# # Copyright (c) 1998-2002 Sendmail, Inc. and its suppliers. # All rights reserved. # Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved. # Copyright (c) 1988, 1993 # The Regents of the University of California. All rights reserved. # # By using this file, you agree to the terms and conditions set # forth in the LICENSE file which can be found at the top level of # the sendmail distribution. # # ###################################################################### ###################################################################### ##### ##### SENDMAIL CONFIGURATION FILE ##### ##### built by root@planet on Wed Jan 1 01:55:23 PST 2003 ##### in /usr/local/src/sendmail-8.12.7/cf/cf ##### using ../ as configuration include directory ##### ###################################################################### ##### ##### DO NOT EDIT THIS FILE! Only edit the source .mc file. ##### ###################################################################### ###################################################################### ##### $Id: cfhead.m4,v 8.108.2.1 2002/08/27 20:19:08 gshapiro Exp $ ##### ##### $Id: cf.m4,v 8.32 1999/02/07 07:26:14 gshapiro Exp $ ##### ##### $Id: 31-Dec-02 amo Modified sendmail-8.12.7 check_local-5.5 Exp $ ##### ##### $Id: linux.m4,v 8.13 2000/09/17 17:30:00 gshapiro Exp $ ##### ##### $Id: local_procmail.m4,v 8.21.42.1 2002/11/17 04:25:07 ca Exp $ ##### ##### $Id: generic.m4,v 8.15 1999/04/04 00:51:09 ca Exp $ ##### ##### $Id: redirect.m4,v 8.15 1999/08/06 01:47:36 gshapiro Exp $ ##### ##### $Id: use_cw_file.m4,v 8.11 2001/08/26 20:58:57 gshapiro Exp $ ##### ##### $Id: use_cw_file.m4,v 8.11 2001/08/26 20:58:57 gshapiro Exp $ ##### ##### $Id: redirect.m4,v 8.15 1999/08/06 01:47:36 gshapiro Exp $ ##### ##### $Id: always_add_domain.m4,v 8.11 2000/09/12 22:00:53 ca Exp $ ##### ##### $Id: local_procmail.m4,v 8.21.42.1 2002/11/17 04:25:07 ca Exp $ ##### ##### $Id: domaintable.m4,v 8.22 2001/03/16 00:51:25 gshapiro Exp $ ##### ##### $Id: genericstable.m4,v 8.21 2001/03/16 00:51:26 gshapiro Exp $ ##### ##### $Id: virtusertable.m4,v 8.21 2001/03/16 00:51:26 gshapiro Exp $ ##### ##### $Id: smrsh.m4,v 8.14 1999/11/18 05:06:23 ca Exp $ ##### ##### $Id: access_db.m4,v 8.24 2002/03/06 21:50:25 ca Exp $ ##### ##### $Id: mailertable.m4,v 8.23 2001/03/16 00:51:26 gshapiro Exp $ ##### ##### $Id: blacklist_recipients.m4,v 8.13 1999/04/02 02:25:13 gshapiro Exp $ ##### ##### $Id: lookupdotdomain.m4,v 1.1 2000/04/13 22:32:49 ca Exp $ ##### ##### $Id: compat_check.m4,v 1.4 2002/02/26 22:15:31 gshapiro Exp $ ##### ##### $Id: authinfo.m4,v 1.7 2001/03/16 00:51:25 gshapiro Exp $ ##### ##### $Id: delay_checks.m4,v 8.8 2000/12/05 18:50:45 ca Exp $ ##### ##### check_localpart.m4 $Revision: 1.2 $ $Date: 2000/06/27 12:42:42 $ (jk@digitalanswers.de) ##### ##### check_dnsbl.m4 $Revision: 1.3 $ $Date: 2001/08/22 16:08:00 $ (jk@digitalanswers.de) ##### ##### $Id: enhdnsbl.m4,v 1.9 2002/05/19 21:27:29 gshapiro Exp $ ##### ##### check_dnsbl_end.m4 $Revision: 1.8 $ $Date: 2001/08/27 14:23:26 $ (jk@digitalanswers.de) ##### ##### check_header.m4 $Revision: 1.8 $ $Date: 2001/09/19 13:39:04 $ (jk@digitalanswers.de) ##### ##### check_header_end.m4 $Revision: 1.12 $ $Date: 2001/09/19 13:39:04 $ (jk@digitalanswers.de) ##### ##### check_unknown_header.m4 $Revision: 1.1 $ $Date: 2000/06/22 10:22:42 $ (jk@digitalanswers.de) ##### ##### check_local_patterns.m4 $Revision: 1.1.1.1 $ $Date: 2000/06/12 15:44:23 $ (jk@digitalanswers.de) ##### ##### check_local_tester.m4 $Revision: 1.1.1.1 $ $Date: 2000/06/12 15:44:23 $ (jk@digitalanswers.de) ##### ##### check_local.m4 $Revision: 1.23 $ $Date: 2002/07/23 10:51:04 $ (jk@digitalanswers.de) ##### ##### http://www.Linux-Sec.net/Mail/etc.mail/linux-sec.m4 ##### # # end of modified quanta.m4 aka header_chk.m4 aka linux-sec.m4 file # # # end of file ##### $Id: proto.m4,v 8.649.2.13 2002/12/04 00:12:18 ca Exp $ ##### # level 10 config file format V10/Berkeley # override file safeties - setting this option compromises system security, # addressing the actual file configuration problem is preferred # need to set this before any file actions are encountered in the cf file #O DontBlameSendmail=safe # default LDAP map specification # need to set this now before any LDAP maps are defined #O LDAPDefaultSpec=-h localhost ################## # local info # ################## # my LDAP cluster # need to set this before any LDAP lookups are done (including classes) #D{sendmailMTACluster}$m Cwlocalhost # file containing names of hosts for which we receive email Fw/etc/mail/local-host-names # my official domain name # ... define this only if sendmail cannot automatically determine your domain #Dj$w.Foo.COM CP. # "Smart" relay host (may be null) DS # operators that cannot be in local usernames (i.e., network indicators) CO @ % ! # a class with just dot (for identifying canonical names) C.. # a class with just a left bracket (for identifying domain literals) C[[ # access_db acceptance class C{Accept}OK RELAY # possible access_db RHS for spam friends/haters C{SpamTag}SPAMFRIEND SPAMHATER # Resolve map (to check if a host exists in check_mail) Kresolve host -a -T C{ResOk}OKR # Hosts for which relaying is permitted ($=R) FR-o /etc/mail/relay-domains # arithmetic map Karith arith # macro storage map Kmacro macro # possible values for TLS_connection in access map C{tls}VERIFY ENCR # dequoting map Kdequote dequote # class E: names that should be exposed as from this host, even if we masquerade # class L: names that should be delivered locally, even if we have a relay # class M: domains that should be converted to $M # class N: domains that should not be converted to $M #CL root C{E}root # my name for error messages DnMAILER-DAEMON CPREDIRECT CPREDIRECT # Domain table (adding domains) Kdomaintable hash /etc/mail/domaintable # Generics table (mapping outgoing addresses) Kgenerics hash /etc/mail/genericstable # Virtual user table (maps incoming users) Kvirtuser hash /etc/mail/virtusertable # Access list database (for spam stomping) Kaccess hash -T /etc/mail/access # Mailer table (overriding domains) Kmailertable hash /etc/mail/mailertable # authinfo list database: contains info for authentication as client Kauthinfo hash /etc/mail/authinfo # map for enhanced DNS based blacklist lookups Kednsbl dns -R A -a. -T -r5 Khostbyname dns -RA -T -r5 Kstorage macro D{hc_switch}? Karith arith # ================== HEADER =================================== # definitions for extended checking of the header # ============================================================= # pattern for ip parsing (appends if matching) # it parses the following formats: # abc@[1.2.3.4] abc@1.2.3.4 [1.2.3.4] 1.2.3.4 Kparse_ip regex -a -s2 ^([^@]+@)?\[?(([0-9]{1,3}\.){3}[0-9]{1,3})\]?$ F{known_header} /etc/mail/known-headers Ksyslog syslog -S # regex matching everything Kmatch_all regex -a@MATCH .* # pattern for received parsing # returns 1 - 4 values delimited by $| Kparse_received regex -a<@PARSED@> -s2,5,8,9 (^|[^(])from +([^() ]+) *(\(([^[().@ ]+ +)*([^[() ]+)\))? *(\(([^[().@ ]+ +)*([^[() ]+)? *([^() ]+)?( *\([^[().@]+\))?\))? #regex for detecting a leading digit Kreg_numstart regex -a@MATCH ^[0-9] #regex for detecting numbers only Kreg_numonly regex -a@MATCH ^[0-9]+$ # regex for testing message-Id format Ktest_message_id regex -a@MATCH -n ^ *<.+@.+> *$ # regex for parsing out message id for address like lookup Kparse_message_id regex -a<@PARSED@> -s1 ^ *<(.+@.+)> *$ # regex for parsing out the domain part of message id Kdns_message_id regex -a<@PARSED@> -s1 ^ *<.+@(.+)> *$ # regex for parsing up to 5 comma separated addresses Kparse_address regex -a<@PARSED@> -s3,6,9,12,15 ^ *(([^<>@,]*<)?([^@<>, ]+@[^@<>, ]+)>?) *(, *([^<>@,]*<)?([^@<>, ]+@[^@<>, ]+)>?)? *(, *([^<>@,]*<)?([^@<>, ]+@[^@<>, ]+)>?)? *(, *([^<>@,]*<)?([^@<>, ]+@[^@<>, ]+)>?)? *(, *([^<>@,]*<)?([^@<>, ]+@[^@<>, ]+)>?)?.*$ # regex for parsing domains of up to 5 comma separated addresses Kparse_address_domain regex -a<@PARSED@> -s4,8,12,16,20 ^ *(([^<>@,]*<)?([^@<>, ]+@([^@<>, ]+))>?) *(, *([^<>@,]*<)?([^@<>, ]+@([^@<>, ]+))>?)? *(, *([^<>@,]*<)?([^@<>, ]+@([^@<>, ]+))>?)? *(, *([^<>@,]*<)?([^@<>, ]+@([^@<>, ]+))>?)? *(, *([^<>@,]*<)?([^@<>, ]+@([^@<>, ]+))>?)?.*$ # ================== DATABASE ================================= # database definitions # ============================================================= # ================== ENVELOPE ================================= Kdnslookmx dns -RMX -T Kdnslooka dns -RA -T KAD2000check regex -f -aAD2000 ....._NextPart_000_0..._01C0F..A\.93A..... KGammaDcheck regex -f -aGammaD \-\-\-\-\=_........_........_MA KKlezCheck regex -f -q -aKlez boundary=[A-Z][a-zA-Z0-9]+$ HSubject: $>check_subject HContent-Type: $>check_ct HDate: $>check_date HX-MimeOLE: $>check_ole HX-Reply-To: $>check_all HX-PMFLAGS: $>check_all HX-EM-Registration: $>check_all HTo: $>check_to HX-Mailer: $>check_mailer HX-Spanska: $>check_happy99 HX-User: $>check_xuser HContent-Disposition: $>check_sircam HX-Library: $>check_xlib HErrors-To: $>check_errto D{Msg_master}" Spammer $&{client_addr} $&f rejected by PostMaster@$j" D{Msg_adv}"501 ${Msg_master} - ADV == Spam email rejected == " D{Msg_mailer}"553 ${Msg_master} - SPAMWARE detected " D{Msg_date}"553 ${Msg_master} - Bogus date xformat " D{Msg_mime}"553 ${Msg_master} - we dont read MIME " D{Msg_korean}"553 ${Msg_master} - korean jibberish " D{Msg_big5}"553 ${Msg_master} - chinese jibberish " D{Msg_yourmail}"553 ${Msg_master} - lairs and pretenders with fake replies" D{Msg_virus}"553 ${Msg_master} - Your message has " D{Msg_porn}"553 ${Msg_master} - No such thing " D{Msg_cell}"553 ${Msg_master} - We do NOT buy from spammers" D{Msg_Biz}"553 ${Msg_master} - We do NOT want your spam business" D{Msg_sales}"553 ${Msg_master} - We do NOT buy from spammers" D{Msg_market}"553 ${Msg_master} - We do NOT want your spam marketing" D{Msg_colo}"553 ${Msg_master} - We do NOT want colo" D{Msg_register}"553 ${Msg_master} - We do NOT want your dumb/crappy registration" D{Msg_newsletter}"553 ${Msg_master} - We do NOT want your dumb newsletter" D{Msg_church}"553 ${Msg_master} - God hates spammers" D{Msg_psychic}"553 ${Msg_master} - We do NOT want your physic non-sense" D{Msg_debt}"553 ${Msg_master} - You have been reported to the FTC/government agencies" D{Msg_prizes}"553 ${Msg_master} - You have been reported to the FTC/government agencies" D{Msg_credit}"553 ${Msg_master} - You're REQUIRED to have a license" D{Msg_mortgage}"553 ${Msg_master} - You're REQUIRED to have a real estate license" D{Msg_insurance}"553 ${Msg_master} - You're REQUIRED to have an insurance license" D{Msg_investigate}"553 ${Msg_master} - You're REQUIRED to have an investigators license" D{Msg_meds}"553 ${Msg_master} - You're REQUIRED to have a medical license" D{Msg_dentist}"553 ${Msg_master} - You're REQUIRED to have a DDS license" D{Msg_sec}"553 ${Msg_master} - You're REQUIRED to have a securities license" D{Msg_travel}"553 ${Msg_master} - You're REQUIRED to have a travel agents license" # Configuration version number DZ8.12.7/check_local-5 ############### # Options # ############### # strip message body to 7 bits on input? O SevenBitInput=False # 8-bit data handling #O EightBitMode=pass8 # wait for alias file rebuild (default units: minutes) O AliasWait=10 # location of alias file O AliasFile=/etc/mail/aliases # minimum number of free blocks on filesystem O MinFreeBlocks=100 # maximum message size #O MaxMessageSize=1000000 # substitution for space (blank) characters O BlankSub=. # avoid connecting to "expensive" mailers on initial submission? O HoldExpensive=False # checkpoint queue runs after every N successful deliveries #O CheckpointInterval=10 # default delivery mode O DeliveryMode=background # error message header/file #O ErrorHeader=/etc/mail/error-header # error mode #O ErrorMode=print # save Unix-style "From_" lines at top of header? #O SaveFromLine=False # queue file mode (qf files) #O QueueFileMode=0600 # temporary file mode O TempFileMode=0600 # match recipients against GECOS field? #O MatchGECOS=False # maximum hop count #O MaxHopCount=25 # location of help file O HelpFile=/etc/mail/helpfile # ignore dots as terminators in incoming messages? #O IgnoreDots=False # name resolver options #O ResolverOptions=+AAONLY # deliver MIME-encapsulated error messages? O SendMimeErrors=True # Forward file search path O ForwardPath=$z/.forward.$w+$h:$z/.forward+$h:$z/.forward.