diff --git a/testing/mailman/README b/testing/mailman/README
new file mode 100644
index 0000000..d4f8f4d
--- /dev/null
+++ b/testing/mailman/README
@@ -0,0 +1,23 @@
+yum -y install sendmail-cf
+yum -y install mailman
+
+cp mail /etc/
+
+restart sendmail
+
+cd /usr/lib/mailman/
+
+bin/newlist mailman
+ Enter the email of the person running the list: root@gibbson.edu
+
+copy the tail of bin/newlist to /etc/aliases
+run newaliases
+
+bin/config_list -i /var/lib/mailman/data/sitelist.cfg mailman
+
+cp httpd.conf /etc/httpd/conf/httpd.conf
+
+restart apache
+start mailman
+
+goto http://localhost/mailman/admin/mailman to test
diff --git a/testing/mailman/httpd.conf b/testing/mailman/httpd.conf
new file mode 100644
index 0000000..ef5c340
--- /dev/null
+++ b/testing/mailman/httpd.conf
@@ -0,0 +1,986 @@
+#
+# Based upon the NCSA server configuration files originally by Rob McCool.
+#
+# This is the main Apache server configuration file. It contains the
+# configuration directives that give the server its instructions.
+# See for detailed information about
+# the directives.
+#
+# Do NOT simply read the instructions in here without understanding
+# what they do. They're here only as hints or reminders. If you are unsure
+# consult the online docs. You have been warned.
+#
+# The configuration directives are grouped into three basic sections:
+# 1. Directives that control the operation of the Apache server process as a
+# whole (the 'global environment').
+# 2. Directives that define the parameters of the 'main' or 'default' server,
+# which responds to requests that aren't handled by a virtual host.
+# These directives also provide default values for the settings
+# of all virtual hosts.
+# 3. Settings for virtual hosts, which allow Web requests to be sent to
+# different IP addresses or hostnames and have them handled by the
+# same Apache server process.
+#
+# Configuration and logfile names: If the filenames you specify for many
+# of the server's control files begin with "/" (or "drive:/" for Win32), the
+# server will use that explicit path. If the filenames do *not* begin
+# with "/", the value of ServerRoot is prepended -- so "logs/foo.log"
+# with ServerRoot set to "/etc/httpd" will be interpreted by the
+# server as "/etc/httpd/logs/foo.log".
+#
+
+### Section 1: Global Environment
+#
+# The directives in this section affect the overall operation of Apache,
+# such as the number of concurrent requests it can handle or where it
+# can find its configuration files.
+#
+
+#
+# Don't give away too much information about all the subcomponents
+# we are running. Comment out this line if you don't mind remote sites
+# finding out what major optional modules you are running
+ServerTokens OS
+
+#
+# ServerRoot: The top of the directory tree under which the server's
+# configuration, error, and log files are kept.
+#
+# NOTE! If you intend to place this on an NFS (or otherwise network)
+# mounted filesystem then please read the LockFile documentation
+# (available at );
+# you will save yourself a lot of trouble.
+#
+# Do NOT add a slash at the end of the directory path.
+#
+ServerRoot "/etc/httpd"
+
+#
+# PidFile: The file in which the server should record its process
+# identification number when it starts.
+#
+PidFile run/httpd.pid
+
+#
+# Timeout: The number of seconds before receives and sends time out.
+#
+Timeout 120
+
+#
+# KeepAlive: Whether or not to allow persistent connections (more than
+# one request per connection). Set to "Off" to deactivate.
+#
+KeepAlive Off
+
+#
+# MaxKeepAliveRequests: The maximum number of requests to allow
+# during a persistent connection. Set to 0 to allow an unlimited amount.
+# We recommend you leave this number high, for maximum performance.
+#
+MaxKeepAliveRequests 100
+
+#
+# KeepAliveTimeout: Number of seconds to wait for the next request from the
+# same client on the same connection.
+#
+KeepAliveTimeout 15
+
+##
+## Server-Pool Size Regulation (MPM specific)
+##
+
+# prefork MPM
+# StartServers: number of server processes to start
+# MinSpareServers: minimum number of server processes which are kept spare
+# MaxSpareServers: maximum number of server processes which are kept spare
+# ServerLimit: maximum value for MaxClients for the lifetime of the server
+# MaxClients: maximum number of server processes allowed to start
+# MaxRequestsPerChild: maximum number of requests a server process serves
+
+StartServers 8
+MinSpareServers 5
+MaxSpareServers 20
+ServerLimit 256
+MaxClients 256
+MaxRequestsPerChild 4000
+
+
+# worker MPM
+# StartServers: initial number of server processes to start
+# MaxClients: maximum number of simultaneous client connections
+# MinSpareThreads: minimum number of worker threads which are kept spare
+# MaxSpareThreads: maximum number of worker threads which are kept spare
+# ThreadsPerChild: constant number of worker threads in each server process
+# MaxRequestsPerChild: maximum number of requests a server process serves
+
+StartServers 2
+MaxClients 150
+MinSpareThreads 25
+MaxSpareThreads 75
+ThreadsPerChild 25
+MaxRequestsPerChild 0
+
+
+#
+# Listen: Allows you to bind Apache to specific IP addresses and/or
+# ports, in addition to the default. See also the
+# directive.
+#
+# Change this to Listen on specific IP addresses as shown below to
+# prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
+#
+#Listen 12.34.56.78:80
+Listen 80
+
+#
+# Dynamic Shared Object (DSO) Support
+#
+# To be able to use the functionality of a module which was built as a DSO you
+# have to place corresponding `LoadModule' lines at this location so the
+# directives contained in it are actually available _before_ they are used.
+# Statically compiled modules (those listed by `httpd -l') do not need
+# to be loaded here.
+#
+# Example:
+# LoadModule foo_module modules/mod_foo.so
+#
+LoadModule access_module modules/mod_access.so
+LoadModule auth_module modules/mod_auth.so
+LoadModule auth_anon_module modules/mod_auth_anon.so
+LoadModule auth_dbm_module modules/mod_auth_dbm.so
+LoadModule auth_digest_module modules/mod_auth_digest.so
+LoadModule ldap_module modules/mod_ldap.so
+LoadModule auth_ldap_module modules/mod_auth_ldap.so
+LoadModule include_module modules/mod_include.so
+LoadModule log_config_module modules/mod_log_config.so
+LoadModule logio_module modules/mod_logio.so
+LoadModule env_module modules/mod_env.so
+LoadModule ext_filter_module modules/mod_ext_filter.so
+LoadModule mime_magic_module modules/mod_mime_magic.so
+LoadModule expires_module modules/mod_expires.so
+LoadModule deflate_module modules/mod_deflate.so
+LoadModule headers_module modules/mod_headers.so
+LoadModule usertrack_module modules/mod_usertrack.so
+LoadModule setenvif_module modules/mod_setenvif.so
+LoadModule mime_module modules/mod_mime.so
+LoadModule dav_module modules/mod_dav.so
+LoadModule status_module modules/mod_status.so
+LoadModule autoindex_module modules/mod_autoindex.so
+LoadModule info_module modules/mod_info.so
+LoadModule dav_fs_module modules/mod_dav_fs.so
+LoadModule vhost_alias_module modules/mod_vhost_alias.so
+LoadModule negotiation_module modules/mod_negotiation.so
+LoadModule dir_module modules/mod_dir.so
+LoadModule actions_module modules/mod_actions.so
+LoadModule speling_module modules/mod_speling.so
+LoadModule userdir_module modules/mod_userdir.so
+LoadModule alias_module modules/mod_alias.so
+LoadModule rewrite_module modules/mod_rewrite.so
+LoadModule proxy_module modules/mod_proxy.so
+LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
+LoadModule proxy_http_module modules/mod_proxy_http.so
+LoadModule proxy_connect_module modules/mod_proxy_connect.so
+LoadModule cache_module modules/mod_cache.so
+LoadModule suexec_module modules/mod_suexec.so
+LoadModule disk_cache_module modules/mod_disk_cache.so
+LoadModule file_cache_module modules/mod_file_cache.so
+LoadModule mem_cache_module modules/mod_mem_cache.so
+LoadModule cgi_module modules/mod_cgi.so
+
+#
+# The following modules are not loaded by default:
+#
+#LoadModule cern_meta_module modules/mod_cern_meta.so
+#LoadModule asis_module modules/mod_asis.so
+
+#
+# Load config files from the config directory "/etc/httpd/conf.d".
+#
+Include conf.d/*.conf
+
+#
+# ExtendedStatus controls whether Apache will generate "full" status
+# information (ExtendedStatus On) or just basic information (ExtendedStatus
+# Off) when the "server-status" handler is called. The default is Off.
+#
+#ExtendedStatus On
+
+#
+# If you wish httpd to run as a different user or group, you must run
+# httpd as root initially and it will switch.
+#
+# User/Group: The name (or #number) of the user/group to run httpd as.
+# . On SCO (ODT 3) use "User nouser" and "Group nogroup".
+# . On HPUX you may not be able to use shared memory as nobody, and the
+# suggested workaround is to create a user www and use that user.
+# NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET)
+# when the value of (unsigned)Group is above 60000;
+# don't use Group #-1 on these systems!
+#
+User apache
+Group apache
+
+### Section 2: 'Main' server configuration
+#
+# The directives in this section set up the values used by the 'main'
+# server, which responds to any requests that aren't handled by a
+# definition. These values also provide defaults for
+# any containers you may define later in the file.
+#
+# All of these directives may appear inside containers,
+# in which case these default settings will be overridden for the
+# virtual host being defined.
+#
+
+#
+# ServerAdmin: Your address, where problems with the server should be
+# e-mailed. This address appears on some server-generated pages, such
+# as error documents. e.g. admin@your-domain.com
+#
+ServerAdmin root@localhost
+
+#
+# ServerName gives the name and port that the server uses to identify itself.
+# This can often be determined automatically, but we recommend you specify
+# it explicitly to prevent problems during startup.
+#
+# If this is not set to valid DNS name for your host, server-generated
+# redirections will not work. See also the UseCanonicalName directive.
+#
+# If your host doesn't have a registered DNS name, enter its IP address here.
+# You will have to access it by its address anyway, and this will make
+# redirections work in a sensible way.
+#
+#ServerName www.example.com:80
+
+#
+# UseCanonicalName: Determines how Apache constructs self-referencing
+# URLs and the SERVER_NAME and SERVER_PORT variables.
+# When set "Off", Apache will use the Hostname and Port supplied
+# by the client. When set "On", Apache will use the value of the
+# ServerName directive.
+#
+UseCanonicalName Off
+
+#
+# DocumentRoot: The directory out of which you will serve your
+# documents. By default, all requests are taken from this directory, but
+# symbolic links and aliases may be used to point to other locations.
+#
+DocumentRoot "/var/www/html"
+
+#
+# Each directory to which Apache has access can be configured with respect
+# to which services and features are allowed and/or disabled in that
+# directory (and its subdirectories).
+#
+# First, we configure the "default" to be a very restrictive set of
+# features.
+#
+
+ Options FollowSymLinks
+ AllowOverride None
+
+
+#
+# Note that from this point forward you must specifically allow
+# particular features to be enabled - so if something's not working as
+# you might expect, make sure that you have specifically enabled it
+# below.
+#
+
+#
+# This should be changed to whatever you set DocumentRoot to.
+#
+
+
+#
+# Possible values for the Options directive are "None", "All",
+# or any combination of:
+# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
+#
+# Note that "MultiViews" must be named *explicitly* --- "Options All"
+# doesn't give it to you.
+#
+# The Options directive is both complicated and important. Please see
+# http://httpd.apache.org/docs-2.0/mod/core.html#options
+# for more information.
+#
+ Options Indexes FollowSymLinks
+
+#
+# AllowOverride controls what directives may be placed in .htaccess files.
+# It can be "All", "None", or any combination of the keywords:
+# Options FileInfo AuthConfig Limit
+#
+ AllowOverride None
+
+#
+# Controls who can get stuff from this server.
+#
+ Order allow,deny
+ Allow from all
+
+
+
+#
+# UserDir: The name of the directory that is appended onto a user's home
+# directory if a ~user request is received.
+#
+# The path to the end user account 'public_html' directory must be
+# accessible to the webserver userid. This usually means that ~userid
+# must have permissions of 711, ~userid/public_html must have permissions
+# of 755, and documents contained therein must be world-readable.
+# Otherwise, the client will only receive a "403 Forbidden" message.
+#
+# See also: http://httpd.apache.org/docs/misc/FAQ.html#forbidden
+#
+
+ #
+ # UserDir is disabled by default since it can confirm the presence
+ # of a username on the system (depending on home directory
+ # permissions).
+ #
+ UserDir disable
+
+ #
+ # To enable requests to /~user/ to serve the user's public_html
+ # directory, remove the "UserDir disable" line above, and uncomment
+ # the following line instead:
+ #
+ #UserDir public_html
+
+
+
+#
+# Control access to UserDir directories. The following is an example
+# for a site where these directories are restricted to read-only.
+#
+#
+# AllowOverride FileInfo AuthConfig Limit
+# Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
+#
+# Order allow,deny
+# Allow from all
+#
+#
+# Order deny,allow
+# Deny from all
+#
+#
+
+#
+# DirectoryIndex: sets the file that Apache will serve if a directory
+# is requested.
+#
+# The index.html.var file (a type-map) is used to deliver content-
+# negotiated documents. The MultiViews Option can be used for the
+# same purpose, but it is much slower.
+#
+DirectoryIndex index.html index.html.var
+
+#
+# AccessFileName: The name of the file to look for in each directory
+# for additional configuration directives. See also the AllowOverride
+# directive.
+#
+AccessFileName .htaccess
+
+#
+# The following lines prevent .htaccess and .htpasswd files from being
+# viewed by Web clients.
+#
+
+ Order allow,deny
+ Deny from all
+
+
+#
+# TypesConfig describes where the mime.types file (or equivalent) is
+# to be found.
+#
+TypesConfig /etc/mime.types
+
+#
+# DefaultType is the default MIME type the server will use for a document
+# if it cannot otherwise determine one, such as from filename extensions.
+# If your server contains mostly text or HTML documents, "text/plain" is
+# a good value. If most of your content is binary, such as applications
+# or images, you may want to use "application/octet-stream" instead to
+# keep browsers from trying to display binary files as though they are
+# text.
+#
+DefaultType text/plain
+
+#
+# The mod_mime_magic module allows the server to use various hints from the
+# contents of the file itself to determine its type. The MIMEMagicFile
+# directive tells the module where the hint definitions are located.
+#
+
+# MIMEMagicFile /usr/share/magic.mime
+ MIMEMagicFile conf/magic
+
+
+#
+# HostnameLookups: Log the names of clients or just their IP addresses
+# e.g., www.apache.org (on) or 204.62.129.132 (off).
+# The default is off because it'd be overall better for the net if people
+# had to knowingly turn this feature on, since enabling it means that
+# each client request will result in AT LEAST one lookup request to the
+# nameserver.
+#
+HostnameLookups Off
+
+#
+# EnableMMAP: Control whether memory-mapping is used to deliver
+# files (assuming that the underlying OS supports it).
+# The default is on; turn this off if you serve from NFS-mounted
+# filesystems. On some systems, turning it off (regardless of
+# filesystem) can improve performance; for details, please see
+# http://httpd.apache.org/docs-2.0/mod/core.html#enablemmap
+#
+#EnableMMAP off
+
+#
+# EnableSendfile: Control whether the sendfile kernel support is
+# used to deliver files (assuming that the OS supports it).
+# The default is on; turn this off if you serve from NFS-mounted
+# filesystems. Please see
+# http://httpd.apache.org/docs-2.0/mod/core.html#enablesendfile
+#
+#EnableSendfile off
+
+#
+# ErrorLog: The location of the error log file.
+# If you do not specify an ErrorLog directive within a
+# container, error messages relating to that virtual host will be
+# logged here. If you *do* define an error logfile for a
+# container, that host's errors will be logged there and not here.
+#
+ErrorLog logs/error_log
+
+#
+# LogLevel: Control the number of messages logged to the error_log.
+# Possible values include: debug, info, notice, warn, error, crit,
+# alert, emerg.
+#
+LogLevel warn
+
+#
+# The following directives define some format nicknames for use with
+# a CustomLog directive (see below).
+#
+LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+LogFormat "%h %l %u %t \"%r\" %>s %b" common
+LogFormat "%{Referer}i -> %U" referer
+LogFormat "%{User-agent}i" agent
+
+# "combinedio" includes actual counts of actual bytes received (%I) and sent (%O); this
+# requires the mod_logio module to be loaded.
+#LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
+
+#
+# The location and format of the access logfile (Common Logfile Format).
+# If you do not define any access logfiles within a
+# container, they will be logged here. Contrariwise, if you *do*
+# define per- access logfiles, transactions will be
+# logged therein and *not* in this file.
+#
+#CustomLog logs/access_log common
+
+#
+# If you would like to have separate agent and referer logfiles, uncomment
+# the following directives.
+#
+#CustomLog logs/referer_log referer
+#CustomLog logs/agent_log agent
+
+#
+# For a single logfile with access, agent, and referer information
+# (Combined Logfile Format), use the following directive:
+#
+CustomLog logs/access_log combined
+
+#
+# Optionally add a line containing the server version and virtual host
+# name to server-generated pages (internal error documents, FTP directory
+# listings, mod_status and mod_info output etc., but not CGI generated
+# documents or custom error documents).
+# Set to "EMail" to also include a mailto: link to the ServerAdmin.
+# Set to one of: On | Off | EMail
+#
+ServerSignature On
+
+#
+# Aliases: Add here as many aliases as you need (with no limit). The format is
+# Alias fakename realname
+#
+# Note that if you include a trailing / on fakename then the server will
+# require it to be present in the URL. So "/icons" isn't aliased in this
+# example, only "/icons/". If the fakename is slash-terminated, then the
+# realname must also be slash terminated, and if the fakename omits the
+# trailing slash, the realname must also omit it.
+#
+# We include the /icons/ alias for FancyIndexed directory listings. If you
+# do not use FancyIndexing, you may comment this out.
+#
+Alias /icons/ "/var/www/icons/"
+
+
+ Options Indexes MultiViews
+ AllowOverride None
+ Order allow,deny
+ Allow from all
+
+
+#
+# WebDAV module configuration section.
+#
+
+ # Location of the WebDAV lock database.
+ DAVLockDB /var/lib/dav/lockdb
+
+
+#
+# ScriptAlias: This controls which directories contain server scripts.
+# ScriptAliases are essentially the same as Aliases, except that
+# documents in the realname directory are treated as applications and
+# run by the server when requested rather than as documents sent to the client.
+# The same rules about trailing "/" apply to ScriptAlias directives as to
+# Alias.
+#
+ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
+
+#
+# "/var/www/cgi-bin" should be changed to whatever your ScriptAliased
+# CGI directory exists, if you have that configured.
+#
+
+ AllowOverride None
+ Options None
+ Order allow,deny
+ Allow from all
+
+
+ScriptAlias /mailman/ /usr/lib/mailman/cgi-bin/
+
+ AllowOverride None
+ Options ExecCGI
+ Order allow,deny
+ Allow from all
+
+Alias /pipermail/ /var/lib/mailman/archives/public/
+
+#
+# Redirect allows you to tell clients about documents which used to exist in
+# your server's namespace, but do not anymore. This allows you to tell the
+# clients where to look for the relocated document.
+# Example:
+# Redirect permanent /foo http://www.example.com/bar
+
+#
+# Directives controlling the display of server-generated directory listings.
+#
+
+#
+# IndexOptions: Controls the appearance of server-generated directory
+# listings.
+#
+IndexOptions FancyIndexing VersionSort NameWidth=*
+
+#
+# AddIcon* directives tell the server which icon to show for different
+# files or filename extensions. These are only displayed for
+# FancyIndexed directories.
+#
+AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
+
+AddIconByType (TXT,/icons/text.gif) text/*
+AddIconByType (IMG,/icons/image2.gif) image/*
+AddIconByType (SND,/icons/sound2.gif) audio/*
+AddIconByType (VID,/icons/movie.gif) video/*
+
+AddIcon /icons/binary.gif .bin .exe
+AddIcon /icons/binhex.gif .hqx
+AddIcon /icons/tar.gif .tar
+AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
+AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
+AddIcon /icons/a.gif .ps .ai .eps
+AddIcon /icons/layout.gif .html .shtml .htm .pdf
+AddIcon /icons/text.gif .txt
+AddIcon /icons/c.gif .c
+AddIcon /icons/p.gif .pl .py
+AddIcon /icons/f.gif .for
+AddIcon /icons/dvi.gif .dvi
+AddIcon /icons/uuencoded.gif .uu
+AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
+AddIcon /icons/tex.gif .tex
+AddIcon /icons/bomb.gif core
+
+AddIcon /icons/back.gif ..
+AddIcon /icons/hand.right.gif README
+AddIcon /icons/folder.gif ^^DIRECTORY^^
+AddIcon /icons/blank.gif ^^BLANKICON^^
+
+#
+# DefaultIcon is which icon to show for files which do not have an icon
+# explicitly set.
+#
+DefaultIcon /icons/unknown.gif
+
+#
+# AddDescription allows you to place a short description after a file in
+# server-generated indexes. These are only displayed for FancyIndexed
+# directories.
+# Format: AddDescription "description" filename
+#
+#AddDescription "GZIP compressed document" .gz
+#AddDescription "tar archive" .tar
+#AddDescription "GZIP compressed tar archive" .tgz
+
+#
+# ReadmeName is the name of the README file the server will look for by
+# default, and append to directory listings.
+#
+# HeaderName is the name of a file which should be prepended to
+# directory indexes.
+ReadmeName README.html
+HeaderName HEADER.html
+
+#
+# IndexIgnore is a set of filenames which directory indexing should ignore
+# and not include in the listing. Shell-style wildcarding is permitted.
+#
+IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
+
+#
+# DefaultLanguage and AddLanguage allows you to specify the language of
+# a document. You can then use content negotiation to give a browser a
+# file in a language the user can understand.
+#
+# Specify a default language. This means that all data
+# going out without a specific language tag (see below) will
+# be marked with this one. You probably do NOT want to set
+# this unless you are sure it is correct for all cases.
+#
+# * It is generally better to not mark a page as
+# * being a certain language than marking it with the wrong
+# * language!
