# # Copyright (c) 1998-2001 Sendmail, Inc. and its suppliers. # All rights reserved. # Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved. # Copyright (c) 1988, 1993 # The Regents of the University of California. All rights reserved. # # By using this file, you agree to the terms and conditions set # forth in the LICENSE file which can be found at the top level of # the sendmail distribution. # # ###################################################################### ###################################################################### ##### ##### SENDMAIL CONFIGURATION FILE ##### ##### ###################################################################### ###################################################################### ##### $Id: sendmail.cf,v 1.1.1.1 2005/08/29 20:50:17 dawson Exp $ ##### ##### $Id: sendmail.cf,v 1.1.1.1 2005/08/29 20:50:17 dawson Exp $ ##### ##### linux setup for Red Hat Linux ##### ##### $Id: sendmail.cf,v 1.1.1.1 2005/08/29 20:50:17 dawson Exp $ ##### ##### $Id: sendmail.cf,v 1.1.1.1 2005/08/29 20:50:17 dawson Exp $ ##### ##### $Id: sendmail.cf,v 1.1.1.1 2005/08/29 20:50:17 dawson Exp $ ##### ##### $Id: sendmail.cf,v 1.1.1.1 2005/08/29 20:50:17 dawson Exp $ ##### ##### $Id: sendmail.cf,v 1.1.1.1 2005/08/29 20:50:17 dawson Exp $ ##### ##### $Id: sendmail.cf,v 1.1.1.1 2005/08/29 20:50:17 dawson Exp $ ##### ##### $Id: sendmail.cf,v 1.1.1.1 2005/08/29 20:50:17 dawson Exp $ ##### ##### $Id: sendmail.cf,v 1.1.1.1 2005/08/29 20:50:17 dawson Exp $ ##### ##### $Id: sendmail.cf,v 1.1.1.1 2005/08/29 20:50:17 dawson Exp $ ##### ##### $Id: sendmail.cf,v 1.1.1.1 2005/08/29 20:50:17 dawson Exp $ ##### ##### $Id: sendmail.cf,v 1.1.1.1 2005/08/29 20:50:17 dawson Exp $ ##### ##### $Id: sendmail.cf,v 1.1.1.1 2005/08/29 20:50:17 dawson Exp $ ##### ##### $Id: sendmail.cf,v 1.1.1.1 2005/08/29 20:50:17 dawson Exp $ ##### ##### $Id: sendmail.cf,v 1.1.1.1 2005/08/29 20:50:17 dawson Exp $ ##### Cwlocalhost.localdomain ##### $Id: sendmail.cf,v 1.1.1.1 2005/08/29 20:50:17 dawson Exp $ ##### # level 9 config file format V9/Berkeley # override file safeties - setting this option compromises system security, # addressing the actual file configuration problem is preferred # need to set this before any file actions are encountered in the cf file #O DontBlameSendmail=safe # default LDAP map specification # need to set this now before any LDAP maps are defined #O LDAPDefaultSpec=-h localhost ################## # local info # ################## Cwlocalhost # file containing names of hosts for which we receive email Fw/etc/mail/local-host-names # my official domain name # ... define this only if sendmail cannot automatically determine your domain #Dj$w.Foo.COM CP. # "Smart" relay host (may be null) DS # operators that cannot be in local usernames (i.e., network indicators) CO @ % ! # a class with just dot (for identifying canonical names) C.. # a class with just a left bracket (for identifying domain literals) C[[ # access_db acceptance class C{Accept}OK RELAY # Hosts for which relaying is permitted ($=R) FR-o /etc/mail/relay-domains # arithmetic map Karith arith # possible values for tls_connect in access map C{tls}VERIFY ENCR # who I send unqualified names to (null means deliver locally) DR # who gets all local email traffic ($R has precedence for unqualified names) DH # dequoting map Kdequote dequote # class E: names that should be exposed as from this host, even if we masquerade # class L: names that should be delivered locally, even if we have a relay # class M: domains that should be converted to $M # class N: domains that should not be converted to $M #CL root C{E}root # who I masquerade as (null for no masquerading) (see also $=M) DMfnal.gov # my name for error messages DnMAILER-DAEMON # Mailer table (overriding domains) Kmailertable hash -o /etc/mail/mailertable.db # Virtual user table (maps incoming users) Kvirtuser hash -o /etc/mail/virtusertable.db CPREDIRECT # Access list database (for spam stomping) Kaccess hash -o /etc/mail/access.db # Configuration version number DZ8.11.6 ############### # Options # ############### # strip message body to 7 bits on input? O SevenBitInput=False # 8-bit data handling #O EightBitMode=pass8 # wait for alias file rebuild (default units: minutes) O AliasWait=10 # location of alias file O AliasFile=/etc/aliases # minimum number of free blocks on filesystem O MinFreeBlocks=100 # maximum message size #O MaxMessageSize=1000000 # substitution for space (blank) characters O BlankSub=. # avoid connecting to "expensive" mailers on initial submission? O HoldExpensive=False # checkpoint queue runs after every N successful deliveries #O CheckpointInterval=10 # default delivery mode O DeliveryMode=background # automatically rebuild the alias database? # NOTE: There is a potential for a denial of service attack if this is set. # This option is deprecated and will be removed from a future version. O AutoRebuildAliases # error message header/file #O ErrorHeader=/etc/mail/error-header # error mode #O ErrorMode=print # save Unix-style "From_" lines at top of header? #O SaveFromLine=False # temporary file mode O TempFileMode=0600 # match recipients against GECOS field? #O MatchGECOS=False # maximum hop count #O MaxHopCount=17 # location of help file O HelpFile=/etc/mail/helpfile # ignore dots as terminators in incoming messages? #O IgnoreDots=False # name resolver options #O ResolverOptions=+AAONLY # deliver MIME-encapsulated error messages? O SendMimeErrors=True # Forward file search path O ForwardPath=$z/.forward.