2 # Copyright (c) 1998-2004, 2009, 2010 Proofpoint, Inc. and its suppliers.
4 # Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved.
5 # Copyright (c) 1988, 1993
6 # The Regents of the University of California. All rights reserved.
8 # By using this file, you agree to the terms and conditions set
9 # forth in the LICENSE file which can be found at the top level of
10 # the sendmail distribution.
14 ######################################################################
15 ######################################################################
17 ##### SENDMAIL CONFIGURATION FILE
19 ##### built by ca@sandman.dev-lab.sendmail.com on Thu Jul 2 05:24:31 PDT 2015
20 ##### in /x/ca/smi.git/sendmail/OpenSource/sendmail-8.15.2/cf/cf
21 ##### using ../ as configuration include directory
23 ######################################################################
25 ##### DO NOT EDIT THIS FILE! Only edit the source .mc file.
27 ######################################################################
28 ######################################################################
30 ##### $Id: cfhead.m4,v 8.122 2013-11-22 20:51:13 ca Exp $ #####
31 ##### $Id: cf.m4,v 8.33 2013-11-22 20:51:13 ca Exp $ #####
32 ##### $Id: submit.mc,v 8.15 2013-11-22 20:51:08 ca Exp $ #####
33 ##### $Id: msp.m4,v 1.34 2013-11-22 20:51:11 ca Exp $ #####
35 ##### $Id: no_default_msa.m4,v 8.3 2013-11-22 20:51:11 ca Exp $ #####
38 ##### $Id: proto.m4,v 8.762 2013-11-22 20:51:13 ca Exp $ #####
40 # level 10 config file format
43 # override file safeties - setting this option compromises system security,
44 # addressing the actual file configuration problem is preferred
45 # need to set this before any file actions are encountered in the cf file
46 #O DontBlameSendmail=safe
48 # default LDAP map specification
49 # need to set this now before any LDAP maps are defined
50 #O LDAPDefaultSpec=-h localhost
57 # need to set this before any LDAP lookups are done (including classes)
58 #D{sendmailMTACluster}$m
62 # my official domain name
63 # ... define this only if sendmail cannot automatically determine your domain
66 # host/domain names ending with a token in class P are canonical
69 # "Smart" relay host (may be null)
73 # operators that cannot be in local usernames (i.e., network indicators)
76 # a class with just dot (for identifying canonical names)
79 # a class with just a left bracket (for identifying domain literals)
83 # Resolve map (to check if a host exists in check_mail)
84 Kresolve host -a<OKR> -T<TEMP>
88 # Hosts for which relaying is permitted ($=R)
89 FR-o /etc/mail/relay-domains
101 # class E: names that should be exposed as from this host, even if we masquerade
102 # class L: names that should be delivered locally, even if we have a relay
103 # class M: domains that should be converted to $M
104 # class N: domains that should not be converted to $M
109 # my name for error messages
113 D{MTAHost}[127.0.0.1]
116 # Configuration version number
124 # strip message body to 7 bits on input?
125 O SevenBitInput=False
127 # 8-bit data handling
128 #O EightBitMode=pass8
130 # wait for alias file rebuild (default units: minutes)
133 # location of alias file
134 #O AliasFile=/etc/mail/aliases
136 # minimum number of free blocks on filesystem
139 # maximum message size
142 # substitution for space (blank) characters
145 # avoid connecting to "expensive" mailers on initial submission?
146 O HoldExpensive=False
148 # checkpoint queue runs after every N successful deliveries
149 #O CheckpointInterval=10
151 # default delivery mode
154 # error message header/file
155 #O ErrorHeader=/etc/mail/error-header
160 # save Unix-style "From_" lines at top of header?
161 #O SaveFromLine=False
163 # queue file mode (qf files)
166 # temporary file mode
169 # match recipients against GECOS field?
175 # location of help file
176 O HelpFile=/etc/mail/helpfile
178 # ignore dots as terminators in incoming messages?
181 # name resolver options
182 #O ResolverOptions=+AAONLY
184 # deliver MIME-encapsulated error messages?
185 O SendMimeErrors=True
187 # Forward file search path
190 # open connection cache size
191 O ConnectionCacheSize=2
193 # open connection cache timeout
194 O ConnectionCacheTimeout=5m
196 # persistent host status directory
197 #O HostStatusDirectory=.hoststat
199 # single thread deliveries (requires HostStatusDirectory)?
200 #O SingleThreadDelivery=False
202 # use Errors-To: header?
205 # use compressed IPv6 address format?
206 #O UseCompressedIPv6Addresses
211 # send to me too, even in an alias expansion?
214 # verify RHS in newaliases?
217 # default messages to old style headers if no special punctuation?
218 O OldStyleHeaders=True
220 # SMTP daemon options
222 O DaemonPortOptions=Name=NoMTA, Addr=127.0.0.1, M=E
224 # SMTP client options
225 #O ClientPortOptions=Family=inet, Address=0.0.0.0
227 # Modifiers to define {daemon_flags} for direct submissions
228 #O DirectSubmissionModifiers
230 # Use as mail submission program? See sendmail/SECURITY
234 O PrivacyOptions=goaway,noetrn,restrictqrun
236 # who (if anyone) should get extra copies of error messages
237 #O PostmasterCopy=Postmaster
239 # slope of queue-only function
240 #O QueueFactor=600000
242 # limit on number of concurrent queue runners
245 # maximum number of queue-runners per queue-grouping with multiple queues
246 #O MaxRunnersPerQueue=1
248 # priority of queue runners (nice(3))
251 # shall we sort the queue by hostname first?
252 #O QueueSortOrder=priority
254 # minimum time in queue before retry
257 # maximum time in queue before retry (if > 0; only for exponential delay)
260 # how many jobs can you process in the queue?
