr} " listed at _RBL_"',
1790`dnl')
1791ifdef(`_RATE_CONTROL_',`dnl
1792ifdef(`_RATE_CONTROL_IMMEDIATE_',`', `dnl
1793dnl workspace: ignored...
1794R$*		$: $>"RateControl" dummy')', `dnl')
1795ifdef(`_CONN_CONTROL_',`dnl
1796ifdef(`_CONN_CONTROL_IMMEDIATE_',`',`dnl
1797dnl workspace: ignored...
1798R$*		$: $>"ConnControl" dummy')', `dnl')
1799undivert(8)
1800ifdef(`_REQUIRE_RDNS_', `dnl
1801R$*			$: $&{client_addr} $| $&{client_resolve}
1802R$=R $*			$@ RELAY		We relay for these
1803R$* $| OK		$@ OK			Resolves.
1804R$* $| FAIL		$#error $@ 5.7.1 $: 550 Fix reverse DNS for $1
1805R$* $| TEMP		$#error $@ 4.1.8 $: 451 Client IP address $1 does not resolve
1806R$* $| FORGED		$#error $@ 4.1.8 $: 451 Possibly forged hostname for $1
1807', `dnl')
1808
1809######################################################################
1810###  check_mail -- check SMTP ``MAIL FROM:'' command argument
1811######################################################################
1812
1813SLocal_check_mail
1814Scheck`'_U_`'mail
1815R$*			$: $1 $| $>"Local_check_mail" $1
1816R$* $| $#$*		$#$2
1817R$* $| $*		$@ $>"Basic_check_mail" $1
1818
1819SBasic_check_mail
1820# check for deferred delivery mode
1821R$*			$: < $&{deliveryMode} > $1
1822R< d > $*		$@ deferred
1823R< $* > $*		$: $2
1824
1825# authenticated?
1826dnl done first: we can require authentication for every mail transaction
1827dnl workspace: address as given by MAIL FROM: (sender)
1828R$*			$: $1 $| $>"tls_client" $&{verify} $| MAIL
1829R$* $| $#$+		$#$2
1830dnl undo damage: remove result of tls_client call
1831R$* $| $*		$: $1
1832
1833dnl workspace: address as given by MAIL FROM:
1834R<>			$@ <OK>			we MUST accept <> (RFC 1123)
1835ifdef(`_ACCEPT_UNQUALIFIED_SENDERS_',`dnl',`dnl
1836dnl do some additional checks
1837dnl no user@host
1838dnl no user@localhost (if nonlocal sender)
1839dnl this is a pretty simple canonification, it will not catch every case
1840dnl just make sure the address has <> around it (which is required by
1841dnl the RFC anyway, maybe we should complain if they are missing...)
1842dnl dirty trick: if it is user@host, just add a dot: user@host. this will
1843dnl not be modified by host lookups.
1844R$+			$: <?> $1
1845R<?><$+>		$: <@> <$1>
1846R<?>$+			$: <@> <$1>
1847dnl workspace: <@> <address>
1848dnl prepend daemon_flags
1849R$*			$: $&{daemon_flags} $| $1
1850dnl workspace: ${daemon_flags} $| <@> <address>
1851dnl do not allow these at all or only from local systems?
1852R$* f $* $| <@> < $* @ $- >	$: < ? $&{client_name} > < $3 @ $4 >
1853dnl accept unqualified sender: change mark to avoid test
1854R$* u $* $| <@> < $* >	$: <?> < $3 >
1855dnl workspace: ${daemon_flags} $| <@> <address>
1856dnl        or:                    <? ${client_name} > <address>
1857dnl        or:                    <?> <address>
1858dnl remove daemon_flags
1859R$* $| $*		$: $2
1860# handle case of @localhost on address
1861R<@> < $* @ localhost >	$: < ? $&{client_name} > < $1 @ localhost >
1862R<@> < $* @ [127.0.0.1] >
1863			$: < ? $&{client_name} > < $1 @ [127.0.0.1] >
1864R<@> < $* @ localhost.$m >
1865			$: < ? $&{client_name} > < $1 @ localhost.$m >
1866ifdef(`_NO_UUCP_', `dnl',
1867`R<@> < $* @ localhost.UUCP >
1868			$: < ? $&{client_name} > < $1 @ localhost.UUCP >')
1869dnl workspace: < ? $&{client_name} > <user@localhost|host>
1870dnl	or:    <@> <address>
1871dnl	or:    <?> <address>	(thanks to u in ${daemon_flags})
1872R<@> $*			$: $1			no localhost as domain
1873dnl workspace: < ? $&{client_name} > <user@localhost|host>
1874dnl	or:    <address>
1875dnl	or:    <?> <address>	(thanks to u in ${daemon_flags})
1876R<? $=w> $*		$: $2			local client: ok
1877R<? $+> <$+>		$#error $@ 5.5.4 $: "_CODE553 Real domain name required for sender address"
1878dnl remove <?> (happens only if ${client_name} == "" or u in ${daemon_flags})
1879R<?> $*			$: $1')
1880dnl workspace: address (or <address>)
1881R$*			$: <?> $>CanonAddr $1		canonify sender address and mark it
1882dnl workspace: <?> CanonicalAddress (i.e. address in canonical form localpart<@host>)
1883dnl there is nothing behind the <@host> so no trailing $* needed
1884R<?> $* < @ $+ . >	<?> $1 < @ $2 >			strip trailing dots
1885# handle non-DNS hostnames (*.bitnet, *.decnet, *.uucp, etc)
1886R<?> $* < @ $* $=P >	$: <_RES_OK_> $1 < @ $2 $3 >
1887dnl workspace <mark> CanonicalAddress	where mark is ? or OK
1888dnl A sender address with my local host name ($j) is safe
1889R<?> $* < @ $j >	$: <_RES_OK_> $1 < @ $j >
1890ifdef(`_ACCEPT_UNRESOLVABLE_DOMAINS_',
1891`R<?> $* < @ $+ >	$: <_RES_OK_> $1 < @ $2 >		... unresolvable OK',
1892`R<?> $* < @ $+ >	$: <? $(resolve $2 $: $2 <PERM> $) > $1 < @ $2 >
1893R<? $* <$->> $* < @ $+ >
1894			$: <$2> $3 < @ $4 >')
1895dnl workspace <mark> CanonicalAddress	where mark is ?, _RES_OK_, PERM, TEMP
1896dnl mark is ? iff the address is user (wo @domain)
1897
1898ifdef(`_ACCESS_TABLE_', `dnl
1899# check sender address: user@address, user@, address
1900dnl should we remove +ext from user?
1901dnl workspace: <mark> CanonicalAddress where mark is: ?, _RES_OK_, PERM, TEMP
1902R<$+> $+ < @ $* >	$: @<$1> <$2 < @ $3 >> $| <F:$2@$3> <U:$2@> <D:$3>
1903R<$+> $+		$: @<$1> <$2> $| <U:$2@>
1904dnl workspace: @<mark> <CanonicalAddress> $| <@type:address> ....
1905dnl $| is used as delimiter, otherwise false matches may occur: <user<@domain>>
1906dnl will only return user<@domain when "reversing" the args
1907R@ <$+> <$*> $| <$+>	$: <@> <$1> <$2> $| $>SearchList <+ From> $| <$3> <>
1908dnl workspace: <@><mark> <CanonicalAddress> $| <result>
1909R<@> <$+> <$*> $| <$*>	$: <$3> <$1> <$2>		reverse result
1910dnl workspace: <result> <mark> <CanonicalAddress>
1911# retransform for further use
1912dnl required form:
1913dnl <ResultOfLookup|mark> CanonicalAddress
1914R<?> <$+> <$*>		$: <$1> $2	no match
1915R<$+> <$+> <$*>		$: <$1> $3	relevant result, keep it', `dnl')
1916dnl workspace <ResultOfLookup|mark> CanonicalAddress
1917dnl mark is ? iff the address is user (wo @domain)
1918
1919ifdef(`_ACCEPT_UNQUALIFIED_SENDERS_',`dnl',`dnl
1920# handle case of no @domain on address
1921dnl prepend daemon_flags
1922R<?> $*			$: $&{daemon_flags} $| <?> $1
1923dnl accept unqualified sender: change mark to avoid test
1924R$* u $* $| <?> $*	$: <_RES_OK_> $3
1925dnl remove daemon_flags
1926R$* $| $*		$: $2
1927R<?> $*			$: < ? $&{client_addr} > $1
1928R<?> $*			$@ <_RES_OK_>			...local unqualed ok
1929R<? $+> $*		$#error $@ 5.5.4 $: "_CODE553 Domain name required for sender address " $&f
1930							...remote is not')
1931# check results
1932R<?> $*			$: @ $1		mark address: nothing known about it
1933R<$={ResOk}> $*		$: @ $2		domain ok
1934R<TEMP> $*		$#error $@ 4.1.8 $: "451 Domain of sender address " $&f " does not resolve"
1935R<PERM> $*		$#error $@ 5.1.8 $: "_CODE553 Domain of sender address " $&f " does not exist"
1936ifdef(`_ACCESS_TABLE_', `dnl
1937R<$={Accept}> $*	$# $1		accept from access map
1938R<DISCARD> $*		$#discard $: discard
1939R<QUARANTINE:$+> $*	$#error $@ quarantine $: $1
1940R<REJECT> $*		$#error ifdef(`confREJECT_MSG', `$: confREJECT_MSG', `$@ 5.7.1 $: "550 Access denied"')
1941dnl error tag
1942R<ERROR:$-.$-.$-:$+> $*		$#error $@ $1.$2.$3 $: $4
1943R<ERROR:$+> $*		$#error $: $1
1944ifdef(`_ATMPF_', `R<_ATMPF_> $*		$#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
1945dnl generic error from access map
1946R<$+> $*		$#error $: $1		error from access db',
1947`dnl')
1948dnl workspace: @ CanonicalAddress (i.e. address in canonical form localpart<@host>)
1949
1950ifdef(`_BADMX_CHK_', `dnl
1951R@ $*<@$+>$*		$: $1<@$2>$3 $| $>BadMX $2
1952R$* $| $#$*		$#$2
1953
1954SBadMX
1955# Look up MX records and ferret away a copy of the original address.
