squirrelmail la config se fait dans le terminal, elle se met dans config.php
ça je l’ai pas laissée par défaut:
config.php:
<?php
/**
* SquirrelMail Configuration File
* Created using the configure script, conf.pl
*/
global $version;
$config_version = '1.4.0';
$config_use_color = 2;
$org_name = "Colloc MailServer";
$org_logo = SM_PATH . 'images/sm_logo.png';
$org_logo_width = '308';
$org_logo_height = '111';
$org_title = "SquirrelMail $version";
$signout_page = '';
$frame_top = '_top';
$provider_uri = 'http://www.squirrelmail.org/';
$provider_name = 'SquirrelMail';
$motd = "Bienvenue sur le server de mail COLLOC ";
$squirrelmail_default_language = 'fr_FR';
$domain = 'colloc-domain.com';
$imapServerAddress = 'localhost';
$imapPort = 143;
$useSendmail = true;
$smtpServerAddress = 'localhost';
$smtpPort = 25;
$sendmail_path = '/usr/sbin/sendmail';
$pop_before_smtp = false;
$imap_server_type = 'courier';
$invert_time = false;
$optional_delimiter = '.';
$default_folder_prefix = 'INBOX.';
$trash_folder = 'Trash';
$sent_folder = 'Sent';
$draft_folder = 'Drafts';
$default_move_to_trash = true;
$default_move_to_sent = true;
$default_save_as_draft = true;
$show_prefix_option = false;
$list_special_folders_first = true;
$use_special_folder_color = true;
$auto_expunge = true;
$default_sub_of_inbox = false;
$show_contain_subfolders_option = false;
$default_unseen_notify = 2;
$default_unseen_type = 1;
$auto_create_special = true;
$delete_folder = true;
$noselect_fix_enable = false;
$default_charset = 'iso-8859-1';
$data_dir = '/var/lib/squirrelmail/data/';
$attachment_dir = '/var/spool/squirrelmail/attach/';
$dir_hash_level = 0;
$default_left_size = '150';
$force_username_lowercase = false;
$default_use_priority = true;
$hide_sm_attributions = false;
$default_use_mdn = true;
$edit_identity = true;
$edit_name = true;
$allow_thread_sort = false;
$allow_server_sort = false;
$allow_charset_search = true;
$uid_support = true;
?>
par contre sendmail je sais pas quoi configurer…
voilà mon sendmail.cf
c’est par défaut mais je trouve ça vraiment chaud et très long:
sendmail.cf:
Copyright © 1998-2005 Richard Nelson. All Rights Reserved.
This file is used to configure Sendmail for use with Debian systems.
Copyright © 1998-2004 Sendmail, Inc. and its suppliers.
All rights reserved.
Copyright © 1983, 1995 Eric P. Allman. All rights reserved.
Copyright © 1988, 1993
The Regents of the University of California. All rights reserved.
By using this file, you agree to the terms and conditions set
forth in the LICENSE file which can be found at the top level of
the sendmail distribution.
######################################################################
######################################################################
SENDMAIL CONFIGURATION FILE
built by root@colloc-domain on Thu Mar 2 18:43:04 CET 2006
in /
using /usr/share/sendmail/cf/ as configuration include directory
######################################################################
DO NOT EDIT THIS FILE! Only edit the source .mc file.
######################################################################
######################################################################
$Id: cfhead.m4,v 8.116 2004/01/28 22:02:22 ca Exp $
$Id: cf.m4,v 8.32 1999/02/07 07:26:14 gshapiro Exp $
$Id: sendmail.mc, v 8.13.5-4 2005-10-11 12:04:27 cowboy Exp $
$Id: autoconf.m4, v 8.13.5-4 2005-10-11 12:04:27 cowboy Exp $
$Id: debian.m4, v 8.13.5-4 2005-10-11 12:04:27 cowboy Exp $
#-------------------------------------------------------------------------
Undocumented features are available in Debian Sendmail 8.13.5-4.
* none
FFR features are available in Debian Sendmail 8.13.5-4.
* milter
* -D_FFR_QUEUE_SCHED_DBG -D_FFR_SKIP_DOMAINS -D_FFR_BLOCK_PROXIES -D_FFR_GROUPREADABLEAUTHINFOFILE -D_FFR_CONTROL_MSTAT -D_FFR_DAEMON_NETUNIX -D_FFR_NO_PIPE -D_FFR_SHM_STATUS -D_FFR_RHS -D_FFR_MAIL_MACRO -D_FFR_HELONAME -D_FFR_QUEUEDELAY=1 -D_FFR_RESET_MACRO_GLOBALS -D_FFR_TLS_1 -D_FFR_DEAL_WITH_ERROR_SSL
#-------------------------------------------------------------------------
These FFR features are for sendmail.mc processing
#-------------------------------------------------------------------------
$Id: debian-mta.m4, v 8.13.5-4 2005-10-11 12:04:27 cowboy Exp $
$Id: no_default_msa.m4,v 8.2 2001/02/14 05:03:22 gshapiro Exp $
$Id: access_db.m4,v 8.26 2004/06/24 18:10:02 ca Exp $
$Id: greet_pause.m4,v 1.4 2004/07/06 20:49:51 ca Exp $
$Id: delay_checks.m4,v 8.8 2000/12/05 18:50:45 ca Exp $
$Id: conncontrol.m4,v 1.4 2004/02/19 21:31:47 ca Exp $
$Id: ratecontrol.m4,v 1.5 2004/02/19 21:31:47 ca Exp $
$Id: proto.m4,v 8.718 2005/08/24 18:07:23 ca Exp $
level 10 config file format
V10/Berkeley
override file safeties - setting this option compromises system security,
addressing the actual file configuration problem is preferred
need to set this before any file actions are encountered in the cf file
O DontBlameSendmail= ,AssumeSafeChown,ForwardFileInGroupWritableDirPath,GroupWritableForwardFileSafe,GroupWritableIncludeFileSafe,IncludeFileInGroupWritableDirPath,DontWarnForwardFileInUnsafeDirPath,TrustStickyBit,NonRootSafeAddr,GroupWritableIncludeFile,GroupReadableaDefaultAuthInfoFile
default LDAP map specification
need to set this now before any LDAP maps are defined
#O LDAPDefaultSpec=-h localhost
##################
local info
##################
my LDAP cluster
need to set this before any LDAP lookups are done (including classes)
#D{sendmailMTACluster}$m
Cwlocalhost
my official domain name
… define this only if sendmail cannot automatically determine your domain
#Dj$w.Foo.COM
host/domain names ending with a token in class P are canonical
CP.
“Smart” relay host (may be null)
DS
operators that cannot be in local usernames (i.e., network indicators)
CO @ % !
a class with just dot (for identifying canonical names)
C…
a class with just a left bracket (for identifying domain literals)
C[[
access_db acceptance class
C{Accept}OK RELAY
Resolve map (to check if a host exists in check_mail)
Kresolve host -a -T
C{ResOk}OKR
Hosts for which relaying is permitted ($=R)
FR-o /etc/mail/relay-domains %[^#]
arithmetic map
Karith arith
macro storage map
Kmacro macro
possible values for TLS_connection in access map
C{Tls}VERIFY ENCR
dequoting map
Kdequote dequote
class E: names that should be exposed as from this host, even if we masquerade
class L: names that should be delivered locally, even if we have a relay
class M: domains that should be converted to $M
class N: domains that should not be converted to $M
#CL root
my name for error messages
DnMAILER-DAEMON
Access list database (for spam stomping)
Kaccess hash -T /etc/mail/access
Configuration version number
DZ8.13.5/Debian-4
###############
Options
###############
strip message body to 7 bits on input?
O SevenBitInput=False
8-bit data handling
#O EightBitMode=pass8
wait for alias file rebuild (default units: minutes)
O AliasWait=10
location of alias file
O AliasFile=/etc/mail/aliases
minimum number of free blocks on filesystem
O MinFreeBlocks=100
maximum message size
#O MaxMessageSize=0
substitution for space (blank) characters
O BlankSub=.
avoid connecting to “expensive” mailers on initial submission?
