1c2aa98e2SPeter Wemmdivert(-1) 2c2aa98e2SPeter Wemm# 34e4196cbSGregory Neil Shapiro# Copyright (c) 1998-2001, 2004, 2005 Proofpoint, Inc. and its suppliers. 406f25ae9SGregory Neil Shapiro# All rights reserved. 5c2aa98e2SPeter Wemm# Copyright (c) 1983 Eric P. Allman. All rights reserved. 6c2aa98e2SPeter Wemm# Copyright (c) 1988, 1993 7c2aa98e2SPeter Wemm# The Regents of the University of California. All rights reserved. 8c2aa98e2SPeter Wemm# 9c2aa98e2SPeter Wemm# By using this file, you agree to the terms and conditions set 10c2aa98e2SPeter Wemm# forth in the LICENSE file which can be found at the top level of 11c2aa98e2SPeter Wemm# the sendmail distribution. 12c2aa98e2SPeter Wemm# 13c2aa98e2SPeter Wemm# 14c2aa98e2SPeter Wemm 15c2aa98e2SPeter Wemm# 16c2aa98e2SPeter Wemm# This is specific to Eric's home machine. 17c2aa98e2SPeter Wemm# 1840266059SGregory Neil Shapiro# Run daemon with -bd -q5m 1940266059SGregory Neil Shapiro# 20c2aa98e2SPeter Wemm 2140266059SGregory Neil Shapirodivert(0) 22d0cef73dSGregory Neil ShapiroVERSIONID(`$Id: knecht.mc,v 8.63 2013-11-22 20:51:08 ca Exp $') 2340266059SGregory Neil ShapiroOSTYPE(bsd4.4) 2440266059SGregory Neil ShapiroDOMAIN(generic) 2540266059SGregory Neil Shapiro 26e92d3f3fSGregory Neil Shapirodefine(`ALIAS_FILE', ``/etc/mail/aliases, /etc/mail/lists/sendmail.org/aliases, /var/listmanager/aliases'') 2740266059SGregory Neil Shapirodefine(`confFORWARD_PATH', `$z/.forward.$w:$z/.forward+$h:$z/.forward') 2840266059SGregory Neil Shapirodefine(`confDEF_USER_ID', `mailnull') 2940266059SGregory Neil Shapirodefine(`confHOST_STATUS_DIRECTORY', `.hoststat') 3040266059SGregory Neil Shapirodefine(`confTO_ICONNECT', `10s') 3140266059SGregory Neil Shapirodefine(`confTO_QUEUEWARN', `8h') 3240266059SGregory Neil Shapirodefine(`confMIN_QUEUE_AGE', `27m') 33d0cef73dSGregory Neil Shapirodefine(`confTRUSTED_USER', `smtrust') 3440266059SGregory Neil Shapirodefine(`confTRUSTED_USERS', ``www listmgr'') 3540266059SGregory Neil Shapirodefine(`confPRIVACY_FLAGS', ``authwarnings,noexpn,novrfy'') 3640266059SGregory Neil Shapiro 3740266059SGregory Neil Shapirodefine(`CERT_DIR', `MAIL_SETTINGS_DIR`'certs') 3840266059SGregory Neil Shapirodefine(`confCACERT_PATH', `CERT_DIR') 3940266059SGregory Neil Shapirodefine(`confCACERT', `CERT_DIR/CAcert.pem') 4040266059SGregory Neil Shapirodefine(`confSERVER_CERT', `CERT_DIR/MYcert.pem') 4140266059SGregory Neil Shapirodefine(`confSERVER_KEY', `CERT_DIR/MYkey.pem') 4240266059SGregory Neil Shapirodefine(`confCLIENT_CERT', `CERT_DIR/MYcert.pem') 4340266059SGregory Neil Shapirodefine(`confCLIENT_KEY', `CERT_DIR/MYkey.pem') 4440266059SGregory Neil Shapiro 45e92d3f3fSGregory Neil Shapirodefine(`CYRUS_MAILER_PATH', `/usr/local/cyrus/bin/deliver') 46d0cef73dSGregory Neil Shapirodefine(`CYRUS_MAILER_FLAGS', `fAh5@/:|') 47e92d3f3fSGregory Neil Shapiro 484e4196cbSGregory Neil ShapiroFEATURE(`access_db') 494e4196cbSGregory Neil ShapiroFEATURE(`blocklist_recipients') 504e4196cbSGregory Neil ShapiroFEATURE(`local_lmtp') 514e4196cbSGregory Neil ShapiroFEATURE(`virtusertable') 524e4196cbSGregory Neil ShapiroFEATURE(`mailertable') 5340266059SGregory Neil Shapiro 5440266059SGregory Neil ShapiroFEATURE(`nocanonify', `canonify_hosts') 5540266059SGregory Neil ShapiroCANONIFY_DOMAIN(`sendmail.org') 5640266059SGregory Neil ShapiroCANONIFY_DOMAIN_FILE(`/etc/mail/canonify-domains') 