$w:$z/.forward # open connection cache size O ConnectionCacheSize=2 # open connection cache timeout O ConnectionCacheTimeout=5m # persistent host status directory #O HostStatusDirectory=.hoststat # single thread deliveries (requires HostStatusDirectory)? #O SingleThreadDelivery=False # use Errors-To: header? O UseErrorsTo=False # log level O LogLevel=9 # send to me too, even in an alias expansion? #O MeToo=True # verify RHS in newaliases? O CheckAliases=False # default messages to old style headers if no special punctuation? O OldStyleHeaders=True # SMTP daemon options #O DaemonPortOptions=Port=smtp,Addr=127.0.0.1, Name=MTA O DaemonPortOptions=Name=MTA # SMTP client options #O ClientPortOptions=Address=0.0.0.0 # privacy flags O PrivacyOptions=authwarnings,novrfy,noexpn,restrictqrun # who (if anyone) should get extra copies of error messages #O PostmasterCopy=Postmaster # slope of queue-only function #O QueueFactor=600000 # queue directory O QueueDirectory=/var/spool/mqueue # timeouts (many of these) #O Timeout.initial=5m O Timeout.connect=1m #O Timeout.iconnect=5m #O Timeout.helo=5m #O Timeout.mail=10m #O Timeout.rcpt=1h #O Timeout.datainit=5m #O Timeout.datablock=1h #O Timeout.datafinal=1h #O Timeout.rset=5m #O Timeout.quit=2m #O Timeout.misc=2m #O Timeout.command=1h #O Timeout.ident=5s #O Timeout.fileopen=60s #O Timeout.control=2m O Timeout.queuereturn=5d #O Timeout.queuereturn.normal=5d #O Timeout.queuereturn.urgent=2d #O Timeout.queuereturn.non-urgent=7d O Timeout.queuewarn=4h #O Timeout.queuewarn.normal=4h #O Timeout.queuewarn.urgent=1h #O Timeout.queuewarn.non-urgent=12h #O Timeout.hoststatus=30m #O Timeout.resolver.retrans=5s #O Timeout.resolver.retrans.first=5s #O Timeout.resolver.retrans.normal=5s #O Timeout.resolver.retry=4 #O Timeout.resolver.retry.first=4 #O Timeout.resolver.retry.normal=4 # should we not prune routes in route-addr syntax addresses? #O DontPruneRoutes=False # queue up everything before forking? O SuperSafe=True # status file O StatusFile=/etc/mail/statistics # time zone handling: # if undefined, use system default # if defined but null, use TZ envariable passed in # if defined and non-null, use that info #O TimeZoneSpec= # default UID (can be username or userid:groupid) O DefaultUser=8:12 # list of locations of user database file (null means no lookup) O UserDatabaseSpec=/etc/mail/userdb.db # fallback MX host #O FallbackMXhost=fall.back.host.net # if we are the best MX host for a site, try it directly instead of config err O TryNullMXList=true # load average at which we just queue messages #O QueueLA=8 # load average at which we refuse connections #O RefuseLA=12 # maximum number of children we allow at one time #O MaxDaemonChildren=12 # maximum number of new connections per second #O ConnectionRateThrottle=0 # work recipient factor #O RecipientFactor=30000 # deliver each queued job in a separate process? #O ForkEachJob=False # work class factor #O ClassFactor=1800 # work time factor #O RetryFactor=90000 # shall we sort the queue by hostname first? #O QueueSortOrder=priority # minimum time in queue before retry #O MinQueueAge=30m # default character set #O DefaultCharSet=iso-8859-1 # service switch file (ignored on Solaris, Ultrix, OSF/1, others) #O ServiceSwitchFile=/etc/mail/service.switch # hosts file (normally /etc/hosts) #O HostsFile=/etc/hosts # dialup line delay on connection failure #O DialDelay=10s # action to take if there are no recipients in the message #O NoRecipientAction=add-to-undisclosed # chrooted environment for writing to files #O SafeFileEnvironment=/arch # are colons OK in addresses? #O ColonOkInAddr=True # how many jobs can you process in the queue? #O MaxQueueRunSize=10000 # shall I avoid expanding CNAMEs (violates protocols)? #O DontExpandCnames=False # SMTP initial login message (old $e macro) O SmtpGreetingMessage=$j Sendmail $v/$Z; $b # UNIX initial From header format (old $l macro) O UnixFromLine=From $g $d # From: lines that have embedded newlines are unwrapped onto one line #O SingleLineFromHeader=False # Allow HELO SMTP command that does not include a host name #O AllowBogusHELO=False # Characters to be quoted in a full name phrase (@,;:\()[] are automatic) #O MustQuoteChars=. # delimiter (operator) characters (old $o macro) O OperatorChars=.:%@!^/[]+ # shall I avoid calling initgroups(3) because of high NIS costs? #O DontInitGroups=False # are group-writable :include: and .forward files (un)trustworthy? #O UnsafeGroupWrites=True # where do errors that occur when sending errors get sent? #O DoubleBounceAddress=postmaster # where to save bounces if all else fails #O DeadLetterDrop=/var/tmp/dead.letter # what user id do we assume for the majority of the processing? #O RunAsUser=sendmail # maximum number of recipients per SMTP envelope #O MaxRecipientsPerMessage=100 # shall we get local names from our installed interfaces? O DontProbeInterfaces=true # Return-Receipt-To: header implies DSN request #O RrtImpliesDsn=False # override connection address (for testing) #O ConnectOnlyTo=0.0.0.0 # Trusted user for file ownership and starting the daemon #O TrustedUser=root # Control socket for daemon management #O ControlSocketName=/var/spool/mqueue/.control # Maximum MIME header length to protect MUAs #O MaxMimeHeaderLength=0/0 # Maximum length of the sum of all headers #O MaxHeadersLength=32768 # Maximum depth of alias recursion #O MaxAliasRecursion=10 # location of pid file #O PidFile=/var/run/sendmail.pid # Prefix string for the process title