2 # Copyright (c) 1998-2004, 2009, 2010 Proofpoint, Inc. and its suppliers.
4 # Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved.
5 # Copyright (c) 1988, 1993
6 # The Regents of the University of California. All rights reserved.
8 # By using this file, you agree to the terms and conditions set
9 # forth in the LICENSE file which can be found at the top level of
10 # the sendmail distribution.
14 ######################################################################
15 ######################################################################
17 ##### SENDMAIL CONFIGURATION FILE
19 ##### built by ca@lab.smi.sendmail.com on Thu Jul 2 22:41:56 PDT 2020
20 ##### in /var/tmp/ca/sm8.git/sendmail/OpenSource/sendmail-8.16.1/cf/cf
21 ##### using ../ as configuration include directory
23 ######################################################################
25 ##### DO NOT EDIT THIS FILE! Only edit the source .mc file.
27 ######################################################################
28 ######################################################################
30 ##### $Id: cfhead.m4,v 8.122 2013-11-22 20:51:13 ca Exp $ #####
31 ##### $Id: cf.m4,v 8.33 2013-11-22 20:51:13 ca Exp $ #####
32 ##### $Id: generic-hpux9.mc,v 8.12 2013-11-22 20:51:08 ca Exp $ #####
34 ##### $Id: hpux9.m4,v 8.25 2013-11-22 20:51:15 ca Exp $ #####
37 ##### $Id: generic.m4,v 8.16 2013-11-22 20:51:10 ca Exp $ #####
39 ##### $Id: redirect.m4,v 8.16 2013-11-22 20:51:11 ca Exp $ #####
41 ##### $Id: use_cw_file.m4,v 8.12 2013-11-22 20:51:11 ca Exp $ #####
45 ##### $Id: proto.m4,v 8.762 2013-11-22 20:51:13 ca Exp $ #####
47 # level 10 config file format
50 # override file safeties - setting this option compromises system security,
51 # addressing the actual file configuration problem is preferred
52 # need to set this before any file actions are encountered in the cf file
53 #O DontBlameSendmail=safe
55 # default LDAP map specification
56 # need to set this now before any LDAP maps are defined
57 #O LDAPDefaultSpec=-h localhost
64 # need to set this before any LDAP lookups are done (including classes)
65 #D{sendmailMTACluster}$m
68 # file containing names of hosts for which we receive email
69 Fw/etc/mail/local-host-names
71 # my official domain name
72 # ... define this only if sendmail cannot automatically determine your domain
75 # host/domain names ending with a token in class P are canonical
78 # "Smart" relay host (may be null)
82 # operators that cannot be in local usernames (i.e., network indicators)
85 # a class with just dot (for identifying canonical names)
88 # a class with just a left bracket (for identifying domain literals)
92 # Resolve map (to check if a host exists in check_mail)
93 Kresolve host -a<OKR> -T<TEMP>
97 # Hosts for which relaying is permitted ($=R)
98 FR-o /etc/mail/relay-domains
110 # class E: names that should be exposed as from this host, even if we masquerade
111 # class L: names that should be delivered locally, even if we have a relay
112 # class M: domains that should be converted to $M
113 # class N: domains that should not be converted to $M
119 # my name for error messages
125 # Configuration version number
133 # strip message body to 7 bits on input?
134 O SevenBitInput=False
136 # 8-bit data handling
137 #O EightBitMode=pass8
139 # wait for alias file rebuild (default units: minutes)
142 # location of alias file
143 O AliasFile=/etc/mail/aliases
145 # minimum number of free blocks on filesystem
148 # maximum message size
151 # substitution for space (blank) characters
154 # avoid connecting to "expensive" mailers on initial submission?
155 O HoldExpensive=False
157 # checkpoint queue runs after every N successful deliveries
158 #O CheckpointInterval=10
160 # default delivery mode
161 O DeliveryMode=background
163 # error message header/file
164 #O ErrorHeader=/etc/mail/error-header
169 # save Unix-style "From_" lines at top of header?
170 #O SaveFromLine=False
172 # queue file mode (qf files)
173 #O QueueFileMode=0600
175 # temporary file mode
178 # match recipients against GECOS field?
184 # location of help file
185 O HelpFile=/etc/mail/helpfile
187 # ignore dots as terminators in incoming messages?
190 # name resolver options
191 #O ResolverOptions=+AAONLY
193 # deliver MIME-encapsulated error messages?
194 O SendMimeErrors=True
196 # Forward file search path
197 O ForwardPath=$z/.forward.$w+$h:$z/.forward+$h:$z/.forward.$w:$z/.forward
199 # open connection cache size
200 O ConnectionCacheSize=2
202 # open connection cache timeout
203 O ConnectionCacheTimeout=5m
205 # persistent host status directory
206 #O HostStatusDirectory=.hoststat
208 # single thread deliveries (requires HostStatusDirectory)?
209 #O SingleThreadDelivery=False
211 # use Errors-To: header?
214 # use compressed IPv6 address format?
215 #O UseCompressedIPv6Addresses
220 # send to me too, even in an alias expansion?
223 # verify RHS in newaliases?
226 # default messages to old style headers if no special punctuation?
227 O OldStyleHeaders=True
229 # SMTP daemon options
230 O DaemonPortOptions=Name=MTA
231 O DaemonPortOptions=Port=587, Name=MSA, M=E
233 # SMTP client options
234 #O ClientPortOptions=Family=inet, Address=0.0.0.0
236 # Modifiers to define {daemon_flags} for direct submissions
237 #O DirectSubmissionModifiers
239 # Use as mail submission program? See sendmail/SECURITY
243 O PrivacyOptions=authwarnings
245 # who (if anyone) should get extra copies of error messages
246 #O PostmasterCopy=Postmaster
248 # slope of queue-only function
249 #O QueueFactor=600000
251 # limit on number of concurrent queue runners
254 # maximum number of queue-runners per queue-grouping with multiple queues
255 #O MaxRunnersPerQueue=1
257 # priority of queue runners (nice(3))
260 # shall we sort the queue by hostname first?
