divert(-1) # # Copyright (c) 1996-1999 Claus Assmann # # In short: you can do whatever you want with this, but don't blame me! # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # ifdef(`_CHECK_MAP_TYPE_',`',`define(`_CHECK_MAP_TYPE_',`dbm')') define(`_JUNK_MAP_REQ_',`1') ifdef(`_CHECK_IP_IN_MAIL_',`define(`_CHECK_JUNK_IP_REQ_',`1')') ifdef(`_MAPS_RBL_',` ifdef(`_RBLOVERRIDE_NAME_',`define(`_CHECK_DOMAINMAP_REQ_',`1')') ifdef(`_RBLOVERRIDE_IP_',`define(`_CHECK_IPMAP_REQ_',`1')') define(`_MAPS_RBL_1_',ifelse(_MAPS_RBL_,`',`rbl.maps.vix.com',_MAPS_RBL_,`1',`rbl.maps.vix.com',`_MAPS_RBL_')) ifdef(`_MAPS_RBL_URL_',`',`define(`_MAPS_RBL_URL_',`http://maps.vix.com/rbl/')') ifdef(`_MAPS_RBL_2_',ifdef(`_MAPS_RBL_URL_2_',`',`define(`_MAPS_RBL_URL_2_',`somewhere')')) ifdef(`_MAPS_RBL_3_',ifdef(`_MAPS_RBL_URL_3_',`',`define(`_MAPS_RBL_URL_3_',`somewhere')')) ') define(`_CHECK_JUNK_REQ_',`1') ifdef(`_DNSRELAYOVERRIDE_IP_',`define(`_CHECK_IPMAP_REQ_',`1')') ifdef(`_ACCEPT_MAP_LOC_',,`define(`_ACCEPT_MAP_LOC_',`/etc/mail/accept')')dnl divert(0) VERSIONID(`@(#)check_mail3.m4 3.9.17 (Claus Assmann) 1999-02-27') include(_CF_DIR_`'hack/junk.m4) PUSHDIVERT(6) ifdef(`_ACCEPT_SOME_',`dnl Kaccept ifelse(_ACCEPT_SOME_,`',`_CHECK_MAP_TYPE_ -o -a@ACCEPT _ACCEPT_MAP_LOC_',_ACCEPT_SOME_,`1',`_CHECK_MAP_TYPE_ -o -a@ACCEPT /etc/mail/accept',`_ACCEPT_SOME_')',`dnl') ifdef(`_MAPS_RBL_',`dnl ifdef(`_RBLOVERRIDE_NAME_',`dnl Krbloverride ifelse(_RBLOVERRIDE_NAME_,`',`_CHECK_MAP_TYPE_ -o -m -a@MATCH /etc/mail/rbloverride',_RBLOVERRIDE_NAME_,`1',`_CHECK_MAP_TYPE_ -o -m -a@MATCH /etc/mail/rbloverride',`_RBLOVERRIDE_NAME_')',`dnl') ifdef(`_RBLOVERRIDE_IP_',`dnl Krblovrip ifelse(_RBLOVERRIDE_IP_,`',`_CHECK_MAP_TYPE_ -o -m -a@MATCH /etc/mail/rblovrip',_RBLOVERRIDE_IP_,`1',`_CHECK_MAP_TYPE_ -o -m -a@MATCH /etc/mail/rblovrip',`_RBLOVERRIDE_IP_')',`dnl')') ifdef(`_DNSRELAYOVERRIDE_IP_',`dnl Kdnsrelovrip ifelse(_DNSRELAYOVERRIDE_IP_,`',`_CHECK_MAP_TYPE_ -o -m -a@MATCH /etc/mail/dnsrelovrip',`_DNSRELAYOVERRIDE_IP_')',`dnl') ifdef(`_CHECK_LOCALUSER_',dnl # Maps to look up user names in local_check Kpasswd user -m -a@LOCALUSER define(`_ALIAS1_',ALIAS_FILE)dnl Kalias implicit -m -a@LOCALUSER `_ALIAS1_' ifdef(`ALIAS_FILE1',Kchkalias1 implicit -m -a@LOCALUSER ALIAS_FILE1,`dnl') ifdef(`ALIAS_FILE2',Kchkalias2 implicit -m -a@LOCALUSER ALIAS_FILE2,`dnl') ifdef(`ALIAS_FILE3',Kchkalias3 implicit -m -a@LOCALUSER ALIAS_FILE3,`dnl') ifdef(`ALIAS_FILE4',Kchkalias4 