宇泰資訊 - 站長部落格

主選單

小圖蒐集區

登入

版面風格

站長部落格 - 最新的日誌

訂閱日誌

選擇類別 :

醫學(5)	HTML語法(7)	OSCommerce電子商務(3)
PHP 程式(1)	SQL SERVER(15)	ubuntu 技術資料(3) apache2(1) DNS(9) kubuntu 12.04 中文輸入法(1) sendmail(5) Webmin(1) 驅動程式(4)
Visual DBtools 2.2(17)	WINDOW 7作業系統(0) 開機選單(1)	windows作業(3) 電腦系統工具(0)
XOOPS入口網站(1)	友站連結公司行號(3)	其它的(12)
程式計設系統分析(1)

最新的日誌

2010/03/29

轉換網址

分類: HTML語法

作者: lutuni (10:04 am)

建立一個 index.html 檔案, 內容如下 a 或 b 皆可

a.
<html><head>
<meta http-equiv="Refresh"
content="0;URL=http://your_server/cgi-bin/openwebmail/openwebmail.pl">
</head></html>

b.
<html>
<body onload=
"window.open('http://your_server/cgi-bin/openwebmail/openwebmail.pl','_top')">
</body>
</html>

閱讀 lutuni 的日誌 | 迴響 (0) | 引用次數 (0) | 瀏覽次數 (659)

2010/03/23

架設DNS Server

分類: ubuntu 技術資料 DNS :

作者: lutuni (8:16 am)

Ubuntu Server上所提供的DNS Server套件是bind
接著我們開啟一個terminal
並輸入下列指令:
檢視原始檔複製到剪貼簿列印關於

1. sudo apt-get install bind9

sudo apt-get install bind9

接下來請提供具管理權限密碼並回答Y進行套件的安裝
安裝完成之後就要來設定了
首先編輯/etc/bind/named.conf.local
檢視原始檔複製到剪貼簿列印關於

1. sudo vim /etc/bind/named.conf.local

sudo vim /etc/bind/named.conf.local

例如我們申請了一個網域叫作dadiling.com
且我們申請的真實IP是59.125.159.74
因此要新增底下的內容到named.conf.local中
檢視原始檔複製到剪貼簿列印關於

1. zone "dadiling.com" {
2. type master;
3. file "/etc/bind/dadiling.com.hosts";
4. };
5. zone "159.125.59.in-addr.arpa" {
6. type master;
7. file "/etc/bind/159.125.59.rev";
8. };

zone "dadiling.com" {
type master;
file "/etc/bind/dadiling.com.hosts";
};
zone "159.125.59.in-addr.arpa" {
type master;
file "/etc/bind/159.125.59.rev";
};

接下來要產生正向網域名稱檔案且新增一筆主機紀錄(mail.dadiling.com的真實IP對應到59.125.159.74)
請執行下列指令:
檢視原始檔複製到剪貼簿列印關於

1. sudo vim /etc/bind/dadiling.com.hosts

sudo vim /etc/bind/dadiling.com.hosts

新增內容如下:
檢視原始檔複製到剪貼簿列印關於

1. $ttl 38400
2. dadiling.com. IN SOA mail1. dadiling.com. (
3. 1255760316
4. 10800
5. 3600
6. 604800
7. 38400 )
8. dadiling.com. IN NS mail1.
9. mail.dadiling.com. IN A 59.125.159.74

$ttl 38400
dadiling.com. IN SOA mail1.dadiling.com. (
1255760316
10800
3600
604800
38400 )
dadiling.com. IN NS mail1.
mail.dadiling.com. IN A 59.125.159.74

接下來要產生反向網域名稱檔案且新增一筆反向IP紀錄(真實IP 59.125.159.74對應到mail.dadiling.com)
請執行下列指令:
檢視原始檔複製到剪貼簿列印關於

1. sudo vim /etc/bind/159.125.59.rev

sudo vim /etc/bind/159.125.59.rev

新增內容如下:
檢視原始檔複製到剪貼簿列印關於

1. $ttl 38400
2. 159.125.59.in-addr.arpa. IN SOA mail1.dadiling.com. (
3. 1255760379
4. 10800
5. 3600
6. 604800
7. 38400 )
8. 159.125.59.in-addr.arpa. IN NS mail1.
9. 74.159.125.59.in-addr.arpa. IN PTR mail.

$ttl 38400
159.125.59.in-addr.arpa. IN SOA mail1.dadiling.com. (
1255760379
10800
3600
604800
38400 )
159.125.59.in-addr.arpa. IN NS mail1.
74.159.125.59.in-addr.arpa. IN PTR mail.

最後執行下列指令重新啟動bind DNS服務
檢視原始檔複製到剪貼簿列印關於

1. sudo /etc/init.d/bind9 restat

sudo /etc/init.d/bind9 restat

就完成bind DNS Server的安裝了

參考資料�Ghttps://help.ubuntu.com/9.04/serverguide/C/dns-installation.html

閱讀 lutuni 的日誌 | 迴響 (0) | 引用次數 (0) | 瀏覽次數 (715)

2010/03/23

[Ubuntu] 安裝 Dovecot + Sendmail + OpenWebmail

分類: ubuntu 技術資料 sendmail :

作者: lutuni (8:14 am)

Dovecot 套件提供 pop3 / pop3s / imap / imaps 服務。
Sendmail 收信寄信服務
sasl2-bin 提供認證服務

環境: Ubuntu 7.04 Server

1.安裝 dovecot 套件

sudo apt-get install dovecot-common dovecot-pop3d

2.設定 /etc/dovecot/dovecot.conf

protocols = pop3
disable_plaintext_auth = no
ssl_disable = yes

3.啟動 dovecot

/etc/init.d/dovecot start

4.測試

telnet pop3_server 110
auth
user user_name
pass user_password

若出現 OK 表示成功。

1.安裝 Sendmail 服務

sudo apt-get install sendmail

2.設定 Relay IP

/etc/mail/access
192.168.1.1 RELAY

允許 192.168.1.1 IP 透過 Sendmail 發信
3.設定收信 Domain

/etc/mail/local-host-names
ssh.tw
mail.ssh.tw

將收 ssh.tw / mail.ssh.tw 網域的信件
4.設定 Sendmail listen address

/etc/mail/sendmail.cf
O DaemonPortOptions=Port=smtp,Addr=0.0.0.0, Name=MTA

5.啟動 Sendmail 服務

/etc/init.d/sendmail start

若中間有改過 /etc/mail 內的值，可以執行 make 更新資料。

1.下載 OpenWebmail
2.解壓 openwebmail.tar.gz

tar xvzf openwebmail.tar.gz -C /var/www

3.修改 openwebmail.conf

domainnames ssh.tw
mailspooldir /var/mail
ow_cgidir /var/www/cgi-bin/openwebmail
ow_cgiurl /cgi-bin/openwebmail
ow_htmldir /var/www/data/openwebmail
ow_htmlurl /openwebmail
default_iconset Cool3D.Chinese.Traditional

4.修改 etc/auth_unix.conf
passwdfile_encrypted /etc/shadow
passwdmkdb none
5.執行初始安裝
openwebmail-tool.pl –init

閱讀 lutuni 的日誌 | 迴響 (0) | 引用次數 (0) | 瀏覽次數 (912)

2010/03/23

Ubuntu smtp验证配置

分類: ubuntu 技術資料 sendmail :

作者: lutuni (8:12 am)

Ubuntu smtp验证配置
===========================================================
作者: yeahokay(http://yeahokay.itpub.net)
发表于: 2008.04.08 17:25
分类: linux（Ubuntu）
出处: http://yeahokay.itpub.net/post/11939/459273
---------------------------------------------------------------
在配置sendmail 的smpt验证时，碰到了不少麻烦事，最后总算搞定了。有时只是一些简单的操作，却是因为没有文档，导致配置工作的进展困难。这里记录下一些配置过程中忽略的小事情。

sudo apt-get install sendmail(其中已经包含了sendmail-bin)

sudo apt-get install sasl2-bin

配置主要集中在sendmail.mc文件。

a)将MTA-v4的监听地址去掉，这样就可以监听所有地址。修改后如下：

dnl DAEMON_OPTIONS(`Family=inet6, Name=MTA-v6, Port=smtp, Addr=::1')dnl
DAEMON_OPTIONS(`Family=inet, Name=MTA-v4, Port=smtp')dnl
dnl DAEMON_OPTIONS(`Family=inet6, Name=MSP-v6, Port=submission,Addr=::1')dnl
DAEMON_OPTIONS(`Family=inet, Name=MSP-v4, Port=submission')dnl

b)添加验证参数如下：

TRUST_AUTH_MECH(`DIGEST-MD5 LOGIN PLAIN')
define(`confAUTH_MECHANISMS',`DIGEST-MD5 LOGIN PLAIN')

直接添加到上面MTA的配置底下即可。

c)修改访问配置。使用了smtp验证后，就可以忽略access的配置。所以要将/etc/mail/access里面的配置内容清空。如果不清空，会出现不使用smpt验证也可以发送邮件的情况。

所有修改完毕后使用sendmailconfig命令，一路选择缺省即可。最后这个命令会reload sendmail。

4.验证安装和配置

启动sendmail后，telnet localhost 25，在出现的控制台，输入命令ehlo localhost

注意：localhost主要还是看/etc/hosts文件，一般（具体就不清楚，就我的机器是localhost：127.0.0.1，而具体做 mail服务的是ubuntu：192.168.20.6）是打上Aliases名称，如打上IP Address就是不认。

查看输出信息：

250-ENHANCEDSTATUSCODES
250-PIPELINING
250-EXPN
250-VERB
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH DIGEST-MD5 LOGIN PLAIN
250-DELIVERBY
250 HELP

如果出现上面红色的字，表明已经可以了。

5.验证邮件发送。

配置好smtp验证后，在本地域的邮件发送还是可以不通过smtp验证直接发送。要验证smtp是否配置成功，必须发送到域外的邮箱如gmail邮箱。

一些容易碰到的问题：

1)sendmail配置好后，从别的机器telnet 25端口，连接被拒绝。

原因：这是由于缺省sendmail绑定到127.0.0.1的25端口，所以从别的机器telnet 192.168.0.230 25 并不能访问25端口。

解决：搜索sendmail.mc文件，将其中的

DAEMON_OPTIONS(`Family=inet, Name=MTA-v4, Port=smtp', Addr=127.0.0.1)dnl

修改为

DAEMON_OPTIONS(`Family=inet, Name=MTA-v4, Port=smtp', Addr=0.0.0.0)dnl

或者 DAEMON_OPTIONS(`Family=inet, Name=MTA-v4, Port=smtp')dnl

2)看到250-AUTH DIGEST-MD5 LOGIN PLAIN的标志，却还是不能使用smtp验证发送邮件

原因：可能未安装sasl2

解决办法：安装sasl2

sudo apt-get install sasl2-bin

安装完成后，在文件/etc/default/saslauthd文件中，找到START=no，修改为START=yes

修改完后/etc/init.d/saslauthd start

3)配置好后，可以使用smtp验证发送邮件，不使用smtp验证也能够发送邮件

原因：发送和接收邮件在域内，如果发送的邮件地址不在域内，则可能是 /etc/mail/access文件未清空。

解决：将 /etc/mail/access文件清空。

要注意的一点：

修改任何配置，需要重新启动sendmail，建议使用命令 sendmailconfig启动。

閱讀 lutuni 的日誌 | 迴響 (0) | 引用次數 (0) | 瀏覽次數 (688)

2010/03/22

如何在Ubuntu上安裝DNS BIND

分類: ubuntu 技術資料 DNS :

作者: lutuni (2:08 pm)