261 #O QueueSortOrder=priority
263 # minimum time in queue before retry
266 # maximum time in queue before retry (if > 0; only for exponential delay)
269 # how many jobs can you process in the queue?
272 # perform initial split of envelope without checking MX records
276 O QueueDirectory=/usr/spool/mqueue
278 # key for shared memory; 0 to turn off, -1 to auto-select
281 # file to store auto-selected key for shared memory (SharedMemoryKey = -1)
282 #O SharedMemoryKeyFile
284 # timeouts (many of these)
285 #O Timeout.initial=5m
286 #O Timeout.connect=5m
287 #O Timeout.aconnect=0s
288 #O Timeout.iconnect=5m
292 #O Timeout.datainit=5m
293 #O Timeout.datablock=1h
294 #O Timeout.datafinal=1h
298 #O Timeout.command=1h
300 #O Timeout.fileopen=60s
301 #O Timeout.control=2m
302 O Timeout.queuereturn=5d
303 #O Timeout.queuereturn.normal=5d
304 #O Timeout.queuereturn.urgent=2d
305 #O Timeout.queuereturn.non-urgent=7d
306 #O Timeout.queuereturn.dsn=5d
307 O Timeout.queuewarn=4h
308 #O Timeout.queuewarn.normal=4h
309 #O Timeout.queuewarn.urgent=1h
310 #O Timeout.queuewarn.non-urgent=12h
311 #O Timeout.queuewarn.dsn=4h
312 #O Timeout.hoststatus=30m
313 #O Timeout.resolver.retrans=5s
314 #O Timeout.resolver.retrans.first=5s
315 #O Timeout.resolver.retrans.normal=5s
316 #O Timeout.resolver.retry=4
317 #O Timeout.resolver.retry.first=4
318 #O Timeout.resolver.retry.normal=4
321 #O Timeout.starttls=1h
323 # time for DeliverBy; extension disabled if less than 0
326 # should we not prune routes in route-addr syntax addresses?
327 #O DontPruneRoutes=False
329 # queue up everything before forking?
335 # time zone handling:
336 # if undefined, use system default
337 # if defined but null, use TZ envariable passed in
338 # if defined and non-null, use that info
341 # default UID (can be username or userid:groupid)
342 #O DefaultUser=mailnull
344 # list of locations of user database file (null means no lookup)
345 #O UserDatabaseSpec=/etc/mail/userdb
348 #O FallbackMXhost=fall.back.host.net
350 # fallback smart host
351 #O FallbackSmartHost=fall.back.host.net
353 # if we are the best MX host for a site, try it directly instead of config err
354 #O TryNullMXList=False
356 # load average at which we just queue messages
359 # load average at which we refuse connections
362 # log interval when refusing connections for this long
363 #O RejectLogInterval=3h
365 # load average at which we delay connections; 0 means no limit
368 # maximum number of children we allow at one time
369 #O MaxDaemonChildren=0
371 # maximum number of new connections per second
372 #O ConnectionRateThrottle=0
374 # Width of the window
375 #O ConnectionRateWindowSize=60s
377 # work recipient factor
378 #O RecipientFactor=30000
380 # deliver each queued job in a separate process?
389 # default character set
390 #O DefaultCharSet=unknown-8bit
392 # service switch file (name hardwired on Solaris, Ultrix, OSF/1, others)
393 #O ServiceSwitchFile=/etc/mail/service.switch
395 # hosts file (normally /etc/hosts)
396 #O HostsFile=/etc/hosts
398 # dialup line delay on connection failure
401 # action to take if there are no recipients in the message
402 #O NoRecipientAction=none
404 # chrooted environment for writing to files
405 #O SafeFileEnvironment
407 # are colons OK in addresses?
408 #O ColonOkInAddr=True
410 # shall I avoid expanding CNAMEs (violates protocols)?
411 #O DontExpandCnames=False
413 # SMTP initial login message (old $e macro)
414 O SmtpGreetingMessage=$j Sendmail $v/$Z; $b
416 # UNIX initial From header format (old $l macro)
417 O UnixFromLine=From $g $d
419 # From: lines that have embedded newlines are unwrapped onto one line
420 #O SingleLineFromHeader=False
422 # Allow HELO SMTP command that does not include a host name
423 #O AllowBogusHELO=False
425 # Characters to be quoted in a full name phrase (@,;:\()[] are automatic)
428 # delimiter (operator) characters (old $o macro)
429 O OperatorChars=.:%@!^/[]+
431 # shall I avoid calling initgroups(3) because of high NIS costs?
432 #O DontInitGroups=False
434 # are group-writable :include: and .forward files (un)trustworthy?
435 # True (the default) means they are not trustworthy.
436 #O UnsafeGroupWrites=True
439 # where do errors that occur when sending errors get sent?
440 #O DoubleBounceAddress=postmaster
442 # issue temporary errors (4xy) instead of permanent errors (5xy)?
445 # where to save bounces if all else fails
446 #O DeadLetterDrop=/var/tmp/dead.letter
448 # what user id do we assume for the majority of the processing?
449 #O RunAsUser=sendmail
451 # maximum number of recipients per SMTP envelope
452 #O MaxRecipientsPerMessage=0
454 # limit the rate recipients per SMTP envelope are accepted
455 # once the threshold number of recipients have been rejected
459 # shall we get local names from our installed interfaces?
