AOL reverse lookup

I have two systems: foo (with reverse lookup and static IP), and
foobar (with no reverse lookup, on a non-routable IP). AOL's
security of the last month now blocks emails sent from foobar,
but naturally accepts them from foo.

The DM is set for foo, as is Dj$w.

Am I SOL on sending email to AOL via a local MUA?

Re: AOL reverse lookup

D. E. Evans wrote:
> I have two systems: foo (with reverse lookup and static IP), and foobar
> (with no reverse lookup, on a non-routable IP). AOL's security of the
> last month now blocks emails sent from foobar, but naturally accepts
> them from foo.
>
> The DM is set for foo, as is Dj$w.
>
> Am I SOL on sending email to AOL via a local MUA?

I run the sendmail MTA, and I usually drive it with the mutt MUA, though I
sometimes use /bin/mail when testing stuff. I can communicate with AOL users
without difficulty.

The problem you probably have is that your IP address is on a dnsbl
blacklist, perhaps maintained by AOL, SpamCop, or mail-abuse.com, and mine
is not. I have a static ip address known to DNS for my MTA.

Your choices seem to be:

1.) give up on sending to AOL.
2.) get a static IP address known to DNS
3.) have your MTA use your ISP as a 'smart host'

--
.~. Jean-David Beyer Registered Linux User 85642.
/V\ PGP-Key: 9A2FC99A Registered Machine 241939.
/( )\ Shrewsbury, New Jersey http://counter.li.org
^^-^^ 17:50:00 up 19 days, 11:28, 3 users, load average: 4.27, 4.30, 4.25

Re: AOL reverse lookup

Jean-David Beyer wrote:
> D. E. Evans wrote:
>
>>I have two systems: foo (with reverse lookup and static IP), and foobar
>>(with no reverse lookup, on a non-routable IP). AOL's security of the
>>last month now blocks emails sent from foobar, but naturally accepts
>>them from foo.
>>
>>The DM is set for foo, as is Dj$w.
>>
>>Am I SOL on sending email to AOL via a local MUA?
>
>
> I run the sendmail MTA, and I usually drive it with the mutt MUA, though I
> sometimes use /bin/mail when testing stuff. I can communicate with AOL users
> without difficulty.

I also can communicate fine on the system that uses a static IP
(as I indicated). Can you email fine with sendmail on a system
with a non-routable IP address (such as 10.0.0.1, or 192.168.0.1)
that is using NAT?

> The problem you probably have is that your IP address is on a dnsbl
> blacklist, perhaps maintained by AOL, SpamCop, or mail-abuse.com, and mine
> is not. I have a static ip address known to DNS for my MTA.

If I can send fine with my server, which is the only one that has
a static IP address, but not from my NAT'd localhost, then it
would follow that since blacklists are normally done with IP not
domain, that I am not being blacklisted. I believe it is clear
that the problem is a reserve lookup for a localhost hostname.

It is possible that *AOL* has blacklisted my local hostname, or
all localhost IPs. However, I have since discovered two other
domains that do the same, (such as Comcast). I think it is
reasonable to conclude that the problem is a reverse lookup.

> Your choices seem to be:
>
> 1.) give up on sending to AOL.

My purpose is to avoid having to log in to my server to send
email, or have to use a client that uses smtp authentication.

> 3.) have your MTA use your ISP as a 'smart host'

That has always been the case.

Re: AOL reverse lookup

In comp.mail.sendmail D. E. Evans :
> Jean-David Beyer wrote:
>> D. E. Evans wrote:
>>
>>>I have two systems: foo (with reverse lookup and static IP), and foobar
>>>(with no reverse lookup, on a non-routable IP). AOL's security of the
>>>last month now blocks emails sent from foobar, but naturally accepts
>>>them from foo.
>>>
>>>The DM is set for foo, as is Dj$w.
>>>
>>>Am I SOL on sending email to AOL via a local MUA?
>>
>>
>> I run the sendmail MTA, and I usually drive it with the mutt MUA, though I
>> sometimes use /bin/mail when testing stuff. I can communicate with AOL users
>> without difficulty.

> I also can communicate fine on the system that uses a static IP

So, why bother? You could try using foo as SMARTHOST on foobar.

[..]

--
Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
mail: echo zvpunry@urvzvat.qr | perl -pe 'y/a-z/n-za-m/'
#bofh excuse 362: Plasma conduit breach

Re: AOL reverse lookup

Michael Heiming wrote:
> So, why bother? You could try using foo as SMARTHOST on foobar.

Perhaps I've misunderstood what smart host is. I was
understanding it as the Smart relay host, listed under DS. My
entry in sendmail.cf is

DSfoo.com

Re: AOL reverse lookup

In comp.mail.sendmail D. E. Evans :
> Michael Heiming wrote:
>> So, why bother? You could try using foo as SMARTHOST on foobar.

> Perhaps I've misunderstood what smart host is. I was
> understanding it as the Smart relay host, listed under DS. My
> entry in sendmail.cf is

> DSfoo.com

Unsure, you wrote you couldn't send directly from foobar, with
SMARTHOST on foobar you don't send directly but through the
configured SMARTHOST.

Perhaps you need to masquerade in addition to foo.com, not
uncommon MTA try resolving the sender and don't except mail if
they can't.

--
Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
mail: echo zvpunry@urvzvat.qr | perl -pe 'y/a-z/n-za-m/'
#bofh excuse 196: Me no internet, only janitor, me just
wax floors.

Re: AOL reverse lookup

D. E. Evans wrote:
> I have two systems: foo (with reverse lookup and static IP), and
> foobar (with no reverse lookup, on a non-routable IP). AOL's
> security of the last month now blocks emails sent from foobar,
> but naturally accepts them from foo.
>
> The DM is set for foo, as is Dj$w.
>
> Am I SOL on sending email to AOL via a local MUA?

I don't think you will get usefull help without posting the IP address
of the rejected host (the routable address, not the RFC1918 local
address) and the name of the MUA on FUBAR. I take that FOO can route
mail for FOOBAR, but you want the MUA on FOOBAR to skip FOO? What is
the benefit? Perhaps the benefit could be obtained some other way. If
FOO is running sendmail, you can use the mailertable feature to divert
AOL mail via FOOBAR, while other mail goes direct to MX.

Daniel Feenberg
feenberg isat nber dotte org

Re: AOL reverse lookup

"D. E. Evans" wrote in message
news:d6343h$t77$1@news.xmission.com...
>I have two systems: foo (with reverse lookup and static IP), and foobar
>(with no reverse lookup, on a non-routable IP). AOL's security of the last
>month now blocks emails sent from foobar, but naturally accepts them from
>foo.
>
> The DM is set for foo, as is Dj$w.
>
> Am I SOL on sending email to AOL via a local MUA?

You might want to check http://postmaster.info.aol.com/errors/421dnsnr.html

AOL started doing this lately, could not find any RFC that supports AOLs
stand on this but planning to watch this thread....

This is what could be hitting you.

Re: AOL reverse lookup

Michael Heiming wrote:
> Unsure, you wrote you couldn't send directly from foobar, with
> SMARTHOST on foobar you don't send directly but through the
> configured SMARTHOST.