5740266059SGregory Neil Shapiro 5840266059SGregory Neil Shapirodnl # at most 10 queue runners 5940266059SGregory Neil Shapirodefine(`confMAX_QUEUE_CHILDREN', `20') 6040266059SGregory Neil Shapiro 6140266059SGregory Neil Shapirodefine(`confMAX_RUNNERS_PER_QUEUE', `5') 6240266059SGregory Neil Shapiro 6340266059SGregory Neil Shapirodnl # run at most 10 concurrent processes for initial submission 6440266059SGregory Neil Shapirodefine(`confFAST_SPLIT', `10') 6540266059SGregory Neil Shapiro 6640266059SGregory Neil Shapirodnl # 10 runners, split into at most 15 recipients per envelope 6740266059SGregory Neil ShapiroQUEUE_GROUP(`mqueue', `P=/var/spool/mqueue, R=5, r=15, F=f') 6840266059SGregory Neil Shapiro 69e92d3f3fSGregory Neil Shapirodnl # enable spam assassin 70e92d3f3fSGregory Neil ShapiroINPUT_MAIL_FILTER(`spamassassin', `S=local:/var/run/spamass-milter.sock, F=, T=C:15m;S:4m;R:4m;E:10m') 71e92d3f3fSGregory Neil Shapiro 72d0cef73dSGregory Neil Shapirodnl # enable DomainKeys and DKIM 73d0cef73dSGregory Neil ShapiroINPUT_MAIL_FILTER(`dkim-filter', `S=unix:/var/run/smtrust/dkim.sock, F=T, T=R:2m') 74d0cef73dSGregory Neil Shapirodnl INPUT_MAIL_FILTER(`dk-filter', `S=unix:/var/run/smtrust/dk.sock, F=T, T=R:2m') 75d0cef73dSGregory Neil Shapiro 76d0cef73dSGregory Neil Shapirodefine(`confMILTER_MACROS_CONNECT', `j, {daemon_name}') 77d0cef73dSGregory Neil Shapirodefine(`confMILTER_MACROS_ENVFROM', `i, {auth_type}') 78d0cef73dSGregory Neil Shapiro 794e4196cbSGregory Neil Shapirodnl # enable some DNSBLs 804e4196cbSGregory Neil Shapirodnl FEATURE(`dnsbl', `dnsbl.sorbs.net', `"550 Mail from " $`'&{client_addr} " refused - see http://www.dnsbl.sorbs.net/"') 814e4196cbSGregory Neil ShapiroFEATURE(`dnsbl', `sbl-xbl.spamhaus.org', `"550 Mail from " $`'&{client_addr} " refused - see http://www.spamhaus.org/sbl/"') 824e4196cbSGregory Neil ShapiroFEATURE(`dnsbl', `list.dsbl.org', `"550 Mail from " $`'&{client_addr} " refused - see http://dsbl.org/"') 834e4196cbSGregory Neil ShapiroFEATURE(`dnsbl', `bl.spamcop.net', `"450 Mail from " $`'&{client_addr} " refused - see http://spamcop.net/bl.shtml"') 844e4196cbSGregory Neil Shapiro 854e4196cbSGregory Neil Shapiro 864e4196cbSGregory Neil ShapiroMAILER(`local') 874e4196cbSGregory Neil ShapiroMAILER(`smtp') 884e4196cbSGregory Neil ShapiroMAILER(`cyrus') 89e92d3f3fSGregory Neil Shapiro 90e92d3f3fSGregory Neil ShapiroLOCAL_RULE_0 91e92d3f3fSGregory Neil ShapiroRcyrus.$+ + $+ < @ $=w . > $#cyrus $@ $2 $: $1 92e92d3f3fSGregory Neil ShapiroRcyrus.$+ < @ $=w . > $#cyrus $: $1 93c2aa98e2SPeter Wemm 94c2aa98e2SPeter WemmLOCAL_CONFIG 95c2aa98e2SPeter Wemm# 96c2aa98e2SPeter Wemm# Regular expression to reject: 97c2aa98e2SPeter Wemm# * numeric-only localparts from aol.com and msn.com 98c2aa98e2SPeter Wemm# * localparts starting with a digit from juno.com 99c2aa98e2SPeter Wemm# 100c2aa98e2SPeter WemmKcheckaddress regex -a@MATCH 10106f25ae9SGregory Neil Shapiro ^([0-9]+<@(aol|msn)\.com|[0-9][^<]*<@juno\.com)\.?