460 #O DontProbeInterfaces=False
462 # Return-Receipt-To: header implies DSN request
463 #O RrtImpliesDsn=False
465 # override connection address (for testing)
466 #O ConnectOnlyTo=0.0.0.0
468 # Trusted user for file ownership and starting the daemon
471 # Control socket for daemon management
472 #O ControlSocketName=/var/spool/mqueue/.control
474 # Maximum MIME header length to protect MUAs
475 #O MaxMimeHeaderLength=0/0
477 # Maximum length of the sum of all headers
478 O MaxHeadersLength=32768
480 # Maximum depth of alias recursion
481 #O MaxAliasRecursion=10
483 # location of pid file
484 #O PidFile=/var/run/sendmail.pid
486 # Prefix string for the process title shown on 'ps' listings
487 #O ProcessTitlePrefix=prefix
489 # Data file (df) memory-buffer file maximum size
490 #O DataFileBufferSize=4096
492 # Transcript file (xf) memory-buffer file maximum size
493 #O XscriptFileBufferSize=4096
495 # lookup type to find information about local mailboxes
496 #O MailboxDatabase=pw
498 # override compile time flag REQUIRES_DIR_FSYNC
499 #O RequiresDirfsync=true
501 # list of authentication mechanisms
502 #O AuthMechanisms=EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5
504 # Authentication realm
507 # default authentication information for outgoing connections
508 #O DefaultAuthInfo=/etc/mail/default-auth-info
513 # SMTP AUTH maximum encryption strength
516 # SMTP STARTTLS server options
521 # server side SSL options
523 # client side SSL options
527 # Path to dynamic library for SSLEngine
529 # TLS: fall back to clear text after handshake failure?
530 #O TLSFallbacktoClear
548 # File containing certificate revocation lists
550 # Directory containing hashes pointing to certificate revocation status files
552 # DHParameters (only required if DSA/DH is used)
554 # Random data source (required for systems without /dev/urandom under OpenSSL)
556 # fingerprint algorithm (digest) to use for the presented cert
557 #O CertFingerprintAlgorithm
561 # Maximum number of "useless" commands before slowing down
562 #O MaxNOOPCommands=20
564 # Name to use for EHLO (defaults to $j)
569 ############################
570 # QUEUE GROUP DEFINITIONS #
571 ############################
574 ###########################
575 # Message precedences #
576 ###########################
579 Pspecial-delivery=100
584 #####################
586 #####################
588 # this is equivalent to setting class "t"
589 #Ft/etc/mail/trusted-users
594 #########################
595 # Format of headers #
596 #########################
598 H?P?Return-Path: <$g>
599 HReceived: $?sfrom $s $.$?_($?s$|from $.$_)
600 $.$?{auth_type}(authenticated$?{auth_ssf} bits=${auth_ssf}$.)
601 $.by $j ($v/$Z)$?r with $r$. id $i$?{tls_version}
602 (version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify})$.$?u
607 H?F?Resent-From: $?x$x <$g>$|$g$.
608 H?F?From: $?x$x <$g>$|$g$.
611 # H?l?Received-Date: $b
612 H?M?Resent-Message-Id: <$t.$i@$j>
613 H?M?Message-Id: <$t.$i@$j>
616 ######################################################################
617 ######################################################################
619 ##### REWRITING RULES
621 ######################################################################
622 ######################################################################
624 ############################################
625 ### Ruleset 3 -- Name Canonicalization ###
626 ############################################
629 # handle null input (translate to <@> special case)
