sendmail.cf

学习linux的书具体介绍Linux的用法网络各种协议及驱动开发等

###		<$3> -- mark (must be <(!|+) single-token>)
###			! does lookup only with tag
###			+ does lookup with and without tag
###		<$4> -- passthru (additional data passed unchanged through)
######################################################################

SE
R<$*> <$*> <$- $-> <$*>		$: <$(access $4:$1 $: ? $)> <$1> <$2> <$3 $4> <$5>
R<?> <$+> <$*> <+ $-> <$*>	$: <$(access $1 $: ? $)> <$1> <$2> <+ $3> <$4>
R<?> <$+> <$*> <$- $-> <$*>	$@ <$2> <$5>
R<$+ <TMPF>> <$*> <$- $-> <$*>	$@ <<TMPF>> <$5>
R<$+> <$*> <$- $-> <$*>		$@ <$1> <$5>

######################################################################
###  U: LookUpUser -- search for an entry in access database
###
###	lookup of key (which should be a local part) and
###	variations if +detail exists: +* and without +detail
###
###	Parameters:
###		<$1> -- key (user@)
###		<$2> -- default (what to return if not found in db)
###		<$3> -- mark (must be <(!|+) single-token>)
###			! does lookup only with tag
###			+ does lookup with and without tag
###		<$4> -- passthru (additional data passed unchanged through)
######################################################################

SU
R<$+> <$*> <$- $-> <$*>		$: <$(access $4:$1 $: ? $)> <$1> <$2> <$3 $4> <$5>
R<?> <$+> <$*> <+ $-> <$*>	$: <$(access $1 $: ? $)> <$1> <$2> <+ $3> <$4>
R<?> <$+ + $* @> <$*> <$- $-> <$*>
			$: <$(access $5:$1+*@ $: ? $)> <$1+$2@> <$3> <$4 $5> <$6>
R<?> <$+ + $* @> <$*> <+ $-> <$*>
			$: <$(access $1+*@ $: ? $)> <$1+$2@> <$3> <+ $4> <$5>
R<?> <$+ + $* @> <$*> <$- $-> <$*>
			$: <$(access $5:$1@ $: ? $)> <$1+$2@> <$3> <$4 $5> <$6>
R<?> <$+ + $* @> <$*> <+ $-> <$*>
			$: <$(access $1@ $: ? $)> <$1+$2@> <$3> <+ $4> <$5>
R<?> <$+> <$*> <$- $-> <$*>	$@ <$2> <$5>
R<$+ <TMPF>> <$*> <$- $-> <$*>	$@ <<TMPF>> <$5>
R<$+> <$*> <$- $-> <$*>		$@ <$1> <$5>

######################################################################
###  SearchList: search a list of items in the access map
###	Parameters:
###		<exact tag> $| <mark:address> <mark:address> ... <>
###	where "exact" is either "+" or "!":
###	<+ TAG>	lookup with and w/o tag
###	<! TAG>	lookup with tag
###	possible values for "mark" are:
###		D: recursive host lookup (LookUpDomain)
###		E: exact lookup, no modifications
###		F: full lookup, try user+ext@domain and user@domain
###		U: user lookup, try user+ext and user (input must have trailing @)
###	return: <RHS of lookup> or <?> (not found)
######################################################################

# class with valid marks for SearchList
C{src}E F D U 
SSearchList
# just call the ruleset with the name of the tag... nice trick...
R<$+> $| <$={src}:$*> <$*>	$: <$1> $| <$4> $| $>$2 <$3> <?> <$1> <>
R<$+> $| <> $| <?> <>		$@ <?>
R<$+> $| <$+> $| <?> <>		$@ $>SearchList <$1> $| <$2>
R<$+> $| <$*> $| <$+> <>	$@ <$3>
R<$+> $| <$+>			$@ <$2>


######################################################################
###  trust_auth: is user trusted to authenticate as someone else?
###
###	Parameters:
###		$1: AUTH= parameter from MAIL command
######################################################################