O HoldExpensive=False
checkpoint queue runs after every N successful deliveries
#O CheckpointInterval=10
default delivery mode
O DeliveryMode=background
error message header/file
#O ErrorHeader=/etc/mail/error-header
error mode
#O ErrorMode=print
save Unix-style “From_” lines at top of header?
#O SaveFromLine=False
queue file mode (qf files)
O QueueFileMode=0640
temporary file mode
O TempFileMode=0644
match recipients against GECOS field?
#O MatchGECOS=False
maximum hop count
#O MaxHopCount=25
location of help file
O HelpFile=/etc/mail/helpfile
ignore dots as terminators in incoming messages?
#O IgnoreDots=False
name resolver options
O ResolverOptions=+WorkAroundBrokenAAAA
deliver MIME-encapsulated error messages?
O SendMimeErrors=True
Forward file search path
O ForwardPath=$z/.forward.$w:$z/.forward
open connection cache size
O ConnectionCacheSize=2
open connection cache timeout
O ConnectionCacheTimeout=5m
persistent host status directory
#O HostStatusDirectory=.hoststat
single thread deliveries (requires HostStatusDirectory)?
#O SingleThreadDelivery=False
use Errors-To: header?
O UseErrorsTo=False
log level
O LogLevel=9
send to me too, even in an alias expansion?
O MeToo=True
verify RHS in newaliases?
O CheckAliases=False
default messages to old style headers if no special punctuation?
O OldStyleHeaders=True
SMTP daemon options
O DaemonPortOptions=Family=inet, Name=MTA-v4, Port=smtp, Addr=127.0.0.1
O DaemonPortOptions=Family=inet, Name=MSP-v4, Port=submission, Addr=127.0.0.1
SMTP client options
#O ClientPortOptions=Family=inet, Address=0.0.0.0
Modifiers to define {daemon_flags} for direct submissions
#O DirectSubmissionModifiers
Use as mail submission program? See sendmail/SECURITY
#O UseMSP
privacy flags
O PrivacyOptions=needmailhelo,needexpnhelo,needvrfyhelo,restrictqrun,restrictexpand,nobodyreturn,authwarnings
who (if anyone) should get extra copies of error messages
#O PostmasterCopy=Postmaster
slope of queue-only function
#O QueueFactor=600000
limit on number of concurrent queue runners
#O MaxQueueChildren
maximum number of queue-runners per queue-grouping with multiple queues
O MaxRunnersPerQueue=5
priority of queue runners (nice(3))
#O NiceQueueRun
shall we sort the queue by hostname first?
#O QueueSortOrder=priority
minimum time in queue before retry
#O MinQueueAge=30m
how many jobs can you process in the queue?
#O MaxQueueRunSize=0
perform initial split of envelope without checking MX records
#O FastSplit=1
queue directory
O QueueDirectory=/var/spool/mqueue
key for shared memory; 0 to turn off
#O SharedMemoryKey=0
timeouts (many of these)
#O Timeout.initial=5m
#O Timeout.connect=5m
#O Timeout.aconnect=0s
O Timeout.iconnect=5s
#O Timeout.helo=5m
O Timeout.mail=2m
#O Timeout.rcpt=1h
O Timeout.datainit=2m
#O Timeout.datablock=1h
#O Timeout.datafinal=1h
O Timeout.rset=1m
O Timeout.quit=2m
#O Timeout.misc=2m
O Timeout.command=5m
O Timeout.ident=5s
#O Timeout.fileopen=60s
#O Timeout.control=2m
O Timeout.queuereturn=5d
#O Timeout.queuereturn.normal=5d
#O Timeout.queuereturn.urgent=2d
#O Timeout.queuereturn.non-urgent=7d
#O Timeout.queuereturn.dsn=5d
O Timeout.queuewarn=4h
#O Timeout.queuewarn.normal=4h
#O Timeout.queuewarn.urgent=1h
#O Timeout.queuewarn.non-urgent=12h
#O Timeout.queuewarn.dsn=4h
#O Timeout.hoststatus=30m
#O Timeout.resolver.retrans=5s
#O Timeout.resolver.retrans.first=5s
#O Timeout.resolver.retrans.normal=5s
#O Timeout.resolver.retry=4
#O Timeout.resolver.retry.first=4
#O Timeout.resolver.retry.normal=4
#O Timeout.lhlo=2m
#O Timeout.auth=10m
#O Timeout.starttls=1h
time for DeliverBy; extension disabled if less than 0
#O DeliverByMin=0
should we not prune routes in route-addr syntax addresses?
#O DontPruneRoutes=False
queue up everything before forking?
O SuperSafe=True
status file
O StatusFile=/var/lib/sendmail/sendmail.st
time zone handling:
if undefined, use system default
if defined but null, use TZ envariable passed in
if defined and non-null, use that info
#O TimeZoneSpec=
default UID (can be username or userid:groupid)
O DefaultUser=mail:mail
list of locations of user database file (null means no lookup)
#O UserDatabaseSpec=/etc/mail/userdb
fallback MX host
#O FallbackMXhost=fall.back.host.net
fallback smart host
#O FallbackSmartHost=fall.back.host.net
if we are the best MX host for a site, try it directly instead of config err
#O TryNullMXList=False
load average at which we just queue messages
#O QueueLA=8
load average at which we refuse connections
#O RefuseLA=12
log interval when refusing connections for this long
#O RejectLogInterval=3h
load average at which we delay connections; 0 means no limit
#O DelayLA=0
maximum number of children we allow at one time
O MaxDaemonChildren=0
maximum number of new connections per second
O ConnectionRateThrottle=15
Width of the window
O ConnectionRateWindowSize=10m
work recipient factor
#O RecipientFactor=30000
deliver each queued job in a separate process?
#O ForkEachJob=False
work class factor
#O ClassFactor=1800
work time factor
#O RetryFactor=90000
default character set
#O DefaultCharSet=unknown-8bit
service switch file (name hardwired on Solaris, Ultrix, OSF/1, others)
#O ServiceSwitchFile=/etc/mail/service.switch
hosts file (normally /etc/hosts)
#O HostsFile=/etc/hosts
dialup line delay on connection failure
#O DialDelay=0s
action to take if there are no recipients in the message
O NoRecipientAction=add-to-undisclosed
chrooted environment for writing to files
O SafeFileEnvironment=/
are colons OK in addresses?
#O ColonOkInAddr=True
shall I avoid expanding CNAMEs (violates protocols)?
#O DontExpandCnames=False
SMTP initial login message (old $e macro)
O SmtpGreetingMessage=$j Sendmail $v/$Z; $b; (No UCE/UBE) $?{client_addr}logging access from: ${client_name}(${client_resolve})-$_$.
UNIX initial From header format (old $l macro)
O UnixFromLine=From $g $d
From: lines that have embedded newlines are unwrapped onto one line
#O SingleLineFromHeader=False
Allow HELO SMTP command that does not include a host name
#O AllowBogusHELO=False
Characters to be quoted in a full name phrase (@,;:()[] are automatic)
O MustQuoteChars=.’
delimiter (operator) characters (old $o macro)
O OperatorChars=.:%@!^/[]+
shall I avoid calling initgroups(3) because of high NIS costs?
#O DontInitGroups=False
are group-writable :include: and .forward files (un)trustworthy?
True (the default) means they are not trustworthy.
#O UnsafeGroupWrites=True
where do errors that occur when sending errors get sent?
#O DoubleBounceAddress=postmaster
where to save bounces if all else fails
O DeadLetterDrop=/var/lib/sendmail/dead.letter
what user id do we assume for the majority of the processing?
#O RunAsUser=sendmail
maximum number of recipients per SMTP envelope
#O MaxRecipientsPerMessage=0
limit the rate recipients per SMTP envelope are accepted
once the threshold number of recipients have been rejected
O BadRcptThrottle=3
shall we get local names from our installed interfaces?
