2 # Copyright (c) 1998-2004, 2009, 2010 Proofpoint, Inc. and its suppliers.
4 # Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved.
5 # Copyright (c) 1988, 1993
6 # The Regents of the University of California. All rights reserved.
8 # By using this file, you agree to the terms and conditions set
9 # forth in the LICENSE file which can be found at the top level of
10 # the sendmail distribution.
14 ######################################################################
15 ######################################################################
17 ##### SENDMAIL CONFIGURATION FILE
19 ##### built by ca@lab.smi.sendmail.com on Thu Jul 2 22:41:57 PDT 2020
20 ##### in /var/tmp/ca/sm8.git/sendmail/OpenSource/sendmail-8.16.1/cf/cf
21 ##### using ../ as configuration include directory
23 ######################################################################
25 ##### DO NOT EDIT THIS FILE! Only edit the source .mc file.
27 ######################################################################
28 ######################################################################
30 ##### $Id: cfhead.m4,v 8.122 2013-11-22 20:51:13 ca Exp $ #####
31 ##### $Id: cf.m4,v 8.33 2013-11-22 20:51:13 ca Exp $ #####
32 ##### $Id: submit.mc,v 8.15 2013-11-22 20:51:08 ca Exp $ #####
33 ##### $Id: msp.m4,v 1.34 2013-11-22 20:51:11 ca Exp $ #####
35 ##### $Id: no_default_msa.m4,v 8.3 2013-11-22 20:51:11 ca Exp $ #####
38 ##### $Id: proto.m4,v 8.762 2013-11-22 20:51:13 ca Exp $ #####
40 # level 10 config file format
43 # override file safeties - setting this option compromises system security,
44 # addressing the actual file configuration problem is preferred
45 # need to set this before any file actions are encountered in the cf file
46 #O DontBlameSendmail=safe
48 # default LDAP map specification
49 # need to set this now before any LDAP maps are defined
50 #O LDAPDefaultSpec=-h localhost
57 # need to set this before any LDAP lookups are done (including classes)
58 #D{sendmailMTACluster}$m
62 # my official domain name
63 # ... define this only if sendmail cannot automatically determine your domain
66 # host/domain names ending with a token in class P are canonical
69 # "Smart" relay host (may be null)
73 # operators that cannot be in local usernames (i.e., network indicators)
76 # a class with just dot (for identifying canonical names)
79 # a class with just a left bracket (for identifying domain literals)
83 # Resolve map (to check if a host exists in check_mail)
84 Kresolve host -a<OKR> -T<TEMP>
88 # Hosts for which relaying is permitted ($=R)
89 FR-o /etc/mail/relay-domains
101 # class E: names that should be exposed as from this host, even if we masquerade
102 # class L: names that should be delivered locally, even if we have a relay
103 # class M: domains that should be converted to $M
104 # class N: domains that should not be converted to $M
109 # my name for error messages
113 D{MTAHost}[127.0.0.1]
116 # Configuration version number
124 # strip message body to 7 bits on input?
125 O SevenBitInput=False
127 # 8-bit data handling
128 #O EightBitMode=pass8
130 # wait for alias file rebuild (default units: minutes)
133 # location of alias file
134 #O AliasFile=/etc/mail/aliases
136 # minimum number of free blocks on filesystem
139 # maximum message size
142 # substitution for space (blank) characters
145 # avoid connecting to "expensive" mailers on initial submission?
146 O HoldExpensive=False
148 # checkpoint queue runs after every N successful deliveries
149 #O CheckpointInterval=10
151 # default delivery mode
154 # error message header/file
155 #O ErrorHeader=/etc/mail/error-header
160 # save Unix-style "From_" lines at top of header?
161 #O SaveFromLine=False
163 # queue file mode (qf files)
166 # temporary file mode
169 # match recipients against GECOS field?
175 # location of help file
176 O HelpFile=/etc/mail/helpfile
178 # ignore dots as terminators in incoming messages?
181 # name resolver options
182 #O ResolverOptions=+AAONLY
184 # deliver MIME-encapsulated error messages?
185 O SendMimeErrors=True
187 # Forward file search path
190 # open connection cache size
191 O ConnectionCacheSize=2
193 # open connection cache timeout
194 O ConnectionCacheTimeout=5m
196 # persistent host status directory
197 #O HostStatusDirectory=.hoststat
199 # single thread deliveries (requires HostStatusDirectory)?
200 #O SingleThreadDelivery=False
202 # use Errors-To: header?
205 # use compressed IPv6 address format?
206 #O UseCompressedIPv6Addresses
211 # send to me too, even in an alias expansion?
214 # verify RHS in newaliases?
217 # default messages to old style headers if no special punctuation?
218 O OldStyleHeaders=True
220 # SMTP daemon options
222 O DaemonPortOptions=Name=NoMTA, Addr=127.0.0.1, M=E
224 # SMTP client options
225 #O ClientPortOptions=Family=inet, Address=0.0.0.0
227 # Modifiers to define {daemon_flags} for direct submissions
228 #O DirectSubmissionModifiers
230 # Use as mail submission program? See sendmail/SECURITY
234 O PrivacyOptions=goaway,noetrn,restrictqrun
236 # who (if anyone) should get extra copies of error messages
237 #O PostmasterCopy=Postmaster
239 # slope of queue-only function
240 #O QueueFactor=600000
242 # limit on number of concurrent queue runners
245 # maximum number of queue-runners per queue-grouping with multiple queues
246 #O MaxRunnersPerQueue=1
248 # priority of queue runners (nice(3))
251 # shall we sort the queue by hostname first?
252 #O QueueSortOrder=priority
254 # minimum time in queue before retry
257 # maximum time in queue before retry (if > 0; only for exponential delay)
260 # how many jobs can you process in the queue?
