2 # Copyright (c) 1998-2004, 2009, 2010 Proofpoint, Inc. and its suppliers.
4 # Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved.
5 # Copyright (c) 1988, 1993
6 # The Regents of the University of California. All rights reserved.
8 # By using this file, you agree to the terms and conditions set
9 # forth in the LICENSE file which can be found at the top level of
10 # the sendmail distribution.
14 ######################################################################
15 ######################################################################
17 ##### SENDMAIL CONFIGURATION FILE
19 ##### built by xbuild@xenon14.us.proofpoint.com on Tue Jan 30 22:39:25 PST 2024
20 ##### in /export/jenkins/jenkins3/workspace/pps-sendmail/OpenSource/sendmail-8.18.1/cf/cf
21 ##### using ../ as configuration include directory
23 ######################################################################
25 ##### DO NOT EDIT THIS FILE! Only edit the source .mc file.
27 ######################################################################
28 ######################################################################
30 ##### $Id: cfhead.m4,v 8.122 2013-11-22 20:51:13 ca Exp $ #####
31 ##### $Id: cf.m4,v 8.33 2013-11-22 20:51:13 ca Exp $ #####
32 ##### $Id: submit.mc,v 8.15 2013-11-22 20:51:08 ca Exp $ #####
33 ##### $Id: msp.m4,v 1.34 2013-11-22 20:51:11 ca Exp $ #####
35 ##### $Id: no_default_msa.m4,v 8.3 2013-11-22 20:51:11 ca Exp $ #####
38 ##### $Id: proto.m4,v 8.762 2013-11-22 20:51:13 ca Exp $ #####
40 # level 10 config file format
43 # override file safeties - setting this option compromises system security,
44 # addressing the actual file configuration problem is preferred
45 # need to set this before any file actions are encountered in the cf file
46 #O DontBlameSendmail=safe
48 # default LDAP map specification
49 # need to set this now before any LDAP maps are defined
50 #O LDAPDefaultSpec=-h localhost
57 # need to set this before any LDAP lookups are done (including classes)
58 #D{sendmailMTACluster}$m
62 # my official domain name
63 # ... define this only if sendmail cannot automatically determine your domain
66 # host/domain names ending with a token in class P are canonical
69 # "Smart" relay host (may be null)
73 # operators that cannot be in local usernames (i.e., network indicators)
76 # a class with just dot (for identifying canonical names)
79 # a class with just a left bracket (for identifying domain literals)
83 # Resolve map (to check if a host exists in check_mail)
84 Kresolve host -a<OKR> -T<TEMP>
88 # Hosts for which relaying is permitted ($=R)
89 FR-o /etc/mail/relay-domains
102 # class E: names that should be exposed as from this host, even if we masquerade
103 # class L: names that should be delivered locally, even if we have a relay
104 # class M: domains that should be converted to $M
105 # class N: domains that should not be converted to $M
110 # my name for error messages
115 D{MTAHost}[127.0.0.1]
117 EOPENSSL_CONF=/etc/mail/sendmail.ossl
119 # Configuration version number
127 # strip message body to 7 bits on input?
128 O SevenBitInput=False
130 # 8-bit data handling
131 #O EightBitMode=pass8
133 # wait for alias file rebuild (default units: minutes)
136 # location of alias file
137 #O AliasFile=/etc/mail/aliases
139 # minimum number of free blocks on filesystem
142 # maximum message size
145 # substitution for space (blank) characters
148 # avoid connecting to "expensive" mailers on initial submission?
149 O HoldExpensive=False
151 # checkpoint queue runs after every N successful deliveries
152 #O CheckpointInterval=10
154 # default delivery mode
157 # error message header/file
158 #O ErrorHeader=/etc/mail/error-header
163 # save Unix-style "From_" lines at top of header?
164 #O SaveFromLine=False
166 # queue file mode (qf files)
169 # temporary file mode
172 # match recipients against GECOS field?
178 # location of help file
179 O HelpFile=/etc/mail/helpfile
181 # ignore dots as terminators in incoming messages?
184 # name resolver options
185 #O ResolverOptions=+AAONLY
187 # deliver MIME-encapsulated error messages?
188 O SendMimeErrors=True
190 # Forward file search path
193 # open connection cache size
194 O ConnectionCacheSize=2
196 # open connection cache timeout
197 O ConnectionCacheTimeout=5m
199 # persistent host status directory
200 #O HostStatusDirectory=.hoststat
202 # single thread deliveries (requires HostStatusDirectory)?
203 #O SingleThreadDelivery=False
205 # use Errors-To: header?
208 # use compressed IPv6 address format?
209 #O UseCompressedIPv6Addresses
214 # send to me too, even in an alias expansion?
217 # verify RHS in newaliases?
220 # default messages to old style headers if no special punctuation?
221 O OldStyleHeaders=True
223 # SMTP daemon options
225 O DaemonPortOptions=Name=NoMTA, Addr=127.0.0.1, M=E
227 # SMTP client options
228 #O ClientPortOptions=Family=inet, Address=0.0.0.0
230 # Modifiers to define {daemon_flags} for direct submissions
231 #O DirectSubmissionModifiers
233 # Use as mail submission program? See sendmail/SECURITY
237 O PrivacyOptions=goaway,noetrn,restrictqrun
239 # who (if anyone) should get extra copies of error messages
240 #O PostmasterCopy=Postmaster
242 # slope of queue-only function
243 #O QueueFactor=600000
245 # limit on number of concurrent queue runners
248 # maximum number of queue-runners per queue-grouping with multiple queues
249 #O MaxRunnersPerQueue=1
251 # priority of queue runners (nice(3))
254 # shall we sort the queue by hostname first?
255 #O QueueSortOrder=priority
257 # minimum time in queue before retry
260 # maximum time in queue before retry (if > 0; only for exponential delay)
263 # how many jobs can you process in the queue?