+#
+# DefaultLanguage nl
+#
+# Note 1: The suffix does not have to be the same as the language
+# keyword --- those with documents in Polish (whose net-standard
+# language code is pl) may wish to use "AddLanguage pl .po" to
+# avoid the ambiguity with the common suffix for perl scripts.
+#
+# Note 2: The example entries below illustrate that in some cases
+# the two character 'Language' abbreviation is not identical to
+# the two character 'Country' code for its country,
+# E.g. 'Danmark/dk' versus 'Danish/da'.
+#
+# Note 3: In the case of 'ltz' we violate the RFC by using a three char
+# specifier. There is 'work in progress' to fix this and get
+# the reference data for rfc1766 cleaned up.
+#
+# Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl)
+# English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de)
+# Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja)
+# Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn)
+# Norwegian (no) - Polish (pl) - Portugese (pt)
+# Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv)
+# Simplified Chinese (zh-CN) - Spanish (es) - Traditional Chinese (zh-TW)
+#
+AddLanguage ca .ca
+AddLanguage cs .cz .cs
+AddLanguage da .dk
+AddLanguage de .de
+AddLanguage el .el
+AddLanguage en .en
+AddLanguage eo .eo
+AddLanguage es .es
+AddLanguage et .et
+AddLanguage fr .fr
+AddLanguage he .he
+AddLanguage hr .hr
+AddLanguage it .it
+AddLanguage ja .ja
+AddLanguage ko .ko
+AddLanguage ltz .ltz
+AddLanguage nl .nl
+AddLanguage nn .nn
+AddLanguage no .no
+AddLanguage pl .po
+AddLanguage pt .pt
+AddLanguage pt-BR .pt-br
+AddLanguage ru .ru
+AddLanguage sv .sv
+AddLanguage zh-CN .zh-cn
+AddLanguage zh-TW .zh-tw
+
+#
+# LanguagePriority allows you to give precedence to some languages
+# in case of a tie during content negotiation.
+#
+# Just list the languages in decreasing order of preference. We have
+# more or less alphabetized them here. You probably want to change this.
+#
+LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW
+
+#
+# ForceLanguagePriority allows you to serve a result page rather than
+# MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback)
+# [in case no accepted languages matched the available variants]
+#
+ForceLanguagePriority Prefer Fallback
+
+#
+# Specify a default charset for all content served; this enables
+# interpretation of all content as UTF-8 by default. To use the
+# default browser choice (ISO-8859-1), or to allow the META tags
+# in HTML content to override this choice, comment out this
+# directive:
+#
+AddDefaultCharset UTF-8
+
+#
+# AddType allows you to add to or override the MIME configuration
+# file mime.types for specific file types.
+#
+#AddType application/x-tar .tgz
+
+#
+# AddEncoding allows you to have certain browsers uncompress
+# information on the fly. Note: Not all browsers support this.
+# Despite the name similarity, the following Add* directives have nothing
+# to do with the FancyIndexing customization directives above.
+#
+#AddEncoding x-compress .Z
+#AddEncoding x-gzip .gz .tgz
+
+# If the AddEncoding directives above are commented-out, then you
+# probably should define those extensions to indicate media types:
+#
+AddType application/x-compress .Z
+AddType application/x-gzip .gz .tgz
+
+#
+# AddHandler allows you to map certain file extensions to "handlers":
+# actions unrelated to filetype. These can be either built into the server
+# or added with the Action directive (see below)
+#
+# To use CGI scripts outside of ScriptAliased directories:
+# (You will also need to add "ExecCGI" to the "Options" directive.)
+#
+#AddHandler cgi-script .cgi
+
+#
+# For files that include their own HTTP headers:
+#
+#AddHandler send-as-is asis
+
+#
+# For type maps (negotiated resources):
+# (This is enabled by default to allow the Apache "It Worked" page
+# to be distributed in multiple languages.)
+#
+AddHandler type-map var
+
+#
+# Filters allow you to process content before it is sent to the client.
+#
+# To parse .shtml files for server-side includes (SSI):
+# (You will also need to add "Includes" to the "Options" directive.)
+#
+AddType text/html .shtml
+AddOutputFilter INCLUDES .shtml
+
+#
+# Action lets you define media types that will execute a script whenever
+# a matching file is called. This eliminates the need for repeated URL
+# pathnames for oft-used CGI file processors.
+# Format: Action media/type /cgi-script/location
+# Format: Action handler-name /cgi-script/location
+#
+
+#
+# Customizable error responses come in three flavors:
+# 1) plain text 2) local redirects 3) external redirects
+#
+# Some examples:
+#ErrorDocument 500 "The server made a boo boo."
+#ErrorDocument 404 /missing.html
+#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
+#ErrorDocument 402 http://www.example.com/subscription_info.html
+#
+
+#
+# Putting this all together, we can internationalize error responses.
+#
+# We use Alias to redirect any /error/HTTP_.html.var response to
+# our collection of by-error message multi-language collections. We use
+# includes to substitute the appropriate text.
+#
+# You can modify the messages' appearance without changing any of the
+# default HTTP_.html.var files by adding the line:
+#
+# Alias /error/include/ "/your/include/path/"
+#
+# which allows you to create your own set of files by starting with the
+# /var/www/error/include/ files and
+# copying them to /your/include/path/, even on a per-VirtualHost basis.
+#
+
+Alias /error/ "/var/www/error/"
+
+
+
+
+ AllowOverride None
+ Options IncludesNoExec
+ AddOutputFilter Includes html
+ AddHandler type-map var
+ Order allow,deny
+ Allow from all
+ LanguagePriority en es de fr
+ ForceLanguagePriority Prefer Fallback
+
+
+# ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var
+# ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
+# ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var
+# ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var
+# ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var
+# ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var
+# ErrorDocument 410 /error/HTTP_GONE.html.var
+# ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var
+# ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var
+# ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
+# ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var
+# ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var
+# ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var
+# ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var
+# ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var
+# ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var
+# ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var
+
+
+
+
+#
+# The following directives modify normal HTTP response behavior to
+# handle known problems with browser implementations.
+#
+BrowserMatch "Mozilla/2" nokeepalive
+BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
+BrowserMatch "RealPlayer 4\.0" force-response-1.0
+BrowserMatch "Java/1\.0" force-response-1.0
+BrowserMatch "JDK/1\.0" force-response-1.0
+
+#
+# The following directive disables redirects on non-GET requests for
+# a directory that does not include the trailing slash. This fixes a
+# problem with Microsoft WebFolders which does not appropriately handle
+# redirects for folders with DAV methods.
+# Same deal with Apple's DAV filesystem and Gnome VFS support for DAV.
+#
+BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
+BrowserMatch "^WebDrive" redirect-carefully
+BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully
+BrowserMatch "^gnome-vfs" redirect-carefully
+
+#
+# Allow server status reports generated by mod_status,
+# with the URL of http://servername/server-status
+# Change the ".example.com" to match your domain to enable.
+#
+#
+# SetHandler server-status
+# Order deny,allow
+# Deny from all
+# Allow from .example.com
+#
+
+#
+# Allow remote server configuration reports, with the URL of
+# http://servername/server-info (requires that mod_info.c be loaded).
+# Change the ".example.com" to match your domain to enable.
+#
+#
+# SetHandler server-info
+# Order deny,allow
+# Deny from all
+# Allow from .example.com
+#
+
+#
+# Proxy Server directives. Uncomment the following lines to
+# enable the proxy server:
+#
+#
+#ProxyRequests On
+#
+#
+# Order deny,allow
+# Deny from all
+# Allow from .example.com
+#
+
+#
+# Enable/disable the handling of HTTP/1.1 "Via:" headers.
+# ("Full" adds the server version; "Block" removes all outgoing Via: headers)
+# Set to one of: Off | On | Full | Block
+#
+#ProxyVia On
+
+#
+# To enable a cache of proxied content, uncomment the following lines.
+# See http://httpd.apache.org/docs-2.0/mod/mod_cache.html for more details.
+#
+#
+# CacheEnable disk /
+# CacheRoot "/var/cache/mod_proxy"
+#
+#
+
+#
+# End of proxy directives.
+
+### Section 3: Virtual Hosts
+#
+# VirtualHost: If you want to maintain multiple domains/hostnames on your
+# machine you can setup VirtualHost containers for them. Most configurations
+# use only name-based virtual hosts so the server doesn't need to worry about
+# IP addresses. This is indicated by the asterisks in the directives below.
+#
+# Please see the documentation at
+#
+# for further details before you try to setup virtual hosts.
+#
+# You may use the command line option '-S' to verify your virtual host
+# configuration.
+
+#
+# Use name-based virtual hosting.
+#
+#NameVirtualHost *:80
+#
+# NOTE: NameVirtualHost cannot be used without a port specifier
+# (e.g. :80) if mod_ssl is being used, due to the nature of the
+# SSL protocol.
+#
+
+#
+# VirtualHost example:
+# Almost any Apache directive may go into a VirtualHost container.
+# The first VirtualHost section is used for requests without a known
+# server name.
+#
+#
+# ServerAdmin webmaster@dummy-host.example.com
+# DocumentRoot /www/docs/dummy-host.example.com
+# ServerName dummy-host.example.com
+# ErrorLog logs/dummy-host.example.com-error_log
+# CustomLog logs/dummy-host.example.com-access_log common
+#
diff --git a/testing/mailman/mail/Makefile b/testing/mailman/mail/Makefile
new file mode 100644
index 0000000..80ff77f
--- /dev/null
+++ b/testing/mailman/mail/Makefile
@@ -0,0 +1,41 @@
+# These could be used by sendmail, but are not part of the default install.
+# To use them you will have to generate your own sendmail.cf with
+# FEATURE('whatever')
+#
+POSSIBLE += $(shell test -f bitdomain && echo bitdomain.db)
+POSSIBLE += $(shell test -f uudomain && echo uudomain.db)
+POSSIBLE += $(shell test -f genericstable && echo genericstable.db)
+POSSIBLE += $(shell test -f userdb && echo userdb.db)
+POSSIBLE += $(shell test -f authinfo && echo authinfo.db)
+CFFILES = sendmail.cf submit.cf
+
+
+all: ${CFFILES} ${POSSIBLE} virtusertable.db access.db domaintable.db mailertable.db
+
+userdb.db: userdb
+ @makemap btree $@ < $<
+
+%.db: %
+ @makemap hash $@ < $<
+
+%.cf: %.mc
+ @if test -f /usr/share/sendmail-cf/m4/cf.m4; then \
+ umask 022; \
+ mv -f $@ $@.bak; \
+ m4 $< > $@; \
+ else \
+ echo -e "WARNING: '$<' is modified. Please install package sendmail-cf to update your configuration."; \
+ fi
+
+clean:
+ rm -f *.db *~
+
+start:
+ service sendmail start
+
+stop:
+ service sendmail stop
+
+restart:
+ service sendmail restart
+
diff --git a/testing/mailman/mail/access b/testing/mailman/mail/access
new file mode 100644
index 0000000..d819a50
--- /dev/null
+++ b/testing/mailman/mail/access
@@ -0,0 +1,10 @@
+# Check the /usr/share/doc/sendmail/README.cf file for a description
+# of the format of this file. (search for access_db in that file)
+# The /usr/share/doc/sendmail/README.cf is part of the sendmail-doc
+# package.
+#
+# by default we allow relaying from localhost...
+localhost.localdomain RELAY
+localhost RELAY
+127.0.0.1 RELAY
+
diff --git a/testing/mailman/mail/access.db b/testing/mailman/mail/access.db
new file mode 100644
index 0000000..753e958
Binary files /dev/null and b/testing/mailman/mail/access.db differ
diff --git a/testing/mailman/mail/aliases b/testing/mailman/mail/aliases
new file mode 120000
index 0000000..dd61026
--- /dev/null
+++ b/testing/mailman/mail/aliases
@@ -0,0 +1 @@
+/etc/aliases
\ No newline at end of file
diff --git a/testing/mailman/mail/aliases.db b/testing/mailman/mail/aliases.db
new file mode 100644
index 0000000..3666670
Binary files /dev/null and b/testing/mailman/mail/aliases.db differ
diff --git a/testing/mailman/mail/domaintable b/testing/mailman/mail/domaintable
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/testing/mailman/mail/domaintable
diff --git a/testing/mailman/mail/domaintable.db b/testing/mailman/mail/domaintable.db
new file mode 100644
index 0000000..80552ba
Binary files /dev/null and b/testing/mailman/mail/domaintable.db differ
diff --git a/testing/mailman/mail/helpfile b/testing/mailman/mail/helpfile
new file mode 100644
index 0000000..5c502d3
--- /dev/null
+++ b/testing/mailman/mail/helpfile
@@ -0,0 +1,136 @@
+#vers 2
+cpyr
+cpyr Copyright (c) 1998-2000, 2002, 2004, 2005 Sendmail, Inc. and its suppliers.
+cpyr All rights reserved.
+cpyr Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved.
+cpyr Copyright (c) 1988, 1993
+cpyr The Regents of the University of California. All rights reserved.
+cpyr
+cpyr
+cpyr By using this file, you agree to the terms and conditions set
+cpyr forth in the LICENSE file which can be found at the top level of
+cpyr the sendmail distribution.
+cpyr
+cpyr $$Id: helpfile,v 8.45 2005/09/13 00:05:23 ca Exp $$
+cpyr
+smtp This is sendmail version $v
+smtp Topics:
+smtp HELO EHLO MAIL RCPT DATA
+smtp RSET NOOP QUIT HELP VRFY
+smtp EXPN VERB ETRN DSN AUTH
+smtp STARTTLS
+smtp For more info use "HELP ".
+smtp To report bugs in the implementation send email to
+smtp sendmail-bugs@sendmail.org.
+smtp For local information send email to Postmaster at your site.
+help HELP [ ]
+help The HELP command gives help info.
+helo HELO
+helo Introduce yourself.
+ehlo EHLO
+ehlo Introduce yourself, and request extended SMTP mode.
+ehlo Possible replies include:
+ehlo SEND Send as mail [RFC821]
+ehlo SOML Send as mail or terminal [RFC821]
+ehlo SAML Send as mail and terminal [RFC821]
+ehlo EXPN Expand the mailing list [RFC821]
+ehlo HELP Supply helpful information [RFC821]
+ehlo TURN Turn the operation around [RFC821]
+ehlo 8BITMIME Use 8-bit data [RFC1652]
+ehlo SIZE Message size declaration [RFC1870]
+ehlo VERB Verbose [Allman]
+ehlo CHUNKING Chunking [RFC1830]
+ehlo BINARYMIME Binary MIME [RFC1830]
+ehlo PIPELINING Command Pipelining [RFC1854]
+ehlo DSN Delivery Status Notification [RFC1891]
+ehlo ETRN Remote Message Queue Starting [RFC1985]
+ehlo STARTTLS Secure SMTP [RFC2487]
+ehlo AUTH Authentication [RFC2554]
+ehlo ENHANCEDSTATUSCODES Enhanced status codes [RFC2034]
+ehlo DELIVERBY Deliver By [RFC2852]
+mail MAIL From: [ ]
+mail Specifies the sender. Parameters are ESMTP extensions.
+mail See "HELP DSN" for details.
+rcpt RCPT To: [ ]
+rcpt Specifies the recipient. Can be used any number of times.
+rcpt Parameters are ESMTP extensions. See "HELP DSN" for details.
+data DATA
+data Following text is collected as the message.
+data End with a single dot.
+rset RSET
+rset Resets the system.
+quit QUIT
+quit Exit sendmail (SMTP).
+auth AUTH mechanism [initial-response]
+auth Start authentication.
+starttls STARTTLS
+starttls Start TLS negotiation.
+verb VERB
+verb Go into verbose mode. This sends 0xy responses that are
+verb not RFC821 standard (but should be) They are recognized
+verb by humans and other sendmail implementations.
+vrfy VRFY
+vrfy Verify an address. If you want to see what it aliases
+vrfy to, use EXPN instead.
+expn EXPN
+expn Expand an address. If the address indicates a mailing
+expn list, return the contents of that list.
+noop NOOP
+noop Do nothing.
+send SEND FROM:
+send replaces the MAIL command, and can be used to send
+send directly to a users terminal. Not supported in this
+send implementation.
+soml SOML FROM:
+soml Send or mail. If the user is logged in, send directly,
+soml otherwise mail. Not supported in this implementation.
+saml SAML FROM:
+saml Send and mail. Send directly to the user's terminal,
+saml and also mail a letter. Not supported in this
+saml implementation.
+turn TURN
+turn Reverses the direction of the connection. Not currently
+turn implemented.
+etrn ETRN [ | @ | \# ]
+etrn Run the queue for the specified , or
+etrn all hosts within a given , or a specially-named
+etrn (implementation-specific).
+dsn MAIL FROM: [ RET={ FULL | HDRS} ] [ ENVID= ]
+dsn RCPT TO: [ NOTIFY={NEVER,SUCCESS,FAILURE,DELAY} ]
+dsn [ ORCPT= ]
+dsn SMTP Delivery Status Notifications.
+dsn Descriptions:
+dsn RET Return either the full message or only headers.
+dsn ENVID Sender's "envelope identifier" for tracking.
+dsn NOTIFY When to send a DSN. Multiple options are OK, comma-
+dsn delimited. NEVER must appear by itself.
+dsn ORCPT Original recipient.
+-bt Help for test mode:
+-bt ? :this help message.
+-bt .Dmvalue :define macro `m' to `value'.
+-bt .Ccvalue :add `value' to class `c'.
+-bt =Sruleset :dump the contents of the indicated ruleset.
+-bt =M :display the known mailers.
+-bt -ddebug-spec :equivalent to the command-line -d debug flag.
+-bt $$m :print the value of macro $$m.
+-bt $$=c :print the contents of class $$=c.
+-bt /mx host :returns the MX records for `host'.
+-bt /parse address :parse address, returning the value of crackaddr, and
+-bt the parsed address.
+-bt /try mailer addr :rewrite address into the form it will have when
+-bt presented to the indicated mailer.
+-bt /tryflags flags :set flags used by parsing. The flags can be `H' for
+-bt Header or `E' for Envelope, and `S' for Sender or `R'
+-bt for Recipient. These can be combined, `HR' sets
+-bt flags for header recipients.
+-bt /canon hostname :try to canonify hostname.
+-bt /map mapname key :look up `key' in the indicated `mapname'.
+-bt /quit :quit address test mode.
+-bt rules addr :run the indicated address through the named rules.
+-bt Rules can be a comma separated list of rules.
+control Help for smcontrol:
+control help This message.
+control restart Restart sendmail.
+control shutdown Shutdown sendmail.
+control status Show sendmail status.
+control memdump Dump allocated memory list (for debugging only).
diff --git a/testing/mailman/mail/lists b/testing/mailman/mail/lists
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/testing/mailman/mail/lists
diff --git a/testing/mailman/mail/local-host-names b/testing/mailman/mail/local-host-names
new file mode 100644
index 0000000..9248c00
--- /dev/null
+++ b/testing/mailman/mail/local-host-names
@@ -0,0 +1 @@
+# local-host-names - include all aliases for your machine here.
diff --git a/testing/mailman/mail/mailertable.db b/testing/mailman/mail/mailertable.db
new file mode 100644
index 0000000..d8a54a5
Binary files /dev/null and b/testing/mailman/mail/mailertable.db differ
diff --git a/testing/mailman/mail/mm-handler b/testing/mailman/mail/mm-handler
new file mode 100644
index 0000000..a198649
--- /dev/null
+++ b/testing/mailman/mail/mm-handler
@@ -0,0 +1,236 @@
+#!/usr/local/bin/perl
+##
+## Sendmail mailer for Mailman
+##
+## Simulates these aliases:
+##
+##testlist: "|/home/mailman/mail/mailman post testlist"
+##testlist-admin: "|/home/mailman/mail/mailman admin testlist"
+##testlist-bounces: "|/home/mailman/mail/mailman bounces testlist"
+##testlist-confirm: "|/home/mailman/mail/mailman confirm testlist"
+##testlist-join: "|/home/mailman/mail/mailman join testlist"
+##testlist-leave: "|/home/mailman/mail/mailman leave testlist"
+##testlist-owner: "|/home/mailman/mail/mailman owner testlist"
+##testlist-request: "|/home/mailman/mail/mailman request testlist"
+##testlist-subscribe: "|/home/mailman/mail/mailman subscribe testlist"
+##testlist-unsubscribe: "|/home/mailman/mail/mailman unsubscribe testlist"
+##owner-testlist: testlist-owner
+
+## Some assembly required.
+$MMWRAPPER = "/etc/mail/mailman";
+$MMLISTDIR = "/etc/mailman/lists";
+$SENDMAIL = "/usr/lib/sendmail -oem -oi";
+$VERSION = '$Id: mm-handler,v 1.2 2002/04/05 19:41:09 bwarsaw Exp $';
+
+## Comment this if you offer local user addresses.
+$NOUSERS = "\nPersonal e-mail addresses are not offered by this server.";
+
+# uncomment for debugging....
+#$DEBUG = 1;
+
+use FileHandle;
+use Sys::Hostname;
+use Socket;
+
+($VERS_STR = $VERSION) =~ s/^\$\S+\s+(\S+),v\s+(\S+\s+\S+\s+\S+).*/\1 \2/;
+
+$BOUNDARY = sprintf("%08x-%d", time, time % $$);
+
+## Informative, non-standard rejection letter
+sub mail_error {
+ my ($in, $to, $list, $server, $reason) = @_;
+ my $sendmail;
+
+ if ($server && $server ne "") {
+ $servname = $server;
+ } else {
+ $servname = "This server";
+ $server = &get_ip_addr;
+ }
+
+ #$sendmail = new FileHandle ">/tmp/mm-$$";
+ $sendmail = new FileHandle "|$SENDMAIL $to";
+ if (!defined($sendmail)) {
+ print STDERR "$0: cannot exec \"$SENDMAIL\"\n";
+ exit (-1);
+ }
+
+ $sendmail->print ("From: MAILER-DAEMON\@$server
+To: $to
+Subject: Returned mail: List unknown
+Mime-Version: 1.0
+Content-type: multipart/mixed; boundary=\"$BOUNDARY\"
+Content-Disposition: inline
+
+--$BOUNDARY
+Content-Type: text/plain; charset=us-ascii
+Content-Description: Error processing your mail
+Content-Disposition: inline
+
+Your mail for $list could not be sent:
+ $reason
+
+For a list of publicly-advertised mailing lists hosted on this server,
+visit this URL:
+ http://$server/
+
+If this does not resolve your problem, you may write to:
+ postmaster\@$server
+or
+ mailman-owner\@$server
+
+
+$servname delivers e-mail to registered mailing lists
+and to the administrative addresses defined and required by IETF
+Request for Comments (RFC) 2142 [1].