263 # perform initial split of envelope without checking MX records
267 O QueueDirectory=/var/spool/clientmqueue
269 # key for shared memory; 0 to turn off, -1 to auto-select
272 # file to store auto-selected key for shared memory (SharedMemoryKey = -1)
273 #O SharedMemoryKeyFile
275 # timeouts (many of these)
276 #O Timeout.initial=5m
277 #O Timeout.connect=5m
278 #O Timeout.aconnect=0s
279 #O Timeout.iconnect=5m
283 #O Timeout.datainit=5m
284 #O Timeout.datablock=1h
285 #O Timeout.datafinal=1h
289 #O Timeout.command=1h
291 #O Timeout.fileopen=60s
292 #O Timeout.control=2m
293 O Timeout.queuereturn=5d
294 #O Timeout.queuereturn.normal=5d
295 #O Timeout.queuereturn.urgent=2d
296 #O Timeout.queuereturn.non-urgent=7d
297 #O Timeout.queuereturn.dsn=5d
298 O Timeout.queuewarn=4h
299 #O Timeout.queuewarn.normal=4h
300 #O Timeout.queuewarn.urgent=1h
301 #O Timeout.queuewarn.non-urgent=12h
302 #O Timeout.queuewarn.dsn=4h
303 #O Timeout.hoststatus=30m
304 #O Timeout.resolver.retrans=5s
305 #O Timeout.resolver.retrans.first=5s
306 #O Timeout.resolver.retrans.normal=5s
307 #O Timeout.resolver.retry=4
308 #O Timeout.resolver.retry.first=4
309 #O Timeout.resolver.retry.normal=4
312 #O Timeout.starttls=1h
314 # time for DeliverBy; extension disabled if less than 0
317 # should we not prune routes in route-addr syntax addresses?
318 #O DontPruneRoutes=False
320 # queue up everything before forking?
324 O StatusFile=/var/spool/clientmqueue/sm-client.st
326 # time zone handling:
327 # if undefined, use system default
328 # if defined but null, use TZ envariable passed in
329 # if defined and non-null, use that info
332 # default UID (can be username or userid:groupid)
333 #O DefaultUser=mailnull
335 # list of locations of user database file (null means no lookup)
336 #O UserDatabaseSpec=/etc/mail/userdb
339 #O FallbackMXhost=fall.back.host.net
341 # fallback smart host
342 #O FallbackSmartHost=fall.back.host.net
344 # if we are the best MX host for a site, try it directly instead of config err
345 #O TryNullMXList=False
347 # load average at which we just queue messages
350 # load average at which we refuse connections
353 # log interval when refusing connections for this long
354 #O RejectLogInterval=3h
356 # load average at which we delay connections; 0 means no limit
359 # maximum number of children we allow at one time
360 #O MaxDaemonChildren=0
362 # maximum number of new connections per second
363 #O ConnectionRateThrottle=0
365 # Width of the window
366 #O ConnectionRateWindowSize=60s
368 # work recipient factor
369 #O RecipientFactor=30000
371 # deliver each queued job in a separate process?
380 # default character set
381 #O DefaultCharSet=unknown-8bit
383 # service switch file (name hardwired on Solaris, Ultrix, OSF/1, others)
384 #O ServiceSwitchFile=/etc/mail/service.switch
386 # hosts file (normally /etc/hosts)
387 #O HostsFile=/etc/hosts
389 # dialup line delay on connection failure
392 # action to take if there are no recipients in the message
393 #O NoRecipientAction=none
395 # chrooted environment for writing to files
396 #O SafeFileEnvironment
398 # are colons OK in addresses?
399 #O ColonOkInAddr=True
401 # shall I avoid expanding CNAMEs (violates protocols)?
402 #O DontExpandCnames=False
404 # SMTP initial login message (old $e macro)
405 O SmtpGreetingMessage=$j Sendmail $v/$Z; $b
407 # UNIX initial From header format (old $l macro)
408 O UnixFromLine=From $g $d
410 # From: lines that have embedded newlines are unwrapped onto one line
411 #O SingleLineFromHeader=False
413 # Allow HELO SMTP command that does not include a host name
414 #O AllowBogusHELO=False
416 # Characters to be quoted in a full name phrase (@,;:\()[] are automatic)
419 # delimiter (operator) characters (old $o macro)
420 O OperatorChars=.:%@!^/[]+
422 # shall I avoid calling initgroups(3) because of high NIS costs?
423 O DontInitGroups=True
425 # are group-writable :include: and .forward files (un)trustworthy?
426 # True (the default) means they are not trustworthy.
427 #O UnsafeGroupWrites=True
430 # where do errors that occur when sending errors get sent?
431 #O DoubleBounceAddress=postmaster
433 # issue temporary errors (4xy) instead of permanent errors (5xy)?
436 # where to save bounces if all else fails
437 #O DeadLetterDrop=/var/tmp/dead.letter
439 # what user id do we assume for the majority of the processing?
442 # maximum number of recipients per SMTP envelope
443 #O MaxRecipientsPerMessage=0
445 # limit the rate recipients per SMTP envelope are accepted
446 # once the threshold number of recipients have been rejected
450 # shall we get local names from our installed interfaces?
