.TH s/qmail: qmail-mfrules 8 .SH "NAME" qmail-mfrules \- prepare mfrules for qmail-smtpd .SH SYNOPSIS .B qmail-mfrules .SH "DESCRIPTION" .B qmail-mfrules reads the addresses provided in .BR SQMAIL/control/mailfromrules , converts them into lowercase, and writes them into .B SQMAIL/control/mailfromrules.cdb in a binary format suited for quick access by .BR qmail-smtpd . If there is a problem with .BR control/mailfromrules , .B qmail-mfrules complains and leaves .B control/mailfromrules.cdb alone. .B qmail-mfrules ensures that .B control/mailfromrules.cdb is updated atomically, so .B qmail-smtpd never has to wait for .B qmail-mfrules to finish. However, .B qmail-mfrules makes no attempt to protect against two simultaneous updates of .BR control/mailfromrules.cdb . The binary .B control/mailfromrules.cdb format is portable across machines. .SH "RULE FORMAT" A rule is one line. A file containing rules may also contain comments: lines beginning with # are ignored. All addresses are evaluated case-insensitive. Each rule contains an address, an ampersend sign '&', and a list of strings separated by commas to be used for 'Mail From: Address Verification' (MAV). When .BR qmail-smtpd (8) receives a connection from that address, it checks whether the received envelope sender address correspondes with a MAV string (from the right to the left). The MAV string for an address may be NULL in order to allow any envelope sender address. NULLSENDER envelope addresses are not subject of the MAV. .SH "RULE BASE" .BR qmail-smtpd (8) looks for rules with various addresses in the following order: .IP 1 $TCPREMOTEINFO, if $TCPREMOTEINFO is set (e.g. by SMTP Authentication); .IP 2. $TCPREMOTEINFO@$TCPREMOTEIP, if $TCPREMOTEINFO is set; .IP 3. $TCPREMOTEINFO@=$TCPREMOTEHOST, if $TCPREMOTEINFO is set and $TCPREMOTEHOST is set; .IP 4. the dotted decimal $TCPREMOTEIP address; .IP 5. the compactified $TCPREMOTEIP6 address; .IP 6. =$TCPREMOTEHOST, if $TCPREMOTEHOST is set; .IP 7. shorter and shorter prefixes of $TCPREMOTEIP ending with a dot; .IP 8. shorter and shorter values of $TCPREMOTEIP6 ending with a colon; .IP 9. shorter and shorter suffixes of $TCPREMOTEHOST starting with a dot, preceded by =, if $TCPREMOTEHOST is set; and finally .IP 10. =, if $TCPREMOTEHOST is set. .P .B qmail-smtpd employes the first matching rule for the MAV check. You should use the .B -p option to .BR sslserver if you rely on $TCPREMOTEHOST here. For example, here are some rules: .EX jsmith@virtualdomain.com&john.smith@virtualdomain.com joe@18.23.0.32&joe@example.com 18.23&@example.com =.heaven.mil&God@heaven.mil,st.peter@heaven.mil,-angles@heaven.mil fe80:&user@myhost.local 2001::feh:abc9:&me@fehnet.com .EE .SH "IP-ADDRESSES" .B qmail-mfrules recognizes the dotted-decimal IPv4 and the compactified IPv6 addresses tokenized by the 'dot' or the 'colon' character and compares the respective parts from right to left. However, the CIDR address format is not supported (yet). .SH "SEE ALSO" qmail-smtpd(8)