263 # perform initial split of envelope without checking MX records
267 O QueueDirectory=/var/spool/clientmqueue
269 # key for shared memory; 0 to turn off, -1 to auto-select
272 # file to store auto-selected key for shared memory (SharedMemoryKey = -1)
273 #O SharedMemoryKeyFile
275 # timeouts (many of these)
276 #O Timeout.initial=5m
277 #O Timeout.connect=5m
278 #O Timeout.aconnect=0s
279 #O Timeout.iconnect=5m
283 #O Timeout.datainit=5m
284 #O Timeout.datablock=1h
285 #O Timeout.datafinal=1h
289 #O Timeout.command=1h
291 #O Timeout.fileopen=60s
292 #O Timeout.control=2m
293 O Timeout.queuereturn=5d
294 #O Timeout.queuereturn.normal=5d
295 #O Timeout.queuereturn.urgent=2d
296 #O Timeout.queuereturn.non-urgent=7d
297 #O Timeout.queuereturn.dsn=5d
298 O Timeout.queuewarn=4h
299 #O Timeout.queuewarn.normal=4h
300 #O Timeout.queuewarn.urgent=1h
301 #O Timeout.queuewarn.non-urgent=12h
302 #O Timeout.queuewarn.dsn=4h
303 #O Timeout.hoststatus=30m
304 #O Timeout.resolver.retrans=5s
305 #O Timeout.resolver.retrans.first=5s
306 #O Timeout.resolver.retrans.normal=5s
307 #O Timeout.resolver.retry=4
308 #O Timeout.resolver.retry.first=4
309 #O Timeout.resolver.retry.normal=4
312 #O Timeout.starttls=1h
314 # time for DeliverBy; extension disabled if less than 0
317 # should we not prune routes in route-addr syntax addresses?
318 #O DontPruneRoutes=False
320 # queue up everything before forking?
324 O StatusFile=/var/spool/clientmqueue/sm-client.st
326 # time zone handling:
327 # if undefined, use system default
328 # if defined but null, use TZ envariable passed in
329 # if defined and non-null, use that info
332 # default UID (can be username or userid:groupid)
333 #O DefaultUser=mailnull
335 # list of locations of user database file (null means no lookup)
336 #O UserDatabaseSpec=/etc/mail/userdb
339 #O FallbackMXhost=fall.back.host.net
341 # fallback smart host
342 #O FallbackSmartHost=fall.back.host.net
344 # if we are the best MX host for a site, try it directly instead of config err
345 #O TryNullMXList=False
347 # load average at which we just queue messages
350 # load average at which we refuse connections
353 # log interval when refusing connections for this long
354 #O RejectLogInterval=3h
356 # load average at which we delay connections; 0 means no limit
359 # maximum number of children we allow at one time
360 #O MaxDaemonChildren=0
362 # maximum number of new connections per second
363 #O ConnectionRateThrottle=0
365 # Width of the window
366 #O ConnectionRateWindowSize=60s
368 # work recipient factor
369 #O RecipientFactor=30000
371 # deliver each queued job in a separate process?
380 # default character set
381 #O DefaultCharSet=unknown-8bit
383 # service switch file (name hardwired on Solaris, Ultrix, OSF/1, others)
384 #O ServiceSwitchFile=/etc/mail/service.switch
386 # hosts file (normally /etc/hosts)
387 #O HostsFile=/etc/hosts
389 # dialup line delay on connection failure
392 # action to take if there are no recipients in the message
393 #O NoRecipientAction=none
395 # chrooted environment for writing to files
396 #O SafeFileEnvironment
398 # are colons OK in addresses?
399 #O ColonOkInAddr=True
401 # shall I avoid expanding CNAMEs (violates protocols)?
402 #O DontExpandCnames=False
404 # SMTP initial login message (old $e macro)
405 O SmtpGreetingMessage=$j Sendmail $v/$Z; $b
407 # UNIX initial From header format (old $l macro)
408 O UnixFromLine=From $g $d
410 # From: lines that have embedded newlines are unwrapped onto one line
411 #O SingleLineFromHeader=False
413 # Allow HELO SMTP command that does not include a host name
414 #O AllowBogusHELO=False
416 # Characters to be quoted in a full name phrase (@,;:\()[] are automatic)
419 # delimiter (operator) characters (old $o macro)
420 O OperatorChars=.:%@!^/[]+
422 # shall I avoid calling initgroups(3) because of high NIS costs?
423 O DontInitGroups=True
425 # are group-writable :include: and .forward files (un)trustworthy?
426 # True (the default) means they are not trustworthy.
427 #O UnsafeGroupWrites=True
430 # where do errors that occur when sending errors get sent?
431 #O DoubleBounceAddress=postmaster
433 # issue temporary errors (4xy) instead of permanent errors (5xy)?
436 # where to save bounces if all else fails
437 #O DeadLetterDrop=/var/tmp/dead.letter
439 # what user id do we assume for the majority of the processing?
442 # maximum number of recipients per SMTP envelope
443 #O MaxRecipientsPerMessage=0
445 # limit the rate recipients per SMTP envelope are accepted
446 # once the threshold number of recipients have been rejected
450 # shall we get local names from our installed interfaces?
