knecht.mc revision 182352
167754Smsmithdivert(-1) 267754Smsmith# 367754Smsmith# Copyright (c) 1998-2001, 2004, 2005 Sendmail, Inc. and its suppliers. 467754Smsmith# All rights reserved. 567754Smsmith# Copyright (c) 1983 Eric P. Allman. All rights reserved. 667754Smsmith# Copyright (c) 1988, 1993 767754Smsmith# The Regents of the University of California. All rights reserved. 867754Smsmith# 967754Smsmith# By using this file, you agree to the terms and conditions set 1067754Smsmith# forth in the LICENSE file which can be found at the top level of 11202771Sjkim# the sendmail distribution. 1270243Smsmith# 1367754Smsmith# 1467754Smsmith 1567754Smsmith# 1667754Smsmith# This is specific to Eric's home machine. 1767754Smsmith# 1867754Smsmith# Run daemon with -bd -q5m 1967754Smsmith# 2067754Smsmith 2167754Smsmithdivert(0) 2267754SmsmithVERSIONID(`$Id: knecht.mc,v 8.62 2006/09/27 19:48:59 eric Exp $') 2367754SmsmithOSTYPE(bsd4.4) 2467754SmsmithDOMAIN(generic) 2567754Smsmith 2667754Smsmithdefine(`ALIAS_FILE', ``/etc/mail/aliases, /etc/mail/lists/sendmail.org/aliases, /var/listmanager/aliases'') 2767754Smsmithdefine(`confFORWARD_PATH', `$z/.forward.$w:$z/.forward+$h:$z/.forward') 2867754Smsmithdefine(`confDEF_USER_ID', `mailnull') 2967754Smsmithdefine(`confHOST_STATUS_DIRECTORY', `.hoststat') 3067754Smsmithdefine(`confTO_ICONNECT', `10s') 3167754Smsmithdefine(`confTO_QUEUEWARN', `8h') 3267754Smsmithdefine(`confMIN_QUEUE_AGE', `27m') 3367754Smsmithdefine(`confTRUSTED_USER', `smtrust') 3467754Smsmithdefine(`confTRUSTED_USERS', ``www listmgr'') 3567754Smsmithdefine(`confPRIVACY_FLAGS', ``authwarnings,noexpn,novrfy'') 3667754Smsmith 3767754Smsmithdefine(`CERT_DIR', `MAIL_SETTINGS_DIR`'certs') 3867754Smsmithdefine(`confCACERT_PATH', `CERT_DIR') 3967754Smsmithdefine(`confCACERT', `CERT_DIR/CAcert.pem') 4067754Smsmithdefine(`confSERVER_CERT', `CERT_DIR/MYcert.pem') 4167754Smsmithdefine(`confSERVER_KEY', `CERT_DIR/MYkey.pem') 4267754Smsmithdefine(`confCLIENT_CERT', `CERT_DIR/MYcert.pem') 4367754Smsmithdefine(`confCLIENT_KEY', `CERT_DIR/MYkey.pem') 4467754Smsmith 4567754Smsmithdefine(`CYRUS_MAILER_PATH', `/usr/local/cyrus/bin/deliver') 4667754Smsmithdefine(`CYRUS_MAILER_FLAGS', `fAh5@/:|') 4767754Smsmith 4867754SmsmithFEATURE(`access_db') 4967754SmsmithFEATURE(`blacklist_recipients') 5067754SmsmithFEATURE(`local_lmtp') 5167754SmsmithFEATURE(`virtusertable') 5267754SmsmithFEATURE(`mailertable') 5367754Smsmith 5467754SmsmithFEATURE(`nocanonify', `canonify_hosts') 5567754SmsmithCANONIFY_DOMAIN(`sendmail.org') 5667754SmsmithCANONIFY_DOMAIN_FILE(`/etc/mail/canonify-domains') 5767754Smsmith 5867754Smsmithdnl # at most 10 queue runners 5967754Smsmithdefine(`confMAX_QUEUE_CHILDREN', `20') 6067754Smsmith 6167754Smsmithdefine(`confMAX_RUNNERS_PER_QUEUE', `5') 6267754Smsmith 6367754Smsmithdnl # run at most 10 concurrent processes for initial submission 6467754Smsmithdefine(`confFAST_SPLIT', `10') 6567754Smsmith 6667754Smsmithdnl # 10 runners, split into at most 15 recipients per envelope 6767754SmsmithQUEUE_GROUP(`mqueue', `P=/var/spool/mqueue, R=5, r=15, F=f') 6867754Smsmith 6967754Smsmithdnl # enable spam assassin 