#O DontProbeInterfaces=False
Return-Receipt-To: header implies DSN request
O RrtImpliesDsn=True
override connection address (for testing)
#O ConnectOnlyTo=0.0.0.0
Trusted user for file ownership and starting the daemon
O TrustedUser=smmta
Control socket for daemon management
O ControlSocketName=/var/run/sendmail/mta/smcontrol
Maximum MIME header length to protect MUAs
#O MaxMimeHeaderLength=0/0
Maximum length of the sum of all headers
#O MaxHeadersLength=32768
Maximum depth of alias recursion
#O MaxAliasRecursion=10
location of pid file
O PidFile=/var/run/sendmail/mta/sendmail.pid
Prefix string for the process title shown on ‘ps’ listings
O ProcessTitlePrefix=MTA
Data file (df) memory-buffer file maximum size
#O DataFileBufferSize=4096
Transcript file (xf) memory-buffer file maximum size
#O XscriptFileBufferSize=4096
lookup type to find information about local mailboxes
#O MailboxDatabase=pw
override compile time flag REQUIRES_DIR_FSYNC
#O RequiresDirfsync=true
list of authentication mechanisms
#O AuthMechanisms=EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5
Authentication realm
#O AuthRealm
default authentication information for outgoing connections
#O DefaultAuthInfo=/etc/mail/default-auth-info
SMTP AUTH flags
#O AuthOptions
SMTP AUTH maximum encryption strength
#O AuthMaxBits
SMTP STARTTLS server options
#O TLSSrvOptions
Input mail filters
#O InputMailFilters
CA directory
#O CACertPath
CA file
#O CACertFile
Server Cert
#O ServerCertFile
Server private key
#O ServerKeyFile
Client Cert
#O ClientCertFile
Client private key
#O ClientKeyFile
File containing certificate revocation lists
#O CRLFile
DHParameters (only required if DSA/DH is used)
#O DHParameters
Random data source (required for systems without /dev/urandom under OpenSSL)
#O RandFile
############################
QUEUE GROUP DEFINITIONS
############################
###########################
Message precedences
###########################
Pfirst-class=0
Pspecial-delivery=100
Plist=-30
Pbulk=-60
Pjunk=-100
#####################
Trusted users
#####################
this is equivalent to setting class “t”
#Ft/etc/mail/trusted-users %[^#]
Troot
Tdaemon
Tuucp
#########################
Format of headers
#########################
H?P?Return-Path: <$g>
HReceived: $?sfrom $s $.$?($?s$|from $.$)
$.$?{auth_type}(authenticated$?{auth_ssf} bits=${auth_ssf}$.)
$.by $j ($v/$Z)$?r with $r$. id $i$?{tls_version}
(version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify})$.$?u
for $u; $|;
$.$b
H?D?Resent-Date: $a
H?D?Date: $a
H?F?Resent-From: $?x$x <$g>$|$g$.
H?F?From: $?x$x <$g>$|$g$.
H?x?Full-Name: $x
HPosted-Date: $a
H?l?Received-Date: $b
H?M?Resent-Message-Id: <$t.$i@$j>
H?M?Message-Id: <$t.$i@$j>
#
######################################################################
######################################################################
REWRITING RULES
######################################################################
######################################################################
############################################
Ruleset 3 – Name Canonicalization
############################################
Scanonify=3
handle null input (translate to <@> special case)
R$@ $@ <@>
strip group: syntax (not inside angle brackets!) and trailing semicolon
R$* $: $1 <@> mark addresses
R$* < $* > $* <@> $: $1 < $2 > $3 unmark
R@ $* <@> $: @ $1 unmark @host:…
R$* [ IPv6 : $+ ] <@> $: $1 [ IPv6 : $2 ] unmark IPv6 addr
R$* :: $* <@> $: $1 :: $2 unmark node::addr
R:include: $* <@> $: :include: $1 unmark :include:…
R$* : $* [ $* ] $: $1 : $2 [ $3 ] <@> remark if leading colon
R$* : $* <@> $: $2 strip colon if marked
R$* <@> $: $1 unmark
R$* ; $1 strip trailing semi
R$* < $+ :; > $* $@ $2 :; <@> catch list:;
R$* < $* ; > $1 < $2 > bogus bracketed semi
null input now results from list:; syntax
R$@ $@ :; <@>
strip angle brackets – note RFC733 heuristic to get innermost item
R$* $: < $1 > housekeeping <>
R$+ < $* > < $2 > strip excess on left
R< $* > $+ < $1 > strip excess on right
R<> $@ < @ > MAIL FROM:<> case
R< $+ > $: $1 remove housekeeping <>
strip route address <@a,@b,@c:user@d> -> user@d
R@ $+ , $+ $2
R@ [ $* ] : $+ $2
R@ $+ : $+ $2
find focus for list syntax
R $+ : $* ; @ $+ $@ $>Canonify2 $1 : $2 ; < @ $3 > list syntax
R $+ : $* ; $@ $1 : $2; list syntax
find focus for @ syntax addresses
R$+ @ $+ $: $1 < @ $2 > focus on domain
R$+ < $+ @ $+ > $1 $2 < @ $3 > move gaze right
R$+ < @ $+ > $@ $>Canonify2 $1 < @ $2 > already canonical
convert old-style addresses to a domain-based address
R$- ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > resolve uucp names
R$+ . $- ! $+ $@ $>Canonify2 $3 < @ $1 . $2 > domain uucps
R$+ ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > uucp subdomains
if we have % signs, take the rightmost one
R$* % $* $1 @ $2 First make them all @s.
R$* @ $* @ $* $1 % $2 @ $3 Undo all but the last.
R$* @ $* $@ $>Canonify2 $1 < @ $2 > Insert < > and finish
else we must be a local name
R$* $@ $>Canonify2 $1
################################################
Ruleset 96 – bottom half of ruleset 3
################################################
SCanonify2=96
handle special cases for local names
R$* < @ localhost > $* $: $1 < @ $j . > $2 no domain at all
R$* < @ localhost . $m > $* $: $1 < @ $j . > $2 local domain
R$* < @ localhost . UUCP > $* $: $1 < @ $j . > $2 .UUCP domain
check for IPv4/IPv6 domain literal
R$* < @ [ $+ ] > $* $: $1 < @@ [ $2 ] > $3 mark [addr]
R$* < @@ $=w > $* $: $1 < @ $j . > $3 self-literal
R$* < @@ $+ > $* $@ $1 < @ $2 > $3 canon IP addr
if really UUCP, handle it immediately
try UUCP traffic as a local address
R$* < @ $+ . UUCP > $* $: $1 < @ $[ $2 $] . UUCP . > $3
R$* < @ $+ . . UUCP . > $* $@ $1 < @ $2 . > $3
hostnames ending in class P are always canonical
R$* < @ $* $=P > $* $: $1 < @ $2 $3 . > $4
R$* < @ $* $~P > $* $: $&{daemon_flags} $| $1 < @ $2 $3 > $4
R$* CC $* $| $* < @ $+.$+ > $* $: $3 < @ $4.$5 . > $6
R$* CC $* $| $* $: $3
pass to name server to make hostname canonical
R$* $| $* < @ $* > $* $: $2 < @ $[ $3 $] > $4
R$* $| $* $: $2
local host aliases and pseudo-domains are always canonical
R$* < @ $=w > $* $: $1 < @ $2 . > $3
R$* < @ $=M > $* $: $1 < @ $2 . > $3
R$* < @ $* . . > $* $1 < @ $2 . > $3
##################################################
Ruleset 4 – Final Output Post-rewriting
##################################################
Sfinal=4
R$+ :; <@> $@ $1 : handle list:;
R$* <@> $@ handle <> and list:;
strip trailing dot off possibly canonical name
R$* < @ $+ . > $* $1 < @ $2 > $3
eliminate internal code
R$* < @ LOCAL > $* $1 < @ $j > $2
externalize local domain info
R$* < $+ > $* $1 $2 $3 defocus
R@ $+ : @ $+ : $+ @ $1 , @ $2 : $3 canonical
R@ $* $@ @ $1 … and exit
UUCP must always be presented in old form
R$+ @ $- . UUCP $2!$1 u@h.UUCP => h!u
delete duplicate local names
R$+ % $=w @ $=w $1 @ $2 u%host@host => u@host
##############################################################
Ruleset 97 – recanonicalize and call ruleset zero
(used for recursive calls)
##############################################################
SRecurse=97
R$* $: $>canonify $1
R$* $@ $>parse $1
######################################
Ruleset 0 – Parse Address
######################################
Sparse=0
R$* $: $>Parse0 $1 initial parsing
R<@> $#local $: <@> special case error msgs
R$* $: $>ParseLocal $1 handle local hacks
R$* $: $>Parse1 $1 final parsing
Parse0 – do initial syntax checking and eliminate local addresses.