安裝
[編輯] 如何在Ubuntu上安裝DNS BIND

你可以直接在命令列上輸入下列指令：

sudo apt-get install bind

[編輯] 如何在Fedora上安裝DNS BIND

你可以直接在命令列上輸入下列指令：

yum -y install bind

[編輯] 如何在Debian上安裝DNS BIND

你可以直接在命令列上輸入下列指令：

apt-get install bind9

[編輯] 設定
[編輯] Ubuntu的設定

config 設定檔的放置路徑如下：

/etc/bind/named.conf

[編輯] Fedora的設定

config 設定檔的放置路徑如下：

/var/named/chroot/etc/named.conf

[編輯] Debian的設定

config 設定檔的放置路徑如下：

/etc/bind/named.conf

[編輯] named.conf 檔案內容

named.conf 檔案主要的內容包含4個部分，分別為:

1.options

2.關於 .(root) 的內容

3.關於 localhost 的正反解

4.關於其他 domain 的正反解

一個完整的 named.conf 的檔案如下:

acl internals { 192.168.10.0/24; };
options {
directory "/var/named";
allow-transfer{ 192.168.11.7;
internals;
};
};
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
zone "." { //.(root) 的內容
type hint;
file "root.servers";
};
zone "localhost"{ //localhost 的正解
type master;
file "master.localhost";
};
zone "0.0.127.in-addr.arpa"{ //localhost 的反解
type master;
file "localhost.rev";
};
zone "twnic.com.tw"{ //使用者domain的正解
type master;
file "twnic.hosts";
};
zone "10.168.192.in-addr.arpa"{ //使用者domain的反解
type master;
file "twnic.rev";
};

master.localhost檔案範例如下:

$TTL 86400 ; 24 hours could have been written as 24h
$ORIGIN localhost.
; line below = localhost 1D IN SOA localhost root.localhost
@ 1D IN SOA @ root (
2002022401 ; serial
3H ; refresh
15 ; retry
1w ; expire
3h ; minimum
)
@ 1D IN NS @
1D IN A 127.0.0.1

localhost.rev檔案範例如下:

$TTL 86400 ;
; could use $ORIGIN 0.0.127.IN-ADDR.ARPA.
@ IN SOA localhost. root.localhost. (
1997022700 ; Serial
3h ; Refresh
15 ; Retry
1w ; Expire
3h ) ; Minimum
IN NS localhost.
1 IN PTR localhost.

[編輯] 如何使用
[編輯] 如何啟動 BIND Server

FOR Redhat / Fedora

chkconfig 指令能幫您設定在開機時啟動BIND:

chkconfig named on

在開機後啟動,關閉,重新啟動BIND的指令如下:

/etc/init.d/named start
/etc/init.d/named stop
/etc/init.d/named restart

FOR Debian / Ubuntu

sysv-rc-conf 指令能幫您設定在開機時啟動BIND:

sysv-rc-conf bind on

在開機後啟動,關閉,重新啟動BIND的指令如下:

/etc/init.d/bind start
/etc/init.d/bind stop
/etc/init.d/bind restart

[編輯] 如何測試 DNS 是否正常運作

The Host Command

host 指令接參數，用來查詢正反解並顯示出結果，用法如下

使用 host 查詢正解

host www.linuxhomenetworking.com

使用 host 查詢反解

host 65.115.71.34

The nslookup Command

nslookup 指令接參數，用來查詢正反解並顯示出結果，用法如下

使用 nslookup 查詢正解

nslookup www.linuxhomenetworking.com

使用 nslookup 查詢反解

nslookup 65.115.71.34

[編輯] 如何設定 sub-domain

sub-domain 的定義為:

zone (domain) name = example.com
domain host name = bill.example.com
sub-domain name = us.example.com
sub-domain host name = ftp.us.example.com

若要設定 sub-domain，其 named.conf 檔可參考下面的設定:

// named.conf file fragment
....
options {
....
// stop everyone
allow-transfer {"none";};
....
};
zone "example.com" in{
type master;
file "master/master.example.com";
// explicitly allow slave
allow-transfer {192.168.0.4;};
};

master.example.com 檔可參考下面的設定:

; zone fragment for 'zone name' example.com
; name servers in the same zone
$TTL 2d ; zone default TT = 2 days
$ORIGIN example.com.
@ IN SOA ns1.example.com. hostmaster.example.com. (
2003080800 ; serial number
2h ; refresh = 2 hours
15M ; update retry = 15 minutes
3W12h ; expiry = 3 weeks + 12 hours
2h20M ; minimum = 2 hours + 20 minutes
)
; main domain name servers
IN NS ns1.example.com.
IN NS ns2.example.com.
; mail servers for main domain
IN MX 10 mail.example.com.
; A records for name servers above
ns1 IN A 192.168.0.3
ns2 IN A 192.168.0.4
; A record for mail servers above
mail IN A 192.168.0.5
; other domain level hosts and services
bill IN A 192.168.0.6
....
; sub-domain definitions
$ORIGIN us.example.com.
IN MX 10 mail
; record above could have been written as
; us.example.com. IN MX 10 mail.us.example.com.
; A record for subdomain mail server
mail IN A 10.10.0.28
; the record above could have been written as
; mail.us.example.com. A 10.10.0.28 if it's less confusing
ftp IN A 10.10.0.29
; the record above could have been written as
; ftp.us.example.com. A 10.10.0.29 if it's less confusing
....
; other subdomain definitions as required

[編輯] 如何設定 forwarding DNS

Forwarding DNS 主機主要做為一個中間傳遞資料的角色，將用戶端所需要查詢的資訊轉交給其它合法的 DNS 主機代為查詢，因此 forwarding DNS 本身並沒有提供主機名稱與 IP 正反解的設定檔。

要設定一台 DNS 為 forwarding ，請編輯主要設定檔 named.conf 如下:

options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
forward only;
forwarders {
192.168.0.1;
};
};
include "/etc/rndc.key";

其中各參數的意義:

forward only

指示這台 DNS 只做為 forwarding DNS。

forwarders

設定把我們的查詢 forward 給哪台 DNS 來幫我們代查，可設定多台 forwarders 。

閱讀 lutuni 的日誌 | 迴響 (0) | 引用次數 (0) | 瀏覽次數 (1230)

2010/03/22

fluxtek /etc/bind/db.210.71.163

分類: ubuntu 技術資料 DNS :

作者: lutuni (10:58 am)

; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA fluxtek.com. root.www.fluxtek.com. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS www.fluxtek.com.
225 IN PTR www.fluxtek.com.
225 IN PTR mail.fluxtek.com.

閱讀 lutuni 的日誌 | 迴響 (0) | 引用次數 (0) | 瀏覽次數 (774)

2010/03/22

fluxtek /etc/bind/named.conf

分類: ubuntu 技術資料 DNS :

作者: lutuni (12:26 am)

// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local

include "/etc/bind/named.conf.options";

// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

zone "localhost" {
type master;
file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};

zone "163.71.210.in-addr.arpa" {
type master;
file "/etc/bind/db.210.71.163";
};

include "/etc/bind/named.conf.local";
zone "www.fluxtek.com" {
type forward;
forwarders {
210.71.163.225 port 80;
192.168.1.52 port 80;
};
};

閱讀 lutuni 的日誌 | 迴響 (0) | 引用次數 (0) | 瀏覽次數 (710)

2010/03/21

Domain Name System (DNS)

分類: ubuntu 技術資料 DNS :

作者: lutuni (11:52 pm)

Environment (環境)

Operation-System：Ubuntu Server 8.041
Deb：bind9 (DNS)

jonny@ubuntu:~$ sudo apt-get install bind9

Hinet 網域註冊：

DNS Server Name：www.hjz.com.tw
IP Address：122.xxx.xxx.41

DNS Server Name：dns.hjz.com.tw
IP Address：122.xxx.xxx.41

Server Configure (伺服器設定)

1. 加入正反解設定：named.conf 會指出 Server 管轄的區域(Zone)名稱及相關檔案。於 include "/etc/bind/named.conf.local"; 上方加入預新增的設定

jonny@ubuntu:~$ sudo vi /etc/bind/named.conf
...
//增加正解區域(Zone)
zone "hjz.com.tw" {
type master;
file "/etc/bind/db.hjz";
};

//增加反解區域(Zone)
zone "205.117.122.in-addr.arpa" {
type master;
file "/etc/bind/db.205.117.122";
};

include "/etc/bind/named.conf.local";

2. 修改 Bind 參數

1. 備份原始參數

jonny@ubuntu:/etc/bind$ sudo cp named.conf.options named.conf.options.bak

2. 更新參數

jonny@ubuntu:/etc/bind$ sudo vi named,conf.options
options {
directory "/var/cache/bind";
forwarders {
168.95.1.1; 139.175.10.20; 203.133.1.6;
};
allow-query { any; };
allow-transfer { none; };
};

3. 建立正解區域設定檔

jonny@ubuntu:/etc/bind$ sudo vi db.hjz
; BIND reverse data file for local loopback interface

$TTL 604800
@ IN SOA hjz.com.tw. dns.hjz.com.tw. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS dns.hjz.com.tw.
@ IN NS www.hjz.com.tw.
@ IN MX 10 122.xxx.xxx.41
@ IN A 122.xxx.xxx.41
www IN A 122.xxx.xxx.41

4. 3. 建立反解區域設定檔

jonny@ubuntu:/etc/bind$ sudo vi db.xxx.xxx.122
; BIND reverse data file for local loopback interface

$TTL 604800
@ IN SOA @ root.dns.hjz.com.tw. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS dns.hjz.com.tw.
@ IN NS www.hjz.com.tw.
41 IN PTR dns.hjz.com.tw.
41 IN PTR www.hjz.com.tw.

5. 重開 DNS Server

jonny@ubuntu:~$ sudo /etc/init.d/bind9 restart
[sudo] password for jonny:
* Stopping domain name service... bind [ OK ]
* Starting domain name service... bind [ OK ]

閱讀 lutuni 的日誌 | 迴響 (0) | 引用次數 (0) | 瀏覽次數 (748)

2010/03/21

Domain Name System (DNS)

分類: ubuntu 技術資料 DNS :

作者: lutuni (11:52 pm)

Environment (環境)

Operation-System：Ubuntu Server 8.041
Deb：bind9 (DNS)

jonny@ubuntu:~$ sudo apt-get install bind9

Hinet 網域註冊：

DNS Server Name：www.etype.idv.tw
IP Address：123.204.51.114

DNS Server Name：dns.etype.idv.tw
IP Address：123.204.51.114

Server Configure (伺服器設定)

1. 加入正反解設定：named.conf 會指出 Server 管轄的區域(Zone)名稱及相關檔案。於 include "/etc/bind/named.conf.local"; 上方加入預新增的設定

jonny@ubuntu:~$ sudo vim /etc/bind/named.conf
...
//增加正解區域(Zone)
zone "etype.idv.tw" {
type master;
file "/etc/bind/db.etype";
};

//增加反解區域(Zone)
zone "51.204.123.in-addr.arpa" {
type master;
file "/etc/bind/db.51.204.123";
};

include "/etc/bind/named.conf.local";

2. 修改 Bind 參數

1. 備份原始參數

jonny@ubuntu:/etc/bind$ sudo cp named.conf.options named.conf.options.bak

2. 更新參數

jonny@ubuntu:/etc/bind$ sudo vim named,conf.options
options {
directory "/var/cache/bind";
forwarders {
168.95.1.1; 139.175.10.20; 203.133.1.6;
};
allow-query { any; };
allow-transfer { none; };
};

3. 建立正解區域設定檔

jonny@ubuntu:/etc/bind$ sudo vim db.etype
; BIND reverse data file for local loopback interface

$TTL 604800
@ IN SOA etype.idv.tw. dns.etype.idv.tw. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS dns.etype.idv.tw.
@ IN NS www.etype.idv.tw.
@ IN MX 10 123.204.51.114
@ IN A 123.204.51.114
www IN A 123.204.51.114

4. 3. 建立反解區域設定檔

jonny@ubuntu:/etc/bind$ sudo vim db.51.204.123
; BIND reverse data file for local loopback interface

$TTL 604800
@ IN SOA @ root.dns.etype.idv.tw. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS dns.etype.idv.tw.
@ IN NS www.etype.idv.tw.
114 IN PTR dns.etype.idv.tw.
114 IN PTR www.etype.idv.tw.