451 O DontProbeInterfaces=True
453 # Return-Receipt-To: header implies DSN request
454 #O RrtImpliesDsn=False
456 # override connection address (for testing)
457 #O ConnectOnlyTo=0.0.0.0
459 # Trusted user for file ownership and starting the daemon
462 # Control socket for daemon management
463 #O ControlSocketName=/var/spool/mqueue/.control
465 # Maximum MIME header length to protect MUAs
466 #O MaxMimeHeaderLength=0/0
468 # Maximum length of the sum of all headers
469 #O MaxHeadersLength=32768
471 # Maximum depth of alias recursion
472 #O MaxAliasRecursion=10
474 # location of pid file
475 O PidFile=/var/spool/clientmqueue/sm-client.pid
477 # Prefix string for the process title shown on 'ps' listings
478 #O ProcessTitlePrefix=prefix
480 # Data file (df) memory-buffer file maximum size
481 #O DataFileBufferSize=4096
483 # Transcript file (xf) memory-buffer file maximum size
484 #O XscriptFileBufferSize=4096
486 # lookup type to find information about local mailboxes
487 #O MailboxDatabase=pw
489 # override compile time flag REQUIRES_DIR_FSYNC
490 #O RequiresDirfsync=true
492 # list of authentication mechanisms
493 #O AuthMechanisms=EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5
495 # Authentication realm
498 # default authentication information for outgoing connections
499 #O DefaultAuthInfo=/etc/mail/default-auth-info
504 # SMTP AUTH maximum encryption strength
507 # SMTP STARTTLS server options
512 # server side SSL options
514 # client side SSL options
533 # File containing certificate revocation lists
535 # DHParameters (only required if DSA/DH is used)
537 # Random data source (required for systems without /dev/urandom under OpenSSL)
539 # fingerprint algorithm (digest) to use for the presented cert
540 #O CertFingerprintAlgorithm
542 # Maximum number of "useless" commands before slowing down
543 #O MaxNOOPCommands=20
545 # Name to use for EHLO (defaults to $j)
550 ############################
551 # QUEUE GROUP DEFINITIONS #
552 ############################
555 ###########################
556 # Message precedences #
557 ###########################
560 Pspecial-delivery=100
565 #####################
567 #####################
569 # this is equivalent to setting class "t"
570 #Ft/etc/mail/trusted-users
575 #########################
576 # Format of headers #
577 #########################
579 H?P?Return-Path: <$g>
580 HReceived: $?sfrom $s $.$?_($?s$|from $.$_)
581 $.$?{auth_type}(authenticated$?{auth_ssf} bits=${auth_ssf}$.)
582 $.by $j ($v/$Z)$?r with $r$. id $i$?{tls_version}
583 (version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify})$.$?u
588 H?F?Resent-From: $?x$x <$g>$|$g$.
589 H?F?From: $?x$x <$g>$|$g$.
592 # H?l?Received-Date: $b
593 H?M?Resent-Message-Id: <$t.$i@$j>
594 H?M?Message-Id: <$t.$i@$j>
597 ######################################################################
598 ######################################################################
600 ##### REWRITING RULES
602 ######################################################################
603 ######################################################################
605 ############################################
606 ### Ruleset 3 -- Name Canonicalization ###
607 ############################################
610 # handle null input (translate to <@> special case)