632 # strip group: syntax (not inside angle brackets!) and trailing semicolon
633 R$* $: $1 <@> mark addresses
634 R$* < $* > $* <@> $: $1 < $2 > $3 unmark <addr>
635 R@ $* <@> $: @ $1 unmark @host:...
636 R$* [ IPv6 : $+ ] <@> $: $1 [ IPv6 : $2 ] unmark IPv6 addr
637 R$* :: $* <@> $: $1 :: $2 unmark node::addr
638 R:include: $* <@> $: :include: $1 unmark :include:...
639 R$* : $* [ $* ] $: $1 : $2 [ $3 ] <@> remark if leading colon
640 R$* : $* <@> $: $2 strip colon if marked
642 R$* ; $1 strip trailing semi
643 R$* < $+ :; > $* $@ $2 :; <@> catch <list:;>
644 R$* < $* ; > $1 < $2 > bogus bracketed semi
646 # null input now results from list:; syntax
649 # strip angle brackets -- note RFC733 heuristic to get innermost item
650 R$* $: < $1 > housekeeping <>
651 R$+ < $* > < $2 > strip excess on left
652 R< $* > $+ < $1 > strip excess on right
653 R<> $@ < @ > MAIL FROM:<> case
654 R< $+ > $: $1 remove housekeeping <>
656 # strip route address <@a,@b,@c:user@d> -> <user@d>
661 # find focus for list syntax
662 R $+ : $* ; @ $+ $@ $>Canonify2 $1 : $2 ; < @ $3 > list syntax
663 R $+ : $* ; $@ $1 : $2; list syntax
665 # find focus for @ syntax addresses
666 R$+ @ $+ $: $1 < @ $2 > focus on domain
667 R$+ < $+ @ $+ > $1 $2 < @ $3 > move gaze right
668 R$+ < @ $+ > $@ $>Canonify2 $1 < @ $2 > already canonical
671 # convert old-style addresses to a domain-based address
672 R$- ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > resolve uucp names
673 R$+ . $- ! $+ $@ $>Canonify2 $3 < @ $1 . $2 > domain uucps
674 R$+ ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > uucp subdomains
676 # if we have % signs, take the rightmost one
677 R$* % $* $1 @ $2 First make them all @s.
678 R$* @ $* @ $* $1 % $2 @ $3 Undo all but the last.
680 R$* @ $* $@ $>Canonify2 $1 < @ $2 > Insert < > and finish
682 # else we must be a local name
683 R$* $@ $>Canonify2 $1
686 ################################################
687 ### Ruleset 96 -- bottom half of ruleset 3 ###
688 ################################################
692 # handle special cases for local names
693 R$* < @ localhost > $* $: $1 < @ $j . > $2 no domain at all
694 R$* < @ localhost . $m > $* $: $1 < @ $j . > $2 local domain
695 R$* < @ localhost . UUCP > $* $: $1 < @ $j . > $2 .UUCP domain
697 # check for IPv4/IPv6 domain literal
698 R$* < @ [ $+ ] > $* $: $1 < @@ [ $2 ] > $3 mark [addr]
699 R$* < @@ $=w > $* $: $1 < @ $j . > $3 self-literal
700 R$* < @@ $+ > $* $@ $1 < @ $2 > $3 canon IP addr
706 # if really UUCP, handle it immediately
708 # try UUCP traffic as a local address
709 R$* < @ $+ . UUCP > $* $: $1 < @ $[ $2 $] . UUCP . > $3
710 R$* < @ $+ . . UUCP . > $* $@ $1 < @ $2 . > $3
712 # hostnames ending in class P are always canonical
713 R$* < @ $* $=P > $* $: $1 < @ $2 $3 . > $4
714 R$* < @ $* $~P > $* $: $&{daemon_flags} $| $1 < @ $2 $3 > $4
715 R$* CC $* $| $* < @ $+.$+ > $* $: $3 < @ $4.$5 . > $6
716 R$* CC $* $| $* $: $3
717 # pass to name server to make hostname canonical
718 R$* $| $* < @ $* > $* $: $2 < @ $[ $3 $] > $4
721 # local host aliases and pseudo-domains are always canonical
722 R$* < @ $=w > $* $: $1 < @ $2 . > $3
723 R$* < @ $=M > $* $: $1 < @ $2 . > $3
724 R$* < @ $* . . > $* $1 < @ $2 . > $3
727 ##################################################
728 ### Ruleset 4 -- Final Output Post-rewriting ###
729 ##################################################
732 R$+ :; <@> $@ $1 : handle <list:;>
733 R$* <@> $@ handle <> and list:;
735 # strip trailing dot off possibly canonical name
736 R$* < @ $+ . > $* $1 < @ $2 > $3
738 # eliminate internal code
739 R$* < @ *LOCAL* > $* $1 < @ $j > $2
741 # externalize local domain info
742 R$* < $+ > $* $1 $2 $3 defocus
743 R@ $+ : @ $+ : $+ @ $1 , @ $2 : $3 <route-addr> canonical
744 R@ $* $@ @ $1 ... and exit
746 # UUCP must always be presented in old form
747 R$+ @ $- . UUCP $2!$1 u@h.UUCP => h!u
749 # delete duplicate local names
750 R$+ % $=w @ $=w $1 @ $2 u%host@host => u@host
754 ##############################################################
755 ### Ruleset 97 -- recanonicalize and call ruleset zero ###
756 ### (used for recursive calls) ###
757 ##############################################################
764 ######################################
765 ### Ruleset 0 -- Parse Address ###
766 ######################################
770 R$* $: $>Parse0 $1 initial parsing
771 R<@> $#local $: <@> special case error msgs
772 R$* $: $>ParseLocal $1 handle local hacks
773 R$* $: $>Parse1 $1 final parsing
776 # Parse0 -- do initial syntax checking and eliminate local addresses.
777 # This should either return with the (possibly modified) input
778 # or return with a #error mailer. It should not return with a
779 # #mailer other than the #error mailer.
783 R<@> $@ <@> special case error msgs
784 R$* : $* ; <@> $#error $@ 5.1.3 $: "553 List:; syntax illegal for recipient addresses"
785 R@ <@ $* > < @ $1 > catch "@@host" bogosity
786 R<@ $+> $#error $@ 5.1.3 $: "553 User address required"
787 R$+ <@> $#error $@ 5.1.3 $: "553 Hostname required"
789 R<> $* < @ [ $* ] : $+ > $* $1 < @ [ $2 ] : $3 > $4
790 R<> $* < @ [ $* ] , $+ > $* $1 < @ [ $2 ] , $3 > $4
791 R<> $* < @ [ $* ] $+ > $* $#error $@ 5.1.2 $: "553 Invalid address"
792 R<> $* < @ [ $+ ] > $* $1 < @ [ $2 ] > $3
793 R<> $* <$* : $* > $* $#error $@ 5.1.3 $: "553 Colon illegal in host name part"
795 R$* < @ . $* > $* $#error $@ 5.1.2 $: "553 Invalid host name"
796 R$* < @ $* .. $* > $* $#error $@ 5.1.2 $: "553 Invalid host name"
797 R$* < @ $* @ > $* $#error $@ 5.1.2 $: "553 Invalid route address"
798 R$* @ $* < @ $* > $* $#error $@ 5.1.3 $: "553 Invalid route address"
799 R$* , $~O $* $#error $@ 5.1.3 $: "553 Invalid route address"
802 # now delete the local info -- note $=O to find characters that cause forwarding
803 R$* < @ > $* $@ $>Parse0 $>canonify $1 user@ => user
804 R< @ $=w . > : $* $@ $>Parse0 $>canonify $2 @here:... -> ...
805 R$- < @ $=w . > $: $(dequote $1 $) < @ $2 . > dequote "foo"@here
806 R< @ $+ > $#error $@ 5.1.3 $: "553 User address required"
807 R$* $=O $* < @ $=w . > $@ $>Parse0 $>canonify $1 $2 $3 ...@here -> ...
808 R$- $: $(dequote $1 $) < @ *LOCAL* > dequote "foo"
809 R< @ *LOCAL* > $#error $@ 5.1.3 $: "553 User address required"
810 R$* $=O $* < @ *LOCAL* >
811 $@ $>Parse0 $>canonify $1 $2 $3 ...@*LOCAL* -> ...
