1divert(-1)
2#
| 1divert(-1)
2#
|
3# Copyright (c) 1998-2001, 2004, 2005 Proofpoint, Inc. and its suppliers.
4# All rights reserved.
| 3# Copyright (c) 1998 Sendmail, Inc. All rights reserved.
|
5# Copyright (c) 1983 Eric P. Allman. All rights reserved.
6# Copyright (c) 1988, 1993
7# The Regents of the University of California. All rights reserved.
8#
9# By using this file, you agree to the terms and conditions set
10# forth in the LICENSE file which can be found at the top level of
11# the sendmail distribution.
12#
13#
14
15#
16# This is specific to Eric's home machine.
17#
| 4# Copyright (c) 1983 Eric P. Allman. All rights reserved.
5# Copyright (c) 1988, 1993
6# The Regents of the University of California. All rights reserved.
7#
8# By using this file, you agree to the terms and conditions set
9# forth in the LICENSE file which can be found at the top level of
10# the sendmail distribution.
11#
12#
13
14#
15# This is specific to Eric's home machine.
16#
|
18# Run daemon with -bd -q5m
19#
| |
20
| 17
|
21divert(0)
22VERSIONID(`$Id: knecht.mc,v 8.63 2013-11-22 20:51:08 ca Exp $')
23OSTYPE(bsd4.4)
24DOMAIN(generic)
| 18divert(0)dnl
19VERSIONID(`@(#)knecht.mc 8.30 (Berkeley) 6/11/98')
20OSTYPE(bsd4.4)dnl
21DOMAIN(generic)dnl
22define(`confFORWARD_PATH', `$z/.forward.$w:$z/.forward+$h:$z/.forward')dnl
23define(`confDEF_USER_ID', `mailnull')dnl
24define(`confHOST_STATUS_DIRECTORY', `.hoststat')dnl
25define(`confTO_ICONNECT', `10s')dnl
26define(`confCOPY_ERRORS_TO', `Postmaster')dnl
27define(`confTO_QUEUEWARN', `8h')dnl
28define(`confTRUSTED_USERS', `www')dnl
29define(`confPRIVACY_FLAGS', ``authwarnings,noexpn,novrfy'')dnl
30FEATURE(virtusertable)dnl
31FEATURE(access_db)dnl
32FEATURE(local_lmtp)dnl
33define(`LOCAL_MAILER_FLAGS', LOCAL_MAILER_FLAGS`'P)dnl
34MAILER(local)dnl
35MAILER(smtp)dnl
|
25
| 36
|
26define(`ALIAS_FILE', ``/etc/mail/aliases, /etc/mail/lists/sendmail.org/aliases, /var/listmanager/aliases'')
27define(`confFORWARD_PATH', `$z/.forward.$w:$z/.forward+$h:$z/.forward')
28define(`confDEF_USER_ID', `mailnull')
29define(`confHOST_STATUS_DIRECTORY', `.hoststat')
30define(`confTO_ICONNECT', `10s')
31define(`confTO_QUEUEWARN', `8h')
32define(`confMIN_QUEUE_AGE', `27m')
33define(`confTRUSTED_USER', `smtrust')
34define(`confTRUSTED_USERS', ``www listmgr'')
35define(`confPRIVACY_FLAGS', ``authwarnings,noexpn,novrfy'')
36
37define(`CERT_DIR', `MAIL_SETTINGS_DIR`'certs')
38define(`confCACERT_PATH', `CERT_DIR')
39define(`confCACERT', `CERT_DIR/CAcert.pem')
40define(`confSERVER_CERT', `CERT_DIR/MYcert.pem')
41define(`confSERVER_KEY', `CERT_DIR/MYkey.pem')
42define(`confCLIENT_CERT', `CERT_DIR/MYcert.pem')
43define(`confCLIENT_KEY', `CERT_DIR/MYkey.pem')
44
45define(`CYRUS_MAILER_PATH', `/usr/local/cyrus/bin/deliver')
46define(`CYRUS_MAILER_FLAGS', `fAh5@/:|')
47
48FEATURE(`access_db')
49FEATURE(`blacklist_recipients')
50FEATURE(`local_lmtp')
51FEATURE(`virtusertable')
52FEATURE(`mailertable')
53
54FEATURE(`nocanonify', `canonify_hosts')
55CANONIFY_DOMAIN(`sendmail.org')
56CANONIFY_DOMAIN_FILE(`/etc/mail/canonify-domains')
57
58dnl # at most 10 queue runners
59define(`confMAX_QUEUE_CHILDREN', `20')
60
61define(`confMAX_RUNNERS_PER_QUEUE', `5')
62
63dnl # run at most 10 concurrent processes for initial submission
64define(`confFAST_SPLIT', `10')
65
66dnl # 10 runners, split into at most 15 recipients per envelope
67QUEUE_GROUP(`mqueue', `P=/var/spool/mqueue, R=5, r=15, F=f')
68
69dnl # enable spam assassin