613 # strip group: syntax (not inside angle brackets!) and trailing semicolon
614 R$* $: $1 <@> mark addresses
615 R$* < $* > $* <@> $: $1 < $2 > $3 unmark <addr>
616 R@ $* <@> $: @ $1 unmark @host:...
617 R$* [ IPv6 : $+ ] <@> $: $1 [ IPv6 : $2 ] unmark IPv6 addr
618 R$* :: $* <@> $: $1 :: $2 unmark node::addr
619 R:include: $* <@> $: :include: $1 unmark :include:...
620 R$* : $* [ $* ] $: $1 : $2 [ $3 ] <@> remark if leading colon
621 R$* : $* <@> $: $2 strip colon if marked
623 R$* ; $1 strip trailing semi
624 R$* < $+ :; > $* $@ $2 :; <@> catch <list:;>
625 R$* < $* ; > $1 < $2 > bogus bracketed semi
627 # null input now results from list:; syntax
630 # strip angle brackets -- note RFC733 heuristic to get innermost item
631 R$* $: < $1 > housekeeping <>
632 R$+ < $* > < $2 > strip excess on left
633 R< $* > $+ < $1 > strip excess on right
634 R<> $@ < @ > MAIL FROM:<> case
635 R< $+ > $: $1 remove housekeeping <>
637 # strip route address <@a,@b,@c:user@d> -> <user@d>
642 # find focus for list syntax
643 R $+ : $* ; @ $+ $@ $>Canonify2 $1 : $2 ; < @ $3 > list syntax
644 R $+ : $* ; $@ $1 : $2; list syntax
646 # find focus for @ syntax addresses
647 R$+ @ $+ $: $1 < @ $2 > focus on domain
648 R$+ < $+ @ $+ > $1 $2 < @ $3 > move gaze right
649 R$+ < @ $+ > $@ $>Canonify2 $1 < @ $2 > already canonical
652 # convert old-style addresses to a domain-based address
653 R$- ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > resolve uucp names
654 R$+ . $- ! $+ $@ $>Canonify2 $3 < @ $1 . $2 > domain uucps
655 R$+ ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > uucp subdomains
657 # convert node::user addresses into a domain-based address
658 R$- :: $+ $@ $>Canonify2 $2 < @ $1 .DECNET > resolve DECnet names
659 R$- . $- :: $+ $@ $>Canonify2 $3 < @ $1.$2 .DECNET > numeric DECnet addr
661 # if we have % signs, take the rightmost one
662 R$* % $* $1 @ $2 First make them all @s.
663 R$* @ $* @ $* $1 % $2 @ $3 Undo all but the last.
665 R$* @ $* $@ $>Canonify2 $1 < @ $2 > Insert < > and finish
667 # else we must be a local name
668 R$* $@ $>Canonify2 $1
671 ################################################
672 ### Ruleset 96 -- bottom half of ruleset 3 ###
673 ################################################
677 # handle special cases for local names
678 R$* < @ localhost > $* $: $1 < @ $j . > $2 no domain at all
679 R$* < @ localhost . $m > $* $: $1 < @ $j . > $2 local domain
680 R$* < @ localhost . UUCP > $* $: $1 < @ $j . > $2 .UUCP domain
682 # check for IPv4/IPv6 domain literal
683 R$* < @ [ $+ ] > $* $: $1 < @@ [ $2 ] > $3 mark [addr]
684 R$* < @@ $=w > $* $: $1 < @ $j . > $3 self-literal
685 R$* < @@ $+ > $* $@ $1 < @ $2 > $3 canon IP addr
691 # if really UUCP, handle it immediately
693 # try UUCP traffic as a local address
694 R$* < @ $+ . UUCP > $* $: $1 < @ $[ $2 $] . UUCP . > $3
695 R$* < @ $+ . . UUCP . > $* $@ $1 < @ $2 . > $3
697 # hostnames ending in class P are always canonical
698 R$* < @ $* $=P > $* $: $1 < @ $2 $3 . > $4
699 R$* < @ $* $~P > $* $: $&{daemon_flags} $| $1 < @ $2 $3 > $4
700 R$* CC $* $| $* < @ $+.$+ > $* $: $3 < @ $4.$5 . > $6
701 R$* CC $* $| $* $: $3
702 # pass to name server to make hostname canonical
703 R$* $| $* < @ $* > $* $: $2 < @ $[ $3 $] > $4
706 # local host aliases and pseudo-domains are always canonical
707 R$* < @ $=w > $* $: $1 < @ $2 . > $3
708 R$* < @ $=M > $* $: $1 < @ $2 . > $3
709 R$* < @ $* . . > $* $1 < @ $2 . > $3
712 ##################################################
713 ### Ruleset 4 -- Final Output Post-rewriting ###
714 ##################################################
717 R$+ :; <@> $@ $1 : handle <list:;>
718 R$* <@> $@ handle <> and list:;
720 # strip trailing dot off possibly canonical name
721 R$* < @ $+ . > $* $1 < @ $2 > $3
723 # eliminate internal code
724 R$* < @ *LOCAL* > $* $1 < @ $j > $2
726 # externalize local domain info
727 R$* < $+ > $* $1 $2 $3 defocus
728 R@ $+ : @ $+ : $+ @ $1 , @ $2 : $3 <route-addr> canonical
729 R@ $* $@ @ $1 ... and exit
731 # UUCP must always be presented in old form
732 R$+ @ $- . UUCP $2!$1 u@h.UUCP => h!u
734 # put DECnet back in :: form
735 R$+ @ $+ . DECNET $2 :: $1 u@h.DECNET => h::u
736 # delete duplicate local names
737 R$+ % $=w @ $=w $1 @ $2 u%host@host => u@host
741 ##############################################################
742 ### Ruleset 97 -- recanonicalize and call ruleset zero ###
743 ### (used for recursive calls) ###
744 ##############################################################
751 ######################################
752 ### Ruleset 0 -- Parse Address ###
753 ######################################
757 R$* $: $>Parse0 $1 initial parsing
758 R<@> $#local $: <@> special case error msgs
759 R$* $: $>ParseLocal $1 handle local hacks
760 R$* $: $>Parse1 $1 final parsing
763 # Parse0 -- do initial syntax checking and eliminate local addresses.
764 # This should either return with the (possibly modified) input
765 # or return with a #error mailer. It should not return with a
766 # #mailer other than the #error mailer.
770 R<@> $@ <@> special case error msgs
771 R$* : $* ; <@> $#error $@ 5.1.3 $: "553 List:; syntax illegal for recipient addresses"
772 R@ <@ $* > < @ $1 > catch "@@host" bogosity
773 R<@ $+> $#error $@ 5.1.3 $: "553 User address required"
774 R$+ <@> $#error $@ 5.1.3 $: "553 Hostname required"
776 R<> $* < @ [ $* ] : $+ > $* $1 < @ [ $2 ] : $3 > $4
777 R<> $* < @ [ $* ] , $+ > $* $1 < @ [ $2 ] , $3 > $4
778 R<> $* < @ [ $* ] $+ > $* $#error $@ 5.1.2 $: "553 Invalid address"
779 R<> $* < @ [ $+ ] > $* $1 < @ [ $2 ] > $3
780 R<> $* <$* : $* > $* $#error $@ 5.1.3 $: "553 Colon illegal in host name part"
782 R$* < @ . $* > $* $#error $@ 5.1.2 $: "553 Invalid host name"
783 R$* < @ $* .. $* > $* $#error $@ 5.1.2 $: "553 Invalid host name"
784 R$* < @ $* @ > $* $#error $@ 5.1.2 $: "553 Invalid route address"
785 R$* @ $* < @ $* > $* $#error $@ 5.1.3 $: "553 Invalid route address"
786 R$* , $~O $* $#error $@ 5.1.3 $: "553 Invalid route address"
789 # now delete the local info -- note $=O to find characters that cause forwarding
790 R$* < @ > $* $@ $>Parse0 $>canonify $1 user@ => user
791 R< @ $=w . > : $* $@ $>Parse0 $>canonify $2 @here:... -> ...
792 R$- < @ $=w . > $: $(dequote $1 $) < @ $2 . > dequote "foo"@here
793 R< @ $+ > $#error $@ 5.1.3 $: "553 User address required"
794 R$* $=O $* < @ $=w . > $@ $>Parse0 $>canonify $1 $2 $3 ...@here -> ...
795 R$- $: $(dequote $1 $) < @ *LOCAL* > dequote "foo"
796 R< @ *LOCAL* > $#error $@ 5.1.3 $: "553 User address required"
797 R$* $=O $* < @ *LOCAL* >
798 $@ $>Parse0 $>canonify $1 $2 $3 ...@*LOCAL* -> ...