812 R$* < @ *LOCAL* > $: $1
816 # Parse1 -- the bottom half of ruleset 0.
821 # handle numeric address spec
822 R$* < @ [ $+ ] > $* $: $>ParseLocal $1 < @ [ $2 ] > $3 numeric internet spec
823 R$* < @ [ $+ ] > $* $: $1 < @ [ $2 ] : $S > $3 Add smart host to path
824 R$* < @ [ $+ ] : > $* $#esmtp $@ [$2] $: $1 < @ [$2] > $3 no smarthost: send
825 R$* < @ [ $+ ] : $- : $*> $* $#$3 $@ $4 $: $1 < @ [$2] > $5 smarthost with mailer
826 R$* < @ [ $+ ] : $+ > $* $#esmtp $@ $3 $: $1 < @ [$2] > $4 smarthost without mailer
829 # short circuit local delivery so forwarded email works
832 R$=L < @ $=w . > $#local $: @ $1 special local names
833 R$+ < @ $=w . > $#local $: $1 regular local name
836 # resolve remotely connected UUCP links (if any)
838 # resolve fake top level domains by forwarding to other hosts
842 # pass names that still have a host to a smarthost (if defined)
843 R$* < @ $* > $* $: $>MailerToTriple < $S > $1 < @ $2 > $3 glue on smarthost name
845 # deal with other remote names
846 R$* < @$* > $* $#esmtp $@ $2 $: $1 < @ $2 > $3 user@host.domain
848 # handle locally delivered names
849 R$=L $#local $: @ $1 special local names
850 R$+ $#local $: $1 regular local names
854 ###########################################################################
855 ### Ruleset 5 -- special rewriting after aliases have been expanded ###
856 ###########################################################################
860 R$+ $: $1 $| $>"Local_localaddr" $1
861 R$+ $| $#ok $@ $1 no change
868 # deal with plussed users so aliases work nicely
869 R$+ + * $#local $@ $&h $: $1
870 R$+ + $* $#local $@ + $2 $: $1 + *
872 # prepend an empty "forward host" on the front
877 R< > $+ $: < > < $1 <> $&h > nope, restore +detail
879 R< > < $+ <> + $* > $: < > < $1 + $2 > check whether +detail
880 R< > < $+ <> $* > $: < > < $1 > else discard
881 R< > < $+ + $* > $* < > < $1 > + $2 $3 find the user part
882 R< > < $+ > + $* $#local $@ $2 $: @ $1 strip the extra +
883 R< > < $+ > $@ $1 no +detail
884 R$+ $: $1 <> $&h add +detail back in
886 R$+ <> + $* $: $1 + $2 check whether +detail
887 R$+ <> $* $: $1 else discard
888 R< local : $* > $* $: $>MailerToTriple < local : $1 > $2 no host extension
889 R< error : $* > $* $: $>MailerToTriple < error : $1 > $2 no host extension
891 R< $~[ : $+ > $+ $: $>MailerToTriple < $1 : $2 > $3 < @ $2 >
893 R< $+ > $+ $@ $>MailerToTriple < $1 > $2 < @ $1 >
896 ###################################################################
897 ### Ruleset 95 -- canonify mailer:[user@]host syntax to triple ###
898 ###################################################################
901 R< > $* $@ $1 strip off null relay
902 R< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4
903 R< error : $- : $+ > $* $#error $@ $(dequote $1 $) $: $2
904 R< error : $+ > $* $#error $: $1
905 R< local : $* > $* $>CanonLocal < $1 > $2
906 R< $~[ : $+ @ $+ > $*<$*>$* $# $1 $@ $3 $: $2<@$3> use literal user
907 R< $~[ : $+ > $* $# $1 $@ $2 $: $3 try qualified mailer
908 R< $=w > $* $@ $2 delete local host
909 R< $+ > $* $#relay $@ $1 $: $2 use unqualified mailer
911 ###################################################################
912 ### Ruleset CanonLocal -- canonify local: syntax ###
913 ###################################################################
916 # strip local host from routed addresses
917 R< $* > < @ $+ > : $+ $@ $>Recurse $3
918 R< $* > $+ $=O $+ < @ $+ > $@ $>Recurse $2 $3 $4
920 # strip trailing dot from any host name that may appear
921 R< $* > $* < @ $* . > $: < $1 > $2 < @ $3 >
923 # handle local: syntax -- use old user, either with or without host
924 R< > $* < @ $* > $* $#local $@ $1@$2 $: $1
925 R< > $+ $#local $@ $1 $: $1
927 # handle local:user@host syntax -- ignore host part
928 R< $+ @ $+ > $* < @ $* > $: < $1 > $3 < @ $4 >
930 # handle local:user syntax
931 R< $+ > $* <@ $* > $* $#local $@ $2@$3 $: $1
932 R< $+ > $* $#local $@ $2 $: $1
934 ###################################################################
935 ### Ruleset 93 -- convert header names to masqueraded form ###
936 ###################################################################
941 # do not masquerade anything in class N
942 R$* < @ $* $=N . > $@ $1 < @ $2 $3 . >
944 R$* < @ *LOCAL* > $@ $1 < @ $j . >
946 ###################################################################
947 ### Ruleset 94 -- convert envelope names to masqueraded form ###
948 ###################################################################
951 R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
953 ###################################################################
954 ### Ruleset 98 -- local part of ruleset zero (can be null) ###
955 ###################################################################
959 # addresses sent to foo@host.REDIRECT will give a 551 error code
960 R$* < @ $+ .REDIRECT. > $: $1 < @ $2 . REDIRECT . > < ${opMode} >
961 R$* < @ $+ .REDIRECT. > <i> $: $1 < @ $2 . REDIRECT. >
962 R$* < @ $+ .REDIRECT. > < $- > $#error $@ 5.1.1 $: "551 User has moved; please try " <$1@$2>
970 ######################################################################
971 ### CanonAddr -- Convert an address into a standard form for
972 ### relay checking. Route address syntax is
973 ### crudely converted into a %-hack address.