1956# input: domain part of address to check
1957R$+				$:<MX><$1><:$(mxlist $1$):><:>
1958# workspace: <MX><domain><: mxlist-result $><:>
1959R<MX><$+><:$*<TEMP>:><$*>	$#error $@ 4.1.2 $: "450 MX lookup failure for "$1
1960# workspace: <MX> <original destination> <unchecked mxlist> <checked mxlist>
1961# Recursively run badmx check on each mx.
1962R<MX><$*><:$+:$*><:$*>		<MX><$1><:$3><: $4 $(badmx $2 $):>
1963# See if any of them fail.
1964R<MX><$*><$*><$*<BADMX>:$*>	$#error $@ 5.1.2 $:"550 Illegal MX record for host "$1
1965# Reverse the mxlists so we can use the same argument order again.
1966R<MX><$*><$*><$*>		$:<MX><$1><$3><$2>
1967R<MX><$*><:$+:$*><:$*>		<MX><$1><:$3><:$4 $(dnsA $2 $) :>
1968
1969# Reverse the lists so we can use the same argument order again.
1970R<MX><$*><$*><$*>		$:<MX><$1><$3><$2>
1971R<MX><$*><:$+:$*><:$*>		<MX><$1><:$3><:$4 $(BadMXIP $2 $) :>
1972
1973R<MX><$*><$*><$*<BADMXIP>:$*>	$#error $@ 5.1.2 $:"550 Invalid MX record for host "$1',
1974`dnl')
1975
1976
1977######################################################################
1978###  check_rcpt -- check SMTP ``RCPT TO:'' command argument
1979######################################################################
1980
1981SLocal_check_rcpt
1982Scheck`'_U_`'rcpt
1983R$*			$: $1 $| $>"Local_check_rcpt" $1
1984R$* $| $#$*		$#$2
1985R$* $| $*		$@ $>"Basic_check_rcpt" $1
1986
1987SBasic_check_rcpt
1988# empty address?
1989R<>			$#error $@ nouser $: "553 User address required"
1990R$@			$#error $@ nouser $: "553 User address required"
1991# check for deferred delivery mode
1992R$*			$: < $&{deliveryMode} > $1
1993R< d > $*		$@ deferred
1994R< $* > $*		$: $2
1995
1996ifdef(`_REQUIRE_QUAL_RCPT_', `dnl
1997dnl this code checks for user@host where host is not a FQHN.
1998dnl it is not activated.
1999dnl notice: code to check for a recipient without a domain name is
2000dnl available down below; look for the same macro.
2001dnl this check is done here because the name might be qualified by the
2002dnl canonicalization.
2003# require fully qualified domain part?
2004dnl very simple canonification: make sure the address is in < >
2005R$+			$: <?> $1
2006R<?> <$+>		$: <@> <$1>
2007R<?> $+			$: <@> <$1>
2008R<@> < postmaster >	$: postmaster
2009R<@> < $* @ $+ . $+ >	$: < $1 @ $2 . $3 >
2010dnl prepend daemon_flags
2011R<@> $*			$: $&{daemon_flags} $| <@> $1
2012dnl workspace: ${daemon_flags} $| <@> <address>
2013dnl _r_equire qual.rcpt: ok
2014R$* r $* $| <@> < $+ @ $+ >	$: < $3 @ $4 >
2015dnl do not allow these at all or only from local systems?
2016R$* r $* $| <@> < $* >	$: < ? $&{client_name} > < $3 >
2017R<?> < $* >		$: <$1>
2018R<? $=w> < $* >		$: <$1>
2019R<? $+> <$+>		$#error $@ 5.5.4 $: "553 Fully qualified domain name required"
2020dnl remove daemon_flags for other cases
2021R$* $| <@> $*		$: $2', `dnl')
2022
2023dnl ##################################################################
2024dnl call subroutines for recipient and relay
2025dnl possible returns from subroutines:
2026dnl $#TEMP	temporary failure
2027dnl $#error	permanent failure (or temporary if from access map)
2028dnl $#other	stop processing
2029dnl RELAY	RELAYing allowed
2030dnl other	otherwise
2031######################################################################
2032R$*			$: $1 $| @ $>"Rcpt_ok" $1
2033dnl temporary failure? remove mark @ and remember
2034R$* $| @ $#TEMP $+	$: $1 $| T $2
2035dnl error or ok (stop)
2036R$* $| @ $#$*		$#$2
2037ifdef(`_PROMISCUOUS_RELAY_', `divert(-1)', `dnl')
2038R$* $| @ RELAY		$@ RELAY
2039dnl something else: call check sender (relay)
2040R$* $| @ $*		$: O $| $>"Relay_ok" $1
2041dnl temporary failure: call check sender (relay)
2042R$* $| T $+		$: T $2 $| $>"Relay_ok" $1
2043dnl temporary failure? return that
2044R$* $| $#TEMP $+	$#error $2
2045dnl error or ok (stop)
2046R$* $| $#$*		$#$2
2047R$* $| RELAY		$@ RELAY
2048dnl something else: return previous temp failure
2049R T $+ $| $*		$#error $1
2050# anything else is bogus
2051R$*			$#error $@ 5.7.1 $: confRELAY_MSG
2052divert(0)
2053
2054######################################################################
2055### Rcpt_ok: is the recipient ok?
2056dnl input: recipient address (RCPT TO)
2057dnl output: see explanation at call
2058######################################################################
2059SRcpt_ok
2060ifdef(`_LOOSE_RELAY_CHECK_',`dnl
2061R$*			$: $>CanonAddr $1
2062R$* < @ $* . >		$1 < @ $2 >			strip trailing dots',
2063`R$*			$: $>ParseRecipient $1		strip relayable hosts')
2064
2065ifdef(`_BESTMX_IS_LOCAL_',`dnl
2066ifelse(_BESTMX_IS_LOCAL_, `', `dnl
2067# unlimited bestmx
2068R$* < @ $* > $*			$: $1 < @ $2 @@ $(bestmx $2 $) > $3',
2069`dnl
2070# limit bestmx to $=B
2071R$* < @ $* $=B > $*		$: $1 < @ $2 $3 @@ $(bestmx $2 $3 $) > $4')
2072R$* $=O $* < @ $* @@ $=w . > $*	$@ $>"Rcpt_ok" $1 $2 $3
2073R$* < @ $* @@ $=w . > $*	$: $1 < @ $3 > $4
2074R$* < @ $* @@ $* > $*		$: $1 < @ $2 > $4')
2075
2076ifdef(`_BLACKLIST_RCPT_',`dnl
2077ifdef(`_ACCESS_TABLE_', `dnl
2078# blacklist local users or any host from receiving mail
2079R$*			$: <?> $1
2080dnl user is now tagged with @ to be consistent with check_mail
2081dnl and to distinguish users from hosts (com would be host, com@ would be user)
2082R<?> $+ < @ $=w >	$: <> <$1 < @ $2 >> $| <F:$1@$2> <U:$1@> <D:$2>
2083R<?> $+ < @ $* >	$: <> <$1 < @ $2 >> $| <F:$1@$2> <D:$2>
2084R<?> $+			$: <> <$1> $| <U:$1@>
2085dnl $| is used as delimiter, otherwise false matches may occur: <user<@domain>>
2086dnl will only return user<@domain when "reversing" the args
2087R<> <$*> $| <$+>	$: <@> <$1> $| $>SearchList <+ To> $| <$2> <>
2088R<@> <$*> $| <$*>	$: <$2> <$1>		reverse result
2089R<?> <$*>		$: @ $1		mark address as no match
2090dnl we may have to filter here because otherwise some RHSs
2091dnl would be interpreted as generic error messages...