SLocal_trust_auth
Strust_auth
R$*			$: $&{auth_type} $| $1
# required by RFC 2554 section 4.
R$@ $| $*		$#error $@ 5.7.1 $: "550 not authenticated"
R$* $| $&{auth_authen}		$@ identical
R$* $| <$&{auth_authen}>	$@ identical
R$* $| $*		$: $1 $| $>"Local_trust_auth" $1
R$* $| $#$*		$#$2
R$*			$#error $@ 5.7.1 $: "550 " $&{auth_authen} " not allowed to act as " $&{auth_author}

######################################################################
###  Relay_Auth: allow relaying based on authentication?
###
###	Parameters:
###		$1: ${auth_type}
######################################################################
SLocal_Relay_Auth

######################################################################
###  srv_features: which features to offer to a client?
###	(done in server)
######################################################################
Ssrv_features
R$*		$: $>D <$&{client_name}> <?> <! "Srv_Features"> <>
R<?>$*		$: $>A <$&{client_addr}> <?> <! "Srv_Features"> <>
R<?>$*		$: <$(access "Srv_Features": $: ? $)>
R<?>$*		$@ OK
R<$* <TMPF>>$*	$#temp
R<$+>$*		$# $1

######################################################################
###  try_tls: try to use STARTTLS?
###	(done in client)
######################################################################
Stry_tls
R$*		$: $>D <$&{server_name}> <?> <! "Try_TLS"> <>
R<?>$*		$: $>A <$&{server_addr}> <?> <! "Try_TLS"> <>
R<?>$*		$: <$(access "Try_TLS": $: ? $)>
R<?>$*		$@ OK
R<$* <TMPF>>$*	$#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
R<NO>$*		$#error $@ 5.7.1 $: "550 do not try TLS with " $&{server_name} " ["$&{server_addr}"]"
 
######################################################################
###  tls_rcpt: is connection with server "good" enough?
###	(done in client, per recipient)
###
###	Parameters:
###		$1: recipient
######################################################################
Stls_rcpt
R$*			$: $(macro {TLS_Name} $@ $&{server_name} $) $1
R$+			$: <?> $>CanonAddr $1
R<?> $+ < @ $+ . >	<?> $1 <@ $2 >
R<?> $+ < @ $+ >	$: $1 <@ $2 > $| <F:$1@$2> <U:$1@> <D:$2> <E:>
R<?> $+			$: $1 $| <U:$1@> <E:>
R$* $| $+	$: $1 $| $>SearchList <! "TLS_Rcpt"> $| $2 <>
R$* $| <?>	$@ OK
R$* $| <$* <TMPF>>	$#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
R$* $| <$+>	$@ $>"TLS_connection" $&{verify} $| <$2>

######################################################################
###  tls_client: is connection with client "good" enough?
###	(done in server)
###
###	Parameters:
###		${verify} $| (MAIL|STARTTLS)
######################################################################
Stls_client
R$*		$: $(macro {TLS_Name} $@ $&{server_name} $) $1
R$* $| $*	$: $1 $| $>D <$&{client_name}> <?> <! "TLS_Clt"> <>
R$* $| <?>$*	$: $1 $| $>A <$&{client_addr}> <?> <! "TLS_Clt"> <>
R$* $| <?>$*	$: $1 $| <$(access "TLS_Clt": $: ? $)>
R$* $| <$* <TMPF>>	$#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
R$*		$@ $>"TLS_connection" $1

######################################################################
###  tls_server: is connection with server "good" enough?
###	(done in client)
###
###	Parameter:
###		${verify}
######################################################################
Stls_server
R$*		$: $(macro {TLS_Name} $@ $&{server_name} $) $1
R$*		$: $1 $| $>D <$&{server_name}> <?> <! "TLS_Srv"> <>
R$* $| <?>$*	$: $1 $| $>A <$&{server_addr}> <?> <! "TLS_Srv"> <>
R$* $| <?>$*	$: $1 $| <$(access "TLS_Srv": $: ? $)>
R$* $| <$* <TMPF>>	$#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
R$*		$@ $>"TLS_connection" $1