976 ### $1 -- full recipient address
979 ### parsed address, not in source route form
980 ######################################################################
983 R$* $: $>Parse0 $>canonify $1 make domain canonical
986 ######################################################################
987 ### ParseRecipient -- Strip off hosts in $=R as well as possibly
988 ### $* $=m or the access database.
989 ### Check user portion for host separators.
992 ### $1 -- full recipient address
995 ### parsed, non-local-relaying address
996 ######################################################################
999 R$* $: <?> $>CanonAddr $1
1000 R<?> $* < @ $* . > <?> $1 < @ $2 > strip trailing dots
1001 R<?> $- < @ $* > $: <?> $(dequote $1 $) < @ $2 > dequote local part
1003 # if no $=O character, no host in the user portion, we are done
1004 R<?> $* $=O $* < @ $* > $: <NO> $1 $2 $3 < @ $4>
1008 R<NO> $* < @ $* $=R > $: <RELAY> $1 < @ $2 $3 >
1012 R<RELAY> $* < @ $* > $@ $>ParseRecipient $1
1016 ######################################################################
1017 ### check_relay -- check hostname/address on SMTP startup
1018 ######################################################################
1024 R$* $: $1 $| $>"Local_check_relay" $1
1025 R$* $| $* $| $#$* $#$3
1026 R$* $| $* $| $* $@ $>"Basic_check_relay" $1 $| $2
1029 # check for deferred delivery mode
1030 R$* $: < $&{deliveryMode} > $1
1031 R< d > $* $@ deferred
1036 ######################################################################
1037 ### check_mail -- check SMTP `MAIL FROM:' command argument
1038 ######################################################################
1042 R$* $: $1 $| $>"Local_check_mail" $1
1044 R$* $| $* $@ $>"Basic_check_mail" $1
1047 # check for deferred delivery mode
1048 R$* $: < $&{deliveryMode} > $1
1049 R< d > $* $@ deferred
1053 R$* $: $1 $| $>"tls_client" $&{verify} $| MAIL
1057 R<> $@ <OK> we MUST accept <> (RFC 1123)
1059 R<?><$+> $: <@> <$1>
1061 R$* $: $&{daemon_flags} $| $1
1062 R$* f $* $| <@> < $* @ $- > $: < ? $&{client_name} > < $3 @ $4 >
1063 R$* u $* $| <@> < $* > $: <?> < $3 >
1065 # handle case of @localhost on address
1066 R<@> < $* @ localhost > $: < ? $&{client_name} > < $1 @ localhost >
1067 R<@> < $* @ [127.0.0.1] >
1068 $: < ? $&{client_name} > < $1 @ [127.0.0.1] >
1069 R<@> < $* @ [IPv6:0:0:0:0:0:0:0:1] >
1070 $: < ? $&{client_name} > < $1 @ [IPv6:0:0:0:0:0:0:0:1] >
1071 R<@> < $* @ [IPv6:::1] >
1072 $: < ? $&{client_name} > < $1 @ [IPv6:::1] >
1073 R<@> < $* @ localhost.$m >
1074 $: < ? $&{client_name} > < $1 @ localhost.$m >
1075 R<@> < $* @ localhost.UUCP >
1076 $: < ? $&{client_name} > < $1 @ localhost.UUCP >
1077 R<@> $* $: $1 no localhost as domain
1078 R<? $=w> $* $: $2 local client: ok
1079 R<? $+> <$+> $#error $@ 5.5.4 $: "553 Real domain name required for sender address"
1081 R$* $: <?> $>CanonAddr $1 canonify sender address and mark it
1082 R<?> $* < @ $+ . > <?> $1 < @ $2 > strip trailing dots
1083 # handle non-DNS hostnames (*.bitnet, *.decnet, *.uucp, etc)
1084 R<?> $* < @ $* $=P > $: <OKR> $1 < @ $2 $3 >
1085 R<?> $* < @ $j > $: <OKR> $1 < @ $j >
1086 R<?> $* < @ $+ > $: <? $(resolve $2 $: $2 <PERM> $) > $1 < @ $2 >
1087 R<? $* <$->> $* < @ $+ >
1091 # handle case of no @domain on address
1092 R<?> $* $: $&{daemon_flags} $| <?> $1
1093 R$* u $* $| <?> $* $: <OKR> $3
1095 R<?> $* $: < ? $&{client_addr} > $1
1096 R<?> $* $@ <OKR> ...local unqualed ok
1097 R<? $+> $* $#error $@ 5.5.4 $: "553 Domain name required for sender address " $&f
1100 R<?> $* $: @ $1 mark address: nothing known about it
1101 R<$={ResOk}> $* $: @ $2 domain ok
1102 R<TEMP> $* $#error $@ 4.1.8 $: "451 Domain of sender address " $&f " does not resolve"
1103 R<PERM> $* $#error $@ 5.1.8 $: "553 Domain of sender address " $&f " does not exist"
1107 ######################################################################
1108 ### check_rcpt -- check SMTP `RCPT TO:' command argument
1109 ######################################################################
1113 R$* $: $1 $| $>"Local_check_rcpt" $1
1115 R$* $| $* $@ $>"Basic_check_rcpt" $1
1119 R<> $#error $@ nouser $: "553 User address required"
1120 R$@ $#error $@ nouser $: "553 User address required"
1121 # check for deferred delivery mode
1122 R$* $: < $&{deliveryMode} > $1
1123 R< d > $* $@ deferred
1127 ######################################################################
1128 R$* $: $1 $| @ $>"Rcpt_ok" $1
1129 R$* $| @ $#TEMP $+ $: $1 $| T $2
1131 R$* $| @ RELAY $@ RELAY
1132 R$* $| @ $* $: O $| $>"Relay_ok" $1
1133 R$* $| T $+ $: T $2 $| $>"Relay_ok" $1
1134 R$* $| $#TEMP $+ $#error $2
1136 R$* $| RELAY $@ RELAY
1137 R T $+ $| $* $#error $1
1138 # anything else is bogus
1139 R$* $#error $@ 5.7.1 $: "550 Relaying denied"
1142 ######################################################################
1143 ### Rcpt_ok: is the recipient ok?
