# # Copyright (c) 1998-2003 Sendmail, Inc. and its suppliers. # All rights reserved. # Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved. # Copyright (c) 1988, 1993 # The Regents of the University of California. All rights reserved. # # By using this file, you agree to the terms and conditions set # forth in the LICENSE file which can be found at the top level of # the sendmail distribution. # # ###################################################################### ###################################################################### ##### ##### SENDMAIL CONFIGURATION FILE ##### ##### built by root@corvax.falbi.kiev.ua on Tue Dec 14 11:28:15 EET 2004 ##### in /usr/local/debug/mail/sendmail/mc/test ##### using /usr/share/sendmail-cf/ as configuration include directory ##### ###################################################################### ##### ##### DO NOT EDIT THIS FILE! Only edit the source .mc file. ##### ###################################################################### ###################################################################### ##### $Id: cfhead.m4,v 8.108.2.6 2003/12/05 02:26:47 ca Exp $ ##### ##### $Id: cf.m4,v 8.32 1999/02/07 07:26:14 gshapiro Exp $ ##### ##### $Id: linux.m4,v 8.13 2000/09/17 17:30:00 gshapiro Exp $ ##### ##### $Id: local_procmail.m4,v 8.21.42.1 2002/11/17 04:25:07 ca Exp $ ##### ##### 8.12.9-0.30 Corvax mail relay (c) 2001-2003 by Victor Ustugov aka corvax ##### ##### $Id: cfhead.m4,v 8.12-0.02 2004/07/29 15:19:49 corvax Exp $ ##### ##### $Id: dnsbl.m4,v 8.28 2002/05/19 21:22:40 gshapiro Exp $ ##### ##### $Id: enhdnsbl.m4,v 1.9 2002/05/19 21:27:29 gshapiro Exp $ ##### ##### $Id: rhsbl.m4,v 1.11 2002/08/29 20:31:08 mokr Exp $ ##### ##### $Id: smtp_auth.m4,v 8.12-0.02 2003/09/22 19:20:00 corvax Exp $ ##### ##### $Id: starttls.m4,v 8.12-0.02 2003/09/22 19:20:00 corvax Exp $ ##### ##### $Id: delay_checks.m4,v 8.8 2000/12/05 18:50:45 ca Exp $ ##### ##### $Id: no_default_msa.m4,v 8.2 2001/02/14 05:03:22 gshapiro Exp $ ##### ##### $Id: smrsh.m4,v 8.14 1999/11/18 05:06:23 ca Exp $ ##### ##### $Id: mailertable.m4,v 8.23 2001/03/16 00:51:26 gshapiro Exp $ ##### ##### $Id: virtusertable.m4,v 8.21 2001/03/16 00:51:26 gshapiro Exp $ ##### ##### $Id: redirect.m4,v 8.15 1999/08/06 01:47:36 gshapiro Exp $ ##### ##### $Id: always_add_domain.m4,v 8.11 2000/09/12 22:00:53 ca Exp $ ##### ##### $Id: use_cw_file.m4,v 8.11 2001/08/26 20:58:57 gshapiro Exp $ ##### ##### $Id: use_ct_file.m4,v 8.11 2001/08/26 20:58:57 gshapiro Exp $ ##### ##### $Id: local_procmail.m4,v 8.21.42.1 2002/11/17 04:25:07 ca Exp $ ##### ##### $Id: access_db_sequence.m4,v 8.12-0.02 2003/09/22 19:20:00 corvax Exp $ ##### ##### $Id: access_db_sequence.m4,v 8.12-0.02 2003/09/22 19:20:00 corvax Exp $ ##### ##### $Id: access_db_sequence.m4,v 8.12-0.02 2003/09/22 19:20:00 corvax Exp $ ##### ##### $Id: access_db_sequence.m4,v 8.12-0.02 2003/09/22 19:20:00 corvax Exp $ ##### ##### $Id: access_db_sequence.m4,v 8.12-0.02 2003/09/22 19:20:00 corvax Exp $ ##### ##### $Id: access_db.m4,v 8.24 2002/03/06 21:50:25 ca Exp $ ##### ##### $Id: blacklist_recipients.m4,v 8.13 1999/04/02 02:25:13 gshapiro Exp $ ##### ##### $Id: precheck_envelope.m4,v 8.12-0.08 2004/11/03 20:31:25 corvax Exp $ ##### ##### $Id: is_outgoing.m4,v 8.12-0.04 2004/07/23 15:11:10 corvax Exp $ ##### ##### $Id: verify_sender_check_host.m4,v 8.12-0.03 2003/09/12 09:46:32 corvax Exp $ ##### ##### $Id: check_mail_from.m4,v 8.12-0.03 2003/09/20 21:43:54 corvax Exp $ ##### ##### $Id: check_numeric_mailbox.m4,v 8.12-0.02 2003/09/22 19:20:00 corvax Exp $ ##### ##### $Id: check_rcpt_to.m4,v 8.12-0.03 2003/09/20 22:18:15 corvax Exp $ ##### ##### $Id: check_helo.m4,v 8.12-0.18 2004/10/22 12:32:42 corvax Exp $ ##### ##### $Id: check_ip.m4,v 8.12-0.03 2004/07/24 20:50:35 corvax Exp $ ##### ##### $Id: check_date.m4,v 8.12-0.03 2003/09/20 22:22:27 corvax Exp $ ##### ##### $Id: check_mailing_list.m4,v 8.12-0.02 2003/09/22 19:20:00 corvax Exp $ ##### ##### $Id: check_organization.m4,v 8.12-0.02 2003/09/22 19:20:00 corvax Exp $ ##### ##### $Id: check_mailer.m4,v 8.12-0.03 2004/07/23 15:02:44 corvax Exp $ ##### ##### $Id: check_message_id.m4,v 8.12-0.06 2004/07/23 15:09:55 corvax Exp $ ##### ##### $Id: check_subject.m4,v 8.12-0.07 2004/07/23 15:24:23 corvax Exp $ ##### ##### $Id: check_misc.m4,v 8.12-0.01 2003/09/12 09:46:32 corvax Exp $ ##### ##### $Id: relay_based_on_MX.m4,v 8.12-0.10 2004/11/14 00:54:09 corvax Exp $ ##### ##### $Id: compat_check.m4,v 8.12-0.08 2003/09/22 19:20:00 corvax Exp $ ##### ##### $Id: restrict_luser_relay.m4,v 8.12-0.07 2004/04/11 10:39:35 corvax Exp $ ##### ##### $Id: check_DSN.m4,v 8.12-07 2004/11/04 13:20:33 corvax Exp $ ##### ##### $Id: check_fake_local.m4,v 8.12-0.03 2003/09/22 19:20:00 corvax Exp $ ##### ##### $Id: check_fake_internal.m4,v 8.12-0.07 2004/12/13 15:25:15 corvax Exp $ ##### ##### $Id: add_milter.m4,v 8.12-0.02 2003/09/22 19:20:00 corvax Exp $ ##### ##### $Id: check_from.m4,v 8.12-01 2004/04/21 11:44:25 corvax Exp $ ##### ##### $Id: check_to.m4,v 8.12-01 2004/04/28 10:12:35 corvax Exp $ ##### ##### $Id: check_mail_domain_best_mx.m4,v 8.12-0.02 2004/08/18 17:17:33 corvax Exp $ ##### ##### $Id: restrict_incoming_mail.m4,v 8.12-0.05 2004/10/30 17:01:29 corvax Exp $ ##### ##### $Id: check_received.m4,v 8.12-0.04 2004/10/28 15:28:31 corvax Exp $ ##### ##### $Id: parse_received.m4,v 8.12-0.03 2004/07/23 15:03:02 corvax Exp $ ##### ##### $Id: check_relay_dialup.m4,v 8.12-0.07 2004/08/31 12:34:29 corvax Exp $ ##### ##### $Id: check_relay_dialup_regex.m4,v 8.12-0.02 2004/08/30 11:49:16 corvax Exp $ ##### ##### $Id: check_relay_dialup_digits.m4,v 8.12-0.03 2004/11/11 13:01:45 corvax Exp $ ##### ##### $Id: verify_sender.m4,v 8.12-0.06 2003/09/12 20:29:15 corvax Exp $ ##### ##### $Id: proto.m4,v 8.649.2.30 2004/01/11 17:54:06 ca Exp $ ##### # level 10 config file format V10/Berkeley # override file safeties - setting this option compromises system security, # addressing the actual file configuration problem is preferred # need to set this before any file actions are encountered in the cf file #O DontBlameSendmail=safe # default LDAP map specification # need to set this now before any LDAP maps are defined #O LDAPDefaultSpec=-h localhost ################## # local info # ################## # my LDAP cluster # need to set this before any LDAP lookups are done (including classes) #D{sendmailMTACluster}$m Cwlocalhost # file containing names of hosts for which we receive email Fw/etc/mail/local-host-names # my official domain name # ... define this only if sendmail cannot automatically determine your domain #Dj$w.Foo.COM # host/domain names ending with a token in class P are canonical CP. # "Smart" relay host (may be null) DS # place to which unknown users should be forwarded Kuser user -m -a<> DLlocal:mailmanager # operators that cannot be in local usernames (i.e., network indicators) CO @ % ! # a class with just dot (for identifying canonical names) C.. # a class with just a left bracket (for identifying domain literals) C[[ # access_db acceptance class C{Accept}OK RELAY # possible access_db RHS for spam friends/haters C{SpamTag}SPAMFRIEND SPAMHATER # Resolve map (to check if a host exists in check_mail) Kresolve host -a -T C{ResOk}OKR # Hosts for which relaying is permitted ($=R) FR-o /etc/mail/relay-domains # arithmetic map Karith arith # macro storage map Kmacro macro # possible values for TLS_connection in access map C{tls}VERIFY ENCR # dequoting map Kdequote dequote # class E: names that should be exposed as from this host, even if we masquerade # class L: names that should be delivered locally, even if we have a relay # class M: domains that should be converted to $M # class N: domains that should not be converted to $M #CL root C{TrustAuthMech}EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN C{E}root C{w}localhost.localdomain C{E}root # my name for error messages DnMAILER-DAEMON D{Feedback_Msg}" - If you have any questions please email postmaster@$j" D{SpamMsg}we do not want to receive spam messages Klog syslog Kmacro macro Karith arith # map for DNS based lookups Kdns_a dns -R A -a. -T -r5 Kdns_ptr dns -R PTR -a. -T -r5 Kdns_txt dns -R TXT -a. -T -r5 Kmxserved_best bestmx -T Kmxserved bestmx -z: -T # # Regular expression to reject: # * connections from dial-up/dsl/cable networks # # Kdulpat01 regex -a@MATCH ^(.+\.)*(.*dsl|dial-*(up|in)|ppp|ts|[dhc])-*[0-9A-Fa-f-]+[.-] # Kdulpat01 regex -a@MATCH ^(.*cable|host|ip|dyn-*ip|cpe|modem|pool|cable|dhcp|.*dsl|dial-*(up|in)|ppp|pppoe|d|user)-*[0-9A-Fa-f-]+[\.-] Kdulpat01 regex -a@MATCH ^(.+\.)*(.*dsl|pool-|dial-*(up|in)|ppp)-*[0-9A-Fa-f-]+[.-] #Kdulpat02 regex -a@MATCH ^(.+\.)*(adsl|dsl|dhcp|cable|dslam|user|client|pool|subnet|network)(\.|-|[0-9]|_) Kdulpat02 regex -a@MATCH (dial|dialup|adsl|dsl|dhcp|dyn|ip|ipt|ppp|cable|dslam|user|client|pool|subnet|network)(\.|-|[0-9]|_) Kdulpat03 regex -a@MATCH ^(.+[\.\-])?(adsl|cable|client|dhcp|dial|dial-in|dial-up|dialup|dsl|dyn|dynamic|dyndsl|pool|ppp|user|xdsl)[\.\-_0-9].+ Kdulpat sequence dulpat01 dulpat02 dulpat03 # # Regular expression to reject (in MAIL FROM and RCPT TO fields): # * numeric-only (possible "-") localparts from geocities.com # * numeric-only localparts from aol.com and msn.com # * localparts starting with a digit from juno.com # * localparts longer than 20 characters from aol.com # Kcheckaddress_canonified regex -a@MATCH ^([0-9\-]+<@geocities\.com|[0-9]+<@(aol|msn)\.com|[0-9][^<]*<@juno\.com|.{20}[^<]+<@aol\.com)\.?> # # Regular expression to reject the same addresses but in FROM and TO fields: # Kcheckaddress regex -a@MATCH ^.*? # # Regular expression to reject: # * numeric-only mailboxes # Kallnumbers regex -a@MATCH ^[0-9]+$ Kallnumbersdots regex -a@MATCH ^[0-9]+[0-9\._]+[0-9]+$ # map for DNS based blacklist lookups Kdnsbl host -T # map for enhanced DNS based blacklist lookups Kednsbl dns -R A -a. -T -r5 # # Insert authentication information # #H?{auth_authen}?X-Authenticated:$?{auth_type}with ${auth_type}$.$?{auth_authen} from ${auth_authen}$. at $j H?{auth_authen}?X-Authenticated:$?{auth_type}$?{auth_authen} with ${auth_type} from ${auth_authen} at $j$.$. # Mailer table (overriding domains) Kmailertable hash -o /etc/mail/mailertable.db # Virtual user table (maps incoming users) Kvirtuser hash -o /etc/mail/virtusertable.db CPREDIRECT Kaccess1 hash -T -o /etc/mail/access.db Kaccess2 hash -T -o /etc/mail/access2.db Kaccess3 hash -T -o /etc/mail/access3.db Kaccess4 hash -T -o /etc/mail/access4.db Kaccess5 hash -T -o /etc/mail/access5.db # Access list database (for spam stomping) Kaccess sequence access1 access2 access3 access4 access5 Kvmail_auth program /usr/local/scripts/courier/checkuser.pl /usr/lib/courier-imap/etc/authmysqlrc Kippat regex -a@MATCH -n [0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3} D{Msg_date}"554 Bogus date format" D{MsgMailList}"554 This mailling list is disabled" D{BadOrg}We don't want to receive mail from your organization ${Feedback_Msg} D{BadMailer}MUA field rejected # # Regular expression to reject messages with subjects: # .+ {7}[0-9a-z]+ # .+ {7}\([0-9a-z]+\) # # example: # KCheck_Subject regex -a@MATCH ^([A-Za-z0-9[:space:]_-]{0,}(married|lonely|adult|voyers|pics|picture|hbibs|hot|sex|xxx))|([A-Za-z0-9[:space:]_-]{1,} {9,}[A-Za-z0-9_-]{1,}) # KSpamSubjectRegexp1 regex -a@MATCH ^.+ {7}\(?[a-zA-Z0-9]+\)?$ KSpamSubjectRegexp2 regex -a@MATCH ^.+ {7}\[?[a-zA-Z0-9]+\]?$ KSpamSubjectRegexp5 regex -a@MATCH ^.+![0-9]+$ KSpamSubjectRegexp6 regex -a@MATCH ^(Save|Make|Earn).+(cash|money) KSpamSubjectRegexp7 regex -a@MATCH ^([A-Za-z0-9[:space:]_-]{0,}(married|lonely|adult|voyers|pics|hbibs|sex|xxx))|([A-Za-z0-9[:space:]_-]{1,} {9,}[A-Za-z0-9_-]{1,}) # http://www.sophos.com/virusinfo/analyses/w32gibef.html #Ksubjgibe1 regex -a@DENY ^((Fwd?|Re):[[:space:]]*)*((Current|Last|Latest|New|Newest) )?(Critical|Security|Microsoft|Net|Network|Internet) ((Critical|Security) )?(Pack|Patch|Update|Upgrade)$ #Ksubjgibe2 regex -a@DENY ^((Fwd?|Re):[[:space:]]*)*(Current|Last|Latest|New|Newest) ((Critical|Security|Microsoft|Net|Network|Internet) )?((Critical|Security) )?(Pack|Patch|Update|Upgrade)$ #Ksubjgibe3 regex -a@DENY ^((Fwd?|Re):[[:space:]]*)*internet email storage system$ #Ksubjgibe4 regex -a@DENY ^((Fwd?|Re):[[:space:]]*)*((Abort|Error|Failure) )?(Advice|Announcement|Notice|Report|Letter|Message)$ Ksubjgibe1 regex -a@DENY ^((Fwd?|Re):[[:space:]]*)*((Current|Last|Latest|New|Newest).)?(Critical|Security|Microsoft|Net|Network|Internet).((Critical|Security).)?(Pack|Patch|Update|Upgrade)$ Ksubjgibe2 regex -a@DENY ^((Fwd?|Re):[[:space:]]*)*(Current|Last|Latest|New|Newest).((Critical|Security|Microsoft|Net|Network|Internet).)?((Critical|Security).)?(Pack|Patch|Update|Upgrade)$ Ksubjgibe3 regex -a@DENY ^((Fwd?|Re):[[:space:]]*)*internet.email.storage.system$ Ksubjgibe4 regex -a@DENY ^((Fwd?|Re):[[:space:]]*)*((Abort|Error|Failure).)?(Advice|Announcement|Notice|Report|Letter|Message)$ Ksubjgibe sequence subjgibe1 subjgibe2 subjgibe3 subjgibe4 KRegExprForTokenizing regex -a@RegExprForTokenizing@ ^@RegExprForTokenizing@$ # # Regular expression to reject SirCam worm # KSirCamWormMarker regex -f -a@SUSPECT multipart/mixed;.*boundary=----.+_Outlook_Express_message_boundary Knimda regex -a@MATCH ====_ABC[a-z0-9]+DEF_==== # # Regular expression to reject Content-Type field with "#" in boundary # KSpamContentType0 regex -f -a@SPAM multipart/alternative;.*boundary=\#+ # # Regular expression for reject Content-Type field as shown: # Content-Type: multipart/alternative; charset=koi8-r;boundary="----=_NextPart_551B6J0D8GGLA593A4K__6I8J" # Content-Type: multipart/mixed; charset=Windows-1251;boundary="----=_NextPart_A9707EH76230DE2G28B1CL75H" # KSpamContentType1 regex -f -a@SPAM multipart/[A-Za-z]+;.*charset="?[0-9A-Za-z-]+"?;.*boundary="?----=_NextPart_ # # Regular expression for reject Content-Type field as shown: # Content-Type: text/plain; charset="%Encoding" # KSpamContentType2 regex -f -a@SPAM text/plain;.*charset="?%Encoding"? KSpamContentType sequence SpamContentType0 SpamContentType1 SpamContentType2 Kmyquote dequote -s: HX-Envelope-To: $u Kdulpat_relay_0 regex -a@MATCH ^(.+[\.\-])?(adsl|cable|client|dhcp|dial|dial-in|dial-up|dialup|dsl|dyn|dynamic|dyndsl|pool|ppp|user|xdsl)[\.\-_0-9].+ Kdulpat_relay_1 regex -a@MATCH ^(.+\.)*(.*dsl|pool-|dial-*(up|in)|ppp)-*[0-9A-Fa-f-]+[.-] Kdulpat_relay_2 regex -a@MATCH (dial|dialup|adsl|dsl|dhcp|dyn|ip|ipt|ppp|cable|dslam|user|client|pool|subnet|network)(\.|-|[0-9]|_) Kdulpat_relay_3 regex -a@MATCH ^([^\[].*)?[0-9].*[0-9].*[0-9].*[0-9].*[0-9].*[0-9] Kmail_from_check program /usr/local/scripts/check_mail_address.pl # Configuration version number DZ8.12.11 ############### # Options # ############### # strip message body to 7 bits on input? O SevenBitInput=False # 8-bit data handling O EightBitMode=pass8 # wait for alias file rebuild (default units: minutes) O AliasWait=10 # location of alias file O AliasFile=/etc/aliases # minimum number of free blocks on filesystem O MinFreeBlocks=100 # maximum message size #O MaxMessageSize=1000000 # substitution for space (blank) characters O BlankSub=. # avoid connecting to "expensive" mailers on initial submission? O HoldExpensive=False # checkpoint queue runs after every N successful deliveries #O CheckpointInterval=10 # default delivery mode O DeliveryMode=background # error message header/file #O ErrorHeader=/etc/mail/error-header # error mode #O ErrorMode=print # save Unix-style "From_" lines at top of header? #O SaveFromLine=False # queue file mode (qf files) #O QueueFileMode=0600 # temporary file mode O TempFileMode=0600 # match recipients against GECOS field? #O MatchGECOS=False # maximum hop count #O MaxHopCount=25 # location of help file O HelpFile=/etc/mail/helpfile # ignore dots as terminators in incoming messages? #O IgnoreDots=False # name resolver options #O ResolverOptions=+AAONLY # deliver MIME-encapsulated error messages? O SendMimeErrors=True # Forward file search path O ForwardPath=$z/.forward.$w:$z/.forward # open connection cache size O ConnectionCacheSize=2 # open connection cache timeout O ConnectionCacheTimeout=5m # persistent host status directory O HostStatusDirectory=.hoststat # single thread deliveries (requires HostStatusDirectory)? #O SingleThreadDelivery=False # use Errors-To: header? O UseErrorsTo=False # log level O LogLevel=14 # send to me too, even in an alias expansion? #O MeToo=True # verify RHS in newaliases? O CheckAliases=False # default messages to old style headers if no special punctuation? O OldStyleHeaders=True # SMTP daemon options O DaemonPortOptions=Port=25,Name=MSA,M=E # SMTP client options #O ClientPortOptions=Family=inet, Address=0.0.0.0 # Modifiers to define {daemon_flags} for direct submissions #O DirectSubmissionModifiers # Use as mail submission program? See sendmail/SECURITY #O UseMSP # privacy flags O PrivacyOptions=authwarnings,novrfy,noexpn,restrictqrun,nobodyreturn # who (if anyone) should get extra copies of error messages O PostmasterCopy=errors # slope of queue-only function #O QueueFactor=600000 # limit on number of concurrent queue runners #O MaxQueueChildren # maximum number of queue-runners per queue-grouping with multiple queues #O MaxRunnersPerQueue=1 # priority of queue runners (nice(3)) #O NiceQueueRun # shall we sort the queue by hostname first? #O QueueSortOrder=priority # minimum time in queue before retry #O MinQueueAge=30m # how many jobs can you process in the queue? #O MaxQueueRunSize=10000 # perform initial split of envelope without checking MX records #O FastSplit=1 # queue directory O QueueDirectory=/var/spool/mqueue # key for shared memory; 0 to turn off #O SharedMemoryKey=0 # timeouts (many of these) #O Timeout.initial=5m O Timeout.connect=1m #O Timeout.aconnect=0s #O Timeout.iconnect=5m #O Timeout.helo=5m #O Timeout.mail=10m #O Timeout.rcpt=1h #O Timeout.datainit=5m #O Timeout.datablock=1h #O Timeout.datafinal=1h #O Timeout.rset=5m #O Timeout.quit=2m #O Timeout.misc=2m #O Timeout.command=1h O Timeout.ident=0 #O Timeout.fileopen=60s #O Timeout.control=2m O Timeout.queuereturn=5d #O Timeout.queuereturn.normal=5d #O Timeout.queuereturn.urgent=2d #O Timeout.queuereturn.non-urgent=7d O Timeout.queuewarn=4h #O Timeout.queuewarn.normal=4h #O Timeout.queuewarn.urgent=1h #O Timeout.queuewarn.non-urgent=12h #O Timeout.hoststatus=30m #O Timeout.resolver.retrans=5s #O Timeout.resolver.retrans.first=5s #O Timeout.resolver.retrans.normal=5s #O Timeout.resolver.retry=4 #O Timeout.resolver.retry.first=4 #O Timeout.resolver.retry.normal=4 #O Timeout.lhlo=2m #O Timeout.auth=10m #O Timeout.starttls=1h # time for DeliverBy; extension disabled if less than 0 #O DeliverByMin=0 # should we not prune routes in route-addr syntax addresses? #O DontPruneRoutes=False # queue up everything before forking? O SuperSafe=True # status file O StatusFile=/etc/mail/statistics # time zone handling: # if undefined, use system default # if defined but null, use TZ envariable passed in # if defined and non-null, use that info #O TimeZoneSpec= # default UID (can be username or userid:groupid) O DefaultUser=8:12 # list of locations of user database file (null means no lookup) O UserDatabaseSpec=/etc/mail/userdb.db # fallback MX host #O FallbackMXhost=fall.back.host.net # if we are the best MX host for a site, try it directly instead of config err O TryNullMXList=true # load average at which we just queue messages O QueueLA=8 # load average at which we refuse connections O RefuseLA=12 # load average at which we delay connections; 0 means no limit O DelayLA=8 # maximum number of children we allow at one time O MaxDaemonChildren=20 # maximum number of new connections per second O ConnectionRateThrottle=5 # work recipient factor #O RecipientFactor=30000 # deliver each queued job in a separate process? #O ForkEachJob=False # work class factor #O ClassFactor=1800 # work time factor #O RetryFactor=90000 # default character set O DefaultCharSet=koi8-r # service switch file (name hardwired on Solaris, Ultrix, OSF/1, others) #O ServiceSwitchFile=/etc/mail/service.switch # hosts file (normally /etc/hosts) #O HostsFile=/etc/hosts # dialup line delay on connection failure #O DialDelay=10s # action to take if there are no recipients in the message #O NoRecipientAction=add-to-undisclosed # chrooted environment for writing to files #O SafeFileEnvironment=/arch # are colons OK in addresses? #O ColonOkInAddr=True # shall I avoid expanding CNAMEs (violates protocols)? #O DontExpandCnames=False # SMTP initial login message (old $e macro) O SmtpGreetingMessage=$j Sendmail $v/$Z; $b # UNIX initial From header format (old $l macro) O UnixFromLine=From $g $d # From: lines that have embedded newlines are unwrapped onto one line #O SingleLineFromHeader=False # Allow HELO SMTP command that does not include a host name #O AllowBogusHELO=False # Characters to be quoted in a full name phrase (@,;:\()[] are automatic) #O MustQuoteChars=. # delimiter (operator) characters (old $o macro) O OperatorChars=.:%@!