451 O DontProbeInterfaces=True
453 # Return-Receipt-To: header implies DSN request
454 #O RrtImpliesDsn=False
456 # override connection address (for testing)
457 #O ConnectOnlyTo=0.0.0.0
459 # Trusted user for file ownership and starting the daemon
462 # Control socket for daemon management
463 #O ControlSocketName=/var/spool/mqueue/.control
465 # Maximum MIME header length to protect MUAs
466 #O MaxMimeHeaderLength=0/0
468 # Maximum length of the sum of all headers
469 #O MaxHeadersLength=32768
471 # Maximum depth of alias recursion
472 #O MaxAliasRecursion=10
474 # location of pid file
475 O PidFile=/var/spool/clientmqueue/sm-client.pid
477 # Prefix string for the process title shown on 'ps' listings
478 #O ProcessTitlePrefix=prefix
480 # Data file (df) memory-buffer file maximum size
481 #O DataFileBufferSize=4096
483 # Transcript file (xf) memory-buffer file maximum size
484 #O XscriptFileBufferSize=4096
486 # lookup type to find information about local mailboxes
487 #O MailboxDatabase=pw
489 # override compile time flag REQUIRES_DIR_FSYNC
490 #O RequiresDirfsync=true
492 # list of authentication mechanisms
493 #O AuthMechanisms=EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5
495 # Authentication realm
498 # default authentication information for outgoing connections
499 #O DefaultAuthInfo=/etc/mail/default-auth-info
504 # SMTP AUTH maximum encryption strength
507 # SMTP STARTTLS server options
512 # server side SSL options
514 # client side SSL options
518 # Path to dynamic library for SSLEngine
520 # TLS: fall back to clear text after handshake failure?
521 #O TLSFallbacktoClear
539 # File containing certificate revocation lists
541 # Directory containing hashes pointing to certificate revocation status files
543 # DHParameters (only required if DSA/DH is used)
545 # Random data source (required for systems without /dev/urandom under OpenSSL)
547 # fingerprint algorithm (digest) to use for the presented cert
548 #O CertFingerprintAlgorithm
552 # Maximum number of "useless" commands before slowing down
553 #O MaxNOOPCommands=20
555 # Name to use for EHLO (defaults to $j)
560 ############################
561 # QUEUE GROUP DEFINITIONS #
562 ############################
565 ###########################
566 # Message precedences #
567 ###########################
570 Pspecial-delivery=100
575 #####################
577 #####################
579 # this is equivalent to setting class "t"
580 #Ft/etc/mail/trusted-users
585 #########################
586 # Format of headers #
587 #########################
589 H?P?Return-Path: <$g>
590 HReceived: $?sfrom $s $.$?_($?s$|from $.$_)
591 $.$?{auth_type}(authenticated$?{auth_ssf} bits=${auth_ssf}$.)
592 $.by $j ($v/$Z)$?r with $r$. id $i$?{tls_version}
593 (version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify})$.$?u
598 H?F?Resent-From: $?x$x <$g>$|$g$.
599 H?F?From: $?x$x <$g>$|$g$.
602 # H?l?Received-Date: $b
603 H?M?Resent-Message-Id: <$t.$i@$j>
604 H?M?Message-Id: <$t.$i@$j>
607 ######################################################################
608 ######################################################################
610 ##### REWRITING RULES
612 ######################################################################
613 ######################################################################
615 ############################################
616 ### Ruleset 3 -- Name Canonicalization ###
617 ############################################
620 # handle null input (translate to <@> special case)
