diff options
Diffstat (limited to 'contrib/sendmail/cf')
| -rw-r--r-- | contrib/sendmail/cf/README | 21 | ||||
| -rw-r--r-- | contrib/sendmail/cf/cf/submit.cf | 15 | ||||
| -rw-r--r-- | contrib/sendmail/cf/cf/submit.mc | 4 | ||||
| -rw-r--r-- | contrib/sendmail/cf/m4/cfhead.m4 | 4 | ||||
| -rw-r--r-- | contrib/sendmail/cf/m4/proto.m4 | 26 | ||||
| -rw-r--r-- | contrib/sendmail/cf/m4/version.m4 | 4 |
6 files changed, 41 insertions, 33 deletions
diff --git a/contrib/sendmail/cf/README b/contrib/sendmail/cf/README index 1a59f9df54a1..725f72a33742 100644 --- a/contrib/sendmail/cf/README +++ b/contrib/sendmail/cf/README @@ -2765,15 +2765,14 @@ ${server_addr} the address of the server of the current outgoing SMTP Relaying -------- - SMTP STARTTLS can allow relaying for remote SMTP clients which have -successfully authenticated themselves. This is done in the ruleset -RelayAuth. If the verification of the cert failed (${verify} != OK), -relaying is subject to the usual rules. Otherwise the DN of the issuer is -looked up in the access map using the tag CERTISSUER. If the resulting -value is RELAY, relaying is allowed. If it is SUBJECT, the DN of the cert -subject is looked up next in the access map using the tag CERTSUBJECT. If -the value is RELAY, relaying is allowed. +successfully authenticated themselves. If the verification of the cert +failed (${verify} != OK), relaying is subject to the usual rules. +Otherwise the DN of the issuer is looked up in the access map using the +tag CERTISSUER. If the resulting value is RELAY, relaying is allowed. +If it is SUBJECT, the DN of the cert subject is looked up next in the +access map using the tag CERTSUBJECT. If the value is RELAY, relaying +is allowed. ${cert_issuer} and ${cert_subject} can be optionally modified by regular expressions defined in the m4 variables _CERT_REGEX_ISSUER_ and @@ -3245,7 +3244,9 @@ and on relay.machine use the mailertable: The [square brackets] turn off MX records for this host only. If you didn't do this, the mailertable would use the MX record -again, which would give you an MX loop. +again, which would give you an MX loop. Note that the use of +wildcard MX records is almost always a bad idea. Please avoid +using them if possible. +--------------------------------+ @@ -4374,4 +4375,4 @@ M4 DIVERSIONS 8 DNS based blacklists 9 special local rulesets (1 and 2) -$Revision: 8.623.2.23 $, Last updated $Date: 2003/03/28 17:28:26 $ +$Revision: 8.623.2.25 $, Last updated $Date: 2003/06/18 18:47:21 $ diff --git a/contrib/sendmail/cf/cf/submit.cf b/contrib/sendmail/cf/cf/submit.cf index 84f25304871a..f7d3e18cce4d 100644 --- a/contrib/sendmail/cf/cf/submit.cf +++ b/contrib/sendmail/cf/cf/submit.cf @@ -1,5 +1,5 @@ # -# Copyright (c) 1998-2002 Sendmail, Inc. and its suppliers. +# Copyright (c) 1998-2003 Sendmail, Inc. and its suppliers. # All rights reserved. # Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved. # Copyright (c) 1988, 1993 @@ -24,15 +24,15 @@ ###################################################################### ###################################################################### -##### $Id: cfhead.m4,v 8.108.2.2 2003/03/11 21:24:20 ca Exp $ ##### +##### $Id: cfhead.m4,v 8.108.2.3 2003/04/03 17:51:51 ca Exp $ ##### ##### $Id: cf.m4,v 8.32 1999/02/07 07:26:14 gshapiro Exp $ ##### -##### $Id: submit.mc,v 8.6.2.4 2002/12/29 03:54:34 ca Exp $ ##### +##### $Id: submit.mc,v 8.6.2.7 2003/09/10 22:11:56 ca Exp $ ##### ##### $Id: msp.m4,v 1.32 2002/03/26 22:02:03 ca Exp $ ##### ##### $Id: no_default_msa.m4,v 8.2 2001/02/14 05:03:22 gshapiro Exp $ ##### -##### $Id: proto.m4,v 8.649.2.17 2003/03/28 17:20:53 