^/[]+=? # shall I avoid calling initgroups(3) because of high NIS costs? #O DontInitGroups=False # are group-writable :include: and .forward files (un)trustworthy? # True (the default) means they are not trustworthy. #O UnsafeGroupWrites=True # where do errors that occur when sending errors get sent? #O DoubleBounceAddress=postmaster # where to save bounces if all else fails #O DeadLetterDrop=/var/tmp/dead.letter # what user id do we assume for the majority of the processing? #O RunAsUser=sendmail # maximum number of recipients per SMTP envelope O MaxRecipientsPerMessage=50 # limit the rate recipients per SMTP envelope are accepted # once the threshold number of recipients have been rejected #O BadRcptThrottle=20 # shall we get local names from our installed interfaces? O DontProbeInterfaces=true # Return-Receipt-To: header implies DSN request #O RrtImpliesDsn=False # override connection address (for testing) #O ConnectOnlyTo=0.0.0.0 # Trusted user for file ownership and starting the daemon O TrustedUser=smmsp # Control socket for daemon management #O ControlSocketName=/var/spool/mqueue/.control # Maximum MIME header length to protect MUAs #O MaxMimeHeaderLength=2048/1024 # Maximum length of the sum of all headers #O MaxHeadersLength=32768 # Maximum depth of alias recursion #O MaxAliasRecursion=10 # location of pid file #O PidFile=/var/run/sendmail.pid # Prefix string for the process title shown on 'ps' listings #O ProcessTitlePrefix=prefix # Data file (df) memory-buffer file maximum size #O DataFileBufferSize=4096 # Transcript file (xf) memory-buffer file maximum size #O XscriptFileBufferSize=4096 # lookup type to find information about local mailboxes #O MailboxDatabase=pw # list of authentication mechanisms O AuthMechanisms=EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN # default authentication information for outgoing connections #O DefaultAuthInfo=/etc/mail/default-auth-info # SMTP AUTH flags O AuthOptions=A p # SMTP AUTH maximum encryption strength #O AuthMaxBits # SMTP STARTTLS server options #O TLSSrvOptions # Input mail filters O InputMailFilters=backup-smf.pl, clamav-milter, drweb-filter, verify-addr-smf.pl, spamassassin # Milter options O Milter.LogLevel=14 O Milter.macros.connect=j, _, {daemon_name}, {if_name}, {if_addr}, v, Z, b, {client_addr}, {client_name} O Milter.macros.helo={tls_version}, {cipher}, {cipher_bits}, {cert_subject}, {cert_issuer}, {verify} O Milter.macros.envfrom=i, {auth_type}, {auth_authen}, {auth_ssf}, {auth_author}, {mail_mailer}, {mail_host}, {mail_addr} O Milter.macros.envrcpt={rcpt_mailer}, {rcpt_host}, {rcpt_addr}, u, r # CA directory O CACertPath=/usr/share/ssl/certs # CA file O CACertFile=/usr/share/ssl/certs/CAcert.pem # Server Cert O ServerCertFile=/usr/share/ssl/certs/sendmail.pem # Server private key O ServerKeyFile=/usr/share/ssl/certs/sendmail.pem # Client Cert #O ClientCertFile # Client private key #O ClientKeyFile # DHParameters (only required if DSA/DH is used) #O DHParameters # Random data source (required for systems without /dev/urandom under OpenSSL) #O RandFile ############################ # QUEUE GROUP DEFINITIONS # ############################ ########################### # Message precedences # ########################### Pfirst-class=0 Pspecial-delivery=100 Plist=-30 Pbulk=-60 Pjunk=-100 ##################### # Trusted users # ##################### # this is equivalent to setting class "t" Ft/etc/mail/trusted-users Troot Tdaemon Tuucp ######################### # Format of headers # ######################### H?P?Return-Path: <$g> HReceived: $?sfrom $s $.$?_($?s$|from $.$_) $.$?{auth_type}(authenticated$?{auth_ssf} bits=${auth_ssf}$.) $.by $j ($v/$Z)$?r with $r$. id $i$?{tls_version} (version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify})$.$?u for $u; $|; $.$b H?D?Resent-Date: $a H?D?Date: $a H?F?Resent-From: $?x$x <$g>$|$g$. H?F?From: $?x$x <$g>$|$g$. H?x?Full-Name: $x # HPosted-Date: $a # H?l?Received-Date: $b H?M?Resent-Message-Id: <$t.$i@$j> H?M?Message-Id: <$t.$i@$j> # ###################################################################### ###################################################################### ##### ##### REWRITING RULES ##### ###################################################################### ###################################################################### ############################################ ### Ruleset 3 -- Name Canonicalization ### ############################################ Scanonify=3 # handle null input (translate to <@> special case) R$@ $@ <@> # strip group: syntax (not inside angle brackets!) and trailing semicolon R$* $: $1 <@> mark addresses R$* < $* > $* <@> $: $1 < $2 > $3 unmark R@ $* <@> $: @ $1 unmark @host:... R$* [ IPv6 : $+ ] <@> $: $1 [ IPv6 : $2 ] unmark IPv6 addr R$* :: $* <@> $: $1 :: $2 unmark node::addr R:include: $* <@> $: :include: $1 unmark :include:... R$* : $* [ $* ] $: $1 : $2 [ $3 ] <@> remark if leading colon R$* : $* <@> $: $2 strip colon if marked R$* <@> $: $1 unmark R$* ; $1 strip trailing semi R$* < $+ :; > $* $@ $2 :; <@> catch R$* < $* ; > $1 < $2 > bogus bracketed semi # null input now results from list:; syntax R$@ $@ :; <@> # strip angle brackets -- note RFC733 heuristic to get innermost item R$* $: < $1 > housekeeping <> R$+ < $* > < $2 > strip excess on left R< $* > $+ < $1 > strip excess on right R<> $@ < @ > MAIL FROM:<> case R< $+ > $: $1 remove housekeeping <> # strip route address <@a,@b,@c:user@d> -> R@ $+ , $+ $2 R@ [ $* ] : $+ $2 R@ $+ : $+ $2 # find focus for list syntax R $+ : $* ; @ $+ $@ $>Canonify2 $1 : $2 ; < @ $3 > list syntax R $+ : $* ; $@ $1 : $2; list syntax # find focus for @ syntax addresses R$+ @ $+ $: $1 < @ $2 > focus on domain R$+ < $+ @ $+ > $1 $2 < @ $3 > move gaze right R$+ < @ $+ > $@ $>Canonify2 $1 < @ $2 > already canonical # convert old-style addresses to a domain-based address R$- ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > resolve uucp names R$+ . $- ! $+ $@ $>Canonify2 $3 < @ $1 . $2 > domain uucps R$+ ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > uucp subdomains # if we have % signs, take the rightmost one R$* % $* $1 @ $2 First make them all @s. R$* @ $* @ $* $1 % $2 @ $3 Undo all but the last. R$* @ $* $@ $>Canonify2 $1 < @ $2 > Insert < > and finish # else we must be a local name R$* $@ $>Canonify2 $1 ################################################ ### Ruleset 96 -- bottom half of ruleset 3 ### ################################################ SCanonify2=96 # handle special cases for local names R$* < @ localhost > $* $: $1 < @ $j . > $2 no domain at all R$* < @ localhost . $m > $* $: $1 < @ $j . > $2 local domain R$* < @ localhost . UUCP > $* $: $1 < @ $j . > $2 .UUCP domain # check for IPv4/IPv6 domain literal R$* < @ [ $+ ] > $* $: $1 < @@ [ $2 ] > $3 mark [addr] R$* < @@ $=w > $* $: $1 < @ $j . > $3 self-literal R$* < @@ $+ > $* $@ $1 < @ $2 > $3 canon IP addr # if really UUCP, handle it immediately # try UUCP traffic as a local address R$* < @ $+ . UUCP > $* $: $1 < @ $[ $2 $] . UUCP . > $3 R$* < @ $+ . . UUCP . > $* $@ $1 < @ $2 . > $3 # hostnames ending in class P are always canonical R$* < @ $* $=P > $* $: $1 < @ $2 $3 . > $4 R$* < @ $* $~P > $* $: $&{daemon_flags} $| $1 < @ $2 $3 > $4 R$* CC $* $| $* < @ $+.$+ > $* $: $3 < @ $4.$5 . > $6 R$* CC $* $| $* $: $3 # pass to name server to make hostname canonical R$* $| $* < @ $* > $* $: $2 < @ $[ $3 $] > $4 R$* $| $* $: $2 # local host aliases and pseudo-domains are always canonical R$* < @ $=w > $* $: $1 < @ $2 . > $3 R$* < @ $=M > $* $: $1 < @ $2 . > $3 R$* < @ $={VirtHost} > $* $: $1 < @ $2 . > $3 R$* < @ $* . . > $* $1 < @ $2 . > $3 ################################################## ### Ruleset 4 -- Final Output Post-rewriting ### ################################################## Sfinal=4 R$+ :; <@> $@ $1 : handle R$* <@> $@ handle <> and list:; # strip trailing dot off possibly canonical name R$* < @ $+ . > $* $1 < @ $2 > $3 # eliminate internal code R$* < @ *LOCAL* > $* $1 < @ $j > $2 # externalize local domain info R$* < $+ > $* $1 $2 $3 defocus R@ $+ : @ $+ : $+ @ $1 , @ $2 : $3 canonical R@ $* $@ @ $1 ... and exit # UUCP must always be presented in old form R$+ @ $- . UUCP $2!$1 u@h.UUCP => h!u # delete duplicate local names R$+ % $=w @ $=w $1 @ $2 u%host@host => u@host ############################################################## ### Ruleset 97 -- recanonicalize and call ruleset zero ### ### (used for recursive calls) ### ############################################################## SRecurse=97 R$* $: $>canonify $1 R$* $@ $>parse $1 ###################################### ### Ruleset 0 -- Parse Address ### ###################################### Sparse=0 R$* $: $>Parse0 $1 initial parsing R<@> $#local $: <@> special case error msgs R$* $: $>ParseLocal $1 handle local hacks R$* $: $>Parse1 $1 final parsing # # Parse0 -- do initial syntax checking and eliminate local addresses. # This should either return with the (possibly modified) input # or return with a #error mailer. It should not return with a # #mailer other than the #error mailer. # SParse0 R<@> $@ <@> special case error msgs R$* : $* ; <@> $#error $@ 5.1.3 $: "553 List:; syntax illegal for recipient addresses" R@ <@ $* > < @ $1 > catch "@@host" bogosity R<@ $+> $#error $@ 5.1.3 $: "553 User address required" R$+ <@> $#error $@ 5.1.3 $: "553 Hostname required" R$* $: <> $1 R<> $* < @ [ $* ] : $+ > $* $1 < @ [ $2 ] : $3 > $4 R<> $* < @ [ $* ] , $+ > $* $1 < @ [ $2 ] , $3 > $4 R<> $* < @ [ $* ] $+ > $* $#error $@ 5.1.2 $: "553 Invalid address" R<> $* < @ [ $+ ] > $* $1 < @ [ $2 ] > $3 R<> $* <$* : $* > $* $#error $@ 5.1.3 $: "553 Colon illegal in host name part" R<> $* $1 R$* < @ . $* > $* $#error $@ 5.1.2 $: "553 Invalid host name" R$* < @ $* .. $* > $* $#error $@ 5.1.2 $: "553 Invalid host name" R$* < @ $* @ > $* $#error $@ 5.1.2 $: "553 Invalid route address" R$* @ $* < @ $* > $* $#error $@ 5.1.3 $: "553 Invalid route address" R$* , $~O $* $#error $@ 5.1.3 $: "553 Invalid route address" # now delete the local info -- note $=O to find characters that cause forwarding R$* < @ > $* $@ $>Parse0 $>canonify $1 user@ => user R< @ $=w . > : $* $@ $>Parse0 $>canonify $2 @here:... -> ... R$- < @ $=w . > $: $(dequote $1 $) < @ $2 . > dequote "foo"@here R< @ $+ > $#error $@ 5.1.3 $: "553 User address required" R$* $=O $* < @ $=w . > $@ $>Parse0 $>canonify $1 $2 $3 ...@here -> ... R$- $: $(dequote $1 $) < @ *LOCAL* > dequote "foo" R< @ *LOCAL* > $#error $@ 5.1.3 $: "553 User address required" R$* $=O $* < @ *LOCAL* > $@ $>Parse0 $>canonify $1 $2 $3 ...@*LOCAL* -> ... R$* < @ *LOCAL* > $: $1 # # Parse1 -- the bottom half of ruleset 0. # SParse1 # handle numeric address spec R$* < @ [ $+ ] > $* $: $>ParseLocal $1 < @ [ $2 ] > $3 numeric internet spec R$* < @ [ $+ ] > $* $: $1 < @ [ $2 ] : $S > $3 Add smart host to path R$* < @ [ $+ ] : > $* $#esmtp $@ [$2] $: $1 < @ [$2] > $3 no smarthost: send R$* < @ [ $+ ] : $- : $*> $* $#$3 $@ $4 $: $1 < @ [$2] > $5 smarthost with mailer R$* < @ [ $+ ] : $+ > $* $#esmtp $@ $3 $: $1 < @ [$2] > $4 smarthost without mailer # handle virtual users R$+ $: $1 Mark for lookup R $+ < @ $={VirtHost} . > $: < $(virtuser $1 @ $2 $@ $1 $: @ $) > $1 < @ $2 . > R $+ < @ $=w . > $: < $(virtuser $1 @ $2 $@ $1 $: @ $) > $1 < @ $2 . > R<@> $+ + $+ < @ $* . > $: < $(virtuser $1 + + @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . > R<@> $+ + $* < @ $* . > $: < $(virtuser $1 + * @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . > R<@> $+ + $* < @ $* . > $: < $(virtuser $1 @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . > R<@> $+ + $+ < @ $+ . > $: < $(virtuser + + @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . > R<@> $+ + $* < @ $+ . > $: < $(virtuser + * @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . > R<@> $+ + $* < @ $+ . > $: < $(virtuser @ $3 $@ $1 $@ $2 $@ +$2 $: ! $) > $1 + $2 < @ $3 . > R<@> $+ < @ $+ . > $: < $(virtuser @ $2 $@ $1 $: @ $) > $1 < @ $2 . > R<@> $+ $: $1 R $+ $: $1 R< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4 R< error : $- $+ > $* $#error $@ $(dequote $1 $) $: $2 R< $+ > $+ < @ $+ > $: $>Recurse $1 # short circuit local delivery so forwarded email works R$=L < @ $=w . > $#local $: @ $1 special local names R$+ < @ $=w . > $#local $: $1 regular local name # not local -- try mailer table lookup R$* <@ $+ > $* $: < $2 > $1 < @ $2 > $3 extract host name R< $+ . > $* $: < $1 > $2 strip trailing dot ##### patch to mailertable per address (begin) by corvax # R< $+ > $* $: < $(mailertable $1 $) > $2 lookup R $* $: $&f $| $1 R $+@$+ $| $* $: $1@$2 $| < $(mailertable From:$1@$2 $: ? $) > $3 lookup R $+ $| $* $: $1 $| < $(mailertable From:$1 $: ? $) > $2 lookup R $* $| $* $: $2 R < $+ > $+ < @ $+ > $* $: < $(mailertable $2@$1 $: ? $) > < $1 > $2 < @ $3 > $4 lookup R < $+ > $* $: < $(mailertable $1 $: ? $) > < $1 > $2 lookup R $* $: $1 R <$*> < $+ > $* $: <$1> $3 ##### patch to mailertable per address (end) R< $~[ : $* > $* $>MailerToTriple < $1 : $2 > $3 check -- resolved? R< $+ > $* $: $>Mailertable <$1> $2 try domain # resolve locally connected UUCP links R$* < @ $=Z . UUCP. > $* $#uucp-uudom $@ $2 $: $1 < @ $2 .UUCP. > $3 R$* < @ $=Y . UUCP. > $* $#uucp-new $@ $2 $: $1 < @ $2 .UUCP. > $3 R$* < @ $=U . UUCP. > $* $#uucp-old $@ $2 $: $1 < @ $2 .UUCP. > $3 # resolve remotely connected UUCP links (if any) # resolve fake top level domains by forwarding to other hosts # forward other UUCP traffic straight to UUCP R$* < @ $+ .UUCP. > $* $#uucp-old $@ $2 $: $1 < @ $2 .UUCP. > $3 user@host.UUCP # pass names that still have a host to a smarthost (if defined) R$* < @ $* > $* $: $>MailerToTriple < $S > $1 < @ $2 > $3 glue on smarthost name # deal with other remote names R$* < @$* > $* $#esmtp $@ $2 $: $1 < @ $2 > $3 user@host.domain # handle locally delivered names R$=L $#local $: @ $1 special local names R$+ $#local $: $1 regular local names ########################################################################### ### Ruleset 5 -- special rewriting after aliases have been expanded ### ########################################################################### SLocal_localaddr Slocaladdr=5 R$+ $: $1 $| $>"Local_localaddr" $1 R$+ $| $#ok $@ $1 no change R$+ $| $#$* $#$2 R$+ $| $* $: $1 # deal with plussed users so aliases work nicely R$+ + * $#local $@ $&h $: $1 R$+ + $* $#local $@ + $2 $: $1 + * # prepend an empty "forward host" on the front R$+ $: <> $1 # send unrecognized local users to a relay host R< > $+ $: < $L > $(user $1 $) look up user R< $* > $+ <> $: < > $2 found; strip $L R< > $+ $: < > < $1 <> $&h > nope, restore +detail R< > < $+ <> + $* > $: < > < $1 + $2 > check whether +detail R< > < $+ <> $* > $: < > < $1 > else discard R< > < $+ + $* > $* < > < $1 > + $2 $3 find the user part R< > < $+ > + $* $#local $@ $2 $: @ $1 strip the extra + R< > < $+ > $@ $1 no +detail R$+ $: $1 <> $&h add +detail back in R$+ <> + $* $: $1 + $2 check whether +detail R$+ <> $* $: $1 else discard R< local : $* > $* $: $>MailerToTriple < local : $1 > $2 no host extension R< error : $* > $* $: $>MailerToTriple < error : $1 > $2 no host extension R< $~[ : $+ > $+ $: $>MailerToTriple < $1 : $2 > $3 < @ $2 > R< $+ > $+ $@ $>MailerToTriple < $1 > $2 < @ $1 > ################################################################### ### Ruleset 90 -- try domain part of mailertable entry ### ################################################################### SMailertable=90 R$* <$- . $+ > $* $: $1$2 < $(mailertable .