+$NOUSERS
+
+The Internet Engineering Task Force [2] (IETF) oversees the development
+of open standards for the Internet community, including the protocols
+and formats employed by Internet mail systems.
+
+For your convenience, your original mail is attached.
+
+
+[1] Crocker, D. \"Mailbox Names for Common Services, Roles and
+ Functions\". http://www.ietf.org/rfc/rfc2142.txt
+
+[2] http://www.ietf.org/
+
+--$BOUNDARY
+Content-Type: message/rfc822
+Content-Description: Your undelivered mail
+Content-Disposition: attachment
+
+");
+
+ while ($_ = <$in>) {
+ $sendmail->print ($_);
+ }
+
+ $sendmail->print ("\n");
+ $sendmail->print ("--$BOUNDARY--\n");
+
+ close($sendmail);
+}
+
+## Get my IP address, in case my sendmail doesn't tell me my name.
+sub get_ip_addr {
+ my $host = hostname;
+ my $ip = gethostbyname($host);
+ return inet_ntoa($ip);
+}
+
+## Split an address into its base list name and the appropriate command
+## for the relevant function.
+sub split_addr {
+ my ($addr) = @_;
+ my ($list, $cmd);
+ my @validfields = qw(admin bounces confirm join leave owner request
+ subscribe unsubscribe);
+
+ if ($addr =~ /(.*)-(.*)\+.*$/) {
+ $list = $1;
+ $cmd = "$2";
+ } else {
+ $addr =~ /(.*)-(.*)$/;
+ $list = $1;
+ $cmd = $2;
+ }
+ if (grep /^$cmd$/, @validfields) {
+ if ($list eq "owner") {
+ $list = $cmd;
+ $cmd = "owner";
+ }
+ } else {
+ $list = $addr;
+ $cmd = "post";
+ }
+
+ return ($list, $cmd);
+}
+
+## The time, formatted as for an mbox's "From_" line.
+sub mboxdate {
+ my ($time) = @_;
+ my @days = qw(Sun Mon Tue Wed Thu Fri Sat);
+ my @months = qw(Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec);
+ my ($sec, $min, $hour, $mday, $mon, $year, $wday, $yday, $isdst) =
+ localtime($time);
+
+ ## Two-digit year handling complies with RFC 2822 (section 4.3),
+ ## with the addition that three-digit years are accommodated.
+ if ($year < 50) {
+ $year += 2000;
+ } elsif ($year < 1900) {
+ $year += 1900;
+ }
+
+ return sprintf ("%s %s %2d %02d:%02d:%02d %d",
+ $days[$wday], $months[$mon], $mday,
+ $hour, $min, $sec, $year);
+}
+
+BEGIN: {
+ $sender = undef;
+ $server = undef;
+ @to = ();
+ while ($#ARGV >= 0) {
+ if ($ARGV[0] eq "-r") {
+ $sender = $ARGV[1];
+ shift @ARGV;
+ } elsif (!defined($server)) {
+ $server = $ARGV[0];
+ } else {
+ push(@to, $ARGV[0]);
+ }
+ shift @ARGV;
+ }
+
+ if ($DEBUG) {
+ $to = join(',', @to);
+ print STDERR "to: $to\n";
+ print STDERR "sender: $sender\n";
+ print STDERR "server: $server\n";
+ exit(-1);
+ }
+
+ADDR: for $addr (@to) {
+ $prev = undef;
+ $list = $addr;
+
+ $cmd= "post";
+ if (! -f "$MMLISTDIR/$list/config.pck") {
+ ($list, $cmd) = &split_addr($list);
+ if (! -f "$MMLISTDIR/$list/config.pck") {
+ $was_to = $addr;
+ $was_to .= "\@$server" if ("$server" ne "");
+ mail_error(\*STDIN, $sender, $was_to, $server,
+ "no list named \"$list\" is known by $server");
+ next ADDR;
+ }
+ }
+
+ $wrapper = new FileHandle "|$MMWRAPPER $cmd $list";
+ if (!defined($wrapper)) {
+ ## Defer?
+ print STDERR "$0: cannot exec ",
+ "\"$MMWRAPPER $cmd $list\": deferring\n";
+ exit (-1);
+ }
+
+ # Don't need these without the "n" flag on the mailer def....
+ #$date = &mboxdate(time);
+ #$wrapper->print ("From $sender $date\n");
+
+ # ...because we use these instead.
+ $from_ = ;
+ $wrapper->print ($from_);
+
+ $wrapper->print ("X-Mailman-Handler: $VERSION\n");
+ while () {
+ $wrapper->print ($_);
+ }
+ close($wrapper);
+ }
+}
diff --git a/testing/mailman/mail/sendmail.cf2 b/testing/mailman/mail/sendmail.cf2
new file mode 100644
index 0000000..612930f
--- /dev/null
+++ b/testing/mailman/mail/sendmail.cf2
@@ -0,0 +1,1825 @@
+#
+# Copyright (c) 1998-2004 Sendmail, Inc. and its suppliers.
+# All rights reserved.
+# Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved.
+# Copyright (c) 1988, 1993
+# The Regents of the University of California. All rights reserved.
+#
+# By using this file, you agree to the terms and conditions set
+# forth in the LICENSE file which can be found at the top level of
+# the sendmail distribution.
+#
+#
+
+######################################################################
+######################################################################
+#####
+##### SENDMAIL CONFIGURATION FILE
+#####
+##### built by root@gibbons on Thu Nov 10 11:40:01 EST 2005
+##### in /etc/mail
+##### using /usr/share/sendmail-cf/ as configuration include directory
+#####
+######################################################################
+#####
+##### DO NOT EDIT THIS FILE! Only edit the source .mc file.
+#####
+######################################################################
+######################################################################
+
+##### $Id: cfhead.m4,v 8.116 2004/01/28 22:02:22 ca Exp $ #####
+##### $Id: cf.m4,v 8.32 1999/02/07 07:26:14 gshapiro Exp $ #####
+##### setup for Red Hat Linux #####
+##### $Id: linux.m4,v 8.13 2000/09/17 17:30:00 gshapiro Exp $ #####
+
+
+
+##### $Id: local_procmail.m4,v 8.22 2002/11/17 04:24:19 ca Exp $ #####
+
+
+##### $Id: no_default_msa.m4,v 8.2 2001/02/14 05:03:22 gshapiro Exp $ #####
+
+##### $Id: smrsh.m4,v 8.14 1999/11/18 05:06:23 ca Exp $ #####
+
+##### $Id: mailertable.m4,v 8.25 2002/06/27 23:23:57 gshapiro Exp $ #####
+
+##### $Id: virtusertable.m4,v 8.23 2002/06/27 23:23:57 gshapiro Exp $ #####
+
+##### $Id: redirect.m4,v 8.15 1999/08/06 01:47:36 gshapiro Exp $ #####
+
+##### $Id: always_add_domain.m4,v 8.11 2000/09/12 22:00:53 ca Exp $ #####
+
+##### $Id: use_cw_file.m4,v 8.11 2001/08/26 20:58:57 gshapiro Exp $ #####
+
+
+##### $Id: use_ct_file.m4,v 8.11 2001/08/26 20:58:57 gshapiro Exp $ #####
+
+
+##### $Id: local_procmail.m4,v 8.22 2002/11/17 04:24:19 ca Exp $ #####
+
+##### $Id: access_db.m4,v 8.26 2004/06/24 18:10:02 ca Exp $ #####
+
+##### $Id: blacklist_recipients.m4,v 8.13 1999/04/02 02:25:13 gshapiro Exp $ #####
+
+##### $Id: accept_unresolvable_domains.m4,v 8.10 1999/02/07 07:26:07 gshapiro Exp $ #####
+
+
+##### $Id: proto.m4,v 8.718 2005/08/24 18:07:23 ca Exp $ #####
+
+# level 10 config file format
+V10/Berkeley
+
+# override file safeties - setting this option compromises system security,
+# addressing the actual file configuration problem is preferred
+# need to set this before any file actions are encountered in the cf file
+#O DontBlameSendmail=safe
+
+# default LDAP map specification
+# need to set this now before any LDAP maps are defined
+#O LDAPDefaultSpec=-h localhost
+
+##################
+# local info #
+##################
+
+# my LDAP cluster
+# need to set this before any LDAP lookups are done (including classes)
+#D{sendmailMTACluster}$m
+
+Cwlocalhost
+# file containing names of hosts for which we receive email
+Fw/etc/mail/local-host-names
+
+# my official domain name
+# ... define this only if sendmail cannot automatically determine your domain
+#Dj$w.Foo.COM
+
+# host/domain names ending with a token in class P are canonical
+CP.
+
+# "Smart" relay host (may be null)
+DS
+
+
+# operators that cannot be in local usernames (i.e., network indicators)
+CO @ % !
+
+# a class with just dot (for identifying canonical names)
+C..
+
+# a class with just a left bracket (for identifying domain literals)
+C[[
+
+# access_db acceptance class
+C{Accept}OK RELAY
+
+
+C{ResOk}OKR
+
+
+# Hosts for which relaying is permitted ($=R)
+FR-o /etc/mail/relay-domains
+
+# arithmetic map
+Karith arith
+# macro storage map
+Kmacro macro
+# possible values for TLS_connection in access map
+C{Tls}VERIFY ENCR
+
+
+
+
+
+# dequoting map
+Kdequote dequote
+
+# class E: names that should be exposed as from this host, even if we masquerade
+# class L: names that should be delivered locally, even if we have a relay
+# class M: domains that should be converted to $M
+# class N: domains that should not be converted to $M
+#CL root
+C{E}root
+C{w}localhost.localdomain
+
+
+
+# my name for error messages
+DnMAILER-DAEMON
+
+
+# Mailer table (overriding domains)
+Kmailertable hash -o /etc/mail/mailertable.db
+
+# Virtual user table (maps incoming users)
+Kvirtuser hash -o /etc/mail/virtusertable.db
+
+CPREDIRECT
+
+# Access list database (for spam stomping)
+Kaccess hash -T -o /etc/mail/access.db
+
+# Configuration version number
+DZ8.13.5
+
+
+###############
+# Options #
+###############
+
+# strip message body to 7 bits on input?
+O SevenBitInput=False
+
+# 8-bit data handling
+#O EightBitMode=pass8
+
+# wait for alias file rebuild (default units: minutes)
+O AliasWait=10
+
+# location of alias file
+O AliasFile=/etc/aliases
+
+# minimum number of free blocks on filesystem
+O MinFreeBlocks=100
+
+# maximum message size
+#O MaxMessageSize=0
+
+# substitution for space (blank) characters
+O BlankSub=.
+
+# avoid connecting to "expensive" mailers on initial submission?
+O HoldExpensive=False
+
+# checkpoint queue runs after every N successful deliveries
+#O CheckpointInterval=10
+
+# default delivery mode
+O DeliveryMode=background
+
+# error message header/file
+#O ErrorHeader=/etc/mail/error-header
+
+# error mode
+#O ErrorMode=print
+
+# save Unix-style "From_" lines at top of header?
+#O SaveFromLine=False
+
+# queue file mode (qf files)
+#O QueueFileMode=0600
+
+# temporary file mode
+O TempFileMode=0600
+
+# match recipients against GECOS field?
+#O MatchGECOS=False
+
+# maximum hop count
+#O MaxHopCount=25
+
+# location of help file
+O HelpFile=/etc/mail/helpfile
+
+# ignore dots as terminators in incoming messages?
+#O IgnoreDots=False
+
+# name resolver options
+#O ResolverOptions=+AAONLY
+
+# deliver MIME-encapsulated error messages?
+O SendMimeErrors=True
+
+# Forward file search path
+O ForwardPath=$z/.forward.$w:$z/.forward
+
+# open connection cache size
+O ConnectionCacheSize=2
+
+# open connection cache timeout
+O ConnectionCacheTimeout=5m
+
+# persistent host status directory
+#O HostStatusDirectory=.hoststat
+
+# single thread deliveries (requires HostStatusDirectory)?
+#O SingleThreadDelivery=False
+
+# use Errors-To: header?
+O UseErrorsTo=False
+
+# log level
+O LogLevel=9
+
+# send to me too, even in an alias expansion?
+#O MeToo=True
+
+# verify RHS in newaliases?
+O CheckAliases=False
+
+# default messages to old style headers if no special punctuation?
+O OldStyleHeaders=True
+
+# SMTP daemon options
+
+O DaemonPortOptions=Port=smtp,Addr=127.0.0.1, Name=MTA
+
+# SMTP client options
+#O ClientPortOptions=Family=inet, Address=0.0.0.0
+
+# Modifiers to define {daemon_flags} for direct submissions
+#O DirectSubmissionModifiers
+
+# Use as mail submission program? See sendmail/SECURITY
+#O UseMSP
+
+# privacy flags
+O PrivacyOptions=authwarnings,novrfy,noexpn,restrictqrun
+
+# who (if anyone) should get extra copies of error messages
+#O PostmasterCopy=Postmaster
+
+# slope of queue-only function
+#O QueueFactor=600000
+
+# limit on number of concurrent queue runners
+#O MaxQueueChildren
+
+# maximum number of queue-runners per queue-grouping with multiple queues
+#O MaxRunnersPerQueue=1
+
+# priority of queue runners (nice(3))
+#O NiceQueueRun
+
+# shall we sort the queue by hostname first?
+#O QueueSortOrder=priority
+
+# minimum time in queue before retry
+#O MinQueueAge=30m
+
+# how many jobs can you process in the queue?
+#O MaxQueueRunSize=0
+
+# perform initial split of envelope without checking MX records
+#O FastSplit=1
+
+# queue directory
+O QueueDirectory=/var/spool/mqueue
+
+# key for shared memory; 0 to turn off
+#O SharedMemoryKey=0
+
+
+
+# timeouts (many of these)
+#O Timeout.initial=5m
+O Timeout.connect=1m
+#O Timeout.aconnect=0s
+#O Timeout.iconnect=5m
+#O Timeout.helo=5m
+#O Timeout.mail=10m
+#O Timeout.rcpt=1h
+#O Timeout.datainit=5m
+#O Timeout.datablock=1h
+#O Timeout.datafinal=1h
+#O Timeout.rset=5m
+#O Timeout.quit=2m
+#O Timeout.misc=2m
+#O Timeout.command=1h
+O Timeout.ident=0
+#O Timeout.fileopen=60s
+#O Timeout.control=2m
+O Timeout.queuereturn=5d
+#O Timeout.queuereturn.normal=5d
+#O Timeout.queuereturn.urgent=2d
+#O Timeout.queuereturn.non-urgent=7d
+#O Timeout.queuereturn.dsn=5d
+O Timeout.queuewarn=4h
+#O Timeout.queuewarn.normal=4h
+#O Timeout.queuewarn.urgent=1h
+#O Timeout.queuewarn.non-urgent=12h
+#O Timeout.queuewarn.dsn=4h
+#O Timeout.hoststatus=30m
+#O Timeout.resolver.retrans=5s
+#O Timeout.resolver.retrans.first=5s
+#O Timeout.resolver.retrans.normal=5s
+#O Timeout.resolver.retry=4
+#O Timeout.resolver.retry.first=4
+#O Timeout.resolver.retry.normal=4
+#O Timeout.lhlo=2m
+#O Timeout.auth=10m
+#O Timeout.starttls=1h
+
+# time for DeliverBy; extension disabled if less than 0
+#O DeliverByMin=0
+
+# should we not prune routes in route-addr syntax addresses?
+#O DontPruneRoutes=False
+
+# queue up everything before forking?
+O SuperSafe=True
+
+# status file
+O StatusFile=/var/log/mail/statistics
+
+# time zone handling:
+# if undefined, use system default
+# if defined but null, use TZ envariable passed in
+# if defined and non-null, use that info
+#O TimeZoneSpec=
+
+# default UID (can be username or userid:groupid)
+O DefaultUser=8:12
+
+# list of locations of user database file (null means no lookup)
+O UserDatabaseSpec=/etc/mail/userdb.db
+
+# fallback MX host
+#O FallbackMXhost=fall.back.host.net
+
+# fallback smart host
+#O FallbackSmartHost=fall.back.host.net
+
+# if we are the best MX host for a site, try it directly instead of config err
+O TryNullMXList=true
+
+# load average at which we just queue messages
+#O QueueLA=8
+
+# load average at which we refuse connections
+#O RefuseLA=12
+
+# log interval when refusing connections for this long
+#O RejectLogInterval=3h
+
+# load average at which we delay connections; 0 means no limit
+#O DelayLA=0
+
+# maximum number of children we allow at one time
+#O MaxDaemonChildren=0
+
+# maximum number of new connections per second
+#O ConnectionRateThrottle=0
+
+# Width of the window
+#O ConnectionRateWindowSize=60s
+
+# work recipient factor
+#O RecipientFactor=30000
+
+# deliver each queued job in a separate process?
+#O ForkEachJob=False
+
+# work class factor
+#O ClassFactor=1800
+
+# work time factor
+#O RetryFactor=90000
+
+# default character set
+#O DefaultCharSet=unknown-8bit
+
+# service switch file (name hardwired on Solaris, Ultrix, OSF/1, others)
+#O ServiceSwitchFile=/etc/mail/service.switch
+
+# hosts file (normally /etc/hosts)
+#O HostsFile=/etc/hosts
+
+# dialup line delay on connection failure
+#O DialDelay=0s
+
+# action to take if there are no recipients in the message
+#O NoRecipientAction=none
+
+# chrooted environment for writing to files
+#O SafeFileEnvironment
+
+# are colons OK in addresses?
+#O ColonOkInAddr=True
+
+# shall I avoid expanding CNAMEs (violates protocols)?
+#O DontExpandCnames=False
+
+# SMTP initial login message (old $e macro)
+O SmtpGreetingMessage=$j Sendmail $v/$Z; $b
+
+# UNIX initial From header format (old $l macro)
+O UnixFromLine=From $g $d
+
+# From: lines that have embedded newlines are unwrapped onto one line
+#O SingleLineFromHeader=False
+
+# Allow HELO SMTP command that does not include a host name
+#O AllowBogusHELO=False
+
+# Characters to be quoted in a full name phrase (@,;:\()[] are automatic)
+#O MustQuoteChars=.
+
+# delimiter (operator) characters (old $o macro)
+O OperatorChars=.:%@!^/[]+
+
+# shall I avoid calling initgroups(3) because of high NIS costs?
+#O DontInitGroups=False
+
+# are group-writable :include: and .forward files (un)trustworthy?
+# True (the default) means they are not trustworthy.
+#O UnsafeGroupWrites=True
+
+
+# where do errors that occur when sending errors get sent?
+#O DoubleBounceAddress=postmaster
+
+# where to save bounces if all else fails
+#O DeadLetterDrop=/var/tmp/dead.letter
+
+# what user id do we assume for the majority of the processing?
+#O RunAsUser=sendmail
+
+# maximum number of recipients per SMTP envelope
+#O MaxRecipientsPerMessage=0
+
+# limit the rate recipients per SMTP envelope are accepted
+# once the threshold number of recipients have been rejected
+#O BadRcptThrottle=0
+
+# shall we get local names from our installed interfaces?
+O DontProbeInterfaces=true
+
+# Return-Receipt-To: header implies DSN request
+#O RrtImpliesDsn=False
+
+# override connection address (for testing)
+#O ConnectOnlyTo=0.0.0.0
+
+# Trusted user for file ownership and starting the daemon
+#O TrustedUser=root
+
+# Control socket for daemon management
+#O ControlSocketName=/var/spool/mqueue/.control
+
+# Maximum MIME header length to protect MUAs
+#O MaxMimeHeaderLength=0/0
+
+# Maximum length of the sum of all headers
+#O MaxHeadersLength=32768
+
+# Maximum depth of alias recursion
+#O MaxAliasRecursion=10
+
+# location of pid file
+#O PidFile=/var/run/sendmail.pid
+
+# Prefix string for the process title shown on 'ps' listings
+#O ProcessTitlePrefix=prefix
+
+# Data file (df) memory-buffer file maximum size
+#O DataFileBufferSize=4096
+
+# Transcript file (xf) memory-buffer file maximum size
+#O XscriptFileBufferSize=4096
+
+# lookup type to find information about local mailboxes
+#O MailboxDatabase=pw
+
+# override compile time flag REQUIRES_DIR_FSYNC
+#O RequiresDirfsync=true
+
+# list of authentication mechanisms
+#O AuthMechanisms=EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5
+
+# Authentication realm
+#O AuthRealm
+
+# default authentication information for outgoing connections
+#O DefaultAuthInfo=/etc/mail/default-auth-info
+
+# SMTP AUTH flags
+O AuthOptions=A
+
+# SMTP AUTH maximum encryption strength
+#O AuthMaxBits
+
+# SMTP STARTTLS server options
+#O TLSSrvOptions
+
+# Input mail filters
+#O InputMailFilters
+
+
+# CA directory
+#O CACertPath
+# CA file
+#O CACertFile
+# Server Cert
+#O ServerCertFile
+# Server private key
+#O ServerKeyFile
+# Client Cert
+#O ClientCertFile
+# Client private key
+#O ClientKeyFile
+# File containing certificate revocation lists
+#O CRLFile
+# DHParameters (only required if DSA/DH is used)
+#O DHParameters
+# Random data source (required for systems without /dev/urandom under OpenSSL)
+#O RandFile
+
+############################
+# QUEUE GROUP DEFINITIONS #
+############################
+
+
+###########################
+# Message precedences #
+###########################
+
+Pfirst-class=0
+Pspecial-delivery=100
+Plist=-30
+Pbulk=-60
+Pjunk=-100
+
+#####################
+# Trusted users #
+#####################
+
+# this is equivalent to setting class "t"
+Ft/etc/mail/trusted-users
+Troot
+Tdaemon
+Tuucp
+
+#########################
+# Format of headers #
+#########################
+
+H?P?Return-Path: <$g>
+HReceived: $?sfrom $s $.$?_($?s$|from $.$_)
+ $.$?{auth_type}(authenticated$?{auth_ssf} bits=${auth_ssf}$.)
+ $.by $j ($v/$Z)$?r with $r$. id $i$?{tls_version}
+ (version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify})$.$?u
+ for $u; $|;
+ $.$b
+H?D?Resent-Date: $a
+H?D?Date: $a
+H?F?Resent-From: $?x$x <$g>$|$g$.