If a reverse lookup is done on foobar.com, it fails. How do I
send email from foobar.com so that the reverse lookup is done on
foo.com?

> Perhaps you need to masquerade in addition to foo.com, not
> uncommon MTA try resolving the sender and don't except mail if
> they can't.

My DM entry on foobar.com is set to foo.com. Is that what you
mean? If so, I already am masquerading.

Re: AOL reverse lookup

This is a multi-part message in MIME format.
--------------070407000908010807000104
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Shaw-news wrote:
> "D. E. Evans" wrote in message
> news:d6343h$t77$1@news.xmission.com...
>
>>I have two systems: foo (with reverse lookup and static IP), and foobar
>>(with no reverse lookup, on a non-routable IP). AOL's security of the last
>>month now blocks emails sent from foobar, but naturally accepts them from
>>foo.
>>
>>The DM is set for foo, as is Dj$w.
>>
>>Am I SOL on sending email to AOL via a local MUA?
>
>
> You might want to check http://postmaster.info.aol.com/errors/421dnsnr.html
>
> AOL started doing this lately, could not find any RFC that supports AOLs
> stand on this but planning to watch this thread....
>
> This is what could be hitting you.

I believe that is precisely it, (554 error, with 550 DNS FAILURE
from return transcript). To be more specific, my domain,
deevans.net, has a mail server at mail.deevans.net. The reverse
lookup is kaptah.deevans.net (which is the domain used when
sending email from that system). All emails from
kaptah.deevans.net work fine with AOL, Comcast, etc.

When AOL started what you listed above (i.e. the reverse lookup)
my system sinuhe.deevans.net which is NAT'd behind a firewall (on
192.168.0.4) stopped being able to send email to those specific
services (i.e. AOL and Comcast). I can still send email to
others, including hotmail, etc.

Attached is my sendmail.cf for sinuhe.deevans.net. My goal is to
be able to send email from sinuhe.deevans.net using mutt or mailx
without the above 554. For the moment, I'm using Thunderbird to
send email, (which works fine whether set to ISP's SMTP, or
kaptah's).

--------------070407000908010807000104
Content-Type: text/plain;
name="sendmail.cf"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="sendmail.cf"

#
# Copyright (c) 1998-2003 Sendmail, Inc. and its suppliers.
# All rights reserved.
# Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved.
# Copyright (c) 1988, 1993
# The Regents of the University of California. All rights reserved.
#
# By using this file, you agree to the terms and conditions set
# forth in the LICENSE file which can be found at the top level of
# the sendmail distribution.
#
#

############################################################ ##########
############################################################ ##########
#####
##### SENDMAIL CONFIGURATION FILE
#####
##### built by root@sinuhe.deevans.net on Sun May 9 00:15:51 MDT 2004
##### in /home/sinuhe
##### using /usr/share/sendmail/ as configuration include directory
#####
############################################################ ##########
#####
##### DO NOT EDIT THIS FILE! Only edit the source .mc file.
#####
############################################################ ##########
############################################################ ##########

##### $Sendmail: cfhead.m4,v 8.108.2.6 2003/12/05 02:26:47 ca Exp $ #####
##### $Sendmail: cf.m4,v 8.32 1999/02/07 07:26:14 gshapiro Exp $ #####



##### $Sendmail: openbsd.m4,v 8.3 1999/04/24 05:37:42 gshapiro Exp $ #####


##### $Sendmail: masquerade_envelope.m4,v 8.9 1999/02/07 07:26:10 gshapiro Exp $ #####




##### $Sendmail: proto.m4,v 8.649.2.30 2004/01/11 17:54:06 ca Exp $ #####

# level 10 config file format
V10/Berkeley

# override file safeties - setting this option compromises system security,
# addressing the actual file configuration problem is preferred
# need to set this before any file actions are encountered in the cf file
#O DontBlameSendmail=safe

# default LDAP map specification
# need to set this now before any LDAP maps are defined
#O LDAPDefaultSpec=-h localhost

##################
# local info #
##################

# my LDAP cluster
# need to set this before any LDAP lookups are done (including classes)
#D{sendmailMTACluster}$m

Cwlocalhost

# my official domain name
# ... define this only if sendmail cannot automatically determine your domain
#Dj$w.Foo.COM
Dj$w.kaptah.deevans.net

# host/domain names ending with a token in class P are canonical
CP.

# "Smart" relay host (may be null)
DSmail.deevans.net


# operators that cannot be in local usernames (i.e., network indicators)
CO @ % !

# a class with just dot (for identifying canonical names)
C..

# a class with just a left bracket (for identifying domain literals)
C[[


# Resolve map (to check if a host exists in check_mail)
Kresolve host -a -T
C{ResOk}OKR


# Hosts for which relaying is permitted ($=R)
FR-o /etc/mail/relay-domains

# arithmetic map
Karith arith





# dequoting map
Kdequote dequote

# class E: names that should be exposed as from this host, even if we masquerade
# class L: names that should be delivered locally, even if we have a relay
# class M: domains that should be converted to $M
# class N: domains that should not be converted to $M
#CL root