$3 $@ $1$2 $@ $2 $) > $4 R$* <$~[ : $* > $* $>MailerToTriple < $2 : $3 > $4 check -- resolved? R$* < . $+ > $* $@ $>Mailertable $1 . <$2> $3 no -- strip & try again R$* < $* > $* $: < $(mailertable . $@ $1$2 $) > $3 try "." R< $~[ : $* > $* $>MailerToTriple < $1 : $2 > $3 "." found? R< $* > $* $@ $2 no mailertable match ################################################################### ### Ruleset 95 -- canonify mailer:[user@]host syntax to triple ### ################################################################### SMailerToTriple=95 R< > $* $@ $1 strip off null relay R< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4 R< error : $- : $+ > $* $#error $@ $(dequote $1 $) $: $2 R< error : $+ > $* $#error $: $1 R< local : $* > $* $>CanonLocal < $1 > $2 R< $~[ : $+ @ $+ > $*<$*>$* $# $1 $@ $3 $: $2<@$3> use literal user R< $~[ : $+ > $* $# $1 $@ $2 $: $3 try qualified mailer R< $=w > $* $@ $2 delete local host R< $+ > $* $#relay $@ $1 $: $2 use unqualified mailer ################################################################### ### Ruleset CanonLocal -- canonify local: syntax ### ################################################################### SCanonLocal # strip local host from routed addresses R< $* > < @ $+ > : $+ $@ $>Recurse $3 R< $* > $+ $=O $+ < @ $+ > $@ $>Recurse $2 $3 $4 # strip trailing dot from any host name that may appear R< $* > $* < @ $* . > $: < $1 > $2 < @ $3 > # handle local: syntax -- use old user, either with or without host R< > $* < @ $* > $* $#local $@ $1@$2 $: $1 R< > $+ $#local $@ $1 $: $1 # handle local:user@host syntax -- ignore host part R< $+ @ $+ > $* < @ $* > $: < $1 > $3 < @ $4 > # handle local:user syntax R< $+ > $* <@ $* > $* $#local $@ $2@$3 $: $1 R< $+ > $* $#local $@ $2 $: $1 ################################################################### ### Ruleset 93 -- convert header names to masqueraded form ### ################################################################### SMasqHdr=93 # do not masquerade anything in class N R$* < @ $* $=N . > $@ $1 < @ $2 $3 . > R$* < @ *LOCAL* > $@ $1 < @ $j . > ################################################################### ### Ruleset 94 -- convert envelope names to masqueraded form ### ################################################################### SMasqEnv=94 R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2 ################################################################### ### Ruleset 98 -- local part of ruleset zero (can be null) ### ################################################################### SParseLocal=98 # addresses sent to foo@host.REDIRECT will give a 551 error code R$* < @ $+ .REDIRECT. > $: $1 < @ $2 . REDIRECT . > < ${opMode} > R$* < @ $+ .REDIRECT. > $: $1 < @ $2 . REDIRECT. > R$* < @ $+ .REDIRECT. > < $- > $#error $@ 5.1.1 $: "551 User has moved; please try " <$1@$2> ###################################################################### ### D: LookUpDomain -- search for domain in access database ### ### Parameters: ### <$1> -- key (domain name) ### <$2> -- default (what to return if not found in db) ### <$3> -- mark (must be <(!|+) single-token>) ### ! does lookup only with tag ### + does lookup with and without tag ### <$4> -- passthru (additional data passed unchanged through) ###################################################################### SD R<$*> <$+> <$- $-> <$*> $: < $(access $4:$1 $: ? $) > <$1> <$2> <$3 $4> <$5> R <$+> <$+> <+ $-> <$*> $: < $(access $1 $: ? $) > <$1> <$2> <+ $3> <$4> R <[$+.$-]> <$+> <$- $-> <$*> $@ $>D <[$1]> <$3> <$4 $5> <$6> R <[$+::$-]> <$+> <$- $-> <$*> $: $>D <[$1]> <$3> <$4 $5> <$6> R <[$+:$-]> <$+> <$- $-> <$*> $: $>D <[$1]> <$3> <$4 $5> <$6> R <$+.$+> <$+> <$- $-> <$*> $@ $>D <$2> <$3> <$4 $5> <$6> R <$+> <$+> <$- $-> <$*> $@ <$2> <$5> R<$* > <$+> <$+> <$- $-> <$*> $@ <> <$6> R<$*> <$+> <$+> <$- $-> <$*> $@ <$1> <$6> ###################################################################### ### A: LookUpAddress -- search for host address in access database ### ### Parameters: ### <$1> -- key (dot quadded host address) ### <$2> -- default (what to return if not found in db) ### <$3> -- mark (must be <(!|+) single-token>) ### ! does lookup only with tag ### + does lookup with and without tag ### <$4> -- passthru (additional data passed through) ###################################################################### SA R<$+> <$+> <$- $-> <$*> $: < $(access $4:$1 $: ? $) > <$1> <$2> <$3 $4> <$5> R <$+> <$+> <+ $-> <$*> $: < $(access $1 $: ? $) > <$1> <$2> <+ $3> <$4> R <$+::$-> <$+> <$- $-> <$*> $@ $>A <$1> <$3> <$4 $5> <$6> R <$+:$-> <$+> <$- $-> <$*> $@ $>A <$1> <$3> <$4 $5> <$6> R <$+.$-> <$+> <$- $-> <$*> $@ $>A <$1> <$3> <$4 $5> <$6> R <$+> <$+> <$- $-> <$*> $@ <$2> <$5> R<$* > <$+> <$+> <$- $-> <$*> $@ <> <$6> R<$*> <$+> <$+> <$- $-> <$*> $@ <$1> <$6> ###################################################################### ### CanonAddr -- Convert an address into a standard form for ### relay checking. Route address syntax is ### crudely converted into a %-hack address. ### ### Parameters: ### $1 -- full recipient address ### ### Returns: ### parsed address, not in source route form ###################################################################### SCanonAddr R$* $: $>Parse0 $>canonify $1 make domain canonical ###################################################################### ### ParseRecipient -- Strip off hosts in $=R as well as possibly ### $* $=m or the access database. ### Check user portion for host separators. ### ### Parameters: ### $1 -- full recipient address ### ### Returns: ### parsed, non-local-relaying address ###################################################################### SParseRecipient R$* $: $>CanonAddr $1 R $* < @ $* . > $1 < @ $2 > strip trailing dots R $- < @ $* > $: $(dequote $1 $) < @ $2 > dequote local part # if no $=O character, no host in the user portion, we are done R $* $=O $* < @ $* > $: $1 $2 $3 < @ $4> R $* $@ $1 R $* < @ $* $=R > $: $1 < @ $2 $3 > R $* < @ $+ > $: $>D <$2> <+ To> <$1 < @ $2 >> R<$+> <$+> $: <$1> $2 R $* < @ $* > $@ $>ParseRecipient $1 R<$+> $* $@ $2 ###################################################################### ### check_relay -- check hostname/address on SMTP startup ###################################################################### SLocal_check_relay Scheckrelay R$* $: $1 $| $>"Local_check_relay" $1 R$* $| $* $| $#$* $#$3 R$* $| $* $| $* $@ $>"Basic_check_relay" $1 $| $2 SBasic_check_relay # check for deferred delivery mode R$* $: < $&{deliveryMode} > $1 R< d > $* $@ deferred R< $* > $* $: $2 R$+ $| $+ $: $>D < $1 > <+ Connect> < $2 > R $| $+ $: $>A < $1 > <+ Connect> <> empty client_name R <$+> $: $>A < $1 > <+ Connect> <> no: another lookup R <$*> $: OK found nothing R<$={Accept}> <$*> $@ $1 return value of lookup R <$*> $#error $@ 5.7.1 $: "550 Access denied" R <$*> $#discard $: discard R <$*> $#error $@ $1.$2.$3 $: $4 R <$*> $#error $: $1 R<$* > <$*> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later." R<$+> <$*> $#error $: $1 # DNS based IP address spam list drbl.msk.ru R$* $: $&{client_addr} R$-.$-.$-.$- $: $(dnsbl $4.$3.$2.$1.drbl.msk.ru. $: OK $) ROK $: OKSOFAR R$+ $: TMPOK R$+ $#error $@ 5.7.1 $: "550 Mail from "$&{client_addr}" rejected by drbl.msk.ru; see http://www.drbl.croco.net/cgi-bin/drbllook.cgi?ip="$&{client_addr} # DNS based IP address spam list list.dsbl.org R$* $: $&{client_addr} R$-.$-.$-.$- $: $(dnsbl $4.$3.$2.$1.list.dsbl.org. $: OK $) ROK $: OKSOFAR R$+ $: TMPOK R$+ $#error $@ 5.7.1 $: "550 Mail from "$&{client_addr}" rejected; see http://dsbl.org/listing?ip="$&{client_addr} # DNS based IP address spam list multihop.dsbl.org R$* $: $&{client_addr} R$-.$-.$-.$- $: $(dnsbl $4.$3.$2.$1.multihop.dsbl.org. $: OK $) ROK $: OKSOFAR R$+ $: TMPOK R$+ $#error $@ 5.7.1 $: "550 Mail from "$&{client_addr}" rejected; see http://dsbl.org/listing?ip="$&{client_addr} # DNS based IP address spam list opm.blitzed.org R$* $: $&{client_addr} R$-.$-.$-.$- $: $(dnsbl $4.$3.$2.$1.opm.blitzed.org. $: OK $) ROK $: OKSOFAR R$+ $: TMPOK R$+ $#error $@ 5.7.1 $: "550 Mail from "$&{client_addr}" rejected; see http://opm.blitzed.org/proxy?ip="$&{client_addr} # DNS based IP address spam list relays.ordb.org R$* $: $&{client_addr} R$-.$-.$-.$- $: $(dnsbl $4.$3.$2.$1.relays.ordb.org. $: OK $) ROK $: OKSOFAR R$+ $: TMPOK R$+ $#error $@ 5.7.1 $: "571 Mail from "$&{client_addr}" rejected; verify open mail relay at http://www.ordb.org/lookup/index.php?host="$&{client_addr}" + http://mail-abuse.org/tsi/ar-fix.html" # DNS based IP address spam list relays.visi.com R$* $: $&{client_addr} R$-.$-.$-.$- $: $(dnsbl $4.$3.$2.$1.relays.visi.com. $: OK $) ROK $: OKSOFAR R$+ $: TMPOK R$+ $#error $@ 5.7.1 $: "550 Mail from "$&{client_addr}" rejected; see http://relays.visi.com/nph-l.cgi?"$&{client_addr} # DNS based IP address spam list dynablock.easynet.nl R$* $: $&{client_addr} R$-.$-.$-.$- $: $(ednsbl $4.$3.$2.$1.dynablock.easynet.nl. $: OK $) ROK $: OKSOFAR R$+ $#error $@ 4.7.1 $: "451 Temporary lookup failure of " $&{client_addr} " at dynablock.easynet.nl" R127.0.0.2. $#error $@ 5.7.1 $: "550 5.7.1 ACCESS DENIED to <"$&f"> thru "$&{client_name}" using easynet.nl DynaBlock (http://dynablock.easynet.nl/errors.html)" # DNS based IP address spam list dul.ru R$* $: $&{client_addr} R$-.$-.$-.$- $: $(dnsbl $4.$3.$2.$1.dul.ru. $: OK $) ROK $: OKSOFAR R$+ $: TMPOK R$+ $#error $@ 5.7.1 $: "550 Mail from dial-up rejected; see http://www.dul.ru/cgi-bin/search.cgi?address="$&{client_addr} # DNS based IP address spam list ipwhois.rfc-ignorant.org R$* $: $&{client_addr} R$-.$-.$-.$- $: $(dnsbl $4.$3.$2.$1.ipwhois.rfc-ignorant.org. $: OK $) ROK $: OKSOFAR R$+ $: TMPOK R$+ $#error $@ 5.7.1 $: "550 Mail from " $&{client_addr} " refused. Rejected for bad WHOIS info on IP of your SMTP server - see http://www.rfc-ignorant.org/" # DNS based RHS spam list dsn.rfc-ignorant.org R$+ $: <@> $>CanonAddr $&f R<@> $*<@$+.> $: <@> <@$2.> $| $>SearchList <+ rhs> $| <> R<@> $* $| <$={Accept}> $: OKSOFAR R<@> $*<@$+.> $| $* $: $(dnsbl $2.dsn.rfc-ignorant.org. $: OK $) $(macro {RHS} $@ $2 $) R<@> $* $: OKSOFAR R OK $: OKSOFAR R$+ $: TMPOK R$+ $#error $@ 5.7.1 $: "550 Mail from domain "$&{RHS}" refused. MX of domain do not accept bounces. This violates RFC 821/2505/2821 - see http://www.rfc-ignorant.org/tools/lookup.php?domain="$&{RHS} # DNS based RHS spam list postmaster.rfc-ignorant.org R$+ $: <@> $>CanonAddr $&f R<@> $*<@$+.> $: <@> <@$2.> $| $>SearchList <+ rhs> $| <> R<@> $* $| <$={Accept}> $: OKSOFAR R<@> $*<@$+.> $| $* $: $(dnsbl $2.postmaster.rfc-ignorant.org. $: OK $) $(macro {RHS} $@ $2 $) R<@> $* $: OKSOFAR R OK $: OKSOFAR R$+ $: TMPOK R$+ $#error $@ 5.7.1 $: "550 Mail from domain "$&{RHS}" refused. MX of domain does not have a working postmaster address - see http://www.rfc-ignorant.org/tools/lookup.php?domain="$&{RHS} ###################################################################### ### check_mail -- check SMTP `MAIL FROM:' command argument ###################################################################### SLocal_check_mail Scheckmail R$* $: $1 $| $>"Local_check_mail" $1 R$* $| $#$* $#$2 R$* $| $* $@ $>"Basic_check_mail" $1 SBasic_check_mail # check for deferred delivery mode R$* $: < $&{deliveryMode} > $1 R< d > $* $@ deferred R< $* > $* $: $2 # authenticated? R$* $: $1 $| $>"tls_client" $&{verify} $| MAIL R$* $| $#$+ $#$2 R$* $| $* $: $1 R<> $@ we MUST accept <> (RFC 1123) R$+ $: $1 R<$+> $: <@> <$1> R$+ $: <@> <$1> R$* $: $&{daemon_flags} $| $1 R$* f $* $| <@> < $* @ $- > $: < ? $&{client_name} > < $3 @ $4 > R$* u $* $| <@> < $* > $: < $3 > R$* $| $* $: $2 # handle case of @localhost on address R<@> < $* @ localhost > $: < ? $&{client_name} > < $1 @ localhost > R<@> < $* @ [127.0.0.1] > $: < ? $&{client_name} > < $1 @ [127.0.0.1] > R<@> < $* @ localhost.$m > $: < ? $&{client_name} > < $1 @ localhost.$m > R<@> < $* @ localhost.UUCP > $: < ? $&{client_name} > < $1 @ localhost.UUCP > R<@> $* $: $1 no localhost as domain R $* $: $2 local client: ok R <$+> $#error $@ 5.5.4 $: "553 Real domain name required for sender address" R $* $: $1 R$* $: $>CanonAddr $1 canonify sender address and mark it R $* < @ $+ . > $1 < @ $2 > strip trailing dots # handle non-DNS hostnames (*.bitnet, *.decnet, *.uucp, etc) R $* < @ $* $=P > $: $1 < @ $2 $3 > R $* < @ $j > $: $1 < @ $j > R $* < @ $+ > $: $) > $1 < @ $2 > R> $* < @ $+ > $: <$2> $3 < @ $4 > # check sender address: user@address, user@, address R<$+> $+ < @ $* > $: @<$1> <$2 < @ $3 >> $| R<$+> $+ $: @<$1> <$2> $| R@ <$+> <$*> $| <$+> $: <@> <$1> <$2> $| $>SearchList <+ From> $| <$3> <> R<@> <$+> <$*> $| <$*> $: <$3> <$1> <$2> reverse result # retransform for further use R <$+> <$*> $: <$1> $2 no match R<$+> <$+> <$*> $: <$1> $3 relevant result, keep it # handle case of no @domain on address R $* $: $&{daemon_flags} $| $1 R$* u $* $| $* $: $3 R$* $| $* $: $2 R $* $: < ? $&{client_addr} > $1 R $* $@ ...local unqualed ok R $* $#error $@ 5.5.4 $: "553 Domain name required for sender address " $&f ...remote is not # check results R $* $: @ $1 mark address: nothing known about it R<$={ResOk}> $* $@ domain ok: stop R $* $#error $@ 4.1.8 $: "451 Domain of sender address " $&f " does not resolve" R $* $#error $@ 5.1.8 $: "553 Domain of sender address " $&f " does not exist" R<$={Accept}> $* $# $1 accept from access map R $* $#discard $: discard R $* $#error $@ 5.7.1 $: "550 Access denied" R $* $#error $@ $1.$2.$3 $: $4 R $* $#error $: $1 R<> $* $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later." R<$+> $* $#error $: $1 error from access db ###################################################################### ### check_rcpt -- check SMTP `RCPT TO:' command argument ###################################################################### SLocal_check_rcpt Scheckrcpt R$* $: $1 $| $>"Local_check_rcpt" $1 R$* $| $#$* $#$2 R$* $| $* $@ $>"Basic_check_rcpt" $1 SBasic_check_rcpt # empty address? R<> $#error $@ nouser $: "553 User address required" R$@ $#error $@ nouser $: "553 User address required" # check for deferred delivery mode R$* $: < $&{deliveryMode} > $1 R< d > $* $@ deferred R< $* > $* $: $2 ###################################################################### R$* $: $1 $| @ $>"Rcpt_ok" $1 R$* $| @ $#TEMP $+ $: $1 $| T $2 R$* $| @ $#$* $#$2 R$* $| @ RELAY $@ RELAY R$* $| @ $* $: O $| $>"Relay_ok" $1 R$* $| T $+ $: T $2 $| $>"Relay_ok" $1 R$* $| $#TEMP $+ $#error $2 R$* $| $#$* $#$2 R$* $| RELAY $@ RELAY R T $+ $| $* $#error $1 # anything else is bogus R$* $#error $@ 5.7.1 $: "550 Relaying denied. Proper authentication required." ###################################################################### ### Rcpt_ok: is the recipient ok? ###################################################################### SRcpt_ok R$* $: $>ParseRecipient $1 strip relayable hosts # blacklist local users or any host from receiving mail R$* $: $1 R $+ < @ $=w > $: <> <$1 < @ $2 >> $| R $+ < @ $* > $: <> <$1 < @ $2 >> $| R $+ $: <> <$1> $| R<> <$*> $| <$+> $: <@> <$1> $| $>SearchList <+ To> $| <$2> <> R<@> <$*> $| <$*> $: <$2> <$1> reverse result R <$*> $: @ $1 mark address as no match R<$={Accept}> <$*> $: @ $2 mark address as no match R<$={SpamTag}> <$*> $: @ $2 mark address as no match R $* $#error $@ 5.2.1 $: "550 Mailbox disabled for this recipient" R $* $#discard $: discard R $* $#error $@ $1.$2.$3 $: $4 R $* $#error $: $1 R<> $* $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later." R<$+> $* $#error $: $1 error from access db R@ $* $1 remove mark # authenticated via TLS? R$* $: $1 $| $>RelayTLS client authenticated? R$* $| $# $+ $# $2 error/ok? R$* $| $* $: $1 no R$* $: $1 $| $>"Local_Relay_Auth" $&{auth_type} R$* $| $# $* $# $2 R$* $| NO $: $1 R$* $| $* $: $1 $| $&{auth_type} R$* $| $: $1 R$* $| $={TrustAuthMech} $# RELAY R$* $| $* $: $1 # anything terminating locally is ok R$+ < @ $=w > $@ RELAY R$+ < @ $* $=R > $@ RELAY ##### patch to relay by full rcpt address (begin) by corvax #R$+ < @ $+ > $: $>D <$2> <+ To> <$1 < @ $2 >> R$+ < @ $+ > $: $1 < @ $2 > $| $>SearchList <+ To> $| <> R$+ < @ $+ > $| <$*> $: <$3> <$1 <@ $2>> R$+ < @ $+ > $| $* $: <$3> <$1 <@ $2>>',dnl)') ##### patch to relay by full rcpt address (end) R $* $@ RELAY R<$* > $* $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later." R<$*> <$*> $: $2 # check for local user (i.e. unqualified address) R$* $: $1 R $* < @ $+ > $: $1 < @ $2 > # local user is ok R $+ $@ RELAY R<$+> $* $: $2 ###################################################################### ### Relay_ok: is the relay/sender ok? ###################################################################### SRelay_ok # anything originating locally is ok # check IP address R$* $: $&{client_addr} R$@ $@ RELAY originated locally R0 $@ RELAY originated locally R127.0.0.1 $@ RELAY originated locally RIPv6:::1 $@ RELAY originated locally R$=R $* $@ RELAY relayable IP address R$* $: $>A <$1> <+ Connect> <$1> R $* $@ RELAY relayable IP address R<> $* $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later." R<$*> <$*> $: $2 R$* $: [ $1 ] put brackets around it... R$=w $@ RELAY ... and see if it is local # check client name: first: did it resolve? R$* $: < $&{client_resolve} > R $#TEMP $@ 4.7.1 $: "450 Relaying temporarily denied. Cannot resolve PTR record for " $&{client_addr} R $#error $@ 5.7.1 $: "550 Relaying denied. IP name possibly forged " $&{client_name} R $#error $@ 5.7.1 $: "550 Relaying denied. IP name lookup failed " $&{client_name} R$* $: <@> $&{client_name} # pass to name server to make hostname canonical R<@> $* $=P $: $1 $2 R<@> $+ $: $[ $1 $] R$* . $1 strip trailing dots R $=w $@ RELAY R $* $=R $@ RELAY R $* $: $>D <$1> <+ Connect> <$1> R $* $@ RELAY R<$* > $* $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later." R<$*> <$*> $: $2 # turn a canonical address in the form user<@domain> # qualify unqual. addresses with $j SFullAddr R$* <@ $+ . > $1 <@ $2 > R$* <@ $* > $@ $1 <@ $2 > R$+ $@ $1 <@ $j > SDelay_TLS_Clt # authenticated? R$* $: $1 $| $>"tls_client" $&{verify} $| MAIL R$* $| $#$+ $#$2 R$* $| $* $# $1 R$* $# $1 SDelay_TLS_Clt2 # authenticated? R$* $: $1 $| $>"tls_client" $&{verify} $| MAIL R$* $| $#$+ $#$2 R$* $| $* $@ $1 R$* $@ $1 # call all necessary rulesets Scheck_rcpt # R$@ $#error $@ 5.1.3 $: "553 Recipient address required" R$+ $: $1 $| $>checkrcpt $1 R$+ $| $#error $* $#error $2 R$+ $| $#discard $* $#discard $2 R$+ $| $#$* $@ $>"Delay_TLS_Clt" $2 R$+ $| $* $: $>FullAddr $>CanonAddr $1 R $+ < @ $=w > $: <> $1 < @ $2 > $| R $+ < @ $* > $: <> $1 < @ $2 > $| # lookup the addresses only with Spam tag R<> $* $| <$+> $: <@> $1 $| $>SearchList $| <$2> <> R<@> $* $| $* $: $2 $1 reverse result # is the recipient a spam friend? R $+ $@ $>"Delay_TLS_Clt2" SPAMFRIEND R<$*> $+ $: $2 R$* $: $1 $| $>checkmail <$&f> R$* $| $#$* $#$2 R$* $| $* $: $1 $| $>checkrelay $&{client_name} $| $&{client_addr} R$* $| $#$* $#$2 R$* $| $* $: $1 ###################################################################### ### F: LookUpFull -- search for an entry in access database ### ### lookup of full key (which should be an address) and ### variations if +detail exists: +* and without +detail ### ### Parameters: ### <$1> -- key ### <$2> -- default (what to return if not found in db) ### <$3> -- mark (must be <(!