623 # strip group: syntax (not inside angle brackets!) and trailing semicolon
624 R$* $: $1 <@> mark addresses
625 R$* < $* > $* <@> $: $1 < $2 > $3 unmark <addr>
626 R@ $* <@> $: @ $1 unmark @host:...
627 R$* [ IPv6 : $+ ] <@> $: $1 [ IPv6 : $2 ] unmark IPv6 addr
628 R$* :: $* <@> $: $1 :: $2 unmark node::addr
629 R:include: $* <@> $: :include: $1 unmark :include:...
630 R$* : $* [ $* ] $: $1 : $2 [ $3 ] <@> remark if leading colon
631 R$* : $* <@> $: $2 strip colon if marked
633 R$* ; $1 strip trailing semi
634 R$* < $+ :; > $* $@ $2 :; <@> catch <list:;>
635 R$* < $* ; > $1 < $2 > bogus bracketed semi
637 # null input now results from list:; syntax
640 # strip angle brackets -- note RFC733 heuristic to get innermost item
641 R$* $: < $1 > housekeeping <>
642 R$+ < $* > < $2 > strip excess on left
643 R< $* > $+ < $1 > strip excess on right
644 R<> $@ < @ > MAIL FROM:<> case
645 R< $+ > $: $1 remove housekeeping <>
647 # strip route address <@a,@b,@c:user@d> -> <user@d>
652 # find focus for list syntax
653 R $+ : $* ; @ $+ $@ $>Canonify2 $1 : $2 ; < @ $3 > list syntax
654 R $+ : $* ; $@ $1 : $2; list syntax
656 # find focus for @ syntax addresses
657 R$+ @ $+ $: $1 < @ $2 > focus on domain
658 R$+ < $+ @ $+ > $1 $2 < @ $3 > move gaze right
659 R$+ < @ $+ > $@ $>Canonify2 $1 < @ $2 > already canonical
662 # convert old-style addresses to a domain-based address
663 R$- ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > resolve uucp names
664 R$+ . $- ! $+ $@ $>Canonify2 $3 < @ $1 . $2 > domain uucps
665 R$+ ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > uucp subdomains
667 # convert node::user addresses into a domain-based address
668 R$- :: $+ $@ $>Canonify2 $2 < @ $1 .DECNET > resolve DECnet names
669 R$- . $- :: $+ $@ $>Canonify2 $3 < @ $1.$2 .DECNET > numeric DECnet addr
671 # if we have % signs, take the rightmost one
672 R$* % $* $1 @ $2 First make them all @s.
673 R$* @ $* @ $* $1 % $2 @ $3 Undo all but the last.
675 R$* @ $* $@ $>Canonify2 $1 < @ $2 > Insert < > and finish
677 # else we must be a local name
678 R$* $@ $>Canonify2 $1
681 ################################################
682 ### Ruleset 96 -- bottom half of ruleset 3 ###
683 ################################################
687 # handle special cases for local names
688 R$* < @ localhost > $* $: $1 < @ $j . > $2 no domain at all
689 R$* < @ localhost . $m > $* $: $1 < @ $j . > $2 local domain
690 R$* < @ localhost . UUCP > $* $: $1 < @ $j . > $2 .UUCP domain
692 # check for IPv4/IPv6 domain literal
693 R$* < @ [ $+ ] > $* $: $1 < @@ [ $2 ] > $3 mark [addr]
694 R$* < @@ $=w > $* $: $1 < @ $j . > $3 self-literal
695 R$* < @@ $+ > $* $@ $1 < @ $2 > $3 canon IP addr
701 # if really UUCP, handle it immediately
703 # try UUCP traffic as a local address
704 R$* < @ $+ . UUCP > $* $: $1 < @ $[ $2 $] . UUCP . > $3
705 R$* < @ $+ . . UUCP . > $* $@ $1 < @ $2 . > $3
707 # hostnames ending in class P are always canonical
708 R$* < @ $* $=P > $* $: $1 < @ $2 $3 . > $4
709 R$* < @ $* $~P > $* $: $&{daemon_flags} $| $1 < @ $2 $3 > $4
710 R$* CC $* $| $* < @ $+.$+ > $* $: $3 < @ $4.$5 . > $6
711 R$* CC $* $| $* $: $3
712 # pass to name server to make hostname canonical
713 R$* $| $* < @ $* > $* $: $2 < @ $[ $3 $] > $4
716 # local host aliases and pseudo-domains are always canonical
717 R$* < @ $=w > $* $: $1 < @ $2 . > $3
718 R$* < @ $=M > $* $: $1 < @ $2 . > $3
719 R$* < @ $* . . > $* $1 < @ $2 . > $3
722 ##################################################
723 ### Ruleset 4 -- Final Output Post-rewriting ###
724 ##################################################
727 R$+ :; <@> $@ $1 : handle <list:;>
728 R$* <@> $@ handle <> and list:;
730 # strip trailing dot off possibly canonical name
731 R$* < @ $+ . > $* $1 < @ $2 > $3
733 # eliminate internal code
734 R$* < @ *LOCAL* > $* $1 < @ $j > $2
736 # externalize local domain info
737 R$* < $+ > $* $1 $2 $3 defocus
738 R@ $+ : @ $+ : $+ @ $1 , @ $2 : $3 <route-addr> canonical
739 R@ $* $@ @ $1 ... and exit
741 # UUCP must always be presented in old form
742 R$+ @ $- . UUCP $2!$1 u@h.UUCP => h!u
744 # put DECnet back in :: form
745 R$+ @ $+ . DECNET $2 :: $1 u@h.DECNET => h::u
746 # delete duplicate local names
747 R$+ % $=w @ $=w $1 @ $2 u%host@host => u@host
751 ##############################################################
752 ### Ruleset 97 -- recanonicalize and call ruleset zero ###
753 ### (used for recursive calls) ###
754 ##############################################################
761 ######################################
762 ### Ruleset 0 -- Parse Address ###
763 ######################################
767 R$* $: $>Parse0 $1 initial parsing
768 R<@> $#local $: <@> special case error msgs
769 R$* $: $>ParseLocal $1 handle local hacks
770 R$* $: $>Parse1 $1 final parsing
773 # Parse0 -- do initial syntax checking and eliminate local addresses.
774 # This should either return with the (possibly modified) input
775 # or return with a #error mailer. It should not return with a
776 # #mailer other than the #error mailer.
780 R<@> $@ <@> special case error msgs
781 R$* : $* ; <@> $#error $@ 5.1.3 $: "553 List:; syntax illegal for recipient addresses"
782 R@ <@ $* > < @ $1 > catch "@@host" bogosity
783 R<@ $+> $#error $@ 5.1.3 $: "553 User address required"
784 R$+ <@> $#error $@ 5.1.3 $: "553 Hostname required"
786 R<> $* < @ [ $* ] : $+ > $* $1 < @ [ $2 ] : $3 > $4
787 R<> $* < @ [ $* ] , $+ > $* $1 < @ [ $2 ] , $3 > $4
788 R<> $* < @ [ $* ] $+ > $* $#error $@ 5.1.2 $: "553 Invalid address"
789 R<> $* < @ [ $+ ] > $* $1 < @ [ $2 ] > $3
790 R<> $* <$* : $* > $* $#error $@ 5.1.3 $: "553 Colon illegal in host name part"
792 R$* < @ . $* > $* $#error $@ 5.1.2 $: "553 Invalid host name"
793 R$* < @ $* .. $* > $* $#error $@ 5.1.2 $: "553 Invalid host name"
794 R$* < @ $* @ > $* $#error $@ 5.1.2 $: "553 Invalid route address"
795 R$* @ $* < @ $* > $* $#error $@ 5.1.3 $: "553 Invalid route address"
796 R$* , $~O $* $#error $@ 5.1.3 $: "553 Invalid route address"
799 # now delete the local info -- note $=O to find characters that cause forwarding
800 R$* < @ > $* $@ $>Parse0 $>canonify $1 user@ => user
801 R< @ $=w . > : $* $@ $>Parse0 $>canonify $2 @here:... -> ...
802 R$- < @ $=w . > $: $(dequote $1 $) < @ $2 . > dequote "foo"@here
803 R< @ $+ > $#error $@ 5.1.3 $: "553 User address required"
804 R$* $=O $* < @ $=w . > $@ $>Parse0 $>canonify $1 $2 $3 ...@here -> ...
805 R$- $: $(dequote $1 $) < @ *LOCAL* > dequote "foo"
806 R< @ *LOCAL* > $#error $@ 5.1.3 $: "553 User address required"
807 R$* $=O $* < @ *LOCAL* >
808 $@ $>Parse0 $>canonify $1 $2 $3 ...@*LOCAL* -> ...