# who I masquerade as (null for no masquerading) (see also $=M)
DMdeevans.net

# my name for error messages
DnMAILER-DAEMON


# Configuration version number
DZ8.12.11


###############
# Options #
###############

# strip message body to 7 bits on input?
O SevenBitInput=False

# 8-bit data handling
#O EightBitMode=pass8

# wait for alias file rebuild (default units: minutes)
O AliasWait=10

# location of alias file
O AliasFile=/etc/mail/aliases

# minimum number of free blocks on filesystem
O MinFreeBlocks=100

# maximum message size
#O MaxMessageSize=1000000

# substitution for space (blank) characters
O BlankSub=.

# avoid connecting to "expensive" mailers on initial submission?
O HoldExpensive=False

# checkpoint queue runs after every N successful deliveries
#O CheckpointInterval=10

# default delivery mode
O DeliveryMode=background

# error message header/file
#O ErrorHeader=/etc/mail/error-header

# error mode
#O ErrorMode=print

# save Unix-style "From_" lines at top of header?
#O SaveFromLine=False

# queue file mode (qf files)
#O QueueFileMode=0600

# temporary file mode
O TempFileMode=0600

# match recipients against GECOS field?
#O MatchGECOS=False

# maximum hop count
#O MaxHopCount=25

# location of help file
O HelpFile=/etc/mail/helpfile

# ignore dots as terminators in incoming messages?
#O IgnoreDots=False

# name resolver options
#O ResolverOptions=+AAONLY

# deliver MIME-encapsulated error messages?
O SendMimeErrors=True

# Forward file search path
O ForwardPath=$z/.forward.$w:$z/.forward

# open connection cache size
O ConnectionCacheSize=2

# open connection cache timeout
O ConnectionCacheTimeout=5m

# persistent host status directory
#O HostStatusDirectory=.hoststat

# single thread deliveries (requires HostStatusDirectory)?
#O SingleThreadDelivery=False

# use Errors-To: header?
O UseErrorsTo=False

# log level
O LogLevel=9

# send to me too, even in an alias expansion?
#O MeToo=True

# verify RHS in newaliases?
O CheckAliases=False

# default messages to old style headers if no special punctuation?
O OldStyleHeaders=True

# SMTP daemon options
O DaemonPortOptions=Name=MTA
O DaemonPortOptions=Port=587, Name=MSA, M=E

# SMTP client options
#O ClientPortOptions=Family=inet, Address=0.0.0.0

# Modifiers to define {daemon_flags} for direct submissions
#O DirectSubmissionModifiers

# Use as mail submission program? See sendmail/SECURITY
#O UseMSP

# privacy flags
O PrivacyOptions=authwarnings

# who (if anyone) should get extra copies of error messages
#O PostmasterCopy=Postmaster

# slope of queue-only function
#O QueueFactor=600000

# limit on number of concurrent queue runners
#O MaxQueueChildren

# maximum number of queue-runners per queue-grouping with multiple queues
#O MaxRunnersPerQueue=1

# priority of queue runners (nice(3))
#O NiceQueueRun

# shall we sort the queue by hostname first?
#O QueueSortOrder=priority

# minimum time in queue before retry
#O MinQueueAge=30m

# how many jobs can you process in the queue?
#O MaxQueueRunSize=10000

# perform initial split of envelope without checking MX records
#O FastSplit=1

# queue directory
O QueueDirectory=/var/spool/mqueue

# key for shared memory; 0 to turn off
#O SharedMemoryKey=0



# timeouts (many of these)
#O Timeout.initial=5m
#O Timeout.connect=5m
#O Timeout.aconnect=0s
#O Timeout.iconnect=5m
#O Timeout.helo=5m
#O Timeout.mail=10m
#O Timeout.rcpt=1h
#O Timeout.datainit=5m
#O Timeout.datablock=1h
#O Timeout.datafinal=1h
#O Timeout.rset=5m
#O Timeout.quit=2m
#O Timeout.misc=2m
#O Timeout.command=1h
#O Timeout.ident=5s
#O Timeout.fileopen=60s
#O Timeout.control=2m
O Timeout.queuereturn=5d
#O Timeout.queuereturn.normal=5d
#O Timeout.queuereturn.urgent=2d
#O Timeout.queuereturn.non-urgent=7d

O Timeout.queuewarn=4h
#O Timeout.queuewarn.normal=4h
#O Timeout.queuewarn.urgent=1h
#O Timeout.queuewarn.non-urgent=12h

#O Timeout.hoststatus=30m
#O Timeout.resolver.retrans=5s
#O Timeout.resolver.retrans.first=5s
#O Timeout.resolver.retrans.normal=5s
#O Timeout.resolver.retry=4
#O Timeout.resolver.retry.first=4
#O Timeout.resolver.retry.normal=4
#O Timeout.lhlo=2m
#O Timeout.auth=10m
#O Timeout.starttls=1h

# time for DeliverBy; extension disabled if less than 0
#O DeliverByMin=0

# should we not prune routes in route-addr syntax addresses?
#O DontPruneRoutes=False

# queue up everything before forking?
O SuperSafe=True

# status file
O StatusFile=/var/log/sendmail.st

# time zone handling:
# if undefined, use system default
# if defined but null, use TZ envariable passed in
# if defined and non-null, use that info
#O TimeZoneSpec=

# default UID (can be username or userid:groupid)
#O DefaultUser=mailnull

# list of locations of user database file (null means no lookup)
#O UserDatabaseSpec=/etc/mail/userdb

# fallback MX host
#O FallbackMXhost=fall.back.host.net

# if we are the best MX host for a site, try it directly instead of config err
#O TryNullMXList=False

# load average at which we just queue messages
#O QueueLA=8

# load average at which we refuse connections
#O RefuseLA=12

# load average at which we delay connections; 0 means no limit
#O DelayLA=0

# maximum number of children we allow at one time
#O MaxDaemonChildren=0

# maximum number of new connections per second
#O ConnectionRateThrottle=0

# work recipient factor
#O RecipientFactor=30000

# deliver each queued job in a separate process?
#O ForkEachJob=False

# work class factor
#O ClassFactor=1800

# work time factor
#O RetryFactor=90000

# default character set
O DefaultCharSet=UTF-8

# service switch file (name hardwired on Solaris, Ultrix, OSF/1, others)
#O ServiceSwitchFile=/etc/mail/service.switch

# hosts file (normally /etc/hosts)
#O HostsFile=/etc/hosts

# dialup line delay on connection failure
#O DialDelay=10s

# action to take if there are no recipients in the message
#O NoRecipientAction=add-to-undisclosed

# chrooted environment for writing to files
#O SafeFileEnvironment=/arch

# are colons OK in addresses?
#O ColonOkInAddr=True

# shall I avoid expanding CNAMEs (violates protocols)?
#O DontExpandCnames=False

# SMTP initial login message (old $e macro)
O SmtpGreetingMessage=$j Sendmail $v/$Z; $b

# UNIX initial From header format (old $l macro)
O UnixFromLine=From $g $d

# From: lines that have embedded newlines are unwrapped onto one line
#O SingleLineFromHeader=False

# Allow HELO SMTP command that does not include a host name
#O AllowBogusHELO=False

# Characters to be quoted in a full name phrase (@,;:\()[] are automatic)
#O MustQuoteChars=.

# delimiter (operator) characters (old $o macro)
O OperatorChars=.:%@!^/[]+

# shall I avoid calling initgroups(3) because of high NIS costs?
#O DontInitGroups=False

# are group-writable :include: and .forward files (un)trustworthy?
# True (the default) means they are not trustworthy.
#O UnsafeGroupWrites=True


# where do errors that occur when sending errors get sent?
#O DoubleBounceAddress=postmaster

# where to save bounces if all else fails
#O DeadLetterDrop=/var/tmp/dead.letter

# what user id do we assume for the majority of the processing?
#O RunAsUser=sendmail

# maximum number of recipients per SMTP envelope
#O MaxRecipientsPerMessage=100

# limit the rate recipients per SMTP envelope are accepted
# once the threshold number of recipients have been rejected
#O BadRcptThrottle=20

