1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
|
.TH s/qmail: qmail-mfrules 8
.SH "NAME"
qmail-mfrules \- prepare mfrules for qmail-smtpd
.SH SYNOPSIS
.B qmail-mfrules
.SH "DESCRIPTION"
.B qmail-mfrules
reads the addresses provided in
.BR SQMAIL/control/mailfromrules ,
converts them into lowercase, and writes them into
.B SQMAIL/control/mailfromrules.cdb
in a binary format suited
for quick access by
.BR qmail-smtpd .
If there is a problem with
.BR control/mailfromrules ,
.B qmail-mfrules
complains and leaves
.B control/mailfromrules.cdb
alone.
.B qmail-mfrules
ensures that
.B control/mailfromrules.cdb
is updated atomically,
so
.B qmail-smtpd
never has to wait for
.B qmail-mfrules
to finish.
However,
.B qmail-mfrules
makes no attempt to protect against two simultaneous updates of
.BR control/mailfromrules.cdb .
The binary
.B control/mailfromrules.cdb
format is portable across machines.
.SH "RULE FORMAT"
A rule is one line. A file containing rules may also contain comments: lines
beginning with # are ignored. All addresses are evaluated case-insensitive.
Each rule contains an address, an ampersend sign '&', and a list of strings separated by
commas to be used for 'Mail From: Address Verification' (MAV). When
.BR qmail-smtpd (8)
receives a connection from that address, it checks whether the received
envelope sender address correspondes with a MAV string (from the right
to the left).
The MAV string for an address may be NULL in order to allow any envelope
sender address. NULLSENDER envelope addresses are not subject of the MAV.
.SH "RULE BASE"
.BR qmail-smtpd (8)
looks for rules with various addresses in the following order:
.IP 1
$TCPREMOTEINFO, if $TCPREMOTEINFO is set (e.g. by SMTP Authentication);
.IP 2.
$TCPREMOTEINFO@$TCPREMOTEIP, if $TCPREMOTEINFO is set;
.IP 3.
$TCPREMOTEINFO@=$TCPREMOTEHOST, if $TCPREMOTEINFO is set and $TCPREMOTEHOST is
set;
.IP 4.
the dotted decimal $TCPREMOTEIP address;
.IP 5.
the compactified $TCPREMOTEIP6 address;
.IP 6.
=$TCPREMOTEHOST, if $TCPREMOTEHOST is set;
.IP 7.
shorter and shorter prefixes of $TCPREMOTEIP ending with a dot;
.IP 8.
shorter and shorter values of $TCPREMOTEIP6 ending with a colon;
.IP 9.
shorter and shorter suffixes of $TCPREMOTEHOST starting with a dot, preceded
by =, if $TCPREMOTEHOST is set; and finally
.IP 10.
=, if $TCPREMOTEHOST is set.
.P
.B qmail-smtpd
employes the first matching rule for the MAV check. You should use the
.B -p
option to
.BR sslserver
if you rely on $TCPREMOTEHOST here.
For example, here are some rules:
.EX
jsmith@virtualdomain.com&john.smith@virtualdomain.com
joe@18.23.0.32&joe@example.com
18.23&@example.com
=.heaven.mil&God@heaven.mil,st.peter@heaven.mil,-angles@heaven.mil
fe80:&user@myhost.local
2001::feh:abc9:&me@fehnet.com
.EE
.SH "IP-ADDRESSES"
.B qmail-mfrules
recognizes the dotted-decimal IPv4 and the compactified
IPv6 addresses tokenized by the 'dot' or the 'colon' character
and compares the respective parts from right to left.
However, the CIDR address format is not supported (yet).
.SH "SEE ALSO"
qmail-smtpd(8)
|