2092dnl error messages should be "tagged" by prefixing them with error: !
2093dnl that would make a lot of things easier.
2094R<$={Accept}> <$*>	$: @ $2		mark address as no match
2095ifdef(`_ACCESS_SKIP_', `dnl
2096R<SKIP> <$*>		$: @ $1		mark address as no match', `dnl')
2097ifdef(`_DELAY_COMPAT_8_10_',`dnl
2098dnl compatility with 8.11/8.10:
2099dnl we have to filter these because otherwise they would be interpreted
2100dnl as generic error message...
2101dnl error messages should be "tagged" by prefixing them with error: !
2102dnl that would make a lot of things easier.
2103dnl maybe we should stop checks already here (if SPAM_xyx)?
2104R<$={SpamTag}> <$*>	$: @ $2		mark address as no match')
2105R<REJECT> $*		$#error $@ 5.2.1 $: confRCPTREJ_MSG
2106R<DISCARD> $*		$#discard $: discard
2107R<QUARANTINE:$+> $*	$#error $@ quarantine $: $1
2108dnl error tag
2109R<ERROR:$-.$-.$-:$+> $*		$#error $@ $1.$2.$3 $: $4
2110R<ERROR:$+> $*		$#error $: $1
2111ifdef(`_ATMPF_', `R<_ATMPF_> $*		$#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
2112dnl generic error from access map
2113R<$+> $*		$#error $: $1		error from access db
2114R@ $*			$1		remove mark', `dnl')', `dnl')
2115
2116ifdef(`_PROMISCUOUS_RELAY_', `divert(-1)', `dnl')
2117# authenticated via TLS?
2118R$*			$: $1 $| $>RelayTLS	client authenticated?
2119R$* $| $# $+		$# $2			error/ok?
2120R$* $| $*		$: $1			no
2121
2122R$*			$: $1 $| $>"Local_Relay_Auth" $&{auth_type}
2123dnl workspace: localpart<@domain> $| result of Local_Relay_Auth
2124R$* $| $# $*		$# $2
2125dnl if Local_Relay_Auth returns NO then do not check $={TrustAuthMech}
2126R$* $| NO		$: $1
2127R$* $| $*		$: $1 $| $&{auth_type}
2128dnl workspace: localpart<@domain> [ $| ${auth_type} ]
2129dnl empty ${auth_type}?
2130R$* $|			$: $1
2131dnl mechanism ${auth_type} accepted?
2132dnl use $# to override further tests (delay_checks): see check_rcpt below
2133R$* $| $={TrustAuthMech}	$# RELAY
2134dnl remove ${auth_type}
2135R$* $| $*		$: $1
2136dnl workspace: localpart<@domain> | localpart
2137ifelse(defn(`_NO_UUCP_'), `r',
2138`R$* ! $* < @ $* >	$: <REMOTE> $2 < @ BANG_PATH >
2139R$* ! $* 		$: <REMOTE> $2 < @ BANG_PATH >', `dnl')
2140# anything terminating locally is ok
2141ifdef(`_RELAY_ENTIRE_DOMAIN_', `dnl
2142R$+ < @ $* $=m >	$@ RELAY', `dnl')
2143R$+ < @ $=w >		$@ RELAY
2144ifdef(`_RELAY_HOSTS_ONLY_',
2145`R$+ < @ $=R >		$@ RELAY
2146ifdef(`_ACCESS_TABLE_', `dnl
2147R$+ < @ $+ >		$: <$(access To:$2 $: ? $)> <$1 < @ $2 >>
2148dnl workspace: <Result-of-lookup | ?> <localpart<@domain>>
2149R<?> <$+ < @ $+ >>	$: <$(access $2 $: ? $)> <$1 < @ $2 >>',`dnl')',
2150`R$+ < @ $* $=R >	$@ RELAY
2151ifdef(`_ACCESS_TABLE_', `dnl
2152ifdef(`_RELAY_FULL_ADDR_', `dnl
2153R$+ < @ $+ >		$: $1 < @ $2 > $| $>SearchList <+ To> $| <F:$1@$2> <D:$2> <F:$1@> <>
2154R$+ < @ $+ > $| <$*>	$: <$3> <$1 <@ $2>>
2155R$+ < @ $+ > $| $*	$: <$3> <$1 <@ $2>>',
2156`R$+ < @ $+ >		$: $>D <$2> <?> <+ To> <$1 < @ $2 >>')')')
2157ifdef(`_ACCESS_TABLE_', `dnl
2158dnl workspace: <Result-of-lookup | ?> <localpart<@domain>>
2159R<RELAY> $*		$@ RELAY
2160ifdef(`_ATMPF_', `R<$* _ATMPF_> $*		$#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
2161R<$*> <$*>		$: $2',`dnl')
2162
2163
2164ifdef(`_RELAY_MX_SERVED_', `dnl
2165# allow relaying for hosts which we MX serve
2166R$+ < @ $+ >		$: < : $(mxserved $2 $) : > $1 < @ $2 >
2167dnl this must not necessarily happen if the client is checked first...
2168R< : $* <TEMP> : > $*	$#TEMP $@ 4.4.0 $: "450 Can not check MX records for recipient host " $1
2169R<$* : $=w . : $*> $*	$@ RELAY
2170R< : $* : > $*		$: $2',
2171`dnl')
2172
2173# check for local user (i.e. unqualified address)
2174R$*			$: <?> $1
2175R<?> $* < @ $+ >	$: <REMOTE> $1 < @ $2 >
2176# local user is ok
2177dnl is it really? the standard requires user@domain, not just user
2178dnl but we should accept it anyway (maybe making it an option:
2179dnl RequireFQDN ?)
2180dnl postmaster must be accepted without domain (DRUMS)
2181ifdef(`_REQUIRE_QUAL_RCPT_', `dnl
2182R<?> postmaster		$@ OK
2183# require qualified recipient?
2184dnl prepend daemon_flags
2185R<?> $+			$: $&{daemon_flags} $| <?> $1
2186dnl workspace: ${daemon_flags} $| <?> localpart
2187dnl do not allow these at all or only from local systems?
2188dnl r flag? add client_name
2189R$* r $* $| <?> $+	$: < ? $&{client_name} > <?> $3
2190dnl no r flag: relay to local user (only local part)
2191# no qualified recipient required
2192R$* $| <?> $+		$@ RELAY
2193dnl client_name is empty
2194R<?> <?> $+		$@ RELAY
2195dnl client_name is local
2196R<? $=w> <?> $+		$@ RELAY
2197dnl client_name is not local
2198R<? $+> $+		$#error $@ 5.5.4 $: "553 Domain name required"', `dnl
2199dnl no qualified recipient required
2200R<?> $+			$@ RELAY')
2201dnl it is a remote user: remove mark and then check client
2202R<$+> $*		$: $2
2203dnl currently the recipient address is not used below
2204
2205######################################################################
2206### Relay_ok: is the relay/sender ok?
2207dnl input: ignored
2208dnl output: see explanation at call
2209######################################################################
2210SRelay_ok
2211# anything originating locally is ok
2212# check IP address
2213R$*			$: $&{client_addr}
2214R$@			$@ RELAY		originated locally
2215R0			$@ RELAY		originated locally
2216R127.0.0.1		$@ RELAY		originated locally
2217RIPv6:::1		$@ RELAY		originated locally
2218R$=R $*			$@ RELAY		relayable IP address
2219ifdef(`_ACCESS_TABLE_', `dnl
2220R$*			$: $>A <$1> <?> <+ Connect> <$1>
2221R<RELAY> $* 		$@ RELAY		relayable IP address
2222ifdef(`_FFR_REJECT_IP_IN_CHECK_RCPT_',`dnl
2223dnl this will cause rejections in cases like:
2224dnl Connect:My.Host.Domain	RELAY
2225dnl Connect:My.Net		REJECT
2226dnl since in check_relay client_name is checked before client_addr
2227R<REJECT> $* 		$@ REJECT		rejected IP address')
2228ifdef(`_ATMPF_', `R<_ATMPF_> $*		$#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
2229R<$*> <$*>		$: $2', `dnl')
2230R$*			$: [ $1 ]		put brackets around it...