5. 重開 DNS Server

jonny@ubuntu:~$ sudo /etc/init.d/bind9 restart
[sudo] password for jonny:
* Stopping domain name service... bind [ OK ]
* Starting domain name service... bind [ OK ]

閱讀 lutuni 的日誌 | 迴響 (0) | 引用次數 (0) | 瀏覽次數 (759)

2010/03/21

fluxtek /etc/mail/sendmail.cf

分類: ubuntu 技術資料 sendmail :

作者: lutuni (8:38 pm)

#
# Copyright (c) 1998-2005 Richard Nelson. All Rights Reserved.
#
# This file is used to configure Sendmail for use with Debian systems.
#
#
# Copyright (c) 1998-2004 Sendmail, Inc. and its suppliers.
# All rights reserved.
# Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved.
# Copyright (c) 1988, 1993
# The Regents of the University of California. All rights reserved.
#
# By using this file, you agree to the terms and conditions set
# forth in the LICENSE file which can be found at the top level of
# the sendmail distribution.
#
#

######################################################################
######################################################################
#####
##### SENDMAIL CONFIGURATION FILE
#####
##### built by root@fluxtek.com on 六 3月 20 15:40:05 HKT 2010
##### in /root
##### using /usr/share/sendmail/cf/ as configuration include directory
#####
######################################################################
#####
##### DO NOT EDIT THIS FILE! Only edit the source .mc file.
#####
######################################################################
######################################################################

##### $Id: cfhead.m4,v 8.116 2004/01/28 22:02:22 ca Exp $ #####
##### $Id: cf.m4,v 8.32 1999/02/07 07:26:14 gshapiro Exp $ #####
##### $Id: sendmail.mc, v 8.14.3-6 2008-12-06 22:15:17 cowboy Exp $ #####
##### $Id: autoconf.m4, v 8.14.3-6 2008-12-06 22:15:17 cowboy Exp $ #####
##### $Id: debian.m4, v 8.14.3-6 2008-12-06 22:15:17 cowboy Exp $ #####
#
#-------------------------------------------------------------------------
#
# Undocumented features are available in Debian Sendmail 8.14.3-6.
# * none
#
# _FFR_ features are available in Debian Sendmail 8.14.3-6.
# * milter
# * -D_FFR_QUEUE_SCHED_DBG -D_FFR_SKIP_DOMAINS -D_FFR_GROUPREADABLEAUTHINFOFILE -D_FFR_DAEMON_NETUNIX -D_FFR_NO_PIPE -D_FFR_SHM_STATUS -D_FFR_RHS -D_FFR_MAIL_MACRO -D_FFR_QUEUEDELAY=1 -D_FFR_BADRCPT_SHUTDOWN -D_FFR_RESET_MACRO_GLOBALS -D_FFR_TLS_1 -D_FFR_DEAL_WITH_ERROR_SSL
#-------------------------------------------------------------------------
#
# These _FFR_ features are for sendmail.mc processing
#

#-------------------------------------------------------------------------
##### $Id: debian-mta.m4, v 8.14.3-6 2008-12-06 22:15:17 cowboy Exp $ #####

##### $Id: no_default_msa.m4,v 8.2 2001/02/14 05:03:22 gshapiro Exp $ #####

##### $Id: use_cw_file.m4,v 8.11 2001/08/26 20:58:57 gshapiro Exp $ #####

##### $Id: access_db.m4,v 8.27 2006/07/06 21:10:10 ca Exp $ #####

##### $Id: greet_pause.m4,v 1.4 2004/07/06 20:49:51 ca Exp $ #####

##### $Id: delay_checks.m4,v 8.8 2000/12/05 18:50:45 ca Exp $ #####

##### $Id: conncontrol.m4,v 1.4 2004/02/19 21:31:47 ca Exp $ #####

##### $Id: ratecontrol.m4,v 1.5 2004/02/19 21:31:47 ca Exp $ #####

##### $Id: proto.m4,v 8.734 2008/01/24 23:42:01 ca Exp $ #####

# level 10 config file format
V10/Berkeley

# override file safeties - setting this option compromises system security,
# addressing the actual file configuration problem is preferred
# need to set this before any file actions are encountered in the cf file
O DontBlameSendmail= ,AssumeSafeChown,ForwardFileInGroupWritableDirPath,GroupWritableForwardFileSafe,GroupWritableIncludeFileSafe,IncludeFileInGroupWritableDirPath,DontWarnForwardFileInUnsafeDirPath,TrustStickyBit,NonRootSafeAddr,GroupWritableIncludeFile,GroupReadableaDefaultAuthInfoFile

# default LDAP map specification
# need to set this now before any LDAP maps are defined
#O LDAPDefaultSpec=-h localhost

##################
# local info #
##################

# my LDAP cluster
# need to set this before any LDAP lookups are done (including classes)
#D{sendmailMTACluster}$m

Cwlocalhost
# file containing names of hosts for which we receive email
Fw/etc/mail/local-host-names %[^\#]

# my official domain name
# ... define this only if sendmail cannot automatically determine your domain
#Dj$w.Foo.COM

# host/domain names ending with a token in class P are canonical
CP.

# "Smart" relay host (may be null)
DS

# operators that cannot be in local usernames (i.e., network indicators)
CO @ % !

# a class with just dot (for identifying canonical names)
C..

# a class with just a left bracket (for identifying domain literals)
C[[

# access_db acceptance class
C{Accept}OK RELAY

# Resolve map (to check if a host exists in check_mail)
Kresolve host -a<OKR> -T<TEMP>
C{ResOk}OKR

# Hosts for which relaying is permitted ($=R)
FR-o /etc/mail/relay-domains %[^\#]

# arithmetic map
Karith arith
# macro storage map
Kmacro macro
# possible values for TLS_connection in access map
C{Tls}VERIFY ENCR

# dequoting map
Kdequote dequote

# class E: names that should be exposed as from this host, even if we masquerade
# class L: names that should be delivered locally, even if we have a relay
# class M: domains that should be converted to $M
# class N: domains that should not be converted to $M
#CL root

# my name for error messages
DnMAILER-DAEMON

# Access list database (for spam stomping)
Kaccess hash -T<TMPF> /etc/mail/access

# Configuration version number
DZ8.14.3/Debian-6

###############
# Options #
###############

# strip message body to 7 bits on input?
O SevenBitInput=False

# 8-bit data handling
#O EightBitMode=pass8

# wait for alias file rebuild (default units: minutes)
O AliasWait=10

# location of alias file
O AliasFile=/etc/mail/aliases

# minimum number of free blocks on filesystem
O MinFreeBlocks=100

# maximum message size
#O MaxMessageSize=0

# substitution for space (blank) characters
O BlankSub=.

# avoid connecting to "expensive" mailers on initial submission?
O HoldExpensive=False

# checkpoint queue runs after every N successful deliveries
#O CheckpointInterval=10

# default delivery mode
O DeliveryMode=background

# error message header/file
#O ErrorHeader=/etc/mail/error-header

# error mode
#O ErrorMode=print

# save Unix-style "From_" lines at top of header?
#O SaveFromLine=False

# queue file mode (qf files)
O QueueFileMode=0640

# temporary file mode
O TempFileMode=0640

# match recipients against GECOS field?
#O MatchGECOS=False

# maximum hop count
O MaxHopCount=100

# location of help file
O HelpFile=/etc/mail/helpfile

# ignore dots as terminators in incoming messages?
#O IgnoreDots=False

# name resolver options
O ResolverOptions=+WorkAroundBrokenAAAA

# deliver MIME-encapsulated error messages?
O SendMimeErrors=True

# Forward file search path
O ForwardPath=$z/.forward.$w:$z/.forward

# open connection cache size
O ConnectionCacheSize=2

# open connection cache timeout
O ConnectionCacheTimeout=5m

# persistent host status directory
#O HostStatusDirectory=.hoststat

# single thread deliveries (requires HostStatusDirectory)?
#O SingleThreadDelivery=False

# use Errors-To: header?
O UseErrorsTo=False

# log level
O LogLevel=9

# send to me too, even in an alias expansion?
O MeToo=True

# verify RHS in newaliases?
O CheckAliases=False

# default messages to old style headers if no special punctuation?
O OldStyleHeaders=True

# SMTP daemon options
O DaemonPortOptions=Name=MTA

# SMTP client options
#O ClientPortOptions=Family=inet, Address=0.0.0.0

# Modifiers to define {daemon_flags} for direct submissions
#O DirectSubmissionModifiers

# Use as mail submission program? See sendmail/SECURITY
#O UseMSP

# privacy flags
O PrivacyOptions=needmailhelo,needexpnhelo,needvrfyhelo,restrictqrun,restrictexpand,nobodyreturn,authwarnings

# who (if anyone) should get extra copies of error messages
#O PostmasterCopy=Postmaster

# slope of queue-only function
#O QueueFactor=600000

# limit on number of concurrent queue runners
#O MaxQueueChildren

# maximum number of queue-runners per queue-grouping with multiple queues
O MaxRunnersPerQueue=5

# priority of queue runners (nice(3))
#O NiceQueueRun

# shall we sort the queue by hostname first?
#O QueueSortOrder=priority

# minimum time in queue before retry
#O MinQueueAge=30m

# how many jobs can you process in the queue?
#O MaxQueueRunSize=0

# perform initial split of envelope without checking MX records
#O FastSplit=1

# queue directory
O QueueDirectory=/var/spool/mqueue

# key for shared memory; 0 to turn off, -1 to auto-select
#O SharedMemoryKey=0

# file to store auto-selected key for shared memory (SharedMemoryKey = -1)
#O SharedMemoryKeyFile

# timeouts (many of these)
#O Timeout.initial=5m
#O Timeout.connect=5m
#O Timeout.aconnect=0s
O Timeout.iconnect=2m
#O Timeout.helo=5m
O Timeout.mail=2m
#O Timeout.rcpt=1h
O Timeout.datainit=2m
#O Timeout.datablock=1h
#O Timeout.datafinal=1h
O Timeout.rset=1m
O Timeout.quit=2m
#O Timeout.misc=2m
O Timeout.command=5m
O Timeout.ident=5s
#O Timeout.fileopen=60s
#O Timeout.control=2m
O Timeout.queuereturn=5d
#O Timeout.queuereturn.normal=5d
#O Timeout.queuereturn.urgent=2d
#O Timeout.queuereturn.non-urgent=7d
#O Timeout.queuereturn.dsn=5d
O Timeout.queuewarn=4h
#O Timeout.queuewarn.normal=4h
#O Timeout.queuewarn.urgent=1h
#O Timeout.queuewarn.non-urgent=12h
#O Timeout.queuewarn.dsn=4h
#O Timeout.hoststatus=30m
#O Timeout.resolver.retrans=5s
#O Timeout.resolver.retrans.first=5s
#O Timeout.resolver.retrans.normal=5s
#O Timeout.resolver.retry=4
#O Timeout.resolver.retry.first=4
#O Timeout.resolver.retry.normal=4
#O Timeout.lhlo=2m
#O Timeout.auth=10m
#O Timeout.starttls=1h

# time for DeliverBy; extension disabled if less than 0
#O DeliverByMin=0

# should we not prune routes in route-addr syntax addresses?
#O DontPruneRoutes=False

# queue up everything before forking?
O SuperSafe=True

# status file
O StatusFile=/var/lib/sendmail/sendmail.st

# time zone handling:
# if undefined, use system default
# if defined but null, use TZ envariable passed in
# if defined and non-null, use that info
#O TimeZoneSpec=

