Question : linux - sendmail - Deferred: Connection refused by mx5.biz.mail.yahoo.com

linux box can't auto send mail out?

i use "sendmail" for mailing system.

i type "mailq" and i get all the mail status like below :
" (Deferred: Connection refused by mx5.biz.mail.yahoo.com.) "

i hope can get some suggestion here.

i have paste my sendmail.cf file as well.

Code Snippet:

#
# Copyright (c) 1998-2004 Sendmail, Inc. and its suppliers.
#	All rights reserved.
# Copyright (c) 1983, 1995 Eric P. Allman.  All rights reserved.
# Copyright (c) 1988, 1993
#	The Regents of the University of California.  All rights reserved.
#
# By using this file, you agree to the terms and conditions set
# forth in the LICENSE file which can be found at the top level of
# the sendmail distribution.
#
#
 
######################################################################
######################################################################
#####
#####		SENDMAIL CONFIGURATION FILE
#####
##### built by [email protected] on Wed Sep 1 06:16:23 EDT 2004
##### in /usr/src/build/446503-i386/BUILD/sendmail-8.13.1/cf/cf
##### using ../ as configuration include directory
#####
######################################################################
#####
#####	DO NOT EDIT THIS FILE!  Only edit the source .mc file.
#####
######################################################################
######################################################################
 
#####  $Id: cfhead.m4,v 8.116 2004/01/28 22:02:22 ca Exp $  #####
#####  $Id: cf.m4,v 8.32 1999/02/07 07:26:14 gshapiro Exp $  #####
#####  setup for Red Hat Linux  #####
#####  $Id: linux.m4,v 8.13 2000/09/17 17:30:00 gshapiro Exp $  #####
 
 
 
#####  $Id: local_procmail.m4,v 8.22 2002/11/17 04:24:19 ca Exp $  #####
 
 
#####  $Id: no_default_msa.m4,v 8.2 2001/02/14 05:03:22 gshapiro Exp $  #####
 
#####  $Id: smrsh.m4,v 8.14 1999/11/18 05:06:23 ca Exp $  #####
 
#####  $Id: mailertable.m4,v 8.25 2002/06/27 23:23:57 gshapiro Exp $  #####
 
#####  $Id: virtusertable.m4,v 8.23 2002/06/27 23:23:57 gshapiro Exp $  #####
 
#####  $Id: redirect.m4,v 8.15 1999/08/06 01:47:36 gshapiro Exp $  #####
 
#####  $Id: always_add_domain.m4,v 8.11 2000/09/12 22:00:53 ca Exp $  #####
 
#####  $Id: use_cw_file.m4,v 8.11 2001/08/26 20:58:57 gshapiro Exp $  #####
 
 
#####  $Id: use_ct_file.m4,v 8.11 2001/08/26 20:58:57 gshapiro Exp $  #####
 
 
#####  $Id: local_procmail.m4,v 8.22 2002/11/17 04:24:19 ca Exp $  #####
 
#####  $Id: access_db.m4,v 8.26 2004/06/24 18:10:02 ca Exp $  #####
 
#####  $Id: blacklist_recipients.m4,v 8.13 1999/04/02 02:25:13 gshapiro Exp $  #####
 
#####  $Id: accept_unresolvable_domains.m4,v 8.10 1999/02/07 07:26:07 gshapiro Exp $  #####
 
 
#####  $Id: proto.m4,v 8.710 2004/07/27 17:32:48 ca Exp $  #####
 
# level 10 config file format
V10/Berkeley
 
# override file safeties - setting this option compromises system security,
# addressing the actual file configuration problem is preferred
# need to set this before any file actions are encountered in the cf file
#O DontBlameSendmail=safe
 
# default LDAP map specification
# need to set this now before any LDAP maps are defined
#O LDAPDefaultSpec=-h localhost
 
##################
#   local info   #
##################
 
# my LDAP cluster
# need to set this before any LDAP lookups are done (including classes)
#D{sendmailMTACluster}$m
 
Cwlocalhost
# file containing names of hosts for which we receive email
Fw/etc/mail/local-host-names
 
# my official domain name
# ... define this only if sendmail cannot automatically determine your domain
#Dj$w.Foo.COM
 
# host/domain names ending with a token in class P are canonical
CP.
 
# "Smart" relay host (may be null)
DS
 
 
# operators that cannot be in local usernames (i.e., network indicators)
CO @ % !
 
# a class with just dot (for identifying canonical names)
C..
 
# a class with just a left bracket (for identifying domain literals)
C[[
 
# access_db acceptance class
C{Accept}OK RELAY
 
 
C{ResOk}OKR
 
 
# Hosts for which relaying is permitted ($=R)
FR-o /etc/mail/relay-domains
 
# arithmetic map
Karith arith
# macro storage map
Kmacro macro
# possible values for TLS_connection in access map
C{Tls}VERIFY ENCR
 
 
 
 
 
# dequoting map
Kdequote dequote
 
# class E: names that should be exposed as from this host, even if we masquerade
# class L: names that should be delivered locally, even if we have a relay
# class M: domains that should be converted to $M
# class N: domains that should not be converted to $M
#CL root
C{E}root
C{w}localhost.localdomain
 
 
 
# my name for error messages
DnMAILER-DAEMON
 
 
# Mailer table (overriding domains)
Kmailertable hash -o /etc/mail/mailertable.db
 
# Virtual user table (maps incoming users)
Kvirtuser hash -o /etc/mail/virtusertable.db
 
CPREDIRECT
 
# Access list database (for spam stomping)
Kaccess hash -T -o /etc/mail/access.db
 
# Configuration version number
DZ8.13.1
 
 
###############
#   Options   #
###############
 
# strip message body to 7 bits on input?
O SevenBitInput=False
 
# 8-bit data handling
#O EightBitMode=pass8
 
# wait for alias file rebuild (default units: minutes)
O AliasWait=10
 
# location of alias file
O AliasFile=/etc/aliases
 
# minimum number of free blocks on filesystem
O MinFreeBlocks=100
 
# maximum message size
#O MaxMessageSize=0
 
# substitution for space (blank) characters
O BlankSub=.
 
# avoid connecting to "expensive" mailers on initial submission?
O HoldExpensive=False
 
# checkpoint queue runs after every N successful deliveries
#O CheckpointInterval=10
 
# default delivery mode
O DeliveryMode=background
 
# error message header/file
#O ErrorHeader=/etc/mail/error-header
 
# error mode
#O ErrorMode=print
 
# save Unix-style "From_" lines at top of header?
#O SaveFromLine=False
 
# queue file mode (qf files)
#O QueueFileMode=0600
 
# temporary file mode
O TempFileMode=0600
 
# match recipients against GECOS field?
#O MatchGECOS=False
 
# maximum hop count
#O MaxHopCount=25
 
# location of help file
O HelpFile=/etc/mail/helpfile
 
# ignore dots as terminators in incoming messages?
#O IgnoreDots=False
 
# name resolver options
#O ResolverOptions=+AAONLY
 
# deliver MIME-encapsulated error messages?
O SendMimeErrors=True
 
# Forward file search path
O ForwardPath=$z/.forward.$w:$z/.forward
 
# open connection cache size
O ConnectionCacheSize=2
 
# open connection cache timeout
O ConnectionCacheTimeout=5m
 
# persistent host status directory
#O HostStatusDirectory=.hoststat
 
# single thread deliveries (requires HostStatusDirectory)?
#O SingleThreadDelivery=False
 
# use Errors-To: header?
O UseErrorsTo=False
 
# log level
O LogLevel=9
 
# send to me too, even in an alias expansion?
#O MeToo=True
 
# verify RHS in newaliases?
O CheckAliases=False
 
# default messages to old style headers if no special punctuation?
O OldStyleHeaders=True
 
# SMTP daemon options
 
O DaemonPortOptions=Port=smtp,Addr=127.0.0.1, Name=MTA
 
# SMTP client options
#O ClientPortOptions=Family=inet, Address=0.0.0.0
 
# Modifiers to define {daemon_flags} for direct submissions
#O DirectSubmissionModifiers
 
# Use as mail submission program? See sendmail/SECURITY
#O UseMSP
 
# privacy flags
O PrivacyOptions=authwarnings,novrfy,noexpn,restrictqrun
 
# who (if anyone) should get extra copies of error messages
#O PostmasterCopy=Postmaster
 
# slope of queue-only function
#O QueueFactor=600000
 
# limit on number of concurrent queue runners
#O MaxQueueChildren
 
# maximum number of queue-runners per queue-grouping with multiple queues
#O MaxRunnersPerQueue=1
 
# priority of queue runners (nice(3))
#O NiceQueueRun
 
# shall we sort the queue by hostname first?
#O QueueSortOrder=priority
 
# minimum time in queue before retry
#O MinQueueAge=30m
 
# how many jobs can you process in the queue?
#O MaxQueueRunSize=10000
 
# perform initial split of envelope without checking MX records
#O FastSplit=1
 
# queue directory
O QueueDirectory=/var/spool/mqueue
 
# key for shared memory; 0 to turn off
#O SharedMemoryKey=0
 
 
 