2231R$=w			$@ RELAY		... and see if it is local
2232
2233ifdef(`_RELAY_DB_FROM_', `define(`_RELAY_MAIL_FROM_', `1')')dnl
2234ifdef(`_RELAY_LOCAL_FROM_', `define(`_RELAY_MAIL_FROM_', `1')')dnl
2235ifdef(`_RELAY_MAIL_FROM_', `dnl
2236dnl input: {client_addr} or something "broken"
2237dnl just throw the input away; we do not need it.
2238# check whether FROM is allowed to use system as relay
2239R$*			$: <?> $>CanonAddr $&f
2240R<?> $+ < @ $+ . >	<?> $1 < @ $2 >		remove trailing dot
2241ifdef(`_RELAY_LOCAL_FROM_', `dnl
2242# check whether local FROM is ok
2243R<?> $+ < @ $=w >	$@ RELAY		FROM local', `dnl')
2244ifdef(`_RELAY_DB_FROM_', `dnl
2245R<?> $+ < @ $+ >	$: <@> $>SearchList <! From> $| <F:$1@$2> ifdef(`_RELAY_DB_FROM_DOMAIN_', ifdef(`_RELAY_HOSTS_ONLY_', `<E:$2>', `<D:$2>')) <>
2246R<@> <RELAY>		$@ RELAY		RELAY FROM sender ok
2247ifdef(`_ATMPF_', `R<@> <_ATMPF_>		$#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
2248', `dnl
2249ifdef(`_RELAY_DB_FROM_DOMAIN_',
2250`errprint(`*** ERROR: _RELAY_DB_FROM_DOMAIN_ requires _RELAY_DB_FROM_
2251')',
2252`dnl')
2253dnl')', `dnl')
2254dnl notice: the rulesets above do not leave a unique workspace behind.
2255dnl it does not matter in this case because the following rule ignores
2256dnl the input. otherwise these rules must "clean up" the workspace.
2257
2258# check client name: first: did it resolve?
2259dnl input: ignored
2260R$*			$: < $&{client_resolve} >
2261R<TEMP>			$#TEMP $@ 4.4.0 $: "450 Relaying temporarily denied. Cannot resolve PTR record for " $&{client_addr}
2262R<FORGED>		$#error $@ 5.7.1 $: "550 Relaying denied. IP name possibly forged " $&{client_name}
2263R<FAIL>			$#error $@ 5.7.1 $: "550 Relaying denied. IP name lookup failed " $&{client_name}
2264dnl ${client_resolve} should be OK, so go ahead
2265R$*			$: <@> $&{client_name}
2266dnl should not be necessary since it has been done for client_addr already
2267dnl this rule actually may cause a problem if {client_name} resolves to ""
2268dnl however, this should not happen since the forward lookup should fail
2269dnl and {client_resolve} should be TEMP or FAIL.
2270dnl nevertheless, removing the rule doesn't hurt.
2271dnl R<@>			$@ RELAY
2272dnl workspace: <@> ${client_name} (not empty)
2273# pass to name server to make hostname canonical
2274R<@> $* $=P 		$:<?>  $1 $2
2275R<@> $+			$:<?>  $[ $1 $]
2276dnl workspace: <?> ${client_name} (canonified)
2277R$* .			$1			strip trailing dots
2278ifdef(`_RELAY_ENTIRE_DOMAIN_', `dnl
2279R<?> $* $=m		$@ RELAY', `dnl')
2280R<?> $=w		$@ RELAY
2281ifdef(`_RELAY_HOSTS_ONLY_',
2282`R<?> $=R		$@ RELAY
2283ifdef(`_ACCESS_TABLE_', `dnl
2284R<?> $*			$: <$(access Connect:$1 $: ? $)> <$1>
2285R<?> <$*>		$: <$(access $1 $: ? $)> <$1>',`dnl')',
2286`R<?> $* $=R			$@ RELAY
2287ifdef(`_ACCESS_TABLE_', `dnl
2288R<?> $*			$: $>D <$1> <?> <+ Connect> <$1>',`dnl')')
2289ifdef(`_ACCESS_TABLE_', `dnl
2290R<RELAY> $*		$@ RELAY
2291ifdef(`_ATMPF_', `R<$* _ATMPF_> $*		$#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
2292R<$*> <$*>		$: $2',`dnl')
2293dnl end of _PROMISCUOUS_RELAY_
2294divert(0)
2295ifdef(`_DELAY_CHECKS_',`dnl
2296# turn a canonical address in the form user<@domain>
2297# qualify unqual. addresses with $j
2298dnl it might have been only user (without <@domain>)
2299SFullAddr
2300R$* <@ $+ . >		$1 <@ $2 >
2301R$* <@ $* >		$@ $1 <@ $2 >
2302R$+			$@ $1 <@ $j >
2303
2304SDelay_TLS_Clt
2305# authenticated?
2306dnl code repeated here from Basic_check_mail
2307dnl only called from check_rcpt in delay mode if checkrcpt returns $#
2308R$*			$: $1 $| $>"tls_client" $&{verify} $| MAIL
2309R$* $| $#$+		$#$2
2310dnl return result from checkrcpt
2311R$* $| $*		$# $1
2312R$*			$# $1
2313
2314SDelay_TLS_Clt2
2315# authenticated?
2316dnl code repeated here from Basic_check_mail
2317dnl only called from check_rcpt in delay mode if stopping due to Friend/Hater
2318R$*			$: $1 $| $>"tls_client" $&{verify} $| MAIL
2319R$* $| $#$+		$#$2
2320dnl return result from friend/hater check
2321R$* $| $*		$@ $1
2322R$*			$@ $1
2323
2324# call all necessary rulesets
2325Scheck_rcpt
2326dnl this test should be in the Basic_check_rcpt ruleset
2327dnl which is the correct DSN code?
2328# R$@			$#error $@ 5.1.3 $: "553 Recipient address required"
2329
2330R$+			$: $1 $| $>checkrcpt $1
2331dnl now we can simply stop checks by returning "$# xyz" instead of just "ok"
2332dnl on error (or discard) stop now
2333R$+ $| $#error $*	$#error $2
2334R$+ $| $#discard $*	$#discard $2
2335dnl otherwise call tls_client; see above
2336R$+ $| $#$*		$@ $>"Delay_TLS_Clt" $2
2337R$+ $| $*		$: <?> $>FullAddr $>CanonAddr $1
2338ifdef(`_SPAM_FH_',
2339`dnl lookup user@ and user@address
2340ifdef(`_ACCESS_TABLE_', `',
2341`errprint(`*** ERROR: FEATURE(`delay_checks', `argument') requires FEATURE(`access_db')
2342')')dnl
2343dnl one of the next two rules is supposed to match
2344dnl this code has been copied from BLACKLIST... etc
2345dnl and simplified by omitting some < >.
2346R<?> $+ < @ $=w >	$: <> $1 < @ $2 > $| <F: $1@$2 > <D: $2 > <U: $1@>
2347R<?> $+ < @ $* >	$: <> $1 < @ $2 > $| <F: $1@$2 > <D: $2 >
2348dnl R<?>		$@ something_is_very_wrong_here
2349# lookup the addresses only with Spam tag
2350R<> $* $| <$+>		$: <@> $1 $| $>SearchList <! Spam> $| <$2> <>
2351R<@> $* $| $*		$: $2 $1		reverse result
2352dnl', `dnl')
2353ifdef(`_SPAM_FRIEND_',
2354`# is the recipient a spam friend?
2355ifdef(`_SPAM_HATER_',
2356	`errprint(`*** ERROR: define either Hater or Friend -- not both.
2357')', `dnl')
2358R<FRIEND> $+		$@ $>"Delay_TLS_Clt2" SPAMFRIEND
2359R<$*> $+		$: $2',
2360`dnl')
2361ifdef(`_SPAM_HATER_',
2362`# is the recipient no spam hater?
2363R<HATER> $+		$: $1			spam hater: continue checks
2364R<$*> $+		$@ $>"Delay_TLS_Clt2" NOSPAMHATER	everyone else: stop
2365dnl',`dnl')
2366
2367dnl run further checks: check_mail
2368dnl should we "clean up" $&f?
2369ifdef(`_FFR_MAIL_MACRO',
2370`R$*			$: $1 $| $>checkmail $&{mail_from}',
2371`R$*			$: $1 $| $>checkmail <$&f>')
2372dnl recipient (canonical format) $| result of checkmail
2373R$* $| $#$*		$#$2
2374dnl run further checks: check_relay
2375R$* $| $*		$: $1 $| $>checkrelay $&{client_name} $| $&{client_addr}
2376R$* $| $#$*		$#$2
2377R$* $| $*		$: $1
2378', `dnl')
2379
2380ifdef(`_BLOCK_BAD_HELO_', `dnl
2381R$*			$: $1 $| <$&{auth_authen}>	Get auth info
2382dnl Bypass the test for users who have authenticated.