1144 ######################################################################
1146 R$* $: $>ParseRecipient $1 strip relayable hosts
1151 # authenticated via TLS?
1152 R$* $: $1 $| $>RelayTLS client authenticated?
1153 R$* $| $# $+ $# $2 error/ok?
1156 R$* $: $1 $| $>"Local_Relay_Auth" $&{auth_type}
1159 R$* $| $* $: $1 $| $&{auth_type}
1161 R$* $| $={TrustAuthMech} $# RELAY
1163 # anything terminating locally is ok
1164 R$+ < @ $=w > $@ RELAY
1165 R$+ < @ $* $=R > $@ RELAY
1170 # check for local user (i.e. unqualified address)
1172 R<?> $* < @ $+ > $: <REMOTE> $1 < @ $2 >
1177 ######################################################################
1178 ### Relay_ok: is the relay/sender ok?
1179 ######################################################################
1181 # anything originating locally is ok
1183 R$* $: $&{client_addr}
1184 R$@ $@ RELAY originated locally
1185 R0 $@ RELAY originated locally
1186 R127.0.0.1 $@ RELAY originated locally
1187 RIPv6:0:0:0:0:0:0:0:1 $@ RELAY originated locally
1188 RIPv6:::1 $@ RELAY originated locally
1189 R$=R $* $@ RELAY relayable IP address
1190 R$* $: [ $1 ] put brackets around it...
1191 R$=w $@ RELAY ... and see if it is local
1194 # check client name: first: did it resolve?
1195 R$* $: < $&{client_resolve} >
1196 R<TEMP> $#TEMP $@ 4.4.0 $: "450 Relaying temporarily denied. Cannot resolve PTR record for " $&{client_addr}
1197 R<FORGED> $#error $@ 5.7.1 $: "550 Relaying denied. IP name possibly forged " $&{client_name}
1198 R<FAIL> $#error $@ 5.7.1 $: "550 Relaying denied. IP name lookup failed " $&{client_name}
1199 R$* $: <@> $&{client_name}
1200 # pass to name server to make hostname canonical
1201 R<@> $* $=P $:<?> $1 $2
1202 R<@> $+ $:<?> $[ $1 $]
1203 R$* . $1 strip trailing dots
1205 R<?> $* $=R $@ RELAY
1211 ######################################################################
1212 ### trust_auth: is user trusted to authenticate as someone else?
1215 ### $1: AUTH= parameter from MAIL command
1216 ######################################################################
1220 R$* $: $&{auth_type} $| $1
1221 # required by RFC 2554 section 4.
1222 R$@ $| $* $#error $@ 5.7.1 $: "550 not authenticated"
1223 R$* $| $&{auth_authen} $@ identical
1224 R$* $| <$&{auth_authen}> $@ identical
1225 R$* $| $* $: $1 $| $>"Local_trust_auth" $2
1227 R$* $#error $@ 5.7.1 $: "550 " $&{auth_authen} " not allowed to act as " $&{auth_author}
1229 ######################################################################
1230 ### Relay_Auth: allow relaying based on authentication?
1233 ### $1: ${auth_type}
1234 ######################################################################
1237 ######################################################################
1238 ### srv_features: which features to offer to a client?
1239 ### (done in server)
1240 ######################################################################
1244 ######################################################################
1245 ### try_tls: try to use STARTTLS?
1246 ### (done in client)
1247 ######################################################################
1251 ######################################################################
1252 ### tls_rcpt: is connection with server "good" enough?
1253 ### (done in client, per recipient)
1257 ######################################################################
1261 ######################################################################
1262 ### tls_client: is connection with client "good" enough?
1263 ### (done in server)
1266 ### ${verify} $| (MAIL|STARTTLS)
1267 ######################################################################
1269 R$* $| $* $@ $>"TLS_connection" $1
1271 ######################################################################
1272 ### tls_server: is connection with server "good" enough?
1273 ### (done in client)
1277 ######################################################################
1280 R$* $@ $>"TLS_connection" $1
1282 ######################################################################
1283 ### TLS_connection: is TLS connection "good" enough?
1287 ### Requirement: RHS from access map, may be ? for none.