# timeouts (many of these)
#O Timeout.initial=5m
O Timeout.connect=1m
#O Timeout.aconnect=0s
#O Timeout.iconnect=5m
#O Timeout.helo=5m
#O Timeout.mail=10m
#O Timeout.rcpt=1h
#O Timeout.datainit=5m
#O Timeout.datablock=1h
#O Timeout.datafinal=1h
#O Timeout.rset=5m
#O Timeout.quit=2m
#O Timeout.misc=2m
#O Timeout.command=1h
O Timeout.ident=0
#O Timeout.fileopen=60s
#O Timeout.control=2m
O Timeout.queuereturn=5d
#O Timeout.queuereturn.normal=5d
#O Timeout.queuereturn.urgent=2d
#O Timeout.queuereturn.non-urgent=7d
#O Timeout.queuereturn.dsn=5d
O Timeout.queuewarn=4h
#O Timeout.queuewarn.normal=4h
#O Timeout.queuewarn.urgent=1h
#O Timeout.queuewarn.non-urgent=12h
#O Timeout.queuewarn.dsn=4h
#O Timeout.hoststatus=30m
#O Timeout.resolver.retrans=5s
#O Timeout.resolver.retrans.first=5s
#O Timeout.resolver.retrans.normal=5s
#O Timeout.resolver.retry=4
#O Timeout.resolver.retry.first=4
#O Timeout.resolver.retry.normal=4
#O Timeout.lhlo=2m
#O Timeout.auth=10m
#O Timeout.starttls=1h
 
# time for DeliverBy; extension disabled if less than 0
#O DeliverByMin=0
 
# should we not prune routes in route-addr syntax addresses?
#O DontPruneRoutes=False
 
# queue up everything before forking?
O SuperSafe=True
 
# status file
O StatusFile=/var/log/mail/statistics
 
# time zone handling:
#  if undefined, use system default
#  if defined but null, use TZ envariable passed in
#  if defined and non-null, use that info
#O TimeZoneSpec=
 
# default UID (can be username or userid:groupid)
O DefaultUser=8:12
 
# list of locations of user database file (null means no lookup)
O UserDatabaseSpec=/etc/mail/userdb.db
 
# fallback MX host
#O FallbackMXhost=fall.back.host.net
 
# fallback smart host
#O FallbackSmartHost=fall.back.host.net
 
# if we are the best MX host for a site, try it directly instead of config err
O TryNullMXList=true
 
# load average at which we just queue messages
#O QueueLA=8
 
# load average at which we refuse connections
#O RefuseLA=12
 
# log interval when refusing connections for this long
#O RejectLogInterval=3h
 
# load average at which we delay connections; 0 means no limit
#O DelayLA=0
 
# maximum number of children we allow at one time
#O MaxDaemonChildren=0
 
# maximum number of new connections per second
#O ConnectionRateThrottle=0
 
# Width of the window 
#O ConnectionRateWindowSize=60s
 
# work recipient factor
#O RecipientFactor=30000
 
# deliver each queued job in a separate process?
#O ForkEachJob=False
 
# work class factor
#O ClassFactor=1800
 
# work time factor
#O RetryFactor=90000
 
# default character set
#O DefaultCharSet=iso-8859-1
 
# service switch file (name hardwired on Solaris, Ultrix, OSF/1, others)
#O ServiceSwitchFile=/etc/mail/service.switch
 
# hosts file (normally /etc/hosts)
#O HostsFile=/etc/hosts
 
# dialup line delay on connection failure
#O DialDelay=10s
 
# action to take if there are no recipients in the message
#O NoRecipientAction=add-to-undisclosed
 
# chrooted environment for writing to files
#O SafeFileEnvironment=/arch
 
# are colons OK in addresses?
#O ColonOkInAddr=True
 
# shall I avoid expanding CNAMEs (violates protocols)?
#O DontExpandCnames=False
 
# SMTP initial login message (old $e macro)
O SmtpGreetingMessage=$j Sendmail $v/$Z; $b
 
# UNIX initial From header format (old $l macro)
O UnixFromLine=From $g $d
 
# From: lines that have embedded newlines are unwrapped onto one line
#O SingleLineFromHeader=False
 
# Allow HELO SMTP command that does not include a host name
#O AllowBogusHELO=False
 
# Characters to be quoted in a full name phrase (@,;:\()[] are automatic)
#O MustQuoteChars=.
 
# delimiter (operator) characters (old $o macro)
O OperatorChars=.:%@!^/[]+
 
# shall I avoid calling initgroups(3) because of high NIS costs?
#O DontInitGroups=False
 
# are group-writable :include: and .forward files (un)trustworthy?
# True (the default) means they are not trustworthy.
#O UnsafeGroupWrites=True
 
 
# where do errors that occur when sending errors get sent?
#O DoubleBounceAddress=postmaster
 
# where to save bounces if all else fails
#O DeadLetterDrop=/var/tmp/dead.letter
 
# what user id do we assume for the majority of the processing?
#O RunAsUser=sendmail
 
# maximum number of recipients per SMTP envelope
#O MaxRecipientsPerMessage=0
 
# limit the rate recipients per SMTP envelope are accepted
# once the threshold number of recipients have been rejected
#O BadRcptThrottle=0
 
# shall we get local names from our installed interfaces?
O DontProbeInterfaces=true
 
# Return-Receipt-To: header implies DSN request
#O RrtImpliesDsn=False
 
# override connection address (for testing)
#O ConnectOnlyTo=0.0.0.0
 
# Trusted user for file ownership and starting the daemon
#O TrustedUser=root
 
# Control socket for daemon management
#O ControlSocketName=/var/spool/mqueue/.control
 
# Maximum MIME header length to protect MUAs
#O MaxMimeHeaderLength=0/0
 
# Maximum length of the sum of all headers
#O MaxHeadersLength=32768
 
# Maximum depth of alias recursion
#O MaxAliasRecursion=10
 
# location of pid file
#O PidFile=/var/run/sendmail.pid
 
# Prefix string for the process title shown on 'ps' listings
#O ProcessTitlePrefix=prefix
 
# Data file (df) memory-buffer file maximum size
#O DataFileBufferSize=4096
 
# Transcript file (xf) memory-buffer file maximum size
#O XscriptFileBufferSize=4096
 
# lookup type to find information about local mailboxes
#O MailboxDatabase=pw
 
# override compile time flag REQUIRES_DIR_FSYNC
#O RequiresDirfsync=true
 
# list of authentication mechanisms
#O AuthMechanisms=EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5
 
# Authentication realm
#O AuthRealm
 
# default authentication information for outgoing connections
#O DefaultAuthInfo=/etc/mail/default-auth-info
 
# SMTP AUTH flags
O AuthOptions=A
 
# SMTP AUTH maximum encryption strength
#O AuthMaxBits
 
# SMTP STARTTLS server options
#O TLSSrvOptions
 
# Input mail filters
#O InputMailFilters
 
 
# CA directory
#O CACertPath
# CA file
#O CACertFile
# Server Cert
#O ServerCertFile
# Server private key
#O ServerKeyFile
# Client Cert
#O ClientCertFile
# Client private key
#O ClientKeyFile
# File containing certificate revocation lists 
#O CRLFile
# DHParameters (only required if DSA/DH is used)
#O DHParameters
# Random data source (required for systems without /dev/urandom under OpenSSL)
#O RandFile
 
############################
# QUEUE GROUP DEFINITIONS  #
############################
 
 
###########################
#   Message precedences   #
###########################
 
Pfirst-class=0
Pspecial-delivery=100
Plist=-30
Pbulk=-60
Pjunk=-100
 
#####################
#   Trusted users   #
#####################
 
# this is equivalent to setting class "t"
Ft/etc/mail/trusted-users
Troot
Tdaemon
Tuucp
 
#########################
#   Format of headers   #
#########################
 
H?P?Return-Path: <$g>
HReceived: $?sfrom $s $.$?_($?s$|from $.$_)
	$.$?{auth_type}(authenticated$?{auth_ssf} bits=${auth_ssf}$.)
	$.by $j ($v/$Z)$?r with $r$. id $i$?{tls_version}
	(version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify})$.$?u
	for $u; $|;
	$.$b
H?D?Resent-Date: $a
H?D?Date: $a
H?F?Resent-From: $?x$x <$g>$|$g$.
H?F?From: $?x$x <$g>$|$g$.
H?x?Full-Name: $x
# HPosted-Date: $a
# H?l?Received-Date: $b
H?M?Resent-Message-Id: <$t.$i@$j>
H?M?Message-Id: <$t.$i@$j>
 
#
######################################################################
######################################################################
#####
#####			REWRITING RULES
#####
######################################################################
######################################################################
 