70INPUT_MAIL_FILTER(`spamassassin', `S=local:/var/run/spamass-milter.sock, F=, T=C:15m;S:4m;R:4m;E:10m')
71
72dnl # enable DomainKeys and DKIM
73INPUT_MAIL_FILTER(`dkim-filter', `S=unix:/var/run/smtrust/dkim.sock, F=T, T=R:2m')
74dnl INPUT_MAIL_FILTER(`dk-filter', `S=unix:/var/run/smtrust/dk.sock, F=T, T=R:2m')
75
76define(`confMILTER_MACROS_CONNECT', `j, {daemon_name}')
77define(`confMILTER_MACROS_ENVFROM', `i, {auth_type}')
78
79dnl # enable some DNSBLs
80dnl FEATURE(`dnsbl', `dnsbl.sorbs.net', `"550 Mail from " $`'&{client_addr} " refused - see http://www.dnsbl.sorbs.net/"')
81FEATURE(`dnsbl', `sbl-xbl.spamhaus.org', `"550 Mail from " $`'&{client_addr} " refused - see http://www.spamhaus.org/sbl/"')
82FEATURE(`dnsbl', `list.dsbl.org', `"550 Mail from " $`'&{client_addr} " refused - see http://dsbl.org/"')
83FEATURE(`dnsbl', `bl.spamcop.net', `"450 Mail from " $`'&{client_addr} " refused - see http://spamcop.net/bl.shtml"')
84
85
86MAILER(`local')
87MAILER(`smtp')
88MAILER(`cyrus')
89
90LOCAL_RULE_0
91Rcyrus.$+ + $+ < @ $=w . > $#cyrus $@ $2 $: $1
92Rcyrus.$+ < @ $=w . > $#cyrus $: $1
93
| |
94LOCAL_CONFIG
95#
96# Regular expression to reject:
97# * numeric-only localparts from aol.com and msn.com
98# * localparts starting with a digit from juno.com
| 37LOCAL_CONFIG
38#
39# Regular expression to reject:
40# * numeric-only localparts from aol.com and msn.com
41# * localparts starting with a digit from juno.com
|
| 42# * localparts longer than 10 characters from aol.com
|
99#
100Kcheckaddress regex -a@MATCH
| 43#
44Kcheckaddress regex -a@MATCH
|
101 ^([0-9]+<@(aol|msn)\.com|[0-9][^<]*<@juno\.com)\.?>
| 45 ^([0-9]+<@(aol|msn)\.com|[0-9][^<]*<@juno\.com|.{10}[^<]+<@aol\.com)\.?>
|
102
| 46
|
103######################################################################
| |
104#
105# Names that won't be allowed in a To: line (local-part and domains)
106#
107C{RejectToLocalparts} friend you
108C{RejectToDomains} public.com
109
110LOCAL_RULESETS
111HTo: $>CheckTo
112
113SCheckTo
114R$={RejectToLocalparts}@$* $#error $: "553 Header error"
115R$*@$={RejectToDomains} $#error $: "553 Header error"
116
| 47#
48# Names that won't be allowed in a To: line (local-part and domains)
49#
50C{RejectToLocalparts} friend you
51C{RejectToDomains} public.com
52
53LOCAL_RULESETS
54HTo: $>CheckTo
55
56SCheckTo
57R$={RejectToLocalparts}@$* $#error $: "553 Header error"
58R$*@$={RejectToDomains} $#error $: "553 Header error"
59
|
117######################################################################
| |
118HMessage-Id: $>CheckMessageId
119
120SCheckMessageId
| 60HMessage-Id: $>CheckMessageId
61
62SCheckMessageId
|
121# Record the presence of the header
122R$* $: $(storage {MessageIdCheck} $@ OK $) $1
123
124# validate syntax
| |
125R< $+ @ $+ > $@ OK
| 63R< $+ @ $+ > $@ OK
|
126R$* $#error $: "554 Header error"
| 64R$* $#error $: "553 Header error"
|
127
| 65
|
128
129######################################################################
130HReceived: $>CheckReceived
131
132SCheckReceived
133# Record the presence of any Received header
134R$* $: $(storage {ReceivedCheck} $@ OK $) $1
135
136# check syntax
137R$* ......................................................... $*
138 $#error $: "554 Header error"
139
140######################################################################
141#
142# Reject advertising subjects
143#
144
145Kadvsubj regex -b -a@MATCH �?��
146HSubject: $>+CheckSubject
147SCheckSubject
148R$* $: $(advsubj $&{currHeader} $: OK $)
149ROK $@ OK
150R$* $#error $@ 5.7.0 $: 550 5.7.0 spam rejected.
