xref: /freebsd/contrib/sendmail/cf/cf/knecht.mc (revision 7bd6fde3) 
1divert(-1)
2#
3# Copyright (c) 1998-2001, 2004, 2005 Sendmail, Inc. and its suppliers.
4#	All rights reserved.
5# Copyright (c) 1983 Eric P. Allman.  All rights reserved.
6# Copyright (c) 1988, 1993
7#	The Regents of the University of California.  All rights reserved.
8#
9# By using this file, you agree to the terms and conditions set
10# forth in the LICENSE file which can be found at the top level of
11# the sendmail distribution.
12#
13#
14
15#
16#  This is specific to Eric's home machine.
17#
18#	Run daemon with -bd -q5m
19#
20
21divert(0)
22VERSIONID(`$Id: knecht.mc,v 8.61 2005/10/06 05:56:03 ca Exp $')
23OSTYPE(bsd4.4)
24DOMAIN(generic)
25
26define(`ALIAS_FILE', ``/etc/mail/aliases, /etc/mail/lists/sendmail.org/aliases, /var/listmanager/aliases'')
27define(`confFORWARD_PATH', `$z/.forward.$w:$z/.forward+$h:$z/.forward')
28define(`confDEF_USER_ID', `mailnull')
29define(`confHOST_STATUS_DIRECTORY', `.hoststat')
30define(`confTO_ICONNECT', `10s')
31define(`confTO_QUEUEWARN', `8h')
32define(`confMIN_QUEUE_AGE', `27m')
33define(`confTRUSTED_USERS', ``www listmgr'')
34define(`confPRIVACY_FLAGS', ``authwarnings,noexpn,novrfy'')
35
36define(`CERT_DIR', `MAIL_SETTINGS_DIR`'certs')
37define(`confCACERT_PATH', `CERT_DIR')
38define(`confCACERT', `CERT_DIR/CAcert.pem')
39define(`confSERVER_CERT', `CERT_DIR/MYcert.pem')
40define(`confSERVER_KEY', `CERT_DIR/MYkey.pem')
41define(`confCLIENT_CERT', `CERT_DIR/MYcert.pem')
42define(`confCLIENT_KEY', `CERT_DIR/MYkey.pem')
43
44define(`CYRUS_MAILER_PATH', `/usr/local/cyrus/bin/deliver')
45
46FEATURE(`access_db')
47FEATURE(`blacklist_recipients')
48FEATURE(`local_lmtp')
49FEATURE(`virtusertable')
50FEATURE(`mailertable')
51
52FEATURE(`nocanonify', `canonify_hosts')
53CANONIFY_DOMAIN(`sendmail.org')
54CANONIFY_DOMAIN_FILE(`/etc/mail/canonify-domains')
55
56dnl #  at most 10 queue runners
57define(`confMAX_QUEUE_CHILDREN', `20')
58
59define(`confMAX_RUNNERS_PER_QUEUE', `5')
60
61dnl #  run at most 10 concurrent processes for initial submission
62define(`confFAST_SPLIT', `10')
63
64dnl #  10 runners, split into at most 15 recipients per envelope
65QUEUE_GROUP(`mqueue', `P=/var/spool/mqueue, R=5, r=15, F=f')
66
67
68dnl # enable spam assassin
69INPUT_MAIL_FILTER(`spamassassin', `S=local:/var/run/spamass-milter.sock, F=, T=C:15m;S:4m;R:4m;E:10m')
70
71dnl # enable some DNSBLs
72dnl FEATURE(`dnsbl', `dnsbl.sorbs.net', `"550 Mail from " $`'&{client_addr} " refused - see http://www.dnsbl.sorbs.net/"')
73FEATURE(`dnsbl', `sbl-xbl.spamhaus.org', `"550 Mail from " $`'&{client_addr} " refused - see http://www.spamhaus.org/sbl/"')
74FEATURE(`dnsbl', `list.dsbl.org', `"550 Mail from " $`'&{client_addr} " refused - see http://dsbl.org/"')
75FEATURE(`dnsbl', `bl.spamcop.net', `"450 Mail from " $`'&{client_addr} " refused - see http://spamcop.net/bl.shtml"')
76
77
78MAILER(`local')
79MAILER(`smtp')
80MAILER(`cyrus')
81
82LOCAL_RULE_0
83Rcyrus.$+ + $+ < @ $=w . >	$#cyrus $@ $2 $: $1
84Rcyrus.$+ < @ $=w . >		$#cyrus $: $1
85
86LOCAL_CONFIG
87#
88#  Regular expression to reject:
89#    * numeric-only localparts from aol.com and msn.com
90#    * localparts starting with a digit from juno.com
91#
92Kcheckaddress regex -a@MATCH
93   ^([0-9]+<@(aol|msn)\.com|[0-9][^<]*<@juno\.com)\.?>
94
95######################################################################
96#
97#  Names that won't be allowed in a To: line (local-part and domains)
98#
99C{RejectToLocalparts}	friend you
100C{RejectToDomains}	public.com
101
102LOCAL_RULESETS
103HTo: $>CheckTo
104
105SCheckTo
106R$={RejectToLocalparts}@$*	$#error $: "553 Header error"
107R$*@$={RejectToDomains}		$#error $: "553 Header error"
108
109######################################################################
110HMessage-Id: $>CheckMessageId
111
112SCheckMessageId
113# Record the presence of the header
114R$*			$: $(storage {MessageIdCheck} $@ OK $) $1
115
116# validate syntax
117R< $+ @ $+ >			$@ OK
118R$*				$#error $: "554 Header error"
119
120
121######################################################################
122HReceived: $>CheckReceived
123
124SCheckReceived
125# Record the presence of any Received header
126R$*			$: $(storage {ReceivedCheck} $@ OK $) $1
127
128# check syntax
129R$* ......................................................... $*
130				$#error $: "554 Header error"
131
132######################################################################
133#
134#  Reject advertising subjects
135#
136
137Kadvsubj regex -b -a@MATCH �?��
138HSubject: $>+CheckSubject
139SCheckSubject
140R$*			$: $(advsubj $&{currHeader} $: OK $)
141ROK			$@ OK
142R$*			$#error $@ 5.7.0 $: 550 5.7.0 spam rejected.