|+) single-token>) ### ! does lookup only with tag ### + does lookup with and without tag ### <$4> -- passthru (additional data passed unchanged through) ###################################################################### SF R<$+> <$*> <$- $-> <$*> $: <$(access $4:$1 $: ? $)> <$1> <$2> <$3 $4> <$5> R <$+> <$*> <+ $-> <$*> $: <$(access $1 $: ? $)> <$1> <$2> <+ $3> <$4> R <$+ + $* @ $+> <$*> <$- $-> <$*> $: <$(access $6:$1+*@$3 $: ? $)> <$1+$2@$3> <$4> <$5 $6> <$7> R <$+ + $* @ $+> <$*> <+ $-> <$*> $: <$(access $1+*@$3 $: ? $)> <$1+$2@$3> <$4> <+ $5> <$6> R <$+ + $* @ $+> <$*> <$- $-> <$*> $: <$(access $6:$1@$3 $: ? $)> <$1+$2@$3> <$4> <$5 $6> <$7> R <$+ + $* @ $+> <$*> <+ $-> <$*> $: <$(access $1@$3 $: ? $)> <$1+$2@$3> <$4> <+ $5> <$6> R <$+> <$*> <$- $-> <$*> $@ <$2> <$5> R<$+ > <$*> <$- $-> <$*> $@ <> <$5> R<$+> <$*> <$- $-> <$*> $@ <$1> <$5> ###################################################################### ### E: LookUpExact -- search for an entry in access database ### ### Parameters: ### <$1> -- key ### <$2> -- default (what to return if not found in db) ### <$3> -- mark (must be <(!|+) single-token>) ### ! does lookup only with tag ### + does lookup with and without tag ### <$4> -- passthru (additional data passed unchanged through) ###################################################################### SE R<$*> <$*> <$- $-> <$*> $: <$(access $4:$1 $: ? $)> <$1> <$2> <$3 $4> <$5> R <$+> <$*> <+ $-> <$*> $: <$(access $1 $: ? $)> <$1> <$2> <+ $3> <$4> R <$+> <$*> <$- $-> <$*> $@ <$2> <$5> R<$+ > <$*> <$- $-> <$*> $@ <> <$5> R<$+> <$*> <$- $-> <$*> $@ <$1> <$5> ###################################################################### ### U: LookUpUser -- search for an entry in access database ### ### lookup of key (which should be a local part) and ### variations if +detail exists: +* and without +detail ### ### Parameters: ### <$1> -- key (user@) ### <$2> -- default (what to return if not found in db) ### <$3> -- mark (must be <(!|+) single-token>) ### ! does lookup only with tag ### + does lookup with and without tag ### <$4> -- passthru (additional data passed unchanged through) ###################################################################### SU R<$+> <$*> <$- $-> <$*> $: <$(access $4:$1 $: ? $)> <$1> <$2> <$3 $4> <$5> R <$+> <$*> <+ $-> <$*> $: <$(access $1 $: ? $)> <$1> <$2> <+ $3> <$4> R <$+ + $* @> <$*> <$- $-> <$*> $: <$(access $5:$1+*@ $: ? $)> <$1+$2@> <$3> <$4 $5> <$6> R <$+ + $* @> <$*> <+ $-> <$*> $: <$(access $1+*@ $: ? $)> <$1+$2@> <$3> <+ $4> <$5> R <$+ + $* @> <$*> <$- $-> <$*> $: <$(access $5:$1@ $: ? $)> <$1+$2@> <$3> <$4 $5> <$6> R <$+ + $* @> <$*> <+ $-> <$*> $: <$(access $1@ $: ? $)> <$1+$2@> <$3> <+ $4> <$5> R <$+> <$*> <$- $-> <$*> $@ <$2> <$5> R<$+ > <$*> <$- $-> <$*> $@ <> <$5> R<$+> <$*> <$- $-> <$*> $@ <$1> <$5> ###################################################################### ### SearchList: search a list of items in the access map ### Parameters: ### $| ... <> ### where "exact" is either "+" or "!": ### <+ TAG> lookup with and w/o tag ### lookup with tag ### possible values for "mark" are: ### D: recursive host lookup (LookUpDomain) ### E: exact lookup, no modifications ### F: full lookup, try user+ext@domain and user@domain ### U: user lookup, try user+ext and user (input must have trailing @) ### return: or (not found) ###################################################################### # class with valid marks for SearchList C{src}E F D U SSearchList # just call the ruleset with the name of the tag... nice trick... R<$+> $| <$={src}:$*> <$*> $: <$1> $| <$4> $| $>$2 <$3> <$1> <> R<$+> $| <> $| <> $@ R<$+> $| <$+> $| <> $@ $>SearchList <$1> $| <$2> R<$+> $| <$*> $| <$+> <> $@ <$3> R<$+> $| <$+> $@ <$2> ###################################################################### ### trust_auth: is user trusted to authenticate as someone else? ### ### Parameters: ### $1: AUTH= parameter from MAIL command ###################################################################### SLocal_trust_auth Strust_auth R$* $: $&{auth_type} $| $1 # required by RFC 2554 section 4. R$@ $| $* $#error $@ 5.7.1 $: "550 not authenticated" R$* $| $&{auth_authen} $@ identical R$* $| <$&{auth_authen}> $@ identical R$* $| $* $: $1 $| $>"Local_trust_auth" $2 R$* $| $#$* $#$2 R$* $#error $@ 5.7.1 $: "550 " $&{auth_authen} " not allowed to act as " $&{auth_author} ###################################################################### ### Relay_Auth: allow relaying based on authentication? ### ### Parameters: ### $1: ${auth_type} ###################################################################### SLocal_Relay_Auth ###################################################################### ### srv_features: which features to offer to a client? ### (done in server) ###################################################################### Ssrv_features R$* $: $>D <$&{client_name}> <> R$* $: $>A <$&{client_addr}> <> R$* $: <$(access "Srv_Features": $: ? $)> R$* $@ OK R<$* >$* $#temp R<$+>$* $# $1 ###################################################################### ### try_tls: try to use STARTTLS? ### (done in client) ###################################################################### Stry_tls R$* $: $>D <$&{server_name}> <> R$* $: $>A <$&{server_addr}> <> R$* $: <$(access "Try_TLS": $: ? $)> R$* $@ OK R<$* >$* $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later." R$* $#error $@ 5.7.1 $: "550 do not try TLS with " $&{server_name} " ["$&{server_addr}"]" ###################################################################### ### tls_rcpt: is connection with server "good" enough? ### (done in client, per recipient) ### ### Parameters: ### $1: recipient ###################################################################### Stls_rcpt R$* $: $(macro {TLS_Name} $@ $&{server_name} $) $1 R$+ $: $>CanonAddr $1 R $+ < @ $+ . > $1 <@ $2 > R $+ < @ $+ > $: $1 <@ $2 > $| R $+ $: $1 $| R$* $| $+ $: $1 $| $>SearchList $| $2 <> R$* $| $@ OK R$* $| <$* > $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later." R$* $| <$+> $@ $>"TLS_connection" $&{verify} $| <$2> ###################################################################### ### tls_client: is connection with client "good" enough? ### (done in server) ### ### Parameters: ### ${verify} $| (MAIL|STARTTLS) ###################################################################### Stls_client R$* $: $(macro {TLS_Name} $@ $&{server_name} $) $1 R$* $| $* $: $1 $| $>D <$&{client_name}> <> R$* $| $* $: $1 $| $>A <$&{client_addr}> <> R$* $| $* $: $1 $| <$(access "TLS_Clt": $: ? $)> R$* $| <$* > $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later." R$* $@ $>"TLS_connection" $1 ###################################################################### ### tls_server: is connection with server "good" enough? ### (done in client) ### ### Parameter: ### ${verify} ###################################################################### Stls_server R$* $: $(macro {TLS_Name} $@ $&{server_name} $) $1 R$* $: $1 $| $>D <$&{server_name}> <> R$* $| $* $: $1 $| $>A <$&{server_addr}> <> R$* $| $* $: $1 $| <$(access "TLS_Srv": $: ? $)> R$* $| <$* > $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later." R$* $@ $>"TLS_connection" $1 ###################################################################### ### TLS_connection: is TLS connection "good" enough? ### ### Parameters: ### ${verify} $| [<>] ### Requirement: RHS from access map, may be ? for none. ###################################################################### STLS_connection R$* $| <$*>$* $: $1 $| <$2> # create the appropriate error codes R$* $| $: $1 $| <503:5.7.0> <$2 $3> R$* $| $: $1 $| <403:4.7.0> <$2 $3> R$* $| <$={tls} $*> $: $1 $| <403:4.7.0> <$2 $3> # deal with TLS handshake failures: abort RSOFTWARE $| <$-:$+> $* $#error $@ $2 $: $1 " TLS handshake failed." RSOFTWARE $| $* $#error $@ 4.7.0 $: "403 TLS handshake failed." R$* $| <$*> $: <$2> <> $1 R$* $| <$*> $: <$2> <$3> $1 R$* $| <$*> <$={tls}:$->$* $: <$2> <$3:$4> <> $1 R$* $| <$*> <$={tls}:$- + $+>$* $: <$2> <$3:$4> <$5> $1 R$* $| $* $@ OK # authentication required: give appropriate error # other side did authenticate (via STARTTLS) R<$*> <> OK $@ OK R<$*> <$+> OK $: <$1> <$2> R<$*> <$*> OK $: <$1> <$3> R<$*> <$*> $* $: <$1> <$3> R<$-:$+> <$*> $#error $@ $2 $: $1 " authentication required" R<$-:$+> <$*> FAIL $#error $@ $2 $: $1 " authentication failed" R<$-:$+> <$*> NO $#error $@ $2 $: $1 " not authenticated" R<$-:$+> <$*> NOT $#error $@ $2 $: $1 " no authentication requested" R<$-:$+> <$*> NONE $#error $@ $2 $: $1 " other side does not support STARTTLS" R<$-:$+> <$*> $+ $#error $@ $2 $: $1 " authentication failure " $4 R<$*> <$*> $: <$1> <$3> $>max $&{cipher_bits} : $&{auth_ssf} R<$*> <$*> $- $: <$1> <$2:$4> <$3> $(arith l $@ $4 $@ $2 $) R<$-:$+><$-:$-> <$*> TRUE $#error $@ $2 $: $1 " encryption too weak " $4 " less than " $3 R<$-:$+><$-:$-> <$*> $* $: <$1:$2 ++ $5> R<$-:$+ ++ > $@ OK R<$-:$+ ++ $+ > $: <$1:$2> <$3> R<$-:$+> < $+ ++ $+ > <$1:$2> <$3> <$4> R<$-:$+> $+ $@ $>"TLS_req" $3 $| <$1:$2> ###################################################################### ### TLS_req: check additional TLS requirements ### ### Parameters: [ ] $| <$-:$+> ### $-: SMTP reply code ### $+: Enhanced Status Code ###################################################################### STLS_req R $| $+ $@ OK R $* $| <$+> $: $1 $| <$2> R $* $| <$+> $@ $>"TLS_req" $1 $| <$2> R $* $| <$-:$+> $#error $@ $4 $: $3 " CN " $&{cn_subject} " does not match " $1 R $* $| <$+> $@ $>"TLS_req" $1 $| <$2> R $* $| <$-:$+> $#error $@ $4 $: $3 " Cert Subject " $&{cert_subject} " does not match " $1 R $* $| <$+> $@ $>"TLS_req" $1 $| <$2> R $* $| <$-:$+> $#error $@ $4 $: $3 " Cert Issuer " $&{cert_issuer} " does not match " $1 ROK $@ OK ###################################################################### ### max: return the maximum of two values separated by : ### ### Parameters: [$-]:[$-] ###################################################################### Smax R: $: 0 R:$- $: $1 R$-: $: $1 R$-:$- $: $(arith l $@ $1 $@ $2 $) : $1 : $2 RTRUE:$-:$- $: $2 R$-:$-:$- $: $2 ###################################################################### ### RelayTLS: allow relaying based on TLS authentication ### ### Parameters: ### none ###################################################################### SRelayTLS # authenticated? R$* $: $&{verify} R OK $: OK authenticated: continue R $* $@ NO not authenticated R$* $: $&{cert_issuer} R$+ $: $(access CERTISSUER:$1 $) RRELAY $# RELAY RSUBJECT $: <@> $&{cert_subject} R<@> $+ $: <@> $(access CERTSUBJECT:$1 $) R<@> RELAY $# RELAY R$* $: NO ###################################################################### ### authinfo: lookup authinfo in the access map ### ### Parameters: ### $1: {server_name} ### $2: {server_addr} ###################################################################### Sauthinfo R$* $: $1 $| $>D <$&{server_name}> <> R$* $| $* $: $1 $| $>A <$&{server_addr}> <> R$* $| $* $: $1 $| <$(access AuthInfo: $: ? $)> <> R$* $| $* $@ no no authinfo available R$* $| <$*> <> $# $2 ###################################################################### ### ### use Translate rule for checking relays and check_compat: ### Translate,checkrelay zuka.ru.ru $| 1.2.3.4 ### Translate,check_compat sender@address.tld $| recipient@address.tld ### ###################################################################### STranslate R $* $$| $* $: $1 $| $2 ###################################################################### ### AdvD: AdvLookUpDomain -- search for domain in access database ### ### Parameters: ### <$1> -- key (domain name) ### <$2> -- default (what to return if not found in db) ### <$3> -- mark (must be <(!|+) single-token>) ### ! does lookup only with tag ### + does lookup with and without tag ### <$4> -- passthru (additional data passed unchanged through) ### <$5> -- found key (domain name) ###################################################################### SAdvD R<$*> <$+> <$- $-> <$*> $: < $(access $4:$1 $: ? $) > <$1> <$2> <$3 $4> <$5> R <$+> <$+> <+ $-> <$*> $: < $(access $1 $: ? $) > <$1> <$2> <+ $3> <$4> R <[$+.$-]> <$+> <$- $-> <$*> $@ $>AdvD <[$1]> <$3> <$4 $5> <$6> R <[$+::$-]> <$+> <$- $-> <$*> $: $>AdvD <[$1]> <$3> <$4 $5> <$6> R <[$+:$-]> <$+> <$- $-> <$*> $: $>AdvD <[$1]> <$3> <$4 $5> <$6> R <$+.$+> <$+> <$- $-> <$*> $@ $>AdvD <$2> <$3> <$4 $5> <$6> R <$+> <$+> <$- $-> <$*> $@ <$2> <$5> <$1> R<$* > <$+> <$+> <$- $-> <$*> $@ <> <$6> <$2> R<$*> <$+> <$+> <$- $-> <$*> $@ <$1> <$6> <$2> SSetIsOutgoing R $* $: $(macro {IsOutgoing} $@ NO $) $1 R $* $: $1 $| $>IsOutgoing $&{client_addr} R $* $| $* $: $(macro {IsOutgoing} $@ YES $) $1 R $* $| $* $: $1 SIsOutgoing R $-.$-.$-.$- $: $1.$2.$3.$4 R $-.$-.$-.$- $: [ $1.$2.$3.$4 ] R $=w $: $1 R <$+> [ $+ ] $: <$1> $2 R $+ $@ $1 R $=R $* $@ $1 $2 R $=R . $* $@ $1 . $2 R $-.$-.$-.$- $: $>A <$1.$2.$3.$4> <+Connect> <$1.$2.$3.$4 > R <$*> <$-.$-.$-.$-> $: <$1> $2.$3.$4.$5 R $-.$-.$-.$- $: < $(access Connect:$1.$2.$3. $: ? $) > $1.$2.$3.$4 R $-.$-.$-.$- $: < $(access $1.$2.$3. $: ? $) > $1.$2.$3.$4 R $-.$-.$-.$- $: < $(access Connect:$1.$2.$3.0/24 $: ? $) > $1.$2.$3.$4 R $-.$-.$-.$- $: < $(access $1.$2.$3.0/24 $: ? $) > $1.$2.$3.$4 R $* $@ $1 R <$*> $* $: $2 SLocal_check_mail # parse MAIL FROM address R $* $: $(macro {mail_from} $@ $1 $) $1 R $* $: $>Parse0 $>3 $1 R $* $: $1 $| [ $&{client_addr} ] R $* $| [$-.$-.$-.$-] $: $1 $| $(dns_ptr $5.$4.$3.$2.IN-ADDR.ARPA. $: FAIL $) R $* $| $+ $: $1 $| [ $&{client_addr} ] R $* $| FAIL $: $1 $| [ $&{client_addr} ] R $* $| $* . $: $1 $| $2 R $* $| $* $: $1 $(macro {client_ptr} $@ $2 $) R $* $: $1 $| $>SetIsOutgoing R $* $| $* $: $1 SLocal_check_rcpt # parse RCPT TO address R $* $: $1 $(macro {rcpt_to} $@ $1 $) R $* $: $1 $| $&{recipients} R $* $| $: $1 $(macro {recipients} $@ $1 $) R $* $| $* $: $1 $(macro {recipients} $@ $2, $1 $) R $* $: $>Parse0 $>3 $1 R $* $: $1 $| [ $&{client_addr} ] R $* $| [$-.$-.$-.$-] $: $1 $| $(dns_ptr $5.$4.$3.$2.IN-ADDR.ARPA. $: FAIL $) R $* $| $+ $: $1 $| [ $&{client_addr} ] R $* $| FAIL $: $1 $| [ $&{client_addr} ] R $* $| $* . $: $1 $| $2 R $* $| $* $: $1 $(macro {client_ptr} $@ $2 $) R $* $: $1 $| $>SetIsOutgoing R $* $| $* $: $1 SLocal_check_relay SLocal_check_rcpt # R $* $: $>Parse0 $>3 $1 R $* $: $1 $| $>check_vmail_user $1 R $* $| $#error $* $#error $2 R $* $| $* $: $1 Scheck_vmail_user # handle virtual users R $+ < @ $+ . > $* $: $1 < @ $2 > $3 R $+ < @ $+ > $* $: < $(mailertable $2 $: SKIP $) > $1 < @ $2 > $3 R < vmail : $* > $+ < @ $+ > $* $: $2 < @ $3 > $4 R $+ < @ $={VirtHost} > $: < $(virtuser $1 @ $2 $@ $1 $: @ $) > $1 < @ $2 > R $+ < @ $=w > $: < $(virtuser $1 @ $2 $@ $1 $: @ $) > $1 < @ $2 > R <@> $+ + $* < @ $* > $: < $(virtuser $1 + * @ $3 $@ $1 $@ $2 $: @ $) > $1 + $2 < @ $3 > R <@> $+ + $* < @ $* > $: < $(virtuser $1 @ $3 $@ $1 $: @ $) > $1 + $2 < @ $3 > R <@> $+ + $+ < @ $+ > $: < $(virtuser + * @ $3 $@ $1 $@ $2 $: @ $) > $1 + $2 < @ $3 > R <@> $+ + $* < @ $+ > $: < $(virtuser @ $3 $@ $1 $@ $2 $: @ $) > $1 + $2 < @ $3 > R <@> $+ < @ $+ > $: < $(virtuser @ $2 $@ $1 $: @ $) > $1 < @ $2 > R <@> $+ $: $1 R $+ $: $1 R $+ $: $1 R < $* : $* > $+ $: $3 R < error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4 R < error : $- $+ > $* $#error $@ $(dequote $1 $) $: $2 R < $+ > $+ < @ $+ > $: $>Local_check_rcpt $1 # check user of vmail domains in vmail db R $+ < @ $+ > $* $: < $1 @ $2 > $1 < @ $2 > $3 R < $+ . > $* $: < $1 > $2 R < $+ @ $+ > $+ < @ $+ > $* $: < $(mailertable $2 $) $| $1 @ $2 > $3 < @ $4 > $5 R < vmail : $* $| $+ @ $+ > $+ < @ $+ > $* $: < $(vmail_auth $2@$3 $: vmail_auth_failed $) > $4 < @ $5 > $6 R < vmail_auth_failed > $+ $#error $: 431 4.7.1 " Temporary user checking failure. Try again later" R < error: User unknown > $+ $#error $: 550 5.1.1 User Unknown #R < error: $+ > $+ $#error $: 550 5.1.1 $1 R < error: $+ > $+ $#error $: 431 4.7.1 $1 R < $* > $+ < @ $+ > $* $2 < @ $3 > $4 Sverify_sender_check_host R $* $: $1 R $+ $| $* $: $>D < $1 > < !VerifySenderHost > < $1 $| $2 > R <$*> < $+ $| $* > $: < $1 > $2 $| $3 R $* $| $+ $: $>A < $2 > < !VerifySenderHost > < $1 $| $2 > R <$*> < $* $| $+ > $: < $1 > $2 $| $3 R < VERIFY $* > $* $| $* $@ VERIFY R < $* > $* $| $* $: $2 $| $3 Sverify_sender_check_host R $* $: $1 R $+ $| $* $: $>D < $1 > < !VerifySenderHost > < $1 $| $2 > R <$*> < $+ $| $* > $: < $1 > $2 $| $3 R $* $| $+ $: $>A < $2 > < !VerifySenderHost > < $1 $| $2 > R <$*> < $* $| $+ > $: < $1 > $2 $| $3 R < SKIP $* > $* $| $* $@ SKIP R < $* > $* $| $* $: $2 $| $3 Sverify_sender_check_host R $* $: $1 R $+ $| $* $: $>D < $1 > < !VerifySenderHost > < $1 $| $2 > R <$*> < $+ $| $* > $: < $1 > $2 $| $3 R $* $| $+ $: $>A < $2 > < !VerifySenderHost > < $1 $| $2 > R <$*> < $* $| $+ > $: < $1 > $2 $| $3 R < REJECT $* > $* $| $* $#error $: $1 R < $* > $* $| $* $: $2 $| $3 SCheckNumericMailbox # check address for numeric mailbox R $+ @ $+ . $: $1 @ $2 R $+ @ $+ $: $1 @ $2 R $+ @ $+ $: < $(access NumericMailbox:$1@$2 $: ? $) > $1 @ $2 R $+ @ $+ $: < $(access NumericMailbox:$2 $: ? $) > $1 @ $2 R < OK > $* $@ OK R <$*> $+ $: $2 R $+ @ $+ $: $(allnumbers $1 $: $1 @ $2 $) R @MATCH $#error $: 554 numeric mailbox disabled R $+ @ $+ $: $(allnumbersdots $1 $: $1 @ $2 $) R @MATCH $#error $: 554 numeric mailbox disabled R $* $@ PASSED SLocal_check_mail # R $* $: $>Parse0 $>3 $1 R $+ < @ $+ > $* $: $1 < @ $2 > $3 $| $>CheckNumericMailbox $1@$2 R $+ < @ $+ > $* $| $#error $* $#error $: 554 5.1.7 rejected by Local_check_mail R $+ < @ $+ > $* $| $* $: $1 < @ $2 > $3 SLocal_check_rcpt # R $* $: $>Parse0 $>3 $1 R $+ < @ $+ > $* $: $1 < @ $2 > $3 $| $>CheckNumericMailbox $1@$2 R $+ < @ $+ > $* $| $#error $* $#error $: 554 5.1.7 rejected by Local_check_rcpt R $+ < @ $+ > $* $| $* $: $1 < @ $2 > $3 SCheckIPsyntax R $-.$-.$-.$- $: $(ippat $1.$2.$3.$4 $ $: $1.$2.$3.$4 $) R @MATCH $@ FAILED R $-.$-.$-.$- $: TRUE $1.$2.$3.$4 R TRUE $-.$-.$-.$- $: $(arith l $@ $1 $@ 256 $) $1.$2.$3.$4 R TRUE $-.$-.$-.$- $: $(arith l $@ $2 $@ 256 $) $1.$2.$3.$4 R TRUE $-.$-.$-.$- $: $(arith l $@ $3 $@ 256 $) $1.$2.$3.$4 R TRUE $-.$-.$-.$- $: $(arith l $@ $4 $@ 256 $) $1.$2.$3.$4 R TRUE $-.$-.$-.$- $: $(arith l $@ 0 $@ $1 $) $1.$2.$3.$4 R FALSE $+ $@ FAILED R TRUE $+ $: $1 SCheckIP R $* [$-.$-.$-.$-] $* $: $>CheckIPsyntax $2.$3.$4.$5 R FAILED $#error $@ 5.7.1 $: "550 Forged header" R $-.