ratfs - mail address ratification file system
ratfs [ -d ] [ -c configuration ] [ -f classification ] [ -m mountpoint
Ratfs starts a process that mounts itself (see bind(2)) on mountpoint
(default /mail/ratify). Ratfs is a persistent representation of the
local network configuration and spam blocking list. Without it each
instance of smtpd(6) would need to reread and parse a multimegabyte
list of addresses and accounts.
Ratfs serves a control file, ctl, and several top level directories:
trusted, deny, dial, block, delay, and allow.
The control file is write only and accepts three possible commands:
reload rereads classification and configuration
creates file and sends debugging output to it.
closes the debug file and turns off debugging
The directory trusted serves a file for each IP range from which all
mail is trusted. The names of the files are CIDR blocks; an IP address
or an IP address followed by #n, where n is the number of bits to
match. To check if any IP address falls in a trusted range, it is suf‐
ficient to open the file whose name is the IP address. For example, if
trusted contains only the file 188.8.131.52#16, an attempt to open the
file 184.108.40.206 will succeed while opening 10.1.1.1 will fail. To
determine the particular range matched, dirfstat (see stat (2)) the
open file and the name field will be the matching CIDR range.
The trusted ranges come both from the ournet entries in the file con‐
figuration (default /mail/lib/blocked) and from creates, typically done
by imap4d (see ipserv(8)) and pop3 (see mail(1)) whenever they are used
to read someone's mail.
The remaining directories, allow, block, delay, deny, and dial, repre‐
sent the contents of the classification (default
/mail/lib/smtpd.conf.ext). Each contains two directories; ip and
account. The ip directory has the same open semantics as the trusted
directory, i.e., to check if an IP address falls in that category, try
to open a file whose name is the IP address. The account directory is
similar but is used for matching strings. Each file in the directory
represents a regular expression. To see if one of the strings matches
one of the regular expressions, try to open the file whose name is the
string. If it succeeds, then there is a regular expression that
matches. To determine the regular expression, fstat the open file.
The name field will be the regular expression.
There is a direct mapping from entries in classification and files
under allow, block, delay, deny, and dial. A configuration file entry
of the form:
corresponds to the file dial/ip/220.127.116.11#24. An entry of the form
corresponds to the file block/account/.*!gre.
Both the configuration file and control file formats are described in