shown on 'ps' listings #O ProcessTitlePrefix=prefix # Data file (df) memory-buffer file maximum size #O DataFileBufferSize=4096 # Transcript file (xf) memory-buffer file maximum size #O XscriptFileBufferSize=4096 # list of authentication mechanisms #O AuthMechanisms=GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5 # default authentication information for outgoing connections #O DefaultAuthInfo=/etc/mail/default-auth-info # SMTP AUTH flags O AuthOptions=A # CA directory #O CACERTPath # CA file #O CACERTFile # Server Cert #O ServerCertFile # Server private key #O ServerKeyFile # Client Cert #O ClientCertFile # Client private key #O ClientKeyFile # DHParameters (only required if DSA/DH is used) #O DHParameters # Random data source (required for systems without /dev/urandom under OpenSSL) #O RandFile ########################### # Message precedences # ########################### Pfirst-class=0 Pspecial-delivery=100 Plist=-30 Pbulk=-60 Pjunk=-100 ##################### # Trusted users # ##################### # this is equivalent to setting class "t" Ft/etc/mail/trusted-users Troot Tdaemon Tuucp ######################### # Format of headers # ######################### H?P?Return-Path: <$g> HReceived: $?sfrom $s $.$?_($?s$|from $.$_) $.$?{auth_type}(authenticated$?{auth_ssf} (${auth_ssf} bits)$.) $.by $j ($v/$Z)$?r with $r$. id $i$?{tls_version} (using ${tls_version} with cipher ${cipher} (${cipher_bits} bits) verified ${verify})$.$?u for $u; $|; $.$b H?D?Resent-Date: $a H?D?Date: $a H?F?Resent-From: $?x$x <$g>$|$g$. H?F?From: $?x$x <$g>$|$g$. H?x?Full-Name: $x # HPosted-Date: $a # H?l?Received-Date: $b H?M?Resent-Message-Id: <$t.$i@$j> H?M?Message-Id: <$t.$i@$j> # ###################################################################### ###################################################################### ##### ##### REWRITING RULES ##### ###################################################################### ###################################################################### ############################################ ### Ruleset 3 -- Name Canonicalization ### ############################################ Scanonify=3 # handle null input (translate to <@> special case) R$@ $@ <@> # strip group: syntax (not inside angle brackets!) and trailing semicolon R$* $: $1 <@> mark addresses R$* < $* > $* <@> $: $1 < $2 > $3 unmark R@ $* <@> $: @ $1 unmark @host:... R$* :: $* <@> $: $1 :: $2 unmark node::addr R:include: $* <@> $: :include: $1 unmark :include:... R$* [ IPv6 : $+ ] <@> $: $1 [ IPv6 : $2 ] unmark IPv6 addr R$* : $* [ $* ] $: $1 : $2 [ $3 ] <@> remark if leading colon R$* : $* <@> $: $2 strip colon if marked R$* <@> $: $1 unmark R$* ; $1 strip trailing semi R$* < $+ :; > $* $@ $2 :; <@> catch R$* < $* ; > $1 < $2 > bogus bracketed semi # null input now results from list:; syntax R$@ $@ :; <@> # strip angle brackets -- note RFC733 heuristic to get innermost item R$* $: < $1 > housekeeping <> R$+ < $* > < $2 > strip excess on left R< $* > $+ < $1 > strip excess on right R<> $@ < @ > MAIL FROM:<> case R< $+ > $: $1 remove housekeeping <> # strip route address <@a,@b,@c:user@d> -> R@ $+ , $+ $2 R@ $+ : $+ $2 # find focus for list syntax R $+ : $* ; @ $+ $@ $>Canonify2 $1 : $2 ; < @ $3 > list syntax R $+ : $* ; $@ $1 : $2; list syntax # find focus for @ syntax addresses R$+ @ $+ $: $1 < @ $2 > focus on domain R$+ < $+ @ $+ > $1 $2 < @ $3 > move gaze right R$+ < @ $+ > $@ $>Canonify2 $1 < @ $2 > already canonical # do some sanity checking R$* < @ $* : $* > $* $1 < @ $2 $3 > $4 nix colons in addrs # convert old-style addresses to a domain-based address R$- ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > resolve uucp names R$+ . $- ! $+ $@ $>Canonify2 $3 < @ $1 . $2 > domain uucps R$+ ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > uucp subdomains # if we have % signs, take the rightmost one R$* % $* $1 @ $2 First make them all @s. R$* @ $* @ $* $1 % $2 @ $3 Undo all but the last. R$* @ $* $@ $>Canonify2 $1 < @ $2 > Insert < > and finish # else we must be a local name R$* $@ $>Canonify2 $1 ################################################ ### Ruleset 96 -- bottom half of ruleset 3 ### ################################################ SCanonify2=96 # handle special cases for local names R$* < @ localhost > $* $: $1 < @ $j . > $2 no domain at all R$* < @ localhost . $m > $* $: $1 < @ $j . > $2 local domain R$* < @ localhost . UUCP > $* $: $1 < @ $j . > $2 .UUCP domain # check for IPv6 domain literal (save quoted form) R$* < @ [ IPv6 : $+ ] > $* $: $2 $| $1 < @@ [ $(dequote $2 $) ] > $3 mark IPv6 addr R$+ $| $* < @@ $=w > $* $: $2 < @ $j . > $4 self-literal R$+ $| $* < @@ [ $+ ] > $* $@ $2 < @ [ IPv6 : $1 ] > $4 canon IP addr # check for IPv4 domain literal R$* < @ [ $+ ] > $* $: $1 < @@ [ $2 ] > $3 mark [a.b.c.d] R$* < @@ $=w > $* $: $1 < @ $j . > $3 self-literal R$* < @@ $+ > $* $@ $1 < @ $2 > $3 canon IP addr # if really UUCP, handle it immediately # try UUCP traffic as a local address R$* < @ $+ . UUCP > $* $: $1 < @ $[ $2 $] . UUCP . > $3 R$* < @ $+ . . UUCP . > $* $@ $1 < @ $2 . > $3 # hostnames ending in class P are always canonical R$* < @ $* $=P > $* $: $1 < @ $2 $3 . > $4 R$* < @ $* $~P > $* $: $&{daemon_flags} $| $1 < @ $2 $3 > $4 R$* CC $* $| $* < @ $+.$+ > $* $: $3 < @ $4.