diff options
Diffstat (limited to 'contrib/sendmail/cf/cf/knecht.mc')
-rw-r--r-- | contrib/sendmail/cf/cf/knecht.mc | 144 |
1 files changed, 119 insertions, 25 deletions
diff --git a/contrib/sendmail/cf/cf/knecht.mc b/contrib/sendmail/cf/cf/knecht.mc index 89f9c53..6c370fd 100644 --- a/contrib/sendmail/cf/cf/knecht.mc +++ b/contrib/sendmail/cf/cf/knecht.mc @@ -1,6 +1,6 @@ divert(-1) # -# Copyright (c) 1998, 1999, 2001 Sendmail, Inc. and its suppliers. +# Copyright (c) 1998-2001 Sendmail, Inc. and its suppliers. # All rights reserved. # Copyright (c) 1983 Eric P. Allman. All rights reserved. # Copyright (c) 1988, 1993 @@ -15,31 +15,54 @@ divert(-1) # # This is specific to Eric's home machine. # +# Run daemon with -bd -q5m +# + +divert(0) +VERSIONID(`$Id: knecht.mc,v 8.55 2001/08/01 22:20:40 eric Exp $') +OSTYPE(bsd4.4) +DOMAIN(generic) + +define(`ALIAS_FILE', ``/etc/mail/aliases, /var/listmanager/aliases'') +define(`confFORWARD_PATH', `$z/.forward.$w:$z/.forward+$h:$z/.forward') +define(`confDEF_USER_ID', `mailnull') +define(`confHOST_STATUS_DIRECTORY', `.hoststat') +define(`confTO_ICONNECT', `10s') +define(`confCOPY_ERRORS_TO', `Postmaster') +define(`confTO_QUEUEWARN', `8h') +define(`confMIN_QUEUE_AGE', `27m') +define(`confTRUSTED_USERS', ``www listmgr'') +define(`confPRIVACY_FLAGS', ``authwarnings,noexpn,novrfy'') + +define(`CERT_DIR', `MAIL_SETTINGS_DIR`'certs') +define(`confCACERT_PATH', `CERT_DIR') +define(`confCACERT', `CERT_DIR/CAcert.pem') +define(`confSERVER_CERT', `CERT_DIR/MYcert.pem') +define(`confSERVER_KEY', `CERT_DIR/MYkey.pem') +define(`confCLIENT_CERT', `CERT_DIR/MYcert.pem') +define(`confCLIENT_KEY', `CERT_DIR/MYkey.pem') + +FEATURE(access_db) +FEATURE(local_lmtp) +FEATURE(virtusertable) + +FEATURE(`nocanonify', `canonify_hosts') +CANONIFY_DOMAIN(`sendmail.org') +CANONIFY_DOMAIN_FILE(`/etc/mail/canonify-domains') + +dnl # at most 10 queue runners +define(`confMAX_QUEUE_CHILDREN', `20') + +define(`confMAX_RUNNERS_PER_QUEUE', `5') + +dnl # run at most 10 concurrent processes for initial submission +define(`confFAST_SPLIT', `10') -divert(0)dnl -VERSIONID(`$Id: knecht.mc,v 8.37.16.3 2001/02/22 22:38:39 ca Exp $') -OSTYPE(bsd4.4)dnl -DOMAIN(generic)dnl -define(`confFORWARD_PATH', `$z/.forward.$w:$z/.forward+$h:$z/.forward')dnl -define(`confDEF_USER_ID', `mailnull')dnl -define(`confHOST_STATUS_DIRECTORY', `.hoststat')dnl -define(`confTO_ICONNECT', `10s')dnl -define(`confCOPY_ERRORS_TO', `Postmaster')dnl -define(`confTO_QUEUEWARN', `8h')dnl -define(`confTRUSTED_USERS', `www')dnl -define(`confPRIVACY_FLAGS', ``authwarnings,noexpn,novrfy'')dnl -define(`CERT_DIR', `MAIL_SETTINGS_DIR`'certs')dnl -define(`confCACERT_PATH', `CERT_DIR')dnl -define(`confCACERT', `CERT_DIR/CAcert.pem')dnl -define(`confSERVER_CERT', `CERT_DIR/MYcert.pem')dnl -define(`confSERVER_KEY', `CERT_DIR/MYkey.pem')dnl -define(`confCLIENT_CERT', `CERT_DIR/MYcert.pem')dnl -define(`confCLIENT_KEY', `CERT_DIR/MYkey.pem')dnl -FEATURE(virtusertable)dnl -FEATURE(access_db)dnl -FEATURE(local_lmtp)dnl -MAILER(local)dnl -MAILER(smtp)dnl +dnl # 10 runners, split into at most 15 recipients per envelope +QUEUE_GROUP(`mqueue', `P=/var/spool/mqueue, R=5, r=15, F=f') + +MAILER(local) +MAILER(smtp) LOCAL_CONFIG # @@ -69,9 +92,80 @@ SCheckMessageId R< $+ @ $+ > $@ OK R$* $#error $: "554 Header error" +HReceived: $>CheckReceived + +SCheckReceived +R$* ......................................................... $* + $#error $: "554 Header error" + +# +# Reject certain senders +# Regex match to catch things in quotes +# +HFrom: $>+CheckFrom +KCheckFrom regex -a@MATCH + [^a-z]?(Net-Pa)[^a-z] + +SCheckFrom +R$* $: $( CheckFrom $1 $) +R@MATCH $#error $: "553 Header error" + LOCAL_RULESETS SLocal_check_mail # check address against various regex checks R$* $: $>Parse0 $>3 $1 R$+ $: $(checkaddress $1 $) R@MATCH $#error $: "553 Header error" + +# +# Following code from Anthony Howe <achowe@snert.com>. The check +# for the Outlook Express marker may hit some legal messages, but +# the Content-Disposition is clearly illegal. +# + +######################################################################### +# +# w32.sircam.worm@mm +# +# There are serveral patterns that appear common ONLY to SirCam worm and +# not to Outlook Express, which claims to have sent the worm. There are +# four headers that always appear together and in this order: +# +# X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 +# X-Mailer: Microsoft Outlook Express 5.50.4133.2400 +# Content-Type: multipart/mixed; boundary="----27AA9124_Outlook_Express_message_boundary" +# Content-Disposition: Multipart message +# +# Empirical study of the worm message headers vs. true Outlook Express +# (5.50.4133.2400 & 5.50.4522.1200) messages with multipart/mixed attachments +# shows Outlook Express does: +# +# a) NOT supply a Content-Disposition header for multipart/mixed messages. +# b) NOT specify the header X-MimeOLE header name in all-caps +# c) NOT specify boundary tag with the expression "_Outlook_Express_message_boundary" +# +# The solution below catches any one of this three issues. This is not an ideal +# solution, but a temporary measure. A correct solution would be to check for +# the presence of ALL three header attributes. Also the solution is incomplete +# since Outlook Express 5.0 and 4.0 were not compared. +# +# NOTE regex keys are first dequoted and spaces removed before matching. +# This caused me no end of grief. +# +######################################################################### + +LOCAL_RULESETS + +KSirCamWormMarker regex -f -aSUSPECT multipart/mixed;boundary=----.+_Outlook_Express_message_boundary +HContent-Type: $>CheckContentType + +SCheckContentType +R$+ $: $(SirCamWormMarker $1 $) +RSUSPECT $#error $: "553 Possible virus, see http://www.symantec.com/avcenter/venc/data/w32.sircam.worm@mm.html" + +HContent-Disposition: $>CheckContentDisposition + +SCheckContentDisposition +R$- $@ OK +R$- ; $+ $@ OK +R$* $#error $: "553 Illegal Content-Disposition" |