+H?F?From: $?x$x <$g>$|$g$.
+H?x?Full-Name: $x
+# HPosted-Date: $a
+# H?l?Received-Date: $b
+H?M?Resent-Message-Id: <$t.$i@$j>
+H?M?Message-Id: <$t.$i@$j>
+
+#
+######################################################################
+######################################################################
+#####
+##### REWRITING RULES
+#####
+######################################################################
+######################################################################
+
+############################################
+### Ruleset 3 -- Name Canonicalization ###
+############################################
+Scanonify=3
+
+# handle null input (translate to <@> special case)
+R$@ $@ <@>
+
+# strip group: syntax (not inside angle brackets!) and trailing semicolon
+R$* $: $1 <@> mark addresses
+R$* < $* > $* <@> $: $1 < $2 > $3 unmark
+R@ $* <@> $: @ $1 unmark @host:...
+R$* [ IPv6 : $+ ] <@> $: $1 [ IPv6 : $2 ] unmark IPv6 addr
+R$* :: $* <@> $: $1 :: $2 unmark node::addr
+R:include: $* <@> $: :include: $1 unmark :include:...
+R$* : $* [ $* ] $: $1 : $2 [ $3 ] <@> remark if leading colon
+R$* : $* <@> $: $2 strip colon if marked
+R$* <@> $: $1 unmark
+R$* ; $1 strip trailing semi
+R$* < $+ :; > $* $@ $2 :; <@> catch
+R$* < $* ; > $1 < $2 > bogus bracketed semi
+
+# null input now results from list:; syntax
+R$@ $@ :; <@>
+
+# strip angle brackets -- note RFC733 heuristic to get innermost item
+R$* $: < $1 > housekeeping <>
+R$+ < $* > < $2 > strip excess on left
+R< $* > $+ < $1 > strip excess on right
+R<> $@ < @ > MAIL FROM:<> case
+R< $+ > $: $1 remove housekeeping <>
+
+# strip route address <@a,@b,@c:user@d> ->
+R@ $+ , $+ $2
+R@ [ $* ] : $+ $2
+R@ $+ : $+ $2
+
+# find focus for list syntax
+R $+ : $* ; @ $+ $@ $>Canonify2 $1 : $2 ; < @ $3 > list syntax
+R $+ : $* ; $@ $1 : $2; list syntax
+
+# find focus for @ syntax addresses
+R$+ @ $+ $: $1 < @ $2 > focus on domain
+R$+ < $+ @ $+ > $1 $2 < @ $3 > move gaze right
+R$+ < @ $+ > $@ $>Canonify2 $1 < @ $2 > already canonical
+
+
+# convert old-style addresses to a domain-based address
+R$- ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > resolve uucp names
+R$+ . $- ! $+ $@ $>Canonify2 $3 < @ $1 . $2 > domain uucps
+R$+ ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > uucp subdomains
+
+# if we have % signs, take the rightmost one
+R$* % $* $1 @ $2 First make them all @s.
+R$* @ $* @ $* $1 % $2 @ $3 Undo all but the last.
+R$* @ $* $@ $>Canonify2 $1 < @ $2 > Insert < > and finish
+
+# else we must be a local name
+R$* $@ $>Canonify2 $1
+
+
+################################################
+### Ruleset 96 -- bottom half of ruleset 3 ###
+################################################
+
+SCanonify2=96
+
+# handle special cases for local names
+R$* < @ localhost > $* $: $1 < @ $j . > $2 no domain at all
+R$* < @ localhost . $m > $* $: $1 < @ $j . > $2 local domain
+R$* < @ localhost . UUCP > $* $: $1 < @ $j . > $2 .UUCP domain
+
+# check for IPv4/IPv6 domain literal
+R$* < @ [ $+ ] > $* $: $1 < @@ [ $2 ] > $3 mark [addr]
+R$* < @@ $=w > $* $: $1 < @ $j . > $3 self-literal
+R$* < @@ $+ > $* $@ $1 < @ $2 > $3 canon IP addr
+
+
+
+
+
+# if really UUCP, handle it immediately
+
+# try UUCP traffic as a local address
+R$* < @ $+ . UUCP > $* $: $1 < @ $[ $2 $] . UUCP . > $3
+R$* < @ $+ . . UUCP . > $* $@ $1 < @ $2 . > $3
+
+# hostnames ending in class P are always canonical
+R$* < @ $* $=P > $* $: $1 < @ $2 $3 . > $4
+R$* < @ $* $~P > $* $: $&{daemon_flags} $| $1 < @ $2 $3 > $4
+R$* CC $* $| $* < @ $+.$+ > $* $: $3 < @ $4.$5 . > $6
+R$* CC $* $| $* $: $3
+# pass to name server to make hostname canonical
+R$* $| $* < @ $* > $* $: $2 < @ $[ $3 $] > $4
+R$* $| $* $: $2
+
+# local host aliases and pseudo-domains are always canonical
+R$* < @ $=w > $* $: $1 < @ $2 . > $3
+R$* < @ $=M > $* $: $1 < @ $2 . > $3
+R$* < @ $={VirtHost} > $* $: $1 < @ $2 . > $3
+R$* < @ $* . . > $* $1 < @ $2 . > $3
+
+
+##################################################
+### Ruleset 4 -- Final Output Post-rewriting ###
+##################################################
+Sfinal=4
+
+R$+ :; <@> $@ $1 : handle
+R$* <@> $@ handle <> and list:;
+
+# strip trailing dot off possibly canonical name
+R$* < @ $+ . > $* $1 < @ $2 > $3
+
+# eliminate internal code
+R$* < @ *LOCAL* > $* $1 < @ $j > $2
+
+# externalize local domain info
+R$* < $+ > $* $1 $2 $3 defocus
+R@ $+ : @ $+ : $+ @ $1 , @ $2 : $3 canonical
+R@ $* $@ @ $1 ... and exit
+
+# UUCP must always be presented in old form
+R$+ @ $- . UUCP $2!$1 u@h.UUCP => h!u
+
+# delete duplicate local names
+R$+ % $=w @ $=w $1 @ $2 u%host@host => u@host
+
+
+
+##############################################################
+### Ruleset 97 -- recanonicalize and call ruleset zero ###
+### (used for recursive calls) ###
+##############################################################
+
+SRecurse=97
+R$* $: $>canonify $1
+R$* $@ $>parse $1
+
+
+######################################
+### Ruleset 0 -- Parse Address ###
+######################################
+
+Sparse=0
+
+R$* $: $>Parse0 $1 initial parsing
+R<@> $#local $: <@> special case error msgs
+R$* $: $>ParseLocal $1 handle local hacks
+R$* $: $>Parse1 $1 final parsing
+
+#
+# Parse0 -- do initial syntax checking and eliminate local addresses.
+# This should either return with the (possibly modified) input
+# or return with a #error mailer. It should not return with a
+# #mailer other than the #error mailer.
+#
+
+SParse0
+R<@> $@ <@> special case error msgs
+R$* : $* ; <@> $#error $@ 5.1.3 $: "553 List:; syntax illegal for recipient addresses"
+R@ <@ $* > < @ $1 > catch "@@host" bogosity
+R<@ $+> $#error $@ 5.1.3 $: "553 User address required"
+R$+ <@> $#error $@ 5.1.3 $: "553 Hostname required"
+R$* $: <> $1
+R<> $* < @ [ $* ] : $+ > $* $1 < @ [ $2 ] : $3 > $4
+R<> $* < @ [ $* ] , $+ > $* $1 < @ [ $2 ] , $3 > $4
+R<> $* < @ [ $* ] $+ > $* $#error $@ 5.1.2 $: "553 Invalid address"
+R<> $* < @ [ $+ ] > $* $1 < @ [ $2 ] > $3
+R<> $* <$* : $* > $* $#error $@ 5.1.3 $: "553 Colon illegal in host name part"
+R<> $* $1
+R$* < @ . $* > $* $#error $@ 5.1.2 $: "553 Invalid host name"
+R$* < @ $* .. $* > $* $#error $@ 5.1.2 $: "553 Invalid host name"
+R$* < @ $* @ > $* $#error $@ 5.1.2 $: "553 Invalid route address"
+R$* @ $* < @ $* > $* $#error $@ 5.1.3 $: "553 Invalid route address"
+R$* , $~O $* $#error $@ 5.1.3 $: "553 Invalid route address"
+
+
+# now delete the local info -- note $=O to find characters that cause forwarding
+R$* < @ > $* $@ $>Parse0 $>canonify $1 user@ => user
+R< @ $=w . > : $* $@ $>Parse0 $>canonify $2 @here:... -> ...
+R$- < @ $=w . > $: $(dequote $1 $) < @ $2 . > dequote "foo"@here
+R< @ $+ > $#error $@ 5.1.3 $: "553 User address required"
+R$* $=O $* < @ $=w . > $@ $>Parse0 $>canonify $1 $2 $3 ...@here -> ...
+R$- $: $(dequote $1 $) < @ *LOCAL* > dequote "foo"
+R< @ *LOCAL* > $#error $@ 5.1.3 $: "553 User address required"
+R$* $=O $* < @ *LOCAL* >
+ $@ $>Parse0 $>canonify $1 $2 $3 ...@*LOCAL* -> ...
+R$* < @ *LOCAL* > $: $1
+
+#
+# Parse1 -- the bottom half of ruleset 0.
+#
+
+SParse1
+
+# handle numeric address spec
+R$* < @ [ $+ ] > $* $: $>ParseLocal $1 < @ [ $2 ] > $3 numeric internet spec
+R$* < @ [ $+ ] > $* $: $1 < @ [ $2 ] : $S > $3 Add smart host to path
+R$* < @ [ $+ ] : > $* $#esmtp $@ [$2] $: $1 < @ [$2] > $3 no smarthost: send
+R$* < @ [ $+ ] : $- : $*> $* $#$3 $@ $4 $: $1 < @ [$2] > $5 smarthost with mailer
+R$* < @ [ $+ ] : $+ > $* $#esmtp $@ $3 $: $1 < @ [$2] > $4 smarthost without mailer
+
+# handle virtual users
+R$+ $: $1 Mark for lookup
+R $+ < @ $={VirtHost} . > $: < $(virtuser $1 @ $2 $@ $1 $: @ $) > $1 < @ $2 . >
+R $+ < @ $=w . > $: < $(virtuser $1 @ $2 $@ $1 $: @ $) > $1 < @ $2 . >
+R<@> $+ + $+ < @ $* . >
+ $: < $(virtuser $1 + + @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . >
+R<@> $+ + $* < @ $* . >
+ $: < $(virtuser $1 + * @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . >
+R<@> $+ + $* < @ $* . >
+ $: < $(virtuser $1 @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . >
+R<@> $+ + $+ < @ $+ . > $: < $(virtuser + + @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . >
+R<@> $+ + $* < @ $+ . > $: < $(virtuser + * @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . >
+R<@> $+ + $* < @ $+ . > $: < $(virtuser @ $3 $@ $1 $@ $2 $@ +$2 $: ! $) > $1 + $2 < @ $3 . >
+R<@> $+ < @ $+ . > $: < $(virtuser @ $2 $@ $1 $: @ $) > $1 < @ $2 . >
+R<@> $+ $: $1
+R $+ $: $1
+R< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4
+R< error : $- $+ > $* $#error $@ $(dequote $1 $) $: $2
+R< $+ > $+ < @ $+ > $: $>Recurse $1
+
+# short circuit local delivery so forwarded email works
+
+
+R$=L < @ $=w . > $#local $: @ $1 special local names
+R$+ < @ $=w . > $#local $: $1 regular local name
+
+# not local -- try mailer table lookup
+R$* <@ $+ > $* $: < $2 > $1 < @ $2 > $3 extract host name
+R< $+ . > $* $: < $1 > $2 strip trailing dot
+R< $+ > $* $: < $(mailertable $1 $) > $2 lookup
+R< $~[ : $* > $* $>MailerToTriple < $1 : $2 > $3 check -- resolved?
+R< $+ > $* $: $>Mailertable <$1> $2 try domain
+
+# resolve remotely connected UUCP links (if any)
+
+# resolve fake top level domains by forwarding to other hosts
+
+
+
+# pass names that still have a host to a smarthost (if defined)
+R$* < @ $* > $* $: $>MailerToTriple < $S > $1 < @ $2 > $3 glue on smarthost name
+
+# deal with other remote names
+R$* < @$* > $* $#esmtp $@ $2 $: $1 < @ $2 > $3 user@host.domain
+
+# handle locally delivered names
+R$=L $#local $: @ $1 special local names
+R$+ $#local $: $1 regular local names
+
+###########################################################################
+### Ruleset 5 -- special rewriting after aliases have been expanded ###
+###########################################################################
+
+SLocal_localaddr
+Slocaladdr=5
+R$+ $: $1 $| $>"Local_localaddr" $1
+R$+ $| $#ok $@ $1 no change
+R$+ $| $#$* $#$2
+R$+ $| $* $: $1
+
+
+
+
+# deal with plussed users so aliases work nicely
+R$+ + * $#local $@ $&h $: $1
+R$+ + $* $#local $@ + $2 $: $1 + *
+
+# prepend an empty "forward host" on the front
+R$+ $: <> $1
+
+
+
+R< > $+ $: < > < $1 <> $&h > nope, restore +detail
+
+R< > < $+ <> + $* > $: < > < $1 + $2 > check whether +detail
+R< > < $+ <> $* > $: < > < $1 > else discard
+R< > < $+ + $* > $* < > < $1 > + $2 $3 find the user part
+R< > < $+ > + $* $#local $@ $2 $: @ $1 strip the extra +
+R< > < $+ > $@ $1 no +detail
+R$+ $: $1 <> $&h add +detail back in
+
+R$+ <> + $* $: $1 + $2 check whether +detail
+R$+ <> $* $: $1 else discard
+R< local : $* > $* $: $>MailerToTriple < local : $1 > $2 no host extension
+R< error : $* > $* $: $>MailerToTriple < error : $1 > $2 no host extension
+
+R< $~[ : $+ > $+ $: $>MailerToTriple < $1 : $2 > $3 < @ $2 >
+
+R< $+ > $+ $@ $>MailerToTriple < $1 > $2 < @ $1 >
+
+
+###################################################################
+### Ruleset 90 -- try domain part of mailertable entry ###
+###################################################################
+
+SMailertable=90
+R$* <$- . $+ > $* $: $1$2 < $(mailertable .$3 $@ $1$2 $@ $2 $) > $4
+R$* <$~[ : $* > $* $>MailerToTriple < $2 : $3 > $4 check -- resolved?
+R$* < . $+ > $* $@ $>Mailertable $1 . <$2> $3 no -- strip & try again
+R$* < $* > $* $: < $(mailertable . $@ $1$2 $) > $3 try "."
+R< $~[ : $* > $* $>MailerToTriple < $1 : $2 > $3 "." found?
+R< $* > $* $@ $2 no mailertable match
+
+###################################################################
+### Ruleset 95 -- canonify mailer:[user@]host syntax to triple ###
+###################################################################
+
+SMailerToTriple=95
+R< > $* $@ $1 strip off null relay
+R< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4
+R< error : $- : $+ > $* $#error $@ $(dequote $1 $) $: $2
+R< error : $+ > $* $#error $: $1
+R< local : $* > $* $>CanonLocal < $1 > $2
+R< $~[ : $+ @ $+ > $*<$*>$* $# $1 $@ $3 $: $2<@$3> use literal user
+R< $~[ : $+ > $* $# $1 $@ $2 $: $3 try qualified mailer
+R< $=w > $* $@ $2 delete local host
+R< $+ > $* $#relay $@ $1 $: $2 use unqualified mailer
+
+###################################################################
+### Ruleset CanonLocal -- canonify local: syntax ###
+###################################################################
+
+SCanonLocal
+# strip local host from routed addresses
+R< $* > < @ $+ > : $+ $@ $>Recurse $3
+R< $* > $+ $=O $+ < @ $+ > $@ $>Recurse $2 $3 $4
+
+# strip trailing dot from any host name that may appear
+R< $* > $* < @ $* . > $: < $1 > $2 < @ $3 >
+
+# handle local: syntax -- use old user, either with or without host
+R< > $* < @ $* > $* $#local $@ $1@$2 $: $1
+R< > $+ $#local $@ $1 $: $1
+
+# handle local:user@host syntax -- ignore host part
+R< $+ @ $+ > $* < @ $* > $: < $1 > $3 < @ $4 >
+
+# handle local:user syntax
+R< $+ > $* <@ $* > $* $#local $@ $2@$3 $: $1
+R< $+ > $* $#local $@ $2 $: $1
+
+###################################################################
+### Ruleset 93 -- convert header names to masqueraded form ###
+###################################################################
+
+SMasqHdr=93
+
+
+# do not masquerade anything in class N
+R$* < @ $* $=N . > $@ $1 < @ $2 $3 . >
+
+R$* < @ *LOCAL* > $@ $1 < @ $j . >
+
+###################################################################
+### Ruleset 94 -- convert envelope names to masqueraded form ###
+###################################################################
+
+SMasqEnv=94
+R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
+
+###################################################################
+### Ruleset 98 -- local part of ruleset zero (can be null) ###
+###################################################################
+
+SParseLocal=98
+
+# addresses sent to foo@host.REDIRECT will give a 551 error code
+R$* < @ $+ .REDIRECT. > $: $1 < @ $2 . REDIRECT . > < ${opMode} >
+R$* < @ $+ .REDIRECT. > $: $1 < @ $2 . REDIRECT. >
+R$* < @ $+ .REDIRECT. > < $- > $#error $@ 5.1.1 $: "551 User has moved; please try " <$1@$2>
+
+
+
+
+######################################################################
+### D: LookUpDomain -- search for domain in access database
+###
+### Parameters:
+### <$1> -- key (domain name)
+### <$2> -- default (what to return if not found in db)
+### <$3> -- mark (must be <(!|+) single-token>)
+### ! does lookup only with tag
+### + does lookup with and without tag
+### <$4> -- passthru (additional data passed unchanged through)
+######################################################################
+
+SD
+R<$*> <$+> <$- $-> <$*> $: < $(access $4:$1 $: ? $) > <$1> <$2> <$3 $4> <$5>
+R> <$+> <$+> <+ $-> <$*> $: < $(access $1 $: ? $) > <$1> <$2> <+ $3> <$4>
+R> <[$+.$-]> <$+> <$- $-> <$*> $@ $>D <[$1]> <$3> <$4 $5> <$6>
+R> <[$+::$-]> <$+> <$- $-> <$*> $: $>D <[$1]> <$3> <$4 $5> <$6>
+R> <[$+:$-]> <$+> <$- $-> <$*> $: $>D <[$1]> <$3> <$4 $5> <$6>
+R> <$+.$+> <$+> <$- $-> <$*> $@ $>D <$2> <$3> <$4 $5> <$6>
+R> <$+> <$+> <$- $-> <$*> $@ <$2> <$5>
+R<$* > <$+> <$+> <$- $-> <$*> $@ <> <$6>
+R<$*> <$+> <$+> <$- $-> <$*> $@ <$1> <$6>
+
+######################################################################
+### A: LookUpAddress -- search for host address in access database
+###
+### Parameters:
+### <$1> -- key (dot quadded host address)
+### <$2> -- default (what to return if not found in db)
+### <$3> -- mark (must be <(!|+) single-token>)
+### ! does lookup only with tag
+### + does lookup with and without tag
+### <$4> -- passthru (additional data passed through)
+######################################################################
+
+SA
+R<$+> <$+> <$- $-> <$*> $: < $(access $4:$1 $: ? $) > <$1> <$2> <$3 $4> <$5>
+R> <$+> <$+> <+ $-> <$*> $: < $(access $1 $: ? $) > <$1> <$2> <+ $3> <$4>
+R> <$+::$-> <$+> <$- $-> <$*> $@ $>A <$1> <$3> <$4 $5> <$6>
+R> <$+:$-> <$+> <$- $-> <$*> $@ $>A <$1> <$3> <$4 $5> <$6>
+R> <$+.$-> <$+> <$- $-> <$*> $@ $>A <$1> <$3> <$4 $5> <$6>
+R> <$+> <$+> <$- $-> <$*> $@ <$2> <$5>
+R<$* > <$+> <$+> <$- $-> <$*> $@ <> <$6>
+R<$*> <$+> <$+> <$- $-> <$*> $@ <$1> <$6>
+
+######################################################################
+### CanonAddr -- Convert an address into a standard form for
+### relay checking. Route address syntax is
+### crudely converted into a %-hack address.
+###
+### Parameters:
+### $1 -- full recipient address
+###
+### Returns:
+### parsed address, not in source route form
+######################################################################
+
+SCanonAddr
+R$* $: $>Parse0 $>canonify $1 make domain canonical
+
+
+######################################################################
+### ParseRecipient -- Strip off hosts in $=R as well as possibly
+### $* $=m or the access database.
+### Check user portion for host separators.
+###
+### Parameters:
+### $1 -- full recipient address
+###
+### Returns:
+### parsed, non-local-relaying address
+######################################################################
+
+SParseRecipient
+R$* $: > $>CanonAddr $1
+R> $* < @ $* . > > $1 < @ $2 > strip trailing dots
+R> $- < @ $* > $: > $(dequote $1 $) < @ $2 > dequote local part
+
+# if no $=O character, no host in the user portion, we are done
+R> $* $=O $* < @ $* > $: $1 $2 $3 < @ $4>
+R> $* $@ $1
+
+
+R $* < @ $* $=R > $: $1 < @ $2 $3 >
+R $* < @ $+ > $: $>D <$2> <+ To> <$1 < @ $2 >>
+R<$+> <$+> $: <$1> $2
+
+
+
+R $* < @ $* > $@ $>ParseRecipient $1
+R<$+> $* $@ $2
+
+
+######################################################################
+### check_relay -- check hostname/address on SMTP startup
+######################################################################
+
+
+
+SLocal_check_relay
+Scheck_relay
+R$* $: $1 $| $>"Local_check_relay" $1
+R$* $| $* $| $#$* $#$3
+R$* $| $* $| $* $@ $>"Basic_check_relay" $1 $| $2
+
+SBasic_check_relay
+# check for deferred delivery mode
+R$* $: < $&{deliveryMode} > $1
+R< d > $* $@ deferred
+R< $* > $* $: $2
+
+R$+ $| $+ $: $>D < $1 > > <+ Connect> < $2 >
+R $| $+ $: $>A < $1 > > <+ Connect> <> empty client_name
+R> <$+> $: $>A < $1 > > <+ Connect> <> no: another lookup
+R> <$*> $: OK found nothing
+R<$={Accept}> <$*> $@ $1 return value of lookup
+R <$*> $#error $@ 5.7.1 $: "550 Access denied"
+R <$*> $#discard $: discard
+R <$*> $#error $@ quarantine $: $1
+R <$*> $#error $@ $1.$2.$3 $: $4
+R <$*> $#error $: $1
+R<$* > <$*> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
+R<$+> <$*> $#error $: $1
+
+
+
+######################################################################
+### check_mail -- check SMTP `MAIL FROM:' command argument
+######################################################################
+
+SLocal_check_mail
+Scheck_mail
+R$* $: $1 $| $>"Local_check_mail" $1
+R$* $| $#$* $#$2
+R$* $| $* $@ $>"Basic_check_mail" $1
+
+SBasic_check_mail
+# check for deferred delivery mode
+R$* $: < $&{deliveryMode} > $1
+R< d > $* $@ deferred
+R< $* > $* $: $2
+
+# authenticated?