2383R$* $| <$+>		$: $1				skip if auth
2384R$* $| <$*>		$: $1 $| <$&{client_addr}> [$&s]	Get connection info
2385dnl Bypass for local clients -- IP address starts with $=R
2386R$* $| <$=R $*> [$*]	$: $1				skip if local client
2387dnl Bypass a "sendmail -bs" session, which use 0 for client ip address
2388R$* $| <0> [$*]		$: $1				skip if sendmail -bs
2389dnl Reject our IP - assumes "[ip]" is in class $=w
2390R$* $| <$*> $=w		$#error $@ 5.7.1 $:"550 bogus HELO name used: " $&s
2391dnl Reject our hostname
2392R$* $| <$*> [$=w]	$#error $@ 5.7.1 $:"550 bogus HELO name used: " $&s
2393dnl Pass anything else with a "." in the domain parameter
2394R$* $| <$*> [$+.$+]	$: $1				qualified domain ok
2395dnl Reject if there was no "." or only an initial or final "."
2396R$* $| <$*> [$*]	$#error $@ 5.7.1 $:"550 bogus HELO name used: " $&s
2397dnl Clean up the workspace
2398R$* $| $*		$: $1
2399', `dnl')
2400
2401ifdef(`_ACCESS_TABLE_', `dnl', `divert(-1)')
2402######################################################################
2403###  F: LookUpFull -- search for an entry in access database
2404###
2405###	lookup of full key (which should be an address) and
2406###	variations if +detail exists: +* and without +detail
2407###
2408###	Parameters:
2409###		<$1> -- key
2410###		<$2> -- default (what to return if not found in db)
2411dnl			must not be empty
2412###		<$3> -- mark (must be <(!|+) single-token>)
2413###			! does lookup only with tag
2414###			+ does lookup with and without tag
2415###		<$4> -- passthru (additional data passed unchanged through)
2416dnl returns:		<default> <passthru>
2417dnl 			<result> <passthru>
2418######################################################################
2419
2420SF
2421dnl workspace: <key> <def> <o tag> <thru>
2422dnl full lookup
2423dnl    2    3  4    5
2424R<$+> <$*> <$- $-> <$*>		$: <$(access $4`'_TAG_DELIM_`'$1 $: ? $)> <$1> <$2> <$3 $4> <$5>
2425dnl no match, try without tag
2426dnl   1    2      3    4
2427R<?> <$+> <$*> <+ $-> <$*>	$: <$(access $1 $: ? $)> <$1> <$2> <+ $3> <$4>
2428dnl no match, +detail: try +*
2429dnl   1    2    3    4    5  6    7
2430R<?> <$+ + $* @ $+> <$*> <$- $-> <$*>
2431			$: <$(access $6`'_TAG_DELIM_`'$1+*@$3 $: ? $)> <$1+$2@$3> <$4> <$5 $6> <$7>
2432dnl no match, +detail: try +* without tag
2433dnl   1    2    3    4      5    6
2434R<?> <$+ + $* @ $+> <$*> <+ $-> <$*>
2435			$: <$(access $1+*@$3 $: ? $)> <$1+$2@$3> <$4> <+ $5> <$6>
2436dnl no match, +detail: try without +detail
2437dnl   1    2    3    4    5  6    7
2438R<?> <$+ + $* @ $+> <$*> <$- $-> <$*>
2439			$: <$(access $6`'_TAG_DELIM_`'$1@$3 $: ? $)> <$1+$2@$3> <$4> <$5 $6> <$7>
2440dnl no match, +detail: try without +detail and without tag
2441dnl   1    2    3    4      5    6
2442R<?> <$+ + $* @ $+> <$*> <+ $-> <$*>
2443			$: <$(access $1@$3 $: ? $)> <$1+$2@$3> <$4> <+ $5> <$6>
2444dnl no match, return <default> <passthru>
2445dnl   1    2    3  4    5
2446R<?> <$+> <$*> <$- $-> <$*>	$@ <$2> <$5>
2447ifdef(`_ATMPF_', `dnl tempfail?
2448dnl            2    3  4    5
2449R<$+ _ATMPF_> <$*> <$- $-> <$*>	$@ <_ATMPF_> <$5>', `dnl')
2450dnl match, return <match> <passthru>
2451dnl    2    3  4    5
2452R<$+> <$*> <$- $-> <$*>		$@ <$1> <$5>
2453
2454######################################################################
2455###  E: LookUpExact -- search for an entry in access database
2456###
2457###	Parameters:
2458###		<$1> -- key
2459###		<$2> -- default (what to return if not found in db)
2460dnl			must not be empty
2461###		<$3> -- mark (must be <(!|+) single-token>)
2462###			! does lookup only with tag
2463###			+ does lookup with and without tag
2464###		<$4> -- passthru (additional data passed unchanged through)
2465dnl returns:		<default> <passthru>
2466dnl 			<result> <passthru>
2467######################################################################
2468
2469SE
2470dnl    2    3  4    5
2471R<$*> <$*> <$- $-> <$*>		$: <$(access $4`'_TAG_DELIM_`'$1 $: ? $)> <$1> <$2> <$3 $4> <$5>
2472dnl no match, try without tag
2473dnl   1    2      3    4
2474R<?> <$+> <$*> <+ $-> <$*>	$: <$(access $1 $: ? $)> <$1> <$2> <+ $3> <$4>
2475dnl no match, return default passthru
2476dnl   1    2    3  4    5
2477R<?> <$+> <$*> <$- $-> <$*>	$@ <$2> <$5>
2478ifdef(`_ATMPF_', `dnl tempfail?
2479dnl            2    3  4    5
2480R<$+ _ATMPF_> <$*> <$- $-> <$*>	$@ <_ATMPF_> <$5>', `dnl')
2481dnl match, return <match> <passthru>
2482dnl    2    3  4    5
2483R<$+> <$*> <$- $-> <$*>		$@ <$1> <$5>
2484
2485######################################################################
2486###  U: LookUpUser -- search for an entry in access database
2487###
2488###	lookup of key (which should be a local part) and
2489###	variations if +detail exists: +* and without +detail
2490###
2491###	Parameters:
2492###		<$1> -- key (user@)
2493###		<$2> -- default (what to return if not found in db)
2494dnl			must not be empty
2495###		<$3> -- mark (must be <(!|+) single-token>)
2496###			! does lookup only with tag
2497###			+ does lookup with and without tag
2498###		<$4> -- passthru (additional data passed unchanged through)
2499dnl returns:		<default> <passthru>
2500dnl 			<result> <passthru>
2501######################################################################
2502
2503SU
2504dnl user lookups are always with trailing @
2505dnl    2    3  4    5
2506R<$+> <$*> <$- $-> <$*>		$: <$(access $4`'_TAG_DELIM_`'$1 $: ? $)> <$1> <$2> <$3 $4> <$5>
2507dnl no match, try without tag
2508dnl   1    2      3    4
2509R<?> <$+> <$*> <+ $-> <$*>	$: <$(access $1 $: ? $)> <$1> <$2> <+ $3> <$4>
2510dnl do not remove the @ from the lookup:
2511dnl it is part of the +detail@ which is omitted for the lookup
2512dnl no match, +detail: try +*
2513dnl   1    2      3    4  5    6
2514R<?> <$+ + $* @> <$*> <$- $-> <$*>
2515			$: <$(access $5`'_TAG_DELIM_`'$1+*@ $: ? $)> <$1+$2@> <$3> <$4 $5> <$6>
2516dnl no match, +detail: try +* without tag
2517dnl   1    2      3      4    5
2518R<?> <$+ + $* @> <$*> <+ $-> <$*>
2519			$: <$(access $1+*@ $: ? $)> <$1+$2@> <$3> <+ $4> <$5>
2520dnl no match, +detail: try without +detail
2521dnl   1    2      3    4  5    6
2522R<?> <$+ + $* @> <$*> <$- $-> <$*>
2523			$: <$(access $5`'_TAG_DELIM_`'$1@ $: ? $)> <$1+$2@> <$3> <$4 $5> <$6>
2524dnl no match, +detail: try without +detail and without tag
2525dnl   1    2      3      4    5
2526R<?> <$+ + $* @> <$*> <+ $-> <$*>
2527			$: <$(access $1@ $: ? $)> <$1+$2@> <$3> <+ $4> <$5>
2528dnl no match, return <default> <passthru>
2529dnl   1    2    3  4    5
2530R<?> <$+> <$*> <$- $-> <$*>	$@ <$2> <$5>
2531ifdef(`_ATMPF_', `dnl tempfail?