$w:$z/.forward # open connection cache size O ConnectionCacheSize=2 # open connection cache timeout O ConnectionCacheTimeout=5m # persistent host status directory #O HostStatusDirectory=.hoststat # single thread deliveries (requires HostStatusDirectory)? #O SingleThreadDelivery=False # use Errors-To: header? O UseErrorsTo=False # log level O LogLevel=9 # send to me too, even in an alias expansion? #O MeToo=True # verify RHS in newaliases? O CheckAliases=False # default messages to old style headers if no special punctuation? O OldStyleHeaders=True # SMTP daemon options O DaemonPortOptions=Name=MTA O DaemonPortOptions=Port=587, Name=MSA, M=E # SMTP client options #O ClientPortOptions=Family=inet, Address=0.0.0.0 # Modifiers to define {daemon_flags} for direct submissions #O DirectSubmissionModifiers # Use as mail submission program? See sendmail/SECURITY #O UseMSP # privacy flags O PrivacyOptions=authwarnings noexpn novrfy needmailhelo needexpnhelo needvrfyhelo noreceipts # who (if anyone) should get extra copies of error messages #O PostmasterCopy=Postmaster # slope of queue-only function #O QueueFactor=600000 # limit on number of concurrent queue runners #O MaxQueueChildren # maximum number of queue-runners per queue-grouping with multiple queues #O MaxRunnersPerQueue=1 # priority of queue runners (nice(3)) #O NiceQueueRun # shall we sort the queue by hostname first? #O QueueSortOrder=priority # minimum time in queue before retry #O MinQueueAge=30m # how many jobs can you process in the queue? #O MaxQueueRunSize=10000 # perform initial split of envelope without checking MX records #O FastSplit=1 # queue directory O QueueDirectory=/var/spool/mqueue # key for shared memory; 0 to turn off #O SharedMemoryKey=0 # timeouts (many of these) #O Timeout.initial=5m #O Timeout.connect=5m #O Timeout.aconnect=0s #O Timeout.iconnect=5m #O Timeout.helo=5m #O Timeout.mail=10m #O Timeout.rcpt=1h #O Timeout.datainit=5m #O Timeout.datablock=1h #O Timeout.datafinal=1h #O Timeout.rset=5m #O Timeout.quit=2m #O Timeout.misc=2m #O Timeout.command=1h O Timeout.ident=0 #O Timeout.fileopen=60s #O Timeout.control=2m O Timeout.queuereturn=5d #O Timeout.queuereturn.normal=5d #O Timeout.queuereturn.urgent=2d #O Timeout.queuereturn.non-urgent=7d O Timeout.queuewarn=4h #O Timeout.queuewarn.normal=4h #O Timeout.queuewarn.urgent=1h #O Timeout.queuewarn.non-urgent=12h #O Timeout.hoststatus=30m #O Timeout.resolver.retrans=5s #O Timeout.resolver.retrans.first=5s #O Timeout.resolver.retrans.normal=5s #O Timeout.resolver.retry=4 #O Timeout.resolver.retry.first=4 #O Timeout.resolver.retry.normal=4 #O Timeout.lhlo=2m #O Timeout.auth=10m #O Timeout.starttls=1h # time for DeliverBy; extension disabled if less than 0 #O DeliverByMin=0 # should we not prune routes in route-addr syntax addresses? #O DontPruneRoutes=False # queue up everything before forking? O SuperSafe=True # status file O StatusFile=/etc/mail/statistics # time zone handling: # if undefined, use system default # if defined but null, use TZ envariable passed in # if defined and non-null, use that info #O TimeZoneSpec= # default UID (can be username or userid:groupid) #O DefaultUser=mailnull # list of locations of user database file (null means no lookup) #O UserDatabaseSpec=/etc/mail/userdb # fallback MX host #O FallbackMXhost=fall.back.host.net # if we are the best MX host for a site, try it directly instead of config err #O TryNullMXList=False # load average at which we just queue messages #O QueueLA=8 # load average at which we refuse connections #O RefuseLA=12 # load average at which we delay connections; 0 means no limit #O DelayLA=0 # maximum number of children we allow at one time #O MaxDaemonChildren=0 # maximum number of new connections per second #O ConnectionRateThrottle=0 # work recipient factor #O RecipientFactor=30000 # deliver each queued job in a separate process? #O ForkEachJob=False # work class factor #O ClassFactor=1800 # work time factor #O RetryFactor=90000 # default character set #O DefaultCharSet=iso-8859-1 # service switch file (name hardwired on Solaris, Ultrix, OSF/1, others) #O ServiceSwitchFile=/etc/mail/service.switch # hosts file (normally /etc/hosts) #O HostsFile=/etc/hosts # dialup line delay on connection failure #O DialDelay=10s # action to take if there are no recipients in the message #O NoRecipientAction=add-to-undisclosed # chrooted environment for writing to files #O SafeFileEnvironment=/arch # are colons OK in addresses? #O ColonOkInAddr=True # shall I avoid expanding CNAMEs (violates protocols)? #O DontExpandCnames=False # SMTP initial login message (old $e macro) O SmtpGreetingMessage=$j Sendmail 1.0/1.0; $b # UNIX initial From header format (old $l macro) O UnixFromLine=From $g $d # From: lines that have embedded newlines are unwrapped onto one line #O SingleLineFromHeader=False # Allow HELO SMTP command that does not include a host name #O AllowBogusHELO=False # Characters to be quoted in a full name phrase (@,;:\()[] are automatic) #O MustQuoteChars=. # delimiter (operator) characters (old $o macro) O OperatorChars=.:%@!^/[]+ # shall I avoid calling initgroups(3) because of high NIS costs? #O DontInitGroups=False # are group-writable :include: and .forward files (un)trustworthy? # True (the default) means they are not trustworthy. #O UnsafeGroupWrites=True # where do errors that occur when sending errors get sent? #O DoubleBounceAddress=postmaster # where to save bounces if all else fails #O DeadLetterDrop=/var/tmp/dead.letter # what user id do we assume for the majority of the processing? #O RunAsUser=sendmail # maximum number of recipients per SMTP envelope #O MaxRecipientsPerMessage=100 # limit the rate recipients per SMTP envelope are accepted # once the threshold number of recipients have been rejected #O BadRcptThrottle=20 # shall we get local names from our installed interfaces? #O DontProbeInterfaces=False # Return-Receipt-To: header implies DSN request #O RrtImpliesDsn=False # override connection address (for testing) #O ConnectOnlyTo=0.0.0.0 # Trusted user for file ownership and starting the daemon #O TrustedUser=root # Control socket for daemon management #O ControlSocketName=/var/spool/mqueue/.control # Maximum MIME header length to protect MUAs #O MaxMimeHeaderLength=0/0 # Maximum length of the sum of all headers O MaxHeadersLength=32768 # Maximum depth of alias recursion #O MaxAliasRecursion=10 # location of pid file #O PidFile=/var/run/sendmail.pid # Prefix string for the process title shown on 'ps' listings #O ProcessTitlePrefix=prefix # Data file (df) memory-buffer file maximum size #O DataFileBufferSize=4096 # Transcript file (xf) memory-buffer file maximum size #O XscriptFileBufferSize=4096 # lookup type to find information about local mailboxes #O MailboxDatabase=pw # list of authentication mechanisms #O AuthMechanisms=EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5 # default authentication information for outgoing connections #O DefaultAuthInfo=/etc/mail/default-auth-info # SMTP AUTH flags #O AuthOptions # SMTP AUTH maximum encryption strength #O AuthMaxBits # SMTP STARTTLS server options #O TLSSrvOptions # Input mail filters #O InputMailFilters # CA directory #O CACertPath # CA file #O CACertFile # Server Cert #O ServerCertFile # Server private key #O ServerKeyFile # Client Cert #O ClientCertFile # Client private key #O ClientKeyFile # DHParameters (only required if DSA/DH is used) #O DHParameters # Random data source (required for systems without /dev/urandom under OpenSSL) #O RandFile ############################ # QUEUE GROUP DEFINITIONS # ############################ ########################### # Message precedences # ########################### Pfirst-class=0 Pspecial-delivery=100 Plist=-30 Pbulk=-60 Pjunk=-100 ##################### # Trusted users # ##################### # this is equivalent to setting class "t" #Ft/etc/mail/trusted-users Troot Tdaemon Tuucp Tmajordom ######################### # Format of headers # ######################### H?P?Return-Path: <$g> HReceived: $?sfrom $s $.$?_($?s$|from $.$_) $.$?{auth_type}(authenticated$?{auth_ssf} bits=${auth_ssf}$.) $.by $j ($v/$Z)$?r with $r$. id $i$?{tls_version} (version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify})$.$?u for $u; $|; $.$b H?D?Resent-Date: $a H?D?Date: $a H?F?Resent-From: $?x$x <$g>$|$g$. H?F?From: $?x$x <$g>$|$g$. H?x?Full-Name: $x # HPosted-Date: $a # H?l?Received-Date: $b H?M?Resent-Message-Id: <$t.$i@$j> H?M?Message-Id: <$t.$i@$j> # ###################################################################### ###################################################################### ##### ##### REWRITING RULES ##### ###################################################################### ###################################################################### ############################################ ### Ruleset 3 -- Name Canonicalization ### ############################################ Scanonify=3 # handle null input (translate to <@> special case) R$@ $@ <@> # strip group: syntax (not inside angle brackets!) and trailing semicolon R$* $: $1 <@> mark addresses R$* < $* > $* <@> $: $1 < $2 > $3 unmark R@ $* <@> $: @ $1 unmark @host:... R$* [ IPv6 : $+ ] <@> $: $1 [ IPv6 : $2 ] unmark IPv6 addr R$* :: $* <@> $: $1 :: $2 unmark node::addr R:include: $* <@> $: :include: $1 unmark :include:... R$* : $* [ $* ] $: $1 : $2 [ $3 ] <@> remark if leading colon R$* : $* <@> $: $2 strip colon if marked R$* <@> $: $1 unmark R$* ; $1 strip trailing semi R$* < $+ :; > $* $@ $2 :; <@> catch R$* < $* ; > $1 < $2 > bogus bracketed semi # null input now results from list:; syntax R$@ $@ :; <@> # strip angle brackets -- note RFC733 heuristic to get innermost item R$* $: < $1 > housekeeping <> R$+ < $* > < $2 > strip excess on left R< $* > $+ < $1 > strip excess on right R<> $@ < @ > MAIL FROM:<> case R< $+ > $: $1 remove housekeeping <> # strip route address <@a,@b,@c:user@d> -> R@ $+ , $+ $2 R@ [ $* ] : $+ $2 R@ $+ : $+ $2 # find focus for list syntax R $+ : $* ; @ $+ $@ $>Canonify2 $1 : $2 ; < @ $3 > list syntax R $+ : $* ; $@ $1 : $2; list syntax # find focus for @ syntax addresses R$+ @ $+ $: $1 < @ $2 > focus on domain R$+ < $+ @ $+ > $1 $2 < @ $3 > move gaze right R$+ < @ $+ > $@ $>Canonify2 $1 < @ $2 > already canonical # convert old-style addresses to a domain-based address R$- ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > resolve uucp names R$+ . $- ! $+ $@ $>Canonify2 $3 < @ $1 . $2 > domain uucps R$+ ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > uucp subdomains # if we have % signs, take the rightmost one R$* % $* $1 @ $2 First make them all @s. R$* @ $* @ $* $1 % $2 @ $3 Undo all but the last. R$* @ $* $@ $>Canonify2 $1 < @ $2 > Insert < > and finish # else we must be a local name R$* $@ $>Canonify2 $1 ################################################ ### Ruleset 96 -- bottom half of ruleset 3 ### ################################################ SCanonify2=96 # handle special cases for local names R$* < @ localhost > $* $: $1 < @ $j . > $2 no domain at all R$* < @ localhost . $m > $* $: $1 < @ $j . > $2 local domain R$* < @ localhost . UUCP > $* $: $1 < @ $j . > $2 .UUCP domain # check for IPv4/IPv6 domain literal R$* < @ [ $+ ] > $* $: $1 < @@ [ $2 ] > $3 mark [addr] R$* < @@ $=w > $* $: $1 < @ $j . > $3 self-literal R$* < @@ $+ > $* $@ $1 < @ $2 > $3 canon IP addr # look up domains in the domain table R$* < @ $+ > $* $: $1 < @ $(domaintable $2 $) > $3 # if really UUCP, handle it immediately # try UUCP traffic as a local address R$* < @ $+ . UUCP > $* $: $1 < @ $[ $2 $] . UUCP . > $3 R$* < @ $+ . . UUCP . > $* $@ $1 < @ $2 . > $3 # hostnames ending in class P are always canonical R$* < @ $* $=P > $* $: $1 < @ $2 $3 . > $4 R$* < @ $* $~P > $* $: $&{daemon_flags} $| $1 < @ $2 $3 > $4 R$* CC $* $| $* < @ $+.$+ > $* $: $3 < @ $4.$5 . > $6 R$* CC $* $| $* $: $3 # pass to name server to make hostname canonical R$* $| $* < @ $* > $* $: $2 < @ $[ $3 $] > $4 R$* $| $* $: $2 # local host aliases and pseudo-domains are always canonical R$* < @ $=w > $* $: $1 < @ $2 . > $3 R$* < @ $=M > $* $: $1 < @ $2 . > $3 R$* < @ $={VirtHost} > $* $: $1 < @ $2 . > $3 R$* < @ $=G > $* $: $1 < @ $2 . > $3 R$* < @ $* . . > $* $1 < @ $2 . > $3 ################################################## ### Ruleset 4 -- Final Output Post-rewriting ### ################################################## Sfinal=4 R$+ :; <@> $@ $1 : handle R$* <@> $@ handle <> and list:; # strip trailing dot off possibly canonical name R$* < @ $+ . > $* $1 < @ $2 > $3 # eliminate internal code R$* < @ *LOCAL* > $* $1 < @ $j > $2 # externalize local domain info R$* < $+ > $* $1 $2 $3 defocus R@ $+ : @ $+ : $+ @ $1 , @ $2 : $3 canonical R@ $* $@ @ $1 ... and exit # UUCP must always be presented in old form R$+ @ $- . UUCP $2!$1 u@h.UUCP => h!u # delete duplicate local names R$+ % $=w @ $=w $1 @ $2 u%host@host => u@host ############################################################## ### Ruleset 97 -- recanonicalize and call ruleset zero ### ### (used for recursive calls) ### ############################################################## SRecurse=97 R$* $: $>canonify $1 R$* $@ $>parse $1 ###################################### ### Ruleset 0 -- Parse Address ### ###################################### Sparse=0 R$* $: $>Parse0 $1 initial parsing R<@> $#local $: <@> special case error msgs R$* $: $>ParseLocal $1 handle local hacks R$* $: $>Parse1 $1 final parsing # # Parse0 -- do initial syntax checking and eliminate local addresses. # This should either return with the (possibly modified) input # or return with a #error mailer. It should not return with a # #mailer other than the #error mailer. # SParse0 R<@> $@ <@> special case error msgs R$* : $* ; <@> $#error $@ 5.1.3 $: "553 List:; syntax illegal for recipient addresses" R@ <@ $* > < @ $1 > catch "@@host" bogosity R<@ $+> $#error $@ 5.1.3 $: "553 User address required" R$+ <@> $#error $@ 5.1.3 $: "553 Hostname required" R$* $: <> $1 R<> $* < @ [ $* ] : $+ > $* $1 < @ [ $2 ] : $3 > $4 R<> $* < @ [ $* ] , $+ > $* $1 < @ [ $2 ] , $3 > $4 R<> $* < @ [ $* ] $+ > $* $#error $@ 5.1.2 $: "553 Invalid address" R<> $* < @ [ $+ ] > $* $1 < @ [ $2 ] > $3 R<> $* <$* : $* > $* $#error $@ 5.1.3 $: "553 Colon illegal in host name part" R<> $* $1 R$* < @ . $* > $* $#error $@ 5.1.2 $: "553 Invalid host name" R$* < @ $* .. $* > $* $#error $@ 5.1.2 $: "553 Invalid host name" R$* < @ $* @ > $* $#error $@ 5.1.2 $: "553 Invalid route address" R$* @ $* < @ $* > $* $#error $@ 5.1.3 $: "553 Invalid route address" R$* , $~O $* $#error $@ 5.1.3 $: "553 Invalid route address" # now delete the local info -- note $=O to find characters that cause forwarding R$* < @ > $* $@ $>Parse0 $>canonify $1 user@ => user R< @ $=w . > : $* $@ $>Parse0 $>canonify $2 @here:... -> ... R$- < @ $=w . > $: $(dequote $1 $) < @ $2 . > dequote "foo"@here R< @ $+ > $#error $@ 5.1.3 $: "553 User address required" R$* $=O $* < @ $=w . > $@ $>Parse0 $>canonify $1 $2 $3 ...