$5 . > $6 R$* CC $* $| $* $: $3 # pass to name server to make hostname canonical R$* $| $* < @ $* > $* $: $2 < @ $[ $3 $] > $4 R$* $| $* $: $2 # local host aliases and pseudo-domains are always canonical R$* < @ $=w > $* $: $1 < @ $2 . > $3 R$* < @ $=M > $* $: $1 < @ $2 . > $3 R$* < @ $={VirtHost} > $* $: $1 < @ $2 . > $3 R$* < @ $* . . > $* $1 < @ $2 . > $3 ################################################## ### Ruleset 4 -- Final Output Post-rewriting ### ################################################## Sfinal=4 R$+ :; <@> $@ $1 : handle R$* <@> $@ handle <> and list:; # strip trailing dot off possibly canonical name R$* < @ $+ . > $* $1 < @ $2 > $3 # eliminate internal code R$* < @ *LOCAL* > $* $1 < @ $j > $2 # externalize local domain info R$* < $+ > $* $1 $2 $3 defocus R@ $+ : @ $+ : $+ @ $1 , @ $2 : $3 canonical R@ $* $@ @ $1 ... and exit # UUCP must always be presented in old form R$+ @ $- . UUCP $2!$1 u@h.UUCP => h!u # delete duplicate local names R$+ % $=w @ $=w $1 @ $2 u%host@host => u@host ############################################################## ### Ruleset 97 -- recanonicalize and call ruleset zero ### ### (used for recursive calls) ### ############################################################## SRecurse=97 R$* $: $>canonify $1 R$* $@ $>parse $1 ###################################### ### Ruleset 0 -- Parse Address ### ###################################### Sparse=0 R$* $: $>Parse0 $1 initial parsing R<@> $#local $: <@> special case error msgs R$* $: $>ParseLocal $1 handle local hacks R$* $: $>Parse1 $1 final parsing # # Parse0 -- do initial syntax checking and eliminate local addresses. # This should either return with the (possibly modified) input # or return with a #error mailer. It should not return with a # #mailer other than the #error mailer. # SParse0 R<@> $@ <@> special case error msgs R$* : $* ; <@> $#error $@ 5.1.3 $: "553 List:; syntax illegal for recipient addresses" R@ <@ $* > < @ $1 > catch "@@host" bogosity R<@ $+> $#error $@ 5.1.3 $: "553 User address required" R$* $: <> $1 R<> $* < @ [ $+ ] > $* $1 < @ [ $2 ] > $3 R<> $* <$* : $* > $* $#error $@ 5.1.3 $: "553 Colon illegal in host name part" R<> $* $1 R$* < @ . $* > $* $#error $@ 5.1.2 $: "553 Invalid host name" R$* < @ $* .. $* > $* $#error $@ 5.1.2 $: "553 Invalid host name" R$* , $~O $* $#error $@ 5.1.2 $: "553 Invalid route address" # now delete the local info -- note $=O to find characters that cause forwarding R$* < @ > $* $@ $>Parse0 $>canonify $1 user@ => user R< @ $=w . > : $* $@ $>Parse0 $>canonify $2 @here:... -> ... R$- < @ $=w . > $: $(dequote $1 $) < @ $2 . > dequote "foo"@here R< @ $+ > $#error $@ 5.1.3 $: "553 User address required" R$* $=O $* < @ $=w . > $@ $>Parse0 $>canonify $1 $2 $3 ...@here -> ... R$- $: $(dequote $1 $) < @ *LOCAL* > dequote "foo" R< @ *LOCAL* > $#error $@ 5.1.3 $: "553 User address required" R$* $=O $* < @ *LOCAL* > $@ $>Parse0 $>canonify $1 $2 $3 ...@*LOCAL* -> ... R$* < @ *LOCAL* > $: $1 # # Parse1 -- the bottom half of ruleset 0. # SParse1 # handle numeric address spec R$* < @ [ $+ ] > $* $: $>ParseLocal $1 < @ [ $2 ] > $3 numeric internet spec R$* < @ [ $+ ] > $* $1 < @ [ $2 ] : $S > $3 Add smart host to path R$* < @ [ IPv6 : $+ ] : > $* $#esmtp $@ [ $(dequote $2 $) ] $: $1 < @ [IPv6 : $2 ] > $3 no smarthost: send R$* < @ [ $+ ] : > $* $#esmtp $@ [$2] $: $1 < @ [$2] > $3 no smarthost: send R$* < @ [ $+ ] : $- : $*> $* $#$3 $@ $4 $: $1 < @ [$2] > $5 smarthost with mailer R$* < @ [ $+ ] : $+ > $* $#esmtp $@ $3 $: $1 < @ [$2] > $4 smarthost without mailer # handle virtual users R$+ $: $1 Mark for lookup R $+ < @ $={VirtHost} . > $: < $(virtuser $1 @ $2 $@ $1 $: @ $) > $1 < @ $2 . > R $+ < @ $=w . > $: < $(virtuser $1 @ $2 $@ $1 $: @ $) > $1 < @ $2 . > R<@> $+ + $* < @ $* . > $: < $(virtuser $1 + * @ $3 $@ $1 $@ $2 $: @ $) > $1 + $2 < @ $3 . > R<@> $+ + $* < @ $* . > $: < $(virtuser $1 @ $3 $@ $1 $: @ $) > $1 + $2 < @ $3 . > R<@> $+ + $+ < @ $+ . > $: < $(virtuser + * @ $3 $@ $1 $@ $2 $: @ $) > $1 + $2 < @ $3 . > R<@> $+ + $* < @ $+ . > $: < $(virtuser @ $3 $@ $1 $@ $2 $: @ $) > $1 + $2 < @ $3 . > R<@> $+ < @ $+ . > $: < $(virtuser @ $2 $@ $1 $: @ $) > $1 < @ $2 . > R<@> $+ $: $1 R $+ $: $1 R< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4 R< error : $- $+ > $* $#error $@ $(dequote $1 $) $: $2 R< $+ > $+ < @ $+ > $: $>Recurse $1 # short circuit local delivery so forwarded email works R$=L < @ $=w . > $#local $: @ $1 special local names R$+ < @ $=w . > $#local $: $1 regular local name # not local -- try mailer table lookup R$* <@ $+ > $* $: < $2 > $1 < @ $2 > $3 extract host name R< $+ . > $* $: < $1 > $2 strip trailing dot R< $+ > $* $: < $(mailertable $1 $) > $2 lookup R< $~[ : $* > $* $>MailerToTriple < $1 : $2 > $3 check -- resolved? R< $+ > $* $: $>Mailertable <$1> $2 try domain # resolve remotely connected UUCP links (if any) # resolve fake top level domains by forwarding to other hosts # pass names that still have a host to a smarthost (if defined) R$* < @ $* > $* $: $>MailerToTriple < $S > $1 < @ $2 > $3 glue on smarthost name # deal with other remote names R$* < @$* > $* $#esmtp $@ $2 $: $1 < @ $2 > $3 user@host.domain # handle locally delivered names R$=L $#local $: @ $1 special local names R$+ $#local $: $1 regular local names ########################################################################### ### Ruleset 5 -- special rewriting after aliases have been expanded ### ########################################################################### SLocal_localaddr Slocaladdr=5 R$+ $: $1 $| $>"Local_localaddr" $1 R$+ $| $#$* $#$2 R$+ $| $* $: $1 # deal with plussed users so aliases work nicely R$+ + * $#local $@ $&h $: $1 R$+ + $* $#local $@ + $2 $: $1 + * # prepend an empty "forward host" on the