> 102c2aa98e2SPeter Wemm 103e92d3f3fSGregory Neil Shapiro###################################################################### 104c2aa98e2SPeter Wemm# 105c2aa98e2SPeter Wemm# Names that won't be allowed in a To: line (local-part and domains) 106c2aa98e2SPeter Wemm# 107c2aa98e2SPeter WemmC{RejectToLocalparts} friend you 108c2aa98e2SPeter WemmC{RejectToDomains} public.com 109c2aa98e2SPeter Wemm 110c2aa98e2SPeter WemmLOCAL_RULESETS 111c2aa98e2SPeter WemmHTo: $>CheckTo 112c2aa98e2SPeter Wemm 113c2aa98e2SPeter WemmSCheckTo 114c2aa98e2SPeter WemmR$={RejectToLocalparts}@$* $#error $: "553 Header error" 115c2aa98e2SPeter WemmR$*@$={RejectToDomains} $#error $: "553 Header error" 116c2aa98e2SPeter Wemm 117e92d3f3fSGregory Neil Shapiro###################################################################### 118c2aa98e2SPeter WemmHMessage-Id: $>CheckMessageId 119c2aa98e2SPeter Wemm 120c2aa98e2SPeter WemmSCheckMessageId 121e92d3f3fSGregory Neil Shapiro# Record the presence of the header 122e92d3f3fSGregory Neil ShapiroR$* $: $(storage {MessageIdCheck} $@ OK $) $1 123e92d3f3fSGregory Neil Shapiro 124e92d3f3fSGregory Neil Shapiro# validate syntax 125c2aa98e2SPeter WemmR< $+ @ $+ > $@ OK 126602a2b1bSGregory Neil ShapiroR$* $#error $: "554 Header error" 127c2aa98e2SPeter Wemm 128e92d3f3fSGregory Neil Shapiro 129e92d3f3fSGregory Neil Shapiro###################################################################### 13040266059SGregory Neil ShapiroHReceived: $>CheckReceived 13140266059SGregory Neil Shapiro 13240266059SGregory Neil ShapiroSCheckReceived 133e92d3f3fSGregory Neil Shapiro# Record the presence of any Received header 134e92d3f3fSGregory Neil ShapiroR$* $: $(storage {ReceivedCheck} $@ OK $) $1 135e92d3f3fSGregory Neil Shapiro 136e92d3f3fSGregory Neil Shapiro# check syntax 13740266059SGregory Neil ShapiroR$* ......................................................... $* 13840266059SGregory Neil Shapiro $#error $: "554 Header error" 13940266059SGregory Neil Shapiro 140e92d3f3fSGregory Neil Shapiro###################################################################### 141e92d3f3fSGregory Neil Shapiro# 142e92d3f3fSGregory Neil Shapiro# Reject advertising subjects 143e92d3f3fSGregory Neil Shapiro# 144e92d3f3fSGregory Neil Shapiro 145e92d3f3fSGregory Neil ShapiroKadvsubj regex -b -a@MATCH �?�� 146e92d3f3fSGregory Neil ShapiroHSubject: $>+CheckSubject 147e92d3f3fSGregory Neil ShapiroSCheckSubject 148e92d3f3fSGregory Neil ShapiroR$* $: $(advsubj $&{currHeader} $: OK $) 149e92d3f3fSGregory Neil ShapiroROK $@ OK 150e92d3f3fSGregory Neil ShapiroR$* $#error $@ 5.7.0 $: 550 5.7.0 spam rejected. 151e92d3f3fSGregory Neil Shapiro 152e92d3f3fSGregory Neil Shapiro###################################################################### 15340266059SGregory Neil Shapiro# 15440266059SGregory Neil Shapiro# Reject certain senders 15540266059SGregory Neil Shapiro# Regex match to catch things in quotes 15640266059SGregory Neil Shapiro# 15740266059SGregory Neil ShapiroHFrom: $>+CheckFrom 15840266059SGregory Neil ShapiroKCheckFrom regex -a@MATCH 15940266059SGregory Neil Shapiro [^a-z]?(Net-Pa)[^a-z] 16040266059SGregory Neil Shapiro 16140266059SGregory Neil ShapiroSCheckFrom 16240266059SGregory Neil ShapiroR$* $: $( CheckFrom $1 $) 16340266059SGregory Neil ShapiroR@MATCH $#error $: "553 Header error" 16440266059SGregory Neil Shapiro 165c2aa98e2SPeter WemmLOCAL_RULESETS 166c2aa98e2SPeter WemmSLocal_check_mail 167c2aa98e2SPeter Wemm# check address against various regex checks 168c2aa98e2SPeter WemmR$* $: $>Parse0 $>3 $1 169c2aa98e2SPeter WemmR$+ $: $(checkaddress $1 $) 170c2aa98e2SPeter WemmR@MATCH $#error $: "553 Header error" 17140266059SGregory Neil Shapiro 17240266059SGregory Neil Shapiro# 17340266059SGregory Neil Shapiro# Following code from Anthony Howe <achowe@snert.com>. The check 17440266059SGregory Neil Shapiro# for the Outlook Express marker may hit some legal messages, but 17540266059SGregory Neil Shapiro# the Content-Disposition is clearly illegal. 