151
152######################################################################
153#
154# Reject certain senders
155# Regex match to catch things in quotes
156#
157HFrom: $>+CheckFrom
158KCheckFrom regex -a@MATCH
159 [^a-z]?(Net-Pa)[^a-z]
160
161SCheckFrom
162R$* $: $( CheckFrom $1 $)
163R@MATCH $#error $: "553 Header error"
164
| |
165LOCAL_RULESETS
166SLocal_check_mail
167# check address against various regex checks
168R$* $: $>Parse0 $>3 $1
169R$+ $: $(checkaddress $1 $)
170R@MATCH $#error $: "553 Header error"
| 66LOCAL_RULESETS
67SLocal_check_mail
68# check address against various regex checks
69R$* $: $>Parse0 $>3 $1
70R$+ $: $(checkaddress $1 $)
71R@MATCH $#error $: "553 Header error"
|
171
172#
173# Following code from Anthony Howe <achowe@snert.com>. The check
174# for the Outlook Express marker may hit some legal messages, but
175# the Content-Disposition is clearly illegal.
176#
177
178#########################################################################
179#
180# w32.sircam.worm@mm
181#
182# There are serveral patterns that appear common ONLY to SirCam worm and
183# not to Outlook Express, which claims to have sent the worm. There are
184# four headers that always appear together and in this order:
185#
186# X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
187# X-Mailer: Microsoft Outlook Express 5.50.4133.2400
188# Content-Type: multipart/mixed; boundary="----27AA9124_Outlook_Express_message_boundary"
189# Content-Disposition: Multipart message
190#
191# Empirical study of the worm message headers vs. true Outlook Express
192# (5.50.4133.2400 & 5.50.4522.1200) messages with multipart/mixed attachments
193# shows Outlook Express does:
194#
195# a) NOT supply a Content-Disposition header for multipart/mixed messages.
196# b) NOT specify the header X-MimeOLE header name in all-caps
197# c) NOT specify boundary tag with the expression "_Outlook_Express_message_boundary"
198#
199# The solution below catches any one of this three issues. This is not an ideal
200# solution, but a temporary measure. A correct solution would be to check for
201# the presence of ALL three header attributes. Also the solution is incomplete
202# since Outlook Express 5.0 and 4.0 were not compared.
203#
204# NOTE regex keys are first dequoted and spaces removed before matching.
205# This caused me no end of grief.
206#
207#########################################################################
208
209LOCAL_RULESETS
210
211KSirCamWormMarker regex -f -aSUSPECT multipart/mixed;boundary=----.+_Outlook_Express_message_boundary
212HContent-Type: $>CheckContentType
213
214######################################################################
215SCheckContentType
216R$+ $: $(SirCamWormMarker $1 $)
217RSUSPECT $#error $: "553 Possible virus, see http://www.symantec.com/avcenter/venc/data/w32.sircam.worm@mm.html"
218
219HContent-Disposition: $>CheckContentDisposition
220
221######################################################################
222SCheckContentDisposition
223R$- $@ OK
224R$- ; $+ $@ OK
225R$* $#error $: "553 Illegal Content-Disposition"
226
227
228#
229# Sobig.F
230#
231
232LOCAL_CONFIG
233Kstorage macro
234
235LOCAL_RULESETS
236######################################################################
237### check for the existance of the X-MailScanner Header
238HX-MailScanner: $>+CheckXMSc
239D{SobigFPat}Found to be clean
240D{SobigFMsg}This message may contain the Sobig.F virus.
241
242SCheckXMSc
243### if it exists, and the defined value is set, record the presence
244R${SobigFPat} $* $: $(storage {SobigFCheck} $@ SobigF $) $1
245R$* $@ OK
246
247######################################################################
248Scheck_eoh
249# Check if a Message-Id was found
250R$* $: < $&{MessageIdCheck} >
251
252# If Message-Id was found clear the X-MailScanner store and return with OK
253R< $+ > $@ OK $>ClearStorage
254
255# Are we the first Hop?
256R$* $: < $&{ReceivedCheck} >
257R< $+ > $@ OK $>ClearStorage
258
259# no Message-Id->check X-Mailscanner presence, too
260R$* $: < $&{SobigFCheck} >
261
262# clear store
263R$* $: $>ClearStorage $1
264# no msgid, first hop and Header found? -> reject the message
265R < SobigF > $#error $: 553 ${SobigFMsg}
266
267# No Header! Fine, take the message
268R$* $@ OK
269
270######################################################################
271SClearStorage
272R$* $: $(storage {SobigFCheck} $) $1
273R$* $: $(storage {ReceivedCheck} $) $1
274R$* $: $(storage {MessageIdCheck} $) $1
275R$* $@ $1
| |
| |