7067754SmsmithINPUT_MAIL_FILTER(`spamassassin', `S=local:/var/run/spamass-milter.sock, F=, T=C:15m;S:4m;R:4m;E:10m') 7167754Smsmith 7267754Smsmithdnl # enable DomainKeys and DKIM 7367754SmsmithINPUT_MAIL_FILTER(`dkim-filter', `S=unix:/var/run/smtrust/dkim.sock, F=T, T=R:2m') 7467754Smsmithdnl INPUT_MAIL_FILTER(`dk-filter', `S=unix:/var/run/smtrust/dk.sock, F=T, T=R:2m') 7567754Smsmith 7667754Smsmithdefine(`confMILTER_MACROS_CONNECT', `j, {daemon_name}') 7767754Smsmithdefine(`confMILTER_MACROS_ENVFROM', `i, {auth_type}') 7867754Smsmith 7967754Smsmithdnl # enable some DNSBLs 8067754Smsmithdnl FEATURE(`dnsbl', `dnsbl.sorbs.net', `"550 Mail from " $`'&{client_addr} " refused - see http://www.dnsbl.sorbs.net/"') 8167754SmsmithFEATURE(`dnsbl', `sbl-xbl.spamhaus.org', `"550 Mail from " $`'&{client_addr} " refused - see http://www.spamhaus.org/sbl/"') 8267754SmsmithFEATURE(`dnsbl', `list.dsbl.org', `"550 Mail from " $`'&{client_addr} " refused - see http://dsbl.org/"') 8367754SmsmithFEATURE(`dnsbl', `bl.spamcop.net', `"450 Mail from " $`'&{client_addr} " refused - see http://spamcop.net/bl.shtml"') 8467754Smsmith 8567754Smsmith 8667754SmsmithMAILER(`local') 8767754SmsmithMAILER(`smtp') 8867754SmsmithMAILER(`cyrus') 8967754Smsmith 9067754SmsmithLOCAL_RULE_0 9167754SmsmithRcyrus.$+ + $+ < @ $=w . > $#cyrus $@ $2 $: $1 9267754SmsmithRcyrus.$+ < @ $=w . > $#cyrus $: $1 9367754Smsmith 9467754SmsmithLOCAL_CONFIG 9567754Smsmith# 9667754Smsmith# Regular expression to reject: 9767754Smsmith# * numeric-only localparts from aol.com and msn.com 9867754Smsmith# * localparts starting with a digit from juno.com 9967754Smsmith# 10067754SmsmithKcheckaddress regex -a@MATCH 10167754Smsmith ^([0-9]+<@(aol|msn)\.com|[0-9][^<]*<@juno\.com)\.?> 10267754Smsmith 10367754Smsmith###################################################################### 10467754Smsmith# 10567754Smsmith# Names that won't be allowed in a To: line (local-part and domains) 10667754Smsmith# 10767754SmsmithC{RejectToLocalparts} friend you 10867754SmsmithC{RejectToDomains} public.com 10967754Smsmith 11067754SmsmithLOCAL_RULESETS 11167754SmsmithHTo: $>CheckTo 11267754Smsmith 11367754SmsmithSCheckTo 11467754SmsmithR$={RejectToLocalparts}@$* $#error $: "553 Header error" 11567754SmsmithR$*@$={RejectToDomains} $#error $: "553 Header error" 11667754Smsmith 11767754Smsmith###################################################################### 11867754SmsmithHMessage-Id: $>CheckMessageId 11967754Smsmith 12067754SmsmithSCheckMessageId 12167754Smsmith# Record the presence of the header 122117521SnjlR$* $: $(storage {MessageIdCheck} $@ OK $) $1 12367754Smsmith 12467754Smsmith# validate syntax 12567754SmsmithR< $+ @ $+ > $@ OK 12667754SmsmithR$* $#error $: "554 Header error" 127102550Siwasaki 12891116Smsmith 12991116Smsmith###################################################################### 13087031SmsmithHReceived: $>CheckReceived 13167754Smsmith 13267754SmsmithSCheckReceived 13387031Smsmith# Record the presence of any Received header 13467754SmsmithR$* $: $(storage {ReceivedCheck} $@ OK $) $1 13567754Smsmith 13667754Smsmith# check syntax 137129684SnjlR$* ......................................................... $* 138129684Snjl $#error $: "554 Header error" 139129684Snjl 140138287Smarks###################################################################### 141129684Snjl# 142129684Snjl# Reject advertising subjects 143129684Snjl# 144129684Snjl 145129684SnjlKadvsubj regex -b -a@MATCH �?