# shall we get local names from our installed interfaces?
#O DontProbeInterfaces=False

# Return-Receipt-To: header implies DSN request
#O RrtImpliesDsn=False

# override connection address (for testing)
#O ConnectOnlyTo=0.0.0.0

# Trusted user for file ownership and starting the daemon
#O TrustedUser=root

# Control socket for daemon management
#O ControlSocketName=/var/spool/mqueue/.control

# Maximum MIME header length to protect MUAs
#O MaxMimeHeaderLength=2048/1024

# Maximum length of the sum of all headers
#O MaxHeadersLength=32768

# Maximum depth of alias recursion
#O MaxAliasRecursion=10

# location of pid file
#O PidFile=/var/run/sendmail.pid

# Prefix string for the process title shown on 'ps' listings
#O ProcessTitlePrefix=prefix

# Data file (df) memory-buffer file maximum size
#O DataFileBufferSize=4096

# Transcript file (xf) memory-buffer file maximum size
#O XscriptFileBufferSize=4096

# lookup type to find information about local mailboxes
#O MailboxDatabase=pw

# list of authentication mechanisms
#O AuthMechanisms=EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5

# default authentication information for outgoing connections
#O DefaultAuthInfo=/etc/mail/default-auth-info

# SMTP AUTH flags
#O AuthOptions

# SMTP AUTH maximum encryption strength
#O AuthMaxBits

# SMTP STARTTLS server options
#O TLSSrvOptions

# Input mail filters
#O InputMailFilters


# CA directory
#O CACertPath
# CA file
#O CACertFile
# Server Cert
#O ServerCertFile
# Server private key
#O ServerKeyFile
# Client Cert
#O ClientCertFile
# Client private key
#O ClientKeyFile
# DHParameters (only required if DSA/DH is used)
#O DHParameters
# Random data source (required for systems without /dev/urandom under OpenSSL)
#O RandFile

############################
# QUEUE GROUP DEFINITIONS #
############################


###########################
# Message precedences #
###########################

Pfirst-class=0
Pspecial-delivery=100
Plist=-30
Pbulk=-60
Pjunk=-100

#####################
# Trusted users #
#####################

# this is equivalent to setting class "t"
#Ft/etc/mail/trusted-users
Troot
Tdaemon
Tuucp

#########################
# Format of headers #
#########################

H?P?Return-Path: <$g>
HReceived: $?sfrom $s $.$?_($?s$|from $.$_)
$.$?{auth_type}(authenticated$?{auth_ssf} bits=${auth_ssf}$.)
$.by $j ($v/$Z)$?r with $r$. id $i$?{tls_version}
(version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify})$.$?u
for $u; $|;
$.$b
H?D?Resent-Date: $a
H?D?Date: $a
H?F?Resent-From: $?x$x <$g>$|$g$.
H?F?From: $?x$x <$g>$|$g$.
H?x?Full-Name: $x
# HPosted-Date: $a
# H?l?Received-Date: $b
H?M?Resent-Message-Id: <$t.$i@$j>
H?M?Message-Id: <$t.$i@$j>

#
############################################################ ##########
############################################################ ##########
#####
##### REWRITING RULES
#####
############################################################ ##########
############################################################ ##########

############################################
### Ruleset 3 -- Name Canonicalization ###
############################################
Scanonify=3

# handle null input (translate to <@> special case)
R$@ $@ <@>

# strip group: syntax (not inside angle brackets!) and trailing semicolon
R$* $: $1 <@> mark addresses
R$* < $* > $* <@> $: $1 < $2 > $3 unmark
R@ $* <@> $: @ $1 unmark @host:...
R$* [ IPv6 : $+ ] <@> $: $1 [ IPv6 : $2 ] unmark IPv6 addr
R$* :: $* <@> $: $1 :: $2 unmark node::addr
R:include: $* <@> $: :include: $1 unmark :include:...
R$* : $* [ $* ] $: $1 : $2 [ $3 ] <@> remark if leading colon
R$* : $* <@> $: $2 strip colon if marked
R$* <@> $: $1 unmark
R$* ; $1 strip trailing semi
R$* < $+ :; > $* $@ $2 :; <@> catch
R$* < $* ; > $1 < $2 > bogus bracketed semi

# null input now results from list:; syntax
R$@ $@ :; <@>

# strip angle brackets -- note RFC733 heuristic to get innermost item
R$* $: < $1 > housekeeping <>
R$+ < $* > < $2 > strip excess on left
R< $* > $+ < $1 > strip excess on right
R<> $@ < @ > MAIL FROM:<> case
R< $+ > $: $1 remove housekeeping <>

# strip route address <@a,@b,@c:user@d> ->
R@ $+ , $+ $2
R@ [ $* ] : $+ $2
R@ $+ : $+ $2

# find focus for list syntax
R $+ : $* ; @ $+ $@ $>Canonify2 $1 : $2 ; < @ $3 > list syntax
R $+ : $* ; $@ $1 : $2; list syntax

# find focus for @ syntax addresses
R$+ @ $+ $: $1 < @ $2 > focus on domain
R$+ < $+ @ $+ > $1 $2 < @ $3 > move gaze right
R$+ < @ $+ > $@ $>Canonify2 $1 < @ $2 > already canonical


# convert old-style addresses to a domain-based address
R$- ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > resolve uucp names
R$+ . $- ! $+ $@ $>Canonify2 $3 < @ $1 . $2 > domain uucps
R$+ ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > uucp subdomains

# if we have % signs, take the rightmost one
R$* % $* $1 @ $2 First make them all @s.
R$* @ $* @ $* $1 % $2 @ $3 Undo all but the last.
R$* @ $* $@ $>Canonify2 $1 < @ $2 > Insert < > and finish

# else we must be a local name
R$* $@ $>Canonify2 $1


################################################
### Ruleset 96 -- bottom half of ruleset 3 ###
################################################

SCanonify2=96

# handle special cases for local names
R$* < @ localhost > $* $: $1 < @ $j . > $2 no domain at all
R$* < @ localhost . $m > $* $: $1 < @ $j . > $2 local domain
R$* < @ localhost . UUCP > $* $: $1 < @ $j . > $2 .UUCP domain

# check for IPv4/IPv6 domain literal
R$* < @ [ $+ ] > $* $: $1 < @@ [ $2 ] > $3 mark [addr]
R$* < @@ $=w > $* $: $1 < @ $j . > $3 self-literal
R$* < @@ $+ > $* $@ $1 < @ $2 > $3 canon IP addr





# if really UUCP, handle it immediately

# try UUCP traffic as a local address
R$* < @ $+ . UUCP > $* $: $1 < @ $[ $2 $] . UUCP . > $3
R$* < @ $+ . . UUCP . > $* $@ $1 < @ $2 . > $3

# hostnames ending in class P are always canonical
R$* < @ $* $=P > $* $: $1 < @ $2 $3 . > $4
R$* < @ $* $~P > $* $: $&{daemon_flags} $| $1 < @ $2 $3 > $4
R$* CC $* $| $* < @ $+.$+ > $* $: $3 < @ $4.$5 . > $6
R$* CC $* $| $* $: $3
# pass to name server to make hostname canonical
R$* $| $* < @ $* > $* $: $2 < @ $[ $3 $] > $4
R$* $| $* $: $2

# local host aliases and pseudo-domains are always canonical
R$* < @ $=w > $* $: $1 < @ $2 . > $3
R$* < @ $=M > $* $: $1 < @ $2 . > $3
R$* < @ $* . . > $* $1 < @ $2 . > $3


##################################################
### Ruleset 4 -- Final Output Post-rewriting ###
##################################################
Sfinal=4

R$+ :; <@> $@ $1 : handle
R$* <@> $@ handle <> and list:;

# strip trailing dot off possibly canonical name
R$* < @ $+ . > $* $1 < @ $2 > $3

# eliminate internal code
R$* < @ *LOCAL* > $* $1 < @ $j > $2

# externalize local domain info
R$* < $+ > $* $1 $2 $3 defocus
R@ $+ : @ $+ : $+ @ $1 , @ $2 : $3 canonical
R@ $* $@ @ $1 ... and exit