######################################################################
###  TLS_connection: is TLS connection "good" enough?
###
###	Parameters:
###		${verify} $| <Requirement> [<>]
###		Requirement: RHS from access map, may be ? for none.
######################################################################
STLS_connection
R$* $| <$*>$*			$: $1 $| <$2>
# create the appropriate error codes
R$* $| <PERM + $={tls} $*>	$: $1 $| <503:5.7.0> <$2 $3>
R$* $| <TEMP + $={tls} $*>	$: $1 $| <403:4.7.0> <$2 $3>
R$* $| <$={tls} $*>		$: $1 $| <403:4.7.0> <$2 $3>
# deal with TLS handshake failures: abort
RSOFTWARE $| <$-:$+> $* 	$#error $@ $2 $: $1 " TLS handshake failed."
RSOFTWARE $| $* 		$#error $@ 4.7.0 $: "403 TLS handshake failed."
R$* $| <$*> <VERIFY>		$: <$2> <VERIFY> <> $1
R$* $| <$*> <VERIFY + $+>	$: <$2> <VERIFY> <$3> $1
R$* $| <$*> <$={tls}:$->$*	$: <$2> <$3:$4> <> $1
R$* $| <$*> <$={tls}:$- + $+>$*	$: <$2> <$3:$4> <$5> $1
R$* $| $*			$@ OK
# authentication required: give appropriate error
# other side did authenticate (via STARTTLS)
R<$*><VERIFY> <> OK		$@ OK
R<$*><VERIFY> <$+> OK		$: <$1> <REQ:0> <$2>
R<$*><VERIFY:$-> <$*> OK	$: <$1> <REQ:$2> <$3>
R<$*><ENCR:$-> <$*> $*		$: <$1> <REQ:$2> <$3>
R<$-:$+><VERIFY $*> <$*>	$#error $@ $2 $: $1 " authentication required"
R<$-:$+><VERIFY $*> <$*> FAIL	$#error $@ $2 $: $1 " authentication failed"
R<$-:$+><VERIFY $*> <$*> NO	$#error $@ $2 $: $1 " not authenticated"
R<$-:$+><VERIFY $*> <$*> NOT	$#error $@ $2 $: $1 " no authentication requested"
R<$-:$+><VERIFY $*> <$*> NONE	$#error $@ $2 $: $1 " other side does not support STARTTLS"
R<$-:$+><VERIFY $*> <$*> $+	$#error $@ $2 $: $1 " authentication failure " $4
R<$*><REQ:$-> <$*>		$: <$1> <REQ:$2> <$3> $>max $&{cipher_bits} : $&{auth_ssf}
R<$*><REQ:$-> <$*> $-		$: <$1> <$2:$4> <$3> $(arith l $@ $4 $@ $2 $)
R<$-:$+><$-:$-> <$*> TRUE	$#error $@ $2 $: $1 " encryption too weak " $4 " less than " $3
R<$-:$+><$-:$-> <$*> $*		$: <$1:$2 ++ $5>
R<$-:$+ ++ >			$@ OK
R<$-:$+ ++ $+ >			$: <$1:$2> <$3>
R<$-:$+> < $+ ++ $+ >		<$1:$2> <$3> <$4>
R<$-:$+> $+			$@ $>"TLS_req" $3 $| <$1:$2>

######################################################################
###  TLS_req: check additional TLS requirements
###
###	Parameters: [<list> <of> <req>] $| <$-:$+>
###		$-: SMTP reply code
###		$+: Enhanced Status Code
######################################################################
STLS_req
R $| $+		$@ OK
R<CN> $* $| <$+>		$: <CN:$&{TLS_Name}> $1 $| <$2>
R<CN:$&{cn_subject}> $* $| <$+>		$@ $>"TLS_req" $1 $| <$2>
R<CN:$+> $* $| <$-:$+>	$#error $@ $4 $: $3 " CN " $&{cn_subject} " does not match " $1
R<CS:$&{cert_subject}> $* $| <$+>	$@ $>"TLS_req" $1 $| <$2>
R<CS:$+> $* $| <$-:$+>	$#error $@ $4 $: $3 " Cert Subject " $&{cert_subject} " does not match " $1
R<CI:$&{cert_issuer}> $* $| <$+>	$@ $>"TLS_req" $1 $| <$2>
R<CI:$+> $* $| <$-:$+>	$#error $@ $4 $: $3 " Cert Issuer " $&{cert_issuer} " does not match " $1
ROK			$@ OK