799 R$* < @ *LOCAL* > $: $1
803 # Parse1 -- the bottom half of ruleset 0.
808 # handle numeric address spec
809 R$* < @ [ $+ ] > $* $: $>ParseLocal $1 < @ [ $2 ] > $3 numeric internet spec
810 R$* < @ [ $+ ] > $* $: $1 < @ [ $2 ] : $S > $3 Add smart host to path
811 R$* < @ [ $+ ] : > $* $#esmtp $@ [$2] $: $1 < @ [$2] > $3 no smarthost: send
812 R$* < @ [ $+ ] : $- : $*> $* $#$3 $@ $4 $: $1 < @ [$2] > $5 smarthost with mailer
813 R$* < @ [ $+ ] : $+ > $* $#esmtp $@ $3 $: $1 < @ [$2] > $4 smarthost without mailer
816 # short circuit local delivery so forwarded email works
819 R$=L < @ $=w . > $#local $: @ $1 special local names
820 R$+ < @ $=w . > $#local $: $1 regular local name
823 # resolve remotely connected UUCP links (if any)
825 # resolve fake top level domains by forwarding to other hosts
829 # pass names that still have a host to a smarthost (if defined)
830 R$* < @ $* > $* $: $>MailerToTriple < $S > $1 < @ $2 > $3 glue on smarthost name
832 # deal with other remote names
833 R$* < @$* > $* $#esmtp $@ $2 $: $1 < @ $2 > $3 user@host.domain
835 # handle locally delivered names
836 R$=L $#local $: @ $1 special local names
837 R$+ $#local $: $1 regular local names
841 ###########################################################################
842 ### Ruleset 5 -- special rewriting after aliases have been expanded ###
843 ###########################################################################
847 R$+ $: $1 $| $>"Local_localaddr" $1
848 R$+ $| $#ok $@ $1 no change
855 # deal with plussed users so aliases work nicely
856 R$+ + * $#local $@ $&h $: $1
857 R$+ + $* $#local $@ + $2 $: $1 + *
859 # prepend an empty "forward host" on the front
864 R< > $+ $: < > < $1 <> $&h > nope, restore +detail
866 R< > < $+ <> + $* > $: < > < $1 + $2 > check whether +detail
867 R< > < $+ <> $* > $: < > < $1 > else discard
868 R< > < $+ + $* > $* < > < $1 > + $2 $3 find the user part
869 R< > < $+ > + $* $#local $@ $2 $: @ $1 strip the extra +
870 R< > < $+ > $@ $1 no +detail
871 R$+ $: $1 <> $&h add +detail back in
873 R$+ <> + $* $: $1 + $2 check whether +detail
874 R$+ <> $* $: $1 else discard
875 R< local : $* > $* $: $>MailerToTriple < local : $1 > $2 no host extension
876 R< error : $* > $* $: $>MailerToTriple < error : $1 > $2 no host extension
878 R< $~[ : $+ > $+ $: $>MailerToTriple < $1 : $2 > $3 < @ $2 >
880 R< $+ > $+ $@ $>MailerToTriple < $1 > $2 < @ $1 >
883 ###################################################################
884 ### Ruleset 95 -- canonify mailer:[user@]host syntax to triple ###
885 ###################################################################
888 R< > $* $@ $1 strip off null relay
889 R< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4
890 R< error : $- : $+ > $* $#error $@ $(dequote $1 $) $: $2
891 R< error : $+ > $* $#error $: $1
892 R< local : $* > $* $>CanonLocal < $1 > $2
893 R< $~[ : $+ @ $+ > $*<$*>$* $# $1 $@ $3 $: $2<@$3> use literal user
894 R< $~[ : $+ > $* $# $1 $@ $2 $: $3 try qualified mailer
895 R< $=w > $* $@ $2 delete local host
896 R< $+ > $* $#relay $@ $1 $: $2 use unqualified mailer
898 ###################################################################
899 ### Ruleset CanonLocal -- canonify local: syntax ###
900 ###################################################################
903 # strip local host from routed addresses
904 R< $* > < @ $+ > : $+ $@ $>Recurse $3
905 R< $* > $+ $=O $+ < @ $+ > $@ $>Recurse $2 $3 $4
907 # strip trailing dot from any host name that may appear
908 R< $* > $* < @ $* . > $: < $1 > $2 < @ $3 >
910 # handle local: syntax -- use old user, either with or without host
911 R< > $* < @ $* > $* $#local $@ $1@$2 $: $1
912 R< > $+ $#local $@ $1 $: $1
914 # handle local:user@host syntax -- ignore host part
915 R< $+ @ $+ > $* < @ $* > $: < $1 > $3 < @ $4 >
917 # handle local:user syntax
918 R< $+ > $* <@ $* > $* $#local $@ $2@$3 $: $1
919 R< $+ > $* $#local $@ $2 $: $1
921 ###################################################################
922 ### Ruleset 93 -- convert header names to masqueraded form ###
923 ###################################################################
928 # do not masquerade anything in class N
929 R$* < @ $* $=N . > $@ $1 < @ $2 $3 . >
931 R$* < @ *LOCAL* > $@ $1 < @ $j . >
933 ###################################################################
934 ### Ruleset 94 -- convert envelope names to masqueraded form ###
935 ###################################################################
938 R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
940 ###################################################################
941 ### Ruleset 98 -- local part of ruleset zero (can be null) ###
942 ###################################################################
951 ######################################################################
952 ### CanonAddr -- Convert an address into a standard form for
953 ### relay checking. Route address syntax is
954 ### crudely converted into a %-hack address.