1288 ######################################################################
1290 RSOFTWARE $#error $@ 4.7.0 $: "403 TLS handshake."
1291 RDANE_FAIL $#error $@ 4.7.0 $: "403 DANE check failed."
1296 ######################################################################
1297 ### RelayTLS: allow relaying based on TLS authentication
1301 ######################################################################
1305 ######################################################################
1306 ### authinfo: lookup authinfo in the access map
1309 ### $1: {server_name}
1310 ### $2: {server_addr}
1311 ######################################################################
1319 ######################################################################
1320 ######################################################################
1322 ##### MAIL FILTER DEFINITIONS
1324 ######################################################################
1325 ######################################################################
1328 ######################################################################
1329 ######################################################################
1331 ##### MAILER DEFINITIONS
1333 ######################################################################
1334 ######################################################################
1337 ##################################################
1338 ### Local and Program Mailer specification ###
1339 ##################################################
1341 ##### $Id: local.m4,v 8.60 2013-11-22 20:51:14 ca Exp $ #####
1344 # Envelope sender rewriting
1347 R<@> $n errors to mailer-daemon
1348 R@ <@ $*> $n temporarily bypass Sun bogosity
1349 R$+ $: $>AddDomain $1 add local domain if needed
1350 R$* $: $>MasqEnv $1 do masquerading
1353 # Envelope recipient rewriting
1356 R$+ < @ $* > $: $1 strip host part
1357 R$+ + $* $: < $&{addr_type} > $1 + $2 mark with addr type
1358 R<e s> $+ + $* $: $1 remove +detail for sender
1359 R< $* > $+ $: $2 else remove mark
1362 # Header sender rewriting
1365 R<@> $n errors to mailer-daemon
1366 R@ <@ $*> $n temporarily bypass Sun bogosity
1367 R$+ $: $>AddDomain $1 add local domain if needed
1368 R$* $: $>MasqHdr $1 do masquerading
1371 # Header recipient rewriting
1374 R$+ $: $>AddDomain $1 add local domain if needed
1375 R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
1378 # Common code to add local domain name (only if always-add-domain)
1382 Mlocal, P=/bin/rmail, F=lsDFMAw5:/|@qm9, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL,
1383 T=DNS/RFC822/X-Unix,
1385 Mprog, P=/bin/sh, F=lsDFMoqeu9, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL, D=$z:/,
1386 T=X-Unix/X-Unix/X-Unix,
1389 #####################################
1390 ### SMTP Mailer specification ###
1391 #####################################
1393 ##### $Id: smtp.m4,v 8.66 2013-11-22 20:51:14 ca Exp $ #####
1396 # common sender and masquerading recipient rewriting
1399 R$* < @ $* > $* $@ $1 < @ $2 > $3 already fully qualified
1400 R$+ $@ $1 < @ *LOCAL* > add local qualification
1403 # convert pseudo-domain addresses to real domain addresses
1407 # pass <route-addr>s through
1408 R< @ $+ > $* $@ < @ $1 > $2 resolve <route-addr>
1410 # output fake domains as user%fake@relay
1412 # do UUCP heuristics; note that these are shared with UUCP mailers
1413 R$+ < @ $+ .UUCP. > $: < $2 ! > $1 convert to UUCP form
1414 R$+ < @ $* > $* $@ $1 < @ $2 > $3 not UUCP form
1416 # leave these in .UUCP form to avoid further tampering
1417 R< $&h ! > $- ! $+ $@ $2 < @ $1 .UUCP. >
1418 R< $&h ! > $-.$+ ! $+ $@ $3 < @ $1.$2 >
1419 R< $&h ! > $+ $@ $1 < @ $&h .UUCP. >
1420 R< $+ ! > $+ $: $1 ! $2 < @ $Y > use UUCP_RELAY
1421 R$+ < @ $~[ $* : $+ > $@ $1 < @ $4 > strip mailer: part
1422 R$+ < @ > $: $1 < @ *LOCAL* > if no UUCP_RELAY
1426 # envelope sender rewriting
1429 R$+ $: $>PseudoToReal $1 sender/recipient common
1430 R$* :; <@> $@ list:; special case
1431 R$* $: $>MasqSMTP $1 qualify unqual'ed names
1432 R$+ $: $>MasqEnv $1 do masquerading
1436 # envelope recipient rewriting --
1437 # also header recipient if not masquerading recipients
1440 R$+ $: $>PseudoToReal $1 sender/recipient common
1441 R$+ $: $>MasqSMTP $1 qualify unqual'ed names
1442 R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
1445 # header sender and masquerading header recipient rewriting
1448 R$+ $: $>PseudoToReal $1 sender/recipient common
1449 R:; <@> $@ list:; special case
1451 # do special header rewriting
1452 R$* <@> $* $@ $1 <@> $2 pass null host through
1453 R< @ $* > $* $@ < @ $1 > $2 pass route-addr through
1454 R$* $: $>MasqSMTP $1 qualify unqual'ed names
1455 R$+ $: $>MasqHdr $1 do masquerading
1459 # relay mailer header masquerading recipient rewriting
1462 R$+ $: $>MasqSMTP $1
1465 Msmtp, P=[IPC], F=mDFMuX, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
1468 Mesmtp, P=[IPC], F=mDFMuXa, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
1471 Msmtp8, P=[IPC], F=mDFMuX8, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
1474 Mdsmtp, P=[IPC], F=mDFMuXa%, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
1477 Mrelay, P=[IPC], F=mDFMuXa8, S=EnvFromSMTP/HdrFromSMTP, R=MasqSMTP, E=\r\n, L=2040,
1481 ### generic-hpux9.mc ###
1484 # # Copyright (c) 1998, 1999 Proofpoint, Inc. and its suppliers.
1485 # # All rights reserved.
1486 # # Copyright (c) 1983 Eric P. Allman. All rights reserved.
1487 # # Copyright (c) 1988, 1993
1488 # # The Regents of the University of California. All rights reserved.
1490 # # By using this file, you agree to the terms and conditions set
1491 # # forth in the LICENSE file which can be found at the top level of
1492 # # the sendmail distribution.
1497 # # This is a generic configuration file for HP-UX 9.x.
1498 # # It has support for local and SMTP mail only. If you want to
1499 # # customize it, copy it to a name appropriate for your environment
1500 # # and do the modifications there.
1504 # VERSIONID(`$Id: generic-hpux9.mc,v 8.12 2013-11-22 20:51:08 ca Exp $')
1506 # DOMAIN(generic)dnl