# UUCP must always be presented in old form
R$+ @ $- . UUCP $2!$1 u@h.UUCP => h!u

# delete duplicate local names
R$+ % $=w @ $=w $1 @ $2 u%host@host => u@host



############################################################ ##
### Ruleset 97 -- recanonicalize and call ruleset zero ###
### (used for recursive calls) ###
############################################################ ##

SRecurse=97
R$* $: $>canonify $1
R$* $@ $>parse $1


######################################
### Ruleset 0 -- Parse Address ###
######################################

Sparse=0

R$* $: $>Parse0 $1 initial parsing
R<@> $#local $: <@> special case error msgs
R$* $: $>ParseLocal $1 handle local hacks
R$* $: $>Parse1 $1 final parsing

#
# Parse0 -- do initial syntax checking and eliminate local addresses.
# This should either return with the (possibly modified) input
# or return with a #error mailer. It should not return with a
# #mailer other than the #error mailer.
#

SParse0
R<@> $@ <@> special case error msgs
R$* : $* ; <@> $#error $@ 5.1.3 $: "553 List:; syntax illegal for recipient addresses"
R@ <@ $* > < @ $1 > catch "@@host" bogosity
R<@ $+> $#error $@ 5.1.3 $: "553 User address required"
R$+ <@> $#error $@ 5.1.3 $: "553 Hostname required"
R$* $: <> $1
R<> $* < @ [ $* ] : $+ > $* $1 < @ [ $2 ] : $3 > $4
R<> $* < @ [ $* ] , $+ > $* $1 < @ [ $2 ] , $3 > $4
R<> $* < @ [ $* ] $+ > $* $#error $@ 5.1.2 $: "553 Invalid address"
R<> $* < @ [ $+ ] > $* $1 < @ [ $2 ] > $3
R<> $* <$* : $* > $* $#error $@ 5.1.3 $: "553 Colon illegal in host name part"
R<> $* $1
R$* < @ . $* > $* $#error $@ 5.1.2 $: "553 Invalid host name"
R$* < @ $* .. $* > $* $#error $@ 5.1.2 $: "553 Invalid host name"
R$* < @ $* @ > $* $#error $@ 5.1.2 $: "553 Invalid route address"
R$* @ $* < @ $* > $* $#error $@ 5.1.3 $: "553 Invalid route address"
R$* , $~O $* $#error $@ 5.1.3 $: "553 Invalid route address"


# now delete the local info -- note $=O to find characters that cause forwarding
R$* < @ > $* $@ $>Parse0 $>canonify $1 user@ => user
R< @ $=w . > : $* $@ $>Parse0 $>canonify $2 @here:... -> ...
R$- < @ $=w . > $: $(dequote $1 $) < @ $2 . > dequote "foo"@here
R< @ $+ > $#error $@ 5.1.3 $: "553 User address required"
R$* $=O $* < @ $=w . > $@ $>Parse0 $>canonify $1 $2 $3 ...@here -> ...
R$- $: $(dequote $1 $) < @ *LOCAL* > dequote "foo"
R< @ *LOCAL* > $#error $@ 5.1.3 $: "553 User address required"
R$* $=O $* < @ *LOCAL* >
$@ $>Parse0 $>canonify $1 $2 $3 ...@*LOCAL* -> ...
R$* < @ *LOCAL* > $: $1

#
# Parse1 -- the bottom half of ruleset 0.
#

SParse1

# handle numeric address spec
R$* < @ [ $+ ] > $* $: $>ParseLocal $1 < @ [ $2 ] > $3 numeric internet spec
R$* < @ [ $+ ] > $* $: $1 < @ [ $2 ] : $S > $3 Add smart host to path
R$* < @ [ $+ ] : > $* $#esmtp $@ [$2] $: $1 < @ [$2] > $3 no smarthost: send
R$* < @ [ $+ ] : $- : $*> $* $#$3 $@ $4 $: $1 < @ [$2] > $5 smarthost with mailer
R$* < @ [ $+ ] : $+ > $* $#esmtp $@ $3 $: $1 < @ [$2] > $4 smarthost without mailer


# short circuit local delivery so forwarded email works


R$=L < @ $=w . > $#local $: @ $1 special local names
R$+ < @ $=w . > $#local $: $1 regular local name


# resolve remotely connected UUCP links (if any)

# resolve fake top level domains by forwarding to other hosts



# pass names that still have a host to a smarthost (if defined)
R$* < @ $* > $* $: $>MailerToTriple < $S > $1 < @ $2 > $3 glue on smarthost name

# deal with other remote names
R$* < @$* > $* $#esmtp $@ $2 $: $1 < @ $2 > $3 user@host.domain

# handle locally delivered names
R$=L $#local $: @ $1 special local names
R$+ $#local $: $1 regular local names

############################################################ ###############
### Ruleset 5 -- special rewriting after aliases have been expanded ###
############################################################ ###############

SLocal_localaddr
Slocaladdr=5
R$+ $: $1 $| $>"Local_localaddr" $1
R$+ $| $#ok $@ $1 no change
R$+ $| $#$* $#$2
R$+ $| $* $: $1




# deal with plussed users so aliases work nicely
R$+ + * $#local $@ $&h $: $1
R$+ + $* $#local $@ + $2 $: $1 + *

# prepend an empty "forward host" on the front
R$+ $: <> $1



R< > $+ $: < > < $1 <> $&h > nope, restore +detail

R< > < $+ <> + $* > $: < > < $1 + $2 > check whether +detail
R< > < $+ <> $* > $: < > < $1 > else discard
R< > < $+ + $* > $* < > < $1 > + $2 $3 find the user part
R< > < $+ > + $* $#local $@ $2 $: @ $1 strip the extra +
R< > < $+ > $@ $1 no +detail
R$+ $: $1 <> $&h add +detail back in

R$+ <> + $* $: $1 + $2 check whether +detail
R$+ <> $* $: $1 else discard
R< local : $* > $* $: $>MailerToTriple < local : $1 > $2 no host extension
R< error : $* > $* $: $>MailerToTriple < error : $1 > $2 no host extension

R< $~[ : $+ > $+ $: $>MailerToTriple < $1 : $2 > $3 < @ $2 >

R< $+ > $+ $@ $>MailerToTriple < $1 > $2 < @ $1 >


############################################################ #######
### Ruleset 95 -- canonify mailer:[user@]host syntax to triple ###
############################################################ #######

SMailerToTriple=95
R< > $* $@ $1 strip off null relay
R< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4
R< error : $- : $+ > $* $#error $@ $(dequote $1 $) $: $2
R< error : $+ > $* $#error $: $1
R< local : $* > $* $>CanonLocal < $1 > $2
R< $~[ : $+ @ $+ > $*<$*>$* $# $1 $@ $3 $: $2<@$3> use literal user
R< $~[ : $+ > $* $# $1 $@ $2 $: $3 try qualified mailer
R< $=w > $* $@ $2 delete local host
R< $+ > $* $#relay $@ $1 $: $2 use unqualified mailer