This should either return with the (possibly modified) input
or return with a #error mailer. It should not return with a
#mailer other than the #error mailer.
SParse0
R<@> $@ <@> special case error msgs
R$* : $* ; <@> $#error $@ 5.1.3 $: "553 List:; syntax illegal for recipient addresses"
R@ <@ $* > < @ $1 > catch “@@host” bogosity
R<@ $+> $#error $@ 5.1.3 $: "553 User address required"
R$+ <@> $#error $@ 5.1.3 $: "553 Hostname required"
R$* $: <> $1
R<> $* < @ [ $* ] : $+ > $* $1 < @ [ $2 ] : $3 > $4
R<> $* < @ [ $* ] , $+ > $* $1 < @ [ $2 ] , $3 > $4
R<> $* < @ [ $* ] $+ > $* $#error $@ 5.1.2 $: "553 Invalid address"
R<> $* < @ [ $+ ] > $* $1 < @ [ $2 ] > $3
R<> $* <$* : $* > $* $#error $@ 5.1.3 $: "553 Colon illegal in host name part"
R<> $* $1
R$* < @ . $* > $* $#error $@ 5.1.2 $: "553 Invalid host name"
R$* < @ $* … $* > $* $#error $@ 5.1.2 $: "553 Invalid host name"
R$* < @ $* @ > $* $#error $@ 5.1.2 $: "553 Invalid route address"
R$* @ $* < @ $* > $* $#error $@ 5.1.3 $: "553 Invalid route address"
R$* , $~O $* $#error $@ 5.1.3 $: “553 Invalid route address”
now delete the local info – note $=O to find characters that cause forwarding
R$* < @ > $* $@ $>Parse0 $>canonify $1 user@ => user
R< @ $=w . > : $* $@ $>Parse0 $>canonify $2 @here:… -> …
R$- < @ $=w . > $: $(dequote $1 $) < @ $2 . > dequote “foo”@here
R< @ $+ > $#error $@ 5.1.3 $: "553 User address required"
R$* $=O $* < @ $=w . > $@ $>Parse0 $>canonify $1 $2 $3 …@here -> …
R$- $: $(dequote $1 $) < @ LOCAL > dequote "foo"
R< @ LOCAL > $#error $@ 5.1.3 $: "553 User address required"
R$* $=O $* < @ LOCAL >
$@ $>Parse0 $>canonify $1 $2 $3 …@LOCAL -> …
R$* < @ LOCAL > $: $1
Parse1 – the bottom half of ruleset 0.
SParse1
handle numeric address spec
R$* < @ [ $+ ] > $* $: $>ParseLocal $1 < @ [ $2 ] > $3 numeric internet spec
R$* < @ [ $+ ] > $* $: $1 < @ [ $2 ] : $S > $3 Add smart host to path
R$* < @ [ $+ ] : > $* $#esmtp $@ [$2] $: $1 < @ [$2] > $3 no smarthost: send
R$* < @ [ $+ ] : $- : $> $ $#$3 $@ $4 $: $1 < @ [$2] > $5 smarthost with mailer
R$* < @ [ $+ ] : $+ > $* $#esmtp $@ $3 $: $1 < @ [$2] > $4 smarthost without mailer
short circuit local delivery so forwarded email works
R$=L < @ $=w . > $#local $: @ $1 special local names
R$+ < @ $=w . > $#local $: $1 regular local name
resolve remotely connected UUCP links (if any)
resolve fake top level domains by forwarding to other hosts
pass names that still have a host to a smarthost (if defined)
R$* < @ $* > $* $: $>MailerToTriple < $S > $1 < @ $2 > $3 glue on smarthost name
deal with other remote names
R$* < @$* > $* $#esmtp $@ $2 $: $1 < @ $2 > $3 user@host.domain
handle locally delivered names
R$=L $#local $: @ $1 special local names
R$+ $#local $: $1 regular local names
###########################################################################
Ruleset 5 – special rewriting after aliases have been expanded
###########################################################################
SLocal_localaddr
Slocaladdr=5
R$+ $: $1 $| $>“Local_localaddr” $1
R$+ $| $#ok $@ $1 no change
R$+ $| $#$* $#$2
R$+ $| $* $: $1
deal with plussed users so aliases work nicely
R$+ + * $#local $@ $&h $: $1
R$+ + $* $#local $@ + $2 $: $1 + *
prepend an empty “forward host” on the front
R$+ $: <> $1
R< > $+ $: < > < $1 <> $&h > nope, restore +detail
R< > < $+ <> + $* > $: < > < $1 + $2 > check whether +detail
R< > < $+ <> $* > $: < > < $1 > else discard
R< > < $+ + $* > $* < > < $1 > + $2 $3 find the user part
R< > < $+ > + $* $#local $@ $2 $: @ $1 strip the extra +
R< > < $+ > $@ $1 no +detail
R$+ $: $1 <> $&h add +detail back in
R$+ <> + $* $: $1 + $2 check whether +detail
R$+ <> $* $: $1 else discard
R< local : $* > $* $: $>MailerToTriple < local : $1 > $2 no host extension
R< error : $* > $* $: $>MailerToTriple < error : $1 > $2 no host extension
R< $~[ : $+ > $+ $: $>MailerToTriple < $1 : $2 > $3 < @ $2 >
R< $+ > $+ $@ $>MailerToTriple < $1 > $2 < @ $1 >
###################################################################
Ruleset 95 – canonify mailer:[user@]host syntax to triple
###################################################################
SMailerToTriple=95
R< > $* $@ $1 strip off null relay
R< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4
R< error : $- : $+ > $* $#error $@ $(dequote $1 $) $: $2
R< error : $+ > $* $#error $: $1
R< local : $* > $* $>CanonLocal < $1 > $2
R< $~[ : $+ @ $+ > $<$>$* $# $1 $@ $3 $: $2<@$3> use literal user
R< $~[ : $+ > $* $# $1 $@ $2 $: $3 try qualified mailer
R< $=w > $* $@ $2 delete local host
R< $+ > $* $#relay $@ $1 $: $2 use unqualified mailer
###################################################################
Ruleset CanonLocal – canonify local: syntax
###################################################################
SCanonLocal
strip local host from routed addresses
R< $* > < @ $+ > : $+ $@ $>Recurse $3
R< $* > $+ $=O $+ < @ $+ > $@ $>Recurse $2 $3 $4
strip trailing dot from any host name that may appear
R< $* > $* < @ $* . > $: < $1 > $2 < @ $3 >
handle local: syntax – use old user, either with or without host
R< > $* < @ $* > $* $#local $@ $1@$2 $: $1
R< > $+ $#local $@ $1 $: $1
handle local:user@host syntax – ignore host part
R< $+ @ $+ > $* < @ $* > $: < $1 > $3 < @ $4 >
handle local:user syntax
R< $+ > $* <@ $* > $* $#local $@ $2@$3 $: $1
R< $+ > $* $#local $@ $2 $: $1
###################################################################