+R$* $: $1 $| $>"tls_client" $&{verify} $| MAIL
+R$* $| $#$+ $#$2
+R$* $| $* $: $1
+
+R<> $@ we MUST accept <> (RFC 1123)
+R$+ $: > $1
+R><$+> $: <@> <$1>
+R>$+ $: <@> <$1>
+R$* $: $&{daemon_flags} $| $1
+R$* f $* $| <@> < $* @ $- > $: < ? $&{client_name} > < $3 @ $4 >
+R$* u $* $| <@> < $* > $: > < $3 >
+R$* $| $* $: $2
+# handle case of @localhost on address
+R<@> < $* @ localhost > $: < ? $&{client_name} > < $1 @ localhost >
+R<@> < $* @ [127.0.0.1] >
+ $: < ? $&{client_name} > < $1 @ [127.0.0.1] >
+R<@> < $* @ localhost.$m >
+ $: < ? $&{client_name} > < $1 @ localhost.$m >
+R<@> < $* @ localhost.UUCP >
+ $: < ? $&{client_name} > < $1 @ localhost.UUCP >
+R<@> $* $: $1 no localhost as domain
+R $=w> $* $: $2 local client: ok
+R $+> <$+> $#error $@ 5.5.4 $: "553 Real domain name required for sender address"
+R> $* $: $1
+R$* $: > $>CanonAddr $1 canonify sender address and mark it
+R> $* < @ $+ . > > $1 < @ $2 > strip trailing dots
+# handle non-DNS hostnames (*.bitnet, *.decnet, *.uucp, etc)
+R> $* < @ $* $=P > $: $1 < @ $2 $3 >
+R> $* < @ $j > $: $1 < @ $j >
+R> $* < @ $+ > $: $1 < @ $2 > ... unresolvable OK
+
+# check sender address: user@address, user@, address
+R<$+> $+ < @ $* > $: @<$1> <$2 < @ $3 >> $|
+R<$+> $+ $: @<$1> <$2> $|
+R@ <$+> <$*> $| <$+> $: <@> <$1> <$2> $| $>SearchList <+ From> $| <$3> <>
+R<@> <$+> <$*> $| <$*> $: <$3> <$1> <$2> reverse result
+# retransform for further use
+R> <$+> <$*> $: <$1> $2 no match
+R<$+> <$+> <$*> $: <$1> $3 relevant result, keep it
+
+# handle case of no @domain on address
+R> $* $: $&{daemon_flags} $| > $1
+R$* u $* $| > $* $: $3
+R$* $| $* $: $2
+R> $* $: < ? $&{client_addr} > $1
+R> $* $@ ...local unqualed ok
+R $+> $* $#error $@ 5.5.4 $: "553 Domain name required for sender address " $&f
+ ...remote is not
+# check results
+R> $* $: @ $1 mark address: nothing known about it
+R<$={ResOk}> $* $@ domain ok: stop
+R $* $#error $@ 4.1.8 $: "451 Domain of sender address " $&f " does not resolve"
+R $* $#error $@ 5.1.8 $: "553 Domain of sender address " $&f " does not exist"
+R<$={Accept}> $* $# $1 accept from access map
+R $* $#discard $: discard
+R $* $#error $@ quarantine $: $1
+R $* $#error $@ 5.7.1 $: "550 Access denied"
+R $* $#error $@ $1.$2.$3 $: $4
+R $* $#error $: $1
+R<> $* $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
+R<$+> $* $#error $: $1 error from access db
+
+######################################################################
+### check_rcpt -- check SMTP `RCPT TO:' command argument
+######################################################################
+
+SLocal_check_rcpt
+Scheck_rcpt
+R$* $: $1 $| $>"Local_check_rcpt" $1
+R$* $| $#$* $#$2
+R$* $| $* $@ $>"Basic_check_rcpt" $1
+
+SBasic_check_rcpt
+# empty address?
+R<> $#error $@ nouser $: "553 User address required"
+R$@ $#error $@ nouser $: "553 User address required"
+# check for deferred delivery mode
+R$* $: < $&{deliveryMode} > $1
+R< d > $* $@ deferred
+R< $* > $* $: $2
+
+
+######################################################################
+R$* $: $1 $| @ $>"Rcpt_ok" $1
+R$* $| @ $#TEMP $+ $: $1 $| T $2
+R$* $| @ $#$* $#$2
+R$* $| @ RELAY $@ RELAY
+R$* $| @ $* $: O $| $>"Relay_ok" $1
+R$* $| T $+ $: T $2 $| $>"Relay_ok" $1
+R$* $| $#TEMP $+ $#error $2
+R$* $| $#$* $#$2
+R$* $| RELAY $@ RELAY
+R T $+ $| $* $#error $1
+# anything else is bogus
+R$* $#error $@ 5.7.1 $: "550 Relaying denied"
+
+
+######################################################################
+### Rcpt_ok: is the recipient ok?
+######################################################################
+SRcpt_ok
+R$* $: $>ParseRecipient $1 strip relayable hosts
+
+
+
+# blacklist local users or any host from receiving mail
+R$* $: > $1
+R> $+ < @ $=w > $: <> <$1 < @ $2 >> $|
+R> $+ < @ $* > $: <> <$1 < @ $2 >> $|
+R> $+ $: <> <$1> $|
+R<> <$*> $| <$+> $: <@> <$1> $| $>SearchList <+ To> $| <$2> <>
+R<@> <$*> $| <$*> $: <$2> <$1> reverse result
+R> <$*> $: @ $1 mark address as no match
+R<$={Accept}> <$*> $: @ $2 mark address as no match
+
+R $* $#error $@ 5.2.1 $: "550 Mailbox disabled for this recipient"
+R $* $#discard $: discard
+R $* $#error $@ quarantine $: $1
+R $* $#error $@ $1.$2.$3 $: $4
+R $* $#error $: $1
+R<> $* $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
+R<$+> $* $#error $: $1 error from access db
+R@ $* $1 remove mark
+
+# authenticated via TLS?
+R$* $: $1 $| $>RelayTLS client authenticated?
+R$* $| $# $+ $# $2 error/ok?
+R$* $| $* $: $1 no
+
+R$* $: $1 $| $>"Local_Relay_Auth" $&{auth_type}
+R$* $| $# $* $# $2
+R$* $| NO $: $1
+R$* $| $* $: $1 $| $&{auth_type}
+R$* $| $: $1
+R$* $| $={TrustAuthMech} $# RELAY
+R$* $| $* $: $1
+# anything terminating locally is ok
+R$+ < @ $=w > $@ RELAY
+R$+ < @ $* $=R > $@ RELAY
+R$+ < @ $+ > $: $>D <$2> > <+ To> <$1 < @ $2 >>
+R $* $@ RELAY
+R<$* > $* $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
+R<$*> <$*> $: $2
+
+
+
+# check for local user (i.e. unqualified address)
+R$* $: > $1
+R> $* < @ $+ > $: $1 < @ $2 >
+# local user is ok
+R> $+ $@ RELAY
+R<$+> $* $: $2
+
+######################################################################
+### Relay_ok: is the relay/sender ok?
+######################################################################
+SRelay_ok
+# anything originating locally is ok
+# check IP address
+R$* $: $&{client_addr}
+R$@ $@ RELAY originated locally
+R0 $@ RELAY originated locally
+R127.0.0.1 $@ RELAY originated locally
+RIPv6:::1 $@ RELAY originated locally
+R$=R $* $@ RELAY relayable IP address
+R$* $: $>A <$1> > <+ Connect> <$1>
+R $* $@ RELAY relayable IP address
+
+R<> $* $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
+R<$*> <$*> $: $2
+R$* $: [ $1 ] put brackets around it...
+R$=w $@ RELAY ... and see if it is local
+
+
+# check client name: first: did it resolve?
+R$* $: < $&{client_resolve} >
+R $#TEMP $@ 4.4.0 $: "450 Relaying temporarily denied. Cannot resolve PTR record for " $&{client_addr}
+R $#error $@ 5.7.1 $: "550 Relaying denied. IP name possibly forged " $&{client_name}
+R $#error $@ 5.7.1 $: "550 Relaying denied. IP name lookup failed " $&{client_name}
+R$* $: <@> $&{client_name}
+# pass to name server to make hostname canonical
+R<@> $* $=P $:> $1 $2
+R<@> $+ $:> $[ $1 $]
+R$* . $1 strip trailing dots
+R> $=w $@ RELAY
+R> $* $=R $@ RELAY
+R> $* $: $>D <$1> > <+ Connect> <$1>
+R $* $@ RELAY
+R<$* > $* $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
+R<$*> <$*> $: $2
+
+
+######################################################################
+### F: LookUpFull -- search for an entry in access database
+###
+### lookup of full key (which should be an address) and
+### variations if +detail exists: +* and without +detail
+###
+### Parameters:
+### <$1> -- key
+### <$2> -- default (what to return if not found in db)
+### <$3> -- mark (must be <(!|+) single-token>)
+### ! does lookup only with tag
+### + does lookup with and without tag
+### <$4> -- passthru (additional data passed unchanged through)
+######################################################################
+
+SF
+R<$+> <$*> <$- $-> <$*> $: <$(access $4:$1 $: ? $)> <$1> <$2> <$3 $4> <$5>
+R> <$+> <$*> <+ $-> <$*> $: <$(access $1 $: ? $)> <$1> <$2> <+ $3> <$4>
+R> <$+ + $* @ $+> <$*> <$- $-> <$*>
+ $: <$(access $6:$1+*@$3 $: ? $)> <$1+$2@$3> <$4> <$5 $6> <$7>
+R> <$+ + $* @ $+> <$*> <+ $-> <$*>
+ $: <$(access $1+*@$3 $: ? $)> <$1+$2@$3> <$4> <+ $5> <$6>
+R> <$+ + $* @ $+> <$*> <$- $-> <$*>
+ $: <$(access $6:$1@$3 $: ? $)> <$1+$2@$3> <$4> <$5 $6> <$7>
+R> <$+ + $* @ $+> <$*> <+ $-> <$*>
+ $: <$(access $1@$3 $: ? $)> <$1+$2@$3> <$4> <+ $5> <$6>
+R> <$+> <$*> <$- $-> <$*> $@ <$2> <$5>
+R<$+ > <$*> <$- $-> <$*> $@ <> <$5>
+R<$+> <$*> <$- $-> <$*> $@ <$1> <$5>
+
+######################################################################
+### E: LookUpExact -- search for an entry in access database
+###
+### Parameters:
+### <$1> -- key
+### <$2> -- default (what to return if not found in db)
+### <$3> -- mark (must be <(!|+) single-token>)
+### ! does lookup only with tag
+### + does lookup with and without tag
+### <$4> -- passthru (additional data passed unchanged through)
+######################################################################
+
+SE
+R<$*> <$*> <$- $-> <$*> $: <$(access $4:$1 $: ? $)> <$1> <$2> <$3 $4> <$5>
+R> <$+> <$*> <+ $-> <$*> $: <$(access $1 $: ? $)> <$1> <$2> <+ $3> <$4>
+R> <$+> <$*> <$- $-> <$*> $@ <$2> <$5>
+R<$+ > <$*> <$- $-> <$*> $@ <> <$5>
+R<$+> <$*> <$- $-> <$*> $@ <$1> <$5>
+
+######################################################################
+### U: LookUpUser -- search for an entry in access database
+###
+### lookup of key (which should be a local part) and
+### variations if +detail exists: +* and without +detail
+###
+### Parameters:
+### <$1> -- key (user@)
+### <$2> -- default (what to return if not found in db)
+### <$3> -- mark (must be <(!|+) single-token>)
+### ! does lookup only with tag
+### + does lookup with and without tag
+### <$4> -- passthru (additional data passed unchanged through)
+######################################################################
+
+SU
+R<$+> <$*> <$- $-> <$*> $: <$(access $4:$1 $: ? $)> <$1> <$2> <$3 $4> <$5>
+R> <$+> <$*> <+ $-> <$*> $: <$(access $1 $: ? $)> <$1> <$2> <+ $3> <$4>
+R> <$+ + $* @> <$*> <$- $-> <$*>
+ $: <$(access $5:$1+*@ $: ? $)> <$1+$2@> <$3> <$4 $5> <$6>
+R> <$+ + $* @> <$*> <+ $-> <$*>
+ $: <$(access $1+*@ $: ? $)> <$1+$2@> <$3> <+ $4> <$5>
+R> <$+ + $* @> <$*> <$- $-> <$*>
+ $: <$(access $5:$1@ $: ? $)> <$1+$2@> <$3> <$4 $5> <$6>
+R> <$+ + $* @> <$*> <+ $-> <$*>
+ $: <$(access $1@ $: ? $)> <$1+$2@> <$3> <+ $4> <$5>
+R> <$+> <$*> <$- $-> <$*> $@ <$2> <$5>
+R<$+ > <$*> <$- $-> <$*> $@ <> <$5>
+R<$+> <$*> <$- $-> <$*> $@ <$1> <$5>
+
+######################################################################
+### SearchList: search a list of items in the access map
+### Parameters:
+### $| ... <>
+### where "exact" is either "+" or "!":
+### <+ TAG> lookup with and w/o tag
+### lookup with tag
+### possible values for "mark" are:
+### D: recursive host lookup (LookUpDomain)
+### E: exact lookup, no modifications
+### F: full lookup, try user+ext@domain and user@domain
+### U: user lookup, try user+ext and user (input must have trailing @)
+### return: or > (not found)
+######################################################################
+
+# class with valid marks for SearchList
+C{Src}E F D U
+SSearchList
+# just call the ruleset with the name of the tag... nice trick...
+R<$+> $| <$={Src}:$*> <$*> $: <$1> $| <$4> $| $>$2 <$3> > <$1> <>
+R<$+> $| <> $| > <> $@ >
+R<$+> $| <$+> $| > <> $@ $>SearchList <$1> $| <$2>
+R<$+> $| <$*> $| <$+> <> $@ <$3>
+R<$+> $| <$+> $@ <$2>
+
+
+######################################################################
+### trust_auth: is user trusted to authenticate as someone else?
+###
+### Parameters:
+### $1: AUTH= parameter from MAIL command
+######################################################################
+
+SLocal_trust_auth
+Strust_auth
+R$* $: $&{auth_type} $| $1
+# required by RFC 2554 section 4.
+R$@ $| $* $#error $@ 5.7.1 $: "550 not authenticated"
+R$* $| $&{auth_authen} $@ identical
+R$* $| <$&{auth_authen}> $@ identical
+R$* $| $* $: $1 $| $>"Local_trust_auth" $2
+R$* $| $#$* $#$2
+R$* $#error $@ 5.7.1 $: "550 " $&{auth_authen} " not allowed to act as " $&{auth_author}
+
+######################################################################
+### Relay_Auth: allow relaying based on authentication?
+###
+### Parameters:
+### $1: ${auth_type}
+######################################################################
+SLocal_Relay_Auth
+
+######################################################################
+### srv_features: which features to offer to a client?
+### (done in server)
+######################################################################
+Ssrv_features
+R$* $: $>D <$&{client_name}> > <>
+R>$* $: $>A <$&{client_addr}> > <>
+R>$* $: <$(access "Srv_Features": $: ? $)>
+R>$* $@ OK
+R<$* >$* $#temp
+R<$+>$* $# $1
+
+######################################################################
+### try_tls: try to use STARTTLS?
+### (done in client)
+######################################################################
+Stry_tls
+R$* $: $>D <$&{server_name}> > <>
+R>$* $: $>A <$&{server_addr}> > <>
+R>$* $: <$(access "Try_TLS": $: ? $)>
+R>$* $@ OK
+R<$* >$* $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
+R$* $#error $@ 5.7.1 $: "550 do not try TLS with " $&{server_name} " ["$&{server_addr}"]"
+
+######################################################################
+### tls_rcpt: is connection with server "good" enough?
+### (done in client, per recipient)
+###
+### Parameters:
+### $1: recipient
+######################################################################
+Stls_rcpt
+R$* $: $(macro {TLS_Name} $@ $&{server_name} $) $1
+R$+ $: > $>CanonAddr $1
+R> $+ < @ $+ . > > $1 <@ $2 >
+R> $+ < @ $+ > $: $1 <@ $2 > $|
+R> $+ $: $1 $|
+R$* $| $+ $: $1 $| $>SearchList $| $2 <>
+R$* $| > $@ OK
+R$* $| <$* > $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
+R$* $| <$+> $@ $>"TLS_connection" $&{verify} $| <$2>
+
+######################################################################
+### tls_client: is connection with client "good" enough?
+### (done in server)
+###
+### Parameters:
+### ${verify} $| (MAIL|STARTTLS)
+######################################################################
+Stls_client
+R$* $: $(macro {TLS_Name} $@ $&{server_name} $) $1
+R$* $| $* $: $1 $| $>D <$&{client_name}> > <>
+R$* $| >$* $: $1 $| $>A <$&{client_addr}> > <>
+R$* $| >$* $: $1 $| <$(access "TLS_Clt": $: ? $)>
+R$* $| <$* > $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
+R$* $@ $>"TLS_connection" $1
+
+######################################################################
+### tls_server: is connection with server "good" enough?
+### (done in client)
+###
+### Parameter:
+### ${verify}
+######################################################################
+Stls_server
+R$* $: $(macro {TLS_Name} $@ $&{server_name} $) $1
+R$* $: $1 $| $>D <$&{server_name}> > <>
+R$* $| >$* $: $1 $| $>A <$&{server_addr}> > <>
+R$* $| >$* $: $1 $| <$(access "TLS_Srv": $: ? $)>
+R$* $| <$* > $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
+R$* $@ $>"TLS_connection" $1
+
+######################################################################
+### TLS_connection: is TLS connection "good" enough?
+###
+### Parameters:
+### ${verify} $| [<>]
+### Requirement: RHS from access map, may be ? for none.
+######################################################################
+STLS_connection
+R$* $| <$*>$* $: $1 $| <$2>
+# create the appropriate error codes
+R$* $| $: $1 $| <503:5.7.0> <$2 $3>
+R$* $| $: $1 $| <403:4.7.0> <$2 $3>
+R$* $| <$={Tls} $*> $: $1 $| <403:4.7.0> <$2 $3>
+# deal with TLS handshake failures: abort
+RSOFTWARE $| <$-:$+> $* $#error $@ $2 $: $1 " TLS handshake failed."
+RSOFTWARE $| $* $#error $@ 4.7.0 $: "403 TLS handshake failed."
+# deal with TLS protocol errors: abort
+RPROTOCOL $| <$-:$+> $* $#error $@ $2 $: $1 " STARTTLS failed."
+RPROTOCOL $| $* $#error $@ 4.7.0 $: "403 STARTTLS failed."
+R$* $| <$*> $: <$2> <> $1
+R$* $| <$*> $: <$2> <$3> $1
+R$* $| <$*> <$={Tls}:$->$* $: <$2> <$3:$4> <> $1
+R$* $| <$*> <$={Tls}:$- + $+>$* $: <$2> <$3:$4> <$5> $1
+R$* $| $* $@ OK
+# authentication required: give appropriate error
+# other side did authenticate (via STARTTLS)
+R<$*> <> OK $@ OK
+R<$*> <$+> OK $: <$1> <$2>
+R<$*> <$*> OK $: <$1> <$3>
+R<$*> <$*> $* $: <$1> <$3>
+R<$-:$+> <$*> $#error $@ $2 $: $1 " authentication required"
+R<$-:$+> <$*> FAIL $#error $@ $2 $: $1 " authentication failed"
+R<$-:$+> <$*> NO $#error $@ $2 $: $1 " not authenticated"
+R<$-:$+> <$*> NOT $#error $@ $2 $: $1 " no authentication requested"
+R<$-:$+> <$*> NONE $#error $@ $2 $: $1 " other side does not support STARTTLS"
+R<$-:$+> <$*> $+ $#error $@ $2 $: $1 " authentication failure " $4
+R<$*> <$*> $: <$1> <$3> $>max $&{cipher_bits} : $&{auth_ssf}
+R<$*> <$*> $- $: <$1> <$2:$4> <$3> $(arith l $@ $4 $@ $2 $)
+R<$-:$+><$-:$-> <$*> TRUE $#error $@ $2 $: $1 " encryption too weak " $4 " less than " $3
+R<$-:$+><$-:$-> <$*> $* $: <$1:$2 ++ $5>
+R<$-:$+ ++ > $@ OK
+R<$-:$+ ++ $+ > $: <$1:$2> <$3>
+R<$-:$+> < $+ ++ $+ > <$1:$2> <$3> <$4>
+R<$-:$+> $+ $@ $>"TLS_req" $3 $| <$1:$2>
+
+######################################################################
+### TLS_req: check additional TLS requirements
+###
+### Parameters: [ ] $| <$-:$+>
+### $-: SMTP reply code
+### $+: Enhanced Status Code
+######################################################################
+STLS_req
+R $| $+ $@ OK
+R $* $| <$+> $: $1 $| <$2>
+R $* $| <$+> $@ $>"TLS_req" $1 $| <$2>
+R $* $| <$-:$+> $#error $@ $4 $: $3 " CN " $&{cn_subject} " does not match " $1
+R $* $| <$+> $@ $>"TLS_req" $1 $| <$2>
+R $* $| <$-:$+> $#error $@ $4 $: $3 " Cert Subject " $&{cert_subject} " does not match " $1
+R $* $| <$+> $@ $>"TLS_req" $1 $| <$2>
+R $* $| <$-:$+> $#error $@ $4 $: $3 " Cert Issuer " $&{cert_issuer} " does not match " $1
+ROK $@ OK
+
+######################################################################
+### max: return the maximum of two values separated by :
+###
+### Parameters: [$-]:[$-]
+######################################################################
+Smax
+R: $: 0
+R:$- $: $1
+R$-: $: $1
+R$-:$- $: $(arith l $@ $1 $@ $2 $) : $1 : $2
+RTRUE:$-:$- $: $2
+R$-:$-:$- $: $2
+
+
+######################################################################
+### RelayTLS: allow relaying based on TLS authentication
+###
+### Parameters:
+### none
+######################################################################
+SRelayTLS
+# authenticated?
