3 # Copyright (c) 1998-2001 Sendmail, Inc. and its suppliers.
5 # Copyright (c) 1983 Eric P. Allman. All rights reserved.
6 # Copyright (c) 1988, 1993
7 # The Regents of the University of California. All rights reserved.
9 # By using this file, you agree to the terms and conditions set
10 # forth in the LICENSE file which can be found at the top level of
11 # the sendmail distribution.
16 # This is specific to Eric's home machine.
18 # Run daemon with -