############################################
###  Ruleset 3 -- Name Canonicalization  ###
############################################
Scanonify=3
 
# handle null input (translate to <@> special case)
R$@			$@ <@>
 
# strip group: syntax (not inside angle brackets!) and trailing semicolon
R$*			$: $1 <@>			mark addresses
R$* < $* > $* <@>	$: $1 < $2 > $3			unmark 
R@ $* <@>		$: @ $1				unmark @host:...
R$* [ IPv6 : $+ ] <@>	$: $1 [ IPv6 : $2 ]		unmark IPv6 addr
R$* :: $* <@>		$: $1 :: $2			unmark node::addr
R:include: $* <@>	$: :include: $1			unmark :include:...
R$* : $* [ $* ]		$: $1 : $2 [ $3 ] <@>		remark if leading colon
R$* : $* <@>		$: $2				strip colon if marked
R$* <@>			$: $1				unmark
R$* ;			   $1				strip trailing semi
R$* < $+ :; > $*	$@ $2 :; <@>			catch 
R$* < $* ; >		   $1 < $2 >			bogus bracketed semi
 
# null input now results from list:; syntax
R$@			$@ :; <@>
 
# strip angle brackets -- note RFC733 heuristic to get innermost item
R$*			$: < $1 >			housekeeping <>
R$+ < $* >		   < $2 >			strip excess on left
R< $* > $+		   < $1 >			strip excess on right
R<>			$@ < @ >			MAIL FROM:<> case
R< $+ >			$: $1				remove housekeeping <>
 
# strip route address <@a,@b,@c:user@d> -> 
R@ $+ , $+		$2
R@ [ $* ] : $+		$2
R@ $+ : $+		$2
 
# find focus for list syntax
R $+ : $* ; @ $+	$@ $>Canonify2 $1 : $2 ; < @ $3 >	list syntax
R $+ : $* ;		$@ $1 : $2;			list syntax
 
# find focus for @ syntax addresses
R$+ @ $+		$: $1 < @ $2 >			focus on domain
R$+ < $+ @ $+ >		$1 $2 < @ $3 >			move gaze right
R$+ < @ $+ >		$@ $>Canonify2 $1 < @ $2 >	already canonical
 
 
# convert old-style addresses to a domain-based address
R$- ! $+		$@ $>Canonify2 $2 < @ $1 .UUCP >	resolve uucp names
R$+ . $- ! $+		$@ $>Canonify2 $3 < @ $1 . $2 >		domain uucps
R$+ ! $+		$@ $>Canonify2 $2 < @ $1 .UUCP >	uucp subdomains
 
# if we have % signs, take the rightmost one
R$* % $*		$1 @ $2				First make them all @s.
R$* @ $* @ $*		$1 % $2 @ $3			Undo all but the last.
R$* @ $*		$@ $>Canonify2 $1 < @ $2 >	Insert < > and finish
 
# else we must be a local name
R$*			$@ $>Canonify2 $1
 
 
################################################
###  Ruleset 96 -- bottom half of ruleset 3  ###
################################################
 
SCanonify2=96
 
# handle special cases for local names
R$* < @ localhost > $*		$: $1 < @ $j . > $2		no domain at all
R$* < @ localhost . $m > $*	$: $1 < @ $j . > $2		local domain
R$* < @ localhost . UUCP > $*	$: $1 < @ $j . > $2		.UUCP domain
 
# check for IPv4/IPv6 domain literal
R$* < @ [ $+ ] > $*		$: $1 < @@ [ $2 ] > $3		mark [addr]
R$* < @@ $=w > $*		$: $1 < @ $j . > $3		self-literal
R$* < @@ $+ > $*		$@ $1 < @ $2 > $3		canon IP addr
 
 
 
 
 
# if really UUCP, handle it immediately
 
# try UUCP traffic as a local address
R$* < @ $+ . UUCP > $*		$: $1 < @ $[ $2 $] . UUCP . > $3
R$* < @ $+ . . UUCP . > $*	$@ $1 < @ $2 . > $3
 
# hostnames ending in class P are always canonical
R$* < @ $* $=P > $*		$: $1 < @ $2 $3 . > $4
R$* < @ $* $~P > $*		$: $&{daemon_flags} $| $1 < @ $2 $3 > $4
R$* CC $* $| $* < @ $+.$+ > $*	$: $3 < @ $4.$5 . > $6
R$* CC $* $| $*			$: $3
# pass to name server to make hostname canonical
R$* $| $* < @ $* > $*		$: $2 < @ $[ $3 $] > $4
R$* $| $*			$: $2
 
# local host aliases and pseudo-domains are always canonical
R$* < @ $=w > $*		$: $1 < @ $2 . > $3
R$* < @ $=M > $*		$: $1 < @ $2 . > $3
R$* < @ $={VirtHost} > $* 	$: $1 < @ $2 . > $3
R$* < @ $* . . > $*		$1 < @ $2 . > $3
 
 
##################################################
###  Ruleset 4 -- Final Output Post-rewriting  ###
##################################################
Sfinal=4
 
R$+ :; <@>		$@ $1 :				handle 
R$* <@>			$@				handle <> and list:;
 
# strip trailing dot off possibly canonical name
R$* < @ $+ . > $*	$1 < @ $2 > $3
 
# eliminate internal code
R$* < @ *LOCAL* > $*	$1 < @ $j > $2
 
# externalize local domain info
R$* < $+ > $*		$1 $2 $3			defocus
R@ $+ : @ $+ : $+	@ $1 , @ $2 : $3		 canonical
R@ $*			$@ @ $1				... and exit
 
# UUCP must always be presented in old form
R$+ @ $- . UUCP		$2!$1				[email protected] => h!u
 
# delete duplicate local names
R$+ % $=w @ $=w		$1 @ $2				u%host@host => u@host
 
 
 
##############################################################
###   Ruleset 97 -- recanonicalize and call ruleset zero   ###
###		   (used for recursive calls)		   ###
##############################################################
 
SRecurse=97
R$*			$: $>canonify $1
R$*			$@ $>parse $1
 
 
######################################
###   Ruleset 0 -- Parse Address   ###
######################################
 
Sparse=0
 
R$*			$: $>Parse0 $1		initial parsing
R<@>			$#local $: <@>		special case error msgs
R$*			$: $>ParseLocal $1	handle local hacks
R$*			$: $>Parse1 $1		final parsing
 
#
#  Parse0 -- do initial syntax checking and eliminate local addresses.
#	This should either return with the (possibly modified) input
#	or return with a #error mailer.  It should not return with a
#	#mailer other than the #error mailer.
#
 
SParse0
R<@>			$@ <@>			special case error msgs
R$* : $* ; <@>		$#error $@ 5.1.3 $: "553 List:; syntax illegal for recipient addresses"
R@ <@ $* >		< @ $1 >		catch "@@host" bogosity
R<@ $+>			$#error $@ 5.1.3 $: "553 User address required"
R$+ <@>			$#error $@ 5.1.3 $: "553 Hostname required"
R$*			$: <> $1
R<> $* < @ [ $* ] : $+ > $*	$1 < @ [ $2 ] : $3 > $4
R<> $* < @ [ $* ] , $+ > $*	$1 < @ [ $2 ] , $3 > $4
R<> $* < @ [ $* ] $+ > $*	$#error $@ 5.1.2 $: "553 Invalid address"
R<> $* < @ [ $+ ] > $*		$1 < @ [ $2 ] > $3
R<> $* <$* : $* > $*	$#error $@ 5.1.3 $: "553 Colon illegal in host name part"
R<> $*			$1
R$* < @ . $* > $*	$#error $@ 5.1.2 $: "553 Invalid host name"
R$* < @ $* .. $* > $*	$#error $@ 5.1.2 $: "553 Invalid host name"
R$* < @ $* @ > $*	$#error $@ 5.1.2 $: "553 Invalid route address"
R$* @ $* < @ $* > $*	$#error $@ 5.1.3 $: "553 Invalid route address"
R$* , $~O $*		$#error $@ 5.1.3 $: "553 Invalid route address"
 
 
# now delete the local info -- note $=O to find characters that cause forwarding
R$* < @ > $*		$@ $>Parse0 $>canonify $1	user@ => user
R< @ $=w . > : $*	$@ $>Parse0 $>canonify $2	@here:... -> ...
R$- < @ $=w . >		$: $(dequote $1 $) < @ $2 . >	dequote "foo"@here
R< @ $+ >		$#error $@ 5.1.3 $: "553 User address required"
R$* $=O $* < @ $=w . >	$@ $>Parse0 $>canonify $1 $2 $3	...@here -> ...
R$- 			$: $(dequote $1 $) < @ *LOCAL* >	dequote "foo"
R< @ *LOCAL* >		$#error $@ 5.1.3 $: "553 User address required"
R$* $=O $* < @ *LOCAL* >
			$@ $>Parse0 $>canonify $1 $2 $3	...@*LOCAL* -> ...
R$* < @ *LOCAL* >	$: $1
 
