divert(-1) dnl This is the sendmail macro config file. If you make changes to this file, dnl you need the sendmail-cf rpm installed and then have to generate a dnl new /etc/mail/sendmail.cf by running the following command: dnl dnl m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf dnl include(`/usr/share/sendmail-cf/m4/cf.m4') VERSIONID(`Setup for Fedora Core 1 (sendmail 8.12) on 2005-10-28')dnl dnl DAEMON_OPTIONS(`Family=inet, Name=MTA')dnl dnl DAEMON_OPTIONS(`Family=inet6, Name=MTA6')dnl dnl DAEMON_OPTIONS(`Port=smtp, Name=MTA, Family=inet6') DAEMON_OPTIONS(`Name=MTA, Family=inet6') OSTYPE(`linux') MASQUERADE_AS(vanderkooij.org) MASQUERADE_DOMAIN(`hugo.vanderkooij.org') FEATURE(masquerade_entire_domain) FEATURE(`masquerade_envelope') dnl Uncomment and edit the following line if your mail needs to be sent out dnl through an external mail server: define(`SMART_HOST',`smtp.xs4all.nl') define(`confDEF_USER_ID',``8:12'')dnl undefine(`UUCP_RELAY')dnl undefine(`BITNET_RELAY')dnl dnl define(`confAUTO_REBUILD')dnl define(`confTO_CONNECT', `1m')dnl define(`confTRY_NULL_MX_LIST',true)dnl define(`confDONT_PROBE_INTERFACES',true)dnl define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl define(`ALIAS_FILE', `/etc/mail/aliases')dnl define(`STATUS_FILE', `/etc/mail/statistics')dnl define(`UUCP_MAILER_MAX', `2000000')dnl define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl define(`confAUTH_OPTIONS', `A')dnl dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl dnl define(`confCACERT_PATH',`/usr/share/ssl/certs') dnl define(`confCACERT',`/usr/share/ssl/certs/ca-bundle.crt') dnl define(`confSERVER_CERT',`/usr/share/ssl/certs/sendmail.pem') dnl define(`confSERVER_KEY',`/usr/share/ssl/certs/sendmail.pem') define(`confTO_QUEUEWARN', `4h')dnl define(`confTO_QUEUERETURN', `5d')dnl dnl define(`confQUEUE_LA', `12')dnl dnl define(`confREFUSE_LA', `18')dnl define(`confSEPARATE_PROC', `True')dnl define(`confMAX_DAEMON_CHILDREN', `10')dnl define(`confTO_IDENT', `0')dnl define(`confSMTP_LOGIN_MSG',`vanderkooij.org server ready. Expect no privacy here!')dnl define(`confBIND_OPTS', `WorkAroundBrokenAAAA')dnl FEATURE(`delay_checks',`friend')dnl FEATURE(`no_default_msa',`dnl')dnl FEATURE(`smrsh',`/usr/sbin/smrsh')dnl FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl FEATURE(redirect)dnl dnl FEATURE(always_add_domain)dnl FEATURE(`use_cw_file') define(`confCW_FILE',`/etc/mail/sendmail.cw') FEATURE(use_ct_file)dnl dnl The '-t' option will retry delivery if e.g. the user runs over his quota. FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl FEATURE(`access_db',`hash -T -o /etc/mail/access.db')dnl FEATURE(`blacklist_recipients')dnl dnl FEATURE(`dnsbl',`SBM8TPLA7DVRSXV66GEA9MUGPTYASLR.r.mail-abuse.com', ` "550 Mail from " $&{client_addr} " blocked using Trend Micro RBL+. Please see http://www.mail-abuse.com/cgi-bin/lookup?ip_address=" $&{client_addr} ')dnl dnl FEATURE(rhsbl,`dsn.rfc-ignorant.org',`"550 5.7.1 Mail from domain " $`'&{RHS} " refused. Your domain does not accept bounces. This violates RFC 821/2505/2821 - see http://www.rfc-ignorant.org/" and type your domainname in the lookup field.') dnl FEATURE(rhsbl,`postmaster.rfc-ignorant.org',`"550 5.7.1 Mail from domain " $`'&{RHS} " refused. Your domain does not have a working postmaster address. This violates RFC 2821 - see http://www.rfc-ignorant.org/" and type your domainname in the lookup field.') dnl FEATURE(dnsbl, `ipwhois.rfc-ignorant.org',`"550 5.7.1 Mail from "$&{client_addr}" refused. Rejected for bad WHOIS info on the IP address of your email server - see http://www.rfc-ignorant.org/tools/lookup.php?domain="$&{client_addr}" - I will not accept email from servers I can not contact in case of trouble."') dnl FEATURE(`dnsbl', `bl.spamcop.net', `"Spam blocked see: http://spamcop.net/bl.shtml?"$&{client_addr}')dnl FEATURE(`enhdnsbl', `bl.spamcop.net', `"550 5.7.1 Mail from "$&{client_addr}" rejected based on external blacklist - See also http://spamcop.net/bl.shtml?"$&{client_addr}" for their reason to blacklist you."', `t')dnl FEATURE(dnsbl,`relays.ordb.org',`"550 5.7.1 Mail from "$&{client_addr}" rejected based on external blacklist - See also http://www.ordb.org/lookup/?host="$&{client_addr}" for their reason to blacklist you."') dnl FEATURE(dnsbl,`proxies.relays.monkeys.com',`550 5.7.1 Mail from $&{client_addr} rejected based on external blacklist - See also http://www.monkeys.com/upl/') dnl FEATURE(dnsbl,`relays.osirusoft.com',`550 5.7.1 Mail from $&{client_addr} rejected based on external blacklist - See also http://relays.osirusoft.com') dnl FEATURE(dnsbl,`blackholes.wirehub.net',`550 5.7.1 Mail from $&{client_addr} rejected based on external blacklist - See also http://blackholes.wirehub.net/errors.html') FEATURE(dnsbl,`dnsbl.njabl.org',`"550 5.7.1 Message from "$&{client_addr}" rejected based on external blacklist - See also http://njabl.org/cgi-bin/lookup.cgi?query="$&{client_addr}" for their reason to blacklist you."') dnl FEATURE(dnsbl,`blackholes.mail-abuse.org',`Message from $&{client_addr} rejected based on external blacklist - See also http://mail-abuse.org/rbl/') dnl FEATURE(dnsbl,`relays.mail-abuse.org',`Message from $&{client_addr} rejected based on external blacklist of known open relays - See also http://work-rss.mail-abuse.org/rss/') dnl FEATURE(dnsbl,`opm.blitzed.org',`Message from "$&{client_addr}" rejected based on external blacklist of open proxies - See also http://opm.blitzed.org/faq') FEATURE(dnsbl,`http.dnsbl.sorbs.net',`"550 5.7.1 Message from "$&{client_addr}" rejected based on external blacklist - See also http://www.dnsbl.sorbs.net/"') FEATURE(dnsbl,`smtp.dnsbl.sorbs.net',`"550 5.7.1 Message from "$&{client_addr}" rejected based on external blacklist - See also http://www.dnsbl.sorbs.net/"') FEATURE(dnsbl,`spam.dnsbl.sorbs.net',`"550 5.7.1 Message from "$&{client_addr}" rejected based on external blacklist - See also http://www.dnsbl.sorbs.net/"') FEATURE(dnsbl,`web.dnsbl.sorbs.net',`"550 5.7.1 Message from "$&{client_addr}" rejected based on external blacklist - See also http://www.dnsbl.sorbs.net/"') EXPOSED_USER(`root')dnl dnl This changes sendmail to only listen on the loopback device 127.0.0.1 dnl and not on any other network devices. Comment this out if you want dnl to accept email over the network. dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA') dnl NOTE: binding both IPv4 and IPv6 daemon to the same port requires dnl a kernel patch dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6') dnl We strongly recommend to comment this one out if you want to protect dnl yourself from spam. However, the laptop and users on computers that do dnl not have 24x7 DNS do need this. dnl FEATURE(`accept_unresolvable_domains')dnl dnl FEATURE(`relay_based_on_MX')dnl MAILER(smtp)dnl MAILER(procmail)dnl Cwlocalhost.localdomain LOCAL_RULESETS # Kludgy way to block messages to hvdkooij@xs1.xs4all.nl # Instructional note: # The format for the rule is # RExactly the thing you want to quote # No quote marks, no tabs, absolutely nothing in # parentheses (like this, they're considered comments # and will be removed before they get to the rules). # After the exact thing, then a tab, and the $#error. # Note, the $* matches anything, so it's useful for # wildcarding. This also scans all messages with # Subject: headers and invokes a rule, so there is # a performance hit. HReceived: $>check_XS4ALL D{MPatXS1}hvdkooij@xs1.xs4all.nl D{MPatXS2}hvdkooij@xs2.xs4all.nl D{MPatXS3}hvdkooij@xs3.xs4all.nl D{MPatXS4}hvdkooij@xs4.xs4all.nl D{MPatPOP}hvdkooij@pop.xs4all.nl D{MPatVIR}hvdkooij@viruscheck.xs4all.nl D{MPatMD}hvdkooij@maildrop.xs4all.nl D{MPatMJ}100000@hvdkooij.xs4all.nl D{MPatDIR}hvdkooij@hvdkooij.xs4all.nl Scheck_XS4ALL R$* ${MPatXS1} $* $#discard $: discard R$* ${MPatXS2} $* $#discard $: discard R$* ${MPatXS3} $* $#discard $: discard R$* ${MPatXS4} $* $#discard $: discard R$* ${MPatPOP} $* $#discard $: discard #R$* ${MPatVIR} $* $#discard $: discard #R$* ${MPatMD} $* $#discard $: discard R$* ${MPatMJ} $* $#discard $: discard R$* ${MPatDIR} $* $#discard $: discard #HX-MailScanner: $>check_WORM #D{SOBIGF}Found #Scheck_WORM #R$* ${SOBIGF} $* $#discard $: discard HX-Mailer: $>check_MIMAIL D{MPatINF}(v1.62) Scheck_MIMAIL R$* ${MPatINF} $* $#discard $: discard # helo/ehlo checks of $s dnl`'Rationale: dnl`'Client software is often broken. We don't want to reject dnl`'our own users client connections. Therefore we attempt dnl`'to allow our users to pass the checks. Otherwise, block dnl`'sites with a HELO/EHLO hostname that is unqualified, or dnl`'is one of our own names dnl`' dnl`'Note that I had to at "127.0.0.1" to class $=R, so that dnl`'local client software would bypass these tests. I also dnl`'added "[127.0.0.1]" to class $=w, so that the localhost dnl`'IP would count as one of our IPs. dnl`' R$* $:$1 $| <$&{auth_authen}> Check if authenticated dnl`'Bypass the test for users who have authenticated. R$* $| <$+> $:$1 skip if auth R$* $| <$*> $:$1$|<$&{client_addr}>[$&s] Get connection info dnl`'Bypass for local clients -- IP address starts with $=R R$* $| <$=R $*>[$*] $:$1 skip if local client dnl`'Bypass a "sendmail -bs" session, which use 0 for client ip address R$* $| <0>[$*] $:$1 skip if sendmail -bs dnl`'Reject our IP - assumes "[ip]" is in class $=w R$* $| <$*> $=w $#error $@5.7.1 $:"550 Access denied - bogus HELO " $&s dnl`'Reject our hostname R$* $| <$*> [$=w] $#error $@5.7.1 $:"550 Access denied - bogus HELO " $&s dnl`'Pass anything else with a "." in the domain parameter R$* $| <$*> [$+.$+] $:$1 qualified domain ok dnl`'Reject if there was no "." or only an initial or final "." R$* $| <$*> [$*] $#error $@5.7.1 $:"550 Access denied - bogus HELO " $&s