######################################################################
###  max: return the maximum of two values separated by :
###
###	Parameters: [$-]:[$-]
######################################################################
Smax
R:		$: 0
R:$-		$: $1
R$-:		$: $1
R$-:$-		$: $(arith l $@ $1 $@ $2 $) : $1 : $2
RTRUE:$-:$-	$: $2
R$-:$-:$-	$: $2


######################################################################
###  RelayTLS: allow relaying based on TLS authentication
###
###	Parameters:
###		none
######################################################################
SRelayTLS
# authenticated?
R$*			$: <?> $&{verify}
R<?> OK			$: OK		authenticated: continue
R<?> $*			$@ NO		not authenticated
R$*			$: $&{cert_issuer}
R$+			$: $(access CERTISSUER:$1 $)
RRELAY			$# RELAY
RSUBJECT		$: <@> $&{cert_subject}
R<@> $+			$: <@> $(access CERTSUBJECT:$1 $)
R<@> RELAY		$# RELAY
R$*			$: NO

######################################################################
###  authinfo: lookup authinfo in the access map
###
###	Parameters:
###		$1: {server_name}
###		$2: {server_addr}
######################################################################
Sauthinfo
R$*		$: $1 $| $>D <$&{server_name}> <?> <! AuthInfo> <>
R$* $| <?>$*	$: $1 $| $>A <$&{server_addr}> <?> <! AuthInfo> <>
R$* $| <?>$*	$: $1 $| <$(access AuthInfo: $: ? $)> <>
R$* $| <?>$*	$@ no				no authinfo available
R$* $| <$*> <>	$# $2

#
######################################################################
######################################################################
#####
#####			MAIL FILTER DEFINITIONS
#####
######################################################################
######################################################################

#
######################################################################
######################################################################
#####
#####			MAILER DEFINITIONS
#####
######################################################################
######################################################################

#####################################
###   SMTP Mailer specification   ###
#####################################

#####  $Id: smtp.m4,v 8.64 2001/04/03 01:52:54 gshapiro Exp $  #####

#
#  common sender and masquerading recipient rewriting
#
SMasqSMTP
R$* < @ $* > $*		$@ $1 < @ $2 > $3		already fully qualified
R$+			$@ $1 < @ *LOCAL* >		add local qualification

#
#  convert pseudo-domain addresses to real domain addresses
#
SPseudoToReal

# pass <route-addr>s through
R< @ $+ > $*		$@ < @ $1 > $2			resolve <route-addr>

# output fake domains as user%fake@relay

# do UUCP heuristics; note that these are shared with UUCP mailers
R$+ < @ $+ .UUCP. >	$: < $2 ! > $1			convert to UUCP form
R$+ < @ $* > $*		$@ $1 < @ $2 > $3		not UUCP form

# leave these in .UUCP form to avoid further tampering
R< $&h ! > $- ! $+	$@ $2 < @ $1 .UUCP. >
R< $&h ! > $-.$+ ! $+	$@ $3 < @ $1.$2 >
R< $&h ! > $+		$@ $1 < @ $&h .UUCP. >
R< $+ ! > $+		$: $1 ! $2 < @ $Y >		use UUCP_RELAY
R$+ < @ $~[ $* : $+ >	$@ $1 < @ $4 >			strip mailer: part
R$+ < @ >		$: $1 < @ *LOCAL* >		if no UUCP_RELAY


#
#  envelope sender rewriting
#
SEnvFromSMTP
R$+			$: $>PseudoToReal $1		sender/recipient common
R$* :; <@>		$@				list:; special case
R$*			$: $>MasqSMTP $1		qualify unqual'ed names
R$+			$: $>MasqEnv $1			do masquerading