2532dnl            2    3  4    5
2533R<$+ _ATMPF_> <$*> <$- $-> <$*>	$@ <_ATMPF_> <$5>', `dnl')
2534dnl match, return <match> <passthru>
2535dnl    2    3  4    5
2536R<$+> <$*> <$- $-> <$*>		$@ <$1> <$5>
2537
2538######################################################################
2539###  SearchList: search a list of items in the access map
2540###	Parameters:
2541###		<exact tag> $| <mark:address> <mark:address> ... <>
2542dnl	maybe we should have a @ (again) in front of the mark to
2543dnl	avoid errorneous matches (with error messages?)
2544dnl	if we can make sure that tag is always a single token
2545dnl	then we can omit the delimiter $|, otherwise we need it
2546dnl	to avoid errorneous matchs (first rule: D: if there
2547dnl	is that mark somewhere in the list, it will be taken).
2548dnl	moreover, we can do some tricks to enforce lookup with
2549dnl	the tag only, e.g.:
2550###	where "exact" is either "+" or "!":
2551###	<+ TAG>	lookup with and w/o tag
2552###	<! TAG>	lookup with tag
2553dnl	Warning: + and ! should be in OperatorChars (otherwise there must be
2554dnl		a blank between them and the tag.
2555###	possible values for "mark" are:
2556###		D: recursive host lookup (LookUpDomain)
2557dnl		A: recursive address lookup (LookUpAddress) [not yet required]
2558###		E: exact lookup, no modifications
2559###		F: full lookup, try user+ext@domain and user@domain
2560###		U: user lookup, try user+ext and user (input must have trailing @)
2561###	return: <RHS of lookup> or <?> (not found)
2562######################################################################
2563
2564# class with valid marks for SearchList
2565dnl if A is activated: add it
2566C{Src}E F D U ifdef(`_FFR_SRCHLIST_A', `A')
2567SSearchList
2568# just call the ruleset with the name of the tag... nice trick...
2569dnl       2       3    4
2570R<$+> $| <$={Src}:$*> <$*>	$: <$1> $| <$4> $| $>$2 <$3> <?> <$1> <>
2571dnl workspace: <o tag> $| <rest> $| <result of lookup> <>
2572dnl no match and nothing left: return
2573R<$+> $| <> $| <?> <>		$@ <?>
2574dnl no match but something left: continue
2575R<$+> $| <$+> $| <?> <>		$@ $>SearchList <$1> $| <$2>
2576dnl match: return
2577R<$+> $| <$*> $| <$+> <>	$@ <$3>
2578dnl return result from recursive invocation
2579R<$+> $| <$+>			$@ <$2>
2580dnl endif _ACCESS_TABLE_
2581divert(0)
2582
2583######################################################################
2584###  trust_auth: is user trusted to authenticate as someone else?
2585###
2586###	Parameters:
2587###		$1: AUTH= parameter from MAIL command
2588######################################################################
2589
2590dnl empty ruleset definition so it can be called
2591SLocal_trust_auth
2592Strust_auth
2593R$*			$: $&{auth_type} $| $1
2594# required by RFC 2554 section 4.
2595R$@ $| $*		$#error $@ 5.7.1 $: "550 not authenticated"
2596dnl seems to be useful...
2597R$* $| $&{auth_authen}		$@ identical
2598R$* $| <$&{auth_authen}>	$@ identical
2599dnl call user supplied code
2600R$* $| $*		$: $1 $| $>"Local_trust_auth" $2
2601R$* $| $#$*		$#$2
2602dnl default: error
2603R$*			$#error $@ 5.7.1 $: "550 " $&{auth_authen} " not allowed to act as " $&{auth_author}
2604
2605######################################################################
2606###  Relay_Auth: allow relaying based on authentication?
2607###
2608###	Parameters:
2609###		$1: ${auth_type}
2610######################################################################
2611SLocal_Relay_Auth
2612
2613######################################################################
2614###  srv_features: which features to offer to a client?
2615###	(done in server)
2616######################################################################
2617Ssrv_features
2618ifdef(`_LOCAL_SRV_FEATURES_', `dnl
2619R$*			$: $1 $| $>"Local_srv_features" $1
2620R$* $| $#$*		$#$2
2621R$* $| $*		$: $1', `dnl')
2622ifdef(`_ACCESS_TABLE_', `dnl
2623R$*		$: $>D <$&{client_name}> <?> <! SRV_FEAT_TAG> <>
2624R<?>$*		$: $>A <$&{client_addr}> <?> <! SRV_FEAT_TAG> <>
2625R<?>$*		$: <$(access SRV_FEAT_TAG`'_TAG_DELIM_ $: ? $)>
2626R<?>$*		$@ OK
2627ifdef(`_ATMPF_', `dnl tempfail?
2628R<$* _ATMPF_>$*	$#temp', `dnl')
2629R<$+>$*		$# $1')
2630
2631######################################################################
2632###  try_tls: try to use STARTTLS?
2633###	(done in client)
2634######################################################################
2635Stry_tls
2636ifdef(`_LOCAL_TRY_TLS_', `dnl
2637R$*			$: $1 $| $>"Local_try_tls" $1
2638R$* $| $#$*		$#$2
2639R$* $| $*		$: $1', `dnl')
2640ifdef(`_ACCESS_TABLE_', `dnl
2641R$*		$: $>D <$&{server_name}> <?> <! TLS_TRY_TAG> <>
2642R<?>$*		$: $>A <$&{server_addr}> <?> <! TLS_TRY_TAG> <>
2643R<?>$*		$: <$(access TLS_TRY_TAG`'_TAG_DELIM_ $: ? $)>
2644R<?>$*		$@ OK
2645ifdef(`_ATMPF_', `dnl tempfail?
2646R<$* _ATMPF_>$*	$#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
2647R<NO>$*		$#error $@ 5.7.1 $: "550 do not try TLS with " $&{server_name} " ["$&{server_addr}"]"')
2648
2649######################################################################
2650###  tls_rcpt: is connection with server "good" enough?
2651###	(done in client, per recipient)
2652dnl called from deliver() before RCPT command
2653###
2654###	Parameters:
2655###		$1: recipient
2656######################################################################
2657Stls_rcpt
2658ifdef(`_LOCAL_TLS_RCPT_', `dnl
2659R$*			$: $1 $| $>"Local_tls_rcpt" $1
2660R$* $| $#$*		$#$2
2661R$* $| $*		$: $1', `dnl')
2662ifdef(`_ACCESS_TABLE_', `dnl
2663dnl store name of other side
2664R$*			$: $(macro {TLS_Name} $@ $&{server_name} $) $1
2665dnl canonify recipient address
2666R$+			$: <?> $>CanonAddr $1
2667dnl strip trailing dots
2668R<?> $+ < @ $+ . >	<?> $1 <@ $2 >
2669dnl full address?
2670R<?> $+ < @ $+ >	$: $1 <@ $2 > $| <F:$1@$2> <U:$1@> <D:$2> <E:>
2671dnl only localpart?
2672R<?> $+			$: $1 $| <U:$1@> <E:>
2673dnl look it up
2674dnl also look up a default value via E:
2675R$* $| $+	$: $1 $| $>SearchList <! TLS_RCPT_TAG> $| $2 <>
2676dnl found nothing: stop here
2677R$* $| <?>	$@ OK
2678ifdef(`_ATMPF_', `dnl tempfail?
2679R$* $| <$* _ATMPF_>	$#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
2680dnl use the generic routine (for now)
2681R$* $| <$+>	$@ $>"TLS_connection" $&{verify} $| <$2>')
2682
2683######################################################################
2684###  tls_client: is connection with client "good" enough?
2685###	(done in server)
2686###
2687###	Parameters:
2688###		${verify} $| (MAIL|STARTTLS)
2689######################################################################
2690dnl MAIL: called from check_mail
2691dnl STARTTLS: called from smtp() after STARTTLS has been accepted
2692Stls_client
2693ifdef(`_LOCAL_TLS_CLIENT_', `dnl
2694R$*			$: $1 <?> $>"Local_tls_client" $1
2695R$* <?> $#$*		$#$2
2696R$* <?> $*		$: $1', `dnl')
2697ifdef(`_ACCESS_TABLE_', `dnl
2698dnl store name of other side
2699R$*		$: $(macro {TLS_Name} $@ $&{server_name} $) $1
2700dnl ignore second arg for now
2701dnl maybe use it to distinguish permanent/temporary error?
2702dnl if MAIL: permanent (STARTTLS has not been offered)
2703dnl if STARTTLS: temporary (offered but maybe failed)
2704R$* $| $*	$: $1 $| $>D <$&{client_name}> <?> <! TLS_CLT_TAG> <>
2705R$* $| <?>$*	$: $1 $| $>A <$&{client_addr}> <?> <! TLS_CLT_TAG> <>
2706dnl do a default lookup: just TLS_CLT_TAG
2707R$* $| <?>$*	$: $1 $| <$(access TLS_CLT_TAG`'_TAG_DELIM_ $: ? $)>
2708ifdef(`_ATMPF_', `dnl tempfail?