#
#  Parse1 -- the bottom half of ruleset 0.
#
 
SParse1
 
# handle numeric address spec
R$* < @ [ $+ ] > $*	$: $>ParseLocal $1 < @ [ $2 ] > $3	numeric internet spec
R$* < @ [ $+ ] > $*	$: $1 < @ [ $2 ] : $S > $3	Add smart host to path
R$* < @ [ $+ ] : > $*		$#esmtp $@ [$2] $: $1 < @ [$2] > $3	no smarthost: send
R$* < @ [ $+ ] : $- : $*> $*	$#$3 $@ $4 $: $1 < @ [$2] > $5	smarthost with mailer
R$* < @ [ $+ ] : $+ > $*	$#esmtp $@ $3 $: $1 < @ [$2] > $4	smarthost without mailer
 
# handle virtual users
R$+			$:  $1		Mark for lookup
R $+ < @ $={VirtHost} . > 	$: < $(virtuser $1 @ $2 $@ $1 $: @ $) > $1 < @ $2 . >
R $+ < @ $=w . > 	$: < $(virtuser $1 @ $2 $@ $1 $: @ $) > $1 < @ $2 . >
R<@> $+ + $+ < @ $* . >
			$: < $(virtuser $1 + + @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . >
R<@> $+ + $* < @ $* . >
			$: < $(virtuser $1 + * @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . >
R<@> $+ + $* < @ $* . >
			$: < $(virtuser $1 @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . >
R<@> $+ + $+ < @ $+ . >	$: < $(virtuser + + @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . >
R<@> $+ + $* < @ $+ . >	$: < $(virtuser + * @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . >
R<@> $+ + $* < @ $+ . >	$: < $(virtuser @ $3 $@ $1 $@ $2 $@ +$2 $: ! $) > $1 + $2 < @ $3 . >
R<@> $+ < @ $+ . >	$: < $(virtuser @ $2 $@ $1 $: @ $) > $1 < @ $2 . >
R<@> $+			$: $1
R $+			$: $1
R< error : $-.$-.$- : $+ > $* 	$#error $@ $1.$2.$3 $: $4
R< error : $- $+ > $* 	$#error $@ $(dequote $1 $) $: $2
R< $+ > $+ < @ $+ >	$: $>Recurse $1
 
# short circuit local delivery so forwarded email works
 
 
R$=L < @ $=w . >	$#local $: @ $1			special local names
R$+ < @ $=w . >		$#local $: $1			regular local name
 
# not local -- try mailer table lookup
R$* <@ $+ > $*		$: < $2 > $1 < @ $2 > $3	extract host name
R< $+ . > $*		$: < $1 > $2			strip trailing dot
R< $+ > $*		$: < $(mailertable $1 $) > $2	lookup
R< $~[ : $* > $* 	$>MailerToTriple < $1 : $2 > $3		check -- resolved?
R< $+ > $*		$: $>Mailertable <$1> $2		try domain
 
# resolve remotely connected UUCP links (if any)
 
# resolve fake top level domains by forwarding to other hosts
 
 
 
# pass names that still have a host to a smarthost (if defined)
R$* < @ $* > $*		$: $>MailerToTriple < $S > $1 < @ $2 > $3	glue on smarthost name
 
# deal with other remote names
R$* < @$* > $*		$#esmtp $@ $2 $: $1 < @ $2 > $3	[email protected]
 
# handle locally delivered names
R$=L			$#local $: @ $1		special local names
R$+			$#local $: $1			regular local names
 
###########################################################################
###   Ruleset 5 -- special rewriting after aliases have been expanded   ###
###########################################################################
 
SLocal_localaddr
Slocaladdr=5
R$+			$: $1 $| $>"Local_localaddr" $1
R$+ $| $#ok		$@ $1			no change
R$+ $| $#$*		$#$2
R$+ $| $*		$: $1
 
 
 
 
# deal with plussed users so aliases work nicely
R$+ + *			$#local $@ $&h $: $1
R$+ + $*		$#local $@ + $2 $: $1 + *
 
# prepend an empty "forward host" on the front
R$+			$: <> $1
 
 
 
R< > $+			$: < > < $1 <> $&h >		nope, restore +detail
 
R< > < $+ <> + $* >	$: < > < $1 + $2 >		check whether +detail
R< > < $+ <> $* >	$: < > < $1 >			else discard
R< > < $+ + $* > $*	   < > < $1 > + $2 $3		find the user part
R< > < $+ > + $*	$#local $@ $2 $: @ $1		strip the extra +
R< > < $+ >		$@ $1				no +detail
R$+			$: $1 <> $&h			add +detail back in
 
R$+ <> + $*		$: $1 + $2			check whether +detail
R$+ <> $*		$: $1				else discard
R< local : $* > $*	$: $>MailerToTriple < local : $1 > $2	no host extension
R< error : $* > $*	$: $>MailerToTriple < error : $1 > $2	no host extension
 
R< $~[ : $+ > $+	$: $>MailerToTriple < $1 : $2 > $3 < @ $2 >
 
R< $+ > $+		$@ $>MailerToTriple < $1 > $2 < @ $1 >
 
 
###################################################################
###  Ruleset 90 -- try domain part of mailertable entry 	###
###################################################################
 
SMailertable=90
R$* <$- . $+ > $*	$: $1$2 < $(mailertable .$3 $@ $1$2 $@ $2 $) > $4
R$* <$~[ : $* > $*	$>MailerToTriple < $2 : $3 > $4		check -- resolved?
R$* < . $+ > $* 	$@ $>Mailertable $1 . <$2> $3		no -- strip & try again
R$* < $* > $*		$: < $(mailertable . $@ $1$2 $) > $3	try "."
R< $~[ : $* > $*	$>MailerToTriple < $1 : $2 > $3		"." found?
R< $* > $*		$@ $2				no mailertable match
 
###################################################################
###  Ruleset 95 -- canonify mailer:[user@]host syntax to triple	###
###################################################################
 
SMailerToTriple=95
R< > $*				$@ $1			strip off null relay
R< error : $-.$-.$- : $+ > $* 	$#error $@ $1.$2.$3 $: $4
R< error : $- : $+ > $*		$#error $@ $(dequote $1 $) $: $2
R< error : $+ > $*		$#error $: $1
R< local : $* > $*		$>CanonLocal < $1 > $2
R< $~[ : $+ @ $+ > $*<$*>$*	$# $1 $@ $3 $: $2<@$3>	use literal user
R< $~[ : $+ > $*		$# $1 $@ $2 $: $3	try qualified mailer
R< $=w > $*			$@ $2			delete local host
R< $+ > $*			$#relay $@ $1 $: $2	use unqualified mailer
 
###################################################################
###  Ruleset CanonLocal -- canonify local: syntax		###
###################################################################
 
SCanonLocal
# strip local host from routed addresses
R< $* > < @ $+ > : $+		$@ $>Recurse $3
R< $* > $+ $=O $+ < @ $+ >	$@ $>Recurse $2 $3 $4
 
# strip trailing dot from any host name that may appear
R< $* > $* < @ $* . >		$: < $1 > $2 < @ $3 >
 
# handle local: syntax -- use old user, either with or without host
R< > $* < @ $* > $*		$#local $@ $1@$2 $: $1
R< > $+				$#local $@ $1    $: $1
 
# handle local:user@host syntax -- ignore host part
R< $+ @ $+ > $* < @ $* >	$: < $1 > $3 < @ $4 >
 
# handle local:user syntax
R< $+ > $* <@ $* > $*		$#local $@ $2@$3 $: $1
R< $+ > $* 			$#local $@ $2    $: $1
 
###################################################################
###  Ruleset 93 -- convert header names to masqueraded form	###
###################################################################
 
SMasqHdr=93
 
 
# do not masquerade anything in class N
R$* < @ $* $=N . >	$@ $1 < @ $2 $3 . >
 
R$* < @ *LOCAL* >	$@ $1 < @ $j . >
 
###################################################################
###  Ruleset 94 -- convert envelope names to masqueraded form	###
###################################################################
 
SMasqEnv=94
R$* < @ *LOCAL* > $*	$: $1 < @ $j . > $2
 
###################################################################
###  Ruleset 98 -- local part of ruleset zero (can be null)	###
###################################################################
 
SParseLocal=98
 
# addresses sent to [email protected] will give a 551 error code
R$* < @ $+ .REDIRECT. >		$: $1 < @ $2 . REDIRECT . > < ${opMode} >
R$* < @ $+ .REDIRECT. > 	$: $1 < @ $2 . REDIRECT. >
R$* < @ $+ .REDIRECT. > < $- >	$#error $@ 5.1.1 $: "551 User has moved; please try " <$1@$2>
 
 
 