266 # perform initial split of envelope without checking MX records
270 O QueueDirectory=/var/spool/clientmqueue
272 # key for shared memory; 0 to turn off, -1 to auto-select
275 # file to store auto-selected key for shared memory (SharedMemoryKey = -1)
276 #O SharedMemoryKeyFile
278 # timeouts (many of these)
279 #O Timeout.initial=5m
280 #O Timeout.connect=5m
281 #O Timeout.aconnect=0s
282 #O Timeout.iconnect=5m
286 #O Timeout.datainit=5m
287 #O Timeout.datablock=1h
288 #O Timeout.datafinal=1h
292 #O Timeout.command=1h
294 #O Timeout.fileopen=60s
295 #O Timeout.control=2m
296 O Timeout.queuereturn=5d
297 #O Timeout.queuereturn.normal=5d
298 #O Timeout.queuereturn.urgent=2d
299 #O Timeout.queuereturn.non-urgent=7d
300 #O Timeout.queuereturn.dsn=5d
301 O Timeout.queuewarn=4h
302 #O Timeout.queuewarn.normal=4h
303 #O Timeout.queuewarn.urgent=1h
304 #O Timeout.queuewarn.non-urgent=12h
305 #O Timeout.queuewarn.dsn=4h
306 #O Timeout.hoststatus=30m
307 #O Timeout.resolver.retrans=5s
308 #O Timeout.resolver.retrans.first=5s
309 #O Timeout.resolver.retrans.normal=5s
310 #O Timeout.resolver.retry=4
311 #O Timeout.resolver.retry.first=4
312 #O Timeout.resolver.retry.normal=4
315 #O Timeout.starttls=1h
317 # time for DeliverBy; extension disabled if less than 0
320 # should we not prune routes in route-addr syntax addresses?
321 #O DontPruneRoutes=False
323 # queue up everything before forking?
327 O StatusFile=/var/spool/clientmqueue/sm-client.st
329 # time zone handling:
330 # if undefined, use system default
331 # if defined but null, use TZ envariable passed in
332 # if defined and non-null, use that info
335 # default UID (can be username or userid:groupid)
336 #O DefaultUser=mailnull
338 # list of locations of user database file (null means no lookup)
339 #O UserDatabaseSpec=/etc/mail/userdb
342 #O FallbackMXhost=fall.back.host.net
344 # fallback smart host
345 #O FallbackSmartHost=fall.back.host.net
347 # if we are the best MX host for a site, try it directly instead of config err
348 #O TryNullMXList=False
350 # load average at which we just queue messages
353 # load average at which we refuse connections
356 # log interval when refusing connections for this long
357 #O RejectLogInterval=3h
359 # load average at which we delay connections; 0 means no limit
362 # maximum number of children we allow at one time
363 #O MaxDaemonChildren=0
365 # maximum number of new connections per second
366 #O ConnectionRateThrottle=0
368 # Width of the window
369 #O ConnectionRateWindowSize=60s
371 # work recipient factor
372 #O RecipientFactor=30000
374 # deliver each queued job in a separate process?
383 # default character set
384 #O DefaultCharSet=unknown-8bit
386 # service switch file (name hardwired on Solaris, Ultrix, OSF/1, others)
387 #O ServiceSwitchFile=/etc/mail/service.switch
389 # hosts file (normally /etc/hosts)
390 #O HostsFile=/etc/hosts
392 # dialup line delay on connection failure
395 # action to take if there are no recipients in the message
396 #O NoRecipientAction=none
398 # chrooted environment for writing to files
399 #O SafeFileEnvironment
401 # are colons OK in addresses?
402 #O ColonOkInAddr=True
404 # shall I avoid expanding CNAMEs (violates protocols)?
405 #O DontExpandCnames=False
407 # SMTP initial login message (old $e macro)
408 O SmtpGreetingMessage=$j Sendmail $v/$Z; $b
410 # UNIX initial From header format (old $l macro)
411 O UnixFromLine=From $g $d
413 # From: lines that have embedded newlines are unwrapped onto one line
414 #O SingleLineFromHeader=False
416 # Allow HELO SMTP command that does not include a host name
417 #O AllowBogusHELO=False
419 # Characters to be quoted in a full name phrase (@,;:\()[] are automatic)
422 # delimiter (operator) characters (old $o macro)
423 O OperatorChars=.:%@!^/[]+
425 # shall I avoid calling initgroups(3) because of high NIS costs?
426 O DontInitGroups=True
428 # are group-writable :include: and .forward files (un)trustworthy?
429 # True (the default) means they are not trustworthy.
430 #O UnsafeGroupWrites=True
433 # where do errors that occur when sending errors get sent?
434 #O DoubleBounceAddress=postmaster
436 # issue temporary errors (4xy) instead of permanent errors (5xy)?
439 # where to save bounces if all else fails
440 #O DeadLetterDrop=/var/tmp/dead.letter
442 # what user id do we assume for the majority of the processing?
445 # maximum number of recipients per SMTP envelope
446 #O MaxRecipientsPerMessage=0
448 # limit the rate recipients per SMTP envelope are accepted
449 # once the threshold number of recipients have been rejected
453 # shall we get local names from our installed interfaces?