+R$* $: > $&{verify}
+R> OK $: OK authenticated: continue
+R> $* $@ NO not authenticated
+R$* $: $&{cert_issuer}
+R$+ $: $(access CERTISSUER:$1 $)
+RRELAY $# RELAY
+RSUBJECT $: <@> $&{cert_subject}
+R<@> $+ $: <@> $(access CERTSUBJECT:$1 $)
+R<@> RELAY $# RELAY
+R$* $: NO
+
+######################################################################
+### authinfo: lookup authinfo in the access map
+###
+### Parameters:
+### $1: {server_name}
+### $2: {server_addr}
+######################################################################
+Sauthinfo
+R$* $: $1 $| $>D <$&{server_name}> > <>
+R$* $| >$* $: $1 $| $>A <$&{server_addr}> > <>
+R$* $| >$* $: $1 $| <$(access AuthInfo: $: ? $)> <>
+R$* $| >$* $@ no no authinfo available
+R$* $| <$*> <> $# $2
+
+
+
+
+
+#
+######################################################################
+######################################################################
+#####
+##### MAIL FILTER DEFINITIONS
+#####
+######################################################################
+######################################################################
+
+#
+######################################################################
+######################################################################
+#####
+##### MAILER DEFINITIONS
+#####
+######################################################################
+######################################################################
+
+#####################################
+### SMTP Mailer specification ###
+#####################################
+
+##### $Id: smtp.m4,v 8.64 2001/04/03 01:52:54 gshapiro Exp $ #####
+
+#
+# common sender and masquerading recipient rewriting
+#
+SMasqSMTP
+R$* < @ $* > $* $@ $1 < @ $2 > $3 already fully qualified
+R$+ $@ $1 < @ *LOCAL* > add local qualification
+
+#
+# convert pseudo-domain addresses to real domain addresses
+#
+SPseudoToReal
+
+# pass s through
+R< @ $+ > $* $@ < @ $1 > $2 resolve
+
+# output fake domains as user%fake@relay
+
+# do UUCP heuristics; note that these are shared with UUCP mailers
+R$+ < @ $+ .UUCP. > $: < $2 ! > $1 convert to UUCP form
+R$+ < @ $* > $* $@ $1 < @ $2 > $3 not UUCP form
+
+# leave these in .UUCP form to avoid further tampering
+R< $&h ! > $- ! $+ $@ $2 < @ $1 .UUCP. >
+R< $&h ! > $-.$+ ! $+ $@ $3 < @ $1.$2 >
+R< $&h ! > $+ $@ $1 < @ $&h .UUCP. >
+R< $+ ! > $+ $: $1 ! $2 < @ $Y > use UUCP_RELAY
+R$+ < @ $~[ $* : $+ > $@ $1 < @ $4 > strip mailer: part
+R$+ < @ > $: $1 < @ *LOCAL* > if no UUCP_RELAY
+
+
+#
+# envelope sender rewriting
+#
+SEnvFromSMTP
+R$+ $: $>PseudoToReal $1 sender/recipient common
+R$* :; <@> $@ list:; special case
+R$* $: $>MasqSMTP $1 qualify unqual'ed names
+R$+ $: $>MasqEnv $1 do masquerading
+
+
+#
+# envelope recipient rewriting --
+# also header recipient if not masquerading recipients
+#
+SEnvToSMTP
+R$+ $: $>PseudoToReal $1 sender/recipient common
+R$+ $: $>MasqSMTP $1 qualify unqual'ed names
+R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
+
+#
+# header sender and masquerading header recipient rewriting
+#
+SHdrFromSMTP
+R$+ $: $>PseudoToReal $1 sender/recipient common
+R:; <@> $@ list:; special case
+
+# do special header rewriting
+R$* <@> $* $@ $1 <@> $2 pass null host through
+R< @ $* > $* $@ < @ $1 > $2 pass route-addr through
+R$* $: $>MasqSMTP $1 qualify unqual'ed names
+R$+ $: $>MasqHdr $1 do masquerading
+
+
+#
+# relay mailer header masquerading recipient rewriting
+#
+SMasqRelay
+R$+ $: $>MasqSMTP $1
+R$+ $: $>MasqHdr $1
+
+Msmtp, P=[IPC], F=mDFMuX, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
+ T=DNS/RFC822/SMTP,
+ A=TCP $h
+Mesmtp, P=[IPC], F=mDFMuXa, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
+ T=DNS/RFC822/SMTP,
+ A=TCP $h
+Msmtp8, P=[IPC], F=mDFMuX8, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
+ T=DNS/RFC822/SMTP,
+ A=TCP $h
+Mdsmtp, P=[IPC], F=mDFMuXa%, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
+ T=DNS/RFC822/SMTP,
+ A=TCP $h
+Mrelay, P=[IPC], F=mDFMuXa8, S=EnvFromSMTP/HdrFromSMTP, R=MasqSMTP, E=\r\n, L=2040,
+ T=DNS/RFC822/SMTP,
+ A=TCP $h
+
+
+######################*****##############
+### PROCMAIL Mailer specification ###
+##################*****##################
+
+##### $Id: procmail.m4,v 8.22 2001/11/12 23:11:34 ca Exp $ #####
+
+Mprocmail, P=/usr/bin/procmail, F=DFMSPhnu9, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP/HdrFromSMTP,
+ T=DNS/RFC822/X-Unix,
+ A=procmail -Y -m $h $f $u
+
+
+##################################################
+### Local and Program Mailer specification ###
+##################################################
+
+##### $Id: local.m4,v 8.59 2004/11/23 00:37:25 ca Exp $ #####
+
+#
+# Envelope sender rewriting
+#
+SEnvFromL
+R<@> $n errors to mailer-daemon
+R@ <@ $*> $n temporarily bypass Sun bogosity
+R$+ $: $>AddDomain $1 add local domain if needed
+R$* $: $>MasqEnv $1 do masquerading
+
+#
+# Envelope recipient rewriting
+#
+SEnvToL
+R$+ < @ $* > $: $1 strip host part
+
+#
+# Header sender rewriting
+#
+SHdrFromL
+R<@> $n errors to mailer-daemon
+R@ <@ $*> $n temporarily bypass Sun bogosity
+R$+ $: $>AddDomain $1 add local domain if needed
+R$* $: $>MasqHdr $1 do masquerading
+
+#
+# Header recipient rewriting
+#
+SHdrToL
+R$+ $: $>AddDomain $1 add local domain if needed
+R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
+
+#
+# Common code to add local domain name (only if always-add-domain)
+#
+SAddDomain
+R$* < @ $* > $* $@ $1 < @ $2 > $3 already fully qualified
+
+R$+ $@ $1 < @ *LOCAL* > add local qualification
+
+Mlocal, P=/usr/bin/procmail, F=lsDFMAw5:/|@qSPfhn9, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL,
+ T=DNS/RFC822/X-Unix,
+ A=procmail -t -Y -a $h -d $u
+Mprog, P=/usr/sbin/smrsh, F=lsDFMoqeu9, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL, D=$z:/,
+ T=X-Unix/X-Unix/X-Unix,
+ A=smrsh -c $u
+
diff --git a/testing/mailman/mail/sendmail.mc b/testing/mailman/mail/sendmail.mc
new file mode 100644
index 0000000..0bea58e
--- /dev/null
+++ b/testing/mailman/mail/sendmail.mc
@@ -0,0 +1,172 @@
+divert(-1)dnl
+dnl #
+dnl # This is the sendmail macro config file for m4. If you make changes to
+dnl # /etc/mail/sendmail.mc, you will need to regenerate the
+dnl # /etc/mail/sendmail.cf file by confirming that the sendmail-cf package is
+dnl # installed and then performing a
+dnl #
+dnl # make -C /etc/mail
+dnl #
+include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
+VERSIONID(`setup for Red Hat Linux')dnl
+OSTYPE(`linux')dnl
+dnl #
+dnl # default logging level is 9, you might want to set it higher to
+dnl # debug the configuration
+dnl #
+dnl define(`confLOG_LEVEL', `9')dnl
+dnl #
+dnl # Uncomment and edit the following line if your outgoing mail needs to
+dnl # be sent out through an external mail server:
+dnl #
+dnl define(`SMART_HOST',`smtp.your.provider')
+dnl #
+define(`confDEF_USER_ID',``8:12'')dnl
+dnl define(`confAUTO_REBUILD')dnl
+define(`confTO_CONNECT', `1m')dnl
+define(`confTRY_NULL_MX_LIST',true)dnl
+define(`confDONT_PROBE_INTERFACES',true)dnl
+define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl
+define(`ALIAS_FILE', `/etc/aliases')dnl
+define(`STATUS_FILE', `/var/log/mail/statistics')dnl
+define(`UUCP_MAILER_MAX', `2000000')dnl
+define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
+define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
+define(`confAUTH_OPTIONS', `A')dnl
+dnl #
+dnl # The following allows relaying if the user authenticates, and disallows
+dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links
+dnl #
+dnl define(`confAUTH_OPTIONS', `A p')dnl
+dnl #
+dnl # PLAIN is the preferred plaintext authentication method and used by
+dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs do
+dnl # use LOGIN. Other mechanisms should be used if the connection is not
+dnl # guaranteed secure.
+dnl # Please remember that saslauthd needs to be running for AUTH.
+dnl #
+dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
+dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
+dnl #
+dnl # Rudimentary information on creating certificates for sendmail TLS:
+dnl # cd /usr/share/ssl/certs; make sendmail.pem
+dnl # Complete usage:
+dnl # make -C /usr/share/ssl/certs usage
+dnl #
+dnl define(`confCACERT_PATH',`/etc/pki/tls/certs')
+dnl define(`confCACERT',`/etc/pki/tls/certs/ca-bundle.crt')
+dnl define(`confSERVER_CERT',`/etc/pki/tls/certs/sendmail.pem')
+dnl define(`confSERVER_KEY',`/etc/pki/tls/certs/sendmail.pem')
+dnl #
+dnl # This allows sendmail to use a keyfile that is shared with OpenLDAP's
+dnl # slapd, which requires the file to be readble by group ldap
+dnl #
+dnl define(`confDONT_BLAME_SENDMAIL',`groupreadablekeyfile')dnl
+dnl #
+dnl define(`confTO_QUEUEWARN', `4h')dnl
+dnl define(`confTO_QUEUERETURN', `5d')dnl
+dnl define(`confQUEUE_LA', `12')dnl
+dnl define(`confREFUSE_LA', `18')dnl
+define(`confTO_IDENT', `0')dnl
+dnl FEATURE(delay_checks)dnl
+FEATURE(`no_default_msa',`dnl')dnl
+FEATURE(`smrsh',`/usr/sbin/smrsh')dnl
+FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl
+FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl
+FEATURE(redirect)dnl
+FEATURE(always_add_domain)dnl
+FEATURE(use_cw_file)dnl
+FEATURE(use_ct_file)dnl
+dnl #
+dnl # The following limits the number of processes sendmail can fork to accept
+dnl # incoming messages or process its message queues to 12.) sendmail refuses
+dnl # to accept connections once it has reached its quota of child processes.
+dnl #
+dnl define(`confMAX_DAEMON_CHILDREN', 12)dnl
+dnl #
+dnl # Limits the number of new connections per second. This caps the overhead
+dnl # incurred due to forking new sendmail processes. May be useful against
+dnl # DoS attacks or barrages of spam. (As mentioned below, a per-IP address
+dnl # limit would be useful but is not available as an option at this writing.)
+dnl #
+dnl define(`confCONNECTION_RATE_THROTTLE', 3)dnl
+dnl #
+dnl # The -t option will retry delivery if e.g. the user runs over his quota.
+dnl #
+FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl
+FEATURE(`access_db',`hash -T -o /etc/mail/access.db')dnl
+FEATURE(`blacklist_recipients')dnl
+EXPOSED_USER(`root')dnl
+dnl #
+dnl # For using Cyrus-IMAPd as POP3/IMAP server through LMTP delivery uncomment
+dnl # the following 2 definitions and activate below in the MAILER section the
+dnl # cyrusv2 mailer.
+dnl #
+dnl define(`confLOCAL_MAILER', `cyrusv2')dnl
+dnl define(`CYRUSV2_MAILER_ARGS', `FILE /var/lib/imap/socket/lmtp')dnl
+dnl #
+dnl # The following causes sendmail to only listen on the IPv4 loopback address
+dnl # 127.0.0.1 and not on any other network devices. Remove the loopback
+dnl # address restriction to accept email from the internet or intranet.
+dnl #
+DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
+dnl #
+dnl # The following causes sendmail to additionally listen to port 587 for
+dnl # mail from MUAs that authenticate. Roaming users who can't reach their
+dnl # preferred sendmail daemon due to port 25 being blocked or redirected find
+dnl # this useful.
+dnl #
+dnl DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl
+dnl #
+dnl # The following causes sendmail to additionally listen to port 465, but
+dnl # starting immediately in TLS mode upon connecting. Port 25 or 587 followed
+dnl # by STARTTLS is preferred, but roaming clients using Outlook Express can't
+dnl # do STARTTLS on ports other than 25. Mozilla Mail can ONLY use STARTTLS
+dnl # and doesn't support the deprecated smtps; Evolution <1.1.1 uses smtps
+dnl # when SSL is enabled-- STARTTLS support is available in version 1.1.1.
+dnl #
+dnl # For this to work your OpenSSL certificates must be configured.
+dnl #
+dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
+dnl #
+dnl # The following causes sendmail to additionally listen on the IPv6 loopback
+dnl # device. Remove the loopback address restriction listen to the network.
+dnl #
+dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6')dnl
+dnl #
+dnl # enable both ipv6 and ipv4 in sendmail:
+dnl #
+dnl DAEMON_OPTIONS(`Name=MTA-v4, Family=inet, Name=MTA-v6, Family=inet6')
+dnl #
+dnl # We strongly recommend not accepting unresolvable domains if you want to
+dnl # protect yourself from spam. However, the laptop and users on computers
+dnl # that do not have 24x7 DNS do need this.
+dnl #
+FEATURE(`accept_unresolvable_domains')dnl
+dnl #
+dnl FEATURE(`relay_based_on_MX')dnl
+dnl #
+dnl # Also accept email sent to "localhost.localdomain" as local email.
+dnl #
+LOCAL_DOMAIN(`localhost.localdomain')dnl
+dnl #
+dnl # The following example makes mail from this host and any additional
+dnl # specified domains appear to be sent from mydomain.com
+dnl #
+dnl MASQUERADE_AS(`mydomain.com')dnl
+dnl #
+dnl # masquerade not just the headers, but the envelope as well
+dnl #
+dnl FEATURE(masquerade_envelope)dnl
+dnl #
+dnl # masquerade not just @mydomainalias.com, but @*.mydomainalias.com as well
+dnl #
+dnl FEATURE(masquerade_entire_domain)dnl
+dnl #
+dnl MASQUERADE_DOMAIN(localhost)dnl
+dnl MASQUERADE_DOMAIN(localhost.localdomain)dnl
+dnl MASQUERADE_DOMAIN(mydomainalias.com)dnl
+dnl MASQUERADE_DOMAIN(mydomain.lan)dnl
+MAILER(smtp)dnl
+MAILER(procmail)dnl
+dnl MAILER(cyrusv2)dnl
diff --git a/testing/mailman/mail/submit.cf.bak b/testing/mailman/mail/submit.cf.bak
new file mode 100644
index 0000000..99688b1
--- /dev/null
+++ b/testing/mailman/mail/submit.cf.bak
@@ -0,0 +1,1459 @@
+#
+# Copyright (c) 1998-2004 Sendmail, Inc. and its suppliers.
+# All rights reserved.
+# Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved.
+# Copyright (c) 1988, 1993
+# The Regents of the University of California. All rights reserved.
+#
+# By using this file, you agree to the terms and conditions set
+# forth in the LICENSE file which can be found at the top level of
+# the sendmail distribution.
+#
+#
+
+######################################################################
+######################################################################
+#####
+##### SENDMAIL CONFIGURATION FILE
+#####
+##### built by bhcompile@porky.build.redhat.com on Mon Sep 19 07:13:43 EDT 2005
+##### in /usr/src/build/614338-i386/BUILD/sendmail-8.13.5/cf/cf
+##### using ../ as configuration include directory
+#####
+######################################################################
+#####
+##### DO NOT EDIT THIS FILE! Only edit the source .mc file.
+#####
+######################################################################
+######################################################################
+
+##### $Id: cfhead.m4,v 8.116 2004/01/28 22:02:22 ca Exp $ #####
+##### $Id: cf.m4,v 8.32 1999/02/07 07:26:14 gshapiro Exp $ #####
+
+##### linux setup for Red Hat Linux #####
+##### $Id: use_ct_file.m4,v 8.11 2001/08/26 20:58:57 gshapiro Exp $ #####
+
+##### $Id: msp.m4,v 1.33 2004/02/09 22:32:38 ca Exp $ #####
+
+##### $Id: no_default_msa.m4,v 8.2 2001/02/14 05:03:22 gshapiro Exp $ #####
+
+
+##### $Id: proto.m4,v 8.718 2005/08/24 18:07:23 ca Exp $ #####
+
+# level 10 config file format
+V10/Berkeley
+
+# override file safeties - setting this option compromises system security,
+# addressing the actual file configuration problem is preferred
+# need to set this before any file actions are encountered in the cf file
+#O DontBlameSendmail=safe
+
+# default LDAP map specification
+# need to set this now before any LDAP maps are defined
+#O LDAPDefaultSpec=-h localhost
+
+##################
+# local info #
+##################
+
+# my LDAP cluster
+# need to set this before any LDAP lookups are done (including classes)
+#D{sendmailMTACluster}$m
+
+Cwlocalhost
+
+# my official domain name
+# ... define this only if sendmail cannot automatically determine your domain
+#Dj$w.Foo.COM
+
+# host/domain names ending with a token in class P are canonical
+CP.
+
+# "Smart" relay host (may be null)
+DS
+
+
+# operators that cannot be in local usernames (i.e., network indicators)
+CO @ % !
+
+# a class with just dot (for identifying canonical names)
+C..
+
+# a class with just a left bracket (for identifying domain literals)
+C[[
+
+
+# Resolve map (to check if a host exists in check_mail)
+Kresolve host -a -T
+C{ResOk}OKR
+
+
+# Hosts for which relaying is permitted ($=R)
+FR-o /etc/mail/relay-domains
+
+# arithmetic map
+Karith arith
+
+
+
+
+
+# dequoting map
+Kdequote dequote
+
+# class E: names that should be exposed as from this host, even if we masquerade
+# class L: names that should be delivered locally, even if we have a relay
+# class M: domains that should be converted to $M
+# class N: domains that should not be converted to $M
+#CL root
+
+
+
+# my name for error messages
+DnMAILER-DAEMON
+
+
+D{MTAHost}[127.0.0.1]
+
+
+# Configuration version number
+DZ8.13.5/Submit
+
+
+###############
+# Options #
+###############
+
+# strip message body to 7 bits on input?
+O SevenBitInput=False
+
+# 8-bit data handling
+#O EightBitMode=pass8
+
+# wait for alias file rebuild (default units: minutes)
+O AliasWait=10
+
+# location of alias file
+#O AliasFile=/etc/mail/aliases
+
+# minimum number of free blocks on filesystem
+O MinFreeBlocks=100
+
+# maximum message size
+#O MaxMessageSize=0
+
+# substitution for space (blank) characters
+O BlankSub=.
+
+# avoid connecting to "expensive" mailers on initial submission?
+O HoldExpensive=False
+
+# checkpoint queue runs after every N successful deliveries
+#O CheckpointInterval=10
+
+# default delivery mode
+O DeliveryMode=i
+
+# error message header/file
+#O ErrorHeader=/etc/mail/error-header
+
+# error mode
+#O ErrorMode=print
+
+# save Unix-style "From_" lines at top of header?
+#O SaveFromLine=False
+
+# queue file mode (qf files)
+O QueueFileMode=0660
+
+# temporary file mode
+O TempFileMode=0600
+
+# match recipients against GECOS field?
+#O MatchGECOS=False
+
+# maximum hop count
+#O MaxHopCount=25
+
+# location of help file
+O HelpFile=/etc/mail/helpfile
+
+# ignore dots as terminators in incoming messages?
+#O IgnoreDots=False
+
+# name resolver options
+#O ResolverOptions=+AAONLY
+
+# deliver MIME-encapsulated error messages?
+O SendMimeErrors=True
+
+# Forward file search path
+O ForwardPath
+
+# open connection cache size
+O ConnectionCacheSize=2
+
+# open connection cache timeout
+O ConnectionCacheTimeout=5m
+
+# persistent host status directory
+#O HostStatusDirectory=.hoststat
+
+# single thread deliveries (requires HostStatusDirectory)?
+#O SingleThreadDelivery=False
+
+# use Errors-To: header?
+O UseErrorsTo=False
+
+# log level
+O LogLevel=9
+
+# send to me too, even in an alias expansion?
+#O MeToo=True
+
+# verify RHS in newaliases?
+O CheckAliases=False
+
+# default messages to old style headers if no special punctuation?
+O OldStyleHeaders=True
+
+# SMTP daemon options
+
+O DaemonPortOptions=Name=NoMTA, Addr=127.0.0.1, M=E
+
+# SMTP client options
+#O ClientPortOptions=Family=inet, Address=0.0.0.0
+
+# Modifiers to define {daemon_flags} for direct submissions
+#O DirectSubmissionModifiers
+
+# Use as mail submission program? See sendmail/SECURITY
+O UseMSP=True
+
+# privacy flags
+O PrivacyOptions=goaway,noetrn,restrictqrun
+
+# who (if anyone) should get extra copies of error messages
+#O PostmasterCopy=Postmaster
+
+# slope of queue-only function
+#O QueueFactor=600000
+
+# limit on number of concurrent queue runners
+#O MaxQueueChildren
+
+# maximum number of queue-runners per queue-grouping with multiple queues
+#O MaxRunnersPerQueue=1
+
+# priority of queue runners (nice(3))
+#O NiceQueueRun
+
+# shall we sort the queue by hostname first?