$-.$-.$- $: $1.$2.$3.$4 R <$*> $-.$-.$-.$- $| $* $: $2.$3.$4.$5 SLocal_check_rcpt # R $* $: $>Parse0 $>3 $1 R $+ < @ $+ > $* $: $1 < @ $2 > $3 $| $1@$2 $| R $* $| $+@$+ . $| $: $1 $| $2@$3 $| R $* $| $+@$+ $| $: $1 $| $2@$3 $| $>SearchList $| <> R $* $| $+@$+ $| $: $1 $| $2@$3 R $* $| $* $| $* $: $1 $| $2 $| $>CheckHelo $&s $| $&{client_name} $| $&{client_addr} R $* $| $* $| $#$* $#$3 R $* $| $* $| $* $| $* $| $* $: $1 R $* $| $* $: $1 SCheckHelo R . $| $* $| $* $#error $@ 5.7.1 $: "554 HELO Error" # делаем исключение из проверки, если PTR запись рилея # присутствует в $w (т. е. является адресом интерфеса этого же хоста) R $* $| $=w $| $* $@ SKIP_LOCAL # подставляем IP адрес рилея в квадратных скобках R $* $| $* $| $* $: $1 $| $2 $| [ $3 ] # делаем исключение из проверки, если IP адрес рилея в квадратных скобках # присутствует в $w (т. е. является адресом интерфеса этого же хоста) R $* $| $* $| $=w $@ SKIP_LOCAL # делаем исключение из проверки, если IP адрес рилея в квадратных скобках # является адресом loopback интерфейса R $* $| $* $| [127.0.0.1] $@ SKIP_LOCAL # убираем квардратные скобки R $* $| $* $| [ $+ ] $: $1 $| $2 $| $3 # skip checks for authentificated senders # делаем исключение из проверки для аутентифицированных отправителей R $* $| $* $| $* $: $&{auth_type} $| $1 $| $2 $| $3 R $+ $| $* $| $* $| $* $@ SKIP_AUTH R $* $| $* $| $* $| $* $: $2 $| $3 $| $4 # skip checks for outgoing messages # делаем исключение из проверки для исходящих сообщений R $* $| $* $| $* $: $&{IsOutgoing} $| $1 $| $2 $| $3 R YES $| $* $| $* $| $* $@ SKIP_OUTGOING R $* $| $* $| $* $| $* $: $2 $| $3 $| $4 # check if HELO in $w class # проверяем наличие HELO в классе $w R $=w $| $* $| $* $#error $@ 5.7.1 $: "554 Misconfigured SMTP client detected" # check if HELO have no any dots # проверяем наличие хотя бы одной точки в HELO R $- $| $* $| $* $#error $@ 5.7.1 $: "554 Misconfigured SMTP client (may be MUA) detected" # check HELO in access_db # проверяем HELO по access_db R $+ $| $* $| $* $: < ? > $1 $| $2 $| $3 R $+ $| $* $| $* $: < $(access Helo:$1 $: ? $) > $1 $| $2 $| $3 R < REJECT > $* $#error $@ 5.7.1 $: "554 Untrusted HELO rejected" R < REJECT:$* > $* $#error $: $1 R < REJECT $* > $* $#error $: $1 R < DISCARD:$* > $* $#discard $: $1 R < DISCARD $* > $* $#discard $: $1 R < TEMP:$* > $* $#error $@ TEMPFAIL $: $1. " Try again later" R < TEMP $* > $* $#error $@ TEMPFAIL $: $1. " Try again later" R < ERROR:$-.$-.$-:$+ > $* $#error $@ $1.$2.$3 $: $4 R < ERROR:$* > $* $#error $@ UNAVAILABLE $: $1 R < ERROR $* > $* $#error $@ UNAVAILABLE $: $1 R <$*> $+ $| $* $| $* $: $2 $| $3 $| $4 ########## # проверка forged helo # # поиск helo в access_db с квалификатором HeloSuffix R $+ $| $* $| $* $: $1 $| $2 $| $3 $| $>AdvD <$1> <> # временная ошибка поиска, прекращаем проверку R $+ $| $* $| $* $| <> $* $: $1 $| $2 $| $3 # запись не найдена, прекращаем проверку R $+ $| $* $| $* $| $* $: $1 $| $2 $| $3 # запись найдена со значением SKIP, прекращаем проверку R $+ $| $* $| $* $| $* $: $1 $| $2 $| $3 # запись найдена со значением OK, прекращаем проверку R $+ $| $* $| $* $| $* $: $1 $| $2 $| $3 # при положительном результате поиска в access_db и # проверяем рузальтаты ризолвинга $&{client_resolve} R $+ $| $* $| $* $| <$*> <> <$+> $: $1 $| $2 $| $3 $| <$4> <$5> $| $&{client_resolve} R $+ $| $| $* $| <$*> <$+> $| TEMP $#error $@ 4.7.1 $: "450 Access temporarily denied. IP name lookup failed for " $2 R $+ $| [$*] $| $* $| <$*> <$+> $| FORGED $#error $@ 4.7.1 $: "450 Access temporarily denied. IP name possibly forged " $3 R $+ $| $| $* $| <$*> <$+> $| FAIL $#error $@ 5.7.1 $: "550 Access denied. Cannot resolve PTR record for " $2 R $+ $| $* $| $* $| <$*> <$+> $| $* $: $1 $| $2 $| $3 $| <$4> <$5> # сохраняем в {helo_key} доменную часть helo, найденную в access_db R $+ $| $* $| $* $| <$*> <$+> $: $1 $| $2 $| $3 $| <$4> <$5> $(macro {helo_key} $@ $5 $) # прекращаем проверку, если PTR запись рилея оканчивается на найденную доменную зону {helo_key} R $+ $| $+ . $&{helo_key} $| $* $| <$*> <$*> $: $: $1 $| $2.$&{helo_key} $| $3 # вывод сообщений об ошибках R $+ $| $+ $| $* $| <$*> $#error $@ 5.7.1 $: "554 Forged HELO string " $1 R $+ $| $+ $| $* $| <$*> $#error $@ 5.7.1 $: $4 R $+ $| $+ $| $* $| <$*> $#error $@ 5.7.1 $: $4 R $+ $| $+ $| $* $| <$*> $#discard $: discard R $+ $| $+ $| $* $| <$*> $#discard $: $4 R $+ $| $+ $| $* $| <$*> $#discard $: $4 R $+ $| $+ $| $* $| <$*> $#error $@ TEMPFAIL $: "Try again later" R $+ $| $+ $| $* $| <$*> $#error $@ TEMPFAIL $: $4. "Try again later" R $+ $| $+ $| $* $| <$*> $#error $@ TEMPFAIL $: $4. "Try again later" R $+ $| $+ $| $* $| <$*> $#error $@ $4.$5.$6 $: $7 R $+ $| $+ $| $* $| <$*> $#error $@ UNAVAILABLE $: $4 R $+ $| $+ $| $* $| <$*> $#error $@ UNAVAILABLE $: $4 R $+ $| $+ $| $* $| <$*> <$*> $#error $: $4 # результат поиска неопределенный R $+ $| $* $| $* $| $* $: $1 $| $2 $| $3 # check IP syntax in HELO # проверка синтаксиса IP адреса в HELO R [$-.$-.$-.$-] $| $* $| $* $: [$1.$2.$3.$4] $| $5 $| $6 $| $>CheckIPsyntax $1.$2.$3.$4 R [$-.$-.$-.$-] $| $* $| $* $| FAILED $#error $@ 5.7.1 $: "554 Incorrect IP syntax" R [$-.$-.$-.$-] $| $* $| $* $| $* $: [$1.$2.$3.$4] $| $5 $| $6 # check HELO as IP without brackets # проверяем, не является ли HELO IP адресом без квадратных скобок R $-.$-.$-.$- $| $* $| $* $: $1.$2.$3.$4 $| $5 $| $6 $| $(ippat $1.$2.$3.$4 $: IP $) R $-.$-.$-.$- $| $* $| $* $| IP $#error $@ 5.7.1 $: "554 Incorrect FQDN in HELO" R $-.$-.$-.$- $| $* $| $* $| $* $: $1.$2.$3.$4 $| $5 $| $6 # check HELO resolving # проверяем совпадение отрелвленного HELO и A записи рилея R $+ $| $* $| $* $: $1 $| $2 $| $3 $| $(dns_a $1 $) # if temporarily resolve problem occured R $+ $| $* $| $* $| $* $#TEMP $@ 4.7.1 $: "450 Access temporarily denied. Can not resolve A record of $1" # save A record of HELO R $+ $| $* $| $* $| $* $: $1 $| $2 $| $3 $| $4 $(macro {HELO_A} $@ $4 $) # if resolving failed R $&{HELO_A} $| $* $| $* $| $* $#error $@ 5.7.1 $: "550 Name IP lookup failed for " $&{HELO_A} # change last field to client A record with dot R $* $| $* $| $* $| $* $: $1 $| $2 $| $3 $| $3. # check R $* $| $* $| $* $| $&{HELO_A} $: $1 $| $2 $| $3 R $* $| $* $| $* $| $* $#error $@ 5.7.1 $: "550 A record " $&{HELO_A} " of HELO " $1 " and client IP address " $3 " are not equal" R $* $| $* $| $* $| $: $1 $| $2 $| $3 # check HELO by dial-up/dsl/cable regexp pattern # проверяем HELO по регулярному выражению на принадлежность diul-up/dsl/cable сетям R $* $| $* $| $* $: $1 $| $2 $| $3 $| $>Local_check_dialup_helo $1 R $* $| $* $| $* $| $#$* $#$4 R $* $| $* $| $* $| $* $: $1 $| $2 $| $3 SLocal_check_dialup_helo # check for HELO exclusion in access_db # проверяем, не указано ли HELO в списке исключений в access_db R $+ $: $1 $| $>D <$1> <> R $* $| <$={Accept}> <> $@ $1 R $* $| $* $: $1 # check HELO by regexp # !!! WARNING !!! # regex check with dulpat deprecated # for regex checks use check_helo_dialup_regex # # проверка HELO по регулярному выражению # !!! ВНИМАНИЕ !!! # проверка по dulpat отключена # для проверки HELO по регулярным выражениям необходимо использовать check_helo_dialup_regex #R $* $: $(dulpat $1 $: $1 $) #R @MATCH $#error $@ 5.7.1 $: 550 Access from dsl/dial-up/cable relays denied according to the local policy SCheckHelo # check for forged HELO # проверка поддельных HELO R $+ $| $* $| $* $: < ? > $1 $| $2 $| $3 $| $&{client_resolve} R < ? > $* hotmail.com $| $| $* $| TEMP $#error $@ 4.7.1 $: "450 Access temporarily denied. Cannot resolve PTR record for " $2 R < ? > $* hotmail.com $| [$*] $| $* $| FORGED $#error $@ 4.7.1 $: "450 Access temporarily denied. IP name possibly forged " $3 R < ? > $* hotmail.com $| $| $* $| FAIL $#error $@ 5.7.1 $: "550 Access denied. IP name lookup failed for " $2 R < ? > $+ $| $* $| $* $| $* $: < ? > $1 $| $2 $| $3 R $* hotmail.com $| $+ . hotmail.com $| $* $: $1 hotmail.com $| $2 . hotmail.com $| $3 R $* hotmail.com $| $+ $| $* $#error $@ 5.7.1 $: "554 Forged HELO string " $1 hotmail.com R <$*> $* $| $* $| $* $: $2 $| $3 $| $4 SCheckHelo # check for forged HELO # проверка поддельных HELO R $+ $| $* $| $* $: < ? > $1 $| $2 $| $3 $| $&{client_resolve} R < ? > $* yahoo.com $| $| $* $| TEMP $#error $@ 4.7.1 $: "450 Access temporarily denied. Cannot resolve PTR record for " $2 R < ? > $* yahoo.com $| [$*] $| $* $| FORGED $#error $@ 4.7.1 $: "450 Access temporarily denied. IP name possibly forged " $3 R < ? > $* yahoo.com $| $| $* $| FAIL $#error $@ 5.7.1 $: "550 Access denied. IP name lookup failed for " $2 R < ? > $+ $| $* $| $* $| $* $: < ? > $1 $| $2 $| $3 R $* yahoo.com $| $+ . yahoo.com $| $* $: $1 yahoo.com $| $2 . yahoo.com $| $3 R $* yahoo.com $| $+ $| $* $#error $@ 5.7.1 $: "554 Forged HELO string " $1 yahoo.com R <$*> $* $| $* $| $* $: $2 $| $3 $| $4 SCheckHelo # check for forged HELO # проверка поддельных HELO R $+ $| $* $| $* $: < ? > $1 $| $2 $| $3 $| $&{client_resolve} R < ? > $* msn.com $| $| $* $| TEMP $#error $@ 4.7.1 $: "450 Access temporarily denied. Cannot resolve PTR record for " $2 R < ? > $* msn.com $| [$*] $| $* $| FORGED $#error $@ 4.7.1 $: "450 Access temporarily denied. IP name possibly forged " $3 R < ? > $* msn.com $| $| $* $| FAIL $#error $@ 5.7.1 $: "550 Access denied. IP name lookup failed for " $2 R < ? > $+ $| $* $| $* $| $* $: < ? > $1 $| $2 $| $3 R $* msn.com $| $+ . msn.com $| $* $: $1 msn.com $| $2 . msn.com $| $3 R $* msn.com $| $+ $| $* $#error $@ 5.7.1 $: "554 Forged HELO string " $1 msn.com R <$*> $* $| $* $| $* $: $2 $| $3 $| $4 SCheckHelo # check for forged HELO # проверка поддельных HELO R $+ $| $* $| $* $: < ? > $1 $| $2 $| $3 $| $&{client_resolve} R < ? > $* aol.com $| $| $* $| TEMP $#error $@ 4.7.1 $: "450 Access temporarily denied. Cannot resolve PTR record for " $2 R < ? > $* aol.com $| [$*] $| $* $| FORGED $#error $@ 4.7.1 $: "450 Access temporarily denied. IP name possibly forged " $3 R < ? > $* aol.com $| $| $* $| FAIL $#error $@ 5.7.1 $: "550 Access denied. IP name lookup failed for " $2 R < ? > $+ $| $* $| $* $| $* $: < ? > $1 $| $2 $| $3 R $* aol.com $| $+ . aol.com $| $* $: $1 aol.com $| $2 . aol.com $| $3 R $* aol.com $| $+ $| $* $#error $@ 5.7.1 $: "554 Forged HELO string " $1 aol.com R <$*> $* $| $* $| $* $: $2 $| $3 $| $4 SCheckHelo # check for forged HELO # проверка поддельных HELO R $+ $| $* $| $* $: < ? > $1 $| $2 $| $3 $| $&{client_resolve} R < ? > $* compuserve.com $| $| $* $| TEMP $#error $@ 4.7.1 $: "450 Access temporarily denied. Cannot resolve PTR record for " $2 R < ? > $* compuserve.com $| [$*] $| $* $| FORGED $#error $@ 4.7.1 $: "450 Access temporarily denied. IP name possibly forged " $3 R < ? > $* compuserve.com $| $| $* $| FAIL $#error $@ 5.7.1 $: "550 Access denied. IP name lookup failed for " $2 R < ? > $+ $| $* $| $* $| $* $: < ? > $1 $| $2 $| $3 R $* compuserve.com $| $+ . compuserve.com $| $* $: $1 compuserve.com $| $2 . compuserve.com $| $3 R $* compuserve.com $| $+ $| $* $#error $@ 5.7.1 $: "554 Forged HELO string " $1 compuserve.com R <$*> $* $| $* $| $* $: $2 $| $3 $| $4 SCheckHelo # check for forged HELO # проверка поддельных HELO R $+ $| $* $| $* $: < ? > $1 $| $2 $| $3 $| $&{client_resolve} R < ? > $* rambler.ru $| $| $* $| TEMP $#error $@ 4.7.1 $: "450 Access temporarily denied. Cannot resolve PTR record for " $2 R < ? > $* rambler.ru $| [$*] $| $* $| FORGED $#error $@ 4.7.1 $: "450 Access temporarily denied. IP name possibly forged " $3 R < ? > $* rambler.ru $| $| $* $| FAIL $#error $@ 5.7.1 $: "550 Access denied. IP name lookup failed for " $2 R < ? > $+ $| $* $| $* $| $* $: < ? > $1 $| $2 $| $3 R $* rambler.ru $| $+ . rambler.ru $| $* $: $1 rambler.ru $| $2 . rambler.ru $| $3 R $* rambler.ru $| $+ $| $* $#error $@ 5.7.1 $: "554 Forged HELO string " $1 rambler.ru R <$*> $* $| $* $| $* $: $2 $| $3 $| $4 SCheckHelo # check for forged HELO # проверка поддельных HELO R $+ $| $* $| $* $: < ? > $1 $| $2 $| $3 $| $&{client_resolve} R < ? > $* mail.ru $| $| $* $| TEMP $#error $@ 4.7.1 $: "450 Access temporarily denied. Cannot resolve PTR record for " $2 R < ? > $* mail.ru $| [$*] $| $* $| FORGED $#error $@ 4.7.1 $: "450 Access temporarily denied. IP name possibly forged " $3 R < ? > $* mail.ru $| $| $* $| FAIL $#error $@ 5.7.1 $: "550 Access denied. IP name lookup failed for " $2 R < ? > $+ $| $* $| $* $| $* $: < ? > $1 $| $2 $| $3 R $* mail.ru $| $+ . mail.ru $| $* $: $1 mail.ru $| $2 . mail.ru $| $3 R $* mail.ru $| $+ $| $* $#error $@ 5.7.1 $: "554 Forged HELO string " $1 mail.ru R <$*> $* $| $* $| $* $: $2 $| $3 $| $4 SCheckHelo # check for forged HELO # проверка поддельных HELO R $+ $| $* $| $* $: < ? > $1 $| $2 $| $3 $| $&{client_resolve} R < ? > $* yandex.ru $| $| $* $| TEMP $#error $@ 4.7.1 $: "450 Access temporarily denied. Cannot resolve PTR record for " $2 R < ? > $* yandex.ru $| [$*] $| $* $| FORGED $#error $@ 4.7.1 $: "450 Access temporarily denied. IP name possibly forged " $3 R < ? > $* yandex.ru $| $| $* $| FAIL $#error $@ 5.7.1 $: "550 Access denied. IP name lookup failed for " $2 R < ? > $+ $| $* $| $* $| $* $: < ? > $1 $| $2 $| $3 R $* yandex.ru $| $+ . yandex.ru $| $* $: $1 yandex.ru $| $2 . yandex.ru $| $3 R $* yandex.ru $| $+ $| $* $#error $@ 5.7.1 $: "554 Forged HELO string " $1 yandex.ru R <$*> $* $| $* $| $* $: $2 $| $3 $| $4 SCheckHelo # check for forged HELO # проверка поддельных HELO R $+ $| $* $| $* $: < ? > $1 $| $2 $| $3 $| $&{client_resolve} R < ? > $* chat.ru $| $| $* $| TEMP $#error $@ 4.7.1 $: "450 Access temporarily denied. Cannot resolve PTR record for " $2 R < ? > $* chat.ru $| [$*] $| $* $| FORGED $#error $@ 4.7.1 $: "450 Access temporarily denied. IP name possibly forged " $3 R < ? > $* chat.ru $| $| $* $| FAIL $#error $@ 5.7.1 $: "550 Access denied. IP name lookup failed for " $2 R < ? > $+ $| $* $| $* $| $* $: < ? > $1 $| $2 $| $3 R $* chat.ru $| $+ . chat.ru $| $* $: $1 chat.ru $| $2 . chat.ru $| $3 R $* chat.ru $| $+ $| $* $#error $@ 5.7.1 $: "554 Forged HELO string " $1 chat.ru R <$*> $* $| $* $| $* $: $2 $| $3 $| $4 SCheckHelo # check for forged HELO # проверка поддельных HELO R $+ $| $* $| $* $: < ? > $1 $| $2 $| $3 $| $&{client_resolve} R < ? > $* gala.net $| $| $* $| TEMP $#error $@ 4.7.1 $: "450 Access temporarily denied. Cannot resolve PTR record for " $2 R < ? > $* gala.net $| [$*] $| $* $| FORGED $#error $@ 4.7.1 $: "450 Access temporarily denied. IP name possibly forged " $3 R < ? > $* gala.net $| $| $* $| FAIL $#error $@ 5.7.1 $: "550 Access denied. IP name lookup failed for " $2 R < ? > $+ $| $* $| $* $| $* $: < ? > $1 $| $2 $| $3 R $* gala.net $| $+ . gala.net $| $* $: $1 gala.net $| $2 . gala.net $| $3 R $* gala.net $| $+ $| $* $#error $@ 5.7.1 $: "554 Forged HELO string " $1 gala.net R <$*> $* $| $* $| $* $: $2 $| $3 $| $4 SCheckHelo # check for forged HELO # проверка поддельных HELO R $+ $| $* $| $* $: < ? > $1 $| $2 $| $3 $| $&{client_resolve} R < ? > $* galaradio.com $| $| $* $| TEMP $#error $@ 4.7.1 $: "450 Access temporarily denied. Cannot resolve PTR record for " $2 R < ? > $* galaradio.com $| [$*] $| $* $| FORGED $#error $@ 4.7.1 $: "450 Access temporarily denied. IP name possibly forged " $3 R < ? > $* galaradio.com $| $| $* $| FAIL $#error $@ 5.7.1 $: "550 Access denied. IP name lookup failed for " $2 R < ? > $+ $| $* $| $* $| $* $: < ? > $1 $| $2 $| $3 R $* galaradio.com $| $+ . galaradio.com $| $* $: $1 galaradio.com $| $2 . galaradio.com $| $3 R $* galaradio.com $| $+ $| $* $#error $@ 5.7.1 $: "554 Forged HELO string " $1 galaradio.com R <$*> $* $| $* $| $* $: $2 $| $3 $| $4 HDate: $>Check_Date SCheck_Date R $* $: $1 # skip checks for authentificated senders R $* $: < $&{auth_type} > $1 R < $+ > $* $: <$1> $2 R < $* > $* $: $2 # for enable fucking MFC date format R $* $: $1 $| $1 R $+ $| $+ $- $- $-:$-:$- Russian Daylight Time $: $1 R $+ $| $+ $- $- $-:$-:$- Russian Standard Time $: $1 R $+ $| $+ $- $- $-:$-:$- GTB Standard Time $: $1 R $+ $| $+ $- $- $-:$-:$- GTB Daylight Time $: $1 R $* $| $* $: $1 R $+ Standard Time $#error $@ 5.7.1 $: ${Msg_date} R $+ Daylight Time $#error $@ 5.7.1 $: ${Msg_date} R $+ AM $#error $@ 5.7.1 $: ${Msg_date} R $+ PM $#error $@ 5.7.1 $: ${Msg_date} R $- . $- . $- $- : $- : $- $#error $@ 5.7.1 $: ${Msg_date} R $* $- : $- : $- $#error $@ 5.7.1 $: ${Msg_date} R $+ -1600 $#error $@ 5.7.1 $: "554 Invalid timezone" R $+ -1900 $#error $@ 5.7.1 $: "554 Invalid timezone" R $* $: $1 HMailing-List: $>Check_Mailing_List SCheck_Mailing_List # skip checks for authentificated senders R $* $: < $&{auth_type} > $1 R < $+ > $* $@ OK R < $* > $* $: $2 # Mailing lists that won't be allowed R InJesus mailing list $* $#error $: ${MsgMailList} HOrganization: $>+Check_Organization SCheck_Organization # skip checks for authentificated senders R $* $: < $&{auth_type} > $1 R < $+ > $* $@ OK R < $* > $* $: $2 # Organizations that won't be allowed R Roman&K $* $#error $@ 5.7.1 $: 554 ${BadOrg} R I N F O $* $#error $@ 5.7.1 $: 554 ${BadOrg} R Delta $#error $@ 5.7.1 $: 554 ${BadOrg} R Налогообложение и бухучет $* $#error $@ 5.7.1 $: "554 Spam is blocked" R мЮКНЦННАКНФЕМХЕ Х АСУСВЕР $* $#error $@ 5.7.1 $: "554 Spam is blocked" # =?windows-1251?B?0+rw4Ojt8ero6SDW5e3y8CDE6PDl6vIgzP3p6w==?= # Украинский Центр Директ Мэйл R =?windows-1251?B?0+rw4Ojt8ero6SDW5e3y8CDE6PDl6vIgzP3p6w==?