Ruleset 93 – convert header names to masqueraded form
###################################################################
SMasqHdr=93
do not masquerade anything in class N
R$* < @ $* $=N . > $@ $1 < @ $2 $3 . >
R$* < @ LOCAL > $@ $1 < @ $j . >
###################################################################
Ruleset 94 – convert envelope names to masqueraded form
###################################################################
SMasqEnv=94
R$* < @ LOCAL > $* $: $1 < @ $j . > $2
###################################################################
Ruleset 98 – local part of ruleset zero (can be null)
###################################################################
SParseLocal=98
######################################################################
D: LookUpDomain – search for domain in access database
Parameters:
<$1> – key (domain name)
<$2> – default (what to return if not found in db)
<$3> – mark (must be <(!|+) single-token>)
! does lookup only with tag
+ does lookup with and without tag
<$4> – passthru (additional data passed unchanged through)
######################################################################
SD
R<$> <$+> <$- $-> <$> $: < $(access $4:$1 $: ? $) > <$1> <$2> <$3 $4> <$5>
R<?> <$+> <$+> <+ $-> <$> $: < $(access $1 $: ? $) > <$1> <$2> <+ $3> <$4>
R <$+> <$+> <$- $-> <$> $@ <$2> <$5>
R<?> <[$+.$-]> <$+> <$- $-> <$> $@ $>D <[$1]> <$3> <$4 $5> <$6>
R<?> <[$+::$-]> <$+> <$- $-> <$> $: $>D <[$1]> <$3> <$4 $5> <$6>
R<?> <[$+:$-]> <$+> <$- $-> <$> $: $>D <[$1]> <$3> <$4 $5> <$6>
R<?> <$+.$+> <$+> <$- $-> <$> $@ $>D <$2> <$3> <$4 $5> <$6>
R<?> <$+> <$+> <$- $-> <$> $@ <$2> <$5>
R<$ > <$+> <$+> <$- $-> <$> $@ <> <$6>
R<$> <$+> <$+> <$- $-> <$*> $@ <$1> <$6>
######################################################################
A: LookUpAddress – search for host address in access database
Parameters:
<$1> – key (dot quadded host address)
<$2> – default (what to return if not found in db)
<$3> – mark (must be <(!|+) single-token>)
! does lookup only with tag
+ does lookup with and without tag
<$4> – passthru (additional data passed through)
######################################################################
SA
R<$+> <$+> <$- $-> <$> $: < $(access $4:$1 $: ? $) > <$1> <$2> <$3 $4> <$5>
R<?> <$+> <$+> <+ $-> <$> $: < $(access $1 $: ? $) > <$1> <$2> <+ $3> <$4>
R <$+> <$+> <$- $-> <$> $@ <$2> <$5>
R<?> <$+::$-> <$+> <$- $-> <$> $@ $>A <$1> <$3> <$4 $5> <$6>
R<?> <$+:$-> <$+> <$- $-> <$> $@ $>A <$1> <$3> <$4 $5> <$6>
R<?> <$+.$-> <$+> <$- $-> <$> $@ $>A <$1> <$3> <$4 $5> <$6>
R<?> <$+> <$+> <$- $-> <$> $@ <$2> <$5>
R<$ > <$+> <$+> <$- $-> <$> $@ <> <$6>
R<$> <$+> <$+> <$- $-> <$*> $@ <$1> <$6>
######################################################################
CanonAddr – Convert an address into a standard form for
relay checking. Route address syntax is
crudely converted into a %-hack address.
Parameters:
$1 – full recipient address
Returns:
parsed address, not in source route form
######################################################################
SCanonAddr
R$* $: $>Parse0 $>canonify $1 make domain canonical
######################################################################
ParseRecipient – Strip off hosts in $=R as well as possibly
$* $=m or the access database.
Check user portion for host separators.
Parameters:
$1 – full recipient address
Returns:
parsed, non-local-relaying address
######################################################################
SParseRecipient
R$* $: <?> $>CanonAddr $1
R<?> $* < @ $* . > <?> $1 < @ $2 > strip trailing dots
R<?> $- < @ $* > $: <?> $(dequote $1 $) < @ $2 > dequote local part
if no $=O character, no host in the user portion, we are done
R<?> $* $=O $* < @ $* > $: $1 $2 $3 < @ $4>
R<?> $* $@ $1
R $* < @ $* $=R > $: $1 < @ $2 $3 >
R $* < @ $+ > $: $>D <$2> <+ To> <$1 < @ $2 >>
R<$+> <$+> $: <$1> $2
R $* < @ $* > $@ $>ParseRecipient $1
R<$+> $* $@ $2
######################################################################
check_relay – check hostname/address on SMTP startup
######################################################################
Scheck_relay
R$* $: $>“RateControl” dummy
R$* $: $>“ConnControl” dummy
SLocal_check_relay
Scheckrelay
R$* $: $1 $| $>“Local_check_relay” $1
R$* $| $* $| $#$* $#$3
R$* $| $* $| $* $@ $>“Basic_check_relay” $1 $| $2
SBasic_check_relay
check for deferred delivery mode
R$* $: < $&{deliveryMode} > $1
R< d > $* $@ deferred
R< $* > $* $: $2
R$+ $| $+ $: $>D < $1 > <?> <+ Connect> < $2 >
R $| $+ $: $>A < $1 > <?> <+ Connect> <> empty client_name
R<?> <$+> $: $>A < $1 > <?> <+ Connect> <> no: another lookup
R<?> <$> $: OK found nothing
R<$={Accept}> <$> $@ $1 return value of lookup
R <$> $#error $@ 5.7.1 $: "550 Access denied"
R <$> $#discard $: discard
RQUARANTINE:$+ <$> $#error $@ quarantine $: $1
RERROR:$-.$-.$-:$+ <$> $#error $@ $1.$2.$3 $: $4
RERROR:$+ <$> $#error $: $1
R<$ > <$> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
R<$+> <$> $#error $: $1
######################################################################
check_mail – check SMTP `MAIL FROM:’ command argument
######################################################################
SLocal_check_mail
Scheckmail
R$* $: $1 $| $>“Local_check_mail” $1
R$* $| $#$* $#$2
R$* $| $* $@ $>“Basic_check_mail” $1
SBasic_check_mail
check for deferred delivery mode
R$* $: < $&{deliveryMode} > $1
R< d > $* $@ deferred
R< $* > $* $: $2
authenticated?