implicit -m -a@LOCALUSER ALIAS_FILE4,`dnl') ifdef(`ALIAS_FILE5',Kchkalias5 implicit -m -a@LOCALUSER ALIAS_FILE5,`dnl') ifdef(`ALIAS_FILE6',Kchkalias6 implicit -m -a@LOCALUSER ALIAS_FILE6,`dnl') ifdef(`ALIAS_FILE7',Kchkalias7 implicit -m -a@LOCALUSER ALIAS_FILE7,`dnl') ifdef(`ALIAS_FILE8',Kchkalias8 implicit -m -a@LOCALUSER ALIAS_FILE8,`dnl') ifdef(`ALIAS_FILE9',Kchkalias9 implicit -m -a@LOCALUSER ALIAS_FILE9,`dnl') ifdef(`ALIAS_1',Kchkal1 ALIAS_1,`dnl') define(`_AF_',`')dnl ifdef(`ALIAS_FILE1',`define(`_AF_',_AF_ chkalias1)')dnl ifdef(`ALIAS_FILE2',`define(`_AF_',_AF_ chkalias2)')dnl ifdef(`ALIAS_FILE3',`define(`_AF_',_AF_ chkalias3)')dnl ifdef(`ALIAS_FILE4',`define(`_AF_',_AF_ chkalias4)')dnl ifdef(`ALIAS_FILE5',`define(`_AF_',_AF_ chkalias5)')dnl ifdef(`ALIAS_FILE6',`define(`_AF_',_AF_ chkalias6)')dnl ifdef(`ALIAS_FILE7',`define(`_AF_',_AF_ chkalias7)')dnl ifdef(`ALIAS_FILE8',`define(`_AF_',_AF_ chkalias8)')dnl ifdef(`ALIAS_FILE9',`define(`_AF_',_AF_ chkalias9)')dnl ifdef(`ALIAS_1',`define(`_AF_',_AF_ chkal1)')dnl Klocal sequence alias _AF_ passwd) ifdef(`_CHECK_LOCALADDR_', `Klocaldom ifelse(_CHECK_LOCALADDR_,`',`_CHECK_MAP_TYPE_ -o -m -a. /etc/mail/AllowedDomains',_CHECK_LOCALADDR_,`1',`_CHECK_MAP_TYPE_ -o -m -a. /etc/mail/AllowedDomains',`_CHECK_LOCALADDR_')') POPDIVERT divert(2) LOCAL_RULESETS ifdef(`_CHECK_LOCALUSER_',`dnl # determine whether a local address exists or not. Slocal_check R$+ $: $1 R $+ + $* $: $(local $1 $) R $+ $: $(local $1 $) # something wrong? R $+ $: OOPS $1 cannot happen... R$+@LOCALUSER $@ OK R$+ $# error $@ NOUSER $: 550 Unrecognized username $1') ifdef(`VIRTUSER_TABLE',` # Check if address exists in virtusertable Svirtuser_check # First check user@domain (and save original address at the end). R$+@$+ $: <$(virtuser $1 @ $2 $@ $1 $: @ $)><$1@$2> # Check username+*@domain for plussed users. R<@><$+ + $* @ $*> $: <$(virtuser $1 + * @ $3 $@ $1 $: @ $)><$1+$2@$3> # Chech username@domain for plussed users. R<@><$+ + $* @ $*> $: <$(virtuser $1 @ $3 $@ $1 $: @ $)><$1+$2@$3> # Check @domain. R<@><$+ @ $*> $: <$(virtuser @ $2 $@ $1 $: @ $)><$1@$2> # If <@> remains, no match was done. Punt to local_check. R<@><$+@$+> $@ $>local_check $1 # User found in virtusertable. R$* $@ OK') ifdef(`_CHECK_LOCALUSER_',`ifdef(`GENERICS_TABLE',` Sgeneric R$+<@$=G.> $: < $1@$2 > $1 < @$2.