= $#error $@ 5.7.1 $: "554 direct mail centre, go away" R DMC $#error $@ 5.7.1 $: "554 direct mail centre, go away" SLocal_check_mail # Clear the macro for the next message R $* $: $(macro {Header_X_Mailer} $) $1 R $* $: $(macro {Header_X_MSMail_Priority} $) $1 ###################################################################### # X-Mailer field check # ###################################################################### HX-Mailer: $>+Check_X_Mailer HX-Server: $>+Check_X_Mailer HX-mail-agent: $>+Check_X_Mailer HX-Newsreader: $>+Check_X_Mailer HUser-Agent: $>+Check_X_Mailer SCheck_X_Mailer # skip checks for authentificated senders R $* $: < $&{auth_type} > $1 R < $+ > $* $@ OK R < $* > $* $: $2 # MUAs that won't be allowed R WinAntiSPAM $* $#error $@ 5.7.1 $: 554 WinAntiSpam junk rejected R WAS $* $#error $@ 5.7.1 $: 554 WinAntiSpam junk rejected R PersMail 1.3 $#error $@ 5.7.1 $: 554 ${BadMailer} R Advanced Mass Sender $* $#error $@ 5.7.1 $: 554 ${BadMailer} R Mail Bomber $* $#error $@ 5.7.1 $: 554 ${BadMailer} R LightningMail $* $#error $@ 5.7.1 $: 554 ${BadMailer} R MailKing $* $#error $@ 5.7.1 $: 554 ${BadMailer} R The Red Spider $* $#error $@ 5.7.1 $: 554 ${BadMailer} R $+ emsoft $* $#error $@ 5.7.1 $: 554 ${BadMailer} R MegaMail $* $#error $@ 5.7.1 $: 554 ${BadMailer} R DiffondiCool $* $#error $@ 5.7.1 $: 554 ${BadMailer} R Easy Mail $* $#error $@ 5.7.1 $: 554 ${BadMailer} R MassE-Mail $* $#error $@ 5.7.1 $: 554 ${BadMailer} R Floodgate $* $#error $@ 5.7.1 $: 554 ${BadMailer} R Extractor $* $#error $@ 5.7.1 $: 554 ${BadMailer} R FastMail $* $#error $@ 5.7.1 $: 554 ${BadMailer} R WorldMerge $* $#error $@ 5.7.1 $: 554 ${BadMailer} R Advanced Direct Remailer $* $#error $@ 5.7.1 $: 554 ${BadMailer} R $* Bomber $* $#error $@ 5.7.1 $: 554 ${BadMailer} R Mega-Mailer $* $#error $@ 5.7.1 $: 554 ${BadMailer} R MMailer $* $#error $@ 5.7.1 $: 554 ${BadMailer} R Mailer $* $#error $@ 5.7.1 $: 554 ${BadMailer} R Ligra Mailer $* $#error $@ 5.7.1 $: 554 ${BadMailer} R Dynamic Opt-In Emailer $* $#error $@ 5.7.1 $: 554 ${BadMailer} R $* Group Spamer $#error $@ 5.7.1 $: 554 ${BadMailer} R Mail Sender $* $#error $@ 5.7.1 $: 554 ${BadMailer} R Mail Service $* $#error $@ 5.7.1 $: 554 ${BadMailer} R Mailloop $* $#error $@ 5.7.1 $: 554 ${BadMailer} R PersMail $* $#error $@ 5.7.1 $: 554 ${BadMailer} R LK SendIt $* $#error $@ 5.7.1 $: 554 ${BadMailer} R WC Mail $* $#error $@ 5.7.1 $: 554 ${BadMailer} R ZUBA ZUB $* $#error $@ 5.7.1 $: 554 ${BadMailer} R MailList Express $* $#error $@ 5.7.1 $: 554 ${BadMailer} R Caretop $* $#error $@ 5.7.1 $: 554 ${BadMailer} R Mailer Signature $#error $@ 5.7.1 $: 554 ${BadMailer} R none $#error $@ 5.7.1 $: 554 ${BadMailer} R PG-MAILINGLIST $#error $@ 5.7.1 $: 554 ${BadMailer} R $* advcomtest $* $#error $@ 5.7.1 $: 554 ${BadMailer} R Krasnaya volna 21 vek $#error $@ 5.7.1 $: 554 ${BadMailer} # Real Outlook has long versions, kinda 5.0.23123244 R Microsoft Outlook Express 5.0 $#error $@ 5.7.1 $: 554 ${BadMailer} R Outlook Express $@ $#error $@ 5.7.1 $: 554 ${BadMailer} R Version 5.0 $#error $@ 5.7.1 $: 554 ${BadMailer} R $* $: $(macro {Header_X_Mailer} $@ $1 $) $1 R $* $: < $1 > R < > $#error $@ 5.7.1 $: "554 Illegal header" R < $+ > $: $1 HX-MSMail-Priority: $>Check_X_MSMail_Priority SCheck_X_MSMail_Priority R $* $: $(macro {Header_X_MSMail_Priority} $@ $1 $) $1 Scheck_eoh # Check the macro R $* $: < $&{Header_X_Mailer} > < $&{Header_X_MSMail_Priority} > <$1> R < The . Bat ! $* > <$+> <$*> $#error $@ 5.7.1 $: 554 Your MUA looks like a fake The Bat! R <$*> <$*> <$*> $: $3 HMessage-Id: $>Check_Message_Id SCheck_Message_Id R $* $: $(macro {MessageIdCheck} $@ OK $) $1 # skip checks for authentificated senders R $* $: $&{auth_type} $| $1 R $+ $| $* $@ SKIP_AUTH R $* $| $* $: $2 # skip checks for outgoing messages R $* $: $&{IsOutgoing} $| $1 R YES $| $* $@ SKIP_OUTGOING R $* $| $* $: $2 # skip checks for excluded messages R $* $: $1 R $* $: $1 $| $&{mail_addr} R $* $| $+ $: < $(access CheckMessageId:$2 $: ? $) > $1 $| $2 R $* $| $+ @ $+ $: $>D <$3> R <$*> $: <$1> $2 R $* $: $1 $| $&{client_name} R $* $| $+ $: $>D <$2> R <$*> $: <$1> $2 R $* $: $1 $| $&{client_addr} R $* $| $+ $: $>A <$2> R <$*> $: <$1> $2 R $* $@ SKIP EXCLUDED R $* $@ SKIP EXCLUDED R <$*> $* $: $2 R < $- . $- . $- $u @ $h > $#error $: ${SpamMsg} R $#error $@ 5.7.1 $: 554 reject message from anonymizer R $* $: $1 R < $+ @ $+ > $: < $1 @ $2 > R $* $#error $: 553 Invalid Message-Id header R $* $: $1 Scheck_eoh R $* $: $1 $| $>Message_Id_must_exist R $* $| $#$* $#$2 R $* $| $* $: $1 SMessage_Id_must_exist # Check the macro R $* $: < $&{MessageIdCheck} > # Clear the macro for the next message R $* $: $(macro {MessageIdCheck} $) $1 # Has a Message-Id: header R < $+ > $@ OK # skip checks for authentificated senders R $* $: $&{auth_type} $| $1 R $+ $| $* $@ SKIP_AUTH R $* $| $* $: $2 # skip checks for outgoing messages R $* $: $&{IsOutgoing} $| $1 R YES $| $* $@ SKIP_OUTGOING R $* $| $* $: $2 # skip checks for excluded messages R $* $: $1 R $* $: $1 $| $&{mail_addr} R $* $| $+ $: < $(access CheckMessageId:$2 $: ? $) > $1 $| $2 R $* $| $+ @ $+ $: $>D <$3> R <$*> $: <$1> $2 R $* $: $1 $| $&{client_name} R $* $| $+ $: $>D <$2> R <$*> $: <$1> $2 R $* $: $1 $| $&{client_addr} R $* $| $+ $: $>A <$2> R <$*> $: <$1> $2 R $* $@ SKIP EXCLUDED R $* $@ SKIP EXCLUDED R <$*> $* $: $2 # Otherwise, reject the mail R $* $#error $: 553 Missing Message-Id header HSubject: $>+Check_Subject SCheck_Subject # skip checks for authentificated senders R $* $: < $&{auth_type} > $1 R < $+ > $* $@ OK R < $* > $* $: $2 # skip checks for abuse@ R $* $: < $&{rcpt_addr} > $1 R < abuse > $* $@ OK R < abuse @ $+ > $* $@ OK R < $* > $* $: $2 ###################################################################### # Check Subject field for worm/virus telltales ###################################################################### # Melissa worm detection (done in Check_Subject) # See http://www.cert.org/advisories/CA-99-04-Melissa-Macro-Virus.html R Important Message From $* $#error $: 554 This message may contain the Melissa virus; see http://www.cert.org/advisories/CA-99-04-Melissa-Macro-Virus.html ${Feedback_Msg} R Re: Important Message From $* $#error $: 554 This message may contain the Melissa virus; see http://www.cert.org/advisories/CA-99-04-Melissa-Macro-Virus.html ${Feedback_Msg} # W97M.Melissa.BG virus detection (done in Check_Subject) R $* Janet Simons $* $#error $: 554 This message may contain the W97M.Melissa.BG virus ${Feedback_Msg} R Re: Janet Simons $* $#error $: 554 This message may contain the W97M.Melissa.BG virus ${Feedback_Msg} # ILOVEYOU worm detection (done in Check_Subject) # See http://www.datafellows.com/v-descs/love.htm R ILOVEYOU $#error $: 554 This message may contain the ILOVEYOU virus; see http://www.datafellows.com/v-descs/love.htm ${Feedback_Msg} R Re: ILOVEYOU $#error $: 554 This message may contain the ILOVEYOU virus; see http://www.datafellows.com/v-descs/love.htm ${Feedback_Msg} # Pretty Park virus detection (done in Check_Subject) R $* C\:\\CoolProgs\\Pretty Park.exe $* $#error $: 554 This message may contain the Pretty Park virus ${Feedback_Msg} R Re: $* C\:\\CoolProgs\\Pretty Park.exe $* $#error $: 554 This message may contain the Pretty Park virus ${Feedback_Msg} # Subjects that won't be allowed R Изменен Закон о прибыли - как по-новому правильно снизить налоговую нагрузку. Оптимизация и минимизация налогообложения - не нарушающие законодательства $* $#error $@ 5.7.1 $: "554 Access denied" R хГЛЕМЕМ гЮЙНМ Н ОПХАШКХ - ЙЮЙ ОН-МНБНЛС ОПЮБХКЭМН ЯМХГХРЭ МЮКНЦНБСЧ МЮЦПСГЙС. нОРХЛХГЮЖХЪ Х ЛХМХЛХГЮЖХЪ МЮКНЦННАКНФЕМХЪ - МЕ МЮПСЬЮЧЫХЕ ГЮЙНМНДЮРЕКЭЯРБЮ $* $#error $@ 5.7.1 $: "554 Access denied" R 995 - 82 - 41 $+ $#error $@ 5.7.1 $: "554 Access denied. ALC messages rejected" R Семинары в $* $#error $: 554 ${SpamMsg} R яЕЛХМЮПШ Б $* $#error $: 554 ${SpamMsg} R Краткосрочные образовательные программы в $* $#error $: 554 ${SpamMsg} R йПЮРЙНЯПНВМШЕ НАПЮГНБЮРЕКЭМШЕ ОПНЦПЮЛЛШ Б $* $#error $: 554 ${SpamMsg} R Официальное письмо-приглашение $* $#error $: 554 ${SpamMsg} R пЖЙГЙБМШОПЕ РЙУШНП-РТЙЗМБЫЕОЙЕ $* $#error $: 554 ${SpamMsg} R Приглашашение на семинары $* $#error $: 554 ${SpamMsg} R оПХЦКЮЬЮЬЕМХЕ МЮ ЯЕЛХМЮПШ $* $#error $: 554 ${SpamMsg} R $* Спам разрешен $* $#error $: 554 ${SpamMsg} R $* яОЮЛ ПЮГПЕЬЕМ $* $#error $: 554 ${SpamMsg} R ПРОДАЮТСЯ СПИСКИ АДРЕСОВ ЭЛ.ПОЧТЫ $* $#error $: 554 ${SpamMsg} R опндючряъ яохяйх юдпеянб щк.онврш $* $#error $: 554 ${SpamMsg} R Элитная танцевальная студия $* $#error $: 554 ${SpamMsg} R щКХРМЮЪ РЮМЖЕБЮКЭМЮЪ ЯРСДХЪ $* $#error $: 554 ${SpamMsg} R Промышленный маркетинг $* $#error $: 554 ${SpamMsg} R оПНЛШЬКЕММШИ ЛЮПЙЕРХМЦ $* $#error $: 554 ${SpamMsg} R $* Предприятиям и частным лицам $* $#error $: 554 ${SpamMsg} R $* оПЕДОПХЪРХЪЛ Х ВЮЯРМШЛ КХЖЮЛ $* $#error $: 554 ${SpamMsg} R $* ВНИМАНИЮ РУКОВОДИТЕЛЕЙ $* $#error $: 554 ${SpamMsg} R $* бмхлюмхч псйнбндхрекеи $* $#error $: 554 ${SpamMsg} R Стратегия эффективного мерчендайзинга $* $#error $: 554 ${SpamMsg} R яРПЮРЕЦХЪ ЩТТЕЙРХБМНЦН ЛЕПВЕМДЮИГХМЦЮ $* $#error $: 554 ${SpamMsg} R Плaн ceминаpoв $* $#error $: 554 ${SpamMsg} R оКaМ ceЛХМЮpoБ $* $#error $: 554 ${SpamMsg} R План семинаров $* $#error $: 554 ${SpamMsg} R оКЮМ ЯЕЛХМЮПНБ $* $#error $: 554 ${SpamMsg} R Мерчендайзинг: Прибыль без затрат $* $#error $: 554 ${SpamMsg} R лЕПВЕМДЮИГХМЦ: оПХАШКЭ АЕГ ГЮРПЮР $* $#error $: 554 ${SpamMsg} R =?windows-1251?b?zOXw9+Xt5ODp5+jt4yAtIO/w6OH76/wg4eXnIOfg8vDg8iAgcXI=?= $* $#error $: 554 ${SpamMsg} R here is a good story $* $#error $: 554 ${SpamMsg} R Re: here is a good story $* $#error $: 554 ${SpamMsg} R $Как арендовать самолет? $* $#error $: 554 ${SpamMsg} R Re: Как арендовать самолет? $* $#error $: 554 ${SpamMsg} R Мы продадим Ваш товар $* $#error $: 554 ${SpamMsg} R Re: Мы продадим Ваш товар $* $#error $: 554 ${SpamMsg} R $* we want to finance/buy your business $* $#error $: 554 ${SpamMsg} R РЕКЛАМА В МЕТРО $* $#error $: 554 ${SpamMsg} R Продвижение Вашего бизнеса в Интернет $* $#error $: 554 ${SpamMsg} R new photos from my party $* $#error $: 554 ${SpamMsg} R 2002 Gov Grants $* $#error $: 554 ${SpamMsg} R enhance your sexlife $* $#error $: 554 ${SpamMsg} R Hardcore Farm Sex $* $#error $: 554 ${SpamMsg} R Accept Credit Cards $* $#error $: 554 ${SpamMsg} R CONGRATULATIONS!! YOU'VE WON!! $* $#error $: 554 ${SpamMsg} R Dear corvax , as you reguested... $* $#error $: 554 ${SpamMsg} R FINANCIAL ABUNDANCE IS Y O U R S $* $#error $: 554 ${SpamMsg} R News for corvette $* $#error $: 554 ${SpamMsg} R News for corvette $* $#error $: 554 ${SpamMsg} R girls girls girls $* $#error $: 554 ${SpamMsg} R Change your life in $* $#error $: 554 ${SpamMsg} R Limited time offer $* $#error $: 554 ${SpamMsg} R Quick approvals $* $#error $: 554 ${SpamMsg} R Secure Your $* $#error $: 554 ${SpamMsg} R Fwd: Poison $* $#error $: 554 ${SpamMsg} R Are Your Mortgage Rates $* $#error $: 554 ${SpamMsg} R Free adult $* $#error $: 554 ${SpamMsg} R Does Size Really Matter $* $#error $: 554 ${SpamMsg} R Size Does Matter $* $#error $: 554 ${SpamMsg} R $* Become your own private eye $* $#error $: 554 ${SpamMsg} R $* Wanna hear a story $* $#error $: 554 ${SpamMsg} R $* The monthly get-together $* $#error $: 554 ${SpamMsg} R $* please re-send the email $* $#error $: 554 ${SpamMsg} R $* Free Government Grants $* $#error $: 554 ${SpamMsg} R $* $: $(SpamSubjectRegexp1 $1 $: OK $) $| $1 R $* @MATCH $* $#error $: 554 ${SpamMsg} R OK $| $* $: $1 R $* $: $(SpamSubjectRegexp2 $1 $: OK $) $| $1 R $* @MATCH $* $#error $: 554 ${SpamMsg} R OK $| $* $: $1 R $* $: $(SpamSubjectRegexp5 $1 $: OK $) $| $1 R $* @MATCH $* $#error $: 554 ${SpamMsg} R OK $| $* $: $1 R $* $: $(SpamSubjectRegexp6 $1 $: OK $) $| $1 R $* @MATCH $* $#error $: 554 ${SpamMsg} R OK $| $* $: $1 R $* $: $(SpamSubjectRegexp7 $1 $: OK $) $| $1 R $* @MATCH $#error $: 554 5.7.1 Subject like this not allowed due to local policy R OK $| $* $: $1 R $* $: $(subjgibe $1 $: OK $) $| $1 R @DENY $| $* $#error $@ 5.7.1 $: "550 \"" $1 "\"... W32.Gibe.F signature in Subject rejected" R OK $| $* $: $1 R $+ $: $1 $| $>Check_Subject_access_db $1 R $* $| $#$* $#$2 R $* $| $* $: $1 SLocal_check_rcpt R $* $: $(macro {_RCPT_TO_} $@ $1 $) $1 SCheck_Subject_access_db R $* = ? $- ? Q ? $+ $@ SKIP_QUOTED_PRINTABLE R $* = ? $- ? B ? $+ $@ SKIP_BASE64 R $* $: $(RegExprForTokenizing $1 $: $1 $) R $+ $: $>Tokenize_Subject $1 R $* $: <$&{_RCPT_TO_}> $| $1 R > $* $| $* $#error $@ 4.3.0 $: " tokenized subject: " $2 R $* $| $* $: $2 R $+ $: $(access Subject:$1 $) R REJECT $#error $@ 5.7.1 $: "554 Spam is blocked" R REJECT $* $#error $@ 5.7.1 $: $1 R REJECT:$* $#error $@ 5.7.1 $: $1 R DISCARD $* $#discard $: discard R TEMP $#error $@ TEMPFAIL $: " error checking header. Try again later" R TEMP $* $#error $@ TEMPFAIL $: $1 " error checking header. Try again later" R TEMP:$* $#error $@ TEMPFAIL $: $1 " error checking header. Try again later" R ERROR:$-.$-.$-:$+ $#error $@ $1.$2.$3 $: $4 R ERROR:$* $#error $@ UNAVAILABLE $: $1 " error checking header" R ERROR $#error $@ UNAVAILABLE $: " error checking header" R ERROR $* $#error $@ UNAVAILABLE $: $1 " error checking header" STokenize_Subject R $- $- $* $: $| $1 + $2 $| $3 R $| $+ $| $- $* $| $1 + $2 $| $3 R $| $+ $| $: $1 HContent-Type: $>+Check_Content_Type SCheck_Content_Type R text/html; charset="windows-1251"; charset=windows-1251 $#error $@ 5.7.1 $: "554 Malformed header" R $+ charset="%Encoding" $#error $@ 5.7.1 $: "554 Malformed header" R $+ boundary= "\#MYBOUNDARY\#" $#error $@ 5.7.1 $: "554 Malformed header" R @SUSPECT $#error $@ 5.7.1 $: "554 Possible virus, see http://www.symantec.com/avcenter/venc/data/w32.sircam.worm@mm.html" - ${Msg_Feedback} R $+ boundary=L1db82sd319dm2ns0f4383dhG $#error $@ 5.7.1 $: "554 I-Worm.Frethem.l virus" R $* boundary= "bound" $* $#error $@ 5.7.1 $: "554 Virus Win32.Aliz" R $* boundary="NextPart_000235" $#error $@ 5.7.1 $: "554 Virus Win32.HLLM.Gibe" R $* boundary="Boundary-a8dfidaoRadvfuck" $#error $@ 5.7.1 $: "554 Virus Win32.Fbound.12288" R $* ;; $* $#error $@ 5.7.1 $: "554 Mangled header" R $+ boundary="====_ABC1234567890DEF_====" $#error $@ 5.7.1 $: "554 Possible NIMDA.worm" R $* boundary="bound" $* $#error $@ 5.7.1 $: "554 Virus Win32.Aliz" R $* boundary=AD_2000_PART_BOUNDARY_19990606 $#error $: 553 ${SpamMsg} R $* boundary=WC_MAIL_PaRt_BoUnDaRy_05151998 $#error $: 553 ${SpamMsg} R $+ $: $(SpamContentType $1 $: $1 $) R @SPAM $#error $: 553 Header Error R $+ $: $(SirCamWormMarker $1 $: $1 $) R $* boundary= "-_-_-_-_-_1234567890" $* $#error $@ 5.7.1 $: "550 Header Error" spam boundary R $* boundary= $* $: $1 boundary= $(myquote $2 $) dequote #R $* boundary= $* : Multipart : Boundary : $+ $#error $@ 5.7.1 $: "550 Header Error" spam boundary R $* boundary= $+ $: $(nimda $2 $: $1 boundary= $2 $) R @MATCH $#error $@ 5.7.1 $: "554 Virus Nimda/Badtrans" HX-Originating-IP: $>+CheckXOrigIP SCheckXOrigIP R $-.$-.$-.$- $: [$1.$2.$3.$4] enclose standalone IP R $* [$-.$-.$-.$-, $+] $* $: [$2.$3.$4.$5] strip extra data R $* $: $1 $| $>"CheckIP" $1 R $* $| $#$* $#$2 R $* $| $* $: $1 HContent-Disposition: $>Check_Content_Disposition SCheck_Content_Disposition R $- $@ OK R $- ; $+ $@ OK R Multipart message $#error $: "553 Possible virus, see http://www.symantec.com/avcenter/venc/data/w32.sircam.worm@mm.html" - ${Msg_Feedback} R $* $#error $: "553 Illegal Content-Disposition" HX-MimeOLE: $>Check_X_MimeOLE SCheck_X_MimeOLE R Produced By Microsoft MimeOLE V(null).$* $#error $: 553 Bogus X-MimeOLE - ${Msg_Feedback} HX-Spanska: $>Spanska SSpanska # Happy99 worm detection (done in Spanska) # See http://www.datafellows.com/v-descs/love.htm R $* $#error $: 553 Your system is probably infected by the Happy99 worm; see http://www.symantec.com/avcenter/venc/data/happy99.worm.html - ${Msg_Feedback} HSender: $>CheckSender SCheckSender R $* <> $#error $@ 5.7.1 $: "554 Illegal Sender" R EmailSender $* $#error $@ 5.7.1 $: "554 Filtered" HX_Mailer: $>BanBulk HX-Precedence-Ref: $>BanBulk # X-Bulkmail used by sf-news@securityfocus.com :( #HX-Bulkmail: $>BanBulk HX-RECEIVED-IP: $>BanBulk HX-Encoding: $>BanBulk HReply_to: $>BanBulk HX-: $>BanBulk HX-X: $>BanBulk H1: $>BanBulk H2: $>BanBulk H3: $>BanBulk H4: $>BanBulk HX-NaTegUtuIdi: $>BanBulk HX-NaTegIdiNa: $>BanBulk HX-Advertisement: $>BanBulk HX-PMFLAGS: $>BanBulk HX-AD2000-Register: $>BanBulk HX-AD2000-Serial: $>BanBulk SBanBulk # R $* $#error $: 553 ${SpamMsg} R $* $#error $@ 5.7.1 $: "554 Spam is blocked" SRcpt_ok R $* $: $>Check_relay_based_on_MX $1 ###################################################################### ### Check_relay_based_on_MX -- check if need to relay mail ### for recipient's domain ### ### Parameter: ### mailbox < @ domain > ### ###################################################################### SCheck_relay_based_on_MX # убираем точку R $+ < @ $+ . > $: $1 < @ $2 > # применять relay_based_on_MX только для доменов, для которых мы являемся backup MX R$+ < @ $+ > $: < : $(mxserved $2 $) : > $1 < @ $2 > # получаем MX записи домена получателя R < : $* : > $* $#TEMP $@ 4.7.1 $: "450 Can not check MX records for recipient host " $1 R < : $+ : $* > $* $: $>is_mx_in_w <$1> < : $2 > $3 # проверяем наличие хотя бы одного из MX в классе $w # получаем PTR запись best MX записи R$+ < @ $+ > $: < : $(mxserved_best $2 $) : ? : > $1 < @ $2 > # получаем best MX запись R < : $* : $* > $* $#TEMP $@ 4.7.1 $: "450 Can not check best MX record(s) for recipient host " $1 # проверяем $R на наличие в нем best MX домена в виде имени хоста R < : $+ . : $* > $* $: $>LookUpDomainR <$1> << : $1. : $2 > $3> R $* $@ RELAY R<$*> <$*> $: <$1> $2 # проверяем наличие best MX или домена, в котором он находится, в access_db # в виде имени хоста с квалификатором Connect или без квалификатора R < : $+ . : $-.$-.$-.$- : > $* $: $>D <$1> <+Connect> < : $1 . : $2.$3.$4.$5 : > $6 R $* $@ RELAY # получаем A запись хоста best MX записи R < : $+ : $* > $* $: < : $1 : $(dns_a $1 $) : > $3 R < : $+ : $* : > $* $#TEMP $@ 4.7.1 $: "450 Can not resolve A record of host " $2 R < : $+ : $+ . : > $* $: < : $1 : $2 : > $3 # проверяем $R на наличие в нем best MX домена в виде IP адреса R < : $+ : $=R : > $* $@ RELAY R < : $+ : $=R .$- : > $* $@ RELAY R < : $+ : $=R .$-.$- : > $* $@ RELAY R < : $+ : $=R .$-.$-.$- : > $* $@ RELAY # проверяем наличие best MX в access_db в виде IP адреса с квалификатором Connect или без квалификатора R < : $+ . : $-.$-.$-.$- : > $* $: $>A <$2.$3.$4.$5> <+Connect> < : $1 . : $2.$3.$4.$5 : > $6 # если best MX прописан в trusted сетях в access_db R $* $@ RELAY R<$*> < : $* : $* : > $* $: $4 # приводим адрес получателя к виду mailbox < @ domain >, пригодному для дальнейших проверок R $+ < @ $+ > $: $1 < @ $2 > ###################################################################### ### is_mx_in_w -- check if hostname is in $w ### ### Parameters: ### <$1> -- key (hostname) ### <$2> -- what to return if found in $w ### <$3> -- what to return if not found in $w ### <$4> -- MX records list ### $5 -- passthru (additional data passed through) ###################################################################### Sis_mx_in_w R <$=w> <$+> <$+> <$+> $* $@ <$2> $5 R <$=w.> <$+> <$+> <$+> $* $@ <$2> $5 R <$+> <$+> <$+> <$+> $* $: <$(dns_a $1 $)> <$2> <$3> <$4> $5 R <$* > $* $#TEMP $@ 4.7.1 $: "450 Can not resolve A record of host " $1 R <$=w> <$+> <$+> <$+> $* $@ <$2> $5 R <$+> <$+> <$+> <$+> $* $: <[$1]> <$2> <$3> <$4> $5 R <$=w> <$+> <$+> <$+> $* $@ <$2> $5 R <$+> <$+> <$+> <:$+:$*> $* $: $>is_mx_in_w <$4> <$2> <$3> < : $5 > $6 R <$+> <$+> <$+> <$*> $* $: <$3> $5 ###################################################################### ### LookUpDomainR -- recursion search for domain in $R ### ### Parameters: ### <$1> -- key (domain name) ### <$2> -- default (what to return if not found in $R) ### $3 -- passthru (additional data passed unchanged through) ###################################################################### SLookUpDomainR R < $=R > < $+ > < $* > $@ < RELAY > <$3> R < $-.