@here -> ... R$- $: $(dequote $1 $) < @ *LOCAL* > dequote "foo" R< @ *LOCAL* > $#error $@ 5.1.3 $: "553 User address required" R$* $=O $* < @ *LOCAL* > $@ $>Parse0 $>canonify $1 $2 $3 ...@*LOCAL* -> ... R$* < @ *LOCAL* > $: $1 # # Parse1 -- the bottom half of ruleset 0. # SParse1 # handle numeric address spec R$* < @ [ $+ ] > $* $: $>ParseLocal $1 < @ [ $2 ] > $3 numeric internet spec R$* < @ [ $+ ] > $* $1 < @ [ $2 ] : $S > $3 Add smart host to path R$* < @ [ $+ ] : > $* $#esmtp $@ [$2] $: $1 < @ [$2] > $3 no smarthost: send R$* < @ [ $+ ] : $- : $*> $* $#$3 $@ $4 $: $1 < @ [$2] > $5 smarthost with mailer R$* < @ [ $+ ] : $+ > $* $#esmtp $@ $3 $: $1 < @ [$2] > $4 smarthost without mailer # handle virtual users R$+ $: $1 Mark for lookup R $+ < @ $={VirtHost} . > $: < $(virtuser $1 @ $2 $@ $1 $: @ $) > $1 < @ $2 . > R $+ < @ $=w . > $: < $(virtuser $1 @ $2 $@ $1 $: @ $) > $1 < @ $2 . > R<@> $+ + $+ < @ $* . > $: < $(virtuser $1 + + @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . > R<@> $+ + $* < @ $* . > $: < $(virtuser $1 + * @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . > R<@> $+ + $* < @ $* . > $: < $(virtuser $1 @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . > R<@> $+ + $+ < @ $+ . > $: < $(virtuser + + @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . > R<@> $+ + $* < @ $+ . > $: < $(virtuser + * @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . > R<@> $+ + $* < @ $+ . > $: < $(virtuser @ $3 $@ $1 $@ $2 $@ +$2 $: ! $) > $1 + $2 < @ $3 . > R<@> $+ < @ $+ . > $: < $(virtuser @ $2 $@ $1 $: @ $) > $1 < @ $2 . > R<@> $+ $: $1 R $+ $: $1 R< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4 R< error : $- $+ > $* $#error $@ $(dequote $1 $) $: $2 R< $+ > $+ < @ $+ > $: $>Recurse $1 # short circuit local delivery so forwarded email works R$=L < @ $=w . > $#local $: @ $1 special local names R$+ < @ $=w . > $#local $: $1 regular local name # not local -- try mailer table lookup R$* <@ $+ > $* $: < $2 > $1 < @ $2 > $3 extract host name R< $+ . > $* $: < $1 > $2 strip trailing dot R< $+ > $* $: < $(mailertable $1 $) > $2 lookup R< $~[ : $* > $* $>MailerToTriple < $1 : $2 > $3 check -- resolved? R< $+ > $* $: $>Mailertable <$1> $2 try domain # resolve remotely connected UUCP links (if any) # resolve fake top level domains by forwarding to other hosts # pass names that still have a host to a smarthost (if defined) R$* < @ $* > $* $: $>MailerToTriple < $S > $1 < @ $2 > $3 glue on smarthost name # deal with other remote names R$* < @$* > $* $#esmtp $@ $2 $: $1 < @ $2 > $3 user@host.domain # handle locally delivered names R$=L $#local $: @ $1 special local names R$+ $#local $: $1 regular local names ########################################################################### ### Ruleset 5 -- special rewriting after aliases have been expanded ### ########################################################################### SLocal_localaddr Slocaladdr=5 R$+ $: $1 $| $>"Local_localaddr" $1 R$+ $| $#ok $@ $1 no change R$+ $| $#$* $#$2 R$+ $| $* $: $1 # deal with plussed users so aliases work nicely R$+ + * $#local $@ $&h $: $1 R$+ + $* $#local $@ + $2 $: $1 + * # prepend an empty "forward host" on the front R$+ $: <> $1 R< > $+ $: < > < $1 <> $&h > nope, restore +detail R< > < $+ <> + $* > $: < > < $1 + $2 > check whether +detail R< > < $+ <> $* > $: < > < $1 > else discard R< > < $+ + $* > $* < > < $1 > + $2 $3 find the user part R< > < $+ > + $* $#local $@ $2 $: @ $1 strip the extra + R< > < $+ > $@ $1 no +detail R$+ $: $1 <> $&h add +detail back in R$+ <> + $* $: $1 + $2 check whether +detail R$+ <> $* $: $1 else discard R< local : $* > $* $: $>MailerToTriple < local : $1 > $2 no host extension R< error : $* > $* $: $>MailerToTriple < error : $1 > $2 no host extension R< $~[ : $+ > $+ $: $>MailerToTriple < $1 : $2 > $3 < @ $2 > R< $+ > $+ $@ $>MailerToTriple < $1 > $2 < @ $1 > ################################################################### ### Ruleset 90 -- try domain part of mailertable entry ### ################################################################### SMailertable=90 R$* <$- . $+ > $* $: $1$2 < $(mailertable .$3 $@ $1$2 $@ $2 $) > $4 R$* <$~[ : $* > $* $>MailerToTriple < $2 : $3 > $4 check -- resolved? R$* < . $+ > $* $@ $>Mailertable $1 . <$2> $3 no -- strip & try again R$* < $* > $* $: < $(mailertable . $@ $1$2 $) > $3 try "." R< $~[ : $* > $* $>MailerToTriple < $1 : $2 > $3 "." found? R< $* > $* $@ $2 no mailertable match ################################################################### ### Ruleset 95 -- canonify mailer:[user@]host syntax to triple ### ################################################################### SMailerToTriple=95 R< > $* $@ $1 strip off null relay R< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4 R< error : $- $+ > $* $#error $@ $(dequote $1 $) $: $2 R< local : $* > $* $>CanonLocal < $1 > $2 R< $~[ : $+ @ $+ > $*<$*>$* $# $1 $@ $3 $: $2<@$3> use literal user R< $~[ : $+ > $* $# $1 $@ $2 $: $3 try qualified mailer R< $=w > $* $@ $2 delete local host R< $+ > $* $#relay $@ $1 $: $2 use unqualified mailer ################################################################### ### Ruleset CanonLocal -- canonify local: syntax ### ################################################################### SCanonLocal # strip local host from routed addresses R< $* > < @ $+ > : $+ $@ $>Recurse $3 R< $* > $+ $=O $+ < @ $+ > $@ $>Recurse $2 $3 $4 # strip trailing dot from any host name that may appear R< $* > $* < @ $* . > $: < $1 > $2 < @ $3 > # handle local: syntax -- use old user, either with or without host R< > $* < @ $* > $* $#local $@ $1@$2 $: $1 R< > $+ $#local $@ $1 $: $1 # handle local:user@host syntax -- ignore host part R< $+ @ $+ > $* < @ $* > $: < $1 > $3 < @ $4 > # handle local:user syntax R< $+ > $* <@ $* > $* $#local $@ $2@$3 $: $1 R< $+ > $* $#local $@ $2 $: $1 ################################################################### ### Ruleset 93 -- convert header names to masqueraded form ### ################################################################### SMasqHdr=93 # handle generics database R$+ < @ $=G . > $: < $1@$2 > $1 < @ $2 . > @ mark R$+ < @ *LOCAL* > $: < $1@$j > $1 < @ *LOCAL* > @ mark R< $+ > $+ < $* > @ $: < $(generics $1 $: @ $1 $) > $2 < $3 > R<@$+ + $* @ $+> $+ < @ $+ > $: < $(generics $1+*@$3 $@ $2 $:@$1 + $2@$3 $) > $4 < @ $5 > R<@$+ + $* @ $+> $+ < @ $+ > $: < $(generics $1@$3 $: $) > $4 < @ $5 > R<@$+ > $+ < @ $+ > $: < > $2 < @ $3 > R< > $+ < @ $+ . > $: < $(generics @$2 $@ $1 $: $) > $1 < @ $2 . > R< > $+ < @ $+ > $: < $(generics $1 $: $) > $1 < @ $2 > R< > $+ + $* < @ $+ > $: < $(generics $1+* $@ $2 $: $) > $1 + $2 < @ $3 > R< > $+ + $* < @ $+ > $: < $(generics $1 $: $) > $1 + $2 < @ $3 > R< $* @ $* > $* < $* > $@ $>canonify $1 @ $2 found qualified R< $+ > $* < $* > $: $>canonify $1 @ *LOCAL* found unqualified R< > $* $: $1 not found # do not masquerade anything in class N R$* < @ $* $=N . > $@ $1 < @ $2 $3 . > R$* < @ *LOCAL* > $@ $1 < @ $j . > ################################################################### ### Ruleset 94 -- convert envelope names to masqueraded form ### ################################################################### SMasqEnv=94 R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2 ################################################################### ### Ruleset 98 -- local part of ruleset zero (can be null) ### ################################################################### SParseLocal=98 # addresses sent to foo@host.REDIRECT will give a 551 error code R$* < @ $+ .REDIRECT. > $: $1 < @ $2 . REDIRECT . > < ${opMode} > R$* < @ $+ .REDIRECT. > $: $1 < @ $2 . REDIRECT. > R$* < @ $+ .REDIRECT. > < $- > $#error $@ 5.1.1 $: "551 User has moved; please try " <$1@$2> # addresses sent to foo@host.REDIRECT will give a 551 error code R$* < @ $+ .REDIRECT. > $: $1 < @ $2 . REDIRECT . > < ${opMode} > R$* < @ $+ .REDIRECT. > $: $1 < @ $2 . REDIRECT. > R$* < @ $+ .REDIRECT. > < $- > $#error $@ 5.1.1 $: "551 User has moved; please try " <$1@$2> ###################################################################### ### D: LookUpDomain -- search for domain in access database ### ### Parameters: ### <$1> -- key (domain name) ### <$2> -- default (what to return if not found in db) ### <$3> -- mark (must be <(!|+) single-token>) ### ! does lookup only with tag ### + does lookup with and without tag ### <$4> -- passthru (additional data passed unchanged through) ###################################################################### SD R<$*> <$+> <$- $-> <$*> $: < $(access $4:$1 $: ? $) > <$1> <$2> <$3 $4> <$5> R <$+> <$+> <+ $-> <$*> $: < $(access $1 $: ? $) > <$1> <$2> <+ $3> <$4> R <$+.$+> <$+> <$- $-> <$*> $: < $(access $5:.$2 $: ? $) > <$1.$2> <$3> <$4 $5> <$6> R <$+.$+> <$+> <+ $-> <$*> $: < $(access .$2 $: ? $) > <$1.$2> <$3> <+ $4> <$5> R <[$+.$-]> <$+> <$- $-> <$*> $@ $>D <[$1]> <$3> <$4 $5> <$6> R <[$+::$-]> <$+> <$- $-> <$*> $: $>D <[$1]> <$3> <$4 $5> <$6> R <[$+:$-]> <$+> <$- $-> <$*> $: $>D <[$1]> <$3> <$4 $5> <$6> R <$+.$+> <$+> <$- $-> <$*> $@ $>D <$2> <$3> <$4 $5> <$6> R <$+> <$+> <$- $-> <$*> $@ <$2> <$5> R<$* > <$+> <$+> <$- $-> <$*> $@ <> <$6> R<$*> <$+> <$+> <$- $-> <$*> $@ <$1> <$6> ###################################################################### ### A: LookUpAddress -- search for host address in access database ### ### Parameters: ### <$1> -- key (dot quadded host address) ### <$2> -- default (what to return if not found in db) ### <$3> -- mark (must be <(!|+) single-token>) ### ! does lookup only with tag ### + does lookup with and without tag ### <$4> -- passthru (additional data passed through) ###################################################################### SA R<$+> <$+> <$- $-> <$*> $: < $(access $4:$1 $: ? $) > <$1> <$2> <$3 $4> <$5> R <$+> <$+> <+ $-> <$*> $: < $(access $1 $: ? $) > <$1> <$2> <+ $3> <$4> R <$+::$-> <$+> <$- $-> <$*> $@ $>A <$1> <$3> <$4 $5> <$6> R <$+:$-> <$+> <$- $-> <$*> $@ $>A <$1> <$3> <$4 $5> <$6> R <$+.$-> <$+> <$- $-> <$*> $@ $>A <$1> <$3> <$4 $5> <$6> R <$+> <$+> <$- $-> <$*> $@ <$2> <$5> R<$* > <$+> <$+> <$- $-> <$*> $@ <> <$6> R<$*> <$+> <$+> <$- $-> <$*> $@ <$1> <$6> ###################################################################### ### CanonAddr -- Convert an address into a standard form for ### relay checking. Route address syntax is ### crudely converted into a %-hack address. ### ### Parameters: ### $1 -- full recipient address ### ### Returns: ### parsed address, not in source route form ###################################################################### SCanonAddr R$* $: $>Parse0 $>canonify $1 make domain canonical ###################################################################### ### ParseRecipient -- Strip off hosts in $=R as well as possibly ### $* $=m or the access database. ### Check user portion for host separators. ### ### Parameters: ### $1 -- full recipient address ### ### Returns: ### parsed, non-local-relaying address ###################################################################### SParseRecipient R$* $: $>CanonAddr $1 R $* < @ $* . > $1 < @ $2 > strip trailing dots R $- < @ $* > $: $(dequote $1 $) < @ $2 > dequote local part # if no $=O character, no host in the user portion, we are done R $* $=O $* < @ $* > $: $1 $2 $3 < @ $4> R $* $@ $1 R $* < @ $* $=R > $: $1 < @ $2 $3 > R $* < @ $+ > $: $>D <$2> <+ To> <$1 < @ $2 >> R<$+> <$+> $: <$1> $2 R $* < @ $* > $@ $>ParseRecipient $1 R<$+> $* $@ $2 ###################################################################### ### check_relay -- check hostname/address on SMTP startup ###################################################################### SLocal_check_relay Scheckrelay R$* $: $1 $| $>"Local_check_relay" $1 R$* $| $* $| $#$* $#$3 R$* $| $* $| $* $@ $>"Basic_check_relay" $1 $| $2 SBasic_check_relay # check for deferred delivery mode R$* $: < $&{deliveryMode} > $1 R< d > $* $@ deferred R< $* > $* $: $2 R$+ $| $+ $: $>D < $1 > <+ Connect> < $2 > R $| $+ $: $>A < $1 > <+ Connect> <> empty client_name R <$+> $: $>A < $1 > <+ Connect> <> no: another lookup R <$*> $: OK found nothing R<$={Accept}> <$*> $@ $1 return value of lookup R <$*> $#error $: "552 Spammer $&{client_addr} $&f Rejected by PostMaster@$j - check_mail or check_relay" R <$*> $#discard $: discard R <$*> $#error $@ $1.$2.$3 $: $4 R <$*> $#error $: $1 R<$* > <$*> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later." R<$+> <$*> $#error $: $1 # DNS based IP address spam list blackholes.mail-abuse.org R$* $: $&{client_addr} R$-.