R$* $: $1 $| $>“tls_client” $&{verify} $| MAIL
R$* $| $#$+ $#$2
R$* $| $* $: $1
R<> $@ we MUST accept <> (RFC 1123)
R$+ $: <?> $1
R<?><$+> $: <@> <$1>
R<?>$+ $: <@> <$1>
R$* $: $&{daemon_flags} $| $1
R$* f $* $| <@> < $* @ $- > $: < ? $&{client_name} > < $3 @ $4 >
R$* u $* $| <@> < $* > $: <?> < $3 >
R$* $| $* $: $2
handle case of @localhost on address
R<@> < $* @ localhost > $: < ? $&{client_name} > < $1 @ localhost >
R<@> < $* @ [127.0.0.1] >
$: < ? $&{client_name} > < $1 @ [127.0.0.1] >
R<@> < $* @ localhost.$m >
$: < ? $&{client_name} > < $1 @ localhost.$m >
R<@> < $* @ localhost.UUCP >
$: < ? $&{client_name} > < $1 @ localhost.UUCP >
R<@> $* $: $1 no localhost as domain
R<? $=w> $* $: $2 local client: ok
R<? $+> <$+> $#error $@ 5.5.4 $: "553 Real domain name required for sender address"
R<?> $* $: $1
R$* $: <?> $>CanonAddr $1 canonify sender address and mark it
R<?> $* < @ $+ . > <?> $1 < @ $2 > strip trailing dots
handle non-DNS hostnames (*.bitnet, *.decnet, *.uucp, etc)
R<?> $* < @ $* $=P > $: $1 < @ $2 $3 >
R<?> $* < @ $j > $: $1 < @ $j >
R<?> $* < @ $+ > $: <? $(resolve $2 $: $2 $) > $1 < @ $2 >
R<? $* <$->> $* < @ $+ >
$: <$2> $3 < @ $4 >
check sender address: user@address, user@, address
R<$+> $+ < @ $* > $: @<$1> <$2 < @ $3 >> $| <F:$2@$3> <U:$2@> <D:$3>
R<$+> $+ $: @<$1> <$2> $| <U:$2@>
R@ <$+> <$> $| <$+> $: <@> <$1> <$2> $| $>SearchList <+ From> $| <$3> <>
R<@> <$+> <$> $| <$*> $: <$3> <$1> <$2> reverse result
retransform for further use
R<?> <$+> <$> $: <$1> $2 no match
R<$+> <$+> <$> $: <$1> $3 relevant result, keep it
handle case of no @domain on address
R<?> $* $: $&{daemon_flags} $| <?> $1
R$* u $* $| <?> $* $: $3
R$* $| $* $: $2
R<?> $* $: < ? $&{client_addr} > $1
R<?> $* $@ …local unqualed ok
R<? $+> $* $#error $@ 5.5.4 $: "553 Domain name required for sender address " $&f
…remote is not
check results
R<?> $* $: @ $1 mark address: nothing known about it
R<$={ResOk}> $* $@ domain ok: stop
R $* $#error $@ 4.1.8 $: "451 Domain of sender address " $&f " does not resolve"
R $* $#error $@ 5.1.8 $: "553 Domain of sender address " $&f " does not exist"
R<$={Accept}> $* $# $1 accept from access map
R $* $#discard $: discard
RQUARANTINE:$+ $* $#error $@ quarantine $: $1
R $* $#error $@ 5.7.1 $: "550 Access denied"
RERROR:$-.$-.$-:$+ $* $#error $@ $1.$2.$3 $: $4
RERROR:$+ $* $#error $: $1
R<> $* $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
R<$+> $* $#error $: $1 error from access db
######################################################################
check_rcpt – check SMTP `RCPT TO:’ command argument
######################################################################
SLocal_check_rcpt
Scheckrcpt
R$* $: $1 $| $>“Local_check_rcpt” $1
R$* $| $#$* $#$2
R$* $| $* $@ $>“Basic_check_rcpt” $1
SBasic_check_rcpt
empty address?
R<> $#error $@ nouser $: "553 User address required"
R$@ $#error $@ nouser $: “553 User address required”
check for deferred delivery mode
R$* $: < $&{deliveryMode} > $1
R< d > $* $@ deferred
R< $* > $* $: $2
######################################################################
R$* $: $1 $| @ $>“Rcpt_ok” $1
R$* $| @ $#TEMP $+ $: $1 $| T $2
R$* $| @ $#$* $#$2
R$* $| @ RELAY $@ RELAY
R$* $| @ $* $: O $| $>“Relay_ok” $1
R$* $| T $+ $: T $2 $| $>“Relay_ok” $1
R$* $| $#TEMP $+ $#error $2
R$* $| $#$* $#$2
R$* $| RELAY $@ RELAY
R T $+ $| $* $#error $1
anything else is bogus
R$* $#error $@ 5.7.1 $: “550 Relaying denied”
######################################################################
Rcpt_ok: is the recipient ok?
######################################################################
SRcpt_ok
R$* $: $>ParseRecipient $1 strip relayable hosts
authenticated via TLS?
R$* $: $1 $| $>RelayTLS client authenticated?
R$* $| $# $+ $# $2 error/ok?
R$* $| $* $: $1 no
R$* $: $1 $| $>“Local_Relay_Auth” $&{auth_type}
R$* $| $# $* $# $2
R$* $| NO $: $1
R$* $| $* $: $1 $| $&{auth_type}
R$* $| $: $1
R$* $| $={TrustAuthMech} $# RELAY
R$* $| $* $: $1
anything terminating locally is ok
R$+ < @ $=w > $@ RELAY
R$+ < @ $* $=R > $@ RELAY
R$+ < @ $+ > $: $>D <$2> <?> <+ To> <$1 < @ $2 >>
R $* $@ RELAY
R<$* > $* $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
R<$> <$> $: $2
check for local user (i.e. unqualified address)
R$* $: <?> $1
R<?> $* < @ $+ > $: $1 < @ $2 >
local user is ok
R<?> $+ $@ RELAY
R<$+> $* $: $2
######################################################################
Relay_ok: is the relay/sender ok?
######################################################################
SRelay_ok
anything originating locally is ok
check IP address
R$* $: $&{client_addr}
R$@ $@ RELAY originated locally
R0 $@ RELAY originated locally
R127.0.0.1 $@ RELAY originated locally
RIPv6:::1 $@ RELAY originated locally
R$=R $* $@ RELAY relayable IP address
R$* $: $>A <$1> <?> <+ Connect> <$1>
R $* $@ RELAY relayable IP address
R<> $* $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
R<$> <$> $: $2
R$* $: [ $1 ] put brackets around it…
R$=w $@ RELAY … and see if it is local
check client name: first: did it resolve?
R$* $: < $&{client_resolve} >
R $#TEMP $@ 4.4.0 $: "450 Relaying temporarily denied. Cannot resolve PTR record for " $&{client_addr}
R $#error $@ 5.7.1 $: "550 Relaying denied. IP name possibly forged " $&{client_name}
R $#error $@ 5.7.1 $: "550 Relaying denied. IP name lookup failed " $&{client_name}
R$* $: <@> $&{client_name}
pass to name server to make hostname canonical
R<@> $* $=P $:<?> $1 $2
R<@> $+ $:<?> $[ $1 $]
R$* . $1 strip trailing dots
R<?> $=w $@ RELAY
R<?> $* $=R $@ RELAY
R<?> $* $: $>D <$1> <?> <+ Connect> <$1>
R $* $@ RELAY
R<$* > $* $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
R<$> <$> $: $2
turn a canonical address in the form user<@domain>
qualify unqual. addresses with $j
SFullAddr
R$* <@ $+ . > $1 <@ $2 >
R$* <@ $* > $@ $1 <@ $2 >
R$+ $@ $1 <@ $j >
SDelay_TLS_Clt
authenticated?
R$* $: $1 $| $>“tls_client” $&{verify} $| MAIL
R$* $| $#$+ $#$2
R$* $| $* $# $1
R$* $# $1
SDelay_TLS_Clt2
authenticated?
R$* $: $1 $| $>“tls_client” $&{verify} $| MAIL
R$* $| $#$+ $#$2
R$* $| $* $@ $1
R$* $@ $1
call all necessary rulesets
Scheck_rcpt
R$@ $#error $@ 5.1.3 $: “553 Recipient address required”
R$+ $: $1 $| $>checkrcpt $1
R$+ $| $#error $* $#error $2
R$+ $| $#discard $* $#discard $2
R$+ $| $#$* $@ $>“Delay_TLS_Clt” $2
R$+ $| $* $: <?> $>FullAddr $>CanonAddr $1
R<?> $+ < @ $=w > $: <> $1 < @ $2 > $| <F: $1@$2 > <D: $2 > <U: $1@>
R<?> $+ < @ $* > $: <> $1 < @ $2 > $| <F: $1@$2 > <D: $2 >
lookup the addresses only with Spam tag
R<> $* $| <$+> $: <@> $1 $| $>SearchList <! Spam> $| <$2> <>
R<@> $* $| $* $: $2 $1 reverse result
is the recipient a spam friend?