front R$+ $: <> $1 # see if we have a relay or a hub R< > $+ $: < $H > $1 try hub R< > $+ $: < $R > $1 try relay R< > $+ $: < > < $1 <> $&h > nope, restore +detail R< > < $+ <> + $* > $: < > < $1 + $2 > check whether +detail R< > < $+ <> $* > $: < > < $1 > else discard R< > < $+ + $* > $* < > < $1 > + $2 $3 find the user part R< > < $+ > + $* $#local $@ $2 $: @ $1 strip the extra + R< > < $+ > $@ $1 no +detail R$+ $: $1 <> $&h add +detail back in R$+ <> + $* $: $1 + $2 check whether +detail R$+ <> $* $: $1 else discard R< local : $* > $* $: $>MailerToTriple < local : $1 > $2 no host extension R< error : $* > $* $: $>MailerToTriple < error : $1 > $2 no host extension R< $- : $+ > $+ $: $>MailerToTriple < $1 : $2 > $3 < @ $2 > R< $+ > $+ $@ $>MailerToTriple < $1 > $2 < @ $1 > ################################################################### ### Ruleset 90 -- try domain part of mailertable entry ### ################################################################### SMailertable=90 R$* <$- . $+ > $* $: $1$2 < $(mailertable .$3 $@ $1$2 $@ $2 $) > $4 R$* <$~[ : $* > $* $>MailerToTriple < $2 : $3 > $4 check -- resolved? R$* < . $+ > $* $@ $>Mailertable $1 . <$2> $3 no -- strip & try again R$* < $* > $* $: < $(mailertable . $@ $1$2 $) > $3 try "." R< $~[ : $* > $* $>MailerToTriple < $1 : $2 > $3 "." found? R< $* > $* $@ $2 no mailertable match ################################################################### ### Ruleset 95 -- canonify mailer:[user@]host syntax to triple ### ################################################################### SMailerToTriple=95 R< > $* $@ $1 strip off null relay R< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4 R< error : $- $+ > $* $#error $@ $(dequote $1 $) $: $2 R< local : $* > $* $>CanonLocal < $1 > $2 R< $- : $+ @ $+ > $*<$*>$* $# $1 $@ $3 $: $2<@$3> use literal user R< $- : $+ > $* $# $1 $@ $2 $: $3 try qualified mailer R< $=w > $* $@ $2 delete local host R< [ IPv6 : $+ ] > $* $#relay $@ $(dequote $1 $) $: $2 use unqualified mailer R< $+ > $* $#relay $@ $1 $: $2 use unqualified mailer ################################################################### ### Ruleset CanonLocal -- canonify local: syntax ### ################################################################### SCanonLocal # strip local host from routed addresses R< $* > < @ $+ > : $+ $@ $>Recurse $3 R< $* > $+ $=O $+ < @ $+ > $@ $>Recurse $2 $3 $4 # strip trailing dot from any host name that may appear R< $* > $* < @ $* . > $: < $1 > $2 < @ $3 > # handle local: syntax -- use old user, either with or without host R< > $* < @ $* > $* $#local $@ $1@$2 $: $1 R< > $+ $#local $@ $1 $: $1 # handle local:user@host syntax -- ignore host part R< $+ @ $+ > $* < @ $* > $: < $1 > $3 < @ $4 > # handle local:user syntax R< $+ > $* <@ $* > $* $#local $@ $2@$3 $: $1 R< $+ > $* $#local $@ $2 $: $1 ################################################################### ### Ruleset 93 -- convert header names to masqueraded form ### ################################################################### SMasqHdr=93 # do not masquerade anything in class N R$* < @ $* $=N . > $@ $1 < @ $2 $3 . > # special case the users that should be exposed R$=E < @ *LOCAL* > $@ $1 < @ $j . > leave exposed R$=E < @ $=M . > $@ $1 < @ $2 . > R$=E < @ $=w . > $@ $1 < @ $2 . > # handle domain-specific masquerading R$* < @ $=M . > $* $: $1 < @ $2 . @ $M > $3 convert masqueraded doms R$* < @ $=w . > $* $: $1 < @ $2 . @ $M > $3 R$* < @ *LOCAL* > $* $: $1 < @ $j . @ $M > $2 R$* < @ $+ @ > $* $: $1 < @ $2 > $3 $M is null R$* < @ $+ @ $+ > $* $: $1 < @ $3 . > $4 $M is not null ################################################################### ### Ruleset 94 -- convert envelope names to masqueraded form ### ################################################################### SMasqEnv=94 R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2 ################################################################### ### Ruleset 98 -- local part of ruleset zero (can be null) ### ################################################################### SParseLocal=98 # addresses sent to foo@host.REDIRECT will give a 551 error code R$* < @ $+ .REDIRECT. > $: $1 < @ $2 . REDIRECT . > < ${opMode} > R$* < @ $+ .REDIRECT. > $: $1 < @ $2 . REDIRECT. > R$* < @ $+ .REDIRECT. > < $- > $#error $@ 5.1.1 $: "551 User has moved; please try " <$1@$2> ###################################################################### ### LookUpDomain -- search for domain in access database ### ### Parameters: ### <$1> -- key (domain name) ### <$2> -- default (what to return if not found in db) ### <$3> -- passthru (additional data passed unchanged through) ### <$4> -- mark (must be <(!|+) single-token>) ### ! does lookup only with tag ### + does lookup with and without tag ###################################################################### SLookUpDomain R<[IPv6 : $+]> <$+> <$*> <$*> $: <[$(dequote $1 $)]> <$2> <$3> <$4> R<$*> <$+> <$*> <$- $-> $: < $(access $5:$1 $: ? $) > <$1> <$2> <$3> <$4 $5> R <$+> <$+> <$*> <+ $*> $: < $(access $1 $: ? $) > <$1> <$2> <$3> <+ $4> R <[$+.$-]> <$+> <$*> <$*> $@ $>LookUpDomain <[$1]> <$3> <$4> <$5> R <[$+::$-]> <$+> <$*> <$*> $: $>LookUpDomain <[$1]> <$3> <$4> <$5> R <[$+:$-]> <$+> <$*> <$*> $: $>LookUpDomain <[$1]> <$3> <$4> <$5> R <$+.$+> <$+> <$*> <$*> $@ $>LookUpDomain <$2> <$3> <$4> <$5> R <$+> <$+> <$*> <$*> $@ <$2> <$3> R<$*> <$+> <$+> <$*> <$*> $@ <$1> <$4> ###################################################################### ### LookUpAddress -- search for host address in access database ### ### Parameters: ### <$1> -- key (dot quadded host address) ### <$2> -- default (what to return if not found in db) ### <$3> -- passthru (additional data passed through) ### <$4> -- mark (must be <(!