2709R$* $| <$* _ATMPF_>	$#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
2710R$*		$@ $>"TLS_connection" $1', `dnl
2711R$* $| $*	$@ $>"TLS_connection" $1')
2712
2713######################################################################
2714###  tls_server: is connection with server "good" enough?
2715###	(done in client)
2716###
2717###	Parameter:
2718###		${verify}
2719######################################################################
2720dnl i.e. has the server been authenticated and is encryption active?
2721dnl called from deliver() after STARTTLS command
2722Stls_server
2723ifdef(`_LOCAL_TLS_SERVER_', `dnl
2724R$*			$: $1 $| $>"Local_tls_server" $1
2725R$* $| $#$*		$#$2
2726R$* $| $*		$: $1', `dnl')
2727ifdef(`_ACCESS_TABLE_', `dnl
2728dnl store name of other side
2729R$*		$: $(macro {TLS_Name} $@ $&{server_name} $) $1
2730R$*		$: $1 $| $>D <$&{server_name}> <?> <! TLS_SRV_TAG> <>
2731R$* $| <?>$*	$: $1 $| $>A <$&{server_addr}> <?> <! TLS_SRV_TAG> <>
2732dnl do a default lookup: just TLS_SRV_TAG
2733R$* $| <?>$*	$: $1 $| <$(access TLS_SRV_TAG`'_TAG_DELIM_ $: ? $)>
2734ifdef(`_ATMPF_', `dnl tempfail?
2735R$* $| <$* _ATMPF_>	$#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
2736R$*		$@ $>"TLS_connection" $1', `dnl
2737R$*		$@ $>"TLS_connection" $1')
2738
2739######################################################################
2740###  TLS_connection: is TLS connection "good" enough?
2741###
2742###	Parameters:
2743ifdef(`_ACCESS_TABLE_', `dnl
2744###		${verify} $| <Requirement> [<>]', `dnl
2745###		${verify}')
2746###		Requirement: RHS from access map, may be ? for none.
2747dnl	syntax for Requirement:
2748dnl	[(PERM|TEMP)+] (VERIFY[:bits]|ENCR:bits) [+extensions]
2749dnl	extensions: could be a list of further requirements
2750dnl		for now: CN:string	{cn_subject} == string
2751######################################################################
2752STLS_connection
2753ifdef(`_ACCESS_TABLE_', `dnl', `dnl use default error
2754dnl deal with TLS handshake failures: abort
2755RSOFTWARE	$#error $@ ifdef(`TLS_PERM_ERR', `5.7.0', `4.7.0') $: "ifdef(`TLS_PERM_ERR', `503', `403') TLS handshake."
2756divert(-1)')
2757dnl common ruleset for tls_{client|server}
2758dnl input: ${verify} $| <ResultOfLookup> [<>]
2759dnl remove optional <>
2760R$* $| <$*>$*			$: $1 $| <$2>
2761dnl workspace: ${verify} $| <ResultOfLookup>
2762# create the appropriate error codes
2763dnl permanent or temporary error?
2764R$* $| <PERM + $={Tls} $*>	$: $1 $| <503:5.7.0> <$2 $3>
2765R$* $| <TEMP + $={Tls} $*>	$: $1 $| <403:4.7.0> <$2 $3>
2766dnl default case depends on TLS_PERM_ERR
2767R$* $| <$={Tls} $*>		$: $1 $| <ifdef(`TLS_PERM_ERR', `503:5.7.0', `403:4.7.0')> <$2 $3>
2768dnl workspace: ${verify} $| [<SMTP:ESC>] <ResultOfLookup>
2769# deal with TLS handshake failures: abort
2770RSOFTWARE $| <$-:$+> $* 	$#error $@ $2 $: $1 " TLS handshake failed."
2771dnl no <reply:dns> i.e. not requirements in the access map
2772dnl use default error
2773RSOFTWARE $| $* 		$#error $@ ifdef(`TLS_PERM_ERR', `5.7.0', `4.7.0') $: "ifdef(`TLS_PERM_ERR', `503', `403') TLS handshake failed."
2774# deal with TLS protocol errors: abort
2775RPROTOCOL $| <$-:$+> $* 	$#error $@ $2 $: $1 " STARTTLS failed."
2776dnl no <reply:dns> i.e. not requirements in the access map
2777dnl use default error
2778RPROTOCOL $| $* 		$#error $@ ifdef(`TLS_PERM_ERR', `5.7.0', `4.7.0') $: "ifdef(`TLS_PERM_ERR', `503', `403') STARTTLS failed."
2779R$* $| <$*> <VERIFY>		$: <$2> <VERIFY> <> $1
2780dnl separate optional requirements
2781R$* $| <$*> <VERIFY + $+>	$: <$2> <VERIFY> <$3> $1
2782R$* $| <$*> <$={Tls}:$->$*	$: <$2> <$3:$4> <> $1
2783dnl separate optional requirements
2784R$* $| <$*> <$={Tls}:$- + $+>$*	$: <$2> <$3:$4> <$5> $1
2785dnl some other value in access map: accept
2786dnl this also allows to override the default case (if used)
2787R$* $| $*			$@ OK
2788# authentication required: give appropriate error
2789# other side did authenticate (via STARTTLS)
2790dnl workspace: <SMTP:ESC> <{VERIFY,ENCR}[:BITS]> <[extensions]> ${verify}
2791dnl only verification required and it succeeded
2792R<$*><VERIFY> <> OK		$@ OK
2793dnl verification required and it succeeded but extensions are given
2794dnl change it to <SMTP:ESC> <REQ:0>  <extensions>
2795R<$*><VERIFY> <$+> OK		$: <$1> <REQ:0> <$2>
2796dnl verification required + some level of encryption
2797R<$*><VERIFY:$-> <$*> OK	$: <$1> <REQ:$2> <$3>
2798dnl just some level of encryption required
2799R<$*><ENCR:$-> <$*> $*		$: <$1> <REQ:$2> <$3>
2800dnl workspace:
2801dnl 1. <SMTP:ESC> <VERIFY [:bits]>  <[extensions]> {verify} (!= OK)
2802dnl 2. <SMTP:ESC> <REQ:bits>  <[extensions]>
2803dnl verification required but ${verify} is not set (case 1.)
2804R<$-:$+><VERIFY $*> <$*>	$#error $@ $2 $: $1 " authentication required"
2805R<$-:$+><VERIFY $*> <$*> FAIL	$#error $@ $2 $: $1 " authentication failed"
2806R<$-:$+><VERIFY $*> <$*> NO	$#error $@ $2 $: $1 " not authenticated"
2807R<$-:$+><VERIFY $*> <$*> NOT	$#error $@ $2 $: $1 " no authentication requested"
2808R<$-:$+><VERIFY $*> <$*> NONE	$#error $@ $2 $: $1 " other side does not support STARTTLS"
2809dnl some other value for ${verify}
2810R<$-:$+><VERIFY $*> <$*> $+	$#error $@ $2 $: $1 " authentication failure " $4
2811dnl some level of encryption required: get the maximum level (case 2.)
2812R<$*><REQ:$-> <$*>		$: <$1> <REQ:$2> <$3> $>max $&{cipher_bits} : $&{auth_ssf}
2813dnl compare required bits with actual bits
2814R<$*><REQ:$-> <$*> $-		$: <$1> <$2:$4> <$3> $(arith l $@ $4 $@ $2 $)
2815R<$-:$+><$-:$-> <$*> TRUE	$#error $@ $2 $: $1 " encryption too weak " $4 " less than " $3
2816dnl strength requirements fulfilled
2817dnl TLS Additional Requirements Separator
2818dnl this should be something which does not appear in the extensions itself
2819dnl @ could be part of a CN, DN, etc...
2820dnl use < > ? those are encoded in CN, DN, ...
2821define(`_TLS_ARS_', `++')dnl
2822dnl workspace:
2823dnl <SMTP:ESC> <REQ:bits> <extensions> result-of-compare
2824R<$-:$+><$-:$-> <$*> $*		$: <$1:$2 _TLS_ARS_ $5>
2825dnl workspace: <SMTP:ESC _TLS_ARS_ extensions>
2826dnl continue: check  extensions
2827R<$-:$+ _TLS_ARS_ >			$@ OK
2828dnl split extensions into own list
2829R<$-:$+ _TLS_ARS_ $+ >			$: <$1:$2> <$3>
2830R<$-:$+> < $+ _TLS_ARS_ $+ >		<$1:$2> <$3> <$4>
2831R<$-:$+> $+			$@ $>"TLS_req" $3 $| <$1:$2>
2832
2833######################################################################
2834###  TLS_req: check additional TLS requirements
2835###
2836###	Parameters: [<list> <of> <req>] $| <$-:$+>
2837###		$-: SMTP reply code
2838###		$+: Enhanced Status Code
2839dnl  further requirements for this ruleset:
2840dnl	name of "other side" is stored is {TLS_name} (client/server_name)
2841dnl
2842dnl	currently only CN[:common_name] is implemented
2843dnl	right now this is only a logical AND
2844dnl	i.e. all requirements must be true
2845dnl	how about an OR? CN must be X or CN must be Y or ..