# default UID (can be username or userid:groupid)
O DefaultUser=mail:mail

# list of locations of user database file (null means no lookup)
#O UserDatabaseSpec=/etc/mail/userdb

# fallback MX host
#O FallbackMXhost=fall.back.host.net

# fallback smart host
#O FallbackSmartHost=fall.back.host.net

# if we are the best MX host for a site, try it directly instead of config err
#O TryNullMXList=False

# load average at which we just queue messages
#O QueueLA=8

# load average at which we refuse connections
#O RefuseLA=12

# log interval when refusing connections for this long
#O RejectLogInterval=3h

# load average at which we delay connections; 0 means no limit
#O DelayLA=0

# maximum number of children we allow at one time
O MaxDaemonChildren=0

# maximum number of new connections per second
O ConnectionRateThrottle=15

# Width of the window
O ConnectionRateWindowSize=10m

# work recipient factor
#O RecipientFactor=30000

# deliver each queued job in a separate process?
#O ForkEachJob=False

# work class factor
#O ClassFactor=1800

# work time factor
#O RetryFactor=90000

# default character set
#O DefaultCharSet=unknown-8bit

# service switch file (name hardwired on Solaris, Ultrix, OSF/1, others)
#O ServiceSwitchFile=/etc/mail/service.switch

# hosts file (normally /etc/hosts)
#O HostsFile=/etc/hosts

# dialup line delay on connection failure
#O DialDelay=0s

# action to take if there are no recipients in the message
#O NoRecipientAction=none

# chrooted environment for writing to files
O SafeFileEnvironment=/

# are colons OK in addresses?
#O ColonOkInAddr=True

# shall I avoid expanding CNAMEs (violates protocols)?
#O DontExpandCnames=False

# SMTP initial login message (old $e macro)
O SmtpGreetingMessage=$j Sendmail $v/$Z; $b; (No UCE/UBE) $?{client_addr}logging access from: ${client_name}(${client_resolve})-$_$.

# UNIX initial From header format (old $l macro)
O UnixFromLine=From $g $d

# From: lines that have embedded newlines are unwrapped onto one line
#O SingleLineFromHeader=False

# Allow HELO SMTP command that does not include a host name
#O AllowBogusHELO=False

# Characters to be quoted in a full name phrase (@,;:\()[] are automatic)
O MustQuoteChars=.'

# delimiter (operator) characters (old $o macro)
O OperatorChars=.:%@!^/[]+

# shall I avoid calling initgroups(3) because of high NIS costs?
#O DontInitGroups=False

# are group-writable :include: and .forward files (un)trustworthy?
# True (the default) means they are not trustworthy.
#O UnsafeGroupWrites=True

# where do errors that occur when sending errors get sent?
#O DoubleBounceAddress=postmaster

# issue temporary errors (4xy) instead of permanent errors (5xy)?
#O SoftBounce=False

# where to save bounces if all else fails
O DeadLetterDrop=/var/lib/sendmail/dead.letter

# what user id do we assume for the majority of the processing?
#O RunAsUser=sendmail

# maximum number of recipients per SMTP envelope
#O MaxRecipientsPerMessage=0

# limit the rate recipients per SMTP envelope are accepted
# once the threshold number of recipients have been rejected
O BadRcptThrottle=3

# shall we get local names from our installed interfaces?
#O DontProbeInterfaces=False

# Return-Receipt-To: header implies DSN request
O RrtImpliesDsn=False

# override connection address (for testing)
#O ConnectOnlyTo=0.0.0.0

# Trusted user for file ownership and starting the daemon
O TrustedUser=smmta

# Control socket for daemon management
O ControlSocketName=/var/run/sendmail/mta/smcontrol

# Maximum MIME header length to protect MUAs
#O MaxMimeHeaderLength=0/0

# Maximum length of the sum of all headers
#O MaxHeadersLength=32768

# Maximum depth of alias recursion
#O MaxAliasRecursion=10

# location of pid file
O PidFile=/var/run/sendmail/mta/sendmail.pid

# Prefix string for the process title shown on 'ps' listings
O ProcessTitlePrefix=MTA

# Data file (df) memory-buffer file maximum size
#O DataFileBufferSize=4096

# Transcript file (xf) memory-buffer file maximum size
#O XscriptFileBufferSize=4096

# lookup type to find information about local mailboxes
#O MailboxDatabase=pw

# override compile time flag REQUIRES_DIR_FSYNC
#O RequiresDirfsync=true

# list of authentication mechanisms
#O AuthMechanisms=EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5
#O DaemonPortOptions=Port=smtp,Addr=0.0.0.0, Name=MTA
# Authentication realm
#O AuthRealm

# default authentication information for outgoing connections
#O DefaultAuthInfo=/etc/mail/default-auth-info

# SMTP AUTH flags
#O AuthOptions

# SMTP AUTH maximum encryption strength
#O AuthMaxBits

# SMTP STARTTLS server options
#O TLSSrvOptions

# Input mail filters
#O InputMailFilters

# CA directory
#O CACertPath
# CA file
#O CACertFile
# Server Cert
#O ServerCertFile
# Server private key
#O ServerKeyFile
# Client Cert
#O ClientCertFile
# Client private key
#O ClientKeyFile
# File containing certificate revocation lists
#O CRLFile
# DHParameters (only required if DSA/DH is used)
#O DHParameters
# Random data source (required for systems without /dev/urandom under OpenSSL)
#O RandFile

# Maximum number of "useless" commands before slowing down
#O MaxNOOPCommands=20

# Name to use for EHLO (defaults to $j)
#O HeloName

############################
# QUEUE GROUP DEFINITIONS #
############################

###########################
# Message precedences #
###########################

Pfirst-class=0
Pspecial-delivery=100
Plist=-30
Pbulk=-60
Pjunk=-100

#####################
# Trusted users #
#####################

# this is equivalent to setting class "t"
#Ft/etc/mail/trusted-users %[^\#]
Troot
Tdaemon
Tuucp

#########################
# Format of headers #
#########################

H?P?Return-Path: <$g>
HReceived: $?sfrom $s $.$?_($?s$|from $.$_)
$.$?{auth_type}(authenticated$?{auth_ssf} bits=${auth_ssf}$.)
$.by $j ($v/$Z)$?r with $r$. id $i$?{tls_version}
(version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify})$.$?u
for $u; $|;
$.$b
H?D?Resent-Date: $a
H?D?Date: $a
H?F?Resent-From: $?x$x <$g>$|$g$.
H?F?From: $?x$x <$g>$|$g$.
H?x?Full-Name: $x
# HPosted-Date: $a
# H?l?Received-Date: $b
H?M?Resent-Message-Id: <$t.$i@$j>
H?M?Message-Id: <$t.$i@$j>

#
######################################################################
######################################################################
#####
##### REWRITING RULES
#####
######################################################################
######################################################################

############################################
### Ruleset 3 -- Name Canonicalization ###
############################################
Scanonify=3

# handle null input (translate to <@> special case)
R$@ $@ <@>

# strip group: syntax (not inside angle brackets!) and trailing semicolon
R$* $: $1 <@> mark addresses
R$* < $* > $* <@> $: $1 < $2 > $3 unmark <addr>
R@ $* <@> $: @ $1 unmark @host:...
R$* [ IPv6 : $+ ] <@> $: $1 [ IPv6 : $2 ] unmark IPv6 addr
R$* :: $* <@> $: $1 :: $2 unmark node::addr
R:include: $* <@> $: :include: $1 unmark :include:...
R$* : $* [ $* ] $: $1 : $2 [ $3 ] <@> remark if leading colon
R$* : $* <@> $: $2 strip colon if marked
R$* <@> $: $1 unmark
R$* ; $1 strip trailing semi
R$* < $+ :; > $* $@ $2 :; <@> catch <list:;>
R$* < $* ; > $1 < $2 > bogus bracketed semi

# null input now results from list:; syntax
R$@ $@ :; <@>

# strip angle brackets -- note RFC733 heuristic to get innermost item
R$* $: < $1 > housekeeping <>
R$+ < $* > < $2 > strip excess on left
R< $* > $+ < $1 > strip excess on right
R<> $@ < @ > MAIL FROM:<> case
R< $+ > $: $1 remove housekeeping <>

# strip route address <@a,@b,@c:user@d> -> <user@d>
R@ $+ , $+ $2
R@ [ $* ] : $+ $2
R@ $+ : $+ $2

# find focus for list syntax
R $+ : $* ; @ $+ $@ $>Canonify2 $1 : $2 ; < @ $3 > list syntax
R $+ : $* ; $@ $1 : $2; list syntax

# find focus for @ syntax addresses
R$+ @ $+ $: $1 < @ $2 > focus on domain
R$+ < $+ @ $+ > $1 $2 < @ $3 > move gaze right
R$+ < @ $+ > $@ $>Canonify2 $1 < @ $2 > already canonical

# convert old-style addresses to a domain-based address
R$- ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > resolve uucp names
R$+ . $- ! $+ $@ $>Canonify2 $3 < @ $1 . $2 > domain uucps
R$+ ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > uucp subdomains

# if we have % signs, take the rightmost one
R$* % $* $1 @ $2 First make them all @s.
R$* @ $* @ $* $1 % $2 @ $3 Undo all but the last.
R$* @ $* $@ $>Canonify2 $1 < @ $2 > Insert < > and finish

# else we must be a local name
R$* $@ $>Canonify2 $1

################################################
### Ruleset 96 -- bottom half of ruleset 3 ###
################################################

SCanonify2=96

# handle special cases for local names
R$* < @ localhost > $* $: $1 < @ $j . > $2 no domain at all
R$* < @ localhost . $m > $* $: $1 < @ $j . > $2 local domain
R$* < @ localhost . UUCP > $* $: $1 < @ $j . > $2 .UUCP domain

# check for IPv4/IPv6 domain literal
R$* < @ [ $+ ] > $* $: $1 < @@ [ $2 ] > $3 mark [addr]
R$* < @@ $=w > $* $: $1 < @ $j . > $3 self-literal
R$* < @@ $+ > $* $@ $1 < @ $2 > $3 canon IP addr

# if really UUCP, handle it immediately

# try UUCP traffic as a local address
R$* < @ $+ . UUCP > $* $: $1 < @ $[ $2 $] . UUCP . > $3
R$* < @ $+ . . UUCP . > $* $@ $1 < @ $2 . > $3

# hostnames ending in class P are always canonical
R$* < @ $* $=P > $* $: $1 < @ $2 $3 . > $4
R$* < @ $* $~P > $* $: $&{daemon_flags} $| $1 < @ $2 $3 > $4
R$* CC $* $| $* < @ $+.$+ > $* $: $3 < @ $4.$5 . > $6
R$* CC $* $| $* $: $3
# pass to name server to make hostname canonical
R$* $| $* < @ $* > $* $: $2 < @ $[ $3 $] > $4
R$* $| $* $: $2

# local host aliases and pseudo-domains are always canonical
R$* < @ $=w > $* $: $1 < @ $2 . > $3
R$* < @ $=M > $* $: $1 < @ $2 . > $3
R$* < @ $* . . > $* $1 < @ $2 . > $3

##################################################
### Ruleset 4 -- Final Output Post-rewriting ###
##################################################
Sfinal=4

R$+ :; <@> $@ $1 : handle <list:;>
R$* <@> $@ handle <> and list:;

# strip trailing dot off possibly canonical name
R$* < @ $+ . > $* $1 < @ $2 > $3

# eliminate internal code
R$* < @ *LOCAL* > $* $1 < @ $j > $2

# externalize local domain info
R$* < $+ > $* $1 $2 $3 defocus
R@ $+ : @ $+ : $+ @ $1 , @ $2 : $3 <route-addr> canonical
R@ $* $@ @ $1 ... and exit