############################################################ #######
### Ruleset CanonLocal -- canonify local: syntax ###
############################################################ #######

SCanonLocal
# strip local host from routed addresses
R< $* > < @ $+ > : $+ $@ $>Recurse $3
R< $* > $+ $=O $+ < @ $+ > $@ $>Recurse $2 $3 $4

# strip trailing dot from any host name that may appear
R< $* > $* < @ $* . > $: < $1 > $2 < @ $3 >

# handle local: syntax -- use old user, either with or without host
R< > $* < @ $* > $* $#local $@ $1@$2 $: $1
R< > $+ $#local $@ $1 $: $1

# handle local:user@host syntax -- ignore host part
R< $+ @ $+ > $* < @ $* > $: < $1 > $3 < @ $4 >

# handle local:user syntax
R< $+ > $* <@ $* > $* $#local $@ $2@$3 $: $1
R< $+ > $* $#local $@ $2 $: $1

############################################################ #######
### Ruleset 93 -- convert header names to masqueraded form ###
############################################################ #######

SMasqHdr=93


# do not masquerade anything in class N
R$* < @ $* $=N . > $@ $1 < @ $2 $3 . >

# special case the users that should be exposed
R$=E < @ *LOCAL* > $@ $1 < @ $j . > leave exposed
R$=E < @ $=M . > $@ $1 < @ $2 . >
R$=E < @ $=w . > $@ $1 < @ $2 . >

# handle domain-specific masquerading
R$* < @ $=M . > $* $: $1 < @ $2 . @ $M > $3 convert masqueraded doms
R$* < @ $=w . > $* $: $1 < @ $2 . @ $M > $3
R$* < @ *LOCAL* > $* $: $1 < @ $j . @ $M > $2
R$* < @ $+ @ > $* $: $1 < @ $2 > $3 $M is null
R$* < @ $+ @ $+ > $* $: $1 < @ $3 . > $4 $M is not null

############################################################ #######
### Ruleset 94 -- convert envelope names to masqueraded form ###
############################################################ #######

SMasqEnv=94
R$+ $@ $>MasqHdr $1

############################################################ #######
### Ruleset 98 -- local part of ruleset zero (can be null) ###
############################################################ #######

SParseLocal=98




############################################################ ##########
### CanonAddr -- Convert an address into a standard form for
### relay checking. Route address syntax is
### crudely converted into a %-hack address.
###
### Parameters:
### $1 -- full recipient address
###
### Returns:
### parsed address, not in source route form
############################################################ ##########

SCanonAddr
R$* $: $>Parse0 $>canonify $1 make domain canonical


############################################################ ##########
### ParseRecipient -- Strip off hosts in $=R as well as possibly
### $* $=m or the access database.
### Check user portion for host separators.
###
### Parameters:
### $1 -- full recipient address
###
### Returns:
### parsed, non-local-relaying address
############################################################ ##########

SParseRecipient
R$* $: $>CanonAddr $1
R $* < @ $* . > $1 < @ $2 > strip trailing dots
R $- < @ $* > $: $(dequote $1 $) < @ $2 > dequote local part

# if no $=O character, no host in the user portion, we are done
R $* $=O $* < @ $* > $: $1 $2 $3 < @ $4>
R $* $@ $1


R $* < @ $* $=R > $: $1 < @ $2 $3 >



R $* < @ $* > $@ $>ParseRecipient $1
R<$+> $* $@ $2


############################################################ ##########
### check_relay -- check hostname/address on SMTP startup
############################################################ ##########

SLocal_check_relay
Scheck_relay
R$* $: $1 $| $>"Local_check_relay" $1
R$* $| $* $| $#$* $#$3
R$* $| $* $| $* $@ $>"Basic_check_relay" $1 $| $2

SBasic_check_relay
# check for deferred delivery mode
R$* $: < $&{deliveryMode} > $1
R< d > $* $@ deferred
R< $* > $* $: $2




############################################################ ##########
### check_mail -- check SMTP `MAIL FROM:' command argument
############################################################ ##########

SLocal_check_mail
Scheck_mail
R$* $: $1 $| $>"Local_check_mail" $1
R$* $| $#$* $#$2
R$* $| $* $@ $>"Basic_check_mail" $1

SBasic_check_mail
# check for deferred delivery mode
R$* $: < $&{deliveryMode} > $1
R< d > $* $@ deferred
R< $* > $* $: $2

# authenticated?
R$* $: $1 $| $>"tls_client" $&{verify} $| MAIL
R$* $| $#$+ $#$2
R$* $| $* $: $1

R<> $@ we MUST accept <> (RFC 1123)
R$+ $: $1
R<$+> $: <@> <$1>
R$+ $: <@> <$1>
R$* $: $&{daemon_flags} $| $1
R$* f $* $| <@> < $* @ $- > $: < ? $&{client_name} > < $3 @ $4 >
R$* u $* $| <@> < $* > $: < $3 >
R$* $| $* $: $2
# handle case of @localhost on address
R<@> < $* @ localhost > $: < ? $&{client_name} > < $1 @ localhost >
R<@> < $* @ [127.0.0.1] >
$: < ? $&{client_name} > < $1 @ [127.0.0.1] >
R<@> < $* @ localhost.$m >
$: < ? $&{client_name} > < $1 @ localhost.$m >
R<@> < $* @ localhost.UUCP >
$: < ? $&{client_name} > < $1 @ localhost.UUCP >
R<@> $* $: $1 no localhost as domain
R $* $: $2 local client: ok
R <$+> $#error $@ 5.5.4 $: "553 Real domain name required for sender address"
R $* $: $1
R$* $: $>CanonAddr $1 canonify sender address and mark it
R $* < @ $+ . > $1 < @ $2 > strip trailing dots
# handle non-DNS hostnames (*.bitnet, *.decnet, *.uucp, etc)
R $* < @ $* $=P > $: $1 < @ $2 $3 >
R $* < @ $j > $: $1 < @ $j >
R $* < @ $+ > $: $) > $1 < @ $2 >
R> $* < @ $+ >
$: <$2> $3 < @ $4 >


# handle case of no @domain on address
R $* $: $&{daemon_flags} $| $1
R$* u $* $| $* $: $3
R$* $| $* $: $2
R $* $: < ? $&{client_addr} > $1
R $* $@ ...local unqualed ok
R $* $#error $@ 5.5.4 $: "553 Domain name required for sender address " $&f
...remote is not
# check results
R $* $: @ $1 mark address: nothing known about it
R<$={ResOk}> $* $@ domain ok: stop
R $* $#error $@ 4.1.8 $: "451 Domain of sender address " $&f " does not resolve"
R $* $#error $@ 5.1.8 $: "553 Domain of sender address " $&f " does not exist"

############################################################ ##########
### check_rcpt -- check SMTP `RCPT TO:' command argument
############################################################ ##########

SLocal_check_rcpt
Scheck_rcpt
R$* $: $1 $| $>"Local_check_rcpt" $1
R$* $| $#$* $#$2
R$* $| $* $@ $>"Basic_check_rcpt" $1