$+ > < $+ > < $* > $: $>LookUpDomainR <$2> <$3> <$4> R $* $@ < RELAY > $1 R < $* > < $+ > < $* > $@ <$2> <$3> Scheck_compat SLocal_check_compat R < $* > $| $+ $: $1 $| $2 R $* $| < $+ > $: $1 $| $2 R $* $| $+ $: $1 $| $2 # Compat: mail_addr@mail_domain <@> rcpt_addr@rcpt_domain R $+ $| $+ $: <$(access Compat:$1<@>$2 $: ? $)> $1 $| $2 # Compat: @mail_domain <@> rcpt_addr@rcpt_domain R $+@$+ $| $+ $: <$(access Compat:@$2<@>$3 $: ? $)> $1@$2 $| $3 # Compat: mail_domain <@> rcpt_addr@rcpt_domain R $+@$+ $| $+ $: $>LookUpDomainCompatSender < $2<@>$3 > < ? > < $1@$2 $| $3 > R < $+ $| $+ > $: $1 $| $2 # Compat: mail_addr@ <@> rcpt_addr@rcpt_domain R $+@$+ $| $+ $: <$(access Compat:$1@<@>$3 $: ? $)> $1@$2 $| $3 # Compat: <> <@> rcpt_addr@rcpt_domain R $| $+ $: <$(access Compat:<><@>$1 $: ? $)> $| $1 # Compat: <@> rcpt_addr@rcpt_domain R $+@$+ $| $+ $: <$(access Compat:<@>$3 $: ? $)> $1@$2 $| $3 # Compat: mail_addr@mail_domain <@> @rcpt_domain R $+ $| $+@$+ $: <$(access Compat:$1<@>@$3 $: ? $)> $1 $| $2@$3 # Compat: mail_addr@mail_domain <@> rcpt_domain R $+ $| $+@$+ $: $>LookUpDomainCompatRecipient < $1<@>$3 > < ? > < $1 $| $2@$3 > R < $+ $| $+ > $: $1 $| $2 # Compat: @mail_domain <@> @rcpt_domain R $+@$+ $| $+@$+ $: <$(access Compat:@$2<@>@$4 $: ? $)> $1@$2 $| $3@$4 # Compat: @mail_domain <@> rcpt_domain R $+@$+ $| $+@$+ $: $>LookUpDomainCompatRecipient < @$2<@>$4 > < ? > < $1@$2 $| $3@$4 > R < $+ $| $+ > $: $1 $| $2 # Compat: mail_addr@ <@> @rcpt_domain R $+@$+ $| $+@$+ $: <$(access Compat:$1@<@>@$4 $: ? $)> $1@$2 $| $3@$4 # Compat: mail_addr@ <@> rcpt_domain R $+@$+ $| $+@$+ $: $>LookUpDomainCompatRecipient < $1@<@>$4 > < ? > < $1@$2 $| $3@$4 > R < $+ $| $+ > $: $1 $| $2 # Compat: <> <@> @rcpt_domain R $| $+@$+ $: <$(access Compat:<><@>@$2 $: ? $)> $| $1@$2 # Compat: <> <@> rcpt_domain R $| $+@$+ $: $>LookUpDomainCompatRecipient < <><@>$2 > < ? > < $| $1@$2 > R < $* $| $+ > $: $1 $| $2 # Compat: <@> @rcpt_domain R $+@$+ $| $+@$+ $: <$(access Compat:<@>@$4 $: ? $)> $1@$2 $| $3@$4 # Compat: <@> rcpt_domain R $+@$+ $| $+@$+ $: $>LookUpDomainCompatRecipient < <@>$4 > < ? > < $1@$2 $| $3@$4 > R < $+ $| $+ > $: $1 $| $2 # Compat: mail_addr@mail_domain <@> R $+ $| $* $: <$(access Compat:$1<@> $: ? $)> $1 $| $2 # Compat: @mail_domain <@> R $+@$+ $| $* $: <$(access Compat:@$2<@> $: ? $)> $1@$2 $| $3 # Compat: mail_domain <@> R $+@$+ $| $* $: $>LookUpDomainCompatSender < $2<@> > < ? > < $1@$2 $| $3 > R < $+ $| $+ > $: $1 $| $2 # Compat: mail_addr@ <@> R $+@$+ $| $* $: <$(access Compat:$1@<@> $: ? $)> $1@$2 $| $3 R $+ $| $+ $: $1 $| $2 R < REJECT:$* > $* $| $* $#error $: $1 R < REJECT > $* $| $* $#error $: " rejected by Local_check_compat" R < REJECT $* > $* $| $* $#error $: $1 R < DISCARD $* > $* $| $* $#discard $: discard R < TEMP:$* > $* $| $* $#error $@ TEMPFAIL $: $1 " error from Local_check_compat. Try again later" R < ERROR:$-.$-.$-:$+ > $* $| $* $#error $@ $1.$2.$3 $: $4 R < ERROR:$* > $* $| $* $#error $@ UNAVAILABLE $: $1 " error from Local_check_compat" SLocal_check_rcpt R $* < @ $+ . > $* $: $1 < @ $2 > $3 R $* $: $1 $| $>Parse0 $>3 $&f R $* $| $* < @ $+ . > $* $: $1 $| $2 < @ $3 > $4 R $* $| $* $: $1 $| $>Local_check_compats $1 $| $2 R $* $| $#$* $#$2 R $* $| $* $: $1 SLocal_check_compats R $* < @ $+ > $* $| $* < @ $+ > $* $: $1 < @ $2 > $3 $| $4 < @ $5 > $6 $| $>Local_check_compat $4@$5 $| $1@$2 R $* $| $* $| $#$* $#$3 R $* $| $* < @ $+ > $* $| $* $@ OK R $* $| $* < @ $+ > $* $| $* $: $1 $| $2 < @ $3 > $4 $| $>Local_check_compat $2@$3 $| $&{rcpt_addr} R $* $| $* $| $#$* $#$3 R $* $| $* < @ $+ > $* $| $* $@ OK R $* < @ $+ > $* $| $* < @$+ > $* $| $* $: $1 < @ $2 > $3 $| $4 < @ $5 > $6 $| $>check_compat $4@$5 $| $1@$2 R $* $| $* $| $#$* $#$3 R $* $| $* $| $* $@ OK R $* $| $* $: $1 R $* < @ $+ > $* $: $1 < @ $2 > $3 $| $>Local_check_compat $&{mail_addr} $| $1@$2 R $* $| $#$* $#$2 R $* $| $* $@ OK R $* $| $* $: $1 $| $>Local_check_compat $&{mail_addr} $| $&{rcpt_addr} R $* $| $#$* $#$2 R $* $| $* $@ OK R $* < @ $+ > $* $| $* $: $1 < @ $2 > $3 $| $>check_compat $&{mail_addr} $| $1@$2 R $* $| $#$* $#$2 R $* $| $* $@ OK ###################################################################### ### LookUpDomainCompatSender: search for domain in access database ### ### Parameters: ### <$1> -- key (domain name) as $*> ### <$2> -- default (what to return if not found in db) ### <$3> -- mark (must be <(!|+) single-token>) ### ! does lookup only with tag ### + does lookup with and without tag ### <$4> -- passthru (additional data passed unchanged through) ###################################################################### SLookUpDomainCompatSender R<$*<@>$*> <$+> <$- $-> <$*> $: < $(access $5:$1<@>$2 $: ? $) > <$1<@>$2> <$3> <$4 $5> <$6> R <$*<@>$*> <$+> <+ $-> <$*> $: < $(access $1<@>$2 $: ? $) > <$1<@>$2> <$3> <+ $4> <$5> R <$+.$+<@>$*> <$+> <$- $-> <$*> $@ $>LookUpDomainCompatSender <$2<@>$3> <$4> <$5 $6> <$7> R <$+<@>$*> <$+> <$- $-> <$*> $@ <$3> <$6> R<$* > <$*<@>$*> <$+> <$- $-> <$*> $@ <> <$7> R<$*> <$*<@>$*> <$+> <$- $-> <$*> $@ <$1> <$7> ###################################################################### ### LookUpDomainCompatRecipient: search for domain in access database ### ### Parameters: ### <$1> -- key (domain name) as <$*<@>domain> ### <$2> -- default (what to return if not found in db) ### <$3> -- mark (must be <(!|+) single-token>) ### ! does lookup only with tag ### + does lookup with and without tag ### <$4> -- passthru (additional data passed unchanged through) ###################################################################### SLookUpDomainCompatRecipient R<$*<@>$*> <$+> <$- $-> <$*> $: < $(access $5:$1<@>$2 $: ? $) > <$1<@>$2> <$3> <$4 $5> <$6> R <$*<@>$*> <$+> <+ $-> <$*> $: < $(access $1<@>$2 $: ? $) > <$1<@>$2> <$3> <+ $4> <$5> R <$*<@>$+.$+> <$+> <$- $-> <$*> $@ $>LookUpDomainCompatRecipient <$1<@>$3> <$4> <$5 $6> <$7> R <$*<@>$*> <$+> <$- $-> <$*> $@ <$3> <$6> R<$* > <$*<@>$*> <$+> <$- $-> <$*> $@ <> <$7> R<$*> <$*<@>$*> <$+> <$- $-> <$*> $@ <$1> <$7> SLocal_localaddr R $* $: $1 R $* $: < $(user $1 $: ? $) > $1 R < $* <>> $* $: < $1 > $2 R $* $: $1 $| $>Local_localaddr_local $1 R $* $| $* $: $1 $| $>Local_localaddr_local $&{rcpt_to} R $* $| $#$* $#$2 R $* $| $* $: $1 SLocal_localaddr_local R <$*> $: $1 R $* $: $1 $| $&f # проверка LUSER_COMPAT:<><@>recipient_mailbox R $* $| $: < $(access LUSER_COMPAT:<><@>$1 $: ? $) > $1 $| # проверка LUSER_COMPAT:sender_address<@>recipient_mailbox R $* $| $+ $: < $(access LUSER_COMPAT:$2<@>$1 $: ? $) > $1 $| $2 # проверка LUSER_COMPAT:@sender_domain<@>recipient_mailbox R $* $| $+@$+ $: < $(access LUSER_COMPAT:@$3<@>$1 $: ? $) > $1 $| $2@$3 # проверка LUSER_COMPAT:sender_domain<@>recipient_mailbox R $* $| $+@$+ $: < $(access LUSER_COMPAT:$3<@>$1 $: ? $) > $1 $| $2@$3 # проверка LUSER_COMPAT:sender_mailbox@<@>recipient_mailbox R $* $| $+@$+ $: < $(access LUSER_COMPAT:$2@<@>$1 $: ? $) > $1 $| $2@$3 R $* $| $* $: $1 $| $&{mail_addr} # проверка LUSER_COMPAT:sender_mailbox@sender_domain<@>recipient_mailbox R $* $| $+ $: < $(access LUSER_COMPAT:$2<@>$1 $: ? $) > $1 $| $2 # проверка LUSER_COMPAT:@sender_domain<@>recipient_mailbox R $* $| $+@$+ $: < $(access LUSER_COMPAT:@$3<@>$1 $: ? $) > $1 $| $2@$3 # проверка LUSER_COMPAT:sender_domain<@>recipient_mailbox R $* $| $+@$+ $: < $(access LUSER_COMPAT:$3<@>$1 $: ? $) > $1 $| $2@$3 # проверка LUSER_COMPAT:sender_mailbox@<@>recipient_mailbox R $* $| $+@$+ $: < $(access LUSER_COMPAT:$2@<@>$1 $: ? $) > $1 $| $2@$3 # проверка LUSER_TO:recipient_mailbox R $* $| $* $: < $(access LUSER_TO:$1 $: ? $) > $1 $| $2 # проверка LUSER_TO:recipient_mailbox@recipient_domain R $* $| $* $: < $(access LUSER_TO:$1 $: ? $) > $1 $| $2 # проверка LUSER_TO:@recipient_domain R $+@$+ $| $* $: < $(access LUSER_TO:@$2 $: ? $) > $1@$2 $| $3 # проверка LUSER_TO:recipient_domain R $+@$+ $| $* $: < $(access LUSER_TO:$2 $: ? $) > $1@$2 $| $3 # проверка LUSER_TO:recipient_mailbox@ R $+@$+ $| $* $: < $(access LUSER_TO:$1@ $: ? $) > $1@$2 $| $3 # проверка LUSER_TO:recipient_mailbox@ R $+ $| $* $: < $(access LUSER_TO:$1@ $: ? $) > $1 $| $2 R $* $| $* $: $1 $| $&f # проверка LUSER_FROM:<> R $* $| $: < $(access LUSER_FROM:<> $: ? $) > $1 $| # проверка LUSER_FROM:sender_mailbox@sender_domain R $* $| $+@$+ $: < $(access LUSER_FROM:$2 $: ? $) > $1 $| $2@$3 # проверка LUSER_FROM:@sender_domain R $* $| $+@$+ $: < $(access LUSER_FROM:@$3 $: ? $) > $1 $| $2@$3 # проверка LUSER_FROM:sender_mailbox@ R $* $| $+@$+ $: < $(access LUSER_FROM:$2@ $: ? $) > $1 $| $2@$3 # проверка LUSER_FROM:sender.subdomain.sender_domain # проверка LUSER_FROM:sender_domain R $* $| $+@$+ $: $>D <$3> < ! LUSER_FROM > < $1 $| $2@$3 > R <$*> < $* $| $+@$+ > $: < $1 > $2 $| $3@$4 R $* $| $* $: $1 $| $&{mail_addr} # проверка LUSER_FROM:sender_mailbox@sender_domain R $* $| $+@$+ $: < $(access LUSER_FROM:$2 $: ? $) > $1 $| $2@$3 # проверка LUSER_FROM:@sender_domain R $* $| $+@$+ $: < $(access LUSER_FROM:@$3 $: ? $) > $1 $| $2@$3 # проверка LUSER_FROM:sender_mailbox@ R $* $| $+@$+ $: < $(access LUSER_FROM:$2@ $: ? $) > $1 $| $2@$3 # проверка LUSER_FROM:sender.subdomain.sender_domain # проверка LUSER_FROM:sender_domain R $* $| $+@$+ $: $>D <$3> < ! LUSER_FROM > < $1 $| $2@$3 > R <$*> < $* $| $+@$+ > $: < $1 > $2 $| $3@$4 # отделяем отправителей из локальных доменов (в ${mail_addr} отсутствует "@" R $* $| $+@$+ $: $1 $| $2@$3 R $* $| $+ $: < $(access LUSER_FROM:$2 $: ? $) > $1 $| $2 # отделяем политики по умолчанию для локальных отправителей из локальных доменов R $* $| $+ $: < $(access LUSER_FROM:_LOCAL_ $: ? $) > $1 $| $2 R $* $| $+@$+ $: $1 $| $2@$3 # отделяем политики по умолчанию R $* $| $+ $: < $(access LUSER_FROM: $: ? $) > $1 $| $2 R < REJECT:$* > $* $#error $: $1 R < REJECT > $* $#error $@ 5.1.1 $: User unknown R < REJECT $* > $* $#error $: $1 R < DISCARD:$* > $* $#discard $: $1 R < DISCARD > $* $#discard $: discarded by Local_localaddr R < DISCARD $* > $* $#discard $: $1 R < $* > $* $| $* $: < $1 > $2 R < $* > $* $: $2 SLocal_check_mail # Clear the macro for the next message R $* $: $(macro {Header_Content_Type} $) $1 R $* $: $(macro {Header_From} $) $1 SLocal_check_rcpt R $* $: $1 $| <$&f> $| <$&{nrcpts}> R $* $| <> $| <0> $: $1 R $* $| <> $| <$+> $#error $: 552 Only one receipient accepted for NULL sender R $* $| <$*> $| <$*> $: $1 # правило для проверки поля Content-Type HContent-Type: $>+Check_Content_Type SCheck_Content_Type # сохранение значение поля Content-Type R $* $: $(macro {Header_Content_Type} $@ $1 $) $1 # правило для проверки поля From HFrom: $>+Check_From SCheck_From # сохранение значения поля From R $* $: $(macro {Header_From} $@ $1 $) $1 # после приема всех полей заголовка проверяем соответствие MAIL FROM, From, Content-Type Scheck_eoh # Check the macro R $* $: < $&{mail_addr} > < $&{Header_From} > < $&{Header_Content_Type} > <$1> # если MAIL FROM не пустой, дальшейшую проверку не производим R <$+> <$*> <$*> <$*> $: <$4> # skip checks for authentificated senders R $+ $: $1 $| $&{auth_type} R $+ $| $+ $: $1 R $+ $| $: $1 # skip checks for outgoing messages R $+ $: $1 $| $&{IsOutgoing} R $+ $| YES $: $1 R $+ $| $* $: $1 # skip checks for excluded messages R $* $: $1 $| $&{mail_addr} $| R $* $| $+ @ $+ $| $: $1 $| $2 $| $>SearchList $| <> R $* $| $+ $| $: $1 $| $2 $| $>SearchList $| <> R $* $| $+ $| $: $1 R $* $| $+ $| $: $1 R $* $| $+ $| $* $: $1 R $* $| $* $: $1 R $* $: $1 $| $&{client_name} $| R $* $| $+ $| $: $1 $| $2 $| $>SearchList $| <> R $* $| $+ $| $: $1 R $* $| $+ $| $: $1 R $* $| $+ $| $* $: $1 R $* $| $* $: $1 R $* $: $1 $| $&{client_addr} $| R $* $| $+ $| $: $1 $| $2 $| $>A <$2> <> R $* $| $+ $| <> $: $1 R $* $| $+ $| <> $: $1 R $* $| $+ $| $* $: $1 R $* $| $* $: $1 # если значение поля Content-Type начинается с "multipart/report; report-type=delivery-status" и # mailbox из поля From содержит Mailer-Daemon, postmaster или mailer, считаем DSN корректным R < > <$* Mailer-Daemon @ $* > < multipart / report ; report-type = delivery-status $*> <$*> $: <$4> R < > <$* postmaster @ $* > < multipart / report ; report-type = delivery-status $*> <$*> $: <$4> R < > <$* mailer @ $* > < multipart / report ; report-type = delivery-status $*> <$*> $: <$4> R < > <$* Mailer-Daemon @ $* > < > <$*> $: <$3> R < > <$* postmaster @ $* > < > <$*> $: <$3> R < > <$* mailer @ $* > < > <$*> $: <$3> # в противном случае отвергаем сообщение R < > <$*> <$*> <$*> $#error $: 552 " Message looks like a fake DSN" R <$*> <$*> <$*> <$*> $: $4 R <$*> $: $1 SLocal_check_rcpt # R $* $: $>Parse0 $>3 $1 R $+ < @ $+ > $: $1 < @ $2 > $| $1@$2 R $+ $| $+ @ $+ . $: $1 $| $2@$3 R $+ $| $+ @ $=w $: $1 $| $>CheckCompatTheSame $2@$3 R $* $| $#$* $#$2 R $* $| $* $: $1 SCheckCompatTheSame R $* $: < $&{auth_type} > $1 R < $+ > $* $@ AUTH R < $* > $* $: $2 R $&f $: R $* $@ NOT_THE_SAME R $: $>A <$&{client_addr}> <+Connect> <> R $* $@ OK R <$*> $* $: $>D <$&{client_name}> <+Connect> <> R $* $@ OK R $* $#error $: 554 5.1.7 Access denied SLocal_check_rcpt R $* $: $1 $| $&{rcpt_to} R $* $| <$*> $: $1 $| $2 R $* $| $+ @ $+ $: $1 $| $2 @ $3 $| $>check_domain_internal $3 #R $* $| $* $| $#$* $#$3 R $* $| $* $| $#$* $#error $: 554 5.1.7 You do not have permission to send mail with RCPT TO:$&{rcpt_to} R $* $| $* $| $* $: $1 R $* $| $: $1 SLocal_check_mail R $* $: $1 $| $&{mail_from} R $* $| <$*> $: $1 $| $2 R $* $| $+ @ $+ $: $1 $| $2 @ $3 $| $>check_address_internal $2@$3 #R $* $| $* $| $#$* $#$3 R $* $| $* $| $#$* $#error $: 554 5.1.7 You do not have permission to send mail with this MAIL FROM R $* $| $* $| $* $: $1 R $* $| $: $1 R $* $: $1 $| $&f R $* $| <$*> $: $1 $| $2 R $* $| $+ @ $+ $: $1 $| $2 @ $3 $| $>check_address_internal $2@$3 #R $* $| $* $| $#$* $#$3 R $* $| $* $| $#$* $#error $: 554 5.1.7 You do not have permission to send mail with this MAIL FROM R $* $| $* $| $* $: $1 $| $2 R $* $| $+ @ $+ $: $1 $| $2 @ $3 $| $>check_domain_internal $3 # R $* $| $* $| $#$* $#$3 R $* $| $* $| $#$* $#error $: 554 5.1.7 You do not have permission to send mail with this MAIL FROM R $* $| $* $| $* $: $1 R $* $| $: $1 Scheck_address_internal R $* . $: $1 R $* $: $&{auth_type} $| $1 R $+ $| $* $@ SKIP_AUTH R $* $| $* $: $2 R $* $: $1 $| $>A <$&{client_addr}> <+Connect> <> R $* $| $* $@ SKIP_TRUSTED R $* $| <$*> <> $: $1 $| <$2> R $* $| $: $1 $| $>D <$&{client_name}> <+Connect> <> R $* $| $* $@ SKIP_TRUSTED R $* $| <$*> <> $: $1 R $* $: $1 R $* $: <$(access InternalAddress:$1 $: ? $)> $1 R $* $@ NOT_INTERNAL R $* $@ NOT_INTERNAL R <$*> $* $: $2 R $* $#error $: 554 5.1.7 Access denied Scheck_domain_internal R $* . $: $1 R $* $: $&{auth_type} $| $1 R $+ $| $* $@ SKIP_AUTH R $* $| $* $: $2 R $* $: $1 $| $>A <$&{client_addr}> <+Connect> <> R $* $| $* $@ SKIP_TRUSTED R $* $| <$*> <> $: $1 $| <$2> R $* $| $: $1 $| $>D <$&{client_name}> <+Connect> <> R $* $| $* $@ SKIP_TRUSTED R $* $| <$*> <> $: $1 R $* $| <$*> $: $1 R $* $: $1 R localhost $: localhost R $* $: <$(access InternalDomain:@$1 $: ? $)> $1 R $* $: $>D <$1> <$1> R <$*> <$*> $: <$1> $2 R $* $@ NOT_INTERNAL R $* $@ NOT_INTERNAL R <$*> $* $: $2 R $* $#error $: 554 5.1.7 Access denied HFrom: $>+Check_From SCheck_From R Message Content Filter $#error $@ 5.7.1 $: "554 Antivirus junk rejected" R amavisd-new $+ $#error $@ 5.7.1 $: "554 Antivirus junk rejected" R Panda_PerimeterScan_Postfix_Edition@debmail.sov.mplik.ru $#error $@ 5.7.1 $: "554 Antivirus junk rejected" R "Приглашение на семинар" $+ $#error $@ 5.7.1 $: "554 Access denied" R "оПХЦКЮЬЕМХЕ МЮ ЯЕЛХМЮП" $+ $#error $@ 5.7.1 $: "554 Access denied" R "Агенство Недвижимости" $+ $#error $@ 5.7.1 $: "554 Access denied" R "юЦЕМЯРБН мЕДБХФХЛНЯРХ" $+ $#error $@ 5.7.1 $: "554 Access denied" R "ICIC Consulting Centre (044) 455-99-99" $+ $#error $@ 5.7.1 $: "554 Access denied. ICIC, go away" R =?windows-1251?B?RE1DIFVLUkFJTkU=?= $+ $#error $@ 5.7.1 $: "554 direct mail centre, go away" HTo: $>+Check_To SCheck_To #R "" $+ $#error $: 550 5.7.1 Access denied SLocal_check_mail #R $* $: $>Parse0 $>3 $1 R $+ < @ $+ > $: $1 < @ $2 > $| $>CheckSenderDomainBestMX $2 R $* $| $#$* $#$2 R $* $| $* $: $1 SCheckSenderDomainBestMX R $* $: $1 $| $&{client_name} $| $&{client_addr} # делаем исключение из проверки, если PTR запись рилея # присутствует в $w (т. е. является адресом интерфеса этого же хоста) R $* $| $=w $| $* $@ SKIP_LOCAL # подставляем IP адрес рилея в квадратных скобках R $* $| $* $| $* $: $1 $| $2 $| [ $3 ] # делаем исключение из проверки, если IP адрес рилея в квадратных скобках # присутствует в $w (т. е. является адресом интерфеса этого же хоста) R $* $| $* $| $=w $@ SKIP_LOCAL # делаем исключение из проверки, если IP адрес рилея в квадратных скобках # является адресом loopback интерфейса R $* $| $* $| [127.0.0.1] $@ SKIP_LOCAL # убираем квардратные скобки R $* $| $* $| [ $+ ] $: $1 $| $2 $| $3 R $* $| $* $| $* $: $1 R $+ . $: $1 R $+ $: $1 $| $(mxserved_best $1 $) R $+ $| $* $#TEMP $@ 4.7.1 $: "450 Can not check best MX record(s) for sender domain " $1 R $+ $| $+ $: $1 $| $2 $| $(dns_a $2 $) R $+ $| $+ $| $* $#TEMP $@ 4.7.1 $: "450 Can not get A record for " $2 ", best MX record of sender domain " $1 R $+ $| $+ $| $+ . $: $1 $| $2 $| $3 R $+ $| $+ $| $+ $: $1 $| $2 $| $3 $| $>A <$3> <> R $+ $| $+ $| $+ $| $* $@ OK R $+ $| $+ $| $+ $| $* $@ SKIP R $+ $| $+ $| $+ $| $* $: $1 $| $2 $| $3 R $+ $| $+ $| $+ $| <$*> $#error $@ 5.7.1 $: "554 MX " $2 " [" $3 "] for " $1 " cannot refer to private or special address space, see RFC 3330" R $+ $| $+ $| $+ $| <$*> $#error $@ 5.7.1 $: $4 R $+ $| $+ $| $+ $| <$*> $#error $@ 5.7.1 $: $4 R $+ $| $+ $| $+ $| <$*> $#discard $: discard R $+ $| $+ $| $+ $| <$*> $#discard $: $4 R $+ $| $+ $| $+ $| <$*> $#discard $: $4 R $+ $| $+ $| $+ $| <$*> $#error $@ TEMPFAIL $: "Try again later" R $+ $| $+ $| $+ $| <$*> $#error $@ TEMPFAIL $: $4. "Try again later" R $+ $| $+ $| $+ $| <$*> $#error $@ TEMPFAIL $: $4. "Try again later" R $+ $| $+ $| $+ $| <$*> $#error $@ $4.$5.$6 $: $7 R $+ $| $+ $| $+ $| <$*> $#error $@ UNAVAILABLE $: $4 R $+ $| $+ $| $+ $| <$*> $#error $@ UNAVAILABLE $: $4 R $+ $| $+ $| $+ $| <$*> <$*> $#error $: $4 R $+ $| $+ $| $+ $| $* $: $1 $| $2 $| $3 R $+ $| $+ . $| $+ $: $1 $| $2 $| $3 R $+ $| $+ $| $+ $: $1 $| $2 $| $3 $| $>D <$2> <> R $+ $| $+ $| $+ $| $* $@ NOT_FOUND R $+ $| $+ $| $+ $| $* $@ OK R $+ $| $+ $| $+ $| $* $@ SKIP R $+ $| $+ $| $+ $| <$*> $#error $@ 5.7.1 $: "554 MX " $2 " for " $1 " cannot refer to private or special address space, see RFC 3330" R $+ $| $+ $| $+ $| <$*> $#error $@ 5.7.1 $: $4 R $+ $| $+ $| $+ $| <$*> $#error $@ 5.7.1 $: $4 R $+ $| $+ $| $+ $| <$*> $#discard $: discard R $+ $| $+ $| $+ $| <$*> $#discard $: $4 R $+ $| $+ $| $+ $| <$*> $#discard $: $4 R $+ $| $+ $| $+ $| <$*> $#error $@ TEMPFAIL $: "Try again later" R $+ $| $+ $| $+ $| <$*> $#error $@ TEMPFAIL $: $4. "Try again later" R $+ $| $+ $| $+ $| <$*> $#error $@ TEMPFAIL $: $4. "Try again later" R $+ $| $+ $| $+ $| <$*> $#error $@ $4.