R $+ $@ $>“Delay_TLS_Clt2” SPAMFRIEND
R<$> $+ $: $2
R$ $: $1 $| $>checkmail $&{mail_from}
R$* $| $#$* $#$2
R$* $| $* $: $1 $| $>checkrelay $&{client_name} $| $&{client_addr}
R$* $| $#$* $#$2
R$* $| $* $: $1
######################################################################
F: LookUpFull – search for an entry in access database
lookup of full key (which should be an address) and
variations if +detail exists: +* and without +detail
Parameters:
<$1> – key
<$2> – default (what to return if not found in db)
<$3> – mark (must be <(!|+) single-token>)
! does lookup only with tag
+ does lookup with and without tag
<$4> – passthru (additional data passed unchanged through)
######################################################################
SF
R<$+> <$> <$- $-> <$> $: <$(access $4:$1 $: ? $)> <$1> <$2> <$3 $4> <$5>
R<?> <$+> <$> <+ $-> <$> $: <$(access $1 $: ? $)> <$1> <$2> <+ $3> <$4>
R<?> <$+ + $* @ $+> <$> <$- $-> <$>
$: <$(access $6:$1+@$3 $: ? $)> <$1+$2@$3> <$4> <$5 $6> <$7>
R<?> <$+ + $ @ $+> <$> <+ $-> <$>
$: <$(access $1+@$3 $: ? $)> <$1+$2@$3> <$4> <+ $5> <$6>
R<?> <$+ + $ @ $+> <$> <$- $-> <$>
$: <$(access $6:$1@$3 $: ? $)> <$1+$2@$3> <$4> <$5 $6> <$7>
R<?> <$+ + $* @ $+> <$> <+ $-> <$>
$: <$(access $1@$3 $: ? $)> <$1+$2@$3> <$4> <+ $5> <$6>
R<?> <$+> <$> <$- $-> <$> $@ <$2> <$5>
R<$+ > <$> <$- $-> <$> $@ <> <$5>
R<$+> <$> <$- $-> <$> $@ <$1> <$5>
######################################################################
E: LookUpExact – search for an entry in access database
Parameters:
<$1> – key
<$2> – default (what to return if not found in db)
<$3> – mark (must be <(!|+) single-token>)
! does lookup only with tag
+ does lookup with and without tag
<$4> – passthru (additional data passed unchanged through)
######################################################################
SE
R<$> <$> <$- $-> <$> $: <$(access $4:$1 $: ? $)> <$1> <$2> <$3 $4> <$5>
R<?> <$+> <$> <+ $-> <$> $: <$(access $1 $: ? $)> <$1> <$2> <+ $3> <$4>
R<?> <$+> <$> <$- $-> <$> $@ <$2> <$5>
R<$+ > <$> <$- $-> <$> $@ <> <$5>
R<$+> <$> <$- $-> <$*> $@ <$1> <$5>
######################################################################
U: LookUpUser – search for an entry in access database
lookup of key (which should be a local part) and
variations if +detail exists: +* and without +detail
Parameters:
<$1> – key (user@)
<$2> – default (what to return if not found in db)
<$3> – mark (must be <(!|+) single-token>)
! does lookup only with tag
+ does lookup with and without tag
<$4> – passthru (additional data passed unchanged through)
######################################################################
SU
R<$+> <$> <$- $-> <$> $: <$(access $4:$1 $: ? $)> <$1> <$2> <$3 $4> <$5>
R<?> <$+> <$> <+ $-> <$> $: <$(access $1 $: ? $)> <$1> <$2> <+ $3> <$4>
R<?> <$+ + $* @> <$> <$- $-> <$>
$: <$(access $5:$1+@ $: ? $)> <$1+$2@> <$3> <$4 $5> <$6>
R<?> <$+ + $ @> <$> <+ $-> <$>
$: <$(access $1+@ $: ? $)> <$1+$2@> <$3> <+ $4> <$5>
R<?> <$+ + $ @> <$> <$- $-> <$>
$: <$(access $5:$1@ $: ? $)> <$1+$2@> <$3> <$4 $5> <$6>
R<?> <$+ + $* @> <$> <+ $-> <$>
$: <$(access $1@ $: ? $)> <$1+$2@> <$3> <+ $4> <$5>
R<?> <$+> <$> <$- $-> <$> $@ <$2> <$5>
R<$+ > <$> <$- $-> <$> $@ <> <$5>
R<$+> <$> <$- $-> <$> $@ <$1> <$5>
######################################################################
SearchList: search a list of items in the access map
Parameters:
where “exact” is either “+” or “!”:
<+ TAG> lookup with and w/o tag
<! TAG> lookup with tag
possible values for “mark” are:
D: recursive host lookup (LookUpDomain)
E: exact lookup, no modifications
F: full lookup, try user+ext@domain and user@domain
U: user lookup, try user+ext and user (input must have trailing @)
return: or <?> (not found)
######################################################################
class with valid marks for SearchList
C{Src}E F D U A
SSearchList
just call the ruleset with the name of the tag… nice trick…
R<$+> $| <$={Src}
> <$> $: <$1> $| <$4> $| $>$2 <$3> <?> <$1> <>
R<$+> $| <> $| <?> <> $@ <?>
R<$+> $| <$+> $| <?> <> $@ $>SearchList <$1> $| <$2>
R<$+> $| <$*> $| <$+> <> $@ <$3>
R<$+> $| <$+> $@ <$2>
######################################################################
trust_auth: is user trusted to authenticate as someone else?
Parameters:
$1: AUTH= parameter from MAIL command
######################################################################
SLocal_trust_auth
Strust_auth
R$* $: $&{auth_type} $| $1
required by RFC 2554 section 4.
R$@ $| $* $#error $@ 5.7.1 $: "550 not authenticated"
R$* $| $&{auth_authen} $@ identical
R$* $| <$&{auth_authen}> $@ identical
R$* $| $* $: $1 $| $>“Local_trust_auth” $2
R$* $| $#$* $#$2
R$* $#error $@ 5.7.1 $: "550 " $&{auth_authen} " not allowed to act as " $&{auth_author}
######################################################################
Relay_Auth: allow relaying based on authentication?
Parameters:
$1: ${auth_type}
######################################################################
SLocal_Relay_Auth
######################################################################
srv_features: which features to offer to a client?
(done in server)
######################################################################
Ssrv_features
R$* $: $>D <$&{client_name}> <?> <! “Srv_Features”> <>
R<?>$* $: $>A <$&{client_addr}> <?> <! “Srv_Features”> <>
R<?>$* $: <$(access “Srv_Features”: $: ? $)>
R<?>$* $@ OK
R<$* >$* $#temp
R<$+>$* $# $1
######################################################################
try_tls: try to use STARTTLS?
(done in client)
######################################################################
Stry_tls
R$* $: $>D <$&{server_name}> <?> <! “Try_TLS”> <>
R<?>$* $: $>A <$&{server_addr}> <?> <! “Try_TLS”> <>
R<?>$* $: <$(access “Try_TLS”: $: ? $)>
R<?>$* $@ OK
R<$* >$* $#error $@ 4.3.0 $: “451 Temporary system failure. Please try again later.“
R$* $#error $@ 5.7.1 $: “550 do not try TLS with " $&{server_name} " [”$&{server_addr}”]”
######################################################################
tls_rcpt: is connection with server “good” enough?
(done in client, per recipient)
Parameters:
$1: recipient
######################################################################
Stls_rcpt
R$* $: $(macro {TLS_Name} $@ $&{server_name} $) $1
R$+ $: <?> $>CanonAddr $1
R<?> $+ < @ $+ . > <?> $1 <@ $2 >
R<?> $+ < @ $+ > $: $1 <@ $2 > $| <F:$1@$2> <U:$1@> <D:$2> <E:>
R<?> $+ $: $1 $| <U:$1@> <E:>
R$* $| $+ $: $1 $| $>SearchList <! “TLS_Rcpt”> $| $2 <>
R$* $| <?> $@ OK
R$* $| <$* > $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
R$* $| <$+> $@ $>“TLS_connection” $&{verify} $| <$2>
######################################################################
tls_client: is connection with client “good” enough?
