# Class R contains a list of domain names that you want to relay mail # for. This can be used to avoid map lookups for common cases, or to # ensure that particular domains are hardwired into your configuration # so that they can't be accidentally deleted from the maps. #CRyour.domain # Read class R from file #FR-o /usr/local/etc/sendmail.cR # These maps contain a domain name or ip number (maybe partly specified) # on the LHS, and *OK* on the RHS (to avoid confusion with valid host or # user names). The rules below will not accept top-level domain names # (com, org, etc.) and, unless you remove some comments, will not # accept class A IP addresses either. Krelay_to_domain hash -o /usr/local/etc/relay_to_domain Krelay_to_ip hash -o /usr/local/etc/relay_to_ip Krelay_from_domain hash -o /usr/local/etc/relay_from_domain Krelay_from_ip hash -o /usr/local/etc/relay_from_ip # check RCPT TO: address. Actually, first check to see if the client is # one we permit to relay through us, and don't bother to check the # recipient if the client is local. If the client is non-local, then # check the recipient using the Relay_to ruleset. Return an error if a # non-local client tries to relay to a non-local address. Scheck_rcpt # check client domain name (save rcpt to: argument for later) R$* $: $(dequote "" $&{client_name} $) $| $1 R$@ $| $* $@ OK permit local user R$=w $| $* $@ OK permit hosts in Cw #R$* $=R $| $* $@ OK permit domains in CR (optional) # check client domain name against relay_from_domain map until found # or remove left component and iterate until down to one token R$-.$+ $| $* $(relay_from_domain $1.$2 $: $2 $) $| $3 R*OK* $| $* $@ OK OK to relay from this client # check client IP address R$* $| $* $: $(dequote "" $&{client_addr} $) $| $2 R0 $| $* $@ OK permit local user # check client IP address against relay_from_ip map until found # or remove right component and iterate until down to one token R$+.$- $| $* $(relay_from_ip $1.$2 $: $1 $) $| $3 R*OK* $| $* $@ OK OK to relay from this client # to permit relaying from an entire class A network, uncomment next two lines #R$- $| $* $: $(relay_from_ip $1 $: $1 $) $| $2 #R*OK* $| $* $@ OK # check supplied rcpt to: address after dequoting R$* $| $* $: $>Relay_to $(dequote $2 $) R*OK* $@ OK OK to relay to address # If this rule is reached, this recipient should not be accepted R$* $#error $@ 5.5.1 $: "551 Relaying denied, contact postmaster@$j for help" # Relay_to: check for an address that we will relay mail TO. Accepts # address and canonifies with ruleset 3; returns token *OK* if address # specifies or routes through hosts we will relay to or *NOTOK* for # anything else SRelay_to R$* *OK* $* $@ *NOTOK* reject marker in input R$* $: $>3 $1 canonify and focus R$* <@ $* .> $* $: $1 <@ $2 > $3 remove a trailing . in focus R$* <@ $=w > $* $: $1 <@ *OK* > $3 permit hosts in Cw R$* <@ $* $=R > $* $: $1 <@ *OK* > $4 permit domains in CR # check numeric IP address in focus against relay_to_ip map until found # or remove right component and iterate until down to one token R$* <@[ $+.$- ]> $* $1 <@[ $(relay_to_ip $2.$3 $: $2 $) ]> $4 R$* <@[ *OK* ]> $* $: $1 <@ *OK* > $2 remove brackets around *OK* # to permit relaying to a class A network by IP, uncomment next two lines #R$* <@[ $- ]> $* $: $1 <@[ $(relay_to_ip $2 $: $2 $) ]> $3 #R$* <@[ *OK* ]> $* $: $1 <@ *OK* > $2 remove brackets around *OK* # check domain name in focus against relay_to_domain map until found # or remove left component and iterate until down to one token R$* <@ $-.$+ > $* $1 <@ $(relay_to_domain $2.$3 $: $3 $) > $4 R$* <@ *OK* > $: $>Relay_to $1 focus is OK, remove it and recurse R<@ *OK* >: $* $: $>Relay_to $1 same for weird source route form R$* <@ $* > $* $@ *NOTOK* reject focus without marker R*NOTOK* $@ *NOTOK* return *NOTOK* from above # if we get here, then it's just a local user form and that's OK R$* $@ *OK*