>@ mark R$+<@*LOCAL*> $: < $1@$j > $1 < @ *LOCAL* > @ mark R<$+>$+<$*>@ $: < $(generics $1 $: $) > $2 < $3 > R<>$+<@$+> $: < $(generics $1 $: $) > $1 < @ $2 > R<$*@$*>$*<$*> $@ $>3 $1 @ $2 found qualified R<$+>$*<$*> $: $>3 $1 @ *LOCAL* found unqualified R<>$* $: $1 not found')') ifdef(`_CHECK_LOCALADDR_',` # Determine if a local address exists or not. Slocaladdr R<$+@$*.$~.> $: <$1@ $(localdom $2.$3 $)> R<$+@$+.> $@ <$1@$2.> undefine(`COMMENT')dnl define(`COMMENT',`ifdef(`_CHECK_LOCALSUBDOMAINS_', `', `#')')dnl COMMENT`'R<$+@$+.$+.$+> $: $>localaddr <$1@$3.$4> ') undefine(`COMMENT')dnl ifdef(`_CHECK_MAIL_IN_RCPT_',Scheckmail,S`'SM89_LOCAL`'check_mail) ifdef(`_CHECK_MAIL1_',`R$* $: $>chk_mail1 $1 first user extension',`dnl') ifdef(`_ACCEPT_SOME_',`dnl R<$*@$*@ACCEPT> $#error $@ 5.1.8 $: 501 illegal MAIL FROM <$1@$2@ACCEPT> R<$*@$+> $:<$1@$(accept $2 $:$2$)> R<$*@$*@ACCEPT> $@ <$1@$2@ACCEPT> # addition from Yar Tikhiy R<$*@$+> $:<$1@$(accept $1@$2 $:$2$)> R<$*@$*@ACCEPT> $@ <$1@$2@ACCEPT>',`dnl') ifdef(`_MAPS_RBL_',`dnl # workspace: MAILFROM R$* $: $1 $| tokenize($&{client_addr}) # workspace: MAILFROM $| client_addr ifdef(`_CHECK_IP_IN_MAIL_',`_JUNK_IP_RULES_',`dnl') ifdef(`_RBLOVERRIDE_IP_',`# overriden by IP address? # workspace: MAILFROM $| client_addr R$* $| $+ $: $1 $| $>IPMap $2.rblovrip # mark with # workspace: MAILFROM $| result of rblovrip lookup: client_addr or @MATCH R $* $| $*@MATCH $: $1 # : no further checks',`dnl') ifdef(`_RBLOVERRIDE_LOCALIP_', `dnl # workspace: MAILFROM [ $| client_addr ] ifdef(`_LOCAL_SUBNETBITS_', `R$* $| $* $:$1 $| $2 $| $(ip2bin $2 $@ b $) R$* $| $* $| $={LocalIP}$* $:$1 R$* $| $* $| $* $: $1 $| $2', `dnl R$* $| $={LocalIP}$* $:$1')', `dnl') ifdef(`_RBLOVERRIDE_NAME_',`# override the RBL for certain domain names # workspace: MAILFROM $| client_addr | MAILFROM R $* $| $* $: $1 $| $2 $| tokenize($&{client_name}) R $* $| $* $| $+ $: $1 $| $2 $| $>DomainMap <@$3>@rbloverride R $* $| $* $| <$*>@rbloverride $: $1 $| $2 # no match R $* $| $* $| $*<@$*@MATCH> $: $1',`dnl') # workspace: MAILFROM $| client_addr | MAILFROM R$* $| $-.$-.$-.$- $:$1 $| $(host $5.$4.$3.$2._MAPS_RBL_1_ $: OK $) R$* $| OK $:$1 $| OKSOFAR R$* $| $* $# error $@ 5.7.1 $: "No access from " $&{client_addr} " see _MAPS_RBL_URL_" ifdef(`_MAPS_RBL_2_',`dnl # workspace: MAILFROM $| OKSOFAR | MAILFROM R$* $| $* $:$1 $| tokenize($&{client_addr}) R$* $| $-.$-.$-.$- $:$1 $| $(host $5.$4.$3.