SBasic_check_rcpt
# empty address?
R<> $#error $@ nouser $: "553 User address required"
R$@ $#error $@ nouser $: "553 User address required"
# check for deferred delivery mode
R$* $: < $&{deliveryMode} > $1
R< d > $* $@ deferred
R< $* > $* $: $2


############################################################ ##########
R$* $: $1 $| @ $>"Rcpt_ok" $1
R$* $| @ $#TEMP $+ $: $1 $| T $2
R$* $| @ $#$* $#$2
R$* $| @ RELAY $@ RELAY
R$* $| @ $* $: O $| $>"Relay_ok" $1
R$* $| T $+ $: T $2 $| $>"Relay_ok" $1
R$* $| $#TEMP $+ $#error $2
R$* $| $#$* $#$2
R$* $| RELAY $@ RELAY
R T $+ $| $* $#error $1
# anything else is bogus
R$* $#error $@ 5.7.1 $: "550 Relaying denied"


############################################################ ##########
### Rcpt_ok: is the recipient ok?
############################################################ ##########
SRcpt_ok
R$* $: $>ParseRecipient $1 strip relayable hosts




# authenticated via TLS?
R$* $: $1 $| $>RelayTLS client authenticated?
R$* $| $# $+ $# $2 error/ok?
R$* $| $* $: $1 no

R$* $: $1 $| $>"Local_Relay_Auth" $&{auth_type}
R$* $| $# $* $# $2
R$* $| NO $: $1
R$* $| $* $: $1 $| $&{auth_type}
R$* $| $: $1
R$* $| $={TrustAuthMech} $# RELAY
R$* $| $* $: $1
# anything terminating locally is ok
R$+ < @ $=w > $@ RELAY
R$+ < @ $* $=R > $@ RELAY



# check for local user (i.e. unqualified address)
R$* $: $1
R $* < @ $+ > $: $1 < @ $2 >
# local user is ok
R $+ $@ RELAY
R<$+> $* $: $2

############################################################ ##########
### Relay_ok: is the relay/sender ok?
############################################################ ##########
SRelay_ok
# anything originating locally is ok
# check IP address
R$* $: $&{client_addr}
R$@ $@ RELAY originated locally
R0 $@ RELAY originated locally
R127.0.0.1 $@ RELAY originated locally
RIPv6:::1 $@ RELAY originated locally
R$=R $* $@ RELAY relayable IP address
R$* $: [ $1 ] put brackets around it...
R$=w $@ RELAY ... and see if it is local


# check client name: first: did it resolve?
R$* $: < $&{client_resolve} >
R $#TEMP $@ 4.7.1 $: "450 Relaying temporarily denied. Cannot resolve PTR record for " $&{client_addr}
R $#error $@ 5.7.1 $: "550 Relaying denied. IP name possibly forged " $&{client_name}
R $#error $@ 5.7.1 $: "550 Relaying denied. IP name lookup failed " $&{client_name}
R$* $: <@> $&{client_name}
# pass to name server to make hostname canonical
R<@> $* $=P $: $1 $2
R<@> $+ $: $[ $1 $]
R$* . $1 strip trailing dots
R $=w $@ RELAY
R $* $=R $@ RELAY




############################################################ ##########
### trust_auth: is user trusted to authenticate as someone else?
###
### Parameters:
### $1: AUTH= parameter from MAIL command
############################################################ ##########

SLocal_trust_auth
Strust_auth
R$* $: $&{auth_type} $| $1
# required by RFC 2554 section 4.
R$@ $| $* $#error $@ 5.7.1 $: "550 not authenticated"
R$* $| $&{auth_authen} $@ identical
R$* $| <$&{auth_authen}> $@ identical
R$* $| $* $: $1 $| $>"Local_trust_auth" $2
R$* $| $#$* $#$2
R$* $#error $@ 5.7.1 $: "550 " $&{auth_authen} " not allowed to act as " $&{auth_author}

############################################################ ##########
### Relay_Auth: allow relaying based on authentication?
###
### Parameters:
### $1: ${auth_type}
############################################################ ##########
SLocal_Relay_Auth



############################################################ ##########
### tls_client: is connection with client "good" enough?
### (done in server)
###
### Parameters:
### ${verify} $| (MAIL|STARTTLS)
############################################################ ##########
Stls_client
R$* $| $* $@ $>"TLS_connection" $1

############################################################ ##########
### tls_server: is connection with server "good" enough?
### (done in client)
###
### Parameter:
### ${verify}
############################################################ ##########
Stls_server
R$* $@ $>"TLS_connection" $1

############################################################ ##########
### TLS_connection: is TLS connection "good" enough?
###
### Parameters:
### ${verify}
### Requirement: RHS from access map, may be ? for none.
############################################################ ##########
STLS_connection
RSOFTWARE $#error $@ 4.7.0 $: "403 TLS handshake."


############################################################ ##########
### RelayTLS: allow relaying based on TLS authentication
###
### Parameters:
### none
############################################################ ##########
SRelayTLS
# authenticated?

############################################################ ##########
### authinfo: lookup authinfo in the access map
###
### Parameters:
### $1: {server_name}
### $2: {server_addr}
############################################################ ##########
Sauthinfo

#
############################################################ ##########
############################################################ ##########
#####
##### MAIL FILTER DEFINITIONS
#####
############################################################ ##########
############################################################ ##########

#
############################################################ ##########
############################################################ ##########
#####
##### MAILER DEFINITIONS
#####
############################################################ ##########
############################################################ ##########


##################################################
### Local and Program Mailer specification ###
##################################################

##### $Sendmail: local.m4,v 8.58 2000/10/26 01:58:29 ca Exp $ #####

#
# Envelope sender rewriting
#
SEnvFromL
R<@> $n errors to mailer-daemon
R@ <@ $*> $n temporarily bypass Sun bogosity
R$+ $: $>AddDomain $1 add local domain if needed
R$* $: $>MasqEnv $1 do masquerading

#
# Envelope recipient rewriting
#
SEnvToL
R$+ < @ $* > $: $1 strip host part
R$+ + $* $: < $&{addr_type} > $1 + $2 mark with addr type
R $+ + $* $: $1 remove +detail for sender
R< $* > $+ $: $2 else remove mark

#
# Header sender rewriting
#
SHdrFromL
R<@> $n errors to mailer-daemon
R@ <@ $*> $n temporarily bypass Sun bogosity
R$+ $: $>AddDomain $1 add local domain if needed
R$* $: $>MasqHdr $1 do masquerading

#
# Header recipient rewriting
#
SHdrToL
R$+ $: $>AddDomain $1 add local domain if needed
R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2

#
# Common code to add local domain name (only if always-add-domain)
#
SAddDomain

Mlocal, P=/usr/libexec/mail.local, F=lsDFMAw5:/|@qrmn9S, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL,
T=DNS/RFC822/X-Unix,
A=mail -d $u
Mprog, P=/bin/sh, F=lsDFMoqeu9, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL, D=$z:/,
T=X-Unix/X-Unix/X-Unix,
A=sh -c $u

