knecht.mc revision 182352 
167754Smsmithdivert(-1)
267754Smsmith#
367754Smsmith# Copyright (c) 1998-2001, 2004, 2005 Sendmail, Inc. and its suppliers.
467754Smsmith#	All rights reserved.
567754Smsmith# Copyright (c) 1983 Eric P. Allman.  All rights reserved.
667754Smsmith# Copyright (c) 1988, 1993
767754Smsmith#	The Regents of the University of California.  All rights reserved.
867754Smsmith#
967754Smsmith# By using this file, you agree to the terms and conditions set
1067754Smsmith# forth in the LICENSE file which can be found at the top level of
11202771Sjkim# the sendmail distribution.
1270243Smsmith#
1367754Smsmith#
1467754Smsmith
1567754Smsmith#
1667754Smsmith#  This is specific to Eric's home machine.
1767754Smsmith#
1867754Smsmith#	Run daemon with -bd -q5m
1967754Smsmith#
2067754Smsmith
2167754Smsmithdivert(0)
2267754SmsmithVERSIONID(`$Id: knecht.mc,v 8.62 2006/09/27 19:48:59 eric Exp $')
2367754SmsmithOSTYPE(bsd4.4)
2467754SmsmithDOMAIN(generic)
2567754Smsmith
2667754Smsmithdefine(`ALIAS_FILE', ``/etc/mail/aliases, /etc/mail/lists/sendmail.org/aliases, /var/listmanager/aliases'')
2767754Smsmithdefine(`confFORWARD_PATH', `$z/.forward.$w:$z/.forward+$h:$z/.forward')
2867754Smsmithdefine(`confDEF_USER_ID', `mailnull')
2967754Smsmithdefine(`confHOST_STATUS_DIRECTORY', `.hoststat')
3067754Smsmithdefine(`confTO_ICONNECT', `10s')
3167754Smsmithdefine(`confTO_QUEUEWARN', `8h')
3267754Smsmithdefine(`confMIN_QUEUE_AGE', `27m')
3367754Smsmithdefine(`confTRUSTED_USER', `smtrust')
3467754Smsmithdefine(`confTRUSTED_USERS', ``www listmgr'')
3567754Smsmithdefine(`confPRIVACY_FLAGS', ``authwarnings,noexpn,novrfy'')
3667754Smsmith
3767754Smsmithdefine(`CERT_DIR', `MAIL_SETTINGS_DIR`'certs')
3867754Smsmithdefine(`confCACERT_PATH', `CERT_DIR')
3967754Smsmithdefine(`confCACERT', `CERT_DIR/CAcert.pem')
4067754Smsmithdefine(`confSERVER_CERT', `CERT_DIR/MYcert.pem')
4167754Smsmithdefine(`confSERVER_KEY', `CERT_DIR/MYkey.pem')
4267754Smsmithdefine(`confCLIENT_CERT', `CERT_DIR/MYcert.pem')
4367754Smsmithdefine(`confCLIENT_KEY', `CERT_DIR/MYkey.pem')
4467754Smsmith
4567754Smsmithdefine(`CYRUS_MAILER_PATH', `/usr/local/cyrus/bin/deliver')
4667754Smsmithdefine(`CYRUS_MAILER_FLAGS', `fAh5@/:|')
4767754Smsmith
4867754SmsmithFEATURE(`access_db')
4967754SmsmithFEATURE(`blacklist_recipients')
5067754SmsmithFEATURE(`local_lmtp')
5167754SmsmithFEATURE(`virtusertable')
5267754SmsmithFEATURE(`mailertable')
5367754Smsmith
5467754SmsmithFEATURE(`nocanonify', `canonify_hosts')
5567754SmsmithCANONIFY_DOMAIN(`sendmail.org')
5667754SmsmithCANONIFY_DOMAIN_FILE(`/etc/mail/canonify-domains')
5767754Smsmith
5867754Smsmithdnl #  at most 10 queue runners
5967754Smsmithdefine(`confMAX_QUEUE_CHILDREN', `20')
6067754Smsmith
6167754Smsmithdefine(`confMAX_RUNNERS_PER_QUEUE', `5')
6267754Smsmith
6367754Smsmithdnl #  run at most 10 concurrent processes for initial submission
6467754Smsmithdefine(`confFAST_SPLIT', `10')
6567754Smsmith
6667754Smsmithdnl #  10 runners, split into at most 15 recipients per envelope