|+) single-token>) ### ! does lookup only with tag ### + does lookup with and without tag ###################################################################### SLookUpAddress R<$+> <$+> <$*> <$- $+> $: < $(access $5:$1 $: ? $) > <$1> <$2> <$3> <$4 $5> R <$+> <$+> <$*> <+ $+> $: < $(access $1 $: ? $) > <$1> <$2> <$3> <+ $4> R <$+::$-> <$+> <$*> <$*> $@ $>LookUpAddress <$1> <$3> <$4> <$5> R <$+:$-> <$+> <$*> <$*> $@ $>LookUpAddress <$1> <$3> <$4> <$5> R <$+.$-> <$+> <$*> <$*> $@ $>LookUpAddress <$1> <$3> <$4> <$5> R <$+> <$+> <$*> <$*> $@ <$2> <$3> R<$*> <$+> <$+> <$*> <$*> $@ <$1> <$4> ###################################################################### ### CanonAddr -- Convert an address into a standard form for ### relay checking. Route address syntax is ### crudely converted into a %-hack address. ### ### Parameters: ### $1 -- full recipient address ### ### Returns: ### parsed address, not in source route form ###################################################################### SCanonAddr R$* $: $>Parse0 $>canonify $1 make domain canonical ###################################################################### ### ParseRecipient -- Strip off hosts in $=R as well as possibly ### $* $=m or the access database. ### Check user portion for host separators. ### ### Parameters: ### $1 -- full recipient address ### ### Returns: ### parsed, non-local-relaying address ###################################################################### SParseRecipient R$* $: $>CanonAddr $1 R $* < @ $* . > $1 < @ $2 > strip trailing dots R $- < @ $* > $: $(dequote $1 $) < @ $2 > dequote local part # if no $=O character, no host in the user portion, we are done R $* $=O $* < @ $* > $: $1 $2 $3 < @ $4> R $* $@ $1 R $* < @ $* $=R > $: $1 < @ $2 $3 > R $* < @ $+ > $: $>LookUpDomain <$2> <$1 < @ $2 >> <+To> R<$+> <$+> $: <$1> $2 R $* < @ $* > $@ $>ParseRecipient $1 R<$-> $* $@ $2 ###################################################################### ### check_relay -- check hostname/address on SMTP startup ###################################################################### SLocal_check_relay Scheck_relay R$* $: $1 $| $>"Local_check_relay" $1 R$* $| $* $| $#$* $#$3 R$* $| $* $| $* $@ $>"Basic_check_relay" $1 $| $2 SBasic_check_relay # check for deferred delivery mode R$* $: < ${deliveryMode} > $1 R< d > $* $@ deferred R< $* > $* $: $2 R$+ $| $+ $: $>LookUpDomain < $1 > < $2 > <+Connect> R <$+> $: $>LookUpAddress < $1 > < $1 > <+Connect> no: another lookup R < $+ > $: $1 found nothing R<$={Accept}> < $* > $@ $1 return value of lookup R $* $#error $@ 5.7.1 $: "550 Access denied" R $* $#discard $: discard R <$*> $#error $@ $1.$2.$3 $: $4 R <$*> $#error $: $1 R<$+> <$*> $#error $: $1 ###################################################################### ### check_mail -- check SMTP `MAIL FROM:' command argument ###################################################################### SLocal_check_mail Scheck_mail R$* $: $1 $| $>"Local_check_mail" $1 R$* $| $#$* $#$2 R$* $| $* $@ $>"Basic_check_mail" $1 SBasic_check_mail # check for deferred delivery mode R$* $: < ${deliveryMode} > $1 R< d > $* $@ deferred R< $* > $* $: $2 # authenticated? R$* $: $1 $| $>"tls_client" $&{verify} $| MAIL R$* $| $#$+ $#$2 R$* $| $* $: $1 R<> $@ we MUST accept <> (RFC 1123) R$+ $: $1 R<$+> $: <@> <$1> R$+ $: <@> <$1> R$* $: $&{daemon_flags} $| $1 R$* f $* $| <@> < $* @ $- > $: < ? $&{client_name} > < $3 @ $4 > R$* u $* $| <@> < $* > $: < $3 > R$* $| $* $: $2 # handle case of @localhost on address R<@> < $* @ localhost > $: < ? $&{client_name} > < $1 @ localhost > R<@> < $* @ [127.0.0.1] > $: < ? $&{client_name} > < $1 @ [127.0.0.1] > R<@> < $* @ localhost.$m > $: < ? $&{client_name} > < $1 @ localhost.$m > R<@> < $* @ localhost.UUCP > $: < ? $&{client_name} > < $1 @ localhost.UUCP > R<@> $* $: $1 no localhost as domain R $* $: $2 local client: ok R <$+> $#error $@ 5.5.4 $: "553 Real domain name required for sender address" R $* $: $1 R$* $: $>CanonAddr $1 canonify sender address and mark it R $* < @ $+ . > $1 < @ $2 > strip trailing dots # handle non-DNS hostnames (*.bitnet, *.decnet, *.uucp, etc) R $* < @ $* $=P > $: $1 < @ $2 $3 > R $* < @ $+ > $: $1 < @ $2 > ... unresolvable OK # check sender address: user@address, user@, address R<$+> $+ < @ $* > $: @<$1> <$2 < @ $3 >> $| R<$+> $+ $: @<$1> <$2> $| R@ <$+> <$*> $| <$+> $: <@> <$1> <$2> $| $>SearchList <+From> $| <$3> <> R<@> <$+> <$*> $| <$*> $: <$3> <$1> <$2> reverse result # retransform for further use R <$+> <$*> $: <$1> $2 no match R<$+> <$+> <$*> $: <$1> $3 relevant result, keep it # handle case of no @domain on address R $* $: $&{daemon_flags} $| $1 R$* u $* $| $* $: $3 R$* $| $* $: $2 R $* $: < ? $&{client_name} > $1 R $* $@ ...local unqualed ok R $* $#error $@ 5.5.4 $: "553 Domain name required for sender address " $&f ...remote is not # check results R $* $: @ $1 mark address: nothing known about it R $* $@ R $* $#error $@ 4.1.8 $: "451 Domain of sender address " $&f " does not resolve" R $* $#error $@ 5.1.8 $: "553 Domain of sender address " $&f " does not exist" R<$={Accept}> $* $# $1 R $* $#discard $: discard R $* $#error $@ 5.7.1 $: "550 Access denied" R $* $#error $@ $1.$2.