2846dnl	use a macro to compute this as a trivial sequential
2847dnl	operations (no precedences etc)?
2848######################################################################
2849STLS_req
2850dnl no additional requirements: ok
2851R $| $+		$@ OK
2852dnl require CN: but no CN specified: use name of other side
2853R<CN> $* $| <$+>		$: <CN:$&{TLS_Name}> $1 $| <$2>
2854dnl match, check rest
2855R<CN:$&{cn_subject}> $* $| <$+>		$@ $>"TLS_req" $1 $| <$2>
2856dnl CN does not match
2857dnl  1   2      3  4
2858R<CN:$+> $* $| <$-:$+>	$#error $@ $4 $: $3 " CN " $&{cn_subject} " does not match " $1
2859dnl cert subject
2860R<CS:$&{cert_subject}> $* $| <$+>	$@ $>"TLS_req" $1 $| <$2>
2861dnl CS does not match
2862dnl  1   2      3  4
2863R<CS:$+> $* $| <$-:$+>	$#error $@ $4 $: $3 " Cert Subject " $&{cert_subject} " does not match " $1
2864dnl match, check rest
2865R<CI:$&{cert_issuer}> $* $| <$+>	$@ $>"TLS_req" $1 $| <$2>
2866dnl CI does not match
2867dnl  1   2      3  4
2868R<CI:$+> $* $| <$-:$+>	$#error $@ $4 $: $3 " Cert Issuer " $&{cert_issuer} " does not match " $1
2869dnl return from recursive call
2870ROK			$@ OK
2871
2872######################################################################
2873###  max: return the maximum of two values separated by :
2874###
2875###	Parameters: [$-]:[$-]
2876######################################################################
2877Smax
2878R:		$: 0
2879R:$-		$: $1
2880R$-:		$: $1
2881R$-:$-		$: $(arith l $@ $1 $@ $2 $) : $1 : $2
2882RTRUE:$-:$-	$: $2
2883R$-:$-:$-	$: $2
2884dnl endif _ACCESS_TABLE_
2885divert(0)
2886
2887######################################################################
2888###  RelayTLS: allow relaying based on TLS authentication
2889###
2890###	Parameters:
2891###		none
2892######################################################################
2893SRelayTLS
2894# authenticated?
2895dnl we do not allow relaying for anyone who can present a cert
2896dnl signed by a "trusted" CA. For example, even if we put verisigns
2897dnl CA in CertPath so we can authenticate users, we do not allow
2898dnl them to abuse our server (they might be easier to get hold of,
2899dnl but anyway).
2900dnl so here is the trick: if the verification succeeded
2901dnl we look up the cert issuer in the access map
2902dnl (maybe after extracting a part with a regular expression)
2903dnl if this returns RELAY we relay without further questions
2904dnl if it returns SUBJECT we perform a similar check on the
2905dnl cert subject.
2906ifdef(`_ACCESS_TABLE_', `dnl
2907R$*			$: <?> $&{verify}
2908R<?> OK			$: OK		authenticated: continue
2909R<?> $*			$@ NO		not authenticated
2910ifdef(`_CERT_REGEX_ISSUER_', `dnl
2911R$*			$: $(CERTIssuer $&{cert_issuer} $)',
2912`R$*			$: $&{cert_issuer}')
2913R$+			$: $(access CERTISSUER`'_TAG_DELIM_`'$1 $)
2914dnl use $# to stop further checks (delay_check)
2915RRELAY			$# RELAY
2916ifdef(`_CERT_REGEX_SUBJECT_', `dnl
2917RSUBJECT		$: <@> $(CERTSubject $&{cert_subject} $)',
2918`RSUBJECT		$: <@> $&{cert_subject}')
2919R<@> $+			$: <@> $(access CERTSUBJECT`'_TAG_DELIM_`'$1 $)
2920R<@> RELAY		$# RELAY
2921R$*			$: NO', `dnl')
2922
2923######################################################################
2924###  authinfo: lookup authinfo in the access map
2925###
2926###	Parameters:
2927###		$1: {server_name}
2928###		$2: {server_addr}
2929dnl	both are currently ignored
2930dnl if it should be done via another map, we either need to restrict
2931dnl functionality (it calls D and A) or copy those rulesets (or add another
2932dnl parameter which I want to avoid, it's quite complex already)
2933######################################################################
2934dnl omit this ruleset if neither is defined?
2935dnl it causes DefaultAuthInfo to be ignored
2936dnl (which may be considered a good thing).
2937Sauthinfo
2938ifdef(`_AUTHINFO_TABLE_', `dnl
2939R$*		$: <$(authinfo AuthInfo:$&{server_name} $: ? $)>
2940R<?>		$: <$(authinfo AuthInfo:$&{server_addr} $: ? $)>
2941R<?>		$: <$(authinfo AuthInfo: $: ? $)>
2942R<?>		$@ no				no authinfo available
2943R<$*>		$# $1
2944dnl', `dnl
2945ifdef(`_ACCESS_TABLE_', `dnl
2946R$*		$: $1 $| $>D <$&{server_name}> <?> <! AuthInfo> <>
2947R$* $| <?>$*	$: $1 $| $>A <$&{server_addr}> <?> <! AuthInfo> <>
2948R$* $| <?>$*	$: $1 $| <$(access AuthInfo`'_TAG_DELIM_ $: ? $)> <>
2949R$* $| <?>$*	$@ no				no authinfo available
2950R$* $| <$*> <>	$# $2
2951dnl', `dnl')')
2952
2953ifdef(`_RATE_CONTROL_',`dnl
2954######################################################################
2955###  RateControl:
2956###	Parameters:	ignored
2957###	return: $#error or OK
2958######################################################################
2959SRateControl
2960ifdef(`_ACCESS_TABLE_', `dnl
2961R$*		$: <A:$&{client_addr}> <E:>
2962dnl also look up a default value via E:
2963R$+		$: $>SearchList <! ClientRate> $| $1 <>
2964dnl found nothing: stop here
2965R<?>		$@ OK
2966ifdef(`_ATMPF_', `dnl tempfail?
2967R<$* _ATMPF_>	$#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
2968dnl use the generic routine (for now)
2969R<0>		$@ OK		no limit
2970R<$+>		$: <$1> $| $(arith l $@ $1 $@ $&{client_rate} $)
2971dnl log this? Connection rate $&{client_rate} exceeds limit $1.
2972R<$+> $| TRUE	$#error $@ 4.3.2 $: _RATE_CONTROL_REPLY Connection rate limit exceeded.
2973')')
2974
2975ifdef(`_CONN_CONTROL_',`dnl
2976######################################################################
2977###  ConnControl:
2978###	Parameters:	ignored
2979###	return: $#error or OK
2980######################################################################
2981SConnControl
2982ifdef(`_ACCESS_TABLE_', `dnl
2983R$*		$: <A:$&{client_addr}> <E:>
2984dnl also look up a default value via E:
2985R$+		$: $>SearchList <! ClientConn> $| $1 <>
2986dnl found nothing: stop here
2987R<?>		$@ OK
2988ifdef(`_ATMPF_', `dnl tempfail?
2989R<$* _ATMPF_>	$#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
2990dnl use the generic routine (for now)
2991R<0>		$@ OK		no limit
2992R<$+>		$: <$1> $| $(arith l $@ $1 $@ $&{client_connections} $)
2993dnl log this: Open connections $&{client_connections} exceeds limit $1.
2994R<$+> $| TRUE	$#error $@ 4.3.2 $: _CONN_CONTROL_REPLY Too many open connections.
2995')')
2996
2997undivert(9)dnl LOCAL_RULESETS
2998#
2999######################################################################
3000######################################################################
3001#####
3002`#####			MAIL FILTER DEFINITIONS'
3003#####
3004######################################################################
3005######################################################################
3006_MAIL_FILTERS_
3007#
3008######################################################################
3009######################################################################
3010#####
3011`#####			MAILER DEFINITIONS'
3012#####
3013######################################################################
3014######################################################################
3015undivert(7)dnl MAILER_DEFINITIONS
3016
3017