454 O DontProbeInterfaces=True
456 # Return-Receipt-To: header implies DSN request
457 #O RrtImpliesDsn=False
459 # override connection address (for testing)
460 #O ConnectOnlyTo=0.0.0.0
462 # Trusted user for file ownership and starting the daemon
465 # Control socket for daemon management
466 #O ControlSocketName=/var/spool/mqueue/.control
468 # Maximum MIME header length to protect MUAs
469 #O MaxMimeHeaderLength=0/0
471 # Maximum length of the sum of all headers
472 #O MaxHeadersLength=32768
474 # Maximum depth of alias recursion
475 #O MaxAliasRecursion=10
477 # location of pid file
478 O PidFile=/var/spool/clientmqueue/sm-client.pid
480 # Prefix string for the process title shown on 'ps' listings
481 #O ProcessTitlePrefix=prefix
483 # Data file (df) memory-buffer file maximum size
484 #O DataFileBufferSize=4096
486 # Transcript file (xf) memory-buffer file maximum size
487 #O XscriptFileBufferSize=4096
489 # lookup type to find information about local mailboxes
490 #O MailboxDatabase=pw
492 # override compile time flag REQUIRES_DIR_FSYNC
493 #O RequiresDirfsync=true
495 # list of authentication mechanisms
496 #O AuthMechanisms=EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5
498 # Authentication realm
501 # default authentication information for outgoing connections
502 #O DefaultAuthInfo=/etc/mail/default-auth-info
507 # SMTP AUTH maximum encryption strength
510 # SMTP STARTTLS server options
515 # server side SSL options
517 # client side SSL options
521 # Path to dynamic library for SSLEngine
523 # TLS: fall back to clear text after handshake failure?
524 #O TLSFallbacktoClear
542 # File containing certificate revocation lists
544 # Directory containing hashes pointing to certificate revocation status files
546 # DHParameters (only required if DSA/DH is used)
548 # Random data source (required for systems without /dev/urandom under OpenSSL)
550 # fingerprint algorithm (digest) to use for the presented cert
551 #O CertFingerprintAlgorithm
555 # Maximum number of "useless" commands before slowing down
556 #O MaxNOOPCommands=20
558 # Name to use for EHLO (defaults to $j)
563 ############################
564 # QUEUE GROUP DEFINITIONS #
565 ############################
568 ###########################
569 # Message precedences #
570 ###########################
573 Pspecial-delivery=100
578 #####################
580 #####################
582 # this is equivalent to setting class "t"
583 #Ft/etc/mail/trusted-users
588 #########################
589 # Format of headers #
590 #########################
592 H?P?Return-Path: <$g>
593 HReceived: $?sfrom $s $.$?_($?s$|from $.$_)
594 $.$?{auth_type}(authenticated$?{auth_ssf} bits=${auth_ssf}$.)
595 $.by $j ($v/$Z)$?r with $r$. id $i$?{tls_version}
596 (version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify})$.$?u
601 H?F?Resent-From: $?x$x <$g>$|$g$.
602 H?F?From: $?x$x <$g>$|$g$.
605 # H?l?Received-Date: $b
606 H?M?Resent-Message-Id: <$t.$i@$j>
607 H?M?Message-Id: <$t.$i@$j>
610 ######################################################################
611 ######################################################################
613 ##### REWRITING RULES
615 ######################################################################
616 ######################################################################
618 ############################################
619 ### Ruleset 3 -- Name Canonicalization ###
620 ############################################
623 # handle null input (translate to <@> special case)