$2._MAPS_RBL_2_ $: OK $) R$* $| OK $:$1 $| OKSOFAR R$* $| $* $# error $@ 5.7.1 $: "No access from " $&{client_addr} " see _MAPS_RBL_URL_2_"',`dnl') ifdef(`_MAPS_RBL_3_',`dnl # workspace: MAILFROM $| OKSOFAR | MAILFROM R$* $| $* $:$1 $| tokenize($&{client_addr}) R$* $| $-.$-.$-.$- $:$1 $| $(host $5.$4.$3.$2._MAPS_RBL_3_ $: OK $) R$* $| OK $:$1 $| OKSOFAR R$* $| $* $# error $@ 5.7.1 $: "No access from " $&{client_addr} " see _MAPS_RBL_URL_3_"',`dnl') # workspace: MAILFROM $| OKSOFAR | MAILFROM R$* $: $1 undo damage R$* $| $* $: $1 undo damage',`dnl ifdef(`_CHECK_IP_IN_MAIL_',`# is client_addr in junk? R$* $: $1 $| tokenize($&{client_addr}) _JUNK_IP_RULES_ R$* $| $* $: $1 undo damage',`dnl')') ifdef(`_CHECK_LOCALADDR_',`dnl R$* $: $1 $| tokenize($&{client_addr}) R$* $| $={LocalIP}$* $: $1 $| $>localaddr $1 R$* $| <$+@$*$~.> $# error $@ NOUSER $: 550 Unrecognized local address <$2@$3$4> R$* $| $* $: $1 undo damage',`dnl') ifdef(`_CHECK_LOCALUSER_',dnl ifdef(`GENERICS_TABLE',`# handle generic users R<$+@$=G> $: <@> $>generic $1<@$2.> R<@>$+<@$+.> $: <$1@$2>',`dnl') ifdef(`VIRTUSER_TABLE',`# handle virtual users R<$+@$=w> $@ $>virtuser_check $1@$2',`dnl') R<$*@$=w> $@ $>local_check $1, # do not check these R<$*@$=w> $@ OK shortcut,`dnl') ifdef(`_MD2NAME_',dnl # idea from Steven Schultz R<> $: <$n @ tokenize($&{client_name}) > ifdef(`_ACCEPT_SOME_',`dnl R<$*@$+> $:<$1@$(accept $2 $:$2$)> R<$*@$*@ACCEPT> $@ <$1@$2@ACCEPT>'), # must accept <> R<> $@ OK) ifdef(`_CHECK_FULL_FROM_',`dnl R<$+> $:<$(junk $1`'_MARK_DOM_ $:$1 $)> check full FROM address against database # exists? generate error R $#error $@ 5.7.1 $: _ERR_MSG_USER_ R $#error $@ 5.7.1 $: _ERR_MSG_USER_ R<$*::$*@JUNK> $#error $@ $1 $: $2 R<$*@JUNK> $#error $@ 5.7.1 $: $1',`dnl') ifdef(`_CHECK_LOCALPART_',`dnl R<$+@$+> $:<$(junk $1`'_MARK_LOC_ $: $1@$2 $)> check local part against database # exists? generate error R $#error $@ 5.7.1 $: _ERR_MSG_USER_ R $#error $@ 5.7.1 $: _ERR_MSG_USER_ R<$*::$*@JUNK> $#error $@ $1 $: $2 R<$*@JUNK> $#error $@ 5.7.1 $: $1',`dnl') ifdef(`_CHECK_FROM_',`dnl # mark address R$* $:<@>$1 # is the syntax ok? (uses <>, @, no dot at the end) R<@><$*@$*$~.> $:<$1@$2$3> # mark still there: error... R<@>$* $#error $@ 5.1.8 $: 501 illegal MAIL FROM: $1',`dnl # remove at least the dot... R$*@$*. $1@$2 R<$*@$*.