17640266059SGregory Neil Shapiro# 17740266059SGregory Neil Shapiro 17840266059SGregory Neil Shapiro######################################################################### 17940266059SGregory Neil Shapiro# 18040266059SGregory Neil Shapiro# w32.sircam.worm@mm 18140266059SGregory Neil Shapiro# 18240266059SGregory Neil Shapiro# There are serveral patterns that appear common ONLY to SirCam worm and 18340266059SGregory Neil Shapiro# not to Outlook Express, which claims to have sent the worm. There are 18440266059SGregory Neil Shapiro# four headers that always appear together and in this order: 18540266059SGregory Neil Shapiro# 18640266059SGregory Neil Shapiro# X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 18740266059SGregory Neil Shapiro# X-Mailer: Microsoft Outlook Express 5.50.4133.2400 18840266059SGregory Neil Shapiro# Content-Type: multipart/mixed; boundary="----27AA9124_Outlook_Express_message_boundary" 18940266059SGregory Neil Shapiro# Content-Disposition: Multipart message 19040266059SGregory Neil Shapiro# 19140266059SGregory Neil Shapiro# Empirical study of the worm message headers vs. true Outlook Express 19240266059SGregory Neil Shapiro# (5.50.4133.2400 & 5.50.4522.1200) messages with multipart/mixed attachments 19340266059SGregory Neil Shapiro# shows Outlook Express does: 19440266059SGregory Neil Shapiro# 19540266059SGregory Neil Shapiro# a) NOT supply a Content-Disposition header for multipart/mixed messages. 19640266059SGregory Neil Shapiro# b) NOT specify the header X-MimeOLE header name in all-caps 19740266059SGregory Neil Shapiro# c) NOT specify boundary tag with the expression "_Outlook_Express_message_boundary" 19840266059SGregory Neil Shapiro# 19940266059SGregory Neil Shapiro# The solution below catches any one of this three issues. This is not an ideal 20040266059SGregory Neil Shapiro# solution, but a temporary measure. A correct solution would be to check for 20140266059SGregory Neil Shapiro# the presence of ALL three header attributes. Also the solution is incomplete 20240266059SGregory Neil Shapiro# since Outlook Express 5.0 and 4.0 were not compared. 20340266059SGregory Neil Shapiro# 20440266059SGregory Neil Shapiro# NOTE regex keys are first dequoted and spaces removed before matching. 20540266059SGregory Neil Shapiro# This caused me no end of grief. 20640266059SGregory Neil Shapiro# 20740266059SGregory Neil Shapiro######################################################################### 20840266059SGregory Neil Shapiro 20940266059SGregory Neil ShapiroLOCAL_RULESETS 21040266059SGregory Neil Shapiro 21140266059SGregory Neil ShapiroKSirCamWormMarker regex -f -aSUSPECT multipart/mixed;boundary=----.