626 # strip group: syntax (not inside angle brackets!) and trailing semicolon
627 R$* $: $1 <@> mark addresses
628 R$* < $* > $* <@> $: $1 < $2 > $3 unmark <addr>
629 R@ $* <@> $: @ $1 unmark @host:...
630 R$* [ IPv6 : $+ ] <@> $: $1 [ IPv6 : $2 ] unmark IPv6 addr
631 R$* :: $* <@> $: $1 :: $2 unmark node::addr
632 R:include: $* <@> $: :include: $1 unmark :include:...
633 R$* : $* [ $* ] $: $1 : $2 [ $3 ] <@> remark if leading colon
634 R$* : $* <@> $: $2 strip colon if marked
636 R$* ; $1 strip trailing semi
637 R$* < $+ :; > $* $@ $2 :; <@> catch <list:;>
638 R$* < $* ; > $1 < $2 > bogus bracketed semi
640 # null input now results from list:; syntax
643 # strip angle brackets -- note RFC733 heuristic to get innermost item
644 R$* $: < $1 > housekeeping <>
645 R$+ < $* > < $2 > strip excess on left
646 R< $* > $+ < $1 > strip excess on right
647 R<> $@ < @ > MAIL FROM:<> case
648 R< $+ > $: $1 remove housekeeping <>
650 # strip route address <@a,@b,@c:user@d> -> <user@d>
655 # find focus for list syntax
656 R $+ : $* ; @ $+ $@ $>Canonify2 $1 : $2 ; < @ $3 > list syntax
657 R $+ : $* ; $@ $1 : $2; list syntax
659 # find focus for @ syntax addresses
660 R$+ @ $+ $: $1 < @ $2 > focus on domain
661 R$+ < $+ @ $+ > $1 $2 < @ $3 > move gaze right
662 R$+ < @ $+ > $@ $>Canonify2 $1 < @ $2 > already canonical
665 # convert old-style addresses to a domain-based address
666 R$- ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > resolve uucp names
667 R$+ . $- ! $+ $@ $>Canonify2 $3 < @ $1 . $2 > domain uucps
668 R$+ ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > uucp subdomains
670 # convert node::user addresses into a domain-based address
671 R$- :: $+ $@ $>Canonify2 $2 < @ $1 .DECNET > resolve DECnet names
672 R$- . $- :: $+ $@ $>Canonify2 $3 < @ $1.$2 .DECNET > numeric DECnet addr
674 # if we have % signs, take the rightmost one
675 R$* % $* $1 @ $2 First make them all @s.
676 R$* @ $* @ $* $1 % $2 @ $3 Undo all but the last.
678 R$* @ $* $@ $>Canonify2 $1 < @ $2 > Insert < > and finish
680 # else we must be a local name
681 R$* $@ $>Canonify2 $1
684 ################################################
685 ### Ruleset 96 -- bottom half of ruleset 3 ###
686 ################################################
690 # handle special cases for local names
691 R$* < @ localhost > $* $: $1 < @ $j . > $2 no domain at all
692 R$* < @ localhost . $m > $* $: $1 < @ $j . > $2 local domain
693 R$* < @ localhost . UUCP > $* $: $1 < @ $j . > $2 .UUCP domain
695 # check for IPv4/IPv6 domain literal
696 R$* < @ [ $+ ] > $* $: $1 < @@ [ $2 ] > $3 mark [addr]
697 R$* < @@ $=w > $* $: $1 < @ $j . > $3 self-literal
698 R$* < @@ $+ > $* $@ $1 < @ $2 > $3 canon IP addr
704 # if really UUCP, handle it immediately
706 # try UUCP traffic as a local address
707 R$* < @ $+ . UUCP > $* $: $1 < @ $[ $2 $] . UUCP . > $3
708 R$* < @ $+ . . UUCP . > $* $@ $1 < @ $2 . > $3
710 # hostnames ending in class P are always canonical
711 R$* < @ $* $=P > $* $: $1 < @ $2 $3 . > $4
712 R$* < @ $* $~P > $* $: $&{daemon_flags} $| $1 < @ $2 $3 > $4
713 R$* CC $* $| $* < @ $+.$+ > $* $: $3 < @ $4.$5 . > $6
714 R$* CC $* $| $* $: $3
715 # pass to name server to make hostname canonical
716 R$* $| $* < @ $* > $* $: $2 < @ $[ $3 $] > $4
719 # local host aliases and pseudo-domains are always canonical
720 R$* < @ $=w > $* $: $1 < @ $2 . > $3
721 R$* < @ $=M > $* $: $1 < @ $2 . > $3
722 R$* < @ $* . . > $* $1 < @ $2 . > $3
725 ##################################################
726 ### Ruleset 4 -- Final Output Post-rewriting ###
727 ##################################################
730 R$+ :; <@> $@ $1 : handle <list:;>
731 R$* <@> $@ handle <> and list:;
733 # strip trailing dot off possibly canonical name
734 R$* < @ $+ . > $* $1 < @ $2 > $3
736 # eliminate internal code
737 R$* < @ *LOCAL* > $* $1 < @ $j > $2
739 # externalize local domain info
740 R$* < $+ > $* $1 $2 $3 defocus
741 R@ $+ : @ $+ : $+ @ $1 , @ $2 : $3 <route-addr> canonical
742 R@ $* $@ @ $1 ... and exit
744 # UUCP must always be presented in old form
745 R$+ @ $- . UUCP $2!$1 u@h.UUCP => h!u
747 # put DECnet back in :: form
748 R$+ @ $+ . DECNET $2 :: $1 u@h.DECNET => h::u
749 # delete duplicate local names
750 R$+ % $=w @ $=w $1 @ $2 u%host@host => u@host
754 ##############################################################
755 ### Ruleset 97 -- recanonicalize and call ruleset zero ###
756 ### (used for recursive calls) ###
757 ##############################################################
764 ######################################
765 ### Ruleset 0 -- Parse Address ###
766 ######################################
770 R$* $: $>Parse0 $1 initial parsing
771 R<@> $#local $: <@> special case error msgs
772 R$* $: $>ParseLocal $1 handle local hacks
773 R$* $: $>Parse1 $1 final parsing
776 # Parse0 -- do initial syntax checking and eliminate local addresses.
777 # This should either return with the (possibly modified) input
778 # or return with a #error mailer. It should not return with a
779 # #mailer other than the #error mailer.
783 R<@> $@ <@> special case error msgs
784 R$* : $* ; <@> $#error $@ 5.1.3 $: "553 List:; syntax illegal for recipient addresses"
785 R@ <@ $* > < @ $1 > catch "@@host" bogosity
786 R<@ $+> $#error $@ 5.1.3 $: "553 User address required"
787 R$+ <@> $#error $@ 5.1.3 $: "553 Hostname required"
789 R<> $* < @ [ $* ] : $+ > $* $1 < @ [ $2 ] : $3 > $4
790 R<> $* < @ [ $* ] , $+ > $* $1 < @ [ $2 ] , $3 > $4
791 R<> $* < @ [ $* ] $+ > $* $#error $@ 5.1.2 $: "553 Invalid address"
792 R<> $* < @ [ $+ ] > $* $1 < @ [ $2 ] > $3
793 R<> $* <$* : $* > $* $#error $@ 5.1.3 $: "553 Colon illegal in host name part"
795 R$* < @ . $* > $* $#error $@ 5.1.2 $: "553 Invalid host name"
796 R$* < @ $* .. $* > $* $#error $@ 5.1.2 $: "553 Invalid host name"
797 R$* < @ $* @ > $* $#error $@ 5.1.2 $: "553 Invalid route address"
798 R$* @ $* < @ $* > $* $#error $@ 5.1.3 $: "553 Invalid route address"
799 R$* , $~O $* $#error $@ 5.1.3 $: "553 Invalid route address"
802 # now delete the local info -- note $=O to find characters that cause forwarding
803 R$* < @ > $* $@ $>Parse0 $>canonify $1 user@ => user
804 R< @ $=w . > : $* $@ $>Parse0 $>canonify $2 @here:... -> ...
805 R$- < @ $=w . > $: $(dequote $1 $) < @ $2 . > dequote "foo"@here
806 R< @ $+ > $#error $@ 5.1.3 $: "553 User address required"
807 R$* $=O $* < @ $=w . > $@ $>Parse0 $>canonify $1 $2 $3 ...@here -> ...
808 R$- $: $(dequote $1 $) < @ *LOCAL* > dequote "foo"
809 R< @ *LOCAL* > $#error $@ 5.1.3 $: "553 User address required"
810 R$* $=O $* < @ *LOCAL* >
811 $@ $>Parse0 $>canonify $1 $2 $3 ...@*LOCAL* -> ...
812 R$* < @ *LOCAL* > $: $1
816 # Parse1 -- the bottom half of ruleset 0.
