diff options
| author | Peter Wemm <peter@FreeBSD.org> | 1998-01-11 13:55:14 +0000 |
|---|---|---|
| committer | Peter Wemm <peter@FreeBSD.org> | 1998-01-11 13:55:14 +0000 |
| commit | 470e6ca10462fdcd2f6214726ab40ae1d7cba112 (patch) | |
| tree | 741858dab954d0858c4d180a9ab5fa40351bf6b6 /usr.sbin/sendmail | |
| parent | e06bf9205a2230acb496e198f3d0981adea9e655 (diff) | |
Notes
Diffstat (limited to 'usr.sbin/sendmail')
| -rw-r--r-- | usr.sbin/sendmail/cf/cf/hub.mc | 144 |
1 files changed, 113 insertions, 31 deletions
diff --git a/usr.sbin/sendmail/cf/cf/hub.mc b/usr.sbin/sendmail/cf/cf/hub.mc index a76843753afb..7b0791bf1dca 100644 --- a/usr.sbin/sendmail/cf/cf/hub.mc +++ b/usr.sbin/sendmail/cf/cf/hub.mc @@ -40,7 +40,7 @@ divert(-1) divert(0)dnl include(../m4/cf.m4) -VERSIONID(`$Id: hub.mc,v 1.1.4.3 1997/09/28 12:37:50 peter Exp $') +VERSIONID(`$Id: hub.mc,v 1.1.4.4 1997/10/06 04:14:59 peter Exp $') OSTYPE(bsd4.4)dnl DOMAIN(generic)dnl @@ -51,6 +51,7 @@ FEATURE(mailertable, `hash -o /etc/mailertable')dnl FEATURE(masquerade_envelope)dnl EXPOSED_USER(root)dnl EXPOSED_USER(mailman)dnl +define(`ALIAS_FILE', `/etc/aliases,/etc/majordomo.aliases')dnl define(`UUCP_RELAY', uunet.uu.net)dnl define(`BITNET_RELAY', mailhost.Berkeley.EDU)dnl define(`CSNET_RELAY', mailhost.Berkeley.EDU)dnl @@ -60,13 +61,21 @@ define(`confAUTO_REBUILD', `True')dnl define(`confMIN_FREE_BLOCKS', `1024')dnl define(`confSMTP_MAILER', `smtp8')dnl define(`confME_TOO', `True')dnl +define(`confMCI_CACHE_SIZE', `5')dnl define(`confMCI_CACHE_TIMEOUT', `10m')dnl define(`confTO_QUEUEWARN', `1d')dnl define(`confTO_QUEUEWARN_NORMAL', `1d')dnl -define(`confTO_RCPT', `10m')dnl +define(`confTO_INITIAL', `1m')dnl +define(`confTO_CONNECT', `1m')dnl +define(`confTO_ICONNECT', `1m')dnl +define(`confTO_HELO', `2m')dnl +define(`confTO_MAIL', `4m')dnl +define(`confTO_RCPT', `4m')dnl +define(`confTO_DATAINIT', `2m')dnl define(`confTO_DATABLOCK', `10m')dnl define(`confTO_DATAFINAL', `10m')dnl -define(`confTO_COMMAND', `10m')dnl +define(`confTO_RSET', `1m')dnl +define(`confTO_COMMAND', `5m')dnl define(`confTO_HOSTSTATUS', `30m')dnl define(`confMIN_QUEUE_AGE', `30m')dnl define(`confNO_RCPT_ACTION', `add-to-undisclosed')dnl @@ -76,7 +85,7 @@ define(`confRECEIVED_HEADER', `$?sfrom $s $.$?_($?s$|from $.$_) for $u; $|; $.$b$?g (envelope-from $g)$.')dnl -define(`confHOST_STATUS_DIRECTORY', `.hoststat')dnl +define(`confHOST_STATUS_DIRECTORY', `/var/spool/hoststat')dnl define(`confMAX_DAEMON_CHILDREN', `8')dnl define(`confCONNECTION_THROTTLE_RATE', `1')dnl define(`confFORWARD_PATH', `/var/forward/$u')dnl @@ -85,40 +94,113 @@ LOCAL_CONFIG Cw localhost freefall.freebsd.org Kdenyip hash -o -a.REJECT /etc/mail/denyip.db +Kfakenames hash -o -a.REJECT /etc/mail/fakenames.db Kspamsites hash -o -a.REJECT /etc/mail/spamsites.db +# helper rulsesets; useful for debugging sendmail configurations +# +# +Scheck_rbl +# lookup up an ip address in the Realtime Blackhole List. +R$-.$-.$-.$- $: $(host $4.$3.$2.$1.rbl.maps.vix.com. $:OK $) + +Sxlat # for sendmail -bt +# sendmail treats "$" and "|" as two distinct tokens +# this rule "pastes" them together into one token +# and then calls check_relay. +R$* $$| $* $: $1 $| $2 +R$* $| $* $@ $>check_relay $1 $| $2 + Scheck_relay -# called with host.tld and IP address of connecting host. -# ip address must NOT be in the "denyip" database -R$* $| [$+ $1 $| $2 should not be needed -R$* $| $+] $1 $| $2 same (bat 2nd ed p510) +# called with "hostname.tld $| IP address" of connecting host. +# hostname.tld is the fully-qualified domain name +# IP address is dotted-quad with surrounding "[]" brackets. +# +# each group of rules in this ruleset is independent. +# each accepts and return "hostname.tld $| IP address" +# use the ones that you want comment out the rest +# you may rearrange the groups but not the rules in each group. +# each group is preceded and followed by a comment +# +# host must NOT be in the "spamsites" database--BEGIN +R$* $| $* $: <$1 $| $2> $1 +R<$*> $+.