home | O'Reilly's CD bookshelfs | FreeBSD | Linux | Cisco | Cisco Exam  


Previous Section Next Section

19.9 Policy Rule-Set Reference

Beginning with V8.8, sendmail calls special rule sets internally to determine its behavior. Called the policy rule sets, they are used for such varied tasks as setting spam-handling, setting policy, or validating the conditions when ETRN should be allowed, just to list a few. Table 19-2 shows the complete list of these policy rule sets. Note that we merely summarize them here, and that some are described in detail in other chapters. Those that we describe here are detailed in the following sections.

Table 19-2. The policy rule sets

Rule set

§

Hook

Description

authinfo

Section 10.9.3.2

none

Handle AuthInfo: lookups in the access database

check_compat

Section 7.1.4

see below

Validate just before delivery

check_data

check_data

none needed

Check just after DATA

check_eoh

Section 25.5.3

none needed

Validate after headers are read

check_etrn

check_etrn

none needed

Allow or disallow ETRN

check_expn

check_vrfy and check_expn

none needed

Validate EXPN

check_mail

Section 7.1.2

Local_check_mail

Validate the envelope-sender address

check_rcpt

Section 7.1.3

Local_check_rcpt

Validate the envelope-recipient address

check_relay

Section 7.1.1

Local_check_relay

Validate incoming network connections

check_vrfy

check_vrfy and check_expn

none needed

Validate VRFY

queuegroup

Section 11.4.5

see below

Select a queue group

srv_features

srv_features

none needed

Tune server setting based on connection information

tls_client

Section 10.10.8.2

LOCAL_TLS_CLIENT

With the access database, validate inbound STARTTLS or MAIL FROM SMTP command

tls_rcpt

Section 10.10.8.3

LOCAL_TLS_RCPT

Validate a server's credentials based on the recipient address

tls_server

Section 10.10.8.2

LOCAL_TLS_SERVER

Possibly with the access database, validate the inbound and outbound connections

trust_auth

Section 10.9.4

Local_trust_auth

Validate that a client's authentication identifier (authid) is trusted to act as (proxy for) the requested authorization identity (userid).

try_tls

Section 10.10.8.4

LOCAL_TRY_TLS

Disable STARTTLS for selected outbound connected-to hosts

Hname:$

Section 25.5

n/a

Reject, discard, or accept a message based on a header's value

Note that some of these rule sets are omitted from your configuration file by default. For those, no hook is needed. You merely declare the rule set in your mc file and give it appropriate rules:

LOCAL_RULESETS
Scheck_vrfy
... your rules here

Those with a Local_ hook, as shown in the table, are declared by default in your configuration file. To use them yourself, you need only declare them with the Local_ hook indicated:

LOCAL_RULESETS
SLocal_check_rcpt
... your rules here

Those with a LOCAL_ hook, as shown in the table, are declared directly with that hook. There in no need to precede the hook with LOCAL_RULESETS. For example:

LOCAL_TRY_TLS
... your rules here

The two exceptions are the check_compat and queuegroup rule sets. Each is automatically declared when you use the corresponding check_compat or queuegroup feature, but not declared if you don't use that feature.

All of these rule sets are handled in the same manner. If the rule set does not exist, the action is permitted. If the rule set returns anything other than a #error or a #discard delivery agent, the message, identity, or action is accepted for that rule set (although it can still be rejected or discarded by another rule set). Otherwise, the #error delivery agent causes the message, identity, or action to be rejected (error), and the #discard delivery agent causes the message to be accepted, then discarded (discard).

    Previous Section Next Section