821 # handle numeric address spec
822 R$* < @ [ $+ ] > $* $: $>ParseLocal $1 < @ [ $2 ] > $3 numeric internet spec
823 R$* < @ [ $+ ] > $* $: $1 < @ [ $2 ] : $S > $3 Add smart host to path
824 R$* < @ [ $+ ] : > $* $#esmtp $@ [$2] $: $1 < @ [$2] > $3 no smarthost: send
825 R$* < @ [ $+ ] : $- : $*> $* $#$3 $@ $4 $: $1 < @ [$2] > $5 smarthost with mailer
826 R$* < @ [ $+ ] : $+ > $* $#esmtp $@ $3 $: $1 < @ [$2] > $4 smarthost without mailer
829 # short circuit local delivery so forwarded email works
832 R$=L < @ $=w . > $#local $: @ $1 special local names
833 R$+ < @ $=w . > $#local $: $1 regular local name
836 # resolve remotely connected UUCP links (if any)
838 # resolve fake top level domains by forwarding to other hosts
842 # pass names that still have a host to a smarthost (if defined)
843 R$* < @ $* > $* $: $>MailerToTriple < $S > $1 < @ $2 > $3 glue on smarthost name
845 # deal with other remote names
846 R$* < @$* > $* $#esmtp $@ $2 $: $1 < @ $2 > $3 user@host.domain
848 # handle locally delivered names
849 R$=L $#local $: @ $1 special local names
850 R$+ $#local $: $1 regular local names
854 ###########################################################################
855 ### Ruleset 5 -- special rewriting after aliases have been expanded ###
856 ###########################################################################
860 R$+ $: $1 $| $>"Local_localaddr" $1
861 R$+ $| $#ok $@ $1 no change
868 # deal with plussed users so aliases work nicely
869 R$+ + * $#local $@ $&h $: $1
870 R$+ + $* $#local $@ + $2 $: $1 + *
872 # prepend an empty "forward host" on the front
877 R< > $+ $: < > < $1 <> $&h > nope, restore +detail
879 R< > < $+ <> + $* > $: < > < $1 + $2 > check whether +detail
880 R< > < $+ <> $* > $: < > < $1 > else discard
881 R< > < $+ + $* > $* < > < $1 > + $2 $3 find the user part
882 R< > < $+ > + $* $#local $@ $2 $: @ $1 strip the extra +
883 R< > < $+ > $@ $1 no +detail
884 R$+ $: $1 <> $&h add +detail back in
886 R$+ <> + $* $: $1 + $2 check whether +detail
887 R$+ <> $* $: $1 else discard
888 R< local : $* > $* $: $>MailerToTriple < local : $1 > $2 no host extension
889 R< error : $* > $* $: $>MailerToTriple < error : $1 > $2 no host extension
891 R< $~[ : $+ > $+ $: $>MailerToTriple < $1 : $2 > $3 < @ $2 >
893 R< $+ > $+ $@ $>MailerToTriple < $1 > $2 < @ $1 >
896 ###################################################################
897 ### Ruleset 95 -- canonify mailer:[user@]host syntax to triple ###
898 ###################################################################
901 R< > $* $@ $1 strip off null relay
902 R< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4
903 R< error : $- : $+ > $* $#error $@ $(dequote $1 $) $: $2
904 R< error : $+ > $* $#error $: $1
905 R< local : $* > $* $>CanonLocal < $1 > $2
906 R< $~[ : $+ @ $+ > $*<$*>$* $# $1 $@ $3 $: $2<@$3> use literal user
907 R< $~[ : $+ > $* $# $1 $@ $2 $: $3 try qualified mailer
908 R< $=w > $* $@ $2 delete local host
909 R< $+ > $* $#relay $@ $1 $: $2 use unqualified mailer
911 ###################################################################
912 ### Ruleset CanonLocal -- canonify local: syntax ###
913 ###################################################################
916 # strip local host from routed addresses
917 R< $* > < @ $+ > : $+ $@ $>Recurse $3
918 R< $* > $+ $=O $+ < @ $+ > $@ $>Recurse $2 $3 $4
920 # strip trailing dot from any host name that may appear
921 R< $* > $* < @ $* . > $: < $1 > $2 < @ $3 >
923 # handle local: syntax -- use old user, either with or without host
924 R< > $* < @ $* > $* $#local $@ $1@$2 $: $1
925 R< > $+ $#local $@ $1 $: $1
927 # handle local:user@host syntax -- ignore host part
928 R< $+ @ $+ > $* < @ $* > $: < $1 > $3 < @ $4 >
930 # handle local:user syntax
931 R< $+ > $* <@ $* > $* $#local $@ $2@$3 $: $1
932 R< $+ > $* $#local $@ $2 $: $1
934 ###################################################################
935 ### Ruleset 93 -- convert header names to masqueraded form ###
936 ###################################################################
941 # do not masquerade anything in class N
942 R$* < @ $* $=N . > $@ $1 < @ $2 $3 . >
944 R$* < @ *LOCAL* > $@ $1 < @ $j . >
946 ###################################################################
947 ### Ruleset 94 -- convert envelope names to masqueraded form ###
948 ###################################################################
951 R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
953 ###################################################################
954 ### Ruleset 98 -- local part of ruleset zero (can be null) ###
955 ###################################################################
964 ######################################################################
965 ### CanonAddr -- Convert an address into a standard form for
966 ### relay checking. Route address syntax is
967 ### crudely converted into a %-hack address.
970 ### $1 -- full recipient address
973 ### parsed address, not in source route form
974 ######################################################################
977 R$* $: $>Parse0 $>canonify $1 make domain canonical
980 ######################################################################
981 ### ParseRecipient -- Strip off hosts in $=R as well as possibly
982 ### $* $=m or the access database.
983 ### Check user portion for host separators.