957 ### $1 -- full recipient address
960 ### parsed address, not in source route form
961 ######################################################################
964 R$* $: $>Parse0 $>canonify $1 make domain canonical
967 ######################################################################
968 ### ParseRecipient -- Strip off hosts in $=R as well as possibly
969 ### $* $=m or the access database.
970 ### Check user portion for host separators.
973 ### $1 -- full recipient address
976 ### parsed, non-local-relaying address
977 ######################################################################
980 R$* $: <?> $>CanonAddr $1
981 R<?> $* < @ $* . > <?> $1 < @ $2 > strip trailing dots
982 R<?> $- < @ $* > $: <?> $(dequote $1 $) < @ $2 > dequote local part
984 # if no $=O character, no host in the user portion, we are done
985 R<?> $* $=O $* < @ $* > $: <NO> $1 $2 $3 < @ $4>
989 R<NO> $* < @ $* $=R > $: <RELAY> $1 < @ $2 $3 >
993 R<RELAY> $* < @ $* > $@ $>ParseRecipient $1
997 ######################################################################
998 ### check_relay -- check hostname/address on SMTP startup
999 ######################################################################
1005 R$* $: $1 $| $>"Local_check_relay" $1
1006 R$* $| $* $| $#$* $#$3
1007 R$* $| $* $| $* $@ $>"Basic_check_relay" $1 $| $2
1010 # check for deferred delivery mode
1011 R$* $: < $&{deliveryMode} > $1
1012 R< d > $* $@ deferred
1017 ######################################################################
1018 ### check_mail -- check SMTP `MAIL FROM:' command argument
1019 ######################################################################
1023 R$* $: $1 $| $>"Local_check_mail" $1
1025 R$* $| $* $@ $>"Basic_check_mail" $1
1028 # check for deferred delivery mode
1029 R$* $: < $&{deliveryMode} > $1
1030 R< d > $* $@ deferred
1034 R$* $: $1 $| $>"tls_client" $&{verify} $| MAIL
1038 R<> $@ <OK> we MUST accept <> (RFC 1123)
1040 R<?><$+> $: <@> <$1>
1042 R$* $: $&{daemon_flags} $| $1
1043 R$* f $* $| <@> < $* @ $- > $: < ? $&{client_name} > < $3 @ $4 >
1044 R$* u $* $| <@> < $* > $: <?> < $3 >
1046 # handle case of @localhost on address
1047 R<@> < $* @ localhost > $: < ? $&{client_name} > < $1 @ localhost >
1048 R<@> < $* @ [127.0.0.1] >
1049 $: < ? $&{client_name} > < $1 @ [127.0.0.1] >
1050 R<@> < $* @ [IPv6:0:0:0:0:0:0:0:1] >
1051 $: < ? $&{client_name} > < $1 @ [IPv6:0:0:0:0:0:0:0:1] >
1052 R<@> < $* @ [IPv6:::1] >
1053 $: < ? $&{client_name} > < $1 @ [IPv6:::1] >
1054 R<@> < $* @ localhost.$m >
1055 $: < ? $&{client_name} > < $1 @ localhost.$m >
1056 R<@> < $* @ localhost.UUCP >
1057 $: < ? $&{client_name} > < $1 @ localhost.UUCP >
1058 R<@> $* $: $1 no localhost as domain
1059 R<? $=w> $* $: $2 local client: ok
1060 R<? $+> <$+> $#error $@ 5.5.4 $: "553 Real domain name required for sender address"
1062 R$* $: <?> $>CanonAddr $1 canonify sender address and mark it
1063 R<?> $* < @ $+ . > <?> $1 < @ $2 > strip trailing dots
1064 # handle non-DNS hostnames (*.bitnet, *.decnet, *.uucp, etc)
1065 R<?> $* < @ $* $=P > $: <OKR> $1 < @ $2 $3 >
1066 R<?> $* < @ $j > $: <OKR> $1 < @ $j >
1067 R<?> $* < @ $+ > $: <? $(resolve $2 $: $2 <PERM> $) > $1 < @ $2 >
1068 R<? $* <$->> $* < @ $+ >
1072 # handle case of no @domain on address
1073 R<?> $* $: $&{daemon_flags} $| <?> $1
1074 R$* u $* $| <?> $* $: <OKR> $3
1076 R<?> $* $: < ? $&{client_addr} > $1
1077 R<?> $* $@ <OKR> ...local unqualed ok
1078 R<? $+> $* $#error $@ 5.5.4 $: "553 Domain name required for sender address " $&f
1081 R<?> $* $: @ $1 mark address: nothing known about it
1082 R<$={ResOk}> $* $: @ $2 domain ok
1083 R<TEMP> $* $#error $@ 4.1.8 $: "451 Domain of sender address " $&f " does not resolve"
1084 R<PERM> $* $#error $@ 5.1.8 $: "553 Domain of sender address " $&f " does not exist"
1088 ######################################################################
1089 ### check_rcpt -- check SMTP `RCPT TO:' command argument
1090 ######################################################################
1094 R$* $: $1 $| $>"Local_check_rcpt" $1
1096 R$* $| $* $@ $>"Basic_check_rcpt" $1
1100 R<> $#error $@ nouser $: "553 User address required"
1101 R$@ $#error $@ nouser $: "553 User address required"
1102 # check for deferred delivery mode
1103 R$* $: < $&{deliveryMode} > $1
1104 R< d > $* $@ deferred
1108 ######################################################################
1109 R$* $: $1 $| @ $>"Rcpt_ok" $1
1110 R$* $| @ $#TEMP $+ $: $1 $| T $2
1112 R$* $| @ RELAY $@ RELAY
1113 R$* $| @ $* $: O $| $>"Relay_ok" $1
1114 R$* $| T $+ $: T $2 $| $>"Relay_ok" $1
1115 R$* $| $#TEMP $+ $#error $2
1117 R$* $| RELAY $@ RELAY
1118 R T $+ $| $* $#error $1
1119 # anything else is bogus
1120 R$* $#error $@ 5.7.1 $: "550 Relaying denied"
1123 ######################################################################
1124 ### Rcpt_ok: is the recipient ok?