�� 146129684SnjlHSubject: $>+CheckSubject 147117521SnjlSCheckSubject 148117521SnjlR$* $: $(advsubj $&{currHeader} $: OK $) 149151937SjkimROK $@ OK 150117521SnjlR$* $#error $@ 5.7.0 $: 550 5.7.0 spam rejected. 151151937Sjkim 152151937Sjkim###################################################################### 153167802Sjkim# 154117521Snjl# Reject certain senders 155117521Snjl# Regex match to catch things in quotes 156167802Sjkim# 157117521SnjlHFrom: $>+CheckFrom 158117521SnjlKCheckFrom regex -a@MATCH 159117521Snjl [^a-z]?(Net-Pa)[^a-z] 160117521Snjl 161117521SnjlSCheckFrom 16267754SmsmithR$* $: $( CheckFrom $1 $) 16367754SmsmithR@MATCH $#error $: "553 Header error" 16467754Smsmith 16567754SmsmithLOCAL_RULESETS 16667754SmsmithSLocal_check_mail 16767754Smsmith# check address against various regex checks 16885756SmsmithR$* $: $>Parse0 $>3 $1 16967754SmsmithR$+ $: $(checkaddress $1 $) 170151937SjkimR@MATCH $#error $: "553 Header error" 17185756Smsmith 17267754Smsmith# 17367754Smsmith# Following code from Anthony Howe <achowe@snert.com>. The check 174114237Snjl# for the Outlook Express marker may hit some legal messages, but 17567754Smsmith# the Content-Disposition is clearly illegal. 176167802Sjkim# 17767754Smsmith 178167802Sjkim######################################################################### 17967754Smsmith# 180199337Sjkim# w32.sircam.worm@mm 18167754Smsmith# 182199337Sjkim# There are serveral patterns that appear common ONLY to SirCam worm and 18367754Smsmith# not to Outlook Express, which claims to have sent the worm. There are 184167802Sjkim# four headers that always appear together and in this order: 18567754Smsmith# 186167802Sjkim# X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 187167802Sjkim# X-Mailer: Microsoft Outlook Express 5.50.4133.2400 188167802Sjkim# Content-Type: multipart/mixed; boundary="----27AA9124_Outlook_Express_message_boundary" 189167802Sjkim# Content-Disposition: Multipart message 190167802Sjkim# 191167802Sjkim# Empirical study of the worm message headers vs. true Outlook Express 192193267Sjkim# (5.50.4133.2400 & 5.50.4522.1200) messages with multipart/mixed attachments 193167802Sjkim# shows Outlook Express does: 194193267Sjkim# 195193267Sjkim# a) NOT supply a Content-Disposition header for multipart/mixed messages. 196193267Sjkim# b) NOT specify the header X-MimeOLE header name in all-caps 19791116Smsmith# c) NOT specify boundary tag with the expression "_Outlook_Express_message_boundary" 19891116Smsmith# 19967754Smsmith# The solution below catches any one of this three issues. This is not an ideal 20067754Smsmith# solution, but a temporary measure. A correct solution would be to check for 20167754Smsmith# the presence of ALL three header attributes. Also the solution is incomplete 20267754Smsmith# since Outlook Express 5.0 and 4.0 were not compared. 