19.6 The localaddr Rule Set 5

For version 2 and higher configuration files V8 sendmail allows local recipients to undergo additional rewriting. Recall that each recipient address is processed by the canonify rule set 3 and parse rule set 0. Beginning with V8.7 sendmail, any delivery agent with the F=A flag set^[5] (F=A) will cause the address to undergo aliasing (via the aliases file), which can result in a new local address.

^[5] Prior to V8.7 sendmail, only the local delivery agent had this property.

Under V8 sendmail, if an address makes it through aliasing unchanged, it is given to the localaddr rule set 5, which can select a new delivery agent. Note that it is given to the localaddr rule set 5 after it is processed by the User Database (if used), but before it is processed by the ~/.forward file.

Beginning with V8.7 sendmail, any delivery agent that has the F=5 flag set (F=5) will cause the localaddr rule set 5 to be called as though the agent were a local one.

To illustrate, consider that a new delivery agent might be needed in the case of a mail firewall machine. A firewall machine is one that sits between the local network and the outside world and protects the local network from intrusion by outsiders. In such an arrangement it might be desirable for all incoming mail to be delivered to the firewall so that no outsider needs to know the real names of machines on the local network.

Consider mail to the address john@firewall. On the firewall machine, the parse rule set 0 selects the local delivery agent. Because the address john is local, it is looked up in the aliases file. For this example we will assume that it is not found there.

Because the address john is not aliased, it is then passed to the localaddr rule set 5, which selects another delivery agent to forward the message into the local network:

S5
R $+     $#esmtp $@ hub.internal.net $: $1 @ hublinternal.net

Here, the john matches the $+ in the LHS (as would john+nospam and john.smith), so the esmtp delivery agent is selected. The mail message is forwarded to the local network with john (the $1) as the username and hub.internal.net as the name of the receiving machine on the internal network.

For such a scheme to work, all local machines must send offsite mail addressed as though it were from the firewall, and local names must be changed to offsite forms when forwarded offsite. For example, the name john@local.host needs to be changed to john@firewall for all outgoing offsite mail.

Note that the localaddr rule set 5 can also be used in situations that do not involve firewalls. It can be used as a hook into forwarding to other types of networks, with special mailing-list software, or even as a way to handle retired accounts. Also note that the localaddr rule set 5 can select a new delivery agent, but it does not have to.

For those times when the localaddr rule set 5 might not be appropriate, V8 sendmail offers a technique for bypassing it. In the parse rule set 0, if the first token following the $: of a rule that selects the local delivery agent is an @, sendmail removes the @ and skips calling the localaddr rule set 5:

R $-         $#local $: @ $1
                         
                        removed and the localaddr rule set skipped

Note that the localaddr rule set 5 is the way V8.7 sendmail and above institute the plussed users technique (Section 12.4.4).

19.6.1 The Local_localaddr Hook

Beginning with V8.10 sendmail, the localaddr rule set 5 begins like this:

SLocal_localaddr
Slocaladdr=5
R$+                     $: $1 $| $>"Local_localaddr" $1
R$+ $| $#$*             $#$2
R$+ $| $*               $: $1

The presence of an empty Local_localaddr rule set gives you a hook into the beginning of the localaddr rule set 5—in other words, it gives you a place where you can insert your own rules. You can insert rules using the LOCAL_RULESETS mc configuration command. For example:

LOCAL_RULESETS
SLocal_localaddr
R $* < $* . test > $*   $#discard $:discard

This rule checks for any address part ending in a .test expression. If any is found, the RHS selects the discard delivery agent (to discard the message). The result of Local_localaddr is passed back to the localaddr rule set 5, which either returns a new delivery agent, if one was selected, or passes the (possibly rewritten) address to subsequent rules.

Note that the process we describe here cannot be used to insert rules into the beginning of the other numbered rule sets. You can use LOCAL_RULESETS to add rules to the end, but you cannot hook them into the beginning, as we have done here.