+#O QueueSortOrder=priority
+
+# minimum time in queue before retry
+#O MinQueueAge=30m
+
+# how many jobs can you process in the queue?
+#O MaxQueueRunSize=0
+
+# perform initial split of envelope without checking MX records
+#O FastSplit=1
+
+# queue directory
+O QueueDirectory=/var/spool/clientmqueue
+
+# key for shared memory; 0 to turn off
+#O SharedMemoryKey=0
+
+
+
+# timeouts (many of these)
+#O Timeout.initial=5m
+#O Timeout.connect=5m
+#O Timeout.aconnect=0s
+#O Timeout.iconnect=5m
+#O Timeout.helo=5m
+#O Timeout.mail=10m
+#O Timeout.rcpt=1h
+#O Timeout.datainit=5m
+#O Timeout.datablock=1h
+#O Timeout.datafinal=1h
+#O Timeout.rset=5m
+#O Timeout.quit=2m
+#O Timeout.misc=2m
+#O Timeout.command=1h
+#O Timeout.ident=5s
+#O Timeout.fileopen=60s
+#O Timeout.control=2m
+O Timeout.queuereturn=5d
+#O Timeout.queuereturn.normal=5d
+#O Timeout.queuereturn.urgent=2d
+#O Timeout.queuereturn.non-urgent=7d
+#O Timeout.queuereturn.dsn=5d
+O Timeout.queuewarn=4h
+#O Timeout.queuewarn.normal=4h
+#O Timeout.queuewarn.urgent=1h
+#O Timeout.queuewarn.non-urgent=12h
+#O Timeout.queuewarn.dsn=4h
+#O Timeout.hoststatus=30m
+#O Timeout.resolver.retrans=5s
+#O Timeout.resolver.retrans.first=5s
+#O Timeout.resolver.retrans.normal=5s
+#O Timeout.resolver.retry=4
+#O Timeout.resolver.retry.first=4
+#O Timeout.resolver.retry.normal=4
+#O Timeout.lhlo=2m
+#O Timeout.auth=10m
+#O Timeout.starttls=1h
+
+# time for DeliverBy; extension disabled if less than 0
+#O DeliverByMin=0
+
+# should we not prune routes in route-addr syntax addresses?
+#O DontPruneRoutes=False
+
+# queue up everything before forking?
+O SuperSafe=True
+
+# status file
+O StatusFile=/var/spool/clientmqueue/sm-client.st
+
+# time zone handling:
+# if undefined, use system default
+# if defined but null, use TZ envariable passed in
+# if defined and non-null, use that info
+O TimeZoneSpec=
+
+# default UID (can be username or userid:groupid)
+#O DefaultUser=mailnull
+
+# list of locations of user database file (null means no lookup)
+#O UserDatabaseSpec=/etc/mail/userdb
+
+# fallback MX host
+#O FallbackMXhost=fall.back.host.net
+
+# fallback smart host
+#O FallbackSmartHost=fall.back.host.net
+
+# if we are the best MX host for a site, try it directly instead of config err
+#O TryNullMXList=False
+
+# load average at which we just queue messages
+#O QueueLA=8
+
+# load average at which we refuse connections
+#O RefuseLA=12
+
+# log interval when refusing connections for this long
+#O RejectLogInterval=3h
+
+# load average at which we delay connections; 0 means no limit
+#O DelayLA=0
+
+# maximum number of children we allow at one time
+#O MaxDaemonChildren=0
+
+# maximum number of new connections per second
+#O ConnectionRateThrottle=0
+
+# Width of the window
+#O ConnectionRateWindowSize=60s
+
+# work recipient factor
+#O RecipientFactor=30000
+
+# deliver each queued job in a separate process?
+#O ForkEachJob=False
+
+# work class factor
+#O ClassFactor=1800
+
+# work time factor
+#O RetryFactor=90000
+
+# default character set
+#O DefaultCharSet=unknown-8bit
+
+# service switch file (name hardwired on Solaris, Ultrix, OSF/1, others)
+#O ServiceSwitchFile=/etc/mail/service.switch
+
+# hosts file (normally /etc/hosts)
+#O HostsFile=/etc/hosts
+
+# dialup line delay on connection failure
+#O DialDelay=0s
+
+# action to take if there are no recipients in the message
+#O NoRecipientAction=none
+
+# chrooted environment for writing to files
+#O SafeFileEnvironment
+
+# are colons OK in addresses?
+#O ColonOkInAddr=True
+
+# shall I avoid expanding CNAMEs (violates protocols)?
+#O DontExpandCnames=False
+
+# SMTP initial login message (old $e macro)
+O SmtpGreetingMessage=$j Sendmail $v/$Z; $b
+
+# UNIX initial From header format (old $l macro)
+O UnixFromLine=From $g $d
+
+# From: lines that have embedded newlines are unwrapped onto one line
+#O SingleLineFromHeader=False
+
+# Allow HELO SMTP command that does not include a host name
+#O AllowBogusHELO=False
+
+# Characters to be quoted in a full name phrase (@,;:\()[] are automatic)
+#O MustQuoteChars=.
+
+# delimiter (operator) characters (old $o macro)
+O OperatorChars=.:%@!^/[]+
+
+# shall I avoid calling initgroups(3) because of high NIS costs?
+O DontInitGroups=True
+
+# are group-writable :include: and .forward files (un)trustworthy?
+# True (the default) means they are not trustworthy.
+#O UnsafeGroupWrites=True
+
+
+# where do errors that occur when sending errors get sent?
+#O DoubleBounceAddress=postmaster
+
+# where to save bounces if all else fails
+#O DeadLetterDrop=/var/tmp/dead.letter
+
+# what user id do we assume for the majority of the processing?
+O RunAsUser=smmsp
+
+# maximum number of recipients per SMTP envelope
+#O MaxRecipientsPerMessage=0
+
+# limit the rate recipients per SMTP envelope are accepted
+# once the threshold number of recipients have been rejected
+#O BadRcptThrottle=0
+
+# shall we get local names from our installed interfaces?
+O DontProbeInterfaces=True
+
+# Return-Receipt-To: header implies DSN request
+#O RrtImpliesDsn=False
+
+# override connection address (for testing)
+#O ConnectOnlyTo=0.0.0.0
+
+# Trusted user for file ownership and starting the daemon
+O TrustedUser=smmsp
+
+# Control socket for daemon management
+#O ControlSocketName=/var/spool/mqueue/.control
+
+# Maximum MIME header length to protect MUAs
+#O MaxMimeHeaderLength=0/0
+
+# Maximum length of the sum of all headers
+#O MaxHeadersLength=32768
+
+# Maximum depth of alias recursion
+#O MaxAliasRecursion=10
+
+# location of pid file
+O PidFile=/var/run/sm-client.pid
+
+# Prefix string for the process title shown on 'ps' listings
+#O ProcessTitlePrefix=prefix
+
+# Data file (df) memory-buffer file maximum size
+#O DataFileBufferSize=4096
+
+# Transcript file (xf) memory-buffer file maximum size
+#O XscriptFileBufferSize=4096
+
+# lookup type to find information about local mailboxes
+#O MailboxDatabase=pw
+
+# override compile time flag REQUIRES_DIR_FSYNC
+#O RequiresDirfsync=true
+
+# list of authentication mechanisms
+#O AuthMechanisms=EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5
+
+# Authentication realm
+#O AuthRealm
+
+# default authentication information for outgoing connections
+#O DefaultAuthInfo=/etc/mail/default-auth-info
+
+# SMTP AUTH flags
+#O AuthOptions
+
+# SMTP AUTH maximum encryption strength
+#O AuthMaxBits
+
+# SMTP STARTTLS server options
+#O TLSSrvOptions
+
+# Input mail filters
+#O InputMailFilters
+
+
+# CA directory
+#O CACertPath
+# CA file
+#O CACertFile
+# Server Cert
+#O ServerCertFile
+# Server private key
+#O ServerKeyFile
+# Client Cert
+#O ClientCertFile
+# Client private key
+#O ClientKeyFile
+# File containing certificate revocation lists
+#O CRLFile
+# DHParameters (only required if DSA/DH is used)
+#O DHParameters
+# Random data source (required for systems without /dev/urandom under OpenSSL)
+#O RandFile
+
+############################
+# QUEUE GROUP DEFINITIONS #
+############################
+
+
+###########################
+# Message precedences #
+###########################
+
+Pfirst-class=0
+Pspecial-delivery=100
+Plist=-30
+Pbulk=-60
+Pjunk=-100
+
+#####################
+# Trusted users #
+#####################
+
+# this is equivalent to setting class "t"
+Ft/etc/mail/trusted-users
+Troot
+Tdaemon
+Tuucp
+
+#########################
+# Format of headers #
+#########################
+
+H?P?Return-Path: <$g>
+HReceived: $?sfrom $s $.$?_($?s$|from $.$_)
+ $.$?{auth_type}(authenticated$?{auth_ssf} bits=${auth_ssf}$.)
+ $.by $j ($v/$Z)$?r with $r$. id $i$?{tls_version}
+ (version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify})$.$?u
+ for $u; $|;
+ $.$b
+H?D?Resent-Date: $a
+H?D?Date: $a
+H?F?Resent-From: $?x$x <$g>$|$g$.
+H?F?From: $?x$x <$g>$|$g$.
+H?x?Full-Name: $x
+# HPosted-Date: $a
+# H?l?Received-Date: $b
+H?M?Resent-Message-Id: <$t.$i@$j>
+H?M?Message-Id: <$t.$i@$j>
+
+#
+######################################################################
+######################################################################
+#####
+##### REWRITING RULES
+#####
+######################################################################
+######################################################################
+
+############################################
+### Ruleset 3 -- Name Canonicalization ###
+############################################
+Scanonify=3
+
+# handle null input (translate to <@> special case)
+R$@ $@ <@>
+
+# strip group: syntax (not inside angle brackets!) and trailing semicolon
+R$* $: $1 <@> mark addresses
+R$* < $* > $* <@> $: $1 < $2 > $3 unmark
+R@ $* <@> $: @ $1 unmark @host:...
+R$* [ IPv6 : $+ ] <@> $: $1 [ IPv6 : $2 ] unmark IPv6 addr
+R$* :: $* <@> $: $1 :: $2 unmark node::addr
+R:include: $* <@> $: :include: $1 unmark :include:...
+R$* : $* [ $* ] $: $1 : $2 [ $3 ] <@> remark if leading colon
+R$* : $* <@> $: $2 strip colon if marked
+R$* <@> $: $1 unmark
+R$* ; $1 strip trailing semi
+R$* < $+ :; > $* $@ $2 :; <@> catch
+R$* < $* ; > $1 < $2 > bogus bracketed semi
+
+# null input now results from list:; syntax
+R$@ $@ :; <@>
+
+# strip angle brackets -- note RFC733 heuristic to get innermost item
+R$* $: < $1 > housekeeping <>
+R$+ < $* > < $2 > strip excess on left
+R< $* > $+ < $1 > strip excess on right
+R<> $@ < @ > MAIL FROM:<> case
+R< $+ > $: $1 remove housekeeping <>
+
+# strip route address <@a,@b,@c:user@d> ->
+R@ $+ , $+ $2
+R@ [ $* ] : $+ $2
+R@ $+ : $+ $2
+
+# find focus for list syntax
+R $+ : $* ; @ $+ $@ $>Canonify2 $1 : $2 ; < @ $3 > list syntax
+R $+ : $* ; $@ $1 : $2; list syntax
+
+# find focus for @ syntax addresses
+R$+ @ $+ $: $1 < @ $2 > focus on domain
+R$+ < $+ @ $+ > $1 $2 < @ $3 > move gaze right
+R$+ < @ $+ > $@ $>Canonify2 $1 < @ $2 > already canonical
+
+
+# convert old-style addresses to a domain-based address
+R$- ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > resolve uucp names
+R$+ . $- ! $+ $@ $>Canonify2 $3 < @ $1 . $2 > domain uucps
+R$+ ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > uucp subdomains
+
+# convert node::user addresses into a domain-based address
+R$- :: $+ $@ $>Canonify2 $2 < @ $1 .DECNET > resolve DECnet names
+R$- . $- :: $+ $@ $>Canonify2 $3 < @ $1.$2 .DECNET > numeric DECnet addr
+
+# if we have % signs, take the rightmost one
+R$* % $* $1 @ $2 First make them all @s.
+R$* @ $* @ $* $1 % $2 @ $3 Undo all but the last.
+R$* @ $* $@ $>Canonify2 $1 < @ $2 > Insert < > and finish
+
+# else we must be a local name
+R$* $@ $>Canonify2 $1
+
+
+################################################
+### Ruleset 96 -- bottom half of ruleset 3 ###
+################################################
+
+SCanonify2=96
+
+# handle special cases for local names
+R$* < @ localhost > $* $: $1 < @ $j . > $2 no domain at all
+R$* < @ localhost . $m > $* $: $1 < @ $j . > $2 local domain
+R$* < @ localhost . UUCP > $* $: $1 < @ $j . > $2 .UUCP domain
+
+# check for IPv4/IPv6 domain literal
+R$* < @ [ $+ ] > $* $: $1 < @@ [ $2 ] > $3 mark [addr]
+R$* < @@ $=w > $* $: $1 < @ $j . > $3 self-literal
+R$* < @@ $+ > $* $@ $1 < @ $2 > $3 canon IP addr
+
+
+
+
+
+# if really UUCP, handle it immediately
+
+# try UUCP traffic as a local address
+R$* < @ $+ . UUCP > $* $: $1 < @ $[ $2 $] . UUCP . > $3
+R$* < @ $+ . . UUCP . > $* $@ $1 < @ $2 . > $3
+
+# hostnames ending in class P are always canonical
+R$* < @ $* $=P > $* $: $1 < @ $2 $3 . > $4
+R$* < @ $* $~P > $* $: $&{daemon_flags} $| $1 < @ $2 $3 > $4
+R$* CC $* $| $* < @ $+.$+ > $* $: $3 < @ $4.$5 . > $6
+R$* CC $* $| $* $: $3
+# pass to name server to make hostname canonical
+R$* $| $* < @ $* > $* $: $2 < @ $[ $3 $] > $4
+R$* $| $* $: $2
+
+# local host aliases and pseudo-domains are always canonical
+R$* < @ $=w > $* $: $1 < @ $2 . > $3
+R$* < @ $=M > $* $: $1 < @ $2 . > $3
+R$* < @ $* . . > $* $1 < @ $2 . > $3
+
+
+##################################################
+### Ruleset 4 -- Final Output Post-rewriting ###
+##################################################
+Sfinal=4
+
+R$+ :; <@> $@ $1 : handle
+R$* <@> $@ handle <> and list:;
+
+# strip trailing dot off possibly canonical name
+R$* < @ $+ . > $* $1 < @ $2 > $3
+
+# eliminate internal code
+R$* < @ *LOCAL* > $* $1 < @ $j > $2
+
+# externalize local domain info
+R$* < $+ > $* $1 $2 $3 defocus
+R@ $+ : @ $+ : $+ @ $1 , @ $2 : $3 canonical
+R@ $* $@ @ $1 ... and exit
+
+# UUCP must always be presented in old form
+R$+ @ $- . UUCP $2!$1 u@h.UUCP => h!u
+
+# put DECnet back in :: form
+R$+ @ $+ . DECNET $2 :: $1 u@h.DECNET => h::u
+# delete duplicate local names
+R$+ % $=w @ $=w $1 @ $2 u%host@host => u@host
+
+
+
+##############################################################
+### Ruleset 97 -- recanonicalize and call ruleset zero ###
+### (used for recursive calls) ###
+##############################################################
+
+SRecurse=97
+R$* $: $>canonify $1
+R$* $@ $>parse $1
+
+
+######################################
+### Ruleset 0 -- Parse Address ###
+######################################
+
+Sparse=0
+
+R$* $: $>Parse0 $1 initial parsing
+R<@> $#local $: <@> special case error msgs
+R$* $: $>ParseLocal $1 handle local hacks
+R$* $: $>Parse1 $1 final parsing
+
+#
+# Parse0 -- do initial syntax checking and eliminate local addresses.
+# This should either return with the (possibly modified) input
+# or return with a #error mailer. It should not return with a
+# #mailer other than the #error mailer.
+#
+
+SParse0
+R<@> $@ <@> special case error msgs
+R$* : $* ; <@> $#error $@ 5.1.3 $: "553 List:; syntax illegal for recipient addresses"
+R@ <@ $* > < @ $1 > catch "@@host" bogosity
+R<@ $+> $#error $@ 5.1.3 $: "553 User address required"
+R$+ <@> $#error $@ 5.1.3 $: "553 Hostname required"
+R$* $: <> $1
+R<> $* < @ [ $* ] : $+ > $* $1 < @ [ $2 ] : $3 > $4
+R<> $* < @ [ $* ] , $+ > $* $1 < @ [ $2 ] , $3 > $4
+R<> $* < @ [ $* ] $+ > $* $#error $@ 5.1.2 $: "553 Invalid address"
+R<> $* < @ [ $+ ] > $* $1 < @ [ $2 ] > $3
+R<> $* <$* : $* > $* $#error $@ 5.1.3 $: "553 Colon illegal in host name part"
+R<> $* $1
+R$* < @ . $* > $* $#error $@ 5.1.2 $: "553 Invalid host name"
+R$* < @ $* .. $* > $* $#error $@ 5.1.2 $: "553 Invalid host name"
+R$* < @ $* @ > $* $#error $@ 5.1.2 $: "553 Invalid route address"
+R$* @ $* < @ $* > $* $#error $@ 5.1.3 $: "553 Invalid route address"
+R$* , $~O $* $#error $@ 5.1.3 $: "553 Invalid route address"
+
+
+# now delete the local info -- note $=O to find characters that cause forwarding
+R$* < @ > $* $@ $>Parse0 $>canonify $1 user@ => user
+R< @ $=w . > : $* $@ $>Parse0 $>canonify $2 @here:... -> ...
+R$- < @ $=w . > $: $(dequote $1 $) < @ $2 . > dequote "foo"@here
+R< @ $+ > $#error $@ 5.1.3 $: "553 User address required"
+R$* $=O $* < @ $=w . > $@ $>Parse0 $>canonify $1 $2 $3 ...@here -> ...
+R$- $: $(dequote $1 $) < @ *LOCAL* > dequote "foo"
+R< @ *LOCAL* > $#error $@ 5.1.3 $: "553 User address required"
+R$* $=O $* < @ *LOCAL* >
+ $@ $>Parse0 $>canonify $1 $2 $3 ...@*LOCAL* -> ...
+R$* < @ *LOCAL* > $: $1
+
+#
+# Parse1 -- the bottom half of ruleset 0.
+#
+
+SParse1
+
+# handle numeric address spec
+R$* < @ [ $+ ] > $* $: $>ParseLocal $1 < @ [ $2 ] > $3 numeric internet spec
+R$* < @ [ $+ ] > $* $: $1 < @ [ $2 ] : $S > $3 Add smart host to path
+R$* < @ [ $+ ] : > $* $#esmtp $@ [$2] $: $1 < @ [$2] > $3 no smarthost: send
+R$* < @ [ $+ ] : $- : $*> $* $#$3 $@ $4 $: $1 < @ [$2] > $5 smarthost with mailer
+R$* < @ [ $+ ] : $+ > $* $#esmtp $@ $3 $: $1 < @ [$2] > $4 smarthost without mailer
+
+
+# short circuit local delivery so forwarded email works
+
+
+R$=L < @ $=w . > $#local $: @ $1 special local names
+R$+ < @ $=w . > $#local $: $1 regular local name
+
+
+# resolve remotely connected UUCP links (if any)
+
+# resolve fake top level domains by forwarding to other hosts
+
+
+
+# pass names that still have a host to a smarthost (if defined)
+R$* < @ $* > $* $: $>MailerToTriple < $S > $1 < @ $2 > $3 glue on smarthost name
+
+# deal with other remote names
+R$* < @$* > $* $#esmtp $@ $2 $: $1 < @ $2 > $3 user@host.domain
+
+# handle locally delivered names
+R$=L $#local $: @ $1 special local names
+R$+ $#local $: $1 regular local names
+
+###########################################################################
+### Ruleset 5 -- special rewriting after aliases have been expanded ###
+###########################################################################
+
+SLocal_localaddr
+Slocaladdr=5
+R$+ $: $1 $| $>"Local_localaddr" $1
+R$+ $| $#ok $@ $1 no change
+R$+ $| $#$* $#$2
+R$+ $| $* $: $1
+
+
+
+
+# deal with plussed users so aliases work nicely
+R$+ + * $#local $@ $&h $: $1
+R$+ + $* $#local $@ + $2 $: $1 + *
+
+# prepend an empty "forward host" on the front
+R$+ $: <> $1
+
+
+
+R< > $+ $: < > < $1 <> $&h > nope, restore +detail
+
+R< > < $+ <> + $* > $: < > < $1 + $2 > check whether +detail
+R< > < $+ <> $* > $: < > < $1 > else discard
+R< > < $+ + $* > $* < > < $1 > + $2 $3 find the user part
+R< > < $+ > + $* $#local $@ $2 $: @ $1 strip the extra +
+R< > < $+ > $@ $1 no +detail
+R$+ $: $1 <> $&h add +detail back in
+
+R$+ <> + $* $: $1 + $2 check whether +detail
+R$+ <> $* $: $1 else discard
+R< local : $* > $* $: $>MailerToTriple < local : $1 > $2 no host extension
+R< error : $* > $* $: $>MailerToTriple < error : $1 > $2 no host extension
+
+R< $~[ : $+ > $+ $: $>MailerToTriple < $1 : $2 > $3 < @ $2 >
+
+R< $+ > $+ $@ $>MailerToTriple < $1 > $2 < @ $1 >
+
+
+###################################################################
+### Ruleset 95 -- canonify mailer:[user@]host syntax to triple ###
+###################################################################
+
+SMailerToTriple=95
+R< > $* $@ $1 strip off null relay
+R< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4
+R< error : $- : $+ > $* $#error $@ $(dequote $1 $) $: $2
+R< error : $+ > $* $#error $: $1
+R< local : $* > $* $>CanonLocal < $1 > $2
+R< $~[ : $+ @ $+ > $*<$*>$* $# $1 $@ $3 $: $2<@$3> use literal user
+R< $~[ : $+ > $* $# $1 $@ $2 $: $3 try qualified mailer
+R< $=w > $* $@ $2 delete local host
+R< $+ > $* $#relay $@ $1 $: $2 use unqualified mailer
+
+###################################################################
+### Ruleset CanonLocal -- canonify local: syntax ###
+###################################################################
+
+SCanonLocal
+# strip local host from routed addresses
+R< $* > < @ $+ > : $+ $@ $>Recurse $3
+R< $* > $+ $=O $+ < @ $+ > $@ $>Recurse $2 $3 $4
+
+# strip trailing dot from any host name that may appear
+R< $* > $* < @ $* . > $: < $1 > $2 < @ $3 >
+
+# handle local: syntax -- use old user, either with or without host
+R< > $* < @ $* > $* $#local $@ $1@$2 $: $1
+R< > $+ $#local $@ $1 $: $1
+
+# handle local:user@host syntax -- ignore host part
+R< $+ @ $+ > $* < @ $* > $: < $1 > $3 < @ $4 >
+
+# handle local:user syntax
+R< $+ > $* <@ $* > $* $#local $@ $2@$3 $: $1
+R< $+ > $* $#local $@ $2 $: $1
+
+###################################################################
+### Ruleset 93 -- convert header names to masqueraded form ###
+###################################################################
+
+SMasqHdr=93
+
+
+# do not masquerade anything in class N
+R$* < @ $* $=N . > $@ $1 < @ $2 $3 . >
+
+R$* < @ *LOCAL* > $@ $1 < @ $j . >
+
+###################################################################
+### Ruleset 94 -- convert envelope names to masqueraded form ###
+###################################################################
+
+SMasqEnv=94
+R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
+
+###################################################################
+### Ruleset 98 -- local part of ruleset zero (can be null) ###
+###################################################################
+
+SParseLocal=98
+
+
+
+
+######################################################################
+### CanonAddr -- Convert an address into a standard form for
+### relay checking. Route address syntax is
+### crudely converted into a %-hack address.