203151937Sjkim# 204151937Sjkim# NOTE regex keys are first dequoted and spaces removed before matching. 205114237Snjl# This caused me no end of grief. 206114237Snjl# 20767754Smsmith######################################################################### 208114237Snjl 209114237SnjlLOCAL_RULESETS 21067754Smsmith 21167754SmsmithKSirCamWormMarker regex -f -aSUSPECT multipart/mixed;boundary=----.+_Outlook_Express_message_boundary 212114237SnjlHContent-Type: $>CheckContentType 21367754Smsmith 214114237Snjl###################################################################### 215114237SnjlSCheckContentType 21667754SmsmithR$+ $: $(SirCamWormMarker $1 $) 217167802SjkimRSUSPECT $#error $: "553 Possible virus, see http://www.symantec.com/avcenter/venc/data/w32.sircam.worm@mm.html" 218167802Sjkim 219167802SjkimHContent-Disposition: $>CheckContentDisposition 220167802Sjkim 221167802Sjkim###################################################################### 222167802SjkimSCheckContentDisposition 223167802SjkimR$- $@ OK 224167802SjkimR$- ; $+ $@ OK 225167802SjkimR$* $#error $: "553 Illegal Content-Disposition" 226167802Sjkim 227167802Sjkim 22867754Smsmith# 22967754Smsmith# Sobig.F 230131440Smarks# 231131440Smarks 232131440SmarksLOCAL_CONFIG 233131440SmarksKstorage macro 234131440Smarks 235114237SnjlLOCAL_RULESETS 23667754Smsmith###################################################################### 23787031Smsmith### check for the existance of the X-MailScanner Header 23887031SmsmithHX-MailScanner: $>+CheckXMSc 239197104SjkimD{SobigFPat}Found to be clean 24099679SiwasakiD{SobigFMsg}This message may contain the Sobig.F virus. 24187031Smsmith 24277424SmsmithSCheckXMSc 24367754Smsmith### if it exists, and the defined value is set, record the presence 24499679SiwasakiR${SobigFPat} $* $: $(storage {SobigFCheck} $@ SobigF $) $1 24577424SmsmithR$* $@ OK 246100966Siwasaki 247100966Siwasaki###################################################################### 248167802SjkimScheck_eoh 249100966Siwasaki# Check if a Message-Id was found 25091116SmsmithR$* $: < $&{MessageIdCheck} > 25177424Smsmith 25299679Siwasaki# If Message-Id was found clear the X-MailScanner store and return with OK 25399679SiwasakiR< $+ > $@ OK $>ClearStorage 25491116Smsmith 255197104Sjkim# Are we the first Hop? 25691116SmsmithR$* $: < $&{ReceivedCheck} > 257107325SiwasakiR< $+ > $@ OK $>ClearStorage 258197104Sjkim 259107325Siwasaki# no Message-Id->check X-Mailscanner presence, too 260197104SjkimR$* $: < $&{SobigFCheck} > 261107325Siwasaki 262197104Sjkim# clear store 263197104SjkimR$* $: $>ClearStorage $1 264197104Sjkim# no msgid, first hop and Header found? -> reject the message 265197104SjkimR < SobigF > $#error $: 553 ${SobigFMsg} 26691116Smsmith 26791116Smsmith# No Header! Fine, take the message 26891116SmsmithR$* $@ OK 26991116Smsmith 27091116Smsmith###################################################################### 27191116SmsmithSClearStorage 27299679SiwasakiR$* $: $(storage {SobigFCheck} $) $1 27391116SmsmithR$* $: $(storage {ReceivedCheck} $) $1 27499679SiwasakiR$* $: $(storage {MessageIdCheck} $) $1 27599679SiwasakiR$* $@ $1 27691116Smsmith