+_Outlook_Express_message_boundary 21240266059SGregory Neil ShapiroHContent-Type: $>CheckContentType 21340266059SGregory Neil Shapiro 214e92d3f3fSGregory Neil Shapiro###################################################################### 21540266059SGregory Neil ShapiroSCheckContentType 21640266059SGregory Neil ShapiroR$+ $: $(SirCamWormMarker $1 $) 21740266059SGregory Neil ShapiroRSUSPECT $#error $: "553 Possible virus, see http://www.symantec.com/avcenter/venc/data/w32.sircam.worm@mm.html" 21840266059SGregory Neil Shapiro 21940266059SGregory Neil ShapiroHContent-Disposition: $>CheckContentDisposition 22040266059SGregory Neil Shapiro 221e92d3f3fSGregory Neil Shapiro###################################################################### 22240266059SGregory Neil ShapiroSCheckContentDisposition 22340266059SGregory Neil ShapiroR$- $@ OK 22440266059SGregory Neil ShapiroR$- ; $+ $@ OK 22540266059SGregory Neil ShapiroR$* $#error $: "553 Illegal Content-Disposition" 226e92d3f3fSGregory Neil Shapiro 227e92d3f3fSGregory Neil Shapiro 228e92d3f3fSGregory Neil Shapiro# 229e92d3f3fSGregory Neil Shapiro# Sobig.F 230e92d3f3fSGregory Neil Shapiro# 231e92d3f3fSGregory Neil Shapiro 232e92d3f3fSGregory Neil ShapiroLOCAL_CONFIG 233e92d3f3fSGregory Neil ShapiroKstorage macro 234e92d3f3fSGregory Neil Shapiro 235e92d3f3fSGregory Neil ShapiroLOCAL_RULESETS 236e92d3f3fSGregory Neil Shapiro###################################################################### 237e92d3f3fSGregory Neil Shapiro### check for the existence of the X-MailScanner Header 238e92d3f3fSGregory Neil ShapiroHX-MailScanner: $>+CheckXMSc 239e92d3f3fSGregory Neil ShapiroD{SobigFPat}Found to be clean 240e92d3f3fSGregory Neil ShapiroD{SobigFMsg}This message may contain the Sobig.F virus. 241e92d3f3fSGregory Neil Shapiro 242e92d3f3fSGregory Neil ShapiroSCheckXMSc 243e92d3f3fSGregory Neil Shapiro### if it exists, and the defined value is set, record the presence 244e92d3f3fSGregory Neil ShapiroR${SobigFPat} $* $: $(storage {SobigFCheck} $@ SobigF $) $1 245e92d3f3fSGregory Neil ShapiroR$* $@ OK 246e92d3f3fSGregory Neil Shapiro 247e92d3f3fSGregory Neil Shapiro###################################################################### 248e92d3f3fSGregory Neil ShapiroScheck_eoh 249e92d3f3fSGregory Neil Shapiro# Check if a Message-Id was found 250e92d3f3fSGregory Neil ShapiroR$* $: < $&{MessageIdCheck} > 251e92d3f3fSGregory Neil Shapiro 252e92d3f3fSGregory Neil Shapiro# If Message-Id was found clear the X-MailScanner store and return with OK 253e92d3f3fSGregory Neil ShapiroR< $+ > $@ OK $>ClearStorage 254e92d3f3fSGregory Neil Shapiro 255e92d3f3fSGregory Neil Shapiro# Are we the first Hop? 256e92d3f3fSGregory Neil ShapiroR$* $: < $&{ReceivedCheck} > 257e92d3f3fSGregory Neil ShapiroR< $+ > $@ OK $>ClearStorage 258e92d3f3fSGregory Neil Shapiro 259e92d3f3fSGregory Neil Shapiro# no Message-Id->check X-Mailscanner presence, too 260e92d3f3fSGregory Neil ShapiroR$* $: < $&{SobigFCheck} > 261e92d3f3fSGregory Neil Shapiro 262e92d3f3fSGregory Neil Shapiro# clear store 263e92d3f3fSGregory Neil ShapiroR$* $: $>ClearStorage $1 264e92d3f3fSGregory Neil Shapiro# no msgid, first hop and Header found? -> reject the message 265e92d3f3fSGregory Neil ShapiroR < SobigF > $#error $: 553 ${SobigFMsg} 266e92d3f3fSGregory Neil Shapiro 267e92d3f3fSGregory Neil Shapiro# No Header! Fine, take the message 268e92d3f3fSGregory Neil ShapiroR$* $@ OK 269e92d3f3fSGregory Neil Shapiro 270e92d3f3fSGregory Neil Shapiro###################################################################### 271e92d3f3fSGregory Neil ShapiroSClearStorage 272e92d3f3fSGregory Neil ShapiroR$* $: $(storage {SobigFCheck} $) $1 273e92d3f3fSGregory Neil ShapiroR$* $: $(storage {ReceivedCheck} $) $1 274e92d3f3fSGregory Neil ShapiroR$* $: $(storage {MessageIdCheck} $) $1 275e92d3f3fSGregory Neil ShapiroR$* $@ $1 276