(done in server)
Parameters:
${verify} $| (MAIL|STARTTLS)
######################################################################
Stls_client
R$* $: $(macro {TLS_Name} $@ $&{server_name} $) $1
R$* $| $* $: $1 $| $>D <$&{client_name}> <?> <! “TLS_Clt”> <>
R$* $| <?>$* $: $1 $| $>A <$&{client_addr}> <?> <! “TLS_Clt”> <>
R$* $| <?>$* $: $1 $| <$(access “TLS_Clt”: $: ? $)>
R$* $| <$* > $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
R$* $@ $>“TLS_connection” $1
######################################################################
tls_server: is connection with server “good” enough?
(done in client)
Parameter:
${verify}
######################################################################
Stls_server
R$* $: $(macro {TLS_Name} $@ $&{server_name} $) $1
R$* $: $1 $| $>D <$&{server_name}> <?> <! “TLS_Srv”> <>
R$* $| <?>$* $: $1 $| $>A <$&{server_addr}> <?> <! “TLS_Srv”> <>
R$* $| <?>$* $: $1 $| <$(access “TLS_Srv”: $: ? $)>
R$* $| <$* > $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
R$* $@ $>“TLS_connection” $1
######################################################################
TLS_connection: is TLS connection “good” enough?
Parameters:
${verify} $| [<>]
Requirement: RHS from access map, may be ? for none.
######################################################################
STLS_connection
R$* $| <$>$ $: $1 $| <$2>
create the appropriate error codes
R$* $| <PERM + $={Tls} $> $: $1 $| <503:5.7.0> <$2 $3>
R$ $| <TEMP + $={Tls} $> $: $1 $| <403:4.7.0> <$2 $3>
R$ $| <$={Tls} $*> $: $1 $| <403:4.7.0> <$2 $3>
deal with TLS handshake failures: abort
RSOFTWARE $| <$-:$+> $* $#error $@ $2 $: $1 " TLS handshake failed."
RSOFTWARE $| $* $#error $@ 4.7.0 $: “403 TLS handshake failed.”
deal with TLS protocol errors: abort
RPROTOCOL $| <$-:$+> $* $#error $@ $2 $: $1 " STARTTLS failed."
RPROTOCOL $| $* $#error $@ 4.7.0 $: "403 STARTTLS failed."
R$* $| <$> $: <$2> <> $1
R$ $| <$> <VERIFY + $+> $: <$2> <$3> $1
R$ $| <$> <$={Tls}:$->$ $: <$2> <$3:$4> <> $1
R$* $| <$> <$={Tls}:$- + $+>$ $: <$2> <$3:$4> <$5> $1
R$* $| $* $@ OK
authentication required: give appropriate error
other side did authenticate (via STARTTLS)
R<$> <> OK $@ OK
R<$> <$+> OK $: <$1> REQ:0 <$2>
R<$>VERIFY:$- <$> OK $: <$1> REQ:$2 <$3>
R<$>ENCR:$- <$> $* $: <$1> REQ:$2 <$3>
R<$-:$+><VERIFY $> <$> $#error $@ $2 $: $1 " authentication required"
R<$-:$+><VERIFY $> <$> FAIL $#error $@ $2 $: $1 " authentication failed"
R<$-:$+><VERIFY $> <$> NO $#error $@ $2 $: $1 " not authenticated"
R<$-:$+><VERIFY $> <$> NOT $#error $@ $2 $: $1 " no authentication requested"
R<$-:$+><VERIFY $> <$> NONE $#error $@ $2 $: $1 " other side does not support STARTTLS"
R<$-:$+><VERIFY $> <$> $+ $#error $@ $2 $: $1 " authentication failure " $4
R<$>REQ:$- <$> $: <$1> REQ:$2 <$3> $>max $&{cipher_bits} : $&{auth_ssf}
R<$>REQ:$- <$> $- $: <$1> <$2:$4> <$3> $(arith l $@ $4 $@ $2 $)
R<$-:$+><$-:$-> <$> TRUE $#error $@ $2 $: $1 " encryption too weak " $4 " less than " $3
R<$-:$+><$-:$-> <$> $* $: <$1:$2 ++ $5>
R<$-:$+ ++ > $@ OK
R<$-:$+ ++ $+ > $: <$1:$2> <$3>
R<$-:$+> < $+ ++ $+ > <$1:$2> <$3> <$4>
R<$-:$+> $+ $@ $>“TLS_req” $3 $| <$1:$2>
######################################################################
TLS_req: check additional TLS requirements
Parameters: [ ] $| <$-:$+>
$-: SMTP reply code
$+: Enhanced Status Code
######################################################################
STLS_req
R $| $+ $@ OK
R $* $| <$+> $: CN:$&{TLS_Name} $1 $| <$2>
RCN:$&{cn_subject} $* $| <$+> $@ $>“TLS_req” $1 $| <$2>
RCN:$+ $* $| <$-:$+> $#error $@ $4 $: $3 " CN " $&{cn_subject} " does not match " $1
RCS:$&{cert_subject} $* $| <$+> $@ $>“TLS_req” $1 $| <$2>
RCS:$+ $* $| <$-:$+> $#error $@ $4 $: $3 " Cert Subject " $&{cert_subject} " does not match " $1
RCI:$&{cert_issuer} $* $| <$+> $@ $>“TLS_req” $1 $| <$2>
RCI:$+ $* $| <$-:$+> $#error $@ $4 $: $3 " Cert Issuer " $&{cert_issuer} " does not match " $1
ROK $@ OK
######################################################################
max: return the maximum of two values separated by :
Parameters: [$-]:[$-]
######################################################################
Smax
R: $: 0
R:$- $: $1
R$-: $: $1
R$-:$- $: $(arith l $@ $1 $@ $2 $) : $1 : $2
RTRUE:$-:$- $: $2
R$-:$-:$- $: $2
######################################################################
RelayTLS: allow relaying based on TLS authentication
Parameters:
none
######################################################################
SRelayTLS
authenticated?
R$* $: <?> $&{verify}
R<?> OK $: OK authenticated: continue
R<?> $* $@ NO not authenticated
R$* $: $&{cert_issuer}
R$+ $: $(access CERTISSUER:$1 $)
RRELAY $# RELAY
RSUBJECT $: <@> $&{cert_subject}
R<@> $+ $: <@> $(access CERTSUBJECT:$1 $)
R<@> RELAY $# RELAY
R$* $: NO
######################################################################
authinfo: lookup authinfo in the access map
Parameters:
$1: {server_name}
$2: {server_addr}
######################################################################
Sauthinfo
R$* $: $1 $| $>D <$&{server_name}> <?> <! AuthInfo> <>
R$* $| <?>$* $: $1 $| $>A <$&{server_addr}> <?> <! AuthInfo> <>
R$* $| <?>$* $: $1 $| <$(access AuthInfo: $: ? $)> <>
R$* $| <?>$* $@ no no authinfo available
R$* $| <$*> <> $# $2
######################################################################
RateControl:
Parameters: ignored
return: $#error or OK
######################################################################
SRateControl
R$* $: <A:$&{client_addr}> <E:>
R$+ $: $>SearchList <! ClientRate> $| $1 <>
R<?> $@ OK
R<$* > $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
R<0> $@ OK no limit
R<$+> $: <$1> $| $(arith l $@ $&{client_rate} $@ $1 $)
R<$+> $| FALSE $#error $@ 4.3.2 $: 421 Connection rate limit exceeded.
######################################################################
ConnControl:
Parameters: ignored
return: $#error or OK
######################################################################
SConnControl
R$* $: <A:$&{client_addr}> <E:>
R$+ $: $>SearchList <! ClientConn> $| $1 <>
R<?> $@ OK
R<$* > $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
R<0> $@ OK no limit
R<$+> $: <$1> $| $(arith l $@ $&{client_connections} $@ $1 $)
R<$+> $| FALSE $#error $@ 4.3.2 $: 421 Too many open connections.
######################################################################
greet_pause: lookup pause time before 220 gree
…et j’espere que ca te taperas a l’oeuil, sinon si tu n’y arrive vraiment pas on en reparle, patience, pertincance…
fait plaisirs, penche toi sur les docs un peu plus, la ta le site francophone de squirreImail 