$3 $: $4 R $* $#error $: $1 R<$+> $* $#error $: $1 error from access db ###################################################################### ### check_rcpt -- check SMTP `RCPT TO:' command argument ###################################################################### SLocal_check_rcpt Scheck_rcpt R$* $: $1 $| $>"Local_check_rcpt" $1 R$* $| $#$* $#$2 R$* $| $* $@ $>"Basic_check_rcpt" $1 SBasic_check_rcpt # check for deferred delivery mode R$* $: < ${deliveryMode} > $1 R< d > $* $@ deferred R< $* > $* $: $2 R$* $: $>ParseRecipient $1 strip relayable hosts # blacklist local users or any host from receiving mail R$* $: $1 R $+ < @ $=w > $: <> <$1 < @ $2 >> $| R $+ < @ $* > $: <> <$1 < @ $2 >> $| R $+ $: <> <$1> $| R<> <$*> $| <$+> $: <@> <$1> $| $>SearchList <+To> $| <$2> <> R<@> <$*> $| <$*> $: <$2> <$1> reverse result R <$*> $: @ $1 mark address as no match R<$={Accept}> <$*> $: @ $2 mark address as no match R $* $#error $@ 5.2.1 $: "550 Mailbox disabled for this recipient" R $* $#discard $: discard R $* $#error $@ $1.$2.$3 $: $4 R $* $#error $: $1 R<$+> $* $#error $: $1 error from access db R@ $* $1 remove mark # authenticated? R$* $: $1 $| $>RelayAuth $1 $| $&{verify} client authenticated? R$* $| $# $+ $# $2 error/ok? R$* $| $* $: $1 no # authenticated by a trusted mechanism? R$* $: $1 $| $&{auth_type} R$* $| $: $1 R$* $| $={TrustAuthMech} $# RELAYAUTH R$* $| $* $: $1 # anything terminating locally is ok R$+ < @ $=w > $@ RELAYTO R$+ < @ $* $=R > $@ RELAYTO R$+ < @ $+ > $: $>LookUpDomain <$2> <$1 < @ $2 >> <+To> R $* $@ RELAYTO R<$*> <$*> $: $2 # check for local user (i.e. unqualified address) R$* $: $1 R $* < @ $+ > $: $1 < @ $2 > # local user is ok R $+ $@ RELAYTOLOCAL R<$+> $* $: $2 # anything originating locally is ok # check IP address R$* $: $&{client_addr} R$@ $@ RELAYFROM originated locally R0 $@ RELAYFROM originated locally R$=R $* $@ RELAYFROM relayable IP address R$* $: $>LookUpAddress <$1> <$1> <+Connect> R $* $@ RELAYFROM relayable IP address R<$*> <$*> $: $2 R$* $: [ $1 ] put brackets around it... R$=w $@ RELAYFROM ... and see if it is local # check client name: first: did it resolve? R$* $: < $&{client_resolve} > R $#error $@ 4.7.1 $: "450 Relaying temporarily denied. Cannot resolve PTR record for " $&{client_addr} R $#error $@ 5.7.1 $: "550 Relaying denied. IP name possibly forged " $&{client_name} R $#error $@ 5.7.1 $: "550 Relaying denied. IP name lookup failed " $&{client_name} R$* $: $&{client_name} # pass to name server to make hostname canonical R $* $~P $: $[ $1 $2 $] R$* . $1 strip trailing dots R $@ RELAYFROM R $=w $@ RELAYFROM R $* $=R $@ RELAYFROM R $* $: $>LookUpDomain <$1> <$1> <+Connect> R $* $@ RELAYFROM R<$*> <$*> $: $2 # anything else is bogus R$* $#error $@ 5.7.1 $: "550 Relaying denied" ###################################################################### ### SearchList: search a list of items in the access map ### Parameters: ### $| ... <> ### where "exact" is either "+" or "!": ### <+ TAG> lookup with and w/o tag ### lookup with tag ### possible values for "mark" are: ### H: recursive host lookup (LookUpDomain) ### E: exact lookup, no modifications ### F: full lookup, try user+ext@domain and user@domain ### U: user lookup, try user+ext and user (input must have trailing @) ### return: or (not found) ###################################################################### # class with valid marks for SearchList C{src}E F H U SSearchList # mark H: lookup domain R<$+> $| <$*> $: <$1> $| <@> $>LookUpDomain <$2> <$3> <$1> R<$+> $| <@> <$+> <$*> $: <$1> $| <$2> <$3> R<$- $-> $| <$={src}:$+> <$*> $: <$1 $2> $| <$(access $2:$4 $: $3:$4 $)> <$5> R<+ $-> $| <$={src}:$+> <$*> $: <+ $1> $| <$(access $3 $: $2:$3 $)> <$4> R<$- $-> $| <$*> $: <$1 $2> $| <$(access $2:$3@$5 $: F:$3 + $4@$5$)> <$6> R<+ $-> $| <$*> $: <+ $1> $| <$(access $2@$4 $: F:$2 + $3@$4$)> <$5> R<$- $-> $| <$*> $: <$1 $2> $| <$(access $2:$3@ $: U:$3 + $4$)> <$5> R<+ $-> $| <$*> $: <+ $1> $| <$(access $2@ $: U:$2 + $3$)> <$4> R<$+> $| <$={src}:$+> <$+> $@ $>SearchList <$1> $| <$4> R<$+> $| <$={src}:$+> <> $@ R<$+> $| <$+> <$*> $@ <$2> R<$+> $| <$+> $@ <$2> # is user trusted to authenticate as someone else? Strust_auth R$* $: $&{auth_type} $| $1 # required by RFC 2554 section 4. R$@ $| $* $#error $@ 5.7.1 $: "550 not authenticated" R$* $| $&{auth_authen} $@ identical R$* $| <$&{auth_authen}> $@ identical R$* $| $* $: $1 $| $>"Local_trust_auth" $1 R$* $| $#$* $#$2 R$* $#error $@ 5.7.1 $: "550 " $&{auth_authen} " not allowed to act as " $&{auth_author} SLocal_trust_auth # is connection with client "good" enough? (done in server) # input: ${verify} $| (MAIL|STARTTLS) Stls_client R$* $| $* $: $1 $| $>LookUpDomain <$&{client_name}> <> R$* $| $* $: $1 $| $>LookUpAddress <$&{client_addr}> <> R$* $| $* $: $1 $| <$(access TLS_Clt: $: ? $)> R$* $@ $>"tls_connection" $1 # is connection with server "good" enough? (done in client) # input: ${verify} Stls_server R$* $: $1 $| $>LookUpDomain <$&{server_name}> <> R$* $| $* $: $1 $| $>LookUpAddress <$&{server_addr}> <> R$* $| $* $: $1 $| <$(access TLS_Srv: $: ? $)> R$* $@ $>"tls_connection" $1 Stls_connection R$* $| <$*>$* $: $1 $| <$2> R$* $| $: $1 $| <503:5.7.0> <$2 $3> R$* $| $: $1 $| <403:4.7.0> <$2 $3> R$* $| <$={tls} $*> $: $1 $| <403:4.7.0> <$2 $3> RSOFTWARE $| <$-:$+> $* $#error $@ $2 $: $1 " TLS handshake failed." RSOFTWARE $| $* $#error $@ 4.7.0 $: "403 TLS handshake failed." R$* $| <$*> $: <$2> $1 R$* $| <$*> <$={tls}:$->$* $: <$2> <$3:$4> $1 R$* $| $* $@ OK # authentication required: give appropriate error # other side did authenticate (via STARTTLS) R<$*> OK $@ OK R<$*> OK $: <$1> R<$*> $* $: <$1> R<$-:$+> $#error $@ $2 $: $1 " authentication required" R<$-:$+> FAIL $#error $@ $2 $: $1 " authentication failed" R<$-:$+> NO $#error $@ $2 $: $1 " not authenticated" R<$-:$+> NONE $#error $@ $2 $: $1 " other side does not support STARTTLS" R<$-:$+> $+ $#error $@ $2 $: $1 " authentication failure " $4 R<$*> $: <$1> $>max $&{cipher_bits} : $&{auth_ssf} R<$*> $- $: <$1> <$2:$3> $(arith l $@ $3 $@ $2 $) R<$-:$+><$-:$-> TRUE $#error $@ $2 $: $1 " encryption too weak " $4 " less than " $3 Smax R: $: 0 R:$- $: $1 R$-: $: $1 R$-:$- $: $(arith l $@ $1 $@ $2 $) : $1 : $2 RTRUE:$-:$- $: $2 R$-:$-:$- $: $2 SRelayAuth # authenticated? R$* $| OK $: $1 R$* $| $* $@ NO not authenticated R$* $: $1 $| $&{cert_issuer} R$* $| $+ $: $1 $| $(access CERTISSUER:$2 $) R$* $| RELAY $# RELAYCERTISSUER R$* $| SUBJECT $: $1 $| <@> $&{cert_subject} R$* $| <@> $+ $: $1 $| <@> $(access CERTSUBJECT:$2 $) R$* $| <@> RELAY $# RELAYCERTSUBJECT R$* $| $* $: $1 # ###################################################################### ###################################################################### ##### ##### MAILER DEFINITIONS ##### ###################################################################### ###################################################################### ##################################### ### SMTP Mailer specification ### ##################################### ##### $Id: sendmail.cf,v 1.1.1.1 2005/08/29 20:50:17 dawson Exp $ ##### # # common sender and masquerading recipient rewriting # SMasqSMTP=61 R$* < @ $* > $* $@ $1 < @ $2 > $3 already fully qualified R$+ $@ $1 < @ *LOCAL* > add local qualification # # convert pseudo-domain addresses to real domain addresses # SPseudoToReal=51 # pass s through R< @ $+ > $* $@ < @ $1 > $2 resolve # output fake domains as user%fake@relay # do UUCP heuristics; note that these are shared with UUCP mailers R$+ < @ $+ .UUCP. > $: < $2 ! > $1 convert to UUCP form R$+ < @ $* > $* $@ $1 < @ $2 > $3 not UUCP form # leave these in .UUCP form to avoid further tampering R< $&h ! > $- ! $+ $@ $2 < @ $1 .UUCP. > R< $&h ! > $-.$+ ! $+ $@ $3 < @ $1.$2 > R< $&h ! > $+ $@ $1 < @ $&h .UUCP. > R< $+ ! > $+ $: $1 ! $2 < @ $Y > use UUCP_RELAY R$+ < @ $+ : $+ > $@ $1 < @ $3 > strip mailer: part R$+ < @ > $: $1 < @ *LOCAL* > if no UUCP_RELAY # # envelope sender rewriting # SEnvFromSMTP=11 R$+ $: $>PseudoToReal $1 sender/recipient common R$* :; <@> $@ list:; special case R$* $: $>MasqSMTP $1 qualify unqual'ed names R$+ $: $>MasqEnv $1 do masquerading # # envelope recipient rewriting -- # also header recipient if not masquerading recipients # SEnvToSMTP=21 R$+ $: $>PseudoToReal $1 sender/recipient common R$+ $: $>MasqSMTP $1 qualify unqual'ed names R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2 # # header sender and masquerading header recipient rewriting # SHdrFromSMTP=31 R$+ $: $>PseudoToReal $1 sender/recipient common R:; <@> $@ list:; special case # do special header rewriting R$* <@> $* $@ $1 <@> $2 pass null host through R< @ $* > $* $@ < @ $1 > $2 pass route-addr through R$* $: $>MasqSMTP $1 qualify unqual'ed names R$+ $: $>MasqHdr $1 do masquerading # # relay mailer header masquerading recipient rewriting # SMasqRelay=71 R$+ $: $>MasqSMTP $1 R$+ $: $>MasqHdr $1 Msmtp, P=[IPC], F=mDFMuX, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990, T=DNS/RFC822/SMTP, A=TCP $h Mesmtp, P=[IPC], F=mDFMuXa, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990, T=DNS/RFC822/SMTP, A=TCP $h Msmtp8, P=[IPC], F=mDFMuX8, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990, T=DNS/RFC822/SMTP, A=TCP $h Mdsmtp, P=[IPC], F=mDFMuXa%, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990, T=DNS/RFC822/SMTP, A=TCP $h Mrelay, P=[IPC], F=mDFMuXa8, S=EnvFromSMTP/HdrFromSMTP, R=MasqSMTP, E=\r\n, L=2040, T=DNS/RFC822/SMTP, A=TCP $h ######################*****############## ### PROCMAIL Mailer specification ### ##################*****################## ##### $Id: sendmail.cf,v 1.1.1.1 2005/08/29 20:50:17 dawson Exp $ ##### Mprocmail, P=/usr/bin/procmail, F=DFMSPhnu9, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP/HdrFromSMTP, T=DNS/RFC822/X-Unix, A=procmail -Y -m $h $f $u ################################################## ### Local and Program Mailer specification ### ################################################## ##### $Id: sendmail.cf,v 1.1.1.1 2005/08/29 20:50:17 dawson Exp $ ##### # # Envelope sender rewriting # SEnvFromL=10 R<@> $n errors to mailer-daemon R@ <@ $*> $n temporarily bypass Sun bogosity R$+ $: $>AddDomain $1 add local domain if needed R$* $: $>MasqEnv $1 do masquerading # # Envelope recipient rewriting # SEnvToL=20 R$+ < @ $* > $: $1 strip host part # # Header sender rewriting # SHdrFromL=30 R<@> $n errors to mailer-daemon R@ <@ $*> $n temporarily bypass Sun bogosity R$+ $: $>AddDomain $1 add local domain if needed R$* $: $>MasqHdr $1 do masquerading # # Header recipient rewriting # SHdrToL=40 R$+ $: $>AddDomain $1 add local domain if needed R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2 # # Common code to add local domain name (only if always-add-domain) # SAddDomain=50 R$* < @ $* > $* $@ $1 < @ $2 > $3 already fully qualified R$+ $@ $1 < @ *LOCAL* > add local qualification Mlocal, P=/usr/bin/procmail, F=lsDFMAw5:/|@qSPfhn9, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL, T=DNS/RFC822/X-Unix, A=procmail -t -Y -a $h -d $u Mprog, P=/usr/sbin/smrsh, F=lsDFMoqeu9, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL, D=$z:/, T=X-Unix/X-Unix/X-Unix, A=smrsh -c $u