986 ### $1 -- full recipient address
989 ### parsed, non-local-relaying address
990 ######################################################################
993 R$* $: <?> $>CanonAddr $1
994 R<?> $* < @ $* . > <?> $1 < @ $2 > strip trailing dots
995 R<?> $- < @ $* > $: <?> $(dequote $1 $) < @ $2 > dequote local part
997 # if no $=O character, no host in the user portion, we are done
998 R<?> $* $=O $* < @ $* > $: <NO> $1 $2 $3 < @ $4>
1002 R<NO> $* < @ $* $=R > $: <RELAY> $1 < @ $2 $3 >
1006 R<RELAY> $* < @ $* > $@ $>ParseRecipient $1
1010 ######################################################################
1011 ### check_relay -- check hostname/address on SMTP startup
1012 ######################################################################
1018 R$* $: $1 $| $>"Local_check_relay" $1
1019 R$* $| $* $| $#$* $#$3
1020 R$* $| $* $| $* $@ $>"Basic_check_relay" $1 $| $2
1023 # check for deferred delivery mode
1024 R$* $: < $&{deliveryMode} > $1
1025 R< d > $* $@ deferred
1030 ######################################################################
1031 ### check_mail -- check SMTP `MAIL FROM:' command argument
1032 ######################################################################
1036 R$* $: $1 $| $>"Local_check_mail" $1
1038 R$* $| $* $@ $>"Basic_check_mail" $1
1041 # check for deferred delivery mode
1042 R$* $: < $&{deliveryMode} > $1
1043 R< d > $* $@ deferred
1047 R$* $: $1 $| $>"tls_client" $&{verify} $| MAIL
1051 R<> $@ <OK> we MUST accept <> (RFC 1123)
1053 R<?><$+> $: <@> <$1>
1055 R$* $: $&{daemon_flags} $| $1
1056 R$* f $* $| <@> < $* @ $- > $: < ? $&{client_name} > < $3 @ $4 >
1057 R$* u $* $| <@> < $* > $: <?> < $3 >
1059 # handle case of @localhost on address
1060 R<@> < $* @ localhost > $: < ? $&{client_name} > < $1 @ localhost >
1061 R<@> < $* @ [127.0.0.1] >
1062 $: < ? $&{client_name} > < $1 @ [127.0.0.1] >
1063 R<@> < $* @ [IPv6:0:0:0:0:0:0:0:1] >
1064 $: < ? $&{client_name} > < $1 @ [IPv6:0:0:0:0:0:0:0:1] >
1065 R<@> < $* @ [IPv6:::1] >
1066 $: < ? $&{client_name} > < $1 @ [IPv6:::1] >
1067 R<@> < $* @ localhost.$m >
1068 $: < ? $&{client_name} > < $1 @ localhost.$m >
1069 R<@> < $* @ localhost.UUCP >
1070 $: < ? $&{client_name} > < $1 @ localhost.UUCP >
1071 R<@> $* $: $1 no localhost as domain
1072 R<? $=w> $* $: $2 local client: ok
1073 R<? $+> <$+> $#error $@ 5.5.4 $: "553 Real domain name required for sender address"
1075 R$* $: <?> $>CanonAddr $1 canonify sender address and mark it
1076 R<?> $* < @ $+ . > <?> $1 < @ $2 > strip trailing dots
1077 # handle non-DNS hostnames (*.bitnet, *.decnet, *.uucp, etc)
1078 R<?> $* < @ $* $=P > $: <OKR> $1 < @ $2 $3 >
1079 R<?> $* < @ $j > $: <OKR> $1 < @ $j >
1080 R<?> $* < @ $+ > $: <? $(resolve $2 $: $2 <PERM> $) > $1 < @ $2 >
1081 R<? $* <$->> $* < @ $+ >
1085 # handle case of no @domain on address
1086 R<?> $* $: $&{daemon_flags} $| <?> $1
1087 R$* u $* $| <?> $* $: <OKR> $3
1089 R<?> $* $: < ? $&{client_addr} > $1
1090 R<?> $* $@ <OKR> ...local unqualed ok
1091 R<? $+> $* $#error $@ 5.5.4 $: "553 Domain name required for sender address " $&f
1094 R<?> $* $: @ $1 mark address: nothing known about it
1095 R<$={ResOk}> $* $: @ $2 domain ok
1096 R<TEMP> $* $#error $@ 4.1.8 $: "451 Domain of sender address " $&f " does not resolve"
1097 R<PERM> $* $#error $@ 5.1.8 $: "553 Domain of sender address " $&f " does not exist"
1101 ######################################################################
1102 ### check_rcpt -- check SMTP `RCPT TO:' command argument
1103 ######################################################################
1107 R$* $: $1 $| $>"Local_check_rcpt" $1
1109 R$* $| $* $@ $>"Basic_check_rcpt" $1
1113 R<> $#error $@ nouser $: "553 User address required"
1114 R$@ $#error $@ nouser $: "553 User address required"
1115 # check for deferred delivery mode
1116 R$* $: < $&{deliveryMode} > $1
1117 R< d > $* $@ deferred
1121 ######################################################################
1122 R$* $: $1 $| @ $>"Rcpt_ok" $1
1123 R$* $| @ $#TEMP $+ $: $1 $| T $2
1125 R$* $| @ RELAY $@ RELAY
1126 R$* $| @ $* $: O $| $>"Relay_ok" $1
1127 R$* $| T $+ $: T $2 $| $>"Relay_ok" $1
1128 R$* $| $#TEMP $+ $#error $2
1130 R$* $| RELAY $@ RELAY
1131 R T $+ $| $* $#error $1
1132 # anything else is bogus
1133 R$* $#error $@ 5.7.1 $: "550 Relaying denied"
1136 ######################################################################
1137 ### Rcpt_ok: is the recipient ok?
1138 ######################################################################
1140 R$* $: $>ParseRecipient $1 strip relayable hosts
1145 # authenticated via TLS?