6767754SmsmithQUEUE_GROUP(`mqueue', `P=/var/spool/mqueue, R=5, r=15, F=f')
6867754Smsmith
6967754Smsmithdnl # enable spam assassin
7067754SmsmithINPUT_MAIL_FILTER(`spamassassin', `S=local:/var/run/spamass-milter.sock, F=, T=C:15m;S:4m;R:4m;E:10m')
7167754Smsmith
7267754Smsmithdnl # enable DomainKeys and DKIM
7367754SmsmithINPUT_MAIL_FILTER(`dkim-filter', `S=unix:/var/run/smtrust/dkim.sock, F=T, T=R:2m')
7467754Smsmithdnl INPUT_MAIL_FILTER(`dk-filter', `S=unix:/var/run/smtrust/dk.sock, F=T, T=R:2m')
7567754Smsmith
7667754Smsmithdefine(`confMILTER_MACROS_CONNECT', `j, {daemon_name}')
7767754Smsmithdefine(`confMILTER_MACROS_ENVFROM', `i, {auth_type}')
7867754Smsmith
7967754Smsmithdnl # enable some DNSBLs
8067754Smsmithdnl FEATURE(`dnsbl', `dnsbl.sorbs.net', `"550 Mail from " $`'&{client_addr} " refused - see http://www.dnsbl.sorbs.net/"')
8167754SmsmithFEATURE(`dnsbl', `sbl-xbl.spamhaus.org', `"550 Mail from " $`'&{client_addr} " refused - see http://www.spamhaus.org/sbl/"')
8267754SmsmithFEATURE(`dnsbl', `list.dsbl.org', `"550 Mail from " $`'&{client_addr} " refused - see http://dsbl.org/"')
8367754SmsmithFEATURE(`dnsbl', `bl.spamcop.net', `"450 Mail from " $`'&{client_addr} " refused - see http://spamcop.net/bl.shtml"')
8467754Smsmith
8567754Smsmith
8667754SmsmithMAILER(`local')
8767754SmsmithMAILER(`smtp')
8867754SmsmithMAILER(`cyrus')
8967754Smsmith
9067754SmsmithLOCAL_RULE_0
9167754SmsmithRcyrus.$+ + $+ < @ $=w . >	$#cyrus $@ $2 $: $1
9267754SmsmithRcyrus.$+ < @ $=w . >		$#cyrus $: $1
9367754Smsmith
9467754SmsmithLOCAL_CONFIG
9567754Smsmith#
9667754Smsmith#  Regular expression to reject:
9767754Smsmith#    * numeric-only localparts from aol.com and msn.com
9867754Smsmith#    * localparts starting with a digit from juno.com
9967754Smsmith#
10067754SmsmithKcheckaddress regex -a@MATCH
10167754Smsmith   ^([0-9]+<@(aol|msn)\.com|[0-9][^<]*<@juno\.com)\.?>
10267754Smsmith
10367754Smsmith######################################################################
10467754Smsmith#
10567754Smsmith#  Names that won't be allowed in a To: line (local-part and domains)
10667754Smsmith#
10767754SmsmithC{RejectToLocalparts}	friend you
10867754SmsmithC{RejectToDomains}	public.com
10967754Smsmith
11067754SmsmithLOCAL_RULESETS
11167754SmsmithHTo: $>CheckTo
11267754Smsmith
11367754SmsmithSCheckTo
11467754SmsmithR$={RejectToLocalparts}@$*	$#error $: "553 Header error"
11567754SmsmithR$*@$={RejectToDomains}		$#error $: "553 Header error"
11667754Smsmith
11767754Smsmith######################################################################
11867754SmsmithHMessage-Id: $>CheckMessageId
11967754Smsmith
12067754SmsmithSCheckMessageId
12167754Smsmith# Record the presence of the header
122117521SnjlR$*			$: $(storage {MessageIdCheck} $@ OK $) $1
12367754Smsmith
12467754Smsmith# validate syntax
12567754SmsmithR< $+ @ $+ >			$@ OK
12667754SmsmithR$*				$#error $: "554 Header error"
127102550Siwasaki
12891116Smsmith