+###
+### Parameters:
+### $1 -- full recipient address
+###
+### Returns:
+### parsed address, not in source route form
+######################################################################
+
+SCanonAddr
+R$* $: $>Parse0 $>canonify $1 make domain canonical
+
+
+######################################################################
+### ParseRecipient -- Strip off hosts in $=R as well as possibly
+### $* $=m or the access database.
+### Check user portion for host separators.
+###
+### Parameters:
+### $1 -- full recipient address
+###
+### Returns:
+### parsed, non-local-relaying address
+######################################################################
+
+SParseRecipient
+R$* $: > $>CanonAddr $1
+R> $* < @ $* . > > $1 < @ $2 > strip trailing dots
+R> $- < @ $* > $: > $(dequote $1 $) < @ $2 > dequote local part
+
+# if no $=O character, no host in the user portion, we are done
+R> $* $=O $* < @ $* > $: $1 $2 $3 < @ $4>
+R> $* $@ $1
+
+
+R $* < @ $* $=R > $: $1 < @ $2 $3 >
+
+
+
+R $* < @ $* > $@ $>ParseRecipient $1
+R<$+> $* $@ $2
+
+
+######################################################################
+### check_relay -- check hostname/address on SMTP startup
+######################################################################
+
+
+
+SLocal_check_relay
+Scheck_relay
+R$* $: $1 $| $>"Local_check_relay" $1
+R$* $| $* $| $#$* $#$3
+R$* $| $* $| $* $@ $>"Basic_check_relay" $1 $| $2
+
+SBasic_check_relay
+# check for deferred delivery mode
+R$* $: < $&{deliveryMode} > $1
+R< d > $* $@ deferred
+R< $* > $* $: $2
+
+
+
+
+######################################################################
+### check_mail -- check SMTP `MAIL FROM:' command argument
+######################################################################
+
+SLocal_check_mail
+Scheck_mail
+R$* $: $1 $| $>"Local_check_mail" $1
+R$* $| $#$* $#$2
+R$* $| $* $@ $>"Basic_check_mail" $1
+
+SBasic_check_mail
+# check for deferred delivery mode
+R$* $: < $&{deliveryMode} > $1
+R< d > $* $@ deferred
+R< $* > $* $: $2
+
+# authenticated?
+R$* $: $1 $| $>"tls_client" $&{verify} $| MAIL
+R$* $| $#$+ $#$2
+R$* $| $* $: $1
+
+R<> $@ we MUST accept <> (RFC 1123)
+R$+ $: > $1
+R><$+> $: <@> <$1>
+R>$+ $: <@> <$1>
+R$* $: $&{daemon_flags} $| $1
+R$* f $* $| <@> < $* @ $- > $: < ? $&{client_name} > < $3 @ $4 >
+R$* u $* $| <@> < $* > $: > < $3 >
+R$* $| $* $: $2
+# handle case of @localhost on address
+R<@> < $* @ localhost > $: < ? $&{client_name} > < $1 @ localhost >
+R<@> < $* @ [127.0.0.1] >
+ $: < ? $&{client_name} > < $1 @ [127.0.0.1] >
+R<@> < $* @ localhost.$m >
+ $: < ? $&{client_name} > < $1 @ localhost.$m >
+R<@> < $* @ localhost.UUCP >
+ $: < ? $&{client_name} > < $1 @ localhost.UUCP >
+R<@> $* $: $1 no localhost as domain
+R $=w> $* $: $2 local client: ok
+R $+> <$+> $#error $@ 5.5.4 $: "553 Real domain name required for sender address"
+R> $* $: $1
+R$* $: > $>CanonAddr $1 canonify sender address and mark it
+R> $* < @ $+ . > > $1 < @ $2 > strip trailing dots
+# handle non-DNS hostnames (*.bitnet, *.decnet, *.uucp, etc)
+R> $* < @ $* $=P > $: $1 < @ $2 $3 >
+R> $* < @ $j > $: $1 < @ $j >
+R> $* < @ $+ > $: $(resolve $2 $: $2 $) > $1 < @ $2 >
+R $* <$->> $* < @ $+ >
+ $: <$2> $3 < @ $4 >
+
+
+# handle case of no @domain on address
+R> $* $: $&{daemon_flags} $| > $1
+R$* u $* $| > $* $: $3
+R$* $| $* $: $2
+R> $* $: < ? $&{client_addr} > $1
+R> $* $@ ...local unqualed ok
+R $+> $* $#error $@ 5.5.4 $: "553 Domain name required for sender address " $&f
+ ...remote is not
+# check results
+R> $* $: @ $1 mark address: nothing known about it
+R<$={ResOk}> $* $@ domain ok: stop
+R $* $#error $@ 4.1.8 $: "451 Domain of sender address " $&f " does not resolve"
+R $* $#error $@ 5.1.8 $: "553 Domain of sender address " $&f " does not exist"
+
+######################################################################
+### check_rcpt -- check SMTP `RCPT TO:' command argument
+######################################################################
+
+SLocal_check_rcpt
+Scheck_rcpt
+R$* $: $1 $| $>"Local_check_rcpt" $1
+R$* $| $#$* $#$2
+R$* $| $* $@ $>"Basic_check_rcpt" $1
+
+SBasic_check_rcpt
+# empty address?
+R<> $#error $@ nouser $: "553 User address required"
+R$@ $#error $@ nouser $: "553 User address required"
+# check for deferred delivery mode
+R$* $: < $&{deliveryMode} > $1
+R< d > $* $@ deferred
+R< $* > $* $: $2
+
+
+######################################################################
+R$* $: $1 $| @ $>"Rcpt_ok" $1
+R$* $| @ $#TEMP $+ $: $1 $| T $2
+R$* $| @ $#$* $#$2
+R$* $| @ RELAY $@ RELAY
+R$* $| @ $* $: O $| $>"Relay_ok" $1
+R$* $| T $+ $: T $2 $| $>"Relay_ok" $1
+R$* $| $#TEMP $+ $#error $2
+R$* $| $#$* $#$2
+R$* $| RELAY $@ RELAY
+R T $+ $| $* $#error $1
+# anything else is bogus
+R$* $#error $@ 5.7.1 $: "550 Relaying denied"
+
+
+######################################################################
+### Rcpt_ok: is the recipient ok?
+######################################################################
+SRcpt_ok
+R$* $: $>ParseRecipient $1 strip relayable hosts
+
+
+
+
+# authenticated via TLS?
+R$* $: $1 $| $>RelayTLS client authenticated?
+R$* $| $# $+ $# $2 error/ok?
+R$* $| $* $: $1 no
+
+R$* $: $1 $| $>"Local_Relay_Auth" $&{auth_type}
+R$* $| $# $* $# $2
+R$* $| NO $: $1
+R$* $| $* $: $1 $| $&{auth_type}
+R$* $| $: $1
+R$* $| $={TrustAuthMech} $# RELAY
+R$* $| $* $: $1
+# anything terminating locally is ok
+R$+ < @ $=w > $@ RELAY
+R$+ < @ $* $=R > $@ RELAY
+
+
+
+
+# check for local user (i.e. unqualified address)
+R$* $: > $1
+R> $* < @ $+ > $: $1 < @ $2 >
+# local user is ok
+R> $+ $@ RELAY
+R<$+> $* $: $2
+
+######################################################################
+### Relay_ok: is the relay/sender ok?
+######################################################################
+SRelay_ok
+# anything originating locally is ok
+# check IP address
+R$* $: $&{client_addr}
+R$@ $@ RELAY originated locally
+R0 $@ RELAY originated locally
+R127.0.0.1 $@ RELAY originated locally
+RIPv6:::1 $@ RELAY originated locally
+R$=R $* $@ RELAY relayable IP address
+R$* $: [ $1 ] put brackets around it...
+R$=w $@ RELAY ... and see if it is local
+
+
+# check client name: first: did it resolve?
+R$* $: < $&{client_resolve} >
+R $#TEMP $@ 4.4.0 $: "450 Relaying temporarily denied. Cannot resolve PTR record for " $&{client_addr}
+R $#error $@ 5.7.1 $: "550 Relaying denied. IP name possibly forged " $&{client_name}
+R $#error $@ 5.7.1 $: "550 Relaying denied. IP name lookup failed " $&{client_name}
+R$* $: <@> $&{client_name}
+# pass to name server to make hostname canonical
+R<@> $* $=P $:> $1 $2
+R<@> $+ $:> $[ $1 $]
+R$* . $1 strip trailing dots
+R> $=w $@ RELAY
+R> $* $=R $@ RELAY
+
+
+
+
+######################################################################
+### trust_auth: is user trusted to authenticate as someone else?
+###
+### Parameters:
+### $1: AUTH= parameter from MAIL command
+######################################################################
+
+SLocal_trust_auth
+Strust_auth
+R$* $: $&{auth_type} $| $1
+# required by RFC 2554 section 4.
+R$@ $| $* $#error $@ 5.7.1 $: "550 not authenticated"
+R$* $| $&{auth_authen} $@ identical
+R$* $| <$&{auth_authen}> $@ identical
+R$* $| $* $: $1 $| $>"Local_trust_auth" $2
+R$* $| $#$* $#$2
+R$* $#error $@ 5.7.1 $: "550 " $&{auth_authen} " not allowed to act as " $&{auth_author}
+
+######################################################################
+### Relay_Auth: allow relaying based on authentication?
+###
+### Parameters:
+### $1: ${auth_type}
+######################################################################
+SLocal_Relay_Auth
+
+######################################################################
+### srv_features: which features to offer to a client?
+### (done in server)
+######################################################################
+Ssrv_features
+
+
+######################################################################
+### try_tls: try to use STARTTLS?
+### (done in client)
+######################################################################
+Stry_tls
+
+
+######################################################################
+### tls_rcpt: is connection with server "good" enough?
+### (done in client, per recipient)
+###
+### Parameters:
+### $1: recipient
+######################################################################
+Stls_rcpt
+
+
+######################################################################
+### tls_client: is connection with client "good" enough?
+### (done in server)
+###
+### Parameters:
+### ${verify} $| (MAIL|STARTTLS)
+######################################################################
+Stls_client
+R$* $| $* $@ $>"TLS_connection" $1
+
+######################################################################
+### tls_server: is connection with server "good" enough?
+### (done in client)
+###
+### Parameter:
+### ${verify}
+######################################################################
+Stls_server
+R$* $@ $>"TLS_connection" $1
+
+######################################################################
+### TLS_connection: is TLS connection "good" enough?
+###
+### Parameters:
+### ${verify}
+### Requirement: RHS from access map, may be ? for none.
+######################################################################
+STLS_connection
+RSOFTWARE $#error $@ 4.7.0 $: "403 TLS handshake."
+
+
+######################################################################
+### RelayTLS: allow relaying based on TLS authentication
+###
+### Parameters:
+### none
+######################################################################
+SRelayTLS
+# authenticated?
+
+######################################################################
+### authinfo: lookup authinfo in the access map
+###
+### Parameters:
+### $1: {server_name}
+### $2: {server_addr}
+######################################################################
+Sauthinfo
+
+
+
+
+
+
+
+
+SLocal_localaddr
+R$+ $: $>ParseRecipient $1
+R$* < @ $+ > $* $#relay $@ ${MTAHost} $: $1 < @ $2 > $3
+# DECnet
+R$+ :: $+ $#relay $@ ${MTAHost} $: $1 :: $2
+R$* $#relay $@ ${MTAHost} $: $1 < @ $j >
+#
+######################################################################
+######################################################################
+#####
+##### MAIL FILTER DEFINITIONS
+#####
+######################################################################
+######################################################################
+
+#
+######################################################################
+######################################################################
+#####
+##### MAILER DEFINITIONS
+#####
+######################################################################
+######################################################################
+
+
+##################################################
+### Local and Program Mailer specification ###
+##################################################
+
+##### $Id: local.m4,v 8.59 2004/11/23 00:37:25 ca Exp $ #####
+
+#
+# Envelope sender rewriting
+#
+SEnvFromL
+R<@> $n errors to mailer-daemon
+R@ <@ $*> $n temporarily bypass Sun bogosity
+R$+ $: $>AddDomain $1 add local domain if needed
+R$* $: $>MasqEnv $1 do masquerading
+
+#
+# Envelope recipient rewriting
+#
+SEnvToL
+R$+ < @ $* > $: $1 strip host part
+R$+ + $* $: < $&{addr_type} > $1 + $2 mark with addr type
+R $+ + $* $: $1 remove +detail for sender
+R< $* > $+ $: $2 else remove mark
+
+#
+# Header sender rewriting
+#
+SHdrFromL
+R<@> $n errors to mailer-daemon
+R@ <@ $*> $n temporarily bypass Sun bogosity
+R$+ $: $>AddDomain $1 add local domain if needed
+R$* $: $>MasqHdr $1 do masquerading
+
+#
+# Header recipient rewriting
+#
+SHdrToL
+R$+ $: $>AddDomain $1 add local domain if needed
+R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
+
+#
+# Common code to add local domain name (only if always-add-domain)
+#
+SAddDomain
+
+Mlocal, P=[IPC], F=lmDFMuXkw5, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL,
+ T=DNS/RFC822/SMTP,
+ A=TCP $h
+Mprog, P=[IPC], F=lmDFMuXk5, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL, D=$z:/,
+ T=X-Unix/X-Unix/X-Unix,
+ A=TCP $h
+
+#####################################
+### SMTP Mailer specification ###
+#####################################
+
+##### $Id: smtp.m4,v 8.64 2001/04/03 01:52:54 gshapiro Exp $ #####
+
+#
+# common sender and masquerading recipient rewriting
+#
+SMasqSMTP
+R$* < @ $* > $* $@ $1 < @ $2 > $3 already fully qualified
+R$+ $@ $1 < @ *LOCAL* > add local qualification
+
+#
+# convert pseudo-domain addresses to real domain addresses
+#
+SPseudoToReal
+
+# pass s through
+R< @ $+ > $* $@ < @ $1 > $2 resolve
+
+# output fake domains as user%fake@relay
+
+# do UUCP heuristics; note that these are shared with UUCP mailers
+R$+ < @ $+ .UUCP. > $: < $2 ! > $1 convert to UUCP form
+R$+ < @ $* > $* $@ $1 < @ $2 > $3 not UUCP form
+
+# leave these in .UUCP form to avoid further tampering
+R< $&h ! > $- ! $+ $@ $2 < @ $1 .UUCP. >
+R< $&h ! > $-.$+ ! $+ $@ $3 < @ $1.$2 >
+R< $&h ! > $+ $@ $1 < @ $&h .UUCP. >
+R< $+ ! > $+ $: $1 ! $2 < @ $Y > use UUCP_RELAY
+R$+ < @ $~[ $* : $+ > $@ $1 < @ $4 > strip mailer: part
+R$+ < @ > $: $1 < @ *LOCAL* > if no UUCP_RELAY
+
+
+#
+# envelope sender rewriting
+#
+SEnvFromSMTP
+R$+ $: $>PseudoToReal $1 sender/recipient common
+R$* :; <@> $@ list:; special case
+R$* $: $>MasqSMTP $1 qualify unqual'ed names
+R$+ $: $>MasqEnv $1 do masquerading
+
+
+#
+# envelope recipient rewriting --
+# also header recipient if not masquerading recipients
+#
+SEnvToSMTP
+R$+ $: $>PseudoToReal $1 sender/recipient common
+R$+ $: $>MasqSMTP $1 qualify unqual'ed names
+R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
+
+#
+# header sender and masquerading header recipient rewriting
+#
+SHdrFromSMTP
+R$+ $: $>PseudoToReal $1 sender/recipient common
+R:; <@> $@ list:; special case
+
+# do special header rewriting
+R$* <@> $* $@ $1 <@> $2 pass null host through
+R< @ $* > $* $@ < @ $1 > $2 pass route-addr through
+R$* $: $>MasqSMTP $1 qualify unqual'ed names
+R$+ $: $>MasqHdr $1 do masquerading
+
+
+#
+# relay mailer header masquerading recipient rewriting
+#
+SMasqRelay
+R$+ $: $>MasqSMTP $1
+R$+ $: $>MasqHdr $1
+
+Msmtp, P=[IPC], F=mDFMuXk5, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
+ T=DNS/RFC822/SMTP,
+ A=TCP $h
+Mesmtp, P=[IPC], F=mDFMuXak5, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
+ T=DNS/RFC822/SMTP,
+ A=TCP $h
+Msmtp8, P=[IPC], F=mDFMuX8k5, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
+ T=DNS/RFC822/SMTP,
+ A=TCP $h
+Mdsmtp, P=[IPC], F=mDFMuXa%k5, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
+ T=DNS/RFC822/SMTP,
+ A=TCP $h
+Mrelay, P=[IPC], F=mDFMuXa8k, S=EnvFromSMTP/HdrFromSMTP, R=MasqSMTP, E=\r\n, L=2040,
+ T=DNS/RFC822/SMTP,
+ A=TCP $h
+
+### submit.mc ###
+# divert(-1)
+# #
+# # Copyright (c) 2001-2003 Sendmail, Inc. and its suppliers.
+# # All rights reserved.
+# #
+# # By using this file, you agree to the terms and conditions set
+# # forth in the LICENSE file which can be found at the top level of
+# # the sendmail distribution.
+# #
+# #
+#
+# #
+# # This is the prototype file for a set-group-ID sm-msp sendmail that
+# # acts as a initial mail submission program.
+# #
+#
+# divert(0)dnl
+# include(`/usr/share/sendmail-cf/m4/cf.m4')
+# VERSIONID(`linux setup for Red Hat Linux')dnl
+# define(`confCF_VERSION', `Submit')dnl
+# define(`__OSTYPE__',`')dnl dirty hack to keep proto.m4 from complaining
+# define(`_USE_DECNET_SYNTAX_', `1')dnl support DECnet
+# define(`confTIME_ZONE', `USE_TZ')dnl
+# define(`confDONT_INIT_GROUPS', `True')dnl
+# define(`confPID_FILE', `/var/run/sm-client.pid')dnl
+# dnl define(`confDIRECT_SUBMISSION_MODIFIERS',`C')
+# FEATURE(`use_ct_file')dnl
+# dnl
+# dnl If you use IPv6 only, change [127.0.0.1] to [IPv6:::1]
+# FEATURE(`msp', `[127.0.0.1]')dnl
diff --git a/testing/mailman/mail/submit.mc b/testing/mailman/mail/submit.mc
new file mode 100644
index 0000000..402a5ab
--- /dev/null
+++ b/testing/mailman/mail/submit.mc
@@ -0,0 +1,30 @@
+divert(-1)
+#
+# Copyright (c) 2001-2003 Sendmail, Inc. and its suppliers.
+# All rights reserved.
+#
+# By using this file, you agree to the terms and conditions set
+# forth in the LICENSE file which can be found at the top level of
+# the sendmail distribution.
+#
+#
+
+#
+# This is the prototype file for a set-group-ID sm-msp sendmail that
+# acts as a initial mail submission program.
+#
+
+divert(0)dnl
+include(`/usr/share/sendmail-cf/m4/cf.m4')
+VERSIONID(`linux setup for Red Hat Linux')dnl
+define(`confCF_VERSION', `Submit')dnl
+define(`__OSTYPE__',`')dnl dirty hack to keep proto.m4 from complaining
+define(`_USE_DECNET_SYNTAX_', `1')dnl support DECnet
+define(`confTIME_ZONE', `USE_TZ')dnl
+define(`confDONT_INIT_GROUPS', `True')dnl
+define(`confPID_FILE', `/var/run/sm-client.pid')dnl
+dnl define(`confDIRECT_SUBMISSION_MODIFIERS',`C')
+FEATURE(`use_ct_file')dnl
+dnl
+dnl If you use IPv6 only, change [127.0.0.1] to [IPv6:::1]
+FEATURE(`msp', `[127.0.0.1]')dnl
diff --git a/testing/mailman/mail/virtusertable b/testing/mailman/mail/virtusertable
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/testing/mailman/mail/virtusertable
diff --git a/testing/mailman/mail/virtusertable.db b/testing/mailman/mail/virtusertable.db
new file mode 100644
index 0000000..ca6a670
Binary files /dev/null and b/testing/mailman/mail/virtusertable.db differ