809 R$* < @ *LOCAL* > $: $1
813 # Parse1 -- the bottom half of ruleset 0.
818 # handle numeric address spec
819 R$* < @ [ $+ ] > $* $: $>ParseLocal $1 < @ [ $2 ] > $3 numeric internet spec
820 R$* < @ [ $+ ] > $* $: $1 < @ [ $2 ] : $S > $3 Add smart host to path
821 R$* < @ [ $+ ] : > $* $#esmtp $@ [$2] $: $1 < @ [$2] > $3 no smarthost: send
822 R$* < @ [ $+ ] : $- : $*> $* $#$3 $@ $4 $: $1 < @ [$2] > $5 smarthost with mailer
823 R$* < @ [ $+ ] : $+ > $* $#esmtp $@ $3 $: $1 < @ [$2] > $4 smarthost without mailer
826 # short circuit local delivery so forwarded email works
829 R$=L < @ $=w . > $#local $: @ $1 special local names
830 R$+ < @ $=w . > $#local $: $1 regular local name
833 # resolve remotely connected UUCP links (if any)
835 # resolve fake top level domains by forwarding to other hosts
839 # pass names that still have a host to a smarthost (if defined)
840 R$* < @ $* > $* $: $>MailerToTriple < $S > $1 < @ $2 > $3 glue on smarthost name
842 # deal with other remote names
843 R$* < @$* > $* $#esmtp $@ $2 $: $1 < @ $2 > $3 user@host.domain
845 # handle locally delivered names
846 R$=L $#local $: @ $1 special local names
847 R$+ $#local $: $1 regular local names
851 ###########################################################################
852 ### Ruleset 5 -- special rewriting after aliases have been expanded ###
853 ###########################################################################
857 R$+ $: $1 $| $>"Local_localaddr" $1
858 R$+ $| $#ok $@ $1 no change
865 # deal with plussed users so aliases work nicely
866 R$+ + * $#local $@ $&h $: $1
867 R$+ + $* $#local $@ + $2 $: $1 + *
869 # prepend an empty "forward host" on the front
874 R< > $+ $: < > < $1 <> $&h > nope, restore +detail
876 R< > < $+ <> + $* > $: < > < $1 + $2 > check whether +detail
877 R< > < $+ <> $* > $: < > < $1 > else discard
878 R< > < $+ + $* > $* < > < $1 > + $2 $3 find the user part
879 R< > < $+ > + $* $#local $@ $2 $: @ $1 strip the extra +
880 R< > < $+ > $@ $1 no +detail
881 R$+ $: $1 <> $&h add +detail back in
883 R$+ <> + $* $: $1 + $2 check whether +detail
884 R$+ <> $* $: $1 else discard
885 R< local : $* > $* $: $>MailerToTriple < local : $1 > $2 no host extension
886 R< error : $* > $* $: $>MailerToTriple < error : $1 > $2 no host extension
888 R< $~[ : $+ > $+ $: $>MailerToTriple < $1 : $2 > $3 < @ $2 >
890 R< $+ > $+ $@ $>MailerToTriple < $1 > $2 < @ $1 >
893 ###################################################################
894 ### Ruleset 95 -- canonify mailer:[user@]host syntax to triple ###
895 ###################################################################
898 R< > $* $@ $1 strip off null relay
899 R< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4
900 R< error : $- : $+ > $* $#error $@ $(dequote $1 $) $: $2
901 R< error : $+ > $* $#error $: $1
902 R< local : $* > $* $>CanonLocal < $1 > $2
903 R< $~[ : $+ @ $+ > $*<$*>$* $# $1 $@ $3 $: $2<@$3> use literal user
904 R< $~[ : $+ > $* $# $1 $@ $2 $: $3 try qualified mailer
905 R< $=w > $* $@ $2 delete local host
906 R< $+ > $* $#relay $@ $1 $: $2 use unqualified mailer
908 ###################################################################
909 ### Ruleset CanonLocal -- canonify local: syntax ###
910 ###################################################################
913 # strip local host from routed addresses
914 R< $* > < @ $+ > : $+ $@ $>Recurse $3
915 R< $* > $+ $=O $+ < @ $+ > $@ $>Recurse $2 $3 $4
917 # strip trailing dot from any host name that may appear
918 R< $* > $* < @ $* . > $: < $1 > $2 < @ $3 >
920 # handle local: syntax -- use old user, either with or without host
921 R< > $* < @ $* > $* $#local $@ $1@$2 $: $1
922 R< > $+ $#local $@ $1 $: $1
924 # handle local:user@host syntax -- ignore host part
925 R< $+ @ $+ > $* < @ $* > $: < $1 > $3 < @ $4 >
927 # handle local:user syntax
928 R< $+ > $* <@ $* > $* $#local $@ $2@$3 $: $1
929 R< $+ > $* $#local $@ $2 $: $1
931 ###################################################################
932 ### Ruleset 93 -- convert header names to masqueraded form ###
933 ###################################################################
938 # do not masquerade anything in class N
939 R$* < @ $* $=N . > $@ $1 < @ $2 $3 . >
941 R$* < @ *LOCAL* > $@ $1 < @ $j . >
943 ###################################################################
944 ### Ruleset 94 -- convert envelope names to masqueraded form ###
945 ###################################################################
948 R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
950 ###################################################################
951 ### Ruleset 98 -- local part of ruleset zero (can be null) ###
952 ###################################################################
961 ######################################################################
962 ### CanonAddr -- Convert an address into a standard form for
963 ### relay checking. Route address syntax is
964 ### crudely converted into a %-hack address.