# UUCP must always be presented in old form
R$+ @ $- . UUCP $2!$1 u@h.UUCP => h!u

# delete duplicate local names
R$+ % $=w @ $=w $1 @ $2 u%host@host => u@host

##############################################################
### Ruleset 97 -- recanonicalize and call ruleset zero ###
### (used for recursive calls) ###
##############################################################

SRecurse=97
R$* $: $>canonify $1
R$* $@ $>parse $1

######################################
### Ruleset 0 -- Parse Address ###
######################################

Sparse=0

R$* $: $>Parse0 $1 initial parsing
R<@> $#local $: <@> special case error msgs
R$* $: $>ParseLocal $1 handle local hacks
R$* $: $>Parse1 $1 final parsing

#
# Parse0 -- do initial syntax checking and eliminate local addresses.
# This should either return with the (possibly modified) input
# or return with a #error mailer. It should not return with a
# #mailer other than the #error mailer.
#

SParse0
R<@> $@ <@> special case error msgs
R$* : $* ; <@> $#error $@ 5.1.3 $: "553 List:; syntax illegal for recipient addresses"
R@ <@ $* > < @ $1 > catch "@@host" bogosity
R<@ $+> $#error $@ 5.1.3 $: "553 User address required"
R$+ <@> $#error $@ 5.1.3 $: "553 Hostname required"
R$* $: <> $1
R<> $* < @ [ $* ] : $+ > $* $1 < @ [ $2 ] : $3 > $4
R<> $* < @ [ $* ] , $+ > $* $1 < @ [ $2 ] , $3 > $4
R<> $* < @ [ $* ] $+ > $* $#error $@ 5.1.2 $: "553 Invalid address"
R<> $* < @ [ $+ ] > $* $1 < @ [ $2 ] > $3
R<> $* <$* : $* > $* $#error $@ 5.1.3 $: "553 Colon illegal in host name part"
R<> $* $1
R$* < @ . $* > $* $#error $@ 5.1.2 $: "553 Invalid host name"
R$* < @ $* .. $* > $* $#error $@ 5.1.2 $: "553 Invalid host name"
R$* < @ $* @ > $* $#error $@ 5.1.2 $: "553 Invalid route address"
R$* @ $* < @ $* > $* $#error $@ 5.1.3 $: "553 Invalid route address"
R$* , $~O $* $#error $@ 5.1.3 $: "553 Invalid route address"

# now delete the local info -- note $=O to find characters that cause forwarding
R$* < @ > $* $@ $>Parse0 $>canonify $1 user@ => user
R< @ $=w . > : $* $@ $>Parse0 $>canonify $2 @here:... -> ...
R$- < @ $=w . > $: $(dequote $1 $) < @ $2 . > dequote "foo"@here
R< @ $+ > $#error $@ 5.1.3 $: "553 User address required"
R$* $=O $* < @ $=w . > $@ $>Parse0 $>canonify $1 $2 $3 ...@here -> ...
R$- $: $(dequote $1 $) < @ *LOCAL* > dequote "foo"
R< @ *LOCAL* > $#error $@ 5.1.3 $: "553 User address required"
R$* $=O $* < @ *LOCAL* >
$@ $>Parse0 $>canonify $1 $2 $3 ...@*LOCAL* -> ...
R$* < @ *LOCAL* > $: $1

#
# Parse1 -- the bottom half of ruleset 0.
#

SParse1

# handle numeric address spec
R$* < @ [ $+ ] > $* $: $>ParseLocal $1 < @ [ $2 ] > $3 numeric internet spec
R$* < @ [ $+ ] > $* $: $1 < @ [ $2 ] : $S > $3 Add smart host to path
R$* < @ [ $+ ] : > $* $#esmtp $@ [$2] $: $1 < @ [$2] > $3 no smarthost: send
R$* < @ [ $+ ] : $- : $*> $* $#$3 $@ $4 $: $1 < @ [$2] > $5 smarthost with mailer
R$* < @ [ $+ ] : $+ > $* $#esmtp $@ $3 $: $1 < @ [$2] > $4 smarthost without mailer

# short circuit local delivery so forwarded email works

R$=L < @ $=w . > $#local $: @ $1 special local names
R$+ < @ $=w . > $#local $: $1 regular local name

# resolve remotely connected UUCP links (if any)

# resolve fake top level domains by forwarding to other hosts

# pass names that still have a host to a smarthost (if defined)
R$* < @ $* > $* $: $>MailerToTriple < $S > $1 < @ $2 > $3 glue on smarthost name

# deal with other remote names
R$* < @$* > $* $#esmtp $@ $2 $: $1 < @ $2 > $3 user@host.domain

# handle locally delivered names
R$=L $#local $: @ $1 special local names
R$+ $#local $: $1 regular local names

###########################################################################
### Ruleset 5 -- special rewriting after aliases have been expanded ###
###########################################################################

SLocal_localaddr
Slocaladdr=5
R$+ $: $1 $| $>"Local_localaddr" $1
R$+ $| $#ok $@ $1 no change
R$+ $| $#$* $#$2
R$+ $| $* $: $1

# deal with plussed users so aliases work nicely
R$+ + * $#local $@ $&h $: $1
R$+ + $* $#local $@ + $2 $: $1 + *

# prepend an empty "forward host" on the front
R$+ $: <> $1

R< > $+ $: < > < $1 <> $&h > nope, restore +detail

R< > < $+ <> + $* > $: < > < $1 + $2 > check whether +detail
R< > < $+ <> $* > $: < > < $1 > else discard
R< > < $+ + $* > $* < > < $1 > + $2 $3 find the user part
R< > < $+ > + $* $#local $@ $2 $: @ $1 strip the extra +
R< > < $+ > $@ $1 no +detail
R$+ $: $1 <> $&h add +detail back in

R$+ <> + $* $: $1 + $2 check whether +detail
R$+ <> $* $: $1 else discard
R< local : $* > $* $: $>MailerToTriple < local : $1 > $2 no host extension
R< error : $* > $* $: $>MailerToTriple < error : $1 > $2 no host extension

R< $~[ : $+ > $+ $: $>MailerToTriple < $1 : $2 > $3 < @ $2 >

R< $+ > $+ $@ $>MailerToTriple < $1 > $2 < @ $1 >

###################################################################
### Ruleset 95 -- canonify mailer:[user@]host syntax to triple ###
###################################################################

SMailerToTriple=95
R< > $* $@ $1 strip off null relay
R< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4
R< error : $- : $+ > $* $#error $@ $(dequote $1 $) $: $2
R< error : $+ > $* $#error $: $1
R< local : $* > $* $>CanonLocal < $1 > $2
R< $~[ : $+ @ $+ > $*<$*>$* $# $1 $@ $3 $: $2<@$3> use literal user
R< $~[ : $+ > $* $# $1 $@ $2 $: $3 try qualified mailer
R< $=w > $* $@ $2 delete local host
R< $+ > $* $#relay $@ $1 $: $2 use unqualified mailer

###################################################################
### Ruleset CanonLocal -- canonify local: syntax ###
###################################################################

SCanonLocal
# strip local host from routed addresses
R< $* > < @ $+ > : $+ $@ $>Recurse $3
R< $* > $+ $=O $+ < @ $+ > $@ $>Recurse $2 $3 $4

# strip trailing dot from any host name that may appear
R< $* > $* < @ $* . > $: < $1 > $2 < @ $3 >

# handle local: syntax -- use old user, either with or without host
R< > $* < @ $* > $* $#local $@ $1@$2 $: $1
R< > $+ $#local $@ $1 $: $1

# handle local:user@host syntax -- ignore host part
R< $+ @ $+ > $* < @ $* > $: < $1 > $3 < @ $4 >

# handle local:user syntax
R< $+ > $* <@ $* > $* $#local $@ $2@$3 $: $1
R< $+ > $* $#local $@ $2 $: $1

###################################################################
### Ruleset 93 -- convert header names to masqueraded form ###
###################################################################

SMasqHdr=93

# do not masquerade anything in class N
R$* < @ $* $=N . > $@ $1 < @ $2 $3 . >

R$* < @ *LOCAL* > $@ $1 < @ $j . >

###################################################################
### Ruleset 94 -- convert envelope names to masqueraded form ###
###################################################################

SMasqEnv=94
R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2

###################################################################
### Ruleset 98 -- local part of ruleset zero (can be null) ###
###################################################################

SParseLocal=98

######################################################################
### D: LookUpDomain -- search for domain in access database
###
### Parameters:
### <$1> -- key (domain name)
### <$2> -- default (what to return if not found in db)
### <$3> -- mark (must be <(!|+) single-token>)
### ! does lookup only with tag
### + does lookup with and without tag
### <$4> -- passthru (additional data passed unchanged through)
######################################################################

SD
R<$*> <$+> <$- $-> <$*> $: < $(access $4:$1 $: ? $) > <$1> <$2> <$3 $4> <$5>
R<?> <$+> <$+> <+ $-> <$*> $: < $(access $1 $: ? $) > <$1> <$2> <+ $3> <$4>
R<SKIP> <$+> <$+> <$- $-> <$*> $@ <$2> <$5>
R<?> <[$+.$-]> <$+> <$- $-> <$*> $@ $>D <[$1]> <$3> <$4 $5> <$6>
R<?> <[$+::$-]> <$+> <$- $-> <$*> $: $>D <[$1]> <$3> <$4 $5> <$6>
R<?> <[$+:$-]> <$+> <$- $-> <$*> $: $>D <[$1]> <$3> <$4 $5> <$6>
R<?> <$+.$+> <$+> <$- $-> <$*> $@ $>D <$2> <$3> <$4 $5> <$6>
R<?> <$+> <$+> <$- $-> <$*> $@ <$2> <$5>
R<$* <TMPF>> <$+> <$+> <$- $-> <$*> $@ <<TMPF>> <$6>
R<$*> <$+> <$+> <$- $-> <$*> $@ <$1> <$6>

######################################################################
### A: LookUpAddress -- search for host address in access database
###
### Parameters:
### <$1> -- key (dot quadded host address)
### <$2> -- default (what to return if not found in db)
### <$3> -- mark (must be <(!|+) single-token>)
### ! does lookup only with tag
### + does lookup with and without tag
### <$4> -- passthru (additional data passed through)
######################################################################

SA
R<$+> <$+> <$- $-> <$*> $: < $(access $4:$1 $: ? $) > <$1> <$2> <$3 $4> <$5>
R<?> <$+> <$+> <+ $-> <$*> $: < $(access $1 $: ? $) > <$1> <$2> <+ $3> <$4>
R<SKIP> <$+> <$+> <$- $-> <$*> $@ <$2> <$5>
R<?> <$+::$-> <$+> <$- $-> <$*> $@ $>A <$1> <$3> <$4 $5> <$6>
R<?> <$+:$-> <$+> <$- $-> <$*> $@ $>A <$1> <$3> <$4 $5> <$6>
R<?> <$+.$-> <$+> <$- $-> <$*> $@ $>A <$1> <$3> <$4 $5> <$6>
R<?> <$+> <$+> <$- $-> <$*> $@ <$2> <$5>
R<$* <TMPF>> <$+> <$+> <$- $-> <$*> $@ <<TMPF>> <$6>
R<$*> <$+> <$+> <$- $-> <$*> $@ <$1> <$6>

######################################################################
### CanonAddr -- Convert an address into a standard form for
### relay checking. Route address syntax is
### crudely converted into a %-hack address.
###
### Parameters:
### $1 -- full recipient address
###
### Returns:
### parsed address, not in source route form
######################################################################