 
######################################################################
###  D: LookUpDomain -- search for domain in access database
###
###	Parameters:
###		<$1> -- key (domain name)
###		<$2> -- default (what to return if not found in db)
###		<$3> -- mark (must be <(!|+) single-token>)
###			! does lookup only with tag
###			+ does lookup with and without tag
###		<$4> -- passthru (additional data passed unchanged through)
######################################################################
 
SD
R<$*> <$+> <$- $-> <$*>		$: < $(access $4:$1 $: ? $) > <$1> <$2> <$3 $4> <$5>
R <$+> <$+> <+ $-> <$*>	$: < $(access $1 $: ? $) > <$1> <$2> <+ $3> <$4>
R <[$+.$-]> <$+> <$- $-> <$*>	$@ $>D <[$1]> <$3> <$4 $5> <$6>
R <[$+::$-]> <$+> <$- $-> <$*>	$: $>D <[$1]> <$3> <$4 $5> <$6>
R <[$+:$-]> <$+> <$- $-> <$*>	$: $>D <[$1]> <$3> <$4 $5> <$6>
R <$+.$+> <$+> <$- $-> <$*>	$@ $>D <$2> <$3> <$4 $5> <$6>
R <$+> <$+> <$- $-> <$*>	$@ <$2> <$5>
R<$* > <$+> <$+> <$- $-> <$*>	$@ <> <$6>
R<$*> <$+> <$+> <$- $-> <$*>	$@ <$1> <$6>
 
######################################################################
###  A: LookUpAddress -- search for host address in access database
###
###	Parameters:
###		<$1> -- key (dot quadded host address)
###		<$2> -- default (what to return if not found in db)
###		<$3> -- mark (must be <(!|+) single-token>)
###			! does lookup only with tag
###			+ does lookup with and without tag
###		<$4> -- passthru (additional data passed through)
######################################################################
 
SA
R<$+> <$+> <$- $-> <$*>		$: < $(access $4:$1 $: ? $) > <$1> <$2> <$3 $4> <$5>
R <$+> <$+> <+ $-> <$*>	$: < $(access $1 $: ? $) > <$1> <$2> <+ $3> <$4>
R <$+::$-> <$+> <$- $-> <$*>		$@ $>A <$1> <$3> <$4 $5> <$6>
R <$+:$-> <$+> <$- $-> <$*>		$@ $>A <$1> <$3> <$4 $5> <$6>
R <$+.$-> <$+> <$- $-> <$*>		$@ $>A <$1> <$3> <$4 $5> <$6>
R <$+> <$+> <$- $-> <$*>	$@ <$2> <$5>
R<$* > <$+> <$+> <$- $-> <$*>	$@ <> <$6>
R<$*> <$+> <$+> <$- $-> <$*>	$@ <$1> <$6>
 
######################################################################
###  CanonAddr --	Convert an address into a standard form for
###			relay checking.  Route address syntax is
###			crudely converted into a %-hack address.
###
###	Parameters:
###		$1 -- full recipient address
###
###	Returns:
###		parsed address, not in source route form
######################################################################
 
SCanonAddr
R$*			$: $>Parse0 $>canonify $1	make domain canonical
 
 
######################################################################
###  ParseRecipient --	Strip off hosts in $=R as well as possibly
###			$* $=m or the access database.
###			Check user portion for host separators.
###
###	Parameters:
###		$1 -- full recipient address
###
###	Returns:
###		parsed, non-local-relaying address
######################################################################
 
SParseRecipient
R$*				$:  $>CanonAddr $1
R $* < @ $* . >		 $1 < @ $2 >			strip trailing dots
R $- < @ $* >		$:  $(dequote $1 $) < @ $2 >	dequote local part
 
# if no $=O character, no host in the user portion, we are done
R $* $=O $* < @ $* >		$:  $1 $2 $3 < @ $4>
R $*				$@ $1
 
 
R $* < @ $* $=R >		$:  $1 < @ $2 $3 >
R $* < @ $+ >		$: $>D <$2>  <+ To> <$1 < @ $2 >>
R<$+> <$+>			$: <$1> $2
 
 
 
R $* < @ $* >		$@ $>ParseRecipient $1
R<$+> $*			$@ $2
 
 
######################################################################
###  check_relay -- check hostname/address on SMTP startup
######################################################################
 
 
 
SLocal_check_relay
Scheck_relay
R$*			$: $1 $| $>"Local_check_relay" $1
R$* $| $* $| $#$*	$#$3
R$* $| $* $| $*		$@ $>"Basic_check_relay" $1 $| $2
 
SBasic_check_relay
# check for deferred delivery mode
R$*			$: < $&{deliveryMode} > $1
R< d > $*		$@ deferred
R< $* > $*		$: $2
 
R$+ $| $+		$: $>D < $1 >  <+ Connect> < $2 >
R   $| $+		$: $>A < $1 >  <+ Connect> <>	empty client_name
R <$+>		$: $>A < $1 >  <+ Connect> <>	no: another lookup
R <$*>		$: OK				found nothing
R<$={Accept}> <$*>	$@ $1				return value of lookup
R <$*>		$#error $@ 5.7.1 $: "550 Access denied"
R <$*>		$#discard $: discard
R <$*>	$#error $@ quarantine $: $1
R <$*>	$#error $@ $1.$2.$3 $: $4
R <$*>		$#error $: $1
R<$* > <$*>		$#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
R<$+> <$*>		$#error $: $1
 
 
 
######################################################################
###  check_mail -- check SMTP `MAIL FROM:' command argument
######################################################################
 
SLocal_check_mail
Scheck_mail
R$*			$: $1 $| $>"Local_check_mail" $1
R$* $| $#$*		$#$2
R$* $| $*		$@ $>"Basic_check_mail" $1
 
SBasic_check_mail
# check for deferred delivery mode
R$*			$: < $&{deliveryMode} > $1
R< d > $*		$@ deferred
R< $* > $*		$: $2
 
# authenticated?
R$*			$: $1 $| $>"tls_client" $&{verify} $| MAIL
R$* $| $#$+		$#$2
R$* $| $*		$: $1
 
R<>			$@ 			we MUST accept <> (RFC 1123)
R$+			$:  $1
R<$+>		$: <@> <$1>
R$+			$: <@> <$1>
R$*			$: $&{daemon_flags} $| $1
R$* f $* $| <@> < $* @ $- >	$: < ? $&{client_name} > < $3 @ $4 >
R$* u $* $| <@> < $* >	$:  < $3 >
R$* $| $*		$: $2
# handle case of @localhost on address
R<@> < $* @ localhost >	$: < ? $&{client_name} > < $1 @ localhost >
R<@> < $* @ [127.0.0.1] >
			$: < ? $&{client_name} > < $1 @ [127.0.0.1] >
R<@> < $* @ localhost.$m >
			$: < ? $&{client_name} > < $1 @ localhost.$m >
R<@> < $* @ localhost.UUCP >
			$: < ? $&{client_name} > < $1 @ localhost.UUCP >
R<@> $*			$: $1			no localhost as domain
R $*		$: $2			local client: ok
R <$+>		$#error $@ 5.5.4 $: "553 Real domain name required for sender address"
R $*			$: $1
R$*			$:  $>CanonAddr $1		canonify sender address and mark it
R $* < @ $+ . >	 $1 < @ $2 >			strip trailing dots
# handle non-DNS hostnames (*.bitnet, *.decnet, *.uucp, etc)
R $* < @ $* $=P >	$:  $1 < @ $2 $3 >
R $* < @ $j >	$:  $1 < @ $j >
R $* < @ $+ >	$:  $1 < @ $2 >		... unresolvable OK
 
# check sender address: user@address, user@, address
R<$+> $+ < @ $* >	$: @<$1> <$2 < @ $3 >> $|   
R<$+> $+		$: @<$1> <$2> $| 
R@ <$+> <$*> $| <$+>	$: <@> <$1> <$2> $| $>SearchList <+ From> $| <$3> <>
R<@> <$+> <$*> $| <$*>	$: <$3> <$1> <$2>		reverse result
# retransform for further use
R <$+> <$*>		$: <$1> $2	no match
R<$+> <$+> <$*>		$: <$1> $3	relevant result, keep it
 
# handle case of no @domain on address
R $*			$: $&{daemon_flags} $|  $1
R$* u $* $|  $*	$:  $3
R$* $| $*		$: $2
R $*			$: < ? $&{client_addr} > $1
R $*			$@ 			...local unqualed ok
R $*		$#error $@ 5.5.4 $: "553 Domain name required for sender address " $&f
							...remote is not
# check results
R $*			$: @ $1		mark address: nothing known about it
R<$={ResOk}> $*		$@ 	domain ok: stop
R $*		$#error $@ 4.1.8 $: "451 Domain of sender address " $&f " does not resolve"
R $*		$#error $@ 5.1.8 $: "553 Domain of sender address " $&f " does not exist"
R<$={Accept}> $*	$# $1		accept from access map
R $*		$#discard $: discard
R $*	$#error $@ quarantine $: $1
R $*		$#error $@ 5.7.1 $: "550 Access denied"
R $*		$#error $@ $1.$2.$3 $: $4
R $*		$#error $: $1
R<> $*		$#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
R<$+> $*		$#error $: $1		error from access db
 