$-.$-.$- $: $(ednsbl $4.$3.$2.$1.blackholes.mail-abuse.org. $: OK $) ROK $: OKSOFAR R$+ $: TMPOK R$+ $#error $@ 5.7.1 $: "550 Rejected: " $&{client_addr} " listed at blackholes.mail-abuse.org" # DNS based IP address spam list or.orbl.org R$* $: $&{client_addr} R$-.$-.$-.$- $: $(ednsbl $4.$3.$2.$1.or.orbl.org. $: OK $) ROK $: OKSOFAR R$+ $: TMPOK R$+ $#error $@ 5.7.1 $: Spammer $&{client_addr} $&f rejected: see http://www.orbl.org/ (ORBL) # DNS based IP address spam list relays.ordb.org R$* $: $&{client_addr} R$-.$-.$-.$- $: $(ednsbl $4.$3.$2.$1.relays.ordb.org. $: OK $) ROK $: OKSOFAR R$+ $: TMPOK R$+ $#error $@ 5.7.1 $: Spammer $&{client_addr} $&f rejected: see http://ordb.org/ (relays) # DNS based IP address spam list list.dsbl.org R$* $: $&{client_addr} R$-.$-.$-.$- $: $(ednsbl $4.$3.$2.$1.list.dsbl.org. $: OK $) ROK $: OKSOFAR R$+ $: TMPOK R$+ $#error $@ 5.7.1 $: Spammer $&{client_addr} $&f rejected: see http://list.dsbl.org # DNS based IP address spam list orbs.dorkslayers.com R$* $: $&{client_addr} R$-.$-.$-.$- $: $(ednsbl $4.$3.$2.$1.orbs.dorkslayers.com. $: OK $) ROK $: OKSOFAR R$+ $: TMPOK R$+ $#error $@ 5.7.1 $: Spammer $&{client_addr} $&f rejected: see http://orbs.dorkslayers.com # DNS based IP address spam list bl.spamcop.net R$* $: $&{client_addr} R$-.$-.$-.$- $: $(ednsbl $4.$3.$2.$1.bl.spamcop.net. $: OK $) ROK $: OKSOFAR R$+ $: TMPOK R$+ $#error $@ 5.7.1 $: Spammer $&{client_addr} $&f rejected: see http://bl.spamcop.net # DNS based IP address spam list blackholes.wirehub.net R$* $: $&{client_addr} R$-.$-.$-.$- $: $(ednsbl $4.$3.$2.$1.blackholes.wirehub.net. $: OK $) ROK $: OKSOFAR R$+ $: TMPOK R$+ $#error $@ 5.7.1 $: Spammer $&{client_addr} $&f rejected: see http://blackholes.wirehub.net # DNS based IP address spam list formmail.relays.monkeys.com R$* $: $&{client_addr} R$-.$-.$-.$- $: $(ednsbl $4.$3.$2.$1.formmail.relays.monkeys.com. $: OK $) ROK $: OKSOFAR R$+ $: TMPOK R$+ $#error $@ 5.7.1 $: Spammer $&{client_addr} $&f rejected: see http://formmail.relays.monkeys.com # DNS based IP address spam list proxies.relays.monkeys.com R$* $: $&{client_addr} R$-.$-.$-.$- $: $(ednsbl $4.$3.$2.$1.proxies.relays.monkeys.com. $: OK $) ROK $: OKSOFAR R$+ $: TMPOK R$+ $#error $@ 5.7.1 $: Spammer $&{client_addr} $&f rejected: see http://proxies.relays.monkeys.com # DNS based IP address spam list dialups.relays.osirusoft.com R$* $: $&{client_addr} R$-.$-.$-.$- $: $(ednsbl $4.$3.$2.$1.dialups.relays.osirusoft.com. $: OK $) ROK $: OKSOFAR R$+ $: TMPOK R$+ $#error $@ 5.7.1 $: Spammer $&{client_addr} $&f rejected by http://dialups.relays.osirusoft.com. (dialups) # DNS based IP address spam list relays.osirusoft.com R$* $: $&{client_addr} R$-.$-.$-.$- $: $(ednsbl $4.$3.$2.$1.relays.osirusoft.com. $: OK $) ROK $: OKSOFAR R$+ $: TMPOK R$+ $#error $@ 5.7.1 $: Spammer $&{client_addr} $&f rejected by http://relays.osirusoft.com # DNS based IP address spam list spamsites.relays.osirusoft.com R$* $: $&{client_addr} R$-.$-.$-.$- $: $(ednsbl $4.$3.$2.$1.spamsites.relays.osirusoft.com. $: OK $) ROK $: OKSOFAR R$+ $: TMPOK R$+ $#error $@ 5.7.1 $: Spammer $&{client_addr} $&f rejected by http://relays.osirusoft.com/ (spamsites) # DNS based IP address spam list spamhaus.relays.osirusoft.com R$* $: $&{client_addr} R$-.$-.$-.$- $: $(ednsbl $4.$3.$2.$1.spamhaus.relays.osirusoft.com. $: OK $) ROK $: OKSOFAR R$+ $: TMPOK R$+ $#error $@ 5.7.1 $: Spammer $&{client_addr} $&f rejected by http://relays.osirusoft.com/ (spamhaus) # DNS based IP address spam list spews.relays.osirusoft.com R$* $: $&{client_addr} R$-.$-.$-.$- $: $(ednsbl $4.$3.$2.$1.spews.relays.osirusoft.com. $: OK $) ROK $: OKSOFAR R$+ $: TMPOK R$+ $#error $@ 5.7.1 $: Spammer $&{client_addr} $&f rejected by http://relays.osirusoft.com/ (spews) # DNS based IP address spam list relays.visi.com R$* $: $&{client_addr} R$-.$-.$-.$- $: $(ednsbl $4.$3.$2.$1.relays.visi.com. $: OK $) ROK $: OKSOFAR R$+ $: TMPOK R$+ $#error $@ 5.7.1 $: Spammer $&{client_addr} $&f rejected by http://relays.visi.com # DNS based IP address spam list dsn.rfc-ignorant.org R$* $: $&{client_addr} R$-.$-.$-.$- $: $(ednsbl $4.$3.$2.$1.dsn.rfc-ignorant.org. $: OK $) ROK $: OKSOFAR R$+ $: TMPOK R$+ $#error $@ 5.7.1 $: 550 Spammer $&{client_addr} $&f rejected because you violate RFC 821/2505/2821 # DNS based IP address spam list postmaster.rfc-ignorant.org R$* $: $&{client_addr} R$-.$-.$-.$- $: $(ednsbl $4.$3.$2.$1.postmaster.rfc-ignorant.org. $: OK $) ROK $: OKSOFAR R$+ $: TMPOK R$+ $#error $@ 5.7.1 $: 550 Spammer $&{client_addr} $&f rejected because your domain does not have a working PostMaster ###################################################################### ### check_mail -- check SMTP `MAIL FROM:' command argument ###################################################################### SLocal_check_mail Scheckmail R$* $: $1 $| $>"Local_check_mail" $1 R$* $| $#$* $#$2 R$* $| $* $@ $>"Basic_check_mail" $1 SBasic_check_mail # check for deferred delivery mode R$* $: < $&{deliveryMode} > $1 R< d > $* $@ deferred R< $* > $* $: $2 # authenticated? R$* $: $1 $| $>"tls_client" $&{verify} $| MAIL R$* $| $#$+ $#$2 R$* $| $* $: $1 R<> $@ we MUST accept <> (RFC 1123) R$+ $: $1 R<$+> $: <@> <$1> R$+ $: <@> <$1> R$* $: $&{daemon_flags} $| $1 R$* f $* $| <@> < $* @ $- > $: < ? $&{client_name} > < $3 @ $4 > R$* u $* $| <@> < $* > $: < $3 > R$* $| $* $: $2 # handle case of @localhost on address R<@> < $* @ localhost > $: < ? $&{client_name} > < $1 @ localhost > R<@> < $* @ [127.0.0.1] > $: < ? $&{client_name} > < $1 @ [127.0.0.1] > R<@> < $* @ localhost.$m > $: < ? $&{client_name} > < $1 @ localhost.$m > R<@> < $* @ localhost.UUCP > $: < ? $&{client_name} > < $1 @ localhost.UUCP > R<@> $* $: $1 no localhost as domain R $* $: $2 local client: ok R <$+> $#error $@ 5.5.4 $: "553 Real domain name required for sender address" R $* $: $1 R$* $: $>CanonAddr $1 canonify sender address and mark it R $* < @ $+ . > $1 < @ $2 > strip trailing dots # handle non-DNS hostnames (*.bitnet, *.decnet, *.uucp, etc) R $* < @ $* $=P > $: $1 < @ $2 $3 > R $* < @ $j > $: $1 < @ $j > R $* < @ $+ > $: $) > $1 < @ $2 > R> $* < @ $+ > $: <$2> $3 < @ $4 > # check sender address: user@address, user@, address R<$+> $+ < @ $* > $: @<$1> <$2 < @ $3 >> $| R<$+> $+ $: @<$1> <$2> $| R@ <$+> <$*> $| <$+> $: <@> <$1> <$2> $| $>SearchList <+ From> $| <$3> <> R<@> <$+> <$*> $| <$*> $: <$3> <$1> <$2> reverse result # retransform for further use R <$+> <$*> $: <$1> $2 no match R<$+> <$+> <$*> $: <$1> $3 relevant result, keep it # handle case of no @domain on address R $* $: $&{daemon_flags} $| $1 R$* u $* $| $* $: $3 R$* $| $* $: $2 R $* $: < ? $&{client_addr} > $1 R $* $@ ...local unqualed ok R $* $#error $@ 5.5.4 $: "553 Domain name required for sender address " $&f ...remote is not # check results R $* $: @ $1 mark address: nothing known about it R<$={ResOk}> $* $@ domain ok: stop R $* $#error $@ 4.1.8 $: "451 Domain of sender address " $&f " does not resolve" R $* $#error $@ 5.1.8 $: "553 Domain of sender address " $&f " does not exist" R<$={Accept}> $* $# $1 accept from access map R $* $#discard $: discard R $* $#error $: "552 Spammer $&{client_addr} $&f Rejected by PostMaster@$j - check_mail or check_relay" R $* $#error $@ $1.$2.$3 $: $4 R $* $#error $: $1 R<> $* $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later." R<$+> $* $#error $: $1 error from access db ###################################################################### ### check_rcpt -- check SMTP `RCPT TO:' command argument ###################################################################### SLocal_check_rcpt Scheckrcpt R$* $: $1 $| $>"Local_check_rcpt" $1 R$* $| $#$* $#$2 R$* $| $* $@ $>"Basic_check_rcpt" $1 SBasic_check_rcpt # empty address? R<> $#error $@ nouser $: "553 User address required" R$@ $#error $@ nouser $: "553 User address required" # check for deferred delivery mode R$* $: < $&{deliveryMode} > $1 R< d > $* $@ deferred R< $* > $* $: $2 ###################################################################### R$* $: $1 $| @ $>"Rcpt_ok" $1 R$* $| @ $#TEMP $+ $: $1 $| T $2 R$* $| @ $#$* $#$2 R$* $| @ RELAY $@ RELAY R$* $| @ $* $: O $| $>"Relay_ok" $1 R$* $| T $+ $: T $2 $| $>"Relay_ok" $1 R$* $| $#TEMP $+ $#error $2 R$* $| $#$* $#$2 R$* $| RELAY $@ RELAY R T $+ $| $* $#error $1 # anything else is bogus R$* $#error $@ 5.7.1 $: "550 Relaying denied" ###################################################################### ### Rcpt_ok: is the recipient ok? ###################################################################### SRcpt_ok R$* $: $>ParseRecipient $1 strip relayable hosts # blacklist local users or any host from receiving mail R$* $: $1 R $+ < @ $=w > $: <> <$1 < @ $2 >> $| R $+ < @ $* > $: <> <$1 < @ $2 >> $| R $+ $: <> <$1> $| R<> <$*> $| <$+> $: <@> <$1> $| $>SearchList <+ To> $| <$2> <> R<@> <$*> $| <$*> $: <$2> <$1> reverse result R <$*> $: @ $1 mark address as no match R<$={Accept}> <$*> $: @ $2 mark address as no match R<$={SpamTag}> <$*> $: @ $2 mark address as no match R $* $#error $@ 5.2.1 $: "550 Mailbox disabled for this recipient" R $* $#discard $: discard R $* $#error $@ $1.$2.$3 $: $4 R $* $#error $: $1 R<> $* $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later." R<$+> $* $#error $: $1 error from access db R@ $* $1 remove mark # authenticated via TLS? R$* $: $1 $| $>RelayTLS client authenticated? R$* $| $# $+ $# $2 error/ok? R$* $| $* $: $1 no R$* $: $1 $| $>"Local_Relay_Auth" $&{auth_type} R$* $| $# $* $# $2 R$* $| NO $: $1 R$* $| $* $: $1 $| $&{auth_type} R$* $| $: $1 R$* $| $={TrustAuthMech} $# RELAY R$* $| $* $: $1 # anything terminating locally is ok R$+ < @ $=w > $@ RELAY R$+ < @ $* $=R > $@ RELAY R$+ < @ $+ > $: $>D <$2> <+ To> <$1 < @ $2 >> R $* $@ RELAY R<$* > $* $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later." R<$*> <$*> $: $2 # check for local user (i.e. unqualified address) R$* $: $1 R $* < @ $+ > $: $1 < @ $2 > # local user is ok R $+ $@ RELAY R<$+> $* $: $2 ###################################################################### ### Relay_ok: is the relay/sender ok? ###################################################################### SRelay_ok # anything originating locally is ok # check IP address R$* $: $&{client_addr} R$@ $@ RELAY originated locally R0 $@ RELAY originated locally R127.0.0.1 $@ RELAY originated locally RIPv6:::1 $@ RELAY originated locally R$=R $* $@ RELAY relayable IP address R$* $: $>A <$1> <+ Connect> <$1> R $* $@ RELAY relayable IP address R<> $* $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later." R<$*> <$*> $: $2 R$* $: [ $1 ] put brackets around it... R$=w $@ RELAY ... and see if it is local # check client name: first: did it resolve? R$* $: < $&{client_resolve} > R $#TEMP $@ 4.7.1 $: "450 Relaying temporarily denied. Cannot resolve PTR record for " $&{client_addr} R $#error $@ 5.7.1 $: "550 Relaying denied. IP name possibly forged " $&{client_name} R $#error $@ 5.7.1 $: "550 Relaying denied. IP name lookup failed " $&{client_name} R$* $: <@> $&{client_name} # pass to name server to make hostname canonical R<@> $* $=P $: $1 $2 R<@> $+ $: $[ $1 $] R$* . $1 strip trailing dots R $=w $@ RELAY R $* $=R $@ RELAY R $* $: $>D <$1> <+ Connect> <$1> R $* $@ RELAY R<$* > $* $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later." R<$*> <$*> $: $2 # turn a canonical address in the form user<@domain> # qualify unqual. addresses with $j SFullAddr R$* <@ $+ . > $1 <@ $2 > R$* <@ $* > $@ $1 <@ $2 > R$+ $@ $1 <@ $j > SDelay_TLS_Client # authenticated? R$* $: $1 $| $>"tls_client" $&{verify} $| MAIL R$* $| $#$+ $#$2 R$* $# $1 SDelay_TLS_Client2 # authenticated? R$* $: $1 $| $>"tls_client" $&{verify} $| MAIL R$* $| $#$+ $#$2 R$* $@ $1 # call all necessary rulesets Scheck_rcpt # R$@ $#error $@ 5.1.3 $: "553 Recipient address required" R$+ $: $1 $| $>checkrcpt $1 R$+ $| $#error $* $#error $2 R$+ $| $#discard $* $#discard $2 R$+ $| $#$* $@ $>"Delay_TLS_Client" $2 R$+ $| $* $: $>FullAddr $>CanonAddr $1 R $+ < @ $=w > $: <> $1 < @ $2 > $| R $+ < @ $* > $: <> $1 < @ $2 > $| # lookup the addresses only with Spam tag R<> $* $| <$+> $: <@> $1 $| $>SearchList $| <$2> <> R<@> $* $| $* $: $2 $1 reverse result # is the recipient a spam friend? R $+ $@ $>"Delay_TLS_Client2" SPAMFRIEND R<$*> $+ $: $2 R$* $: $1 $| $>checkmail <$&f> R$* $| $#$* $#$2 R$* $| $* $: $1 $| $>checkrelay $&{client_name} $| $&{client_addr} R$* $| $#$* $#$2 R$* $| $* $: $1 ###################################################################### ### F: LookUpFull -- search for an entry in access database ### ### lookup of full key (which should be an address) and ### variations if +detail exists: +* and without +detail ### ### Parameters: ### <$1> -- key ### <$2> -- default (what to return if not found in db) ### <$3> -- mark (must be <(!