$+.$+ <$1> $3.$4 +R<$*> $+.$+ $: <$1> $(spamsites $2.$3 $) +R<$*> $*.REJECT $#error $: "521 blocked. contact postmaster@FreeBSD.ORG" +R<$*> $* $: $1 +# host must NOT be in the "spamsites" database--END +# ip address must NOT be in the "denyip" database--BEGIN R$* $| $* $: $1 $| $(denyip $2 $) -R$* $| $*.REJECT $#error $: 521 blocked. contact postmaster@FreeBSD.ORG ($2) -# host must *not* be in the "spamsites" database -R$+.$+.$+ $| $* $2.$3 $| $4 -R$+.$+ $| $* $: $(spamsites $1.$2 $) $| $3 -R$*.REJECT $| $* $#error $: 521 blocked. contact postmaster@FreeBSD.ORG ($1) -# Host must be resolvable -#R$* $| $* $: <?> <$1 $| $2> $>3 foo@$1 -#R<?> <$*> $*<@$*.> $: $1 -#R<?> <$*> $*<@$*> $#error $: 451 Domain does not resolve ($1) +R$* $| $*.REJECT $#error $: "521 blocked. contact postmaster@FreeBSD.ORG" +# ip address must NOT be in the "denyip" database--END +# ip address must NOT be in Paul Vixie's RBL--BEGIN +R$* $| $* $: <$1 $| $2> $>check_rbl $2 +R$*.com. $#error $: "550 Mail refused, see http://maps.vix.com/rbl" +R<$*> $* $: $1 +# ip address must NOT be in Paul Vixie's RBL--END +R$* $@ OK -# spamsites database optional--fail safe, deliver the mail. Scheck_mail -# called with envelope sender, "Mail From: xxx", of SMTP conversation +# called with envelope sender (everything after ":") in +# "Mail From: xxx", of SMTP conversation +# may or may not have "<" ">" +# the groups of rules in this ruleset ARE NOT independent. +# "remove all RFC-822 comments" must come first +# "Connecting Host" and "Paul Vixie's RBL" must be last # -# can't force DNS, Poul-Henning Kamp and others dont resolve -# <root@dgbmsu1.s2.dgb.tfs>... Domain does not resolve +# use the ones that you want comment out the rest +# each group is preceded and followed by a comment # -R$* $: <?> $>3 $1 -R<?> $* < @ $+ . > $: $2 -# R<?> $* < @ $+ > $#error $: "451 Domain does not resolve" -R<?> $* < @ $+ > $: $2 -R$+.$+.$+ $2.$3 -R$* $: $(spamsites $1 $: OK $) -ROK $@ OK +# remove all RFC-822 comments--BEGIN +# MUST be first rule in check_mail rulseset. +R$* $: $>3 $1 +# remove all RFC-822 comments--END +# mail must come from a DNS resolvable host--BEGIN +R$* < @ $+ . > $: $1 @ $2 +R$* < @ $+ > $#error $: "451 Domain does not resolve" +# mail must come from a DNS resolvable host--END +# mail must NOT come from a known source of spam--BEGIN +# resolved. second check: one of the know spam sources? +R$+ @$+ $: <$1@$2> $2 +R<$*> $+.$+.$+ <$1> $3.$4 +R<$*> $* $: $(spamsites $2 $: OK $) R$+.REJECT $#error $: 521 $1 +R<$*> $* $: $1 +# mail must NOT come from a known source of spam--END +# Connecting Host must resolve--BEGIN +R$* $: $1 $: $(dequote "" $&{client_name} $) +R$* $: $>3 foo@$1 +R<$*> $*<@$*> $#error $: "451 Domain does not resolve" +# Connecting Host must resolve--END +# ip address must NOT be in Paul Vixie's RBL--BEGIN +R$* $: $(dequote "" $&{client_addr} $) +R0 $@ OK +R$* $: $>check_rbl $1 +R$*.com. $#error $: "550 Mail refused, see http://maps.vix.com/rbl" +# ip address must NOT be in Paul Vixie's RBL--END +R$* $@ OK + +Scheck_rcpt +# called with envelope recipient (everything after ":") in +# "Rcpt To: xxx", of SMTP conversation +# may or may not have "<" ">" and or RFC-822 comments. +# let ruleset 3 clean this up for us. +# mail must NOT be addressed "fakenames"--BEGIN +R$* $: <$1> $>3 $1 +R<$*> $+ < @ $+ > $: <$1> $(fakenames $2 $: OK $) +R$+.REJECT $#error $: 521 $1 +R<$*> $* $: $1 +# mail must NOT be addressed "fakenames"--END +# mail must come from or go to this mahcine or machines we allow to relay--BEGIN +# R$* $: $>Parse0 $>3 $1 +# R$+ < @ $* . > $* $: $1 < @ $2 > +# R<$+ @ $=w> $@ OK +# R<$+ @ $* $=R> $@ OK +# R$* $: $(dequote "" $&{client_name} $) +# R$=w $@ OK +# R$* $=R $@ OK +# R$@ $@ OK +# R$* $#error $: "550 Relaying Denied" +# mail must come from or go to this mahcine or machines we allow to relay--BEGIN +R$* $@ OK -Sxlat # for sendmail -bt -R$* $$| $* $: $1 $| $2 -R$* $| $* $@ $>check_relay $1 $| $2 |