######################################################################
###  check_rcpt -- check SMTP `RCPT TO:' command argument
######################################################################
 
SLocal_check_rcpt
Scheck_rcpt
R$*			$: $1 $| $>"Local_check_rcpt" $1
R$* $| $#$*		$#$2
R$* $| $*		$@ $>"Basic_check_rcpt" $1
 
SBasic_check_rcpt
# empty address?
R<>			$#error $@ nouser $: "553 User address required"
R$@			$#error $@ nouser $: "553 User address required"
# check for deferred delivery mode
R$*			$: < $&{deliveryMode} > $1
R< d > $*		$@ deferred
R< $* > $*		$: $2
 
 
######################################################################
R$*			$: $1 $| @ $>"Rcpt_ok" $1
R$* $| @ $#TEMP $+	$: $1 $| T $2
R$* $| @ $#$*		$#$2
R$* $| @ RELAY		$@ RELAY
R$* $| @ $*		$: O $| $>"Relay_ok" $1
R$* $| T $+		$: T $2 $| $>"Relay_ok" $1
R$* $| $#TEMP $+	$#error $2
R$* $| $#$*		$#$2
R$* $| RELAY		$@ RELAY
R T $+ $| $*		$#error $1
# anything else is bogus
R$*			$#error $@ 5.7.1 $: "550 Relaying denied"
 
 
######################################################################
### Rcpt_ok: is the recipient ok?
######################################################################
SRcpt_ok
R$*			$: $>ParseRecipient $1		strip relayable hosts
 
 
 
# blacklist local users or any host from receiving mail
R$*			$:  $1
R $+ < @ $=w >	$: <> <$1 < @ $2 >> $|   
R $+ < @ $* >	$: <> <$1 < @ $2 >> $|  
R $+			$: <> <$1> $| 
R<> <$*> $| <$+>	$: <@> <$1> $| $>SearchList <+ To> $| <$2> <>
R<@> <$*> $| <$*>	$: <$2> <$1>		reverse result
R <$*>		$: @ $1		mark address as no match
R<$={Accept}> <$*>	$: @ $2		mark address as no match
 
R $*		$#error $@ 5.2.1 $: "550 Mailbox disabled for this recipient"
R $*		$#discard $: discard
R $*	$#error $@ quarantine $: $1
R $*		$#error $@ $1.$2.$3 $: $4
R $*		$#error $: $1
R<> $*		$#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
R<$+> $*		$#error $: $1		error from access db
R@ $*			$1		remove mark
 
# authenticated via TLS?
R$*			$: $1 $| $>RelayTLS	client authenticated?
R$* $| $# $+		$# $2			error/ok?
R$* $| $*		$: $1			no
 
R$*			$: $1 $| $>"Local_Relay_Auth" $&{auth_type}
R$* $| $# $*		$# $2
R$* $| NO		$: $1
R$* $| $*		$: $1 $| $&{auth_type}
R$* $|			$: $1
R$* $| $={TrustAuthMech}	$# RELAY
R$* $| $*		$: $1
# anything terminating locally is ok
R$+ < @ $=w >		$@ RELAY
R$+ < @ $* $=R >	$@ RELAY
R$+ < @ $+ >		$: $>D <$2>  <+ To> <$1 < @ $2 >>
R $*		$@ RELAY
R<$* > $*		$#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
R<$*> <$*>		$: $2
 
 
 
# check for local user (i.e. unqualified address)
R$*			$:  $1
R $* < @ $+ >	$:  $1 < @ $2 >
# local user is ok
R $+			$@ RELAY
R<$+> $*		$: $2
 
######################################################################
### Relay_ok: is the relay/sender ok?
######################################################################
SRelay_ok
# anything originating locally is ok
# check IP address
R$*			$: $&{client_addr}
R$@			$@ RELAY		originated locally
R0			$@ RELAY		originated locally
R127.0.0.1		$@ RELAY		originated locally
RIPv6:::1		$@ RELAY		originated locally
R$=R $*			$@ RELAY		relayable IP address
R$*			$: $>A <$1>  <+ Connect> <$1>
R $* 		$@ RELAY		relayable IP address
 
R<> $*		$#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
R<$*> <$*>		$: $2
R$*			$: [ $1 ]		put brackets around it...
R$=w			$@ RELAY		... and see if it is local
 
 
# check client name: first: did it resolve?
R$*			$: < $&{client_resolve} >
R			$#TEMP $@ 4.4.0 $: "450 Relaying temporarily denied. Cannot resolve PTR record for " $&{client_addr}
R		$#error $@ 5.7.1 $: "550 Relaying denied. IP name possibly forged " $&{client_name}
R			$#error $@ 5.7.1 $: "550 Relaying denied. IP name lookup failed " $&{client_name}
R$*			$: <@> $&{client_name}
# pass to name server to make hostname canonical
R<@> $* $=P 		$:  $1 $2
R<@> $+			$:  $[ $1 $]
R$* .			$1			strip trailing dots
R $=w		$@ RELAY
R $* $=R			$@ RELAY
R $*			$: $>D <$1>  <+ Connect> <$1>
R $*		$@ RELAY
R<$* > $*		$#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
R<$*> <$*>		$: $2
 
 
######################################################################
###  F: LookUpFull -- search for an entry in access database
###
###	lookup of full key (which should be an address) and
###	variations if +detail exists: +* and without +detail
###
###	Parameters:
###		<$1> -- key
###		<$2> -- default (what to return if not found in db)
###		<$3> -- mark (must be <(!|+) single-token>)
###			! does lookup only with tag
###			+ does lookup with and without tag
###		<$4> -- passthru (additional data passed unchanged through)
######################################################################
 
SF
R<$+> <$*> <$- $-> <$*>		$: <$(access $4:$1 $: ? $)> <$1> <$2> <$3 $4> <$5>
R <$+> <$*> <+ $-> <$*>	$: <$(access $1 $: ? $)> <$1> <$2> <+ $3> <$4>
R <$+ + $* @ $+> <$*> <$- $-> <$*>
			$: <$(access $6:$1+*@$3 $: ? $)> <$1+$2@$3> <$4> <$5 $6> <$7>
R <$+ + $* @ $+> <$*> <+ $-> <$*>
			$: <$(access $1+*@$3 $: ? $)> <$1+$2@$3> <$4> <+ $5> <$6>
R <$+ + $* @ $+> <$*> <$- $-> <$*>
			$: <$(access $6:$1@$3 $: ? $)> <$1+$2@$3> <$4> <$5 $6> <$7>
R <$+ + $* @ $+> <$*> <+ $-> <$*>
			$: <$(access $1@$3 $: ? $)> <$1+$2@$3> <$4> <+ $5> <$6>
R <$+> <$*> <$- $-> <$*>	$@ <$2> <$5>
R<$+ > <$*> <$- $-> <$*>	$@ <> <$5>
R<$+> <$*> <$- $-> <$*>		$@ <$1> <$5>
 
######################################################################
###  E: LookUpExact -- search for an entry in access database
###
###	Parameters:
###		<$1> -- key
###		<$2> -- default (what to return if not found in db)
###		<$3> -- mark (must be <(!|+) single-token>)
###			! does lookup only with tag
###			+ does lookup with and without tag
###		<$4> -- passthru (additional data passed unchanged through)
######################################################################
 
SE
R<$*> <$*> <$- $-> <$*>		$: <$(access $4:$1 $: ? $)> <$1> <$2> <$3 $4> <$5>
R <$+> <$*> <+ $-> <$*>	$: <$(access $1 $: ? $)> <$1> <$2> <+ $3> <$4>
R <$+> <$*> <$- $-> <$*>	$@ <$2> <$5>
R<$+ > <$*> <$- $-> <$*>	$@ <> <$5>
R<$+> <$*> <$- $-> <$*>		$@ <$1> <$5>
 
######################################################################
###  U: LookUpUser -- search for an entry in access database
###
###	lookup of key (which should be a local part) and
###	variations if +detail exists: +* and without +detail
###
###	Parameters:
###		<$1> -- key (user@)
###		<$2> -- default (what to return if not found in db)
###		<$3> -- mark (must be <(!|+) single-token>)
###			! does lookup only with tag
###			+ does lookup with and without tag
###		<$4> -- passthru (additional data passed unchanged through)
######################################################################
 