|+) single-token>) ### ! does lookup only with tag ### + does lookup with and without tag ### <$4> -- passthru (additional data passed unchanged through) ###################################################################### SF R<$+> <$*> <$- $-> <$*> $: <$(access $4:$1 $: ? $)> <$1> <$2> <$3 $4> <$5> R <$+> <$*> <+ $-> <$*> $: <$(access $1 $: ? $)> <$1> <$2> <+ $3> <$4> R <$+ + $* @ $+> <$*> <$- $-> <$*> $: <$(access $6:$1+*@$3 $: ? $)> <$1+$2@$3> <$4> <$5 $6> <$7> R <$+ + $* @ $+> <$*> <+ $-> <$*> $: <$(access $1+*@$3 $: ? $)> <$1+$2@$3> <$4> <+ $5> <$6> R <$+ + $* @ $+> <$*> <$- $-> <$*> $: <$(access $6:$1@$3 $: ? $)> <$1+$2@$3> <$4> <$5 $6> <$7> R <$+ + $* @ $+> <$*> <+ $-> <$*> $: <$(access $1@$3 $: ? $)> <$1+$2@$3> <$4> <+ $5> <$6> R <$+> <$*> <$- $-> <$*> $@ <$2> <$5> R<$+ > <$*> <$- $-> <$*> $@ <> <$5> R<$+> <$*> <$- $-> <$*> $@ <$1> <$5> ###################################################################### ### E: LookUpExact -- search for an entry in access database ### ### Parameters: ### <$1> -- key ### <$2> -- default (what to return if not found in db) ### <$3> -- mark (must be <(!|+) single-token>) ### ! does lookup only with tag ### + does lookup with and without tag ### <$4> -- passthru (additional data passed unchanged through) ###################################################################### SE R<$*> <$*> <$- $-> <$*> $: <$(access $4:$1 $: ? $)> <$1> <$2> <$3 $4> <$5> R <$+> <$*> <+ $-> <$*> $: <$(access $1 $: ? $)> <$1> <$2> <+ $3> <$4> R <$+> <$*> <$- $-> <$*> $@ <$2> <$5> R<$+ > <$*> <$- $-> <$*> $@ <> <$5> R<$+> <$*> <$- $-> <$*> $@ <$1> <$5> ###################################################################### ### U: LookUpUser -- search for an entry in access database ### ### lookup of key (which should be a local part) and ### variations if +detail exists: +* and without +detail ### ### Parameters: ### <$1> -- key (user@) ### <$2> -- default (what to return if not found in db) ### <$3> -- mark (must be <(!|+) single-token>) ### ! does lookup only with tag ### + does lookup with and without tag ### <$4> -- passthru (additional data passed unchanged through) ###################################################################### SU R<$+> <$*> <$- $-> <$*> $: <$(access $4:$1 $: ? $)> <$1> <$2> <$3 $4> <$5> R <$+> <$*> <+ $-> <$*> $: <$(access $1 $: ? $)> <$1> <$2> <+ $3> <$4> R <$+ + $* @> <$*> <$- $-> <$*> $: <$(access $5:$1+*@ $: ? $)> <$1+$2@> <$3> <$4 $5> <$6> R <$+ + $* @> <$*> <+ $-> <$*> $: <$(access $1+*@ $: ? $)> <$1+$2@> <$3> <+ $4> <$5> R <$+ + $* @> <$*> <$- $-> <$*> $: <$(access $5:$1@ $: ? $)> <$1+$2@> <$3> <$4 $5> <$6> R <$+ + $* @> <$*> <+ $-> <$*> $: <$(access $1@ $: ? $)> <$1+$2@> <$3> <+ $4> <$5> R <$+> <$*> <$- $-> <$*> $@ <$2> <$5> R<$+ > <$*> <$- $-> <$*> $@ <> <$5> R<$+> <$*> <$- $-> <$*> $@ <$1> <$5> ###################################################################### ### SearchList: search a list of items in the access map ### Parameters: ### $| ... <> ### where "exact" is either "+" or "!": ### <+ TAG> lookup with and w/o tag ### lookup with tag ### possible values for "mark" are: ### D: recursive host lookup (LookUpDomain) ### E: exact lookup, no modifications ### F: full lookup, try user+ext@domain and user@domain ### U: user lookup, try user+ext and user (input must have trailing @) ### return: or (not found) ###################################################################### # class with valid marks for SearchList C{src}E F D U SSearchList # just call the ruleset with the name of the tag... nice trick... R<$+> $| <$={src}:$*> <$*> $: <$1> $| <$4> $| $>$2 <$3> <$1> <> R<$+> $| <> $| <> $@ R<$+> $| <$+> $| <> $@ $>SearchList <$1> $| <$2> R<$+> $| <$*> $| <$+> <> $@ <$3> R<$+> $| <$+> $@ <$2> ###################################################################### ### trust_auth: is user trusted to authenticate as someone else? ### ### Parameters: ### $1: AUTH= parameter from MAIL command ###################################################################### SLocal_trust_auth Strust_auth R$* $: $&{auth_type} $| $1 # required by RFC 2554 section 4. R$@ $| $* $#error $@ 5.7.1 $: "550 not authenticated" R$* $| $&{auth_authen} $@ identical R$* $| <$&{auth_authen}> $@ identical R$* $| $* $: $1 $| $>"Local_trust_auth" $1 R$* $| $#$* $#$2 R$* $#error $@ 5.7.1 $: "550 " $&{auth_authen} " not allowed to act as " $&{auth_author} ###################################################################### ### Relay_Auth: allow relaying based on authentication? ### ### Parameters: ### $1: ${auth_type} ###################################################################### SLocal_Relay_Auth ###################################################################### ### srv_features: which features to offer to a client? ### (done in server) ###################################################################### Ssrv_features R$* $: $>D <$&{client_name}> <> R$* $: $>A <$&{client_addr}> <> R$* $: <$(access "Srv_Features": $: ? $)> R$* $@ OK R<$* >$* $#temp R<$+>$* $# $1 ###################################################################### ### try_tls: try to use STARTTLS? ### (done in client) ###################################################################### Stry_tls R$* $: $>D <$&{server_name}> <> R$* $: $>A <$&{server_addr}> <> R$* $: <$(access "Try_TLS": $: ? $)> R$* $@ OK R<$* >$* $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later." R$* $#error $@ 5.7.1 $: "550 do not try TLS with " $&{server_name} " ["$&{server_addr}"]" ###################################################################### ### tls_rcpt: is connection with server "good" enough? ### (done in client, per recipient) ### ### Parameters: ### $1: recipient ###################################################################### Stls_rcpt R$* $: $(macro {TLS_Name} $@ $&{server_name} $) $1 R$+ $: $>CanonAddr $1 R $+ < @ $+ . > $1 <@ $2 > R $+ < @ $+ > $: $1 <@ $2 > $| R $+ $: $1 $| R$* $| $+ $: $1 $| $>SearchList $| $2 <> R$* $| $@ OK R$* $| <$* > $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later." R$* $| <$+> $@ $>"TLS_connection" $&{verify} $| <$2> ###################################################################### ### tls_client: is connection with client "good" enough? ### (done in server) ### ### Parameters: ### ${verify} $| (MAIL|STARTTLS) ###################################################################### Stls_client R$* $: $(macro {TLS_Name} $@ $&{server_name} $) $1 R$* $| $* $: $1 $| $>D <$&{client_name}> <> R$* $| $* $: $1 $| $>A <$&{client_addr}> <> R$* $| $* $: $1 $| <$(access "TLS_Clt": $: ? $)> R$* $| <$* > $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later." R$* $@ $>"TLS_connection" $1 ###################################################################### ### tls_server: is connection with server "good" enough? ### (done in client) ### ### Parameter: ### ${verify} ###################################################################### Stls_server R$* $: $(macro {TLS_Name} $@ $&{server_name} $) $1 R$* $: $1 $| $>D <$&{server_name}> <> R$* $| $* $: $1 $| $>A <$&{server_addr}> <> R$* $| $* $: $1 $| <$(access "TLS_Srv": $: ? $)> R$* $| <$* > $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later." R$* $@ $>"TLS_connection" $1 ###################################################################### ### TLS_connection: is TLS connection "good" enough? ### ### Parameters: ### ${verify} $| [<>] ### Requirement: RHS from access map, may be ? for none. ###################################################################### STLS_connection R$* $| <$*>$* $: $1 $| <$2> # create the appropriate error codes R$* $| $: $1 $| <503:5.7.0> <$2 $3> R$* $| $: $1 $| <403:4.7.0> <$2 $3> R$* $| <$={tls} $*> $: $1 $| <403:4.7.0> <$2 $3> # deal with TLS handshake failures: abort RSOFTWARE $| <$-:$+> $* $#error $@ $2 $: $1 " TLS handshake failed." RSOFTWARE $| $* $#error $@ 4.7.0 $: "403 TLS handshake failed." R$* $| <$*> $: <$2> <> $1 R$* $| <$*> $: <$2> <$3> $1 R$* $| <$*> <$={tls}:$->$* $: <$2> <$3:$4> <> $1 R$* $| <$*> <$={tls}:$- + $+>$* $: <$2> <$3:$4> <$5> $1 R$* $| $* $@ OK # authentication required: give appropriate error # other side did authenticate (via STARTTLS) R<$*> <> OK $@ OK R<$*> <$+> OK $: <$1> <$2> R<$*> <$*> OK $: <$1> <$3> R<$*> <$*> $* $: <$1> <$3> R<$-:$+> <$*> $#error $@ $2 $: $1 " authentication required" R<$-:$+> <$*> FAIL $#error $@ $2 $: $1 " authentication failed" R<$-:$+> <$*> NO $#error $@ $2 $: $1 " not authenticated" R<$-:$+> <$*> NOT $#error $@ $2 $: $1 " no authentication requested" R<$-:$+> <$*> NONE $#error $@ $2 $: $1 " other side does not support STARTTLS" R<$-:$+> <$*> $+ $#error $@ $2 $: $1 " authentication failure " $4 R<$*> <$*> $: <$1> <$3> $>max $&{cipher_bits} : $&{auth_ssf} R<$*> <$*> $- $: <$1> <$2:$4> <$3> $(arith l $@ $4 $@ $2 $) R<$-:$+><$-:$-> <$*> TRUE $#error $@ $2 $: $1 " encryption too weak " $4 " less than " $3 R<$-:$+><$-:$-> <$*> $* $: <$1:$2 ++ $5> R<$-:$+ ++ > $@ OK R<$-:$+ ++ $+ > $: <$1:$2> <$3> R<$-:$+> < $+ ++ $+ > <$1:$2> <$3> <$4> R<$-:$+> $+ $@ $>"TLS_req" $3 $| <$1:$2> ###################################################################### ### TLS_req: check additional TLS requirements ### ### Parameters: [ ] $| <$-:$+> ### $-: SMTP reply code ### $+: Enhanced Status Code ###################################################################### STLS_req R $| $+ $@ OK R $* $| <$+> $: $1 $| <$2> R $* $| <$+> $@ $>"TLS_req" $1 $| <$2> R $* $| <$-:$+> $#error $@ $4 $: $3 " CN " $&{cn_subject} " does not match " $1 R $* $| <$+> $@ $>"TLS_req" $1 $| <$2> R $* $| <$-:$+> $#error $@ $4 $: $3 " Cert Subject " $&{cert_subject} " does not match " $1 R $* $| <$+> $@ $>"TLS_req" $1 $| <$2> R $* $| <$-:$+> $#error $@ $4 $: $3 " Cert Issuer " $&{cert_issuer} " does not match " $1 ROK $@ OK ###################################################################### ### max: return the maximum of two values separated by : ### ### Parameters: [$-]:[$-] ###################################################################### Smax R: $: 0 R:$- $: $1 R$-: $: $1 R$-:$- $: $(arith l $@ $1 $@ $2 $) : $1 : $2 RTRUE:$-:$- $: $2 R$-:$-:$- $: $2 ###################################################################### ### RelayTLS: allow relaying based on TLS authentication ### ### Parameters: ### none ###################################################################### SRelayTLS # authenticated? R$* $: $&{verify} R OK $: OK authenticated: continue R $* $@ NO not authenticated R$* $: $&{cert_issuer} R$+ $: $(access CERTISSUER:$1 $) RRELAY $# RELAY RSUBJECT $: <@> $&{cert_subject} R<@> $+ $: <@> $(access CERTSUBJECT:$1 $) R<@> RELAY $# RELAY R$* $: NO ###################################################################### ### authinfo: lookup authinfo in the access map ### ### Parameters: ### $1: {server_name} ### $2: {server_addr} ###################################################################### Sauthinfo R$* $: <$(authinfo AuthInfo:$&{server_name} $: ? $)> R $: <$(authinfo AuthInfo:$&{server_addr} $: ? $)> R $: <$(authinfo AuthInfo: $: ? $)> R $@ no no authinfo available R<$*> $# $1 Scheck_compat # look up the pair of addresses # (we use <@> as the separator. Note this in the map too!) R< $+ > $| $+ $: $1 $| $2 R$+ $| < $+ > $: $1 $| $2 R$+ $| $+ $: <$(access Compat:$1<@>$2 $:OK $)> R$* $| $* $@ ok # act on the result, # it must be one of the following... anything else will be allowed.. R< DISCARD:$* > $#discard $: $1 " - discarded by check_compat" R< DISCARD $* > $#discard $: $1 " - discarded by check_compat" R< TEMP:$* > $#error $@ TEMPFAIL $: $1 " error from check_compat. Try again later" R< ERROR:$* > $#error $@ UNAVAILABLE $: $1 " error from check_compat" ###################################################################### ### LookUpDnsbl -- search for address in DNS driven blacklists ### ### Parameters: ### <$1> -- key (address) ### <$2> -- default (what to return if not found in db) ### <$3> -- mark (must be <(!|+) single-token>) ### ! does lookup only with tag ### + does lookup with and without tag ###################################################################### SLookUpDnsbl # DNSBL domain rbl.maps.vix.com R<$+> <$+> <$+> $: <$1> <$2> <$3> <$&{hc_switch}> R<$+> <$+> <$+> <$* + RBL $*> $: <$1> <$2> <$3> <+!> R<$+> <$+> <$+> <$* RBL $*> $: <$1> <$2> <$3> R<$+> <$+> <$+> <@HATER $*> $: <$1> <$2> <$3> R<$+> <$+> <+ $-> <$* !> $: <$1> <$2> <+ $3> <$4> $| $1 R<$+> <$+> <$* !> $: <$1> <$2> <$3> $| $1 R<$+> <$+> <$+> <$*> $: <$1> <$2> <$3> R$* $| ::ffff:$-.$-.$-.$- $: $1 $| <@> $(hostbyname $5.$4.$3.$2.rbl.maps.vix.com. $: OK $) R$* $| $-.$-.$-.$- $: $1 $| <@> $(hostbyname $5.$4.$3.