12991116Smsmith######################################################################
13087031SmsmithHReceived: $>CheckReceived
13167754Smsmith
13267754SmsmithSCheckReceived
13387031Smsmith# Record the presence of any Received header
13467754SmsmithR$*			$: $(storage {ReceivedCheck} $@ OK $) $1
13567754Smsmith
13667754Smsmith# check syntax
137129684SnjlR$* ......................................................... $*
138129684Snjl				$#error $: "554 Header error"
139129684Snjl
140138287Smarks######################################################################
141129684Snjl#
142129684Snjl#  Reject advertising subjects
143129684Snjl#
144129684Snjl
145129684SnjlKadvsubj regex -b -a@MATCH �?��
146129684SnjlHSubject: $>+CheckSubject
147117521SnjlSCheckSubject
148117521SnjlR$*			$: $(advsubj $&{currHeader} $: OK $)
149151937SjkimROK			$@ OK
150117521SnjlR$*			$#error $@ 5.7.0 $: 550 5.7.0 spam rejected.
151151937Sjkim
152151937Sjkim######################################################################
153167802Sjkim#
154117521Snjl# Reject certain senders
155117521Snjl#	Regex match to catch things in quotes
156167802Sjkim#
157117521SnjlHFrom: $>+CheckFrom
158117521SnjlKCheckFrom regex -a@MATCH
159117521Snjl	[^a-z]?(Net-Pa)[^a-z]
160117521Snjl
161117521SnjlSCheckFrom
16267754SmsmithR$*				$: $( CheckFrom $1 $)
16367754SmsmithR@MATCH				$#error $: "553 Header error"
16467754Smsmith
16567754SmsmithLOCAL_RULESETS
16667754SmsmithSLocal_check_mail
16767754Smsmith# check address against various regex checks
16885756SmsmithR$*				$: $>Parse0 $>3 $1
16967754SmsmithR$+				$: $(checkaddress $1 $)
170151937SjkimR@MATCH				$#error $: "553 Header error"
17185756Smsmith
17267754Smsmith#
17367754Smsmith#  Following code from Anthony Howe <achowe@snert.com>.  The check
174114237Snjl#  for the Outlook Express marker may hit some legal messages, but
17567754Smsmith#  the Content-Disposition is clearly illegal.
176167802Sjkim#
17767754Smsmith
178167802Sjkim#########################################################################
17967754Smsmith#
180199337Sjkim# w32.sircam.worm@mm
18167754Smsmith#
182199337Sjkim# There are serveral patterns that appear common ONLY to SirCam worm and
18367754Smsmith# not to Outlook Express, which claims to have sent the worm.  There are
184167802Sjkim# four headers that always appear together and in this order:
18567754Smsmith#
186167802Sjkim#  X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
187167802Sjkim#  X-Mailer: Microsoft Outlook Express 5.50.4133.2400
188167802Sjkim#  Content-Type: multipart/mixed; boundary="----27AA9124_Outlook_Express_message_boundary"
189167802Sjkim#  Content-Disposition: Multipart message
190167802Sjkim#
191167802Sjkim# Empirical study of the worm message headers vs. true Outlook Express
192193267Sjkim# (5.50.4133.2400 & 5.50.4522.1200) messages with multipart/mixed attachments
193167802Sjkim# shows Outlook Express does:
194193267Sjkim#
195193267Sjkim#  a) NOT supply a Content-Disposition header for multipart/mixed messages.