SCanonAddr
R$* $: $>Parse0 $>canonify $1 make domain canonical

######################################################################
### ParseRecipient -- Strip off hosts in $=R as well as possibly
### $* $=m or the access database.
### Check user portion for host separators.
###
### Parameters:
### $1 -- full recipient address
###
### Returns:
### parsed, non-local-relaying address
######################################################################

SParseRecipient
R$* $: <?> $>CanonAddr $1
R<?> $* < @ $* . > <?> $1 < @ $2 > strip trailing dots
R<?> $- < @ $* > $: <?> $(dequote $1 $) < @ $2 > dequote local part

# if no $=O character, no host in the user portion, we are done
R<?> $* $=O $* < @ $* > $: <NO> $1 $2 $3 < @ $4>
R<?> $* $@ $1

R<NO> $* < @ $* $=R > $: <RELAY> $1 < @ $2 $3 >
R<NO> $* < @ $+ > $: $>D <$2> <NO> <+ To> <$1 < @ $2 >>
R<$+> <$+> $: <$1> $2

R<RELAY> $* < @ $* > $@ $>ParseRecipient $1
R<$+> $* $@ $2

######################################################################
### check_relay -- check hostname/address on SMTP startup
######################################################################

Scheck_relay
R$* $: $>"RateControl" dummy
R$* $: $>"ConnControl" dummy

SLocal_check_relay
Scheckrelay
R$* $: $1 $| $>"Local_check_relay" $1
R$* $| $* $| $#$* $#$3
R$* $| $* $| $* $@ $>"Basic_check_relay" $1 $| $2

SBasic_check_relay
# check for deferred delivery mode
R$* $: < $&{deliveryMode} > $1
R< d > $* $@ deferred
R< $* > $* $: $2

R$+ $| $+ $: $>D < $1 > <?> <+ Connect> < $2 >
R $| $+ $: $>A < $1 > <?> <+ Connect> <> empty client_name
R<?> <$+> $: $>A < $1 > <?> <+ Connect> <> no: another lookup
R<?> <$*> $: OK found nothing
R<$={Accept}> <$*> $@ $1 return value of lookup
R<REJECT> <$*> $#error $@ 5.7.1 $: "550 Access denied"
R<DISCARD> <$*> $#discard $: discard
R<QUARANTINE:$+> <$*> $#error $@ quarantine $: $1
R<ERROR:$-.$-.$-:$+> <$*> $#error $@ $1.$2.$3 $: $4
R<ERROR:$+> <$*> $#error $: $1
R<$* <TMPF>> <$*> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
R<$+> <$*> $#error $: $1

######################################################################
### check_mail -- check SMTP `MAIL FROM:' command argument
######################################################################

SLocal_check_mail
Scheckmail
R$* $: $1 $| $>"Local_check_mail" $1
R$* $| $#$* $#$2
R$* $| $* $@ $>"Basic_check_mail" $1

SBasic_check_mail
# check for deferred delivery mode
R$* $: < $&{deliveryMode} > $1
R< d > $* $@ deferred
R< $* > $* $: $2

# authenticated?
R$* $: $1 $| $>"tls_client" $&{verify} $| MAIL
R$* $| $#$+ $#$2
R$* $| $* $: $1

R<> $@ <OK> we MUST accept <> (RFC 1123)
R$+ $: <?> $1
R<?><$+> $: <@> <$1>
R<?>$+ $: <@> <$1>
R$* $: $&{daemon_flags} $| $1
R$* f $* $| <@> < $* @ $- > $: < ? $&{client_name} > < $3 @ $4 >
R$* u $* $| <@> < $* > $: <?> < $3 >
R$* $| $* $: $2
# handle case of @localhost on address
R<@> < $* @ localhost > $: < ? $&{client_name} > < $1 @ localhost >
R<@> < $* @ [127.0.0.1] >
$: < ? $&{client_name} > < $1 @ [127.0.0.1] >
R<@> < $* @ localhost.$m >
$: < ? $&{client_name} > < $1 @ localhost.$m >
R<@> < $* @ localhost.UUCP >
$: < ? $&{client_name} > < $1 @ localhost.UUCP >
R<@> $* $: $1 no localhost as domain
R<? $=w> $* $: $2 local client: ok
R<? $+> <$+> $#error $@ 5.5.4 $: "553 Real domain name required for sender address"
R<?> $* $: $1
R$* $: <?> $>CanonAddr $1 canonify sender address and mark it
R<?> $* < @ $+ . > <?> $1 < @ $2 > strip trailing dots
# handle non-DNS hostnames (*.bitnet, *.decnet, *.uucp, etc)
R<?> $* < @ $* $=P > $: <OKR> $1 < @ $2 $3 >
R<?> $* < @ $j > $: <OKR> $1 < @ $j >
R<?> $* < @ $+ > $: <? $(resolve $2 $: $2 <PERM> $) > $1 < @ $2 >
R<? $* <$->> $* < @ $+ >
$: <$2> $3 < @ $4 >

# check sender address: user@address, user@, address
R<$+> $+ < @ $* > $: @<$1> <$2 < @ $3 >> $| <F:$2@$3> <U:$2@> <D:$3>
R<$+> $+ $: @<$1> <$2> $| <U:$2@>
R@ <$+> <$*> $| <$+> $: <@> <$1> <$2> $| $>SearchList <+ From> $| <$3> <>
R<@> <$+> <$*> $| <$*> $: <$3> <$1> <$2> reverse result
# retransform for further use
R<?> <$+> <$*> $: <$1> $2 no match
R<$+> <$+> <$*> $: <$1> $3 relevant result, keep it

# handle case of no @domain on address
R<?> $* $: $&{daemon_flags} $| <?> $1
R$* u $* $| <?> $* $: <OKR> $3
R$* $| $* $: $2
R<?> $* $: < ? $&{client_addr} > $1
R<?> $* $@ <OKR> ...local unqualed ok
R<? $+> $* $#error $@ 5.5.4 $: "553 Domain name required for sender address " $&f
...remote is not
# check results
R<?> $* $: @ $1 mark address: nothing known about it
R<$={ResOk}> $* $: @ $2 domain ok
R<TEMP> $* $#error $@ 4.1.8 $: "451 Domain of sender address " $&f " does not resolve"
R<PERM> $* $#error $@ 5.1.8 $: "553 Domain of sender address " $&f " does not exist"
R<$={Accept}> $* $# $1 accept from access map
R<DISCARD> $* $#discard $: discard
R<QUARANTINE:$+> $* $#error $@ quarantine $: $1
R<REJECT> $* $#error $@ 5.7.1 $: "550 Access denied"
R<ERROR:$-.$-.$-:$+> $* $#error $@ $1.$2.$3 $: $4
R<ERROR:$+> $* $#error $: $1
R<<TMPF>> $* $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
R<$+> $* $#error $: $1 error from access db

######################################################################
### check_rcpt -- check SMTP `RCPT TO:' command argument
######################################################################

SLocal_check_rcpt
Scheckrcpt
R$* $: $1 $| $>"Local_check_rcpt" $1
R$* $| $#$* $#$2
R$* $| $* $@ $>"Basic_check_rcpt" $1

SBasic_check_rcpt
# empty address?
R<> $#error $@ nouser $: "553 User address required"
R$@ $#error $@ nouser $: "553 User address required"
# check for deferred delivery mode
R$* $: < $&{deliveryMode} > $1
R< d > $* $@ deferred
R< $* > $* $: $2

######################################################################
R$* $: $1 $| @ $>"Rcpt_ok" $1
R$* $| @ $#TEMP $+ $: $1 $| T $2
R$* $| @ $#$* $#$2
R$* $| @ RELAY $@ RELAY
R$* $| @ $* $: O $| $>"Relay_ok" $1
R$* $| T $+ $: T $2 $| $>"Relay_ok" $1
R$* $| $#TEMP $+ $#error $2
R$* $| $#$* $#$2
R$* $| RELAY $@ RELAY
R T $+ $| $* $#error $1
# anything else is bogus
R$* $#error $@ 5.7.1 $: "550 Relaying denied"

######################################################################
### Rcpt_ok: is the recipient ok?
######################################################################
SRcpt_ok
R$* $: $>ParseRecipient $1 strip relayable hosts

# authenticated via TLS?
R$* $: $1 $| $>RelayTLS client authenticated?
R$* $| $# $+ $# $2 error/ok?
R$* $| $* $: $1 no

R$* $: $1 $| $>"Local_Relay_Auth" $&{auth_type}
R$* $| $# $* $# $2
R$* $| NO $: $1
R$* $| $* $: $1 $| $&{auth_type}
R$* $| $: $1
R$* $| $={TrustAuthMech} $# RELAY
R$* $| $* $: $1
# anything terminating locally is ok
R$+ < @ $=w > $@ RELAY
R$+ < @ $* $=R > $@ RELAY
R$+ < @ $+ > $: $>D <$2> <?> <+ To> <$1 < @ $2 >>
R<RELAY> $* $@ RELAY
R<$* <TMPF>> $* $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
R<$*> <$*> $: $2

# check for local user (i.e. unqualified address)
R$* $: <?> $1
R<?> $* < @ $+ > $: <REMOTE> $1 < @ $2 >
# local user is ok
R<?> $+ $@ RELAY
R<$+> $* $: $2

######################################################################
### Relay_ok: is the relay/sender ok?
######################################################################
SRelay_ok
# anything originating locally is ok
# check IP address
R$* $: $&{client_addr}
R$@ $@ RELAY originated locally
R0 $@ RELAY originated locally
R127.0.0.1 $@ RELAY originated locally
RIPv6:::1 $@ RELAY originated locally
R$=R $* $@ RELAY relayable IP address
R$* $: $>A <$1> <?> <+ Connect> <$1>
R<RELAY> $* $@ RELAY relayable IP address

R<<TMPF>> $* $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
R<$*> <$*> $: $2
R$* $: [ $1 ] put brackets around it...
R$=w $@ RELAY ... and see if it is local

# check client name: first: did it resolve?
R$* $: < $&{client_resolve} >
R<TEMP> $#TEMP $@ 4.4.0 $: "450 Relaying temporarily denied. Cannot resolve PTR record for " $&{client_addr}
R<FORGED> $#error $@ 5.7.1 $: "550 Relaying denied. IP name possibly forged " $&{client_name}
R<FAIL> $#error $@ 5.7.1 $: "550 Relaying denied. IP name lookup failed " $&{client_name}
R$* $: <@> $&{client_name}
# pass to name server to make hostname canonical
R<@> $* $=P $:<?> $1 $2
R<@> $+ $:<?> $[ $1 $]
R$* . $1 strip trailing dots
R<?> $=w $@ RELAY
R<?> $* $=R $@ RELAY
R<?> $* $: $>D <$1> <?> <+ Connect> <$1>
R<RELAY> $* $@ RELAY
R<$* <TMPF>> $* $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
R<$*> <$*> $: $2

# turn a canonical address in the form user<@domain>
# qualify unqual. addresses with $j
SFullAddr
R$* <@ $+ . > $1 <@ $2 >
R$* <@ $* > $@ $1 <@ $2 >
R$+ $@ $1 <@ $j >

SDelay_TLS_Clt
# authenticated?
R$* $: $1 $| $>"tls_client" $&{verify} $| MAIL
R$* $| $#$+ $#$2
R$* $| $* $# $1
R$* $# $1

SDelay_TLS_Clt2
# authenticated?
R$* $: $1 $| $>"tls_client" $&{verify} $| MAIL
R$* $| $#$+ $#$2
R$* $| $* $@ $1
R$* $@ $1

