LOCAL_CONFIG Kstorage macro Kscandomain hash -o /etc/mail/scandomain.db Kscanhost hash -o /etc/mail/scanhost.db ## Custom configurations below (will be preserved) LOCAL_RULESETS SLocal_check_rcpt # Check domain against scandomain table # If domain should be scanned by external host, # Make sure that {client_addr} is one of those hosts R$* $: $1 $| $>ParseRecipient $1 # keep original address on left R$* $| $* < @ $* > $: $1 $| $(scandomain $3 $: <> $) R$* $| <> $@ ok # domain doesn't use scan group # store scangroup in ${ScanGroup} rewrite workspace as original address R$* $| $* $: $(storage {ScanGroup} $@ $2 $) $1 # check to see if user is authenticated or host is allowed to relay R$* $: $1 $| @ $>"UserAuthenticated" $1 R$* $| @ $#TEMP $+ $: $1 $| T $2 R$* $| @ $#$* $#$2 R$* $| @ RELAY $@ RELAY R$* $| @ $* $: O $| $>"Relay_ok" $1 R$* $| T $+ $: T $2 $| $>"Relay_ok" $1 R$* $| $#TEMP $+ $#error $2 R$* $| $#$* $#$2 R$* $| RELAY $@ RELAY R T $+ $| $* $#error $1 # now check to see if this IP is in designated scangroup R$* $: $&{ScanGroup}.$(scanhost $&{client_addr} $: $) # Workspace should now contain scangroup.scangroup R$&{ScanGroup}.$&{ScanGroup} $@ ok # ip matches scangroup for domain R$* $@ $#error $: 451 IP $&{client_addr} not allowed. Use MX Hosts. SUserAuthenticated # subset of Rcpt_ok R$* $: $>ParseRecipient $1 strip relayable hosts # authenticated via TLS? R$* $: $1 $| $>RelayTLS client authenticated? R$* $| $# $+ $# $2 error/ok? R$* $| $* $: $1 no R$* $: $1 $| $>"Local_Relay_Auth" $&{auth_type} R$* $| $# $* $# $2 R$* $| NO $: $1 R$* $| $* $: $1 $| $&{auth_type} R$* $| $: $1 R$* $| $={TrustAuthMech} $# RELAY R$* $: NO