> <$1@$2>') R$* $: $>3 $1 canonify ifdef(`_CHECK_MAIL2_',`R$* $: $>chk_mail2 $1 second user extension',`dnl') ifdef(`_CHECK_LOCAL_',`dnl # another proposal from Steven Schultz R$- $1 <@ tokenize($&{client_name})>',`dnl ifdef(`_CHECK_LOCALUSER_',`dnl R$- $@ $>local_check $1',`dnl R$- $@ OK')') undefine(`COMMENT')dnl define(`COMMENT',`ifdef(`_ALLOW_NOT_FQHN_', `#', `')')dnl # short host name (not FQHN)? COMMENT`'R$*<@$->$* $#error $@ 5.1.8 $: "501 invalid host name " $2 ", check your configuration." undefine(`COMMENT')dnl ifdef(`_CHECK_FROM_',`dnl', `R$*<@>$* $#error $@ 5.1.8 $: "501 missing host name, check your configuration."') define(`COMMENT',`ifdef(`_IP_LOOKUP_',`',`#')')dnl # lookup IP address (reverse mapping available?) COMMENT`'R$*<@[$-.$-.$-.$-]>$* $: $1 < @ $[ [ $2.$3.$4.$5 ] $] > $6 ifdef(`_CHECK_LOCALUSER_',`R$+<@$=w.> $@ $>local_check $1',`dnl') ifdef(`_CHECKREGEX_',`# check address against checkregex R$* $: $(checkregex $1 $) R@MATCH $#error $@ 5.1.8 $: _ERR_MSG_REGEX_',`dnl') # copy the result of the lookup R$* $:$1 $| $1 # now remove the dot R$* $| $*<@$*.>$* $1 $| $2<@$3>$4 # and check the database R$* $| $*<@$*>$* $: $1 $| $>junk $2<@$3> # match: return given error code (rhs of map) R$* $| $*<@$*::$*@JUNK>$* $#error $@ $3 $: $4 R$* $| $*<@$*@JUNK>$* $#error $@ 5.7.1 $: $3 # restore original value (after canonicalization by ruleset 3) R$* $| $* $: $1 undefine(`COMMENT')dnl define(`COMMENT',`ifdef(`_DNSVALID_', `', `#')')dnl # this is dangerous! no real name # (see RFC 1123, sections 5.2.2 and 5.2.18) COMMENT`'R$*<@$*$~P>$* $#error $@ 4.1.8 $: "451 unresolvable host name " $2$3 ", see RFC 1123, sections 5.2.2 and 5.2.18." undefine(`COMMENT')dnl ifdef(`_DNSRELAY_',`# is client_name a real host name? R$* $: $1 $| tokenize($&{client_name}) ifdef(`_DNSRELAYOVERRIDE_IP_',`# overriden by IP address? R$* $| [$+] $: $1 $| [$2] $| $>IPMap $2.dnsrelovrip R$* $| $*@MATCH $: $1 R$* $| [$+] $| $* $: $1 $| [$2]',`dnl') ifdef(`_POPAUTH_',`# authentification via POP R$* $| [$+] $: $1 $| $(popauth $2 $) OK if from a POP-authed address ifdef(`_POPAUTH2_',`R$* $| [$-.$-.$-.$-] $: $1 $| $(popauth $2.$3.$4 $) OK if from a POP-authed subnet',`dnl') R$* $| $+@MATCH $@ $1',`dnl') R$* $| [$+] $#error $@ 4.1.8 $: _ERR_MSG_URRH_ R$* $| $* $: $1 undo damage',`dnl') ifdef(`_CHECK_HELO_',`# check HELO ($s) ifdef(`_MARK_HELO_',`',`define(`_MARK_HELO_',`HELO')')dnl R$* $: $1 $| tokenize($&s) R$* $| $+ $: $1 $| $>junk _MARK_HELO_<@$2> R$* $| $*<@$*@JUNK>$* $#error $@ 5.7.1 $: $3 # restore original value R$* $| $* $: $1', `dnl') ifdef(`_CHECK_MAIL3_',`R$* $: $>chk_mail3 $1 third user extension',`dnl') divert(0)