$5.$6 $: $7 R $+ $| $+ $| $+ $| <$*> $#error $@ UNAVAILABLE $: $4 R $+ $| $+ $| $+ $| <$*> $#error $@ UNAVAILABLE $: $4 R $+ $| $+ $| $+ $| <$*> <$*> $#error $: $4 SIsIPLocal # прекращаем проверку, если IP адрес отправителя указан явным образом в /etc/mail/relay-domains R $=R $@ YES # прекращаем проверку, если IP адрес отправителя указан в /etc/mail/relay-domains в виде A.B.C R $=R.$- $@ YES # прекращаем проверку, если IP адрес отправителя указан в /etc/mail/relay-domains в виде A.B R $=R.$-.$- $@ YES # прекращаем проверку, если IP адрес отправителя указан в /etc/mail/relay-domains в виде A R $=R.$-.$-.$- $@ YES # производим поиск записи об IP адресе отправителя в access_db с квалификатором Connect или без него R $-.$-.$-.$- $: $>A <$1.$2.$3.$4> <+Connect> <> # прекращаем проверку, если запись найдена со значением RELAY R $* $@ YES # при любом другом значении или отсутствии такового считаем адрес нелокальным R $* $@ NO SIsHostLocal # производим поиск записи о хосте отправителя в access_db с квалификатором Connect или без него R $+ $: $>D <$1> <+Connect> <> # прекращаем проверку, если запись найдена со значением RELAY R $* $@ YES # при любом другом значении или отсутствии такового считаем адрес нелокальным R $* $@ NO HReceived: $>+Check_Received SCheck_Received # stupid qmail formats R from $* ( HELO $+ ) ( $+ ) by $+ with $- ; $+ $: from $2 ( $1 [ $3 ] ) by $4 # handle Exim format R from [ $+ ] ($* HELO = $+) by $+ $: from $3 ( $2 [ $1 ] ) by $4 R from $+ ( [ $+ ] HELO = $+ ident = $+ ) by $+ $: from $3 ( $1 [ $2 ] ) by $5; (ident=$4) R from $+ ( [ $+ ] HELO = $+ ) by $+ $: from $3 ( $1 [ $2 ] ) by $4 R from $+ ([ $+ ]) by $+ $: from $1 ( [ $2 ] ) by $3 # handle CGPro format R from [ $+ ] ($* HELO $+) by $+ ($+) with $- id $+ $: from $3 ( $2 [ $1 ] ) by $4 # MS Internet Mail R from ( $+ ) [ $+ ] by $+ with $+ $: from $1 ( [ $2 ] ) by $3 # SMTPSVC R from $+ - $+ by $+ with $+ $: from $1 ( [ $2 ] ) by $3 # SMail format for local clients R from (locally authorised $+) $+ [$+] with $- by $+ with $+ $: from $2 ( [ $3 ] ) by $5 # handle SpiderMail format R from $+ ( $+ [ $+ ] with $- ) by $+ for $+ $: from $1 ( $2 [ $3 ] ) by $5 # handle Domino MTA fmt R ( from $* [ $+ ] ) $+ $: from $1 ( [ $2 ] ) $3 # handle MDaemon format R from $+ [ $+ ] by $+ [ $+ ] with $- ( $+ ) for $+ $: from $1 ( [ $2 ] ) by $3 with $5 for $7 # sendmail from localhost R ( from $+ @ $+ ) by $+ for $+ $: from $2 ( $1@$2 [ $2 ] ) by $3 # delete "may be forged" R from $+ ($+ [$+] $* ) by $+ $: from $1 ( $2 [ $3 ] ) by $5 # now we have formatted Received to normal syntax SLocal_check_rcpt # R $* $: $>Parse0 $>3 $1 R $+ < @ $+ > $* $: $1 < @ $2 > $3 $| $1@$2 $| R $* $| $+@$+ . $| $: $1 $| $2@$3 $| R $* $| $+@$+ $| $: $1 $| $2@$3 $| $>SearchList $| <> R $* $| $+ $| $: $1 $(macro {received_skip} $@ YES $) R $* $| $+ $| $* $: $1 SCheck_Received R $+ $: $1 $| $&{received_skip} R $+ $| YES $: $1 R $+ $| $* $: $1 $| $>Check_Received_db $1 R $+ $| $#$* $#$2 R $+ $| $* $: $1 SCheck_Received_db R $- $+ ( $* [$*]) $* $: $>Check_Received_Part <$2> <$1 $2 ( $3 [$4]) $5> R $- $+ by $* $: $>Check_Received_Part <$2> <$1 $2 by $3> R $- $* ( $+ @ $+ [$*]) $* $: $>Check_Received_Part <$4> <$1 $2 ( $3 @ $4 [$5]) $6> <+ReceivedFrom> R $- $* ( $+ [$*]) $* $: $>Check_Received_Part <$3> <$1 $2 ( $3 [$4]) $5> <+ReceivedConnect> R $- $* ( $* [$+]) $* $: $>Check_Received_Part <$4> <$1 $2 ( $3 [$4]) $5> <+ReceivedConnect> ###################################################################### ### Check_Received_Part -- check one part of Received header filed ### ### Parameters: ### <$1> -- key ### <$2> -- passthru (additional data passed unchanged through) ### <$3> -- mark (must be <(!|+) single-token>) ### ! does lookup only with tag ### + does lookup with and without tag ###################################################################### SCheck_Received_Part R <$+> <$+> <$+> $: $>D <$1> <$3> <$2> LookUpDomain R <$*> $: @ $1 mark token as no match R <$={Accept}> <$*> $: @ $2 mark token as no match R $* $#error $@ 5.7.1 $: "554 Access denied" R $* $#discard $: discard R $* $#error $@ $1.$2.$3 $: $4 R $* $#error $: $1 R <$+> $* $#error $: $1 error from access db R @ $* $@ $1 remove mark SLocal_check_relay R $* $| $* $: $1 $| $2 $| $>Local_check_dialup_relay $1 $| $2 R $* $| $* $| $#$* $#$3 R $* $| $* $| $* $: $1 $| $2 SLocal_check_dialup_relay # делаем исключение из проверки, если PTR запись рилея # присутствует в $w (т. е. является адресом интерфеса этого же хоста) R $=w $| $* $@ SKIP_LOCAL # подставляем IP адрес рилея в квадратных скобках R $* $| $* $: $1 $| [ $2 ] # делаем исключение из проверки, если IP адрес рилея в квадратных скобках # присутствует в $w (т. е. является адресом интерфеса этого же хоста) R $* $| $=w $@ SKIP_LOCAL # делаем исключение из проверки, если IP адрес рилея в квадратных скобках # является адресом loopback интерфейса R $* $| [127.0.0.1] $@ SKIP_LOCAL # убираем квардратные скобки R $* $| [ $+ ] $: $1 $| $2 # производим поиск PTR записи рилея в access_db с квалификатором Connect R $+ $| $* $: $1 $| $2 $| $>D <$1> <> # производим поиск A записи рилея в access_db с квалификатором Connect R $| $+ $: $| $1 $| $>A <$1> <> R $+ $| $+ $| $* $: $1 $| $2 $| $>A <$2> <> # делаем исключение, если в результате найдено значение RELAY или OK R $* $| $* $| <$={Accept}> $* $@ SKIP_CONNECT R $* $| $* $| $* $: $1 $| $2 # производим поиск PTR записи рилея в access_db с квалификатором ConnectDialUp R $+ $| $* $: $1 $| $2 $| $>D <$1> <> # производим поиск A записи рилея в access_db с квалификатором ConnectDialUp R $| $+ $: $| $1 $| $>A <$1> <> R $+ $| $+ $| $* $: $1 $| $2 $| $>A <$2> <> # делаем исключение, если в результате найдено значение RELAY или OK R $* $| $* $| <$={Accept}> $* $@ SKIP_CONNECT_DIALUP # делаем исключение, если в результате найдено значение SKIP R $* $| $* $| $* $@ SKIP_CONNECT_DIALUP R $* $| $* $| $* $: $1 $| $2 # skip checks for authentificated senders # делаем исключение из проверки для аутентифицированных отправителей R $* $| $* $: $&{auth_type} $| $1 $| $2 R $+ $| $* $| $* $@ SKIP_AUTH R $* $| $* $| $* $: $2 $| $3 # check client_name by regexp # !!! WARNING !!! # regex check with dulpat disabled # for regex checks use check_relay_dialup_regex # # проверка client_name по регулярному выражению # !!! ВНИМАНИЕ !!! # проверка по dulpat отключена # для проверки client_name по регулярным выражениям необходимо использовать check_relay_dialup_regex #R $* $| $* $: $(dulpat $1 $: $1 $) $| $2 #R @MATCH $| $* $#error $@ 5.7.1 $: "550 Access from dsl/dial-up/cable relays denied according to the local policy" SLocal_check_dialup_relay R $* $| $* $: $(dulpat_relay_0 $1 $: $1 $) $| $2 R @MATCH $| $* $#error $@ 5.7.1 $: "550 Access from dsl/dial-up/cable relays denied according to the local policy" R $* $| $* $: $1 $| $2 $| $(dulpat_relay_0 $&{client_ptr} $: $&{client_ptr} $) R $* $| $* $| @MATCH $#error $@ 5.7.1 $: "550 Access from dsl/dial-up/cable relays denied according to the local policy" R $* $| $* $| $* $: $1 $| $2 SLocal_check_dialup_relay R $* $| $* $: $(dulpat_relay_1 $1 $: $1 $) $| $2 R @MATCH $| $* $#error $@ 5.7.1 $: "550 Access from dsl/dial-up/cable relays denied according to the local policy" R $* $| $* $: $1 $| $2 $| $(dulpat_relay_1 $&{client_ptr} $: $&{client_ptr} $) R $* $| $* $| @MATCH $#error $@ 5.7.1 $: "550 Access from dsl/dial-up/cable relays denied according to the local policy" R $* $| $* $| $* $: $1 $| $2 SLocal_check_dialup_relay R $* $| $* $: $(dulpat_relay_2 $1 $: $1 $) $| $2 R @MATCH $| $* $#error $@ 5.7.1 $: "550 Access from dsl/dial-up/cable relays denied according to the local policy" R $* $| $* $: $1 $| $2 $| $(dulpat_relay_2 $&{client_ptr} $: $&{client_ptr} $) R $* $| $* $| @MATCH $#error $@ 5.7.1 $: "550 Access from dsl/dial-up/cable relays denied according to the local policy" R $* $| $* $| $* $: $1 $| $2 SLocal_check_dialup_relay R $* $| $* $: $(dulpat_relay_3 $1 $: $1 $) $| $2 R @MATCH $| $* $#error $@ 5.7.1 $: "550 Access denied. Too many digits in sender hostname" R $* $| $* $: $1 $| $2 $| $(dulpat_relay_3 $&{client_ptr} $: $&{client_ptr} $) R $* $| $* $| @MATCH $#error $@ 5.7.1 $: "550 Access denied. Too many digits in sender hostname" R $* $| $* $| $* $: $1 $| $2 SLocal_check_mail # R $* $: $>Parse0 $>3 $1 R $* $: $1 $| $>verify_sender $1 R $+ $| < error: $* User unknown > $#error $: 554 5.1.7 Sender unknown R $+ $| < error: $+ > $+ $#error $: 554 $1 R $+ $| $* $: $1 Sverify_sender # skip checks for authentificated senders R $* $: $&{auth_type} $| $1 R $+ $| $* $@ SKIP_AUTH R $* $| $* $: $2 # check client host R $* $: $1 $| $>verify_sender_check_host $&{client_name} $| $&{client_addr} R $* $| SKIP $@ SKIP_HOST R $* $| $#$* $#$2 R $* $| $* $: $1 # skip checks for outgoing messages R $* $: $&{IsOutgoing} $| $1 R YES $| $* $@ SKIP_OUTGOING R $* $| $* $: $2 R $+ < @ $+ > $* $: $1@$2 R $+ . $: $1 # skip checks for excluded messages R $* $: $1 R $+ @ $+ $: < $(access VerifySender:$1@$2 $: ? $) > $1 @ $2 R $+ @ $+ $: < $(access VerifySender:@$2 $: ? $) > $1 @ $2 R $+ @ $+ $: $>D <$2> R <$*> $: <$1> $2 R $+ @ $+ $: < $(access VerifySender: $: ? $) > $1 @ $2 R $* $@ SKIP_EXCLUDED R $* $@ SKIP_EXCLUDED R <$*> $* $: $2 R $+ @ $+ $: < $(mail_from_check $1@$2 $) > Sverify_sender_check_host # ###################################################################### ###################################################################### ##### ##### MAIL FILTER DEFINITIONS ##### ###################################################################### ###################################################################### Xbackup-smf.pl, S=inet:3002@127.0.0.1, T=C:1m;S:1m;R:1m;E:1m Xclamav-milter, S=local:/var/run/clamav/clamav-milter.sock, F=,T=S:4m;R:4m;E:10m Xdrweb-filter, S=inet:3001@127.0.0.1, F=T, T=S:240s;R:240s;E:1h Xverify-addr-smf.pl, S=inet:3004@127.0.0.1, T=C:1m;S:1m;R:1m;E:1m Xspamassassin, S=local:/var/run/spamass.sock, F=, T=C:15m;S:4m;R:4m;E:10m # ###################################################################### ###################################################################### ##### ##### MAILER DEFINITIONS ##### ###################################################################### ###################################################################### ##################################### ### SMTP Mailer specification ### ##################################### ##### $Id: smtp.m4,v 8.64 2001/04/03 01:52:54 gshapiro Exp $ ##### # # common sender and masquerading recipient rewriting # SMasqSMTP R$* < @ $* > $* $@ $1 < @ $2 > $3 already fully qualified R$+ $@ $1 < @ *LOCAL* > add local qualification # # convert pseudo-domain addresses to real domain addresses # SPseudoToReal # pass s through R< @ $+ > $* $@ < @ $1 > $2 resolve # output fake domains as user%fake@relay # do UUCP heuristics; note that these are shared with UUCP mailers R$+ < @ $+ .UUCP. > $: < $2 ! > $1 convert to UUCP form R$+ < @ $* > $* $@ $1 < @ $2 > $3 not UUCP form # leave these in .UUCP form to avoid further tampering R< $&h ! > $- ! $+ $@ $2 < @ $1 .UUCP. > R< $&h ! > $-.$+ ! $+ $@ $3 < @ $1.$2 > R< $&h ! > $+ $@ $1 < @ $&h .UUCP. > R< $+ ! > $+ $: $1 ! $2 < @ $Y > use UUCP_RELAY R$+ < @ $~[ $* : $+ > $@ $1 < @ $4 > strip mailer: part R$+ < @ > $: $1 < @ *LOCAL* > if no UUCP_RELAY # # envelope sender rewriting # SEnvFromSMTP R$+ $: $>PseudoToReal $1 sender/recipient common R$* :; <@> $@ list:; special case R$* $: $>MasqSMTP $1 qualify unqual'ed names R$+ $: $>MasqEnv $1 do masquerading # # envelope recipient rewriting -- # also header recipient if not masquerading recipients # SEnvToSMTP R$+ $: $>PseudoToReal $1 sender/recipient common R$+ $: $>MasqSMTP $1 qualify unqual'ed names R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2 # # header sender and masquerading header recipient rewriting # SHdrFromSMTP R$+ $: $>PseudoToReal $1 sender/recipient common R:; <@> $@ list:; special case # do special header rewriting R$* <@> $* $@ $1 <@> $2 pass null host through R< @ $* > $* $@ < @ $1 > $2 pass route-addr through R$* $: $>MasqSMTP $1 qualify unqual'ed names R$+ $: $>MasqHdr $1 do masquerading # # relay mailer header masquerading recipient rewriting # SMasqRelay R$+ $: $>MasqSMTP $1 R$+ $: $>MasqHdr $1 Msmtp, P=[IPC], F=mDFMuXA8e, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990, T=DNS/RFC822/SMTP, A=TCP $h Mesmtp, P=[IPC], F=mDFMuXaA8e, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990, T=DNS/RFC822/SMTP, A=TCP $h Msmtp8, P=[IPC], F=mDFMuX8A8e, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990, T=DNS/RFC822/SMTP, A=TCP $h Mdsmtp, P=[IPC], F=mDFMuXa%A8e, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990, T=DNS/RFC822/SMTP, A=TCP $h Mrelay, P=[IPC], F=mDFMuXa8A8e, S=EnvFromSMTP/HdrFromSMTP, R=MasqSMTP, E=\r\n, L=2040, T=DNS/RFC822/SMTP, A=TCP $h ######################*****############## ### PROCMAIL Mailer specification ### ##################*****################## ##### $Id: procmail.m4,v 8.22 2001/11/12 23:11:34 ca Exp $ ##### Mprocmail, P=/usr/bin/procmail, F=DFMSPhnu9, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP/HdrFromSMTP, T=DNS/RFC822/X-Unix, A=procmail -Y -m $h $f $u ##################################### ### UUCP Mailer specification ### ##################################### ##### $Id: uucp.m4,v 8.44 2001/08/24 19:49:08 ca Exp $ ##### # # envelope and header sender rewriting # SFromU # handle error address as a special case R<@> $n errors to mailer-daemon # list:; syntax should disappear R:; <@> $@ R$* < @ $* . > $* $1 < @ $2 > $3 strip trailing dots R$* < @ $=w > $1 strip local name R<@ $- . UUCP > : $+ $1 ! $2 convert to UUCP format R<@ $+ > : $+ $1 ! $2 convert to UUCP format R$* < @ $- . UUCP > $2 ! $1 convert to UUCP format R$* < @ $+ > $2 ! $1 convert to UUCP format R$&h ! $+ ! $+ $@ $1 ! $2 $h!...!user => ...!user R$&h ! $+ $@ $&h ! $1 $h!user => $h!user R$+ $: $U ! $1 prepend our name R! $+ $: $k ! $1 in case $U undefined # # envelope recipient rewriting # SEnvToU # list:; should disappear R:; <@> $@ R$* < @ $* . > $* $1 < @ $2 > $3 strip trailing dots R$* < @ $=w > $1 strip local name R<@ $- . UUCP > : $+ $1 ! $2 convert to UUCP format R<@ $+ > : $+ $1 ! $2 convert to UUCP format R$* < @ $- . UUCP > $2 ! $1 convert to UUCP format R$* < @ $+ > $2 ! $1 convert to UUCP format # # header recipient rewriting # SHdrToU # list:; syntax should disappear R:; <@> $@ R$* < @ $* . > $* $1 < @ $2 > $3 strip trailing dots R$* < @ $=w > $1 strip local name R<@ $- . UUCP > : $+ $1 ! $2 convert to UUCP format R<@ $+ > : $+ $1 ! $2 convert to UUCP format R$* < @ $- . UUCP > $2 ! $1 convert to UUCP format R$* < @ $+ > $2 ! $1 convert to UUCP format R$&h ! $+ ! $+ $@ $1 ! $2 $h!...!user => ...!user R$&h ! $+ $@ $&h ! $1 $h!user => $h!user R$+ $: $U ! $1 prepend our name R! $+ $: $k ! $1 in case $U undefined # # envelope sender rewriting for uucp-dom mailer # SEnvFromUD # handle error address as a special case R<@> $n errors to mailer-daemon # pass everything to standard SMTP mailer rewriting R$* $@ $>EnvFromSMTP $1 # # envelope sender rewriting for uucp-uudom mailer # SEnvFromUUD # handle error address as a special case R<@> $n errors to mailer-daemon # do standard SMTP mailer rewriting R$* $: $>EnvFromSMTP $1 R$* < @ $* . > $* $1 < @ $2 > $3 strip trailing dots R<@ $- . UUCP > : $+ $@ $1 ! $2 convert to UUCP format R<@ $+ > : $+ $@ $1 ! $2 convert to UUCP format R$* < @ $- . UUCP > $@ $2 ! $1 convert to UUCP format R$* < @ $+ > $@ $2 ! $1 convert to UUCP format # # There are innumerable variations on the UUCP mailer. It really # is rather absurd. # # old UUCP mailer (two names) Muucp, P=/usr/bin/uux, F=DFMhuUd, S=FromU, R=EnvToU/HdrToU, M=2000000, T=X-UUCP/X-UUCP/X-Unix, A=uux - -r -a$g -gC $h!rmail ($u) Muucp-old, P=/usr/bin/uux, F=DFMhuUd, S=FromU, R=EnvToU/HdrToU, M=2000000, T=X-UUCP/X-UUCP/X-Unix, A=uux - -r -a$g -gC $h!rmail ($u) # smart UUCP mailer (handles multiple addresses) (two names) Msuucp, P=/usr/bin/uux, F=mDFMhuUd, S=FromU, R=EnvToU/HdrToU, M=2000000, T=X-UUCP/X-UUCP/X-Unix, A=uux - -r -a$g -gC $h!rmail ($u) Muucp-new, P=/usr/bin/uux, F=mDFMhuUd, S=FromU, R=EnvToU/HdrToU, M=2000000, T=X-UUCP/X-UUCP/X-Unix, A=uux - -r -a$g -gC $h!rmail ($u) # domain-ized UUCP mailer Muucp-dom, P=/usr/bin/uux, F=mDFMhud, S=EnvFromUD/HdrFromSMTP, R=EnvToSMTP, M=2000000, T=X-UUCP/X-UUCP/X-Unix, A=uux - -r -a$g -gC $h!rmail ($u) # domain-ized UUCP mailer with UUCP-style sender envelope Muucp-uudom, P=/usr/bin/uux, F=mDFMhud, S=EnvFromUUD/HdrFromSMTP, R=EnvToSMTP, M=2000000, T=X-UUCP/X-UUCP/X-Unix, A=uux - -r -a$g -gC $h!rmail ($u) Mvmail, P=/usr/local/scripts/courier/deliver.pl, F=DFMuXaA8SlsPqh9, S=EnvFromL/HdrFromL, R=EnvToSMTP, E=\r\n, L=990, M=2048000, T=DNS/RFC822/SMTP, A=deliver.pl /usr/lib/courier-imap/etc/authmysqlrc $u ################################################## ### Local and Program Mailer specification ### ################################################## ##### $Id: local.m4,v 8.58 2000/10/26 01:58:29 ca Exp $ ##### # # Envelope sender rewriting # SEnvFromL R<@> $n errors to mailer-daemon R@ <@ $*> $n temporarily bypass Sun bogosity R$+ $: $>AddDomain $1 add local domain if needed R$* $: $>MasqEnv $1 do masquerading # # Envelope recipient rewriting # SEnvToL R$+ < @ $* > $: $1 strip host part # # Header sender rewriting # SHdrFromL R<@> $n errors to mailer-daemon R@ <@ $*> $n temporarily bypass Sun bogosity R$+ $: $>AddDomain $1 add local domain if needed R$* $: $>MasqHdr $1 do masquerading # # Header recipient rewriting # SHdrToL R$+ $: $>AddDomain $1 add local domain if needed R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2 # # Common code to add local domain name (only if always-add-domain) # SAddDomain R$* < @ $* > $* $@ $1 < @ $2 > $3 already fully qualified R$+ $@ $1 < @ *LOCAL* > add local qualification Mlocal, P=/usr/bin/procmail, F=lsDFMAw5:/|@qSPfhn9, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL, T=DNS/RFC822/X-Unix, A=procmail -t -Y -a $h -d $u Mprog, P=/usr/sbin/smrsh, F=lsDFMoqeu9, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL, D=$z:/, T=X-Unix/X-Unix/X-Unix, A=smrsh -c $u