A Useful Table

There is only one useful table in this chapter, which covers policy rule sets.

Policy Rule Sets

Beginning with V8.8, sendmail calls special rule sets internally to determine its behavior. These are called the policy rule sets and are used for such varied tasks as setting spam-handling, setting policy, or validating the conditions when ETRN should be allowed (to mention just a few). Table 19-2 shows the complete list of these policy rule sets.

Table 19-2. The policy rule sets

Rule set

sendmail text reference

Hook

Description

authinfo

10.9.3.2[3ed]

None

Handle AuthInfo: lookups in the access database

check_compat

7.1.4[3ed]

See discussion following the table

Validate just before delivery

check_data

19.9.1[3ed]

None needed

Check just after DATA

check_eoh

25.5.3[3ed]

None needed

Validate after headers are read

check_etrn

19.9.2[3ed]

None needed

Allow or disallow ETRN

check_expn

19.9.3[3ed]

None needed

Validate EXPN

check_mail

7.1.2[3ed]

Local_check_mail

Validate the envelope-sender address

check_rcpt

7.1.3[3ed]

Local_check_rcpt

Validate the envelope-recipient address

check_relay

7.1.1[3ed]

Local_check_relay

Validate incoming network connections

check_vrfy

19.9.3[3ed]

None needed

Validate VRFY

queuegroup

11.4.5[3ed]

See discussion following the table

Select a queue group

srv_features

19.1.3[3ed]

None needed

Tune server setting based on connection information

tls_client

10.10.8.2[3ed]

LOCAL_TLS_CLIENT

With the access database, validate inbound STARTTLS or MAIL FROM SMTP command

tls_rcpt

10.10.8.3[3ed]

LOCAL_TLS_RCPT

Validate a server’s credentials based on the recipient address

tls_server

10.10.8.2[3ed]

LOCAL_TLS_SERVER

Possibly with the access database, validate the inbound and outbound connections

trust_auth

10.9.4[3ed]

Local_trust_auth

Validate that a client’s authentication identifier (authid) is trusted to act as (proxy for) the requested authorization identity (userid).

try_tls

10.10.8.4[3ed]

LOCAL_TRY_TLS

Disable STARTTLS for selected outbound connected-to hosts

Hname:$>

25.5[3ed]

N/A

Reject, discard, or accept a message based on a header’s value

Note that some of these rule sets are omitted from your configuration file by default. For those, no hook is needed. Instead, you merely declare the rule set in your mc file and give it the appropriate rules:

LOCAL_RULESETS
Scheck_vrfy
... your rules here

Those with a Local_ hook, as shown in the table, are declared by default in your configuration file. To use them yourself, you need only declare them with the Local_ hook indicated:

LOCAL_RULESETS
SLocal_check_rcpt
... your rules here

Those with a LOCAL_ hook, as shown in the table, are declared directly with that hook, so there is no need to precede the hook with LOCAL_RULESETS. For example:

LOCAL_TRY_TLS
... your rules here

The two exceptions are the check_compat and queuegroup rule sets. Each of these is automatically declared when you use the corresponding check_compat or queuegroup feature, but not declared if you don’t use that feature.

All of these rule sets are handled in the same manner. If the rule set does not exist, the action is permitted. If the rule set returns anything other than a #error or a #discard delivery agent, the message, identity, or action is accepted for that rule set (although it can still be rejected or discarded by another rule set).[24] Otherwise, the #error delivery agent causes the message, identity, or action to be rejected (20.4.4[3ed]) or quarantined (Section 11.1.2.6 [V8.13]), and the #discard delivery agent causes the message to be accepted, then discarded (20.4.3[3ed]).



[24] Note that #error and #discard do not apply to all of the rule sets listed in Table 19-2.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
52.90.227.42