$2.rbl.maps.vix.com. $: OK $) R<$*> <$*> <$*> <$*> $| <@> OK $: <$1> <$2> <$3> R<$*> <$*> <$*> <$*> $| <@> $+ $: <$1> <$2> <$3> R<$+> <$+> <$*> <> $| $* $@ R<$+> <$+> <$*> <+> $| $* $@ R<$*> <$*> <$*> <$*> $| $* $: <$1> <$2> <$3> R<$*> <$*> <$*> $@ <$2> HReceived: $>check_header_Received # ================== HEADER =================================== # Ruleset ** check_header_Received ** # ============================================================= Scheck_header_Received # check for deferred delivery mode R$* $: < ${deliveryMode} > $1 R< d > $* $@ deferred R< $* > $* $: $2 R$* $: $(arith + $@ 1 $@ $&{headcnt_Received} $) R$+ $: $(storage {headcnt_Received} $@ $1 $) R$* $: <$&{hc_switch}> R<@HATER $*> $: <> R<$* HRC $*> $: <> R<$+> $: # Parse the header with parsing pattern for access.db and RBL lookup R<> $: $(parse_received $&{currHeader} $) R$* <@PARSED@> $: <@PARSED@> $>trim_header_elements $1 R<@PARSED@> $* $: $>lookup_header_elements <$| +header $| !general $| HRCCNT.HRCCNT $| lookup> $1 R $#discard $: discard R $: R $@ $>cherror <$1 $| $2 $| parse_parse_received $| HRC > HMessage-Id: $>check_header_Message-Id # ================== HEADER =================================== # Ruleset ** check_header_Message-Id ** # ============================================================= Scheck_header_Message-Id # check for deferred delivery mode R$* $: < ${deliveryMode} > $1 R< d > $* $@ deferred R< $* > $* $: $2 R$* $: $(arith + $@ 1 $@ $&{headcnt_Message_Id} $) R$+ $: $(storage {headcnt_Message_Id} $@ $1 $) R$* $: <$&{hc_switch}> R<@HATER $*> $: <> R<$* HMI $*> $: <> R<$+> $: # match header against regex R<> $: $(test_message_id $&{currHeader} $) R@MATCH $@ $>cherror <5.7.1 $| "552 spmmer $&{client_addr} $&f rejected - Message Id corrupt" $| regex_test_message_id $| HMI > R$* $: <$&{hc_switch}> R<@HATER $*> $: <> R<$* HMIPARSE $*> $: <> R<$+> $: # Parse the header with parsing pattern for access.db and RBL lookup R<> $: $(parse_message_id $&{currHeader} $) R$* <@PARSED@> $: <@PARSED@> $>trim_header_elements $1 R<@PARSED@> $* $: $>lookup_header_elements <$| +header $| !general $| HMICNT.HMICNT $| lookup> $1 R $#discard $: discard R $: R $@ $>cherror <$1 $| $2 $| parse_parse_message_id $| HMIPARSE > # Parse the header with parsing pattern for DNS lookup R$* $: <$&{hc_switch}> R<@HATER $*> $: <> R<$* HMIDNS $*> $: <> R<$+> $: R<> $: $(dns_message_id $&{currHeader} $) R$* <@PARSED@> $: <@PARSED@> $>trim_header_elements $1 R<@PARSED@> $* $: $>lookup_header_elements <$| +header $| !general $| HMICNT $| lookup_dns> $1 R $#discard $: discard R $: R $@ $>cherror <$1 $| $2 $| dnsparse_dns_message_id $| HMIDNS > HFrom: $>check_header_From # ================== HEADER =================================== # Ruleset ** check_header_From ** # ============================================================= Scheck_header_From # check for deferred delivery mode R$* $: < ${deliveryMode} > $1 R< d > $* $@ deferred R< $* > $* $: $2 R$* $: <$&{hc_switch}> R<@HATER $*> $: <> R<$* HFR $*> $: <> R<$+> $: # Parse the header with parsing pattern for access.db and RBL lookup R<> $: $(parse_address $&{currHeader} $) R$* <@PARSED@> $: <@PARSED@> $>trim_header_elements $1 R<@PARSED@> $* $: $>lookup_header_elements <$| +header $| +all $| HFR.HFR $| lookup> $1 R $#discard $: discard R $: R $@ $>cherror <$1 $| $2 $| parse_parse_address $| HFR > HTo: $>check_header_To # ================== HEADER =================================== # Ruleset ** check_header_To ** # ============================================================= Scheck_header_To # check for deferred delivery mode R$* $: < ${deliveryMode} > $1 R< d > $* $@ deferred R< $* > $* $: $2 R$* $: <$&{hc_switch}> R<@HATER $*> $: <> R<$* HFR $*> $: <> R<$+> $: # Parse the header with parsing pattern for access.db and RBL lookup R<> $: $(parse_address $&{currHeader} $) R$* <@PARSED@> $: <@PARSED@> $>trim_header_elements $1 R<@PARSED@> $* $: $>lookup_header_elements <$| +header $| +all $| HFR.HFR $| lookup> $1 R $#discard $: discard R $: R $@ $>cherror <$1 $| $2 $| parse_parse_address $| HFR > HReply-To: $>check_header_Reply-To # ================== HEADER =================================== # Ruleset ** check_header_Reply-To ** # ============================================================= Scheck_header_Reply-To # check for deferred delivery mode R$* $: < ${deliveryMode} > $1 R< d > $* $@ deferred R< $* > $* $: $2 R$* $: <$&{hc_switch}> R<@HATER $*> $: <> R<$* HFR $*> $: <> R<$+> $: # Parse the header with parsing pattern for access.db and RBL lookup R<> $: $(parse_address $&{currHeader} $) R$* <@PARSED@> $: <@PARSED@> $>trim_header_elements $1 R<@PARSED@> $* $: $>lookup_header_elements <$| +header $| +all $| HFR.HFR $| lookup> $1 R $#discard $: discard R $: R $@ $>cherror <$1 $| $2 $| parse_parse_address $| HFR > HSender: $>check_header_Sender # ================== HEADER =================================== # Ruleset ** check_header_Sender ** # ============================================================= Scheck_header_Sender # check for deferred delivery mode R$* $: < ${deliveryMode} > $1 R< d > $* $@ deferred R< $* > $* $: $2 R$* $: <$&{hc_switch}> R<@HATER $*> $: <> R<$* HFR $*> $: <> R<$+> $: # Parse the header with parsing pattern for access.db and RBL lookup R<> $: $(parse_address $&{currHeader} $) R$* <@PARSED@> $: <@PARSED@> $>trim_header_elements $1 R<@PARSED@> $* $: $>lookup_header_elements <$| +header $| +all $| HFR.HFR $| lookup> $1 R $#discard $: discard R $: R $@ $>cherror <$1 $| $2 $| parse_parse_address $| HFR > HCc: $>check_header_Cc # ================== HEADER =================================== # Ruleset ** check_header_Cc ** # ============================================================= Scheck_header_Cc # check for deferred delivery mode R$* $: < ${deliveryMode} > $1 R< d > $* $@ deferred R< $* > $* $: $2 R$* $: <$&{hc_switch}> R<@HATER $*> $: <> R<$* HFR $*> $: <> R<$+> $: # Parse the header with parsing pattern for access.db and RBL lookup R<> $: $(parse_address $&{currHeader} $) R$* <@PARSED@> $: <@PARSED@> $>trim_header_elements $1 R<@PARSED@> $* $: $>lookup_header_elements <$| +header $| +all $| HFR.HFR $| lookup> $1 R $#discard $: discard R $: R $@ $>cherror <$1 $| $2 $| parse_parse_address $| HFR > # macro defining a header field X-Spam-Header H?${spam_head}?X-Spam-Header: ${spam_head} C{persistentMacros} {spam_head} # ---- cherror ----- Scherror R<$* $| $* $| $* $| $+> $: <$1 $| $2 $| $3> $(storage {curUSRTAG} $@ $4 $) R<$*> $: <$1> $| <$&{hc_switch}> R<$*> $| <$* XSPAM $*> $: <$1> $| <> R<$*> $| <$* + $&{curUSRTAG} $*> $: <$1> $| <> R $| <$+> $: < $| $1 $| $2> $| <> R<$+ $| $+ $| $*> $| <$+> $#error $@ $1 $: $2 R< $| $+ $| $*> $| <$+> $#error $: $1 R<$* $| $* $| $+> $| <> $: <$&{spam_head}> <$2:$3> R<$+> <$+> $@ $(storage {spam_head} $@ $1,$2 $) R<> <$+> $@ $(storage {spam_head} $@ $1 $) # ------ match_usrtag ----------------------------------------- # returns <+> if exists in hc_switch and is plussed # if exists # <> if not matching Smatch_usrtag R<$+> $: $(storage {curUSRTAG} $@ $1 $) R$* $: $&{hc_switch} R$* @HATER $* $@ R$* + $&{curUSRTAG} $* $@ <+> R$* $&{curUSRTAG} $* $@ R$* $@ <> # ================== DATABASE ================================= # Ruleset ** lookup_ip ** # lookup IP in access.db and in the Dnsbls # param # ============================================================= Slookup_ip R<$+> <$+$|$+$|$+> $: <$1> <$2$|$3$|$4> $>match_usrtag <$4> # is IP in header_access.db ? R<$+> <$+$|$+$|$+> <$*> $: <$3$|$5> $| $>A <$1> <$2> <$1> # not found and dnsbl tag is matching -> lookup rbl R<$+> $| <$*> $: <$1> $| $2 # found -> no rbl lookup, return R<$+> $| <$+> <$*> $@ <$2> # is IP in one of the rbls ? R<$+$|$+> $| $+ $: <$2> $>LookUpDnsbl <$3> <$1> R<$*$|$*> $| $* $@ R<+> $: R<$*> <$*> $: <$2> # ================== DATABASE ================================= # Ruleset ** lookup_address ** # lookup address or domain in access.db and in the Rhbls # param <(user@)domain> # ============================================================= Slookup_address # mark R<$+> <$+$|$+$|$+> $: <> <$1> <$2$|$3$|$4> R<> <$+@$+> <$+$|$+$|$+> $: <$2> <$3$|$4$|$5> $>SearchList <$3> $| <> R<> <$+> <$+$|$+$|$+> $: <$1> <$2$|$3$|$4> $>SearchList <$2> $| <> # not found yet, check the Rhsbl USRTAG R<$+> <$+$|$+$|$+> $: <$1> <$2$|$3$|$4> $>match_usrtag <$4> # not found, lookup in RhsBls R <$+> <$+$|$+$|$+> <$+> $: <$1> <$2$|$3$|$4> <$5> $>LookUpRhsbl <$1> R <$+> <$+$|$+$|$+> $@ R <$+> <$+$|$+$|$+> <+> $@ R $* $@ R<$*> <$*> <$+> $@ <$3> # ================== DATABASE ================================= # Ruleset ** lookup ** # params: $| key # lookup recognizes IPs, addresses and hostnames # uses the rulesets lookup_ip and lookup_address # returns the appropriate access.db RHS or # ============================================================= Slookup # is this an IP ? R<$+$|$+$|$+> $| $+ $: <$1$|$2$|$3> $| <> $(parse_ip $4 $) # lookup IP R<$+$|$+$| $+.$+> $| <> $+ $: <$1$|$2$|$3.$4> $| $>lookup_ip <$5> <$1$|$2$|$3> # lookup address or hostname R<$+$|$+$|$+.$+> $| <> $+ $: <$1$|$2$|$3.$4> $| $>lookup_address <$5> <$1$|$2$|$4> R<$*> $| <$+> $* $: <$2> R $@ R $@ R $@ R $@ R $@ R $@ R $@ R<$+> $@ # ================== DATABASE ================================= # Ruleset ** lookup_dns ** # params: $| key # test if hostname can be looked up in DNS # returns if found or currently unavailable # if not found # ============================================================= Slookup_dns R<$+$|$+$|$+> $| $+ $: <$4> $>match_usrtag <$3> R<$+> <$+> $: <$2> $>resolve_domain <$1> R<+> $@ R $@ # have usrtag, no error, return result R<$+> <$*> $@ # no usrtag match, do it the old way R<$*> <$*> $: $(resolve $1 $) R$* <$={ResOk}> $@ R$* $@ R$* $@ Strim_header_elements R$* $| $| $* $1 $| $2 R$+ $| $: $1 R$| $+ $: $1 # ============================================================= # Ruleset ** lookup_header_elements ** # param <$| dbtag $| dnstag $| usrtags $| lookupruleset> elementlist # elementlist = el1 $| el2 $| el3 ... # ============================================================= Slookup_header_elements R<$|$+$|$+$|$+$|$+> $+ $| $* $: $6 <$|$1$|$2$|$3$|$4> $>$4 <$1$|$2$|$3> $| $5 R$* <$|$+$|$+$|$+$|$+> $@ R$+ <$|$+$|$+$|$+$|$+> $* $: $>lookup_header_elements <$|$2$|$3$|$4$|$5> $1 R $@ R<$|$+$|$+$|$+$|$+> $+ $: $>$4 <$1$|$2$|$3> $| $5 Scheck_eoh R$* $: <$&{hc_switch}> R<@HATER $*> $: <> R<$* HMICNT $*> $: <> R<$+> $: R<> $: $(arith l $@ $&{headcnt_Message_Id} $@ 1 $) RTRUE $@ $>cherror <5.7.1 $| 550 Reject Message_Id $| count_Message_Id $| HMICNT > R$* $: <$&{hc_switch}> R<@HATER $*> $: <> R<$* HMICNT $*> $: <> R<$+> $: R<> $: $(arith l $@ 1 $@ $&{headcnt_Message_Id} $) RTRUE $@ $>cherror <5.7.1 $| 550 Reject Message_Id $| count_Message_Id $| HMICNT > R$* $: <$&{hc_switch}> R<@HATER $*> $: <> R<$* HRCCNT $*> $: <> R<$+> $: R<> $: $(arith l $@ $&{headcnt_Received} $@ 1 $) RTRUE $@ $>cherror <5.7.1 $| 550 Reject Received $| count_Received $| HRCCNT > H*: $>check_unknown_header Scheck_unknown_header R$* $: $&{hdr_name} R$={known_header} $* $@ known_header R$* $: $(syslog "unknown header name=" $&{hdr_name}" content="$&{currHeader} $) # ================== TESTER =================================== # Rulesets for the tester script # ============================================================= Squery_hc_switch R$* $: $&{hc_switch} Stest_parse_received R$* $: $(parse_received $1 $) Stest_parse_ip R$* $: $(parse_ip $1 $) Scheck_parse_from_domain R$* $: $(parse_address_domain $1 $) Scheck_parse_from R$* $: $(parse_address $1 $) Sinit_cl_test R$* $$| $* $1 $| $2 R$* ; $* $1 , $2 # macro for header field X-Spam-Envelope H?${spam_env}?X-Spam-Envelope: ${spam_env} C{persistentMacros} {spam_env} # ---- clerror ----- Sclerror R<$* $| $* $| $* $| $+> $: <$1 $| $2 $| $3> $(storage {curUSRTAG} $@ $4 $) R<$*> $: <$1> $| <$&{hc_switch}> R<$*> $| <$* XSPAM $*> $: <$1> $| <> R<$*> $| <$* + $&{curUSRTAG} $*> $: <$1> $| <> R $| <$+> $: < $| $| $1> $| <> R<$+ $| $+ $| $*> $| <$+> $#error $@ $1 $: $2 R< $| $+ $| $*> $| <$+> $#error $: $1 R<$* $| $* $| $+> $| <> $@ $(storage {spam_env} $@ $3 $) # ================== ENVELOPE ================================= # Ruleset ** Extended_check_mail ** # ============================================================= SExtended_check_mail # canonify R$* $: $>FullAddr $>CanonAddr $1 R$* $| $* $: $1 R$* $: $1 $| <$&{hc_switch}> R$* $| <@HATER > $: $1 $| <> R$* $| <$* REGNONUM $*> $: $1 $| <> R$* $| <$+> $: $1 $| R$+ < @ $={no_num_domains} > $* $| <> $: $(reg_no_nums $1 $) <@ $2> $3 R@MATCH $* $@ $>clerror <5.7.1 $| 552 Spammer $&{client_addr} $&f Rejected by PostMaster@$j - check_mail or check_relay $| localpart_no_num_domains $| REGNONUM > R$* $| $* $: $1 # ================== ENVELOPE ================================= # resolve_domain # returns IP if found else # ============================================================= Sresolve_domain R<$+> $: <$1> <$(dnslookmx $1 $: ? $)> R<$+> <$* $*> $@ R<$+> $: <$(dnslooka $1 $: ERROR $)> R<$* $*> $@ R<$+> <$+> $: <$2> # ================== ENVELOPE ================================= # Local_check_relay # ============================================================= SLocal_check_relay # check_relay is done in Local_check_rcpt R$* $# OK # ================== ENVELOPE ================================= # Local_check_mail # ============================================================= SLocal_check_mail # check for deferred delivery mode R$* $: < ${deliveryMode} > $1 R< d > $* $@ deferred R< $* > $* $: $2 # check_mail is done in Local_check_rcpt R$* $# OK SFullAddr R$* <@ $+ . > $1 <@ $2 > R$* <@ $* > $@ $1 <@ $2 > R$+ $@ $1 <@ $j > # ================== ENVELOPE ================================= # Local_check_rcpt # ============================================================= SLocal_check_rcpt # check for deferred delivery mode R$* $: < ${deliveryMode} > $1 R< d > $* $@ deferred R< $* > $* $: $2 # dont check locally generated mail R$* $: $1 $| <$&{client_addr}> R$* $| <0> $@ $(storage {hc_switch} $@ ? $) R$* $| <> $@ $(storage {hc_switch} $@ ? $) # dont check authenticated submission (code adopted from sendmail.cf) # authenticated? R$* $| $* $: $1 $| $>RelayTLS R$* $| $# $+ $@ $(storage {hc_switch} $@ ? $) R$* $| $* $: $1 # authenticated by a trusted mechanism? R$* $: $1 $| $&{auth_type} R$* $| $: $1 R$* $| $={TrustAuthMech} $@ $(storage {hc_switch} $@ ? $) R$* $| $* $: $1 # +++++++++++++++ srcpt section +++++++++++++++++ R$* $: $>FullAddr $>CanonAddr $1 R $+ < @ $=w > $: <> $1 < @ $2 > $| R $+ < @ $* > $: <> $1 < @ $2 > $| # lookup the addresses only with srcpt tag R<> $* $| <$+> $: $1 $| $>SearchList $| <$2> <> R$* $| $: $1 $| $>SearchList $| <> R$* $| $: $1 $| $(storage {hc_switch} $@ @HATER $) R$* $| $* $: $1 R$* $| <$+> $: $1 $| <$2> $(storage {hc_switch} $@ $2 $) R$* $| $* $: $1 # is +option a key? R$+ + $+ <$*> $: $1 $| $>SearchList $| <> R$+ $| $: $1 R$+ $| <$+> $: $(storage {hc_switch} $@ $2 $) R$* $: <$&{hc_switch}> R $>SearchList $| <> R $: <> $(storage {hc_switch} $@ @HATER $) R<$+> $: <$1> $(storage {hc_switch} $@ $1 $) R<@FRIEND> $@ $>mult_rcpt_policy # +++++++++++++++ check_relay +++++++++++++++++++++++++++ R$* $: <$&{hc_switch}> R<@HATER $*> $: <> R<$* CREL $*> $: <> R<$+> $: R<> $: $>A <$&{client_addr}> <+Connect> <+> R <+> $: $>D <$&{client_name}> <+Connect> <> R $* $@ $(storage {hc_switch} $@ @FRIEND $) R $* $@ $(storage {hc_switch} $@ @FRIEND $) R $* $#discard $: discard R $* $: <> R $* $@ $>clerror <5.7.1 $| 552 Spammer $&{client_addr} $&f Rejected by PostMaster@$j - check_mail or check_relay $| relay_access $| CREL > R $* $@ $>clerror <$1.