1125 ######################################################################
1127 R$* $: $>ParseRecipient $1 strip relayable hosts
1132 # authenticated via TLS?
1133 R$* $: $1 $| $>RelayTLS client authenticated?
1134 R$* $| $# $+ $# $2 error/ok?
1137 R$* $: $1 $| $>"Local_Relay_Auth" $&{auth_type}
1140 R$* $| $* $: $1 $| $&{auth_type}
1142 R$* $| $={TrustAuthMech} $# RELAY
1144 # anything terminating locally is ok
1145 R$+ < @ $=w > $@ RELAY
1146 R$+ < @ $* $=R > $@ RELAY
1151 # check for local user (i.e. unqualified address)
1153 R<?> $* < @ $+ > $: <REMOTE> $1 < @ $2 >
1158 ######################################################################
1159 ### Relay_ok: is the relay/sender ok?
1160 ######################################################################
1162 # anything originating locally is ok
1164 R$* $: $&{client_addr}
1165 R$@ $@ RELAY originated locally
1166 R0 $@ RELAY originated locally
1167 R127.0.0.1 $@ RELAY originated locally
1168 RIPv6:0:0:0:0:0:0:0:1 $@ RELAY originated locally
1169 RIPv6:::1 $@ RELAY originated locally
1170 R$=R $* $@ RELAY relayable IP address
1171 R$* $: [ $1 ] put brackets around it...
1172 R$=w $@ RELAY ... and see if it is local
1175 # check client name: first: did it resolve?
1176 R$* $: < $&{client_resolve} >
1177 R<TEMP> $#TEMP $@ 4.4.0 $: "450 Relaying temporarily denied. Cannot resolve PTR record for " $&{client_addr}
1178 R<FORGED> $#error $@ 5.7.1 $: "550 Relaying denied. IP name possibly forged " $&{client_name}
1179 R<FAIL> $#error $@ 5.7.1 $: "550 Relaying denied. IP name lookup failed " $&{client_name}
1180 R$* $: <@> $&{client_name}
1181 # pass to name server to make hostname canonical
1182 R<@> $* $=P $:<?> $1 $2
1183 R<@> $+ $:<?> $[ $1 $]
1184 R$* . $1 strip trailing dots
1186 R<?> $* $=R $@ RELAY
1192 ######################################################################
1193 ### trust_auth: is user trusted to authenticate as someone else?
1196 ### $1: AUTH= parameter from MAIL command
1197 ######################################################################
1201 R$* $: $&{auth_type} $| $1
1202 # required by RFC 2554 section 4.
1203 R$@ $| $* $#error $@ 5.7.1 $: "550 not authenticated"
1204 R$* $| $&{auth_authen} $@ identical
1205 R$* $| <$&{auth_authen}> $@ identical
1206 R$* $| $* $: $1 $| $>"Local_trust_auth" $2
1208 R$* $#error $@ 5.7.1 $: "550 " $&{auth_authen} " not allowed to act as " $&{auth_author}
1210 ######################################################################
1211 ### Relay_Auth: allow relaying based on authentication?
1214 ### $1: ${auth_type}
1215 ######################################################################
1218 ######################################################################
1219 ### srv_features: which features to offer to a client?
1220 ### (done in server)
1221 ######################################################################
1225 ######################################################################
1226 ### try_tls: try to use STARTTLS?
1227 ### (done in client)
1228 ######################################################################
1232 ######################################################################
1233 ### tls_rcpt: is connection with server "good" enough?
1234 ### (done in client, per recipient)
1238 ######################################################################
1242 ######################################################################
1243 ### tls_client: is connection with client "good" enough?
1244 ### (done in server)
1247 ### ${verify} $| (MAIL|STARTTLS)
1248 ######################################################################
1250 R$* $| $* $@ $>"TLS_connection" $1
1252 ######################################################################
1253 ### tls_server: is connection with server "good" enough?
1254 ### (done in client)
1258 ######################################################################
1260 R$* $@ $>"TLS_connection" $1
1262 ######################################################################
1263 ### TLS_connection: is TLS connection "good" enough?
1267 ### Requirement: RHS from access map, may be ? for none.