1146 R$* $: $1 $| $>RelayTLS client authenticated?
1147 R$* $| $# $+ $# $2 error/ok?
1150 R$* $: $1 $| $>"Local_Relay_Auth" $&{auth_type}
1153 R$* $| $* $: $1 $| $&{auth_type}
1155 R$* $| $={TrustAuthMech} $# RELAY
1157 # anything terminating locally is ok
1158 R$+ < @ $=w > $@ RELAY
1159 R$+ < @ $* $=R > $@ RELAY
1164 # check for local user (i.e. unqualified address)
1166 R<?> $* < @ $+ > $: <REMOTE> $1 < @ $2 >
1171 ######################################################################
1172 ### Relay_ok: is the relay/sender ok?
1173 ######################################################################
1175 # anything originating locally is ok
1177 R$* $: $&{client_addr}
1178 R$@ $@ RELAY originated locally
1179 R0 $@ RELAY originated locally
1180 R127.0.0.1 $@ RELAY originated locally
1181 RIPv6:0:0:0:0:0:0:0:1 $@ RELAY originated locally
1182 RIPv6:::1 $@ RELAY originated locally
1183 R$=R $* $@ RELAY relayable IP address
1184 R$* $: [ $1 ] put brackets around it...
1185 R$=w $@ RELAY ... and see if it is local
1188 # check client name: first: did it resolve?
1189 R$* $: < $&{client_resolve} >
1190 R<TEMP> $#TEMP $@ 4.4.0 $: "450 Relaying temporarily denied. Cannot resolve PTR record for " $&{client_addr}
1191 R<FORGED> $#error $@ 5.7.1 $: "550 Relaying denied. IP name possibly forged " $&{client_name}
1192 R<FAIL> $#error $@ 5.7.1 $: "550 Relaying denied. IP name lookup failed " $&{client_name}
1193 R$* $: <@> $&{client_name}
1194 # pass to name server to make hostname canonical
1195 R<@> $* $=P $:<?> $1 $2
1196 R<@> $+ $:<?> $[ $1 $]
1197 R$* . $1 strip trailing dots
1199 R<?> $* $=R $@ RELAY
1205 ######################################################################
1206 ### trust_auth: is user trusted to authenticate as someone else?
1209 ### $1: AUTH= parameter from MAIL command
1210 ######################################################################
1214 R$* $: $&{auth_type} $| $1
1215 # required by RFC 2554 section 4.
1216 R$@ $| $* $#error $@ 5.7.1 $: "550 not authenticated"
1217 R$* $| $&{auth_authen} $@ identical
1218 R$* $| <$&{auth_authen}> $@ identical
1219 R$* $| $* $: $1 $| $>"Local_trust_auth" $2
1221 R$* $#error $@ 5.7.1 $: "550 " $&{auth_authen} " not allowed to act as " $&{auth_author}
1223 ######################################################################
1224 ### Relay_Auth: allow relaying based on authentication?
1227 ### $1: ${auth_type}
1228 ######################################################################
1231 ######################################################################
1232 ### srv_features: which features to offer to a client?
1233 ### (done in server)
1234 ######################################################################
1238 ######################################################################
1239 ### clt_features: which features to use with a server?
1240 ### (done in client)
1241 ######################################################################
1245 ######################################################################
1246 ### try_tls: try to use STARTTLS?
1247 ### (done in client)
1248 ######################################################################
1254 ######################################################################
1255 ### tls_rcpt: is connection with server "good" enough?
1256 ### (done in client, per recipient)
1260 ######################################################################
1262 R$* $: $1 $| $&{verify}
1263 R$* $| DANE_NOTLS $#error $@ 4.7.0 $: "454 DANE: missing STARTTLS."
1264 R$* $| DANE_TEMP $#error $@ 4.7.0 $: "454 DANE check failed temporarily."
1265 R$* $| DANE_FAIL $#error $@ 4.7.0 $: "454 DANE check failed."
1267 ######################################################################
1268 ### tls_client: is connection with client "good" enough?
1269 ### (done in server)
1272 ### ${verify} $| (MAIL|STARTTLS)
1273 ######################################################################
1275 R$* $| $* $@ $>"TLS_connection" $1
1277 ######################################################################
1278 ### tls_server: is connection with server "good" enough?
1279 ### (done in client)
1283 ######################################################################
1286 R$* $@ $>"TLS_connection" $1
1288 ######################################################################
1289 ### TLS_connection: is TLS connection "good" enough?
1293 ### Requirement: RHS from access map, may be ? for none.