# call all necessary rulesets
Scheck_rcpt
# R$@ $#error $@ 5.1.3 $: "553 Recipient address required"

R$+ $: $1 $| $>checkrcpt $1
R$+ $| $#error $* $#error $2
R$+ $| $#discard $* $#discard $2
R$+ $| $#$* $@ $>"Delay_TLS_Clt" $2
R$+ $| $* $: <?> $>FullAddr $>CanonAddr $1
R<?> $+ < @ $=w > $: <> $1 < @ $2 > $| <F: $1@$2 > <D: $2 > <U: $1@>
R<?> $+ < @ $* > $: <> $1 < @ $2 > $| <F: $1@$2 > <D: $2 >
# lookup the addresses only with Spam tag
R<> $* $| <$+> $: <@> $1 $| $>SearchList <! Spam> $| <$2> <>
R<@> $* $| $* $: $2 $1 reverse result
# is the recipient a spam friend?
R<FRIEND> $+ $@ $>"Delay_TLS_Clt2" SPAMFRIEND
R<$*> $+ $: $2

R$* $: $1 $| $>checkmail $&{mail_from}
R$* $| $#$* $#$2
R$* $| $* $: $1 $| $>checkrelay $&{client_name} $| $&{client_addr}
R$* $| $#$* $#$2
R$* $| $* $: $1

######################################################################
### F: LookUpFull -- search for an entry in access database
###
### lookup of full key (which should be an address) and
### variations if +detail exists: +* and without +detail
###
### Parameters:
### <$1> -- key
### <$2> -- default (what to return if not found in db)
### <$3> -- mark (must be <(!|+) single-token>)
### ! does lookup only with tag
### + does lookup with and without tag
### <$4> -- passthru (additional data passed unchanged through)
######################################################################

SF
R<$+> <$*> <$- $-> <$*> $: <$(access $4:$1 $: ? $)> <$1> <$2> <$3 $4> <$5>
R<?> <$+> <$*> <+ $-> <$*> $: <$(access $1 $: ? $)> <$1> <$2> <+ $3> <$4>
R<?> <$+ + $* @ $+> <$*> <$- $-> <$*>
$: <$(access $6:$1+*@$3 $: ? $)> <$1+$2@$3> <$4> <$5 $6> <$7>
R<?> <$+ + $* @ $+> <$*> <+ $-> <$*>
$: <$(access $1+*@$3 $: ? $)> <$1+$2@$3> <$4> <+ $5> <$6>
R<?> <$+ + $* @ $+> <$*> <$- $-> <$*>
$: <$(access $6:$1@$3 $: ? $)> <$1+$2@$3> <$4> <$5 $6> <$7>
R<?> <$+ + $* @ $+> <$*> <+ $-> <$*>
$: <$(access $1@$3 $: ? $)> <$1+$2@$3> <$4> <+ $5> <$6>
R<?> <$+> <$*> <$- $-> <$*> $@ <$2> <$5>
R<$+ <TMPF>> <$*> <$- $-> <$*> $@ <<TMPF>> <$5>
R<$+> <$*> <$- $-> <$*> $@ <$1> <$5>

######################################################################
### E: LookUpExact -- search for an entry in access database
###
### Parameters:
### <$1> -- key
### <$2> -- default (what to return if not found in db)
### <$3> -- mark (must be <(!|+) single-token>)
### ! does lookup only with tag
### + does lookup with and without tag
### <$4> -- passthru (additional data passed unchanged through)
######################################################################

SE
R<$*> <$*> <$- $-> <$*> $: <$(access $4:$1 $: ? $)> <$1> <$2> <$3 $4> <$5>
R<?> <$+> <$*> <+ $-> <$*> $: <$(access $1 $: ? $)> <$1> <$2> <+ $3> <$4>
R<?> <$+> <$*> <$- $-> <$*> $@ <$2> <$5>
R<$+ <TMPF>> <$*> <$- $-> <$*> $@ <<TMPF>> <$5>
R<$+> <$*> <$- $-> <$*> $@ <$1> <$5>

######################################################################
### U: LookUpUser -- search for an entry in access database
###
### lookup of key (which should be a local part) and
### variations if +detail exists: +* and without +detail
###
### Parameters:
### <$1> -- key (user@)
### <$2> -- default (what to return if not found in db)
### <$3> -- mark (must be <(!|+) single-token>)
### ! does lookup only with tag
### + does lookup with and without tag
### <$4> -- passthru (additional data passed unchanged through)
######################################################################

SU
R<$+> <$*> <$- $-> <$*> $: <$(access $4:$1 $: ? $)> <$1> <$2> <$3 $4> <$5>
R<?> <$+> <$*> <+ $-> <$*> $: <$(access $1 $: ? $)> <$1> <$2> <+ $3> <$4>
R<?> <$+ + $* @> <$*> <$- $-> <$*>
$: <$(access $5:$1+*@ $: ? $)> <$1+$2@> <$3> <$4 $5> <$6>
R<?> <$+ + $* @> <$*> <+ $-> <$*>
$: <$(access $1+*@ $: ? $)> <$1+$2@> <$3> <+ $4> <$5>
R<?> <$+ + $* @> <$*> <$- $-> <$*>
$: <$(access $5:$1@ $: ? $)> <$1+$2@> <$3> <$4 $5> <$6>
R<?> <$+ + $* @> <$*> <+ $-> <$*>
$: <$(access $1@ $: ? $)> <$1+$2@> <$3> <+ $4> <$5>
R<?> <$+> <$*> <$- $-> <$*> $@ <$2> <$5>
R<$+ <TMPF>> <$*> <$- $-> <$*> $@ <<TMPF>> <$5>
R<$+> <$*> <$- $-> <$*> $@ <$1> <$5>

######################################################################
### SearchList: search a list of items in the access map
### Parameters:
### <exact tag> $| <mark:address> <mark:address> ... <>
### where "exact" is either "+" or "!":
### <+ TAG> lookup with and w/o tag
### <! TAG> lookup with tag
### possible values for "mark" are:
### D: recursive host lookup (LookUpDomain)
### E: exact lookup, no modifications
### F: full lookup, try user+ext@domain and user@domain
### U: user lookup, try user+ext and user (input must have trailing @)
### return: <RHS of lookup> or <?> (not found)
######################################################################

# class with valid marks for SearchList
C{Src}E F D U A
SSearchList
# just call the ruleset with the name of the tag... nice trick...
R<$+> $| <$={Src}:$*> <$*> $: <$1> $| <$4> $| $>$2 <$3> <?> <$1> <>
R<$+> $| <> $| <?> <> $@ <?>
R<$+> $| <$+> $| <?> <> $@ $>SearchList <$1> $| <$2>
R<$+> $| <$*> $| <$+> <> $@ <$3>
R<$+> $| <$+> $@ <$2>

######################################################################
### trust_auth: is user trusted to authenticate as someone else?
###
### Parameters:
### $1: AUTH= parameter from MAIL command
######################################################################

SLocal_trust_auth
Strust_auth
R$* $: $&{auth_type} $| $1
# required by RFC 2554 section 4.
R$@ $| $* $#error $@ 5.7.1 $: "550 not authenticated"
R$* $| $&{auth_authen} $@ identical
R$* $| <$&{auth_authen}> $@ identical
R$* $| $* $: $1 $| $>"Local_trust_auth" $2
R$* $| $#$* $#$2
R$* $#error $@ 5.7.1 $: "550 " $&{auth_authen} " not allowed to act as " $&{auth_author}

######################################################################
### Relay_Auth: allow relaying based on authentication?
###
### Parameters:
### $1: ${auth_type}
######################################################################
SLocal_Relay_Auth

######################################################################
### srv_features: which features to offer to a client?
### (done in server)
######################################################################
Ssrv_features
R$* $: $>D <$&{client_name}> <?> <! "Srv_Features"> <>
R<?>$* $: $>A <$&{client_addr}> <?> <! "Srv_Features"> <>
R<?>$* $: <$(access "Srv_Features": $: ? $)>
R<?>$* $@ OK
R<$* <TMPF>>$* $#temp
R<$+>$* $# $1

######################################################################
### try_tls: try to use STARTTLS?
### (done in client)
######################################################################
Stry_tls
R$* $: $>D <$&{server_name}> <?> <! "Try_TLS"> <>
R<?>$* $: $>A <$&{server_addr}> <?> <! "Try_TLS"> <>
R<?>$* $: <$(access "Try_TLS": $: ? $)>
R<?>$* $@ OK
R<$* <TMPF>>$* $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
R<NO>$* $#error $@ 5.7.1 $: "550 do not try TLS with " $&{server_name} " ["$&{server_addr}"]"

######################################################################
### tls_rcpt: is connection with server "good" enough?
### (done in client, per recipient)
###
### Parameters:
### $1: recipient
######################################################################
Stls_rcpt
R$* $: $(macro {TLS_Name} $@ $&{server_name} $) $1
R$+ $: <?> $>CanonAddr $1
R<?> $+ < @ $+ . > <?> $1 <@ $2 >
R<?> $+ < @ $+ > $: $1 <@ $2 > $| <F:$1@$2> <U:$1@> <D:$2> <E:>
R<?> $+ $: $1 $| <U:$1@> <E:>
R$* $| $+ $: $1 $| $>SearchList <! "TLS_Rcpt"> $| $2 <>
R$* $| <?> $@ OK
R$* $| <$* <TMPF>> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
R$* $| <$+> $@ $>"TLS_connection" $&{verify} $| <$2>

######################################################################
### tls_client: is connection with client "good" enough?
### (done in server)
###
### Parameters:
### ${verify} $| (MAIL|STARTTLS)
######################################################################
Stls_client
R$* $: $(macro {TLS_Name} $@ $&{server_name} $) $1
R$* $| $* $: $1 $| $>D <$&{client_name}> <?> <! "TLS_Clt"> <>
R$* $| <?>$* $: $1 $| $>A <$&{client_addr}> <?> <! "TLS_Clt"> <>
R$* $| <?>$* $: $1 $| <$(access "TLS_Clt": $: ? $)>
R$* $| <$* <TMPF>> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
R$* $@ $>"TLS_connection" $1

######################################################################
### tls_server: is connection with server "good" enough?
### (done in client)
###
### Parameter:
### ${verify}
######################################################################
Stls_server
R$* $: $(macro {TLS_Name} $@ $&{server_name} $) $1
R$* $: $1 $| $>D <$&{server_name}> <?> <! "TLS_Srv"> <>
R$* $| <?>$* $: $1 $| $>A <$&{server_addr}> <?> <! "TLS_Srv"> <>
R$* $| <?>$* $: $1 $| <$(access "TLS_Srv": $: ? $)>
R$* $| <$* <TMPF>> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
R$* $@ $>"TLS_connection" $1