196193267Sjkim#  b) NOT specify the header X-MimeOLE header name in all-caps
19791116Smsmith#  c) NOT specify boundary tag with the expression "_Outlook_Express_message_boundary"
19891116Smsmith#
19967754Smsmith# The solution below catches any one of this three issues. This is not an ideal
20067754Smsmith# solution, but a temporary measure. A correct solution would be to check for
20167754Smsmith# the presence of ALL three header attributes. Also the solution is incomplete
20267754Smsmith# since Outlook Express 5.0 and 4.0 were not compared.
203151937Sjkim#
204151937Sjkim# NOTE regex keys are first dequoted and spaces removed before matching.
205114237Snjl# This caused me no end of grief.
206114237Snjl#
20767754Smsmith#########################################################################
208114237Snjl
209114237SnjlLOCAL_RULESETS
21067754Smsmith
21167754SmsmithKSirCamWormMarker regex -f -aSUSPECT multipart/mixed;boundary=----.+_Outlook_Express_message_boundary
212114237SnjlHContent-Type:		$>CheckContentType
21367754Smsmith
214114237Snjl######################################################################
215114237SnjlSCheckContentType
21667754SmsmithR$+			$: $(SirCamWormMarker $1 $)
217167802SjkimRSUSPECT		$#error $: "553 Possible virus, see http://www.symantec.com/avcenter/venc/data/w32.sircam.worm@mm.html"
218167802Sjkim
219167802SjkimHContent-Disposition:	$>CheckContentDisposition
220167802Sjkim
221167802Sjkim######################################################################
222167802SjkimSCheckContentDisposition
223167802SjkimR$-			$@ OK
224167802SjkimR$- ; $+		$@ OK
225167802SjkimR$*			$#error $: "553 Illegal Content-Disposition"
226167802Sjkim
227167802Sjkim
22867754Smsmith#
22967754Smsmith#  Sobig.F
230131440Smarks#
231131440Smarks
232131440SmarksLOCAL_CONFIG
233131440SmarksKstorage macro
234131440Smarks
235114237SnjlLOCAL_RULESETS
23667754Smsmith######################################################################
23787031Smsmith### check for the existance of the X-MailScanner Header
23887031SmsmithHX-MailScanner:		$>+CheckXMSc
239197104SjkimD{SobigFPat}Found to be clean
24099679SiwasakiD{SobigFMsg}This message may contain the Sobig.F virus.
24187031Smsmith
24277424SmsmithSCheckXMSc
24367754Smsmith### if it exists, and the defined value is set, record the presence
24499679SiwasakiR${SobigFPat} $*	$: $(storage {SobigFCheck} $@ SobigF $) $1
24577424SmsmithR$*			$@ OK
246100966Siwasaki
247100966Siwasaki######################################################################
248167802SjkimScheck_eoh
249100966Siwasaki# Check if a Message-Id was found
25091116SmsmithR$*			$: < $&{MessageIdCheck} >
25177424Smsmith
25299679Siwasaki# If Message-Id was found clear the X-MailScanner store and return with OK
25399679SiwasakiR< $+ >			$@ OK $>ClearStorage
25491116Smsmith
255197104Sjkim# Are we the first Hop?
25691116SmsmithR$*			$: < $&{ReceivedCheck} >
257107325SiwasakiR< $+ >			$@ OK $>ClearStorage
258197104Sjkim
259107325Siwasaki# no Message-Id->check X-Mailscanner presence, too
260197104SjkimR$*			$: < $&{SobigFCheck} >
261107325Siwasaki
262197104Sjkim# clear store
263197104SjkimR$*			$: $>ClearStorage $1
264197104Sjkim# no msgid, first hop and Header found? -> reject the message
265197104SjkimR < SobigF >		$#error $: 553 ${SobigFMsg}
26691116Smsmith
26791116Smsmith# No Header! Fine, take the message
26891116SmsmithR$*			$@ OK
26991116Smsmith
27091116Smsmith######################################################################
27191116SmsmithSClearStorage
27299679SiwasakiR$*			$: $(storage {SobigFCheck} $) $1
27391116SmsmithR$*			$: $(storage {ReceivedCheck} $) $1
27499679SiwasakiR$*			$: $(storage {MessageIdCheck} $) $1
27599679SiwasakiR$*			$@ $1
27691116Smsmith