$2.$3 $| $4 $| relay_access $| CREL > R $* $@ $>clerror < $| $1 $| relay_access $| CREL > R<$+> $* $@ $>clerror < $| $1 $| relay_access $| CREL > # ++++++++++++++++++ check_mail section ++++++++++++++++++++ R$* $: <$&f> R<<$*>> <$1> # call Basic_check_mail R$* $: $1 $| <$&{hc_switch}> R$* $| <@HATER $*> $: $1 $| <> R$* $| <$* CBASM $*> $: $1 $| <> R$* $| <$+> $: $1 $| R<$+> $| <> $: <$1> $| $>Basic_check_mail <$1> R$* $| $#error $* $#error $2 # call Extended_check_mail R<$+> $| $* $: <$1> $| $>Extended_check_mail <$1> R$* $| $#$* $#$2 # +++++++++++++++ rbl section ++++++++++++++++++++++++ R$* $: <$&{hc_switch}> R<@HATER $*> $: <> R<$* CDNSBL $*> $: <> R<$+> $: R<> $: $>LookUpDnsbl <$&{client_addr}> <+all> R $@ $>clerror <$1 $| $2 $| $2 $| CDNSBL > R$* $: <$&{hc_switch}> R<@HATER $*> $: <> R<$* CCRHSBL $*> $: <> R<$+> $: R<> $: <> $&{client_name} R<> [ $+ ] $: <> $1 R<> $+ $: $>LookUpRhsbl <$1> <+all> R $@ $>clerror <$1 $| $2 $| $2 $| CCRHSBL > # -------- lookup domainpart of FROM address in RHSBLs --------- R$* $: $>CanonAddr $&f R$* < @ $+ . > $1 < @ $2 > R$* < @ $+ > $: $2 $| <$&{hc_switch}> R$* $| <@HATER $*> $: $1 $| <> R$* $| <$* CFRHSBL $*> $: $1 $| <> R$* $| <$+> $: $1 $| R$+ $| <> $: $1 $| $>LookUpRhsbl <$1> <+all> R$* $| $@ $>clerror <$1 $| $2 $| $2 $| CFRHSBL> R$* $: $>mult_rcpt_policy # -------- policy for multiple rcpt --------- Smult_rcpt_policy R$* $: <$&{mult_policy}> R $: $>SearchList $| <> R $>SearchList $| <> R<$+> $@ $(storage {hc_switch} $@ $1 $) R$* $: <$&{last_policy}> R<> $@ $(storage {last_policy} $@ $&{hc_switch} $) R<$&{hc_switch}> $@ same_policy_as_last R$* $: $(storage {mult_policy} $@ TRUE $) R$* $: $>SearchList $| <> R $>SearchList $| <> R<$+> $: $(storage {hc_switch} $@ $1 $) # # empty Ruleset LookUpRhsbl to avoid errors # SLookUpRhsbl R<$*> <$*> <$*> $@ <$2> ################################################################## # quanta local rulesets v.1 (MAP_REGEX VERSION) since 1999 # # written by dacapo@quanta.kyunghee.ac.kr # # report your received spam to abuse@quanta.kyunghee.ac.kr # # for future updates of these rulesets :-) # ################################################################## # # http://www.sendmail.org/~ca/email/doc8.11/op-sh-5.html # # $* Match zero or more tokens # $+ Match one or more tokens # $- Match exactly one token # $=x Match any phrase in class x # $~x Match any word not in class x # ################################################### #### Local Rulesets (dacapo, 2002/02/12) ##### ################################################### # # Reject incoming spam based on "Subject" # ----------------------------------------------- # Scheck_subject R $#error $: ${Msg_adv} RADV:$* $#error $: ${Msg_adv} RADV$* $#error $: ${Msg_adv} R[ADV]$* $#error $: ${Msg_adv} R$* $#error $: ${Msg_adv} RADV-ADULT$* $#error $: ${Msg_adv} # # # # --------------------- # Licensed Activities # --------------------- # # # R$* debt $* $#error $: ${Msg_debt} # # R$* bad credit $* $#error $: ${Msg_credit} R$* repair your credit $* $#error $: ${Msg_credit} R$* cre dit report $* $#error $: ${Msg_credit} R$* your credit $* $#error $: ${Msg_credit} R$* guaranteed approval $* $#error $: ${Msg_credit} R$* credit card $* approved $* $#error $: ${Msg_credit} R$* credit cards $* $#error $: ${Msg_credit} R$* approved $* credit card $* $#error $: ${Msg_credit} R$* approved $* $#error $: ${Msg_credit} R$* unsecured visa $* $#error $: ${Msg_credit} R$* gold card $* $#error $: ${Msg_credit} # # # R$* cancer$* $#error $: ${Msg_meds} R$* prescription$* $#error $: ${Msg_meds} R$* doctor visit$* $#error $: ${Msg_meds} R$* health $* $#error $: ${Msg_meds} R$* diet $* $#error $: ${Msg_meds} R$* lose weight $* $#error $: ${Msg_meds} R$* lost lbs $* $#error $: ${Msg_meds} R$* hair $* $#error $: ${Msg_meds} R$* hair loss $* $#error $: ${Msg_meds} R$* all natural $* $#error $: ${Msg_meds} R$* look and feel $* younger $* $#error $: ${Msg_meds} R$* reverse aging $* younger $* $#error $: ${Msg_meds} # # # R$* contact lens$* $#error $: ${Msg_opto} # # # R$* cosmetics$* $#error $: ${Msg_cosmetics} # # R$* white teeth $* $#error $: ${Msg_dentist} R$* whiter teeth $* $#error $: ${Msg_dentist} R$* teeth white $* $#error $: ${Msg_dentist} R$* white smile $* $#error $: ${Msg_dentist} R$* yellow teeth $* $#error $: ${Msg_dentist} # # # 05-Nov-02 amo does seem to be case sensitive # R$* lowest rates $* $#error $: ${Msg_mortgage} R$* low rates $* $#error $: ${Msg_mortgage} R$* low interest $* $#error $: ${Msg_mortgage} R$* refinance $* $#error $: ${Msg_mortgage} R$* refinancing $* $#error $: ${Msg_mortgage} R$* interest rate $* $#error $: ${Msg_mortgage} R$* interest rates $* $#error $: ${Msg_mortgage} R$* MORTGAGE $* $#error $: ${Msg_mortgage} R$* mortgage $* $#error $: ${Msg_mortgage} R$* mortgage $* points $* fee $* $#error $: ${Msg_mortgage} R$* home loan $* $#error $: ${Msg_mortgage} R$* home loans $* $#error $: ${Msg_mortgage} R$* our loans $* $#error $: ${Msg_mortgage} R$* loan application $* $#error $: ${Msg_mortgage} R$* compare rates $* $#error $: ${Msg_mortgage} # R$* finance $* $#error $: ${Msg_sec} R$* investment $* $#error $: ${Msg_sec} R$* stock $* $#error $: ${Msg_sec} R$* investing $* $#error $: ${Msg_sec} R$* equity $* $#error $: ${Msg_sec} # # R$* real estate$* $#error $: ${Msg_mortgage} # # R$* insurance $* $#error $: ${Msg_insurance} R$* life policy $* $#error $: ${Msg_insurance} R$* term life $* $#error $: ${Msg_insurance} R$* term policy $* $#error $: ${Msg_insurance} # # R$* investigate $* $#error $: ${Msg_investigate} R$* private eye $* $#error $: ${Msg_investigate} R$* asset check $* $#error $: ${Msg_investigate} R$* background check $* $#error $: ${Msg_investigate} # # R$* travel $* trip $* $#error $: ${Msg_travel} R$* escape to $* $#error $: ${Msg_travel} # # R$* auction $* $#error $: ${Msg_auction} # # # R$* portable DVD $* $#error $: ${Msg_copy} # R$* copy $* DVD $* $#error $: ${Msg_copy} # R$* copy $* CD $* $#error $: ${Msg_copy} # R$* CD-Writer $* $#error $: ${Msg_copy} # # # R$* casino $* $#error $: ${Msg_casino} # R$* play now $* $#error $: ${Msg_casino} # R$* cash bonus $* $#error $: ${Msg_casino} # # # R$* web hosting $* $#error $: ${Msg_Biz} R$* web site $* $#error $: ${Msg_Biz} # # R$* Make $* Money $* Fast $#error $: ${Msg_Biz} R$* earn up to $* $#error $: ${Msg_Biz} R$* cash machine $* $#error $: ${Msg_Biz} R$* money tree $* $#error $: ${Msg_Biz} R$* financially secure $* $#error $: ${Msg_Biz} R$* financial freedom $* $#error $: ${Msg_Biz} R$* first million $* $#error $: ${Msg_Biz} R$* lots of money $* $#error $: ${Msg_Biz} R$* make money $* $#error $: ${Msg_Biz} R$* easy money $* $#error $: ${Msg_Biz} R$* profits $* $#error $: ${Msg_Biz} R$* how to win $* $#error $: ${Msg_Biz} R$* Increase your revenues $* $#error $: ${Msg_Biz} R$* few minutes $* your time $* $#error $: ${Msg_Biz} R$* claim $* money $* $#error $: ${Msg_Biz} R$* money making $* $#error $: ${Msg_Biz} R$* get rich $* $#error $: ${Msg_Biz} R$* secrets revealed $* $#error $: ${Msg_Biz} # R$* at home $* $#error $: ${Msg_Biz} R$* from home $* $#error $: ${Msg_Biz} R$* home business $* $#error $: ${Msg_Biz} R$* income opportunity $* $#error $: ${Msg_Biz} R$* online business $* $#error $: ${Msg_Biz} R$* business cards $* $#error $: ${Msg_Biz} # # R$* congratulations $* $#error $: ${Msg_Biz} # # R$* your $* ability $* $#error $: ${Msg_sales} # R$* the incredible $* pen $* $#error $: ${Msg_sales} R$* your $* ability $* $#error $: ${Msg_sales} # R$* loved ones $* $#error $: ${Msg_sales} # R$* sign up $* $#error $: ${Msg_sales} # R$* warranty $* $#error $: ${Msg_sales} # R$* top brand $* $#error $: ${Msg_sales} R$* top brands $* $#error $: ${Msg_sales} # R$* perfect presents $* $#error $: ${Msg_sales} R$* perfect gifts $* $#error $: ${Msg_sales} R$* gifts $* $#error $: ${Msg_sales} R$* gift $* $#error $: ${Msg_sales} R$* this holiday $* $#error $: ${Msg_sales} R$* holiday promotion$* $#error $: ${Msg_sales} R$* holiday savings $* $#error $: ${Msg_sales} R$* holiday season $* $#error $: ${Msg_sales} R$* holiday collectible$* $#error $: ${Msg_sales} R$* for christmas $* $#error $: ${Msg_sales} R$* santa $* $#error $: ${Msg_sales} #$* santa $* christmas $* $#error $: ${Msg_sales} R$* stocking stuffers $* $#error $: ${Msg_sales} # R$* batteries required $* $#error $: ${Msg_sales} # R$* fresh flowers $* $#error $: ${Msg_sales} # # # they double quote ''free'' R$*''$* $#error $: ${Msg_sales} # R$* free $* $#error $: ${Msg_sales} R$* freee $* $#error $: ${Msg_sales} R$* freeee $* $#error $: ${Msg_sales} R$* 'free' $* $#error $: ${Msg_sales} R$* ''free'' $* $#error $: ${Msg_sales} ### R$* F R E E $* $#error $: ${Msg_sales} R$* F R E E $* $#error $: ${Msg_sales} R$* F-R-E-E $* $#error $: ${Msg_sales} R$* no cost $* $#error $: ${Msg_sales} R$* rebate $* $#error $: ${Msg_sales} R$* toner $* $#error $: ${Msg_sales} R$* toners $* $#error $: ${Msg_sales} R$* inkjet cartridges $* $#error $: ${Msg_sales} R$* ink cartridges $* $#error $: ${Msg_sales} R$* ink $* $#error $: ${Msg_sales} R$* 'ink' $* $#error $: ${Msg_sales} R$* ''ink'' $* $#error $: ${Msg_sales} # R$* antivirus software $* $#error $: ${Msg_sales} R$* virus removal tools $* $#error $: ${Msg_sales} R$* removal tools $* $#error $: ${Msg_sales} R$* Norton $* $#error $: ${Msg_sales} #R$* Norton System $* $#error $: ${Msg_sales} # R$* help you $* $#error $: ${Msg_sales} R$* what you say $* $#error $: ${Msg_sales} # R$* buy $* get $* $#error $: ${Msg_sales} R$* limited time $* $#error $: ${Msg_sales} R$* fast printing $* $#error $: ${Msg_sales} # R$* best deals $* $#error $: ${Msg_sales} R$* best prices $* $#error $: ${Msg_sales} R$* discounts $* $#error $: ${Msg_sales} R$* reduce $* costs $* $#error $: ${Msg_sales} R$* special offer $* $#error $: ${Msg_sales} R$* exclusive offer $* $#error $: ${Msg_sales} R$* sold out $* $#error $: ${Msg_sales} # R$* special invitation $* $#error $: ${Msg_sales} # R$* on sale $* $#error $: ${Msg_sales} R$* put your money $* $#error $: ${Msg_sales} R$* save over $* $#error $: ${Msg_sales} R$* low prices $* $#error $: ${Msg_sales} R$* lowest prices $* $#error $: ${Msg_sales} # R$* save $* 5% $* $#error $: ${Msg_sales} R$* save $* 10% $* $#error $: ${Msg_sales} R$* save $* 15% $* $#error $: ${Msg_sales} R$* save $* 20% $* $#error $: ${Msg_sales} R$* save $* 25% $* $#error $: ${Msg_sales} R$* save $* 30% $* $#error $: ${Msg_sales} R$* save $* 33% $* $#error $: ${Msg_sales} R$* save $* 35% $* $#error $: ${Msg_sales} R$* save $* 40% $* $#error $: ${Msg_sales} R$* save $* 45% $* $#error $: ${Msg_sales} R$* save $* 50% $* $#error $: ${Msg_sales} R$* save $* 55% $* $#error $: ${Msg_sales} R$* save $* 60% $* $#error $: ${Msg_sales} R$* save $* 65% $* $#error $: ${Msg_sales} R$* save $* 70% $* $#error $: ${Msg_sales} R$* save $* 75% $* $#error $: ${Msg_sales} R$* save $* 80% $* $#error $: ${Msg_sales} R$* save $* 85% $* $#error $: ${Msg_sales} R$* save $* 90% $* $#error $: ${Msg_sales} R$* save $* 95% $* $#error $: ${Msg_sales} # R$* 5% less $* $#error $: ${Msg_sales} R$* 10% less $* $#error $: ${Msg_sales} R$* 15% less $* $#error $: ${Msg_sales} R$* 20% less $* $#error $: ${Msg_sales} R$* 25% less $* $#error $: ${Msg_sales} R$* 30% less $* $#error $: ${Msg_sales} R$* 33% less $* $#error $: ${Msg_sales} R$* 35% less $* $#error $: ${Msg_sales} R$* 40% less $* $#error $: ${Msg_sales} R$* 45% less $* $#error $: ${Msg_sales} R$* 50% less $* $#error $: ${Msg_sales} R$* 55% less $* $#error $: ${Msg_sales} R$* 60% less $* $#error $: ${Msg_sales} R$* 65% less $* $#error $: ${Msg_sales} R$* 70% less $* $#error $: ${Msg_sales} R$* 75% less $* $#error $: ${Msg_sales} R$* 80% less $* $#error $: ${Msg_sales} R$* 85% less $* $#error $: ${Msg_sales} R$* 90% less $* $#error $: ${Msg_sales} R$* 95% less $* $#error $: ${Msg_sales} # R$* 5% off $* $#error $: ${Msg_sales} R$* 10% off $* $#error $: ${Msg_sales} R$* 15% off $* $#error $: ${Msg_sales} R$* 20% off $* $#error $: ${Msg_sales} R$* 25% off $* $#error $: ${Msg_sales} R$* 30% off $* $#error $: ${Msg_sales} R$* 33% off $* $#error $: ${Msg_sales} R$* 35% off $* $#error $: ${Msg_sales} R$* 40% off $* $#error $: ${Msg_sales} R$* 45% off $* $#error $: ${Msg_sales} R$* 50% off $* $#error $: ${Msg_sales} R$* 55% off $* $#error $: ${Msg_sales} R$* 60% off $* $#error $: ${Msg_sales} R$* 65% off $* $#error $: ${Msg_sales} R$* 70% off $* $#error $: ${Msg_sales} R$* 75% off $* $#error $: ${Msg_sales} R$* 80% off $* $#error $: ${Msg_sales} R$* 85% off $* $#error $: ${Msg_sales} R$* 90% off $* $#error $: ${Msg_sales} R$* 95% off $* $#error $: ${Msg_sales} # # R$* environmentally safe $* $#error $: ${Msg_sales} # # R$* download now $* $#error $: ${Msg_sales} R$* download from $* $#error $: ${Msg_sales} # R$* get $* CDs $* $#error $: ${Msg_sales} R$* get $* DVDs $* $#error $: ${Msg_sales} R$* listen $* player $* $#error $: ${Msg_sales} # R$* email names $* $#error $: ${Msg_sales} R$* email addresses $* $#error $: ${Msg_sales} # R$* ebay $* $#error $: ${Msg_sales} # R$* cigarettes $* $#error $: ${Msg_sales} # # R$* phone saving $* $#error $: ${Msg_cell} R$* cell phone $* $#error $: ${Msg_cell} R$* phone bill $* $#error $: ${Msg_cell} # # R$* Conference calls $* $#error $: ${Msg_conf} # R$* sales $* marketing $* $#error $: ${Msg_market} R$* sales $* e-marketing $* $#error $: ${Msg_market} R$* internet advertising $* $#error $: ${Msg_market} R$* internet marketing $* $#error $: ${Msg_market} R$* potential $* internet $* $#error $: ${Msg_market} R$* email marketing $* $#error $: ${Msg_market} R$* MLM $* $#error $: ${Msg_market} # # R$* co location $* $#error $: ${Msg_colo} R$* colo $* web hosting $* $#error $: ${Msg_colo} # # R$* domain registration $* $#error $: ${Msg_register} # # RInternet Wire Technology Newsletter $#error $: ${Msg_newsletter} # R$* mormon $* $#error $: ${Msg_church} # R$* psychic $* $#error $: ${Msg_psychic} # # # R$* discovered $* $#error $: ${Msg_junk} # R$* registration $* $#error $: ${Msg_junk} # R$* hiya $* $#error $: ${Msg_junk} # # R$* join $* $#error $: ${Msg_join} # # R$* prizes $* $#error $: ${Msg_prizes} R$* sweepstakes $* $#error $: ${Msg_prizes} # # R$* stamina $* $#error $: ${Msg_porn} R$* cock $* $#error $: ${Msg_porn} R$* penis $* $#error $: ${Msg_porn} R$* breast implant $* $#error $: ${Msg_porn} R$* beautiful girls $* $#error $: ${Msg_porn} R$* free porn $* $#error $: ${Msg_porn} R$* best porn $* $#error $: ${Msg_porn} R$* get hard $* $#error $: ${Msg_porn} R$* -get hard $* $#error $: ${Msg_porn} R$* men-get hard $* $#error $: ${Msg_porn} R$* sex $* $#error $: ${Msg_porn} R$* viagra $* $#error $: ${Msg_porn} R$* 'viagra' $* $#error $: ${Msg_porn} R$* ''viagra'' $* $#error $: ${Msg_porn} R$* men and women $* $#error $: ${Msg_porn} R$* men & women $* $#error $: ${Msg_porn} R$* sexual potency $* $#error $: ${Msg_porn} # # # Pretenders # ----------- # R$* Re: your mail $* $#error $: ${Msg_yourmail} R$* hey there $* $#error $: ${Msg_yourmail} R$* your info $* $#error $: ${Msg_yourmail} R$* requested info $* $#error $: ${Msg_yourmail} R$* Info $* requested $* $#error $: ${Msg_yourmail} R$* more info $* $#error $: ${Msg_yourmail} # R$* Important $* please read $* $#error $: ${Msg_yourmail} # # # Nigerian scam # -------------- # # R$* urgent $* $#error $: ${Msg_yourmail} # R$* urgent $* $#error $: ${Msg_nigscam} R$* urgent $* $#error $: ${Msg_debt} R$* your assistance $* $#error $: ${Msg_debt} # # # # # Virus Stuff # ----------- # RImportant Message From $* $#error $: ${Msg_virus} Melissa virus RRe: Important Message From $* $#error $: ${Msg_virus} Melissa virus # # RILOVEYOU $#error $: ${Msg_virus} LoveLetter virus RLook at the pretty $#error $: ${Msg_virus} Klez.worm RSome advice on your shortcoming $#error $: ${Msg_virus} Klez.worm RWhy don't you reply to me? $#error $: ${Msg_virus} Klez.worm RNever kiss a stranger $#error $: ${Msg_virus} Klez.worm RHow about have dinner with me together? $#error $: ${Msg_virus} Klez.worm Rnew photos from my party! $#error $: ${Msg_virus} Win32/Myparty.worm # # # Reject incoming spam suspect based on "Content_Type" # ---------------------------------------------------- # Scheck_ct R$*boundary=WC_MAIL_PaRt_BoUnDaRy_05151998 $#error $: ${Msg_mailer} R$+ $:$(AD2000check $1 $) # R$*AD2000 $#error $: ${Msg_Bad1} R$+ $:$(GammaDcheck $1 $) R$*GammaD $#error $: ${Msg_master} - SPAMWARE detected R$+ $:$(KlezCheck $1 $) R$*Klez $#error $: ${Msg_master} - Your message may contain the Klez.H worm !! # R$+boundary="====_ABC1234567890DEF_====" $#error $: ${Msg_virus} NIMDA.worm !!! R$+boundary="====_ABC123456j7890DEF_====" $#error $: ${Msg_virus} NIMDA.worm !!! R$+X-Priority$+ $#error $: ${Msg_virus} Aliz.worm !!! # # R$*EUC-KR$* $#error $: ${Msg_korean} # R$*text/plain;$*charset=ks_c_5601-1987 $#error $: ${Msg_korean} R$*charset=ks_c_5601-1987 $#error $: ${Msg_korean} R$*charset=euc-kr $#error $: ${Msg_korean} # R$* big5 $* $#error $: ${Msg_big5} R$*charset=big5 $#error $: ${Msg_big5} # # R$*charset=windows-1252 $#error $: ${Msg_french} # # R$*charset="" $#error $: ${Msg_spanish} # # # it's regular ascii # R$*charset="iso-8859-1" $#error $: ${Msg_html} # R$*charset=iso-8859-1 $#error $: ${Msg_html} # # Reject HTML based emails # # R$*text/html $#error $: ${Msg_html} # R$*multipart/alternative $* $#error $: ${Msg_html} # R$*multipart/report $* $#error $: ${Msg_html} # R$*multipart/mixed $* $#error $: ${Msg_html} # # # # Reject incoming spam suspect based on "wrong time" # ### check_date, refer to RFC 822 # Scheck_date R$+Standard Time $#error $: ${Msg_date} R$+Daylight Time $#error $: ${Msg_date} R$+AM $#error $: ${Msg_date} R$+PM $#error $: ${Msg_date} R$+ $-:$-:$- $#error $: ${Msg_date} # # # Reject incoming spam suspect based on "bulk-mailer advertising itself" # Scheck_mailer RLightningMail$+ $#error $: ${Msg_mailer} RMailKing$+ $#error $: ${Msg_mailer} R $#error $: ${Msg_mailer} RWC Mail $+ $#error $: ${Msg_mailer} R $#error $: ${Msg_mailer} RMail Bomber $#error $: ${Msg_mailer} RThe Bat! $+ $#error $: ${Msg_mailer} RThe Red Spider $+ $#error $: ${Msg_mailer} R$+emsoft$+ $#error $: ${Msg_mailer} RMegaMail $+ $#error $: ${Msg_mailer} RDiffondiCool$* $#error $: ${Msg_mailer} REasy Mail$* $#error $: ${Msg_mailer} RSimpleX Mailer $+ $#error $: ${Msg_mailer} R$*NetPIMS$+ $#error $: ${Msg_mailer} RWay-SERIES Mailer $+ $#error $: ${Msg_mailer} RPG-MAILINGLIST PRO $+ $#error $: ${Msg_mailer} RMIME::Lite $+ $#error $: ${Msg_mailer} RMailtouch $+ $#error $: ${Msg_mailer} RImoxion MailExpress API $+ $#error $: ${Msg_mailer} RDavinci Address Mailer $+ $#error $: ${Msg_mailer} RMerge & Group Mailer Version$+ $#error $: ${Msg_mailer} REVAMAIL $+ $#error $: ${Msg_mailer} RMMailer $+ $#error $: ${Msg_mailer} Rmyself2 $#error $: ${Msg_mailer} Rusa7777@msn.com $#error $: ${Msg_mailer} RNMK Mailer $+ $#error $: ${Msg_mailer} RMicrosoft Outloo $#error $: ${Msg_mailer} RMMSLight $+ $#error $: ${Msg_mailer} RLeoric-Mail $+ $#error $: ${Msg_mailer} # # # Reject incoming spam suspect based on OLE # Scheck_ole RProduced By Microsoft MimeOLE V(null).$* $#error $: ${Msg_mime} # # ## xx # ## xx # Reject incoming spam suspect based on "MessageIDs" ## xx # --------------------------------------------------- ## xx # ## xx # Scheck_msgid ## xx # R< $-.$-.$- @ localhost > $#error $: ${Msg_mailer} ## xx # R $#error $: ${Msg_mailer} ## xx # R<$-.$-.$- $u@$h> $#error $: ${Msg_mailer} ## xx # R< $+ @ $+ > $@ OK ## xx # R$* $#error $: ${Msg_header} # # # Reject incoming spam suspect based on "happy virus" # Scheck_happy99 R$* $#error $: ${Msg_virus} Happy99 virus # # # default catch all # Scheck_all # R$* $#error $: 553 We do not accept mail from spammers - ${Msg_master} R$* $#error $: 553 ${Msg_master} - We do not accept mail from spammers # # # Reject incoming spam suspect based on non-existent "To:" # Scheck_to Ranonymous@$j $#error $: ${Msg_mailer} R$@ $#error $: No reciepient specified # R $#error $: ${Msg_mailer} # RUndisclosed.Recipients@$j $#error $: ${Msg_mailer} R $#error $: ${Msg_mailer} RUndisclosed.Recipients $#error $: ${Msg_mailer} # # Ranonymous@$j $#error $: ${Msg_badto} # # # R$* alvin $* alvin $* alvin $#error $: ${Msg_toomany} # R$* alvin $* alvin $* alvin $#error $: ${Msg_mailer} # # Rg_op@163.com $#error $: ${Msg_virus} W32/Gop.worm # # # ## xx # ## xx # Reject incoming spam suspect based on ?? ## xx # Scheck_xuser R$-.$- $#error $: ${Msg_mailer} # # Scheck_sircam RMultipart message $#error $: 550 ${Msg_virus} Sircam.worm !!! # # Scheck_xlib RWincusSMTP $+ $#error $: ${Msg_mailer} RIndy $+ $#error $: ${Msg_mailer} # # # Reject incoming spam suspect based on "cant return emails to a mua" # Scheck_errto RMicrosoft.Outlook.Express.$+@$+ $#error $: ${Msg_mailer} # # ###################################################################### ###################################################################### ##### ##### MAIL FILTER DEFINITIONS ##### ###################################################################### ###################################################################### # ###################################################################### ###################################################################### ##### ##### MAILER DEFINITIONS ##### ###################################################################### ###################################################################### ################################################## ### Local and Program Mailer specification ### ################################################## ##### $Id: local.m4,v 8.58 2000/10/26 01:58:29 ca Exp $ ##### # # Envelope sender rewriting # SEnvFromL R<@> $n errors to mailer-daemon R@ <@ $*> $n temporarily bypass Sun bogosity R$+ $: $>AddDomain $1 add local domain if needed R$* $: $>MasqEnv $1 do masquerading # # Envelope recipient rewriting # SEnvToL R$+ < @ $* > $: $1 strip host part R$+ + $* $: < $&{addr_type} > $1 + $2 mark with addr type R $+ + $* $: $1 remove +detail for sender R< $* > $+ $: $2 else remove mark # # Header sender rewriting # SHdrFromL R<@> $n errors to mailer-daemon R@ <@ $*> $n temporarily bypass Sun bogosity R$+ $: $>AddDomain $1 add local domain if needed R$* $: $>MasqHdr $1 do masquerading # # Header recipient rewriting # SHdrToL R$+ $: $>AddDomain $1 add local domain if needed R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2 # # Common code to add local domain name (only if always-add-domain) # SAddDomain R$* < @ $* > $* $@ $1 < @ $2 > $3 already fully qualified R$+ $@ $1 < @ *LOCAL* > add local qualification Mlocal, P=/usr/bin/procmail, F=lsDFMAw5:/|@qSPfhn9, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL, T=DNS/RFC822/X-Unix, A=procmail -Y -a $h -d $u Mprog, P=/usr/sbin/smrsh, F=lsDFMoqeu9, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL, D=$z:/, T=X-Unix/X-Unix/X-Unix, A=smrsh -c $u ##################################### ### SMTP Mailer specification ### ##################################### ##### $Id: smtp.m4,v 8.64 2001/04/03 01:52:54 gshapiro Exp $ ##### # # common sender and masquerading recipient rewriting # SMasqSMTP R$* < @ $* > $* $@ $1 < @ $2 > $3 already fully qualified R$+ $@ $1 < @ *LOCAL* > add local qualification # # convert pseudo-domain addresses to real domain addresses # SPseudoToReal # pass s through R< @ $+ > $* $@ < @ $1 > $2 resolve # output fake domains as user%fake@relay # do UUCP heuristics; note that these are shared with UUCP mailers R$+ < @ $+ .UUCP. > $: < $2 ! > $1 convert to UUCP form R$+ < @ $* > $* $@ $1 < @ $2 > $3 not UUCP form # leave these in .UUCP form to avoid further tampering R< $&h ! > $- ! $+ $@ $2 < @ $1 .UUCP. > R< $&h ! > $-.$+ ! $+ $@ $3 < @ $1.$2 > R< $&h ! > $+ $@ $1 < @ $&h .UUCP. > R< $+ ! > $+ $: $1 ! $2 < @ $Y > use UUCP_RELAY R$+ < @ $~[ $* : $+ > $@ $1 < @ $4 > strip mailer: part R$+ < @ > $: $1 < @ *LOCAL* > if no UUCP_RELAY # # envelope sender rewriting # SEnvFromSMTP R$+ $: $>PseudoToReal $1 sender/recipient common R$* :; <@> $@ list:; special case R$* $: $>MasqSMTP $1 qualify unqual'ed names R$+ $: $>MasqEnv $1 do masquerading # # envelope recipient rewriting -- # also header recipient if not masquerading recipients # SEnvToSMTP R$+ $: $>PseudoToReal $1 sender/recipient common R$+ $: $>MasqSMTP $1 qualify unqual'ed names R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2 # # header sender and masquerading header recipient rewriting # SHdrFromSMTP R$+ $: $>PseudoToReal $1 sender/recipient common R:; <@> $@ list:; special case # do special header rewriting R$* <@> $* $@ $1 <@> $2 pass null host through R< @ $* > $* $@ < @ $1 > $2 pass route-addr through R$* $: $>MasqSMTP $1 qualify unqual'ed names R$+ $: $>MasqHdr $1 do masquerading # # relay mailer header masquerading recipient rewriting # SMasqRelay R$+ $: $>MasqSMTP $1 R$+ $: $>MasqHdr $1 Msmtp, P=[IPC], F=mDFMuX, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990, T=DNS/RFC822/SMTP, A=TCP $h Mesmtp, P=[IPC], F=mDFMuXa, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990, T=DNS/RFC822/SMTP, A=TCP $h Msmtp8, P=[IPC], F=mDFMuX8, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990, T=DNS/RFC822/SMTP, A=TCP $h Mdsmtp, P=[IPC], F=mDFMuXa%, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990, T=DNS/RFC822/SMTP, A=TCP $h Mrelay, P=[IPC], F=mDFMuXa8, S=EnvFromSMTP/HdrFromSMTP, R=MasqSMTP, E=\r\n, L=2040, T=DNS/RFC822/SMTP, A=TCP $h