#
#  envelope recipient rewriting --
#  also header recipient if not masquerading recipients
#
SEnvToSMTP
R$+			$: $>PseudoToReal $1		sender/recipient common
R$+			$: $>MasqSMTP $1		qualify unqual'ed names
R$* < @ *LOCAL* > $*	$: $1 < @ $j . > $2

#
#  header sender and masquerading header recipient rewriting
#
SHdrFromSMTP
R$+			$: $>PseudoToReal $1		sender/recipient common
R:; <@>			$@				list:; special case

# do special header rewriting
R$* <@> $*		$@ $1 <@> $2			pass null host through
R< @ $* > $*		$@ < @ $1 > $2			pass route-addr through
R$*			$: $>MasqSMTP $1		qualify unqual'ed names
R$+			$: $>MasqHdr $1			do masquerading


#
#  relay mailer header masquerading recipient rewriting
#
SMasqRelay
R$+			$: $>MasqSMTP $1
R$+			$: $>MasqHdr $1

Msmtp,		P=[IPC], F=mDFMuX, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
		T=DNS/RFC822/SMTP,
		A=TCP $h
Mesmtp,		P=[IPC], F=mDFMuXa, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
		T=DNS/RFC822/SMTP,
		A=TCP $h
Msmtp8,		P=[IPC], F=mDFMuX8, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
		T=DNS/RFC822/SMTP,
		A=TCP $h
Mdsmtp,		P=[IPC], F=mDFMuXa%, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
		T=DNS/RFC822/SMTP,
		A=TCP $h
Mrelay,		P=[IPC], F=mDFMuXa8, S=EnvFromSMTP/HdrFromSMTP, R=MasqSMTP, E=\r\n, L=2040,
		T=DNS/RFC822/SMTP,
		A=TCP $h


######################*****##############
###   PROCMAIL Mailer specification   ###
##################*****##################

#####  $Id: procmail.m4,v 8.22 2001/11/12 23:11:34 ca Exp $  #####

Mprocmail,	P=/usr/bin/procmail, F=DFMSPhnu9, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP/HdrFromSMTP,
		T=DNS/RFC822/X-Unix,
		A=procmail -Y -m $h $f $u


##################################################
###   Local and Program Mailer specification   ###
##################################################

#####  $Id: local.m4,v 8.58 2000/10/26 01:58:29 ca Exp $  #####

#
#  Envelope sender rewriting
#
SEnvFromL
R<@>			$n			errors to mailer-daemon
R@ <@ $*>		$n			temporarily bypass Sun bogosity
R$+			$: $>AddDomain $1	add local domain if needed
R$*			$: $>MasqEnv $1		do masquerading

#
#  Envelope recipient rewriting
#
SEnvToL
R$+ < @ $* >		$: $1			strip host part

#
#  Header sender rewriting
#
SHdrFromL
R<@>			$n			errors to mailer-daemon
R@ <@ $*>		$n			temporarily bypass Sun bogosity
R$+			$: $>AddDomain $1	add local domain if needed
R$*			$: $>MasqHdr $1		do masquerading

#
#  Header recipient rewriting
#
SHdrToL
R$+			$: $>AddDomain $1	add local domain if needed
R$* < @ *LOCAL* > $*	$: $1 < @ $j . > $2

#
#  Common code to add local domain name (only if always-add-domain)
#
SAddDomain
R$* < @ $* > $* 	$@ $1 < @ $2 > $3	already fully qualified

R$+			$@ $1 < @ *LOCAL* >	add local qualification

Mlocal,		P=/usr/bin/procmail, F=lsDFMAw5:/|@qSPfhn9, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL,
		T=DNS/RFC822/X-Unix,
		A=procmail -t -Y -a $h -d $u
Mprog,		P=/usr/sbin/smrsh, F=lsDFMoqeu9, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL, D=$z:/,
		T=X-Unix/X-Unix/X-Unix,
		A=smrsh -c $u