SU
R<$+> <$*> <$- $-> <$*>		$: <$(access $4:$1 $: ? $)> <$1> <$2> <$3 $4> <$5>
R <$+> <$*> <+ $-> <$*>	$: <$(access $1 $: ? $)> <$1> <$2> <+ $3> <$4>
R <$+ + $* @> <$*> <$- $-> <$*>
			$: <$(access $5:$1+*@ $: ? $)> <$1+$2@> <$3> <$4 $5> <$6>
R <$+ + $* @> <$*> <+ $-> <$*>
			$: <$(access $1+*@ $: ? $)> <$1+$2@> <$3> <+ $4> <$5>
R <$+ + $* @> <$*> <$- $-> <$*>
			$: <$(access $5:$1@ $: ? $)> <$1+$2@> <$3> <$4 $5> <$6>
R <$+ + $* @> <$*> <+ $-> <$*>
			$: <$(access $1@ $: ? $)> <$1+$2@> <$3> <+ $4> <$5>
R <$+> <$*> <$- $-> <$*>	$@ <$2> <$5>
R<$+ > <$*> <$- $-> <$*>	$@ <> <$5>
R<$+> <$*> <$- $-> <$*>		$@ <$1> <$5>
 
######################################################################
###  SearchList: search a list of items in the access map
###	Parameters:
###		 $|   ... <>
###	where "exact" is either "+" or "!":
###	<+ TAG>	lookup with and w/o tag
###		lookup with tag
###	possible values for "mark" are:
###		D: recursive host lookup (LookUpDomain)
###		E: exact lookup, no modifications
###		F: full lookup, try user+ext@domain and user@domain
###		U: user lookup, try user+ext and user (input must have trailing @)
###	return:  or  (not found)
######################################################################
 
# class with valid marks for SearchList
C{Src}E F D U 
SSearchList
# just call the ruleset with the name of the tag... nice trick...
R<$+> $| <$={Src}:$*> <$*>	$: <$1> $| <$4> $| $>$2 <$3>  <$1> <>
R<$+> $| <> $|  <>		$@ 
R<$+> $| <$+> $|  <>		$@ $>SearchList <$1> $| <$2>
R<$+> $| <$*> $| <$+> <>	$@ <$3>
R<$+> $| <$+>			$@ <$2>
 
 
######################################################################
###  trust_auth: is user trusted to authenticate as someone else?
###
###	Parameters:
###		$1: AUTH= parameter from MAIL command
######################################################################
 
SLocal_trust_auth
Strust_auth
R$*			$: $&{auth_type} $| $1
# required by RFC 2554 section 4.
R$@ $| $*		$#error $@ 5.7.1 $: "550 not authenticated"
R$* $| $&{auth_authen}		$@ identical
R$* $| <$&{auth_authen}>	$@ identical
R$* $| $*		$: $1 $| $>"Local_trust_auth" $2
R$* $| $#$*		$#$2
R$*			$#error $@ 5.7.1 $: "550 " $&{auth_authen} " not allowed to act as " $&{auth_author}
 
######################################################################
###  Relay_Auth: allow relaying based on authentication?
###
###	Parameters:
###		$1: ${auth_type}
######################################################################
SLocal_Relay_Auth
 
######################################################################
###  srv_features: which features to offer to a client?
###	(done in server)
######################################################################
Ssrv_features
R$*		$: $>D <$&{client_name}>   <>
R$*		$: $>A <$&{client_addr}>   <>
R$*		$: <$(access "Srv_Features": $: ? $)>
R$*		$@ OK
R<$* >$*	$#temp
R<$+>$*		$# $1
 
######################################################################
###  try_tls: try to use STARTTLS?
###	(done in client)
######################################################################
Stry_tls
R$*		$: $>D <$&{server_name}>   <>
R$*		$: $>A <$&{server_addr}>   <>
R$*		$: <$(access "Try_TLS": $: ? $)>
R$*		$@ OK
R<$* >$*	$#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
R$*		$#error $@ 5.7.1 $: "550 do not try TLS with " $&{server_name} " ["$&{server_addr}"]"
 
######################################################################
###  tls_rcpt: is connection with server "good" enough?
###	(done in client, per recipient)
###
###	Parameters:
###		$1: recipient
######################################################################
Stls_rcpt
R$*			$: $(macro {TLS_Name} $@ $&{server_name} $) $1
R$+			$:  $>CanonAddr $1
R $+ < @ $+ . >	 $1 <@ $2 >
R $+ < @ $+ >	$: $1 <@ $2 > $|    
R $+			$: $1 $|  
R$* $| $+	$: $1 $| $>SearchList  $| $2 <>
R$* $| 	$@ OK
R$* $| <$* >	$#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
R$* $| <$+>	$@ $>"TLS_connection" $&{verify} $| <$2>
 
######################################################################
###  tls_client: is connection with client "good" enough?
###	(done in server)
###
###	Parameters:
###		${verify} $| (MAIL|STARTTLS)
######################################################################
Stls_client
R$*		$: $(macro {TLS_Name} $@ $&{server_name} $) $1
R$* $| $*	$: $1 $| $>D <$&{client_name}>   <>
R$* $| $*	$: $1 $| $>A <$&{client_addr}>   <>
R$* $| $*	$: $1 $| <$(access "TLS_Clt": $: ? $)>
R$* $| <$* >	$#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
R$*		$@ $>"TLS_connection" $1
 
######################################################################
###  tls_server: is connection with server "good" enough?
###	(done in client)
###
###	Parameter:
###		${verify}
######################################################################
Stls_server
R$*		$: $(macro {TLS_Name} $@ $&{server_name} $) $1
R$*		$: $1 $| $>D <$&{server_name}>   <>
R$* $| $*	$: $1 $| $>A <$&{server_addr}>   <>
R$* $| $*	$: $1 $| <$(access "TLS_Srv": $: ? $)>
R$* $| <$* >	$#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
R$*		$@ $>"TLS_connection" $1
 
######################################################################
###  TLS_connection: is TLS connection "good" enough?
###
###	Parameters:
###		${verify} $|  [<>]
###		Requirement: RHS from access map, may be ? for none.
######################################################################
STLS_connection
R$* $| <$*>$*			$: $1 $| <$2>
# create the appropriate error codes
R$* $| 	$: $1 $| <503:5.7.0> <$2 $3>
R$* $| 	$: $1 $| <403:4.7.0> <$2 $3>
R$* $| <$={Tls} $*>		$: $1 $| <403:4.7.0> <$2 $3>
# deal with TLS handshake failures: abort
RSOFTWARE $| <$-:$+> $* 	$#error $@ $2 $: $1 " TLS handshake failed."
RSOFTWARE $| $* 		$#error $@ 4.7.0 $: "403 TLS handshake failed."
R$* $| <$*> 		$: <$2>  <> $1
R$* $| <$*> 	$: <$2>  <$3> $1
R$* $| <$*> <$={Tls}:$->$*	$: <$2> <$3:$4> <> $1
R$* $| <$*> <$={Tls}:$- + $+>$*	$: <$2> <$3:$4> <$5> $1
R$* $| $*			$@ OK
# authentication required: give appropriate error
# other side did authenticate (via STARTTLS)
R<$*> <> OK		$@ OK
R<$*> <$+> OK		$: <$1>  <$2>
R<$*> <$*> OK	$: <$1>  <$3>
R<$*> <$*> $*		$: <$1>  <$3>
R<$-:$+> <$*>	$#error $@ $2 $: $1 " authentication required"
R<$-:$+> <$*> FAIL	$#error $@ $2 $: $1 " authentication failed"
R<$-:$+> <$*> NO	$#error $@ $2 $: $1 " not authenticated"
R<$-:$+> <$*> NOT	$#error $@ $2 $: $1 " no authentication requested"
R<$-:$+> <$*> NONE	$#error $@ $2 $: $1 " other side does not support STARTTLS"
R<$-:$+> <$*> $+	$#error $@ $2 $: $1 " authentication failure " $4
R<$*> <$*>		$: <$1>  <$3> $>max $&{cipher_bits} : $&{auth_ssf}
R<$*> <$*> $-		$: <$1> <$2:$4> <$3> $(arith l $@ $4 $@ $2 $)
R<$-:$+><$-:$-> <$*> TRUE	$#error $@ $2 $: $1 " encryption too weak " $4 " less than " $3
R<$-:$+><$-:$-> <$*> $*		$: <$1:$2 ++ $5>
R<$-:$+ ++ >			$@ OK
R<$-:$+ ++ $+ >			$: <$1:$2> <$3>
R<$-:$+> < $+ ++ $+ >		<$1:$2> <$3> <$4>
R<$-:$+> $+			$@ $>"TLS_req" $3 $| <$1:$2>
 
######################################################################
###  TLS_req: check additional TLS requirements
###
###	Parameters: [  ] $| <$-:$+>
###		$-: SMTP reply code
###		$+: Enhanced Status Code
######################################################################
STLS_req
R $| $+		$@ OK
R $* $| <$+>		$:  $1 $| <$2>
R $* $| <$+>		$@ $>"TLS_req" $1 $| <$2>
R $* $| <$-:$+>	$#error $@ $4 $: $3 " CN " $&{cn_subject} " does not match " $1
R $* $| <$+>	$@ $>"TLS_req" $1 $| <$2>
R $* $| <$-:$+>	$#error $@ $4 $: $3 " Cert Subject " $&{cert_subject} " does not match " $1
R $* $| <$+>	$@ $>"TLS_req" $1 $| <$2>
R $* $| <$-:$+>	$#error $@ $4 $: $3 " Cert Issuer " $&{cert_issuer} " does not match " $1
ROK			$@ OK
 