1294 ######################################################################
1296 RSOFTWARE $#error $@ 4.7.0 $: "454 TLS handshake failed."
1297 RPROTOCOL $#error $@ 4.7.0 $: "454 STARTTLS failed."
1298 RCONFIG $#error $@ 4.7.0 $: "454 STARTTLS temporarily not possible."
1305 ######################################################################
1306 ### RelayTLS: allow relaying based on TLS authentication
1310 ######################################################################
1314 ######################################################################
1315 ### authinfo: lookup authinfo in the access map
1318 ### $1: {server_name}
1319 ### $2: {server_addr}
1320 ######################################################################
1331 R$+ $: $>ParseRecipient $1
1332 R$* < @ $+ > $* $#relay $@ ${MTAHost} $: $1 < @ $2 > $3
1334 R$+ :: $+ $#relay $@ ${MTAHost} $: $1 :: $2
1335 R$* $#relay $@ ${MTAHost} $: $1 < @ $j >
1337 ######################################################################
1338 ######################################################################
1340 ##### MAIL FILTER DEFINITIONS
1342 ######################################################################
1343 ######################################################################
1346 ######################################################################
1347 ######################################################################
1349 ##### MAILER DEFINITIONS
1351 ######################################################################
1352 ######################################################################
1355 ##################################################
1356 ### Local and Program Mailer specification ###
1357 ##################################################
1359 ##### $Id: local.m4,v 8.60 2013-11-22 20:51:14 ca Exp $ #####
1362 # Envelope sender rewriting
1365 R<@> $n errors to mailer-daemon
1366 R@ <@ $*> $n temporarily bypass Sun bogosity
1367 R$+ $: $>AddDomain $1 add local domain if needed
1368 R$* $: $>MasqEnv $1 do masquerading
1371 # Envelope recipient rewriting
1374 R$+ < @ $* > $: $1 strip host part
1375 R$+ + $* $: < $&{addr_type} > $1 + $2 mark with addr type
1376 R<e s> $+ + $* $: $1 remove +detail for sender
1377 R< $* > $+ $: $2 else remove mark
1380 # Header sender rewriting
1383 R<@> $n errors to mailer-daemon
1384 R@ <@ $*> $n temporarily bypass Sun bogosity
1385 R$+ $: $>AddDomain $1 add local domain if needed
1386 R$* $: $>MasqHdr $1 do masquerading
1389 # Header recipient rewriting
1392 R$+ $: $>AddDomain $1 add local domain if needed
1393 R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
1396 # Common code to add local domain name (only if always-add-domain)
1400 Mlocal, P=[IPC], F=lmDFMuXkw5, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL,
1403 Mprog, P=[IPC], F=lmDFMuXk5, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL, D=$z:/,
1404 T=X-Unix/X-Unix/X-Unix,
1407 #####################################
1408 ### SMTP Mailer specification ###
1409 #####################################
1411 ##### $Id: smtp.m4,v 8.66 2013-11-22 20:51:14 ca Exp $ #####
1414 # common sender and masquerading recipient rewriting
1417 R$* < @ $* > $* $@ $1 < @ $2 > $3 already fully qualified
1418 R$+ $@ $1 < @ *LOCAL* > add local qualification
1421 # convert pseudo-domain addresses to real domain addresses
1425 # pass <route-addr>s through
1426 R< @ $+ > $* $@ < @ $1 > $2 resolve <route-addr>
1428 # output fake domains as user%fake@relay
1430 # do UUCP heuristics; note that these are shared with UUCP mailers
1431 R$+ < @ $+ .UUCP. > $: < $2 ! > $1 convert to UUCP form
1432 R$+ < @ $* > $* $@ $1 < @ $2 > $3 not UUCP form
1434 # leave these in .UUCP form to avoid further tampering
1435 R< $&h ! > $- ! $+ $@ $2 < @ $1 .UUCP. >
1436 R< $&h ! > $-.$+ ! $+ $@ $3 < @ $1.$2 >
1437 R< $&h ! > $+ $@ $1 < @ $&h .UUCP. >
1438 R< $+ ! > $+ $: $1 ! $2 < @ $Y > use UUCP_RELAY
1439 R$+ < @ $~[ $* : $+ > $@ $1 < @ $4 > strip mailer: part
1440 R$+ < @ > $: $1 < @ *LOCAL* > if no UUCP_RELAY
1444 # envelope sender rewriting
1447 R$+ $: $>PseudoToReal $1 sender/recipient common
1448 R$* :; <@> $@ list:; special case
1449 R$* $: $>MasqSMTP $1 qualify unqual'ed names
1450 R$+ $: $>MasqEnv $1 do masquerading
1454 # envelope recipient rewriting --
1455 # also header recipient if not masquerading recipients
1458 R$+ $: $>PseudoToReal $1 sender/recipient common
1459 R$+ $: $>MasqSMTP $1 qualify unqual'ed names
1460 R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
1463 # header sender and masquerading header recipient rewriting
1466 R$+ $: $>PseudoToReal $1 sender/recipient common
1467 R:; <@> $@ list:; special case
1469 # do special header rewriting
1470 R$* <@> $* $@ $1 <@> $2 pass null host through
1471 R< @ $* > $* $@ < @ $1 > $2 pass route-addr through
1472 R$* $: $>MasqSMTP $1 qualify unqual'ed names
1473 R$+ $: $>MasqHdr $1 do masquerading
1477 # relay mailer header masquerading recipient rewriting
1480 R$+ $: $>MasqSMTP $1
1483 Msmtp, P=[IPC], F=mDFMuXk5, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
1486 Mesmtp, P=[IPC], F=mDFMuXak5, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
1489 Msmtp8, P=[IPC], F=mDFMuX8k5, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
1492 Mdsmtp, P=[IPC], F=mDFMuXa%k5, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
1495 Mrelay, P=[IPC], F=mDFMuXa8k, S=EnvFromSMTP/HdrFromSMTP, R=MasqSMTP, E=\r\n, L=2040,
1503 # # Copyright (c) 2001-2003, 2014 Proofpoint, Inc. and its suppliers.
1504 # # All rights reserved.
1506 # # By using this file, you agree to the terms and conditions set
1507 # # forth in the LICENSE file which can be found at the top level of
1508 # # the sendmail distribution.
1513 # # This is the prototype file for a set-group-ID sm-msp sendmail that
1514 # # acts as a initial mail submission program.
1518 # VERSIONID(`$Id: submit.mc,v 8.15 2013-11-22 20:51:08 ca Exp $')
1519 # define(`confCF_VERSION', `Submit')dnl
1520 # define(`__OSTYPE__',`')dnl dirty hack to keep proto.m4 from complaining
1521 # define(`_USE_DECNET_SYNTAX_', `1')dnl support DECnet
1522 # define(`confTIME_ZONE', `USE_TZ')dnl
1523 # define(`confDONT_INIT_GROUPS', `True')dnl
1525 # dnl If you use IPv6 only, change [127.0.0.1] to [IPv6:0:0:0:0:0:0:0:1]
1526 # FEATURE(`msp', `[127.0.0.1]')dnl
1527 # dnl enable this for SMTPUTF8 support
1529 # dnl O SMTPUTF8=true