ca Exp $ ##### +##### $Id: proto.m4,v 8.649.2.24 2003/08/04 21:14:26 ca Exp $ ##### # level 10 config file format V10/Berkeley @@ -110,7 +110,7 @@ D{MTAHost}[127.0.0.1] # Configuration version number -DZ8.12.9/Submit +DZ8.12.10/Submit ############### @@ -834,7 +834,8 @@ R< $+ > $+ $@ $>MailerToTriple < $1 > $2 < @ $1 > SMailerToTriple=95 R< > $* $@ $1 strip off null relay R< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4 -R< error : $- $+ > $* $#error $@ $(dequote $1 $) $: $2 +R< error : $- : $+ > $* $#error $@ $(dequote $1 $) $: $2 +R< error : $+ > $* $#error $: $1 R< local : $* > $* $>CanonLocal < $1 > $2 R< $~[ : $+ @ $+ > $*<$*>$* $# $1 $@ $3 $: $2<@$3> use literal user R< $~[ : $+ > $* $# $1 $@ $2 $: $3 try qualified mailer @@ -1137,7 +1138,7 @@ R$* $: $&{auth_type} $| $1 R$@ $| $* $#error $@ 5.7.1 $: "550 not authenticated" R$* $| $&{auth_authen} $@ identical R$* $| <$&{auth_authen}> $@ identical -R$* $| $* $: $1 $| $>"Local_trust_auth" $1 +R$* $| $* $: $1 $| $>"Local_trust_auth" $2 R$* $| $#$* $#$2 R$* $#error $@ 5.7.1 $: "550 " $&{auth_authen} " not allowed to act as " $&{auth_author} diff --git a/contrib/sendmail/cf/cf/submit.mc b/contrib/sendmail/cf/cf/submit.mc index 6177506749d8..26393c381969 100644 --- a/contrib/sendmail/cf/cf/submit.mc +++ b/contrib/sendmail/cf/cf/submit.mc @@ -1,6 +1,6 @@ divert(-1) # -# Copyright (c) 2001, 2002 Sendmail, Inc. and its suppliers. +# Copyright (c) 2001-2003 Sendmail, Inc. and its suppliers. # All rights reserved. # # By using this file, you agree to the terms and conditions set @@ -15,7 +15,7 @@ divert(-1) # divert(0)dnl -VERSIONID(`$Id: submit.mc,v 8.6.2.4 2002/12/29 03:54:34 ca Exp $') +VERSIONID(`$Id: submit.mc,v 8.6.2.7 2003/09/10 22:11:56 ca Exp $') define(`confCF_VERSION', `Submit')dnl define(`__OSTYPE__',`')dnl dirty hack to keep proto.m4 from complaining define(`_USE_DECNET_SYNTAX_', `1')dnl support DECnet diff --git a/contrib/sendmail/cf/m4/cfhead.m4 b/contrib/sendmail/cf/m4/cfhead.m4 index 7eb27eeb9f63..db3fae712403 100644 --- a/contrib/sendmail/cf/m4/cfhead.m4 +++ b/contrib/sendmail/cf/m4/cfhead.m4 @@ -1,5 +1,5 @@ # -# Copyright (c) 1998-2002 Sendmail, Inc. and its suppliers. +# Copyright (c) 1998-2003 Sendmail, Inc. and its suppliers. # All rights reserved. # Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved. # Copyright (c) 1988, 1993 @@ -305,4 +305,4 @@ define(`confMILTER_MACROS_ENVRCPT', ``{rcpt_mailer}, {rcpt_host}, {rcpt_addr}'') divert(0)dnl -VERSIONID(`$Id: cfhead.m4,v 8.108.2.2 2003/03/11 21:24:20 ca Exp $') +VERSIONID(`$Id: cfhead.m4,v 8.108.2.3 2003/04/03 17:51:51 ca Exp $') diff --git a/contrib/sendmail/cf/m4/proto.m4 b/contrib/sendmail/cf/m4/proto.m4 index 1b9481f2340c..411bba0495ef 100644 --- a/contrib/sendmail/cf/m4/proto.m4 +++ b/contrib/sendmail/cf/m4/proto.m4 @@ -1,6 +1,6 @@ divert(-1) # -# Copyright (c) 1998-2002 Sendmail, Inc. and its suppliers. +# Copyright (c) 1998-2003 Sendmail, Inc. and its suppliers. # All rights reserved. # Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved. # Copyright (c) 1988, 1993 @@ -13,7 +13,7 @@ divert(-1) # divert(0) -VERSIONID(`$Id: proto.m4,v 8.649.2.17 2003/03/28 17:20:53 ca Exp $') +VERSIONID(`$Id: proto.m4,v 8.649.2.24 2003/08/04 21:14:26 ca Exp $') # level CF_LEVEL config file format V`'CF_LEVEL/ifdef(`VENDOR_NAME', `VENDOR_NAME', `Berkeley') @@ -1283,6 +1283,7 @@ R< $* > $* $@ $2 no mailertable match', dnl input: in general: <[mailer:]host> lp<@domain>rest dnl <> address -> address dnl <error:d.s.n:text> -> error +dnl <error:keyword:text> -> error dnl <error:text> -> error dnl <mailer:user@host> lp<@domain>rest -> mailer host user dnl <mailer:host> address -> mailer host address @@ -1293,7 +1294,8 @@ dnl <host> address -> relay host address SMailerToTriple=95 R< > $* $@ $1 strip off null relay R< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4 -R< error : $- $+ > $* $#error $@ $(dequote $1 $) $: $2 +R< error : $- : $+ > $* $#error $@ $(dequote $1 $) $: $2 +R< error : $+ > $* $#error $: $1 R< local : $* > $* $>CanonLocal < $1 > $2 dnl it is $~[ instead of $- to avoid matches on IPv6 addresses R< $~[ : $+ @ $+ > $*<$*>$* $# $1 $@ $3 $: $2<@$3> use literal user @@ -1909,8 +1911,10 @@ R<@> < $* @ $+ . $+ > $: < $1 @ $2 . $3 > dnl prepend daemon_flags R<@> $* $: $&{daemon_flags} $| <@> $1 dnl workspace: ${daemon_flags} $| <@> <address> +dnl 'r'equire qual.rcpt: ok +R$* r $* $| <@> < $+ @ $+ > $: < $3 @ $4 > dnl do not allow these at all or only from local systems? -R$* r $* $| <@> < $* @ $* > $: < ? $&{client_name} > < $3 @ $4 > +R$* r $* $| <@> < $* > $: < ? $&{client_name} > < $3 > R<?> < $* > $: <$1> R<? $=w> < $* > $: <$1> R<? $+> <$+> $#error $@ 5.5.4 $: "553 Fully qualified domain name required" @@ -2195,22 +2199,24 @@ R$* <@ $+ . > $1 <@ $2 > R$* <@ $* > $@ $1 <@ $2 > R$+ $@ $1 <@ $j > -SDelay_TLS_Client +SDelay_TLS_Clt # authenticated? dnl code repeated here from Basic_check_mail dnl only called from check_rcpt in delay mode if checkrcpt returns $# R$* $: $1 $| $>"tls_client" $&{verify} $| MAIL R$* $| $#$+ $#$2 dnl return result from checkrcpt +R$* $| $* $# $1 R$* $# $1 -SDelay_TLS_Client2 +SDelay_TLS_Clt2 # authenticated? dnl code repeated here from Basic_check_mail dnl only called from check_rcpt in delay mode if stopping due to Friend/Hater R$* $: $1 $| $>"tls_client" $&{verify} $| MAIL R$* $| $#$+ $#$2 dnl return result from friend/hater check +R$* $| $* $@ $1 R$* $@ $1 # call all necessary rulesets @@ -2225,7 +2231,7 @@ dnl on error (or discard) stop now R$+ $| $#error $* $#error $2 R$+ $| $#discard $* $#discard $2 dnl otherwise call tls_client; see above -R$+ $| $#$* $@ $>"Delay_TLS_Client" $2 +R$+ $| $#$* $@ $>"Delay_TLS_Clt" $2 R$+ $| $* $: <?> $>FullAddr $>CanonAddr $1 ifdef(`_SPAM_FH_', `dnl lookup user@ and user@address @@ -2247,13 +2253,13 @@ ifdef(`_SPAM_FRIEND_', ifdef(`_SPAM_HATER_', `errprint(`*** ERROR: define either Hater or Friend -- not both. ')', `dnl') -R<FRIEND> $+ $@ $>"Delay_TLS_Client2" SPAMFRIEND +R<FRIEND> $+ $@ $>"Delay_TLS_Clt2" SPAMFRIEND R<$*> $+ $: $2', `dnl') ifdef(`_SPAM_HATER_', `# is the recipient no spam hater? R<HATER> $+ $: $1 spam hater: continue checks -R<$*> $+ $@ $>"Delay_TLS_Client2" NOSPAMHATER everyone else: stop +R<$*> $+ $@ $>"Delay_TLS_Clt2" NOSPAMHATER everyone else: stop dnl',`dnl') dnl run further checks: check_mail dnl should we "clean up" $&f? @@ -2467,7 +2473,7 @@ dnl seems to be useful... R$* $| $&{auth_authen} $@ identical R$* $| <$&{auth_authen}> $@ identical dnl call user supplied code -R$* $| $* $: $1 $| $>"Local_trust_auth" $1 +R$* $| $* $: $1 $| $>"Local_trust_auth" $2 R$* $| $#$* $#$2 dnl default: error R$* $#error $@ 5.7.1 $: "550 " $&{auth_authen} " not allowed to act as " $&{auth_author} diff --git a/contrib/sendmail/cf/m4/version.m4 b/contrib/sendmail/cf/m4/version.m4 index 7989c5fdca6b..299588f3d7e5 100644 --- a/contrib/sendmail/cf/m4/version.m4 +++ b/contrib/sendmail/cf/m4/version.m4 @@ -11,8 +11,8 @@ divert(-1) # the sendmail distribution. # # -VERSIONID(`$Id: version.m4,v 8.92.2.15 2003/03/19 21:19:52 ca Exp $') +VERSIONID(`$Id: version.m4,v 8.92.2.22 2003/09/16 20:02:05 ca Exp $') # divert(0) # Configuration version number -DZ8.12.9`'ifdef(`confCF_VERSION', `/confCF_VERSION') +DZ8.12.10`'ifdef(`confCF_VERSION', `/confCF_VERSION') |