######################################################################
###  max: return the maximum of two values separated by :
###
###	Parameters: [$-]:[$-]
######################################################################
Smax
R:		$: 0
R:$-		$: $1
R$-:		$: $1
R$-:$-		$: $(arith l $@ $1 $@ $2 $) : $1 : $2
RTRUE:$-:$-	$: $2
R$-:$-:$-	$: $2
 
 
######################################################################
###  RelayTLS: allow relaying based on TLS authentication
###
###	Parameters:
###		none
######################################################################
SRelayTLS
# authenticated?
R$*			$:  $&{verify}
R OK			$: OK		authenticated: continue
R $*			$@ NO		not authenticated
R$*			$: $&{cert_issuer}
R$+			$: $(access CERTISSUER:$1 $)
RRELAY			$# RELAY
RSUBJECT		$: <@> $&{cert_subject}
R<@> $+			$: <@> $(access CERTSUBJECT:$1 $)
R<@> RELAY		$# RELAY
R$*			$: NO
 
######################################################################
###  authinfo: lookup authinfo in the access map
###
###	Parameters:
###		$1: {server_name}
###		$2: {server_addr}
######################################################################
Sauthinfo
R$*		$: $1 $| $>D <$&{server_name}>   <>
R$* $| $*	$: $1 $| $>A <$&{server_addr}>   <>
R$* $| $*	$: $1 $| <$(access AuthInfo: $: ? $)> <>
R$* $| $*	$@ no				no authinfo available
R$* $| <$*> <>	$# $2
 
 
 
 
 
#
######################################################################
######################################################################
#####
#####			MAIL FILTER DEFINITIONS
#####
######################################################################
######################################################################
 
#
######################################################################
######################################################################
#####
#####			MAILER DEFINITIONS
#####
######################################################################
######################################################################
 
#####################################
###   SMTP Mailer specification   ###
#####################################
 
#####  $Id: smtp.m4,v 8.64 2001/04/03 01:52:54 gshapiro Exp $  #####
 
#
#  common sender and masquerading recipient rewriting
#
SMasqSMTP
R$* < @ $* > $*		$@ $1 < @ $2 > $3		already fully qualified
R$+			$@ $1 < @ *LOCAL* >		add local qualification
 
#
#  convert pseudo-domain addresses to real domain addresses
#
SPseudoToReal
 
# pass s through
R< @ $+ > $*		$@ < @ $1 > $2			resolve 
 
# output fake domains as user%fake@relay
 
# do UUCP heuristics; note that these are shared with UUCP mailers
R$+ < @ $+ .UUCP. >	$: < $2 ! > $1			convert to UUCP form
R$+ < @ $* > $*		$@ $1 < @ $2 > $3		not UUCP form
 
# leave these in .UUCP form to avoid further tampering
R< $&h ! > $- ! $+	$@ $2 < @ $1 .UUCP. >
R< $&h ! > $-.$+ ! $+	$@ $3 < @ $1.$2 >
R< $&h ! > $+		$@ $1 < @ $&h .UUCP. >
R< $+ ! > $+		$: $1 ! $2 < @ $Y >		use UUCP_RELAY
R$+ < @ $~[ $* : $+ >	$@ $1 < @ $4 >			strip mailer: part
R$+ < @ >		$: $1 < @ *LOCAL* >		if no UUCP_RELAY
 
 
#
#  envelope sender rewriting
#
SEnvFromSMTP
R$+			$: $>PseudoToReal $1		sender/recipient common
R$* :; <@>		$@				list:; special case
R$*			$: $>MasqSMTP $1		qualify unqual'ed names
R$+			$: $>MasqEnv $1			do masquerading
 
 
#
#  envelope recipient rewriting --
#  also header recipient if not masquerading recipients
#
SEnvToSMTP
R$+			$: $>PseudoToReal $1		sender/recipient common
R$+			$: $>MasqSMTP $1		qualify unqual'ed names
R$* < @ *LOCAL* > $*	$: $1 < @ $j . > $2
 
#
#  header sender and masquerading header recipient rewriting
#
SHdrFromSMTP
R$+			$: $>PseudoToReal $1		sender/recipient common
R:; <@>			$@				list:; special case
 
# do special header rewriting
R$* <@> $*		$@ $1 <@> $2			pass null host through
R< @ $* > $*		$@ < @ $1 > $2			pass route-addr through
R$*			$: $>MasqSMTP $1		qualify unqual'ed names
R$+			$: $>MasqHdr $1			do masquerading
 
 
#
#  relay mailer header masquerading recipient rewriting
#
SMasqRelay
R$+			$: $>MasqSMTP $1
R$+			$: $>MasqHdr $1
 
Msmtp,		P=[IPC], F=mDFMuX, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
		T=DNS/RFC822/SMTP,
		A=TCP $h
Mesmtp,		P=[IPC], F=mDFMuXa, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
		T=DNS/RFC822/SMTP,
		A=TCP $h
Msmtp8,		P=[IPC], F=mDFMuX8, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
		T=DNS/RFC822/SMTP,
		A=TCP $h
Mdsmtp,		P=[IPC], F=mDFMuXa%, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
		T=DNS/RFC822/SMTP,
		A=TCP $h
Mrelay,		P=[IPC], F=mDFMuXa8, S=EnvFromSMTP/HdrFromSMTP, R=MasqSMTP, E=\r\n, L=2040,
		T=DNS/RFC822/SMTP,
		A=TCP $h
 
 
######################*****##############
###   PROCMAIL Mailer specification   ###
##################*****##################
 
#####  $Id: procmail.m4,v 8.22 2001/11/12 23:11:34 ca Exp $  #####
 
Mprocmail,	P=/usr/bin/procmail, F=DFMSPhnu9, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP/HdrFromSMTP,
		T=DNS/RFC822/X-Unix,
		A=procmail -Y -m $h $f $u
 
 
##################################################
###   Local and Program Mailer specification   ###
##################################################
 
#####  $Id: local.m4,v 8.58 2000/10/26 01:58:29 ca Exp $  #####
 
#
#  Envelope sender rewriting
#
SEnvFromL
R<@>			$n			errors to mailer-daemon
R@ <@ $*>		$n			temporarily bypass Sun bogosity
R$+			$: $>AddDomain $1	add local domain if needed
R$*			$: $>MasqEnv $1		do masquerading
 
#
#  Envelope recipient rewriting
#
SEnvToL
R$+ < @ $* >		$: $1			strip host part
 
#
#  Header sender rewriting
#
SHdrFromL
R<@>			$n			errors to mailer-daemon
R@ <@ $*>		$n			temporarily bypass Sun bogosity
R$+			$: $>AddDomain $1	add local domain if needed
R$*			$: $>MasqHdr $1		do masquerading
 
#
#  Header recipient rewriting
#
SHdrToL
R$+			$: $>AddDomain $1	add local domain if needed
R$* < @ *LOCAL* > $*	$: $1 < @ $j . > $2
 
#
#  Common code to add local domain name (only if always-add-domain)
#
SAddDomain
R$* < @ $* > $* 	$@ $1 < @ $2 > $3	already fully qualified
 
R$+			$@ $1 < @ *LOCAL* >	add local qualification
 
Mlocal,		P=/usr/bin/procmail, F=lsDFMAw5:/|@qSPfhn9, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL,
		T=DNS/RFC822/X-Unix,
		A=procmail -t -Y -a $h -d $u
Mprog,		P=/usr/sbin/smrsh, F=lsDFMoqeu9, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL, D=$z:/,
		T=X-Unix/X-Unix/X-Unix,
		A=smrsh -c $u

Open in New Window Select All

Answer : linux - sendmail - Deferred: Connection refused by mx5.biz.mail.yahoo.com

Please clarify that we are correctly assuming that you are able to successfully send e-mail to some people -- just not to Yahoo and Hotmail.

Your error log confirms that you are in fact "reaching out" to the Yahoo e-mail server. That server is specifically refusing to accept connections from your system.

Have you checked the two items from my first post? Neither Yahoo or Hotmail will accept e-mail from any sender without a correctly configured reverse DNS pointer.

And, as shakoush2001 pointed out, both of these mail service providers are using strict filtering rules. If you are using an IP address from a range they do not accept, or cannot have a reverse DNS pointer put in place, or are for some reason blacklisted your only option will be to relay mail through an "acceptable" SMTP server (i.e. set up a "smart host") -- which generally equates to relaying through your ISP's gateway or through a hosting service that you are signed up with.