1268 ######################################################################
1270 RSOFTWARE $#error $@ 4.7.0 $: "403 TLS handshake."
1275 ######################################################################
1276 ### RelayTLS: allow relaying based on TLS authentication
1280 ######################################################################
1284 ######################################################################
1285 ### authinfo: lookup authinfo in the access map
1288 ### $1: {server_name}
1289 ### $2: {server_addr}
1290 ######################################################################
1301 R$+ $: $>ParseRecipient $1
1302 R$* < @ $+ > $* $#relay $@ ${MTAHost} $: $1 < @ $2 > $3
1304 R$+ :: $+ $#relay $@ ${MTAHost} $: $1 :: $2
1305 R$* $#relay $@ ${MTAHost} $: $1 < @ $j >
1307 ######################################################################
1308 ######################################################################
1310 ##### MAIL FILTER DEFINITIONS
1312 ######################################################################
1313 ######################################################################
1316 ######################################################################
1317 ######################################################################
1319 ##### MAILER DEFINITIONS
1321 ######################################################################
1322 ######################################################################
1325 ##################################################
1326 ### Local and Program Mailer specification ###
1327 ##################################################
1329 ##### $Id: local.m4,v 8.60 2013-11-22 20:51:14 ca Exp $ #####
1332 # Envelope sender rewriting
1335 R<@> $n errors to mailer-daemon
1336 R@ <@ $*> $n temporarily bypass Sun bogosity
1337 R$+ $: $>AddDomain $1 add local domain if needed
1338 R$* $: $>MasqEnv $1 do masquerading
1341 # Envelope recipient rewriting
1344 R$+ < @ $* > $: $1 strip host part
1345 R$+ + $* $: < $&{addr_type} > $1 + $2 mark with addr type
1346 R<e s> $+ + $* $: $1 remove +detail for sender
1347 R< $* > $+ $: $2 else remove mark
1350 # Header sender rewriting
1353 R<@> $n errors to mailer-daemon
1354 R@ <@ $*> $n temporarily bypass Sun bogosity
1355 R$+ $: $>AddDomain $1 add local domain if needed
1356 R$* $: $>MasqHdr $1 do masquerading
1359 # Header recipient rewriting
1362 R$+ $: $>AddDomain $1 add local domain if needed
1363 R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
1366 # Common code to add local domain name (only if always-add-domain)
1370 Mlocal, P=[IPC], F=lmDFMuXkw5, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL,
1373 Mprog, P=[IPC], F=lmDFMuXk5, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL, D=$z:/,
1374 T=X-Unix/X-Unix/X-Unix,
1377 #####################################
1378 ### SMTP Mailer specification ###
1379 #####################################
1381 ##### $Id: smtp.m4,v 8.66 2013-11-22 20:51:14 ca Exp $ #####
1384 # common sender and masquerading recipient rewriting
1387 R$* < @ $* > $* $@ $1 < @ $2 > $3 already fully qualified
1388 R$+ $@ $1 < @ *LOCAL* > add local qualification
1391 # convert pseudo-domain addresses to real domain addresses
1395 # pass <route-addr>s through
1396 R< @ $+ > $* $@ < @ $1 > $2 resolve <route-addr>
1398 # output fake domains as user%fake@relay
1400 # do UUCP heuristics; note that these are shared with UUCP mailers
1401 R$+ < @ $+ .UUCP. > $: < $2 ! > $1 convert to UUCP form
1402 R$+ < @ $* > $* $@ $1 < @ $2 > $3 not UUCP form
1404 # leave these in .UUCP form to avoid further tampering
1405 R< $&h ! > $- ! $+ $@ $2 < @ $1 .UUCP. >
1406 R< $&h ! > $-.$+ ! $+ $@ $3 < @ $1.$2 >
1407 R< $&h ! > $+ $@ $1 < @ $&h .UUCP. >
1408 R< $+ ! > $+ $: $1 ! $2 < @ $Y > use UUCP_RELAY
1409 R$+ < @ $~[ $* : $+ > $@ $1 < @ $4 > strip mailer: part
1410 R$+ < @ > $: $1 < @ *LOCAL* > if no UUCP_RELAY
1414 # envelope sender rewriting
1417 R$+ $: $>PseudoToReal $1 sender/recipient common
1418 R$* :; <@> $@ list:; special case
1419 R$* $: $>MasqSMTP $1 qualify unqual'ed names
1420 R$+ $: $>MasqEnv $1 do masquerading
1424 # envelope recipient rewriting --
1425 # also header recipient if not masquerading recipients
1428 R$+ $: $>PseudoToReal $1 sender/recipient common
1429 R$+ $: $>MasqSMTP $1 qualify unqual'ed names
1430 R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
1433 # header sender and masquerading header recipient rewriting
1436 R$+ $: $>PseudoToReal $1 sender/recipient common
1437 R:; <@> $@ list:; special case
1439 # do special header rewriting
1440 R$* <@> $* $@ $1 <@> $2 pass null host through
1441 R< @ $* > $* $@ < @ $1 > $2 pass route-addr through
1442 R$* $: $>MasqSMTP $1 qualify unqual'ed names
1443 R$+ $: $>MasqHdr $1 do masquerading
1447 # relay mailer header masquerading recipient rewriting
1450 R$+ $: $>MasqSMTP $1
1453 Msmtp, P=[IPC], F=mDFMuXk5, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
1456 Mesmtp, P=[IPC], F=mDFMuXak5, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
1459 Msmtp8, P=[IPC], F=mDFMuX8k5, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
1462 Mdsmtp, P=[IPC], F=mDFMuXa%k5, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
1465 Mrelay, P=[IPC], F=mDFMuXa8k, S=EnvFromSMTP/HdrFromSMTP, R=MasqSMTP, E=\r\n, L=2040,
1472 # # Copyright (c) 2001-2003, 2014 Proofpoint, Inc. and its suppliers.
1473 # # All rights reserved.
1475 # # By using this file, you agree to the terms and conditions set
1476 # # forth in the LICENSE file which can be found at the top level of
1477 # # the sendmail distribution.
1482 # # This is the prototype file for a set-group-ID sm-msp sendmail that
1483 # # acts as a initial mail submission program.
1487 # VERSIONID(`$Id: submit.mc,v 8.15 2013-11-22 20:51:08 ca Exp $')
1488 # define(`confCF_VERSION', `Submit')dnl
1489 # define(`__OSTYPE__',`')dnl dirty hack to keep proto.m4 from complaining
1490 # define(`_USE_DECNET_SYNTAX_', `1')dnl support DECnet
1491 # define(`confTIME_ZONE', `USE_TZ')dnl
1492 # define(`confDONT_INIT_GROUPS', `True')dnl
1494 # dnl If you use IPv6 only, change [127.0.0.1] to [IPv6:0:0:0:0:0:0:0:1]
1495 # FEATURE(`msp', `[127.0.0.1]')dnl