######################################################################
### TLS_connection: is TLS connection "good" enough?
###
### Parameters:
### ${verify} $| <Requirement> [<>]
### Requirement: RHS from access map, may be ? for none.
######################################################################
STLS_connection
R$* $| <$*>$* $: $1 $| <$2>
# create the appropriate error codes
R$* $| <PERM + $={Tls} $*> $: $1 $| <503:5.7.0> <$2 $3>
R$* $| <TEMP + $={Tls} $*> $: $1 $| <403:4.7.0> <$2 $3>
R$* $| <$={Tls} $*> $: $1 $| <403:4.7.0> <$2 $3>
# deal with TLS handshake failures: abort
RSOFTWARE $| <$-:$+> $* $#error $@ $2 $: $1 " TLS handshake failed."
RSOFTWARE $| $* $#error $@ 4.7.0 $: "403 TLS handshake failed."
# deal with TLS protocol errors: abort
RPROTOCOL $| <$-:$+> $* $#error $@ $2 $: $1 " STARTTLS failed."
RPROTOCOL $| $* $#error $@ 4.7.0 $: "403 STARTTLS failed."
R$* $| <$*> <VERIFY> $: <$2> <VERIFY> <> $1
R$* $| <$*> <VERIFY + $+> $: <$2> <VERIFY> <$3> $1
R$* $| <$*> <$={Tls}:$->$* $: <$2> <$3:$4> <> $1
R$* $| <$*> <$={Tls}:$- + $+>$* $: <$2> <$3:$4> <$5> $1
R$* $| $* $@ OK
# authentication required: give appropriate error
# other side did authenticate (via STARTTLS)
R<$*><VERIFY> <> OK $@ OK
R<$*><VERIFY> <$+> OK $: <$1> <REQ:0> <$2>
R<$*><VERIFY:$-> <$*> OK $: <$1> <REQ:$2> <$3>
R<$*><ENCR:$-> <$*> $* $: <$1> <REQ:$2> <$3>
R<$-:$+><VERIFY $*> <$*> $#error $@ $2 $: $1 " authentication required"
R<$-:$+><VERIFY $*> <$*> FAIL $#error $@ $2 $: $1 " authentication failed"
R<$-:$+><VERIFY $*> <$*> NO $#error $@ $2 $: $1 " not authenticated"
R<$-:$+><VERIFY $*> <$*> NOT $#error $@ $2 $: $1 " no authentication requested"
R<$-:$+><VERIFY $*> <$*> NONE $#error $@ $2 $: $1 " other side does not support STARTTLS"
R<$-:$+><VERIFY $*> <$*> $+ $#error $@ $2 $: $1 " authentication failure " $4
R<$*><REQ:$-> <$*> $: <$1> <REQ:$2> <$3> $>max $&{cipher_bits} : $&{auth_ssf}
R<$*><REQ:$-> <$*> $- $: <$1> <$2:$4> <$3> $(arith l $@ $4 $@ $2 $)
R<$-:$+><$-:$-> <$*> TRUE $#error $@ $2 $: $1 " encryption too weak " $4 " less than " $3
R<$-:$+><$-:$-> <$*> $* $: <$1:$2 ++ $5>
R<$-:$+ ++ > $@ OK
R<$-:$+ ++ $+ > $: <$1:$2> <$3>
R<$-:$+> < $+ ++ $+ > <$1:$2> <$3> <$4>
R<$-:$+> $+ $@ $>"TLS_req" $3 $| <$1:$2>

######################################################################
### TLS_req: check additional TLS requirements
###
### Parameters: [<list> <of> <req>] $| <$-:$+>
### $-: SMTP reply code
### $+: Enhanced Status Code
######################################################################
STLS_req
R $| $+ $@ OK
R<CN> $* $| <$+> $: <CN:$&{TLS_Name}> $1 $| <$2>
R<CN:$&{cn_subject}> $* $| <$+> $@ $>"TLS_req" $1 $| <$2>
R<CN:$+> $* $| <$-:$+> $#error $@ $4 $: $3 " CN " $&{cn_subject} " does not match " $1
R<CS:$&{cert_subject}> $* $| <$+> $@ $>"TLS_req" $1 $| <$2>
R<CS:$+> $* $| <$-:$+> $#error $@ $4 $: $3 " Cert Subject " $&{cert_subject} " does not match " $1
R<CI:$&{cert_issuer}> $* $| <$+> $@ $>"TLS_req" $1 $| <$2>
R<CI:$+> $* $| <$-:$+> $#error $@ $4 $: $3 " Cert Issuer " $&{cert_issuer} " does not match " $1
ROK $@ OK

######################################################################
### max: return the maximum of two values separated by :
###
### Parameters: [$-]:[$-]
######################################################################
Smax
R: $: 0
R:$- $: $1
R$-: $: $1
R$-:$- $: $(arith l $@ $1 $@ $2 $) : $1 : $2
RTRUE:$-:$- $: $2
R$-:$-:$- $: $2

######################################################################
### RelayTLS: allow relaying based on TLS authentication
###
### Parameters:
### none
######################################################################
SRelayTLS
# authenticated?
R$* $: <?> $&{verify}
R<?> OK $: OK authenticated: continue
R<?> $* $@ NO not authenticated
R$* $: $&{cert_issuer}
R$+ $: $(access CERTISSUER:$1 $)
RRELAY $# RELAY
RSUBJECT $: <@> $&{cert_subject}
R<@> $+ $: <@> $(access CERTSUBJECT:$1 $)
R<@> RELAY $# RELAY
R$* $: NO

######################################################################
### authinfo: lookup authinfo in the access map
###
### Parameters:
### $1: {server_name}
### $2: {server_addr}
######################################################################
Sauthinfo
R$* $: $1 $| $>D <$&{server_name}> <?> <! AuthInfo> <>
R$* $| <?>$* $: $1 $| $>A <$&{server_addr}> <?> <! AuthInfo> <>
R$* $| <?>$* $: $1 $| <$(access AuthInfo: $: ? $)> <>
R$* $| <?>$* $@ no no authinfo available
R$* $| <$*> <> $# $2

######################################################################
### RateControl:
### Parameters: ignored
### return: $#error or OK
######################################################################
SRateControl
R$* $: <A:$&{client_addr}> <E:>
R$+ $: $>SearchList <! ClientRate> $| $1 <>
R<?> $@ OK
R<$* <TMPF>> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
R<0> $@ OK no limit
R<$+> $: <$1> $| $(arith l $@ $1 $@ $&{client_rate} $)
R<$+> $| TRUE $#error $@ 4.3.2 $: 421 Connection rate limit exceeded.

######################################################################
### ConnControl:
### Parameters: ignored
### return: $#error or OK
######################################################################
SConnControl
R$* $: <A:$&{client_addr}> <E:>
R$+ $: $>SearchList <! ClientConn> $| $1 <>
R<?> $@ OK
R<$* <TMPF>> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
R<0> $@ OK no limit
R<$+> $: <$1> $| $(arith l $@ $1 $@ $&{client_connections} $)
R<$+> $| TRUE $#error $@ 4.3.2 $: 421 Too many open connections.

######################################################################
### greet_pause: lookup pause time before 220 greeting
###
### Parameters:
### $1: {client_name}
### $2: {client_addr}
######################################################################
SLocal_greet_pause
Sgreet_pause
R$* $: <$1><?> $| $>"Local_greet_pause" $1
R<$*><?> $| $#$* $#$2
R<$*><?> $| $* $: $1
R$+ $| $+ $: $>D < $1 > <?> <! GreetPause> < $2 >
R $| $+ $: $>A < $1 > <?> <! GreetPause> <> empty client_name
R<?> <$+> $: $>A < $1 > <?> <! GreetPause> <> no: another lookup
R<?> <$*> $# 1000
R<$* <TMPF>> <$*> $@
R<$+> <$*> $# $1
#
######################################################################
######################################################################
#####
##### MAIL FILTER DEFINITIONS
#####
######################################################################
######################################################################

#
######################################################################
######################################################################
#####
##### MAILER DEFINITIONS
#####
######################################################################
######################################################################

##################################################
### Local and Program Mailer specification ###
##################################################

##### $Id: local.m4,v 8.59 2004/11/23 00:37:25 ca Exp $ #####

#
# Envelope sender rewriting
#
SEnvFromL
R<@> $n errors to mailer-daemon
R@ <@ $*> $n temporarily bypass Sun bogosity
R$+ $: $>AddDomain $1 add local domain if needed
R$* $: $>MasqEnv $1 do masquerading

#
# Envelope recipient rewriting
#
SEnvToL
R$+ < @ $* > $: $1 strip host part
R$+ + $* $: < $&{addr_type} > $1 + $2 mark with addr type
R<e s> $+ + $* $: $1 remove +detail for sender
R< $* > $+ $: $2 else remove mark

#
# Header sender rewriting
#
SHdrFromL
R<@> $n errors to mailer-daemon
R@ <@ $*> $n temporarily bypass Sun bogosity
R$+ $: $>AddDomain $1 add local domain if needed
R$* $: $>MasqHdr $1 do masquerading

#
# Header recipient rewriting
#
SHdrToL
R$+ $: $>AddDomain $1 add local domain if needed
R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2

#
# Common code to add local domain name (only if always-add-domain)
#
SAddDomain

Mlocal, P=/usr/sbin/sensible-mda, F=lsDFMAw5:/|@qPn9S, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL,
T=DNS/RFC822/X-Unix,
A=sensible-mda $g $u $h ${client_addr}
Mprog, P=/bin/sh, F=lsDFMoqeu9, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL, D=$z:/,
T=X-Unix/X-Unix/X-Unix,
A=sh -c $u

#####################################
### SMTP Mailer specification ###
#####################################

##### $Id: smtp.m4,v 8.65 2006/07/12 21:08:10 ca Exp $ #####

#
# common sender and masquerading recipient rewriting
#
SMasqSMTP
R$* < @ $* > $* $@ $1 < @ $2 > $3 already fully qualified
R$+ $@ $1 < @ *LOCAL* > add local qualification

#
# convert pseudo-domain addresses to real domain addresses
#
SPseudoToReal

# pass <route-addr>s through
R< @ $+ > $* $@ < @ $1 > $2 resolve <route-addr>

# output fake domains as user%fake@relay

# do UUCP heuristics; note that these are shared with UUCP mailers
R$+ < @ $+ .UUCP. > $: < $2 ! > $1 convert to UUCP form
R$+ < @ $* > $* $@ $1 < @ $2 > $3 not UUCP form

# leave these in .UUCP form to avoid further tampering
R< $&h ! > $- ! $+ $@ $2 < @ $1 .UUCP. >
R< $&h ! > $-.$+ ! $+ $@ $3 < @ $1.$2 >
R< $&h ! > $+ $@ $1 < @ $&h .UUCP. >
R< $+ ! > $+ $: $1 ! $2 < @ $Y > use UUCP_RELAY
R$+ < @ $~[ $* : $+ > $@ $1 < @ $4 > strip mailer: part
R$+ < @ > $: $1 < @ *LOCAL* > if no UUCP_RELAY

#
# envelope sender rewriting
#
SEnvFromSMTP
R$+ $: $>PseudoToReal $1 sender/recipient common
R$* :; <@> $@ list:; special case
R$* $: $>MasqSMTP $1 qualify unqual'ed names
R$+ $: $>MasqEnv $1 do masquerading

#
# envelope recipient rewriting --
# also header recipient if not masquerading recipients
#
SEnvToSMTP
R$+ $: $>PseudoToReal $1 sender/recipient common
R$+ $: $>MasqSMTP $1 qualify unqual'ed names
R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2

#
# header sender and masquerading header recipient rewriting
#
SHdrFromSMTP
R$+ $: $>PseudoToReal $1 sender/recipient common
R:; <@> $@ list:; special case

# do special header rewriting
R$* <@> $* $@ $1 <@> $2 pass null host through
R< @ $* > $* $@ < @ $1 > $2 pass route-addr through
R$* $: $>MasqSMTP $1 qualify unqual'ed names
R$+ $: $>MasqHdr $1 do masquerading

#
# relay mailer header masquerading recipient rewriting
#
SMasqRelay
R$+ $: $>MasqSMTP $1
R$+ $: $>MasqHdr $1

Msmtp, P=[IPC], F=mDFMuX, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
T=DNS/RFC822/SMTP,
A=TCP $h
Mesmtp, P=[IPC], F=mDFMuXa, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
T=DNS/RFC822/SMTP,
A=TCP $h
Msmtp8, P=[IPC], F=mDFMuX8, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
T=DNS/RFC822/SMTP,
A=TCP $h
Mdsmtp, P=[IPC], F=mDFMuXa%, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
T=DNS/RFC822/SMTP,
A=TCP $h
Mrelay, P=[IPC], F=mDFMuXa8, S=EnvFromSMTP/HdrFromSMTP, R=MasqSMTP, E=\r\n, L=2040,
T=DNS/RFC822/SMTP,
A=TCP $h

閱讀 lutuni 的日誌 | 迴響 (0) | 引用次數 (0) | 瀏覽次數 (1141)

« 1 ... 4 5 6 (7) 8 9 10 »