967 ### $1 -- full recipient address
970 ### parsed address, not in source route form
971 ######################################################################
974 R$* $: $>Parse0 $>canonify $1 make domain canonical
977 ######################################################################
978 ### ParseRecipient -- Strip off hosts in $=R as well as possibly
979 ### $* $=m or the access database.
980 ### Check user portion for host separators.
983 ### $1 -- full recipient address
986 ### parsed, non-local-relaying address
987 ######################################################################
990 R$* $: <?> $>CanonAddr $1
991 R<?> $* < @ $* . > <?> $1 < @ $2 > strip trailing dots
992 R<?> $- < @ $* > $: <?> $(dequote $1 $) < @ $2 > dequote local part
994 # if no $=O character, no host in the user portion, we are done
995 R<?> $* $=O $* < @ $* > $: <NO> $1 $2 $3 < @ $4>
999 R<NO> $* < @ $* $=R > $: <RELAY> $1 < @ $2 $3 >
1003 R<RELAY> $* < @ $* > $@ $>ParseRecipient $1
1007 ######################################################################
1008 ### check_relay -- check hostname/address on SMTP startup
1009 ######################################################################
1015 R$* $: $1 $| $>"Local_check_relay" $1
1016 R$* $| $* $| $#$* $#$3
1017 R$* $| $* $| $* $@ $>"Basic_check_relay" $1 $| $2
1020 # check for deferred delivery mode
1021 R$* $: < $&{deliveryMode} > $1
1022 R< d > $* $@ deferred
1027 ######################################################################
1028 ### check_mail -- check SMTP `MAIL FROM:' command argument
1029 ######################################################################
1033 R$* $: $1 $| $>"Local_check_mail" $1
1035 R$* $| $* $@ $>"Basic_check_mail" $1
1038 # check for deferred delivery mode
1039 R$* $: < $&{deliveryMode} > $1
1040 R< d > $* $@ deferred
1044 R$* $: $1 $| $>"tls_client" $&{verify} $| MAIL
1048 R<> $@ <OK> we MUST accept <> (RFC 1123)
1050 R<?><$+> $: <@> <$1>
1052 R$* $: $&{daemon_flags} $| $1
1053 R$* f $* $| <@> < $* @ $- > $: < ? $&{client_name} > < $3 @ $4 >
1054 R$* u $* $| <@> < $* > $: <?> < $3 >
1056 # handle case of @localhost on address
1057 R<@> < $* @ localhost > $: < ? $&{client_name} > < $1 @ localhost >
1058 R<@> < $* @ [127.0.0.1] >
1059 $: < ? $&{client_name} > < $1 @ [127.0.0.1] >
1060 R<@> < $* @ [IPv6:0:0:0:0:0:0:0:1] >
1061 $: < ? $&{client_name} > < $1 @ [IPv6:0:0:0:0:0:0:0:1] >
1062 R<@> < $* @ [IPv6:::1] >
1063 $: < ? $&{client_name} > < $1 @ [IPv6:::1] >
1064 R<@> < $* @ localhost.$m >
1065 $: < ? $&{client_name} > < $1 @ localhost.$m >
1066 R<@> < $* @ localhost.UUCP >
1067 $: < ? $&{client_name} > < $1 @ localhost.UUCP >
1068 R<@> $* $: $1 no localhost as domain
1069 R<? $=w> $* $: $2 local client: ok
1070 R<? $+> <$+> $#error $@ 5.5.4 $: "553 Real domain name required for sender address"
1072 R$* $: <?> $>CanonAddr $1 canonify sender address and mark it
1073 R<?> $* < @ $+ . > <?> $1 < @ $2 > strip trailing dots
1074 # handle non-DNS hostnames (*.bitnet, *.decnet, *.uucp, etc)
1075 R<?> $* < @ $* $=P > $: <OKR> $1 < @ $2 $3 >
1076 R<?> $* < @ $j > $: <OKR> $1 < @ $j >
1077 R<?> $* < @ $+ > $: <? $(resolve $2 $: $2 <PERM> $) > $1 < @ $2 >
1078 R<? $* <$->> $* < @ $+ >
1082 # handle case of no @domain on address
1083 R<?> $* $: $&{daemon_flags} $| <?> $1
1084 R$* u $* $| <?> $* $: <OKR> $3
1086 R<?> $* $: < ? $&{client_addr} > $1
1087 R<?> $* $@ <OKR> ...local unqualed ok
1088 R<? $+> $* $#error $@ 5.5.4 $: "553 Domain name required for sender address " $&f
1091 R<?> $* $: @ $1 mark address: nothing known about it
1092 R<$={ResOk}> $* $: @ $2 domain ok
1093 R<TEMP> $* $#error $@ 4.1.8 $: "451 Domain of sender address " $&f " does not resolve"
1094 R<PERM> $* $#error $@ 5.1.8 $: "553 Domain of sender address " $&f " does not exist"
1098 ######################################################################
1099 ### check_rcpt -- check SMTP `RCPT TO:' command argument
1100 ######################################################################
1104 R$* $: $1 $| $>"Local_check_rcpt" $1
1106 R$* $| $* $@ $>"Basic_check_rcpt" $1
1110 R<> $#error $@ nouser $: "553 User address required"
1111 R$@ $#error $@ nouser $: "553 User address required"
1112 # check for deferred delivery mode
1113 R$* $: < $&{deliveryMode} > $1
1114 R< d > $* $@ deferred
1118 ######################################################################
1119 R$* $: $1 $| @ $>"Rcpt_ok" $1
1120 R$* $| @ $#TEMP $+ $: $1 $| T $2
1122 R$* $| @ RELAY $@ RELAY
1123 R$* $| @ $* $: O $| $>"Relay_ok" $1
1124 R$* $| T $+ $: T $2 $| $>"Relay_ok" $1
1125 R$* $| $#TEMP $+ $#error $2
1127 R$* $| RELAY $@ RELAY
1128 R T $+ $| $* $#error $1
1129 # anything else is bogus
1130 R$* $#error $@ 5.7.1 $: "550 Relaying denied"
1133 ######################################################################
1134 ### Rcpt_ok: is the recipient ok?