143
144######################################################################
145#
146# Reject certain senders
147#	Regex match to catch things in quotes
148#
149HFrom: $>+CheckFrom
150KCheckFrom regex -a@MATCH
151	[^a-z]?(Net-Pa)[^a-z]
152
153SCheckFrom
154R$*				$: $( CheckFrom $1 $)
155R@MATCH				$#error $: "553 Header error"
156
157LOCAL_RULESETS
158SLocal_check_mail
159# check address against various regex checks
160R$*				$: $>Parse0 $>3 $1
161R$+				$: $(checkaddress $1 $)
162R@MATCH				$#error $: "553 Header error"
163
164#
165#  Following code from Anthony Howe <achowe@snert.com>.  The check
166#  for the Outlook Express marker may hit some legal messages, but
167#  the Content-Disposition is clearly illegal.
168#
169
170#########################################################################
171#
172# w32.sircam.worm@mm
173#
174# There are serveral patterns that appear common ONLY to SirCam worm and
175# not to Outlook Express, which claims to have sent the worm.  There are
176# four headers that always appear together and in this order:
177#
178#  X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
179#  X-Mailer: Microsoft Outlook Express 5.50.4133.2400
180#  Content-Type: multipart/mixed; boundary="----27AA9124_Outlook_Express_message_boundary"
181#  Content-Disposition: Multipart message
182#
183# Empirical study of the worm message headers vs. true Outlook Express
184# (5.50.4133.2400 & 5.50.4522.1200) messages with multipart/mixed attachments
185# shows Outlook Express does:
186#
187#  a) NOT supply a Content-Disposition header for multipart/mixed messages.
188#  b) NOT specify the header X-MimeOLE header name in all-caps
189#  c) NOT specify boundary tag with the expression "_Outlook_Express_message_boundary"
190#
191# The solution below catches any one of this three issues. This is not an ideal
192# solution, but a temporary measure. A correct solution would be to check for
193# the presence of ALL three header attributes. Also the solution is incomplete
194# since Outlook Express 5.0 and 4.0 were not compared.
195#
196# NOTE regex keys are first dequoted and spaces removed before matching.
197# This caused me no end of grief.
198#
199#########################################################################
200
201LOCAL_RULESETS
202
203KSirCamWormMarker regex -f -aSUSPECT multipart/mixed;boundary=----.+_Outlook_Express_message_boundary
204HContent-Type:		$>CheckContentType
205
206######################################################################
207SCheckContentType
208R$+			$: $(SirCamWormMarker $1 $)
209RSUSPECT		$#error $: "553 Possible virus, see http://www.symantec.com/avcenter/venc/data/w32.sircam.worm@mm.html"
210
211HContent-Disposition:	$>CheckContentDisposition
212
213######################################################################
214SCheckContentDisposition
215R$-			$@ OK
216R$- ; $+		$@ OK
217R$*			$#error $: "553 Illegal Content-Disposition"
218
219
220#
221#  Sobig.F
222#
223
224LOCAL_CONFIG
225Kstorage macro
226
227LOCAL_RULESETS
228######################################################################
229### check for the existance of the X-MailScanner Header
230HX-MailScanner:		$>+CheckXMSc
231D{SobigFPat}Found to be clean
232D{SobigFMsg}This message may contain the Sobig.F virus.
233
234SCheckXMSc
235### if it exists, and the defined value is set, record the presence
236R${SobigFPat} $*	$: $(storage {SobigFCheck} $@ SobigF $) $1
237R$*			$@ OK
238
239######################################################################
240Scheck_eoh
241# Check if a Message-Id was found
242R$*			$: < $&{MessageIdCheck} >
243
244# If Message-Id was found clear the X-MailScanner store and return with OK
245R< $+ >			$@ OK $>ClearStorage
246
247# Are we the first Hop?
248R$*			$: < $&{ReceivedCheck} >
249R< $+ >			$@ OK $>ClearStorage
250
251# no Message-Id->check X-Mailscanner presence, too
252R$*			$: < $&{SobigFCheck} >
253
254# clear store
255R$*			$: $>ClearStorage $1
256# no msgid, first hop and Header found? -> reject the message
257R < SobigF >		$#error $: 553 ${SobigFMsg}
258
259# No Header! Fine, take the message
260R$*			$@ OK
261
262######################################################################
263SClearStorage
264R$*			$: $(storage {SobigFCheck} $) $1
265R$*			$: $(storage {ReceivedCheck} $) $1
266R$*			$: $(storage {MessageIdCheck} $) $1
267R$*			$@ $1
268