#####################################
### SMTP Mailer specification ###
#####################################

##### $Sendmail: smtp.m4,v 8.64 2001/04/03 01:52:54 gshapiro Exp $ #####

#
# common sender and masquerading recipient rewriting
#
SMasqSMTP
R$* < @ $* > $* $@ $1 < @ $2 > $3 already fully qualified
R$+ $@ $1 < @ *LOCAL* > add local qualification

#
# convert pseudo-domain addresses to real domain addresses
#
SPseudoToReal

# pass s through
R< @ $+ > $* $@ < @ $1 > $2 resolve

# output fake domains as user%fake@relay

# do UUCP heuristics; note that these are shared with UUCP mailers
R$+ < @ $+ .UUCP. > $: < $2 ! > $1 convert to UUCP form
R$+ < @ $* > $* $@ $1 < @ $2 > $3 not UUCP form

# leave these in .UUCP form to avoid further tampering
R< $&h ! > $- ! $+ $@ $2 < @ $1 .UUCP. >
R< $&h ! > $-.$+ ! $+ $@ $3 < @ $1.$2 >
R< $&h ! > $+ $@ $1 < @ $&h .UUCP. >
R< $+ ! > $+ $: $1 ! $2 < @ $Y > use UUCP_RELAY
R$+ < @ $~[ $* : $+ > $@ $1 < @ $4 > strip mailer: part
R$+ < @ > $: $1 < @ *LOCAL* > if no UUCP_RELAY


#
# envelope sender rewriting
#
SEnvFromSMTP
R$+ $: $>PseudoToReal $1 sender/recipient common
R$* :; <@> $@ list:; special case
R$* $: $>MasqSMTP $1 qualify unqual'ed names
R$+ $: $>MasqEnv $1 do masquerading


#
# envelope recipient rewriting --
# also header recipient if not masquerading recipients
#
SEnvToSMTP
R$+ $: $>PseudoToReal $1 sender/recipient common
R$+ $: $>MasqSMTP $1 qualify unqual'ed names
R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2

#
# header sender and masquerading header recipient rewriting
#
SHdrFromSMTP
R$+ $: $>PseudoToReal $1 sender/recipient common
R:; <@> $@ list:; special case

# do special header rewriting
R$* <@> $* $@ $1 <@> $2 pass null host through
R< @ $* > $* $@ < @ $1 > $2 pass route-addr through
R$* $: $>MasqSMTP $1 qualify unqual'ed names
R$+ $: $>MasqHdr $1 do masquerading


#
# relay mailer header masquerading recipient rewriting
#
SMasqRelay
R$+ $: $>MasqSMTP $1
R$+ $: $>MasqHdr $1

Msmtp, P=[IPC], F=mDFMuX, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
T=DNS/RFC822/SMTP,
A=TCP $h
Mesmtp, P=[IPC], F=mDFMuXa, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
T=DNS/RFC822/SMTP,
A=TCP $h
Msmtp8, P=[IPC], F=mDFMuX8, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
T=DNS/RFC822/SMTP,
A=TCP $h
Mdsmtp, P=[IPC], F=mDFMuXa%, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
T=DNS/RFC822/SMTP,
A=TCP $h
Mrelay, P=[IPC], F=mDFMuXa8, S=EnvFromSMTP/HdrFromSMTP, R=MasqSMTP, E=\r\n, L=2040,
T=DNS/RFC822/SMTP,
A=TCP $h


--------------070407000908010807000104--

Re: AOL reverse lookup

In comp.mail.sendmail D. E. Evans :
> Michael Heiming wrote:
>> Unsure, you wrote you couldn't send directly from foobar, with
>> SMARTHOST on foobar you don't send directly but through the
>> configured SMARTHOST.

> If a reverse lookup is done on foobar.com, it fails. How do I
> send email from foobar.com so that the reverse lookup is done on
> foo.com?

If you use foo.com as SMARTHOST, masquerade to foo.com on foo.

>> Perhaps you need to masquerade in addition to foo.com, not
>> uncommon MTA try resolving the sender and don't except mail if
>> they can't.

> My DM entry on foobar.com is set to foo.com. Is that what you
> mean? If so, I already am masquerading.

Masquerading is AFAIK done through submit.cf (submit.mc) with
recent sendmail versions.

It looks to me as if we get nowhere until you post real data,
sendmail.mc/submit.mc + version info if it isn't in sendmail.mc.

--
Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
mail: echo zvpunry@urvzvat.qr | perl -pe 'y/a-z/n-za-m/'
#bofh excuse 10: hardware stress fractures

Re: AOL reverse lookup

Michael Heiming wrote:
>>If a reverse lookup is done on foobar.com, it fails. How do I
>>send email from foobar.com so that the reverse lookup is done on
>>foo.com?
>
> If you use foo.com as SMARTHOST, masquerade to foo.com on foo.

Specifically, the host kaptah.deevans.net is masquerading as
deevans.net. sinuhe.deevans.net (the system behind the firewall)
is masquerading as kaptah.deevans.net.

> Masquerading is AFAIK done through submit.cf (submit.mc) with
> recent sendmail versions.
>
> It looks to me as if we get nowhere until you post real data,
> sendmail.mc/submit.mc + version info if it isn't in sendmail.mc.

Please see the sendmail.cf file that I posted for
sinuhe.deevans.net. As for submit.cf, it is unchanged for
OpenBSD 3.6 (on kaptah and sinuhe).

Re: AOL reverse lookup

D. E. Evans wrote:
> I have two systems: foo (with reverse lookup and static IP), and foobar
> (with no reverse lookup, on a non-routable IP). AOL's security of the
> last month now blocks emails sent from foobar, but naturally accepts
> them from foo.
>
> The DM is set for foo, as is Dj$w.
>
> Am I SOL on sending email to AOL via a local MUA?

I was able to finally get this resolved. Here is the solution,
via mc files, for those with a similar setup:

On the system with the static IP address, the following should be
within the mc file:

FEATURE(`access_db', `hash -T /etc/mail/access')
FEATURE(`blacklist_recipients')
FEATURE(`mailertable',`hash -o /etc/mail/mailertable')
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable')
MASQUERADE_AS(host.domain)dnl
FEATURE(masquerade_envelope)dnl
FEATURE(`use_cw_file')dnl
MAILER(`local')dnl
MAILER(`smtp')dnl

The access, mailertable, and virtusertable should be configured
accordingly, i.e. mailertable with

hostwithnonroutable.domain esmtp:[IP ADDRESS]

and virtusertable with

user@domain user@nonroutablehost.domain

and presumably relay access in the access database for all
relevant systems.

The non-routable system was configured with a similar access file
and the following mc entries:

FEATURE(`access_db', `hash -T /etc/mail/access')
FEATURE(`blacklist_recipients')
define(`SMART_HOST', `routablehost.domain')dnl
MASQUERADE_AS(domain)dnl
FEATURE(masquerade_envelope)dnl
MAILER(`local')dnl
MAILER(`smtp')dnl

Thanks epescially to Andrey for his patience, and assitance.