1135 ######################################################################
1137 R$* $: $>ParseRecipient $1 strip relayable hosts
1142 # authenticated via TLS?
1143 R$* $: $1 $| $>RelayTLS client authenticated?
1144 R$* $| $# $+ $# $2 error/ok?
1147 R$* $: $1 $| $>"Local_Relay_Auth" $&{auth_type}
1150 R$* $| $* $: $1 $| $&{auth_type}
1152 R$* $| $={TrustAuthMech} $# RELAY
1154 # anything terminating locally is ok
1155 R$+ < @ $=w > $@ RELAY
1156 R$+ < @ $* $=R > $@ RELAY
1161 # check for local user (i.e. unqualified address)
1163 R<?> $* < @ $+ > $: <REMOTE> $1 < @ $2 >
1168 ######################################################################
1169 ### Relay_ok: is the relay/sender ok?
1170 ######################################################################
1172 # anything originating locally is ok
1174 R$* $: $&{client_addr}
1175 R$@ $@ RELAY originated locally
1176 R0 $@ RELAY originated locally
1177 R127.0.0.1 $@ RELAY originated locally
1178 RIPv6:0:0:0:0:0:0:0:1 $@ RELAY originated locally
1179 RIPv6:::1 $@ RELAY originated locally
1180 R$=R $* $@ RELAY relayable IP address
1181 R$* $: [ $1 ] put brackets around it...
1182 R$=w $@ RELAY ... and see if it is local
1185 # check client name: first: did it resolve?
1186 R$* $: < $&{client_resolve} >
1187 R<TEMP> $#TEMP $@ 4.4.0 $: "450 Relaying temporarily denied. Cannot resolve PTR record for " $&{client_addr}
1188 R<FORGED> $#error $@ 5.7.1 $: "550 Relaying denied. IP name possibly forged " $&{client_name}
1189 R<FAIL> $#error $@ 5.7.1 $: "550 Relaying denied. IP name lookup failed " $&{client_name}
1190 R$* $: <@> $&{client_name}
1191 # pass to name server to make hostname canonical
1192 R<@> $* $=P $:<?> $1 $2
1193 R<@> $+ $:<?> $[ $1 $]
1194 R$* . $1 strip trailing dots
1196 R<?> $* $=R $@ RELAY
1202 ######################################################################
1203 ### trust_auth: is user trusted to authenticate as someone else?
1206 ### $1: AUTH= parameter from MAIL command
1207 ######################################################################
1211 R$* $: $&{auth_type} $| $1
1212 # required by RFC 2554 section 4.
1213 R$@ $| $* $#error $@ 5.7.1 $: "550 not authenticated"
1214 R$* $| $&{auth_authen} $@ identical
1215 R$* $| <$&{auth_authen}> $@ identical
1216 R$* $| $* $: $1 $| $>"Local_trust_auth" $2
1218 R$* $#error $@ 5.7.1 $: "550 " $&{auth_authen} " not allowed to act as " $&{auth_author}
1220 ######################################################################
1221 ### Relay_Auth: allow relaying based on authentication?
1224 ### $1: ${auth_type}
1225 ######################################################################
1228 ######################################################################
1229 ### srv_features: which features to offer to a client?
1230 ### (done in server)
1231 ######################################################################
1235 ######################################################################
1236 ### try_tls: try to use STARTTLS?
1237 ### (done in client)
1238 ######################################################################
1242 ######################################################################
1243 ### tls_rcpt: is connection with server "good" enough?
1244 ### (done in client, per recipient)
1248 ######################################################################
1252 ######################################################################
1253 ### tls_client: is connection with client "good" enough?
1254 ### (done in server)
1257 ### ${verify} $| (MAIL|STARTTLS)
1258 ######################################################################
1260 R$* $| $* $@ $>"TLS_connection" $1
1262 ######################################################################
1263 ### tls_server: is connection with server "good" enough?
1264 ### (done in client)
1268 ######################################################################
1271 R$* $@ $>"TLS_connection" $1
1273 ######################################################################
1274 ### TLS_connection: is TLS connection "good" enough?
1278 ### Requirement: RHS from access map, may be ? for none.
1279 ######################################################################
1281 RSOFTWARE $#error $@ 4.7.0 $: "403 TLS handshake."
1282 RDANE_FAIL $#error $@ 4.7.0 $: "403 DANE check failed."
1287 ######################################################################
1288 ### RelayTLS: allow relaying based on TLS authentication
1292 ######################################################################
1296 ######################################################################
1297 ### authinfo: lookup authinfo in the access map
1300 ### $1: {server_name}
1301 ### $2: {server_addr}
1302 ######################################################################
1313 R$+ $: $>ParseRecipient $1
1314 R$* < @ $+ > $* $#relay $@ ${MTAHost} $: $1 < @ $2 > $3
1316 R$+ :: $+ $#relay $@ ${MTAHost} $: $1 :: $2
1317 R$* $#relay $@ ${MTAHost} $: $1 < @ $j >
1319 ######################################################################
1320 ######################################################################
1322 ##### MAIL FILTER DEFINITIONS
1324 ######################################################################
1325 ######################################################################
1328 ######################################################################
1329 ######################################################################
1331 ##### MAILER DEFINITIONS
1333 ######################################################################
1334 ######################################################################
1337 ##################################################
1338 ### Local and Program Mailer specification ###
1339 ##################################################
1341 ##### $Id: local.m4,v 8.60 2013-11-22 20:51:14 ca Exp $ #####
1344 # Envelope sender rewriting
1347 R<@> $n errors to mailer-daemon
1348 R@ <@ $*> $n temporarily bypass Sun bogosity
1349 R$+ $: $>AddDomain $1 add local domain if needed
1350 R$* $: $>MasqEnv $1 do masquerading
1353 # Envelope recipient rewriting
1356 R$+ < @ $* > $: $1 strip host part
1357 R$+ + $* $: < $&{addr_type} > $1 + $2 mark with addr type
1358 R<e s> $+ + $* $: $1 remove +detail for sender
1359 R< $* > $+ $: $2 else remove mark
1362 # Header sender rewriting
1365 R<@> $n errors to mailer-daemon
1366 R@ <@ $*> $n temporarily bypass Sun bogosity
1367 R$+ $: $>AddDomain $1 add local domain if needed
1368 R$* $: $>MasqHdr $1 do masquerading
1371 # Header recipient rewriting
1374 R$+ $: $>AddDomain $1 add local domain if needed
1375 R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
1378 # Common code to add local domain name (only if always-add-domain)
1382 Mlocal, P=[IPC], F=lmDFMuXkw5, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL,
1385 Mprog, P=[IPC], F=lmDFMuXk5, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL, D=$z:/,
1386 T=X-Unix/X-Unix/X-Unix,
1389 #####################################
1390 ### SMTP Mailer specification ###
1391 #####################################
1393 ##### $Id: smtp.m4,v 8.66 2013-11-22 20:51:14 ca Exp $ #####
1396 # common sender and masquerading recipient rewriting
1399 R$* < @ $* > $* $@ $1 < @ $2 > $3 already fully qualified
1400 R$+ $@ $1 < @ *LOCAL* > add local qualification
1403 # convert pseudo-domain addresses to real domain addresses
1407 # pass <route-addr>s through
1408 R< @ $+ > $* $@ < @ $1 > $2 resolve <route-addr>
1410 # output fake domains as user%fake@relay
1412 # do UUCP heuristics; note that these are shared with UUCP mailers
1413 R$+ < @ $+ .UUCP. > $: < $2 ! > $1 convert to UUCP form
1414 R$+ < @ $* > $* $@ $1 < @ $2 > $3 not UUCP form
1416 # leave these in .UUCP form to avoid further tampering
1417 R< $&h ! > $- ! $+ $@ $2 < @ $1 .UUCP. >
1418 R< $&h ! > $-.$+ ! $+ $@ $3 < @ $1.$2 >
1419 R< $&h ! > $+ $@ $1 < @ $&h .UUCP. >
1420 R< $+ ! > $+ $: $1 ! $2 < @ $Y > use UUCP_RELAY
1421 R$+ < @ $~[ $* : $+ > $@ $1 < @ $4 > strip mailer: part
1422 R$+ < @ > $: $1 < @ *LOCAL* > if no UUCP_RELAY
1426 # envelope sender rewriting
1429 R$+ $: $>PseudoToReal $1 sender/recipient common
1430 R$* :; <@> $@ list:; special case
1431 R$* $: $>MasqSMTP $1 qualify unqual'ed names
1432 R$+ $: $>MasqEnv $1 do masquerading
1436 # envelope recipient rewriting --
1437 # also header recipient if not masquerading recipients
1440 R$+ $: $>PseudoToReal $1 sender/recipient common
1441 R$+ $: $>MasqSMTP $1 qualify unqual'ed names
1442 R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
1445 # header sender and masquerading header recipient rewriting
1448 R$+ $: $>PseudoToReal $1 sender/recipient common
1449 R:; <@> $@ list:; special case
1451 # do special header rewriting
1452 R$* <@> $* $@ $1 <@> $2 pass null host through
1453 R< @ $* > $* $@ < @ $1 > $2 pass route-addr through
1454 R$* $: $>MasqSMTP $1 qualify unqual'ed names
1455 R$+ $: $>MasqHdr $1 do masquerading
1459 # relay mailer header masquerading recipient rewriting
1462 R$+ $: $>MasqSMTP $1
1465 Msmtp, P=[IPC], F=mDFMuXk5, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
1468 Mesmtp, P=[IPC], F=mDFMuXak5, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
1471 Msmtp8, P=[IPC], F=mDFMuX8k5, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
1474 Mdsmtp, P=[IPC], F=mDFMuXa%k5, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
1477 Mrelay, P=[IPC], F=mDFMuXa8k, S=EnvFromSMTP/HdrFromSMTP, R=MasqSMTP, E=\r\n, L=2040,
1484 # # Copyright (c) 2001-2003, 2014 Proofpoint, Inc. and its suppliers.
1485 # # All rights reserved.
1487 # # By using this file, you agree to the terms and conditions set
1488 # # forth in the LICENSE file which can be found at the top level of
1489 # # the sendmail distribution.
1494 # # This is the prototype file for a set-group-ID sm-msp sendmail that
1495 # # acts as a initial mail submission program.
1499 # VERSIONID(`$Id: submit.mc,v 8.15 2013-11-22 20:51:08 ca Exp $')
1500 # define(`confCF_VERSION', `Submit')dnl
1501 # define(`__OSTYPE__',`')dnl dirty hack to keep proto.m4 from complaining
1502 # define(`_USE_DECNET_SYNTAX_', `1')dnl support DECnet
1503 # define(`confTIME_ZONE', `USE_TZ')dnl
1504 # define(`confDONT_INIT_GROUPS', `True')dnl
1506 # dnl If you use IPv6 only, change [127.0.0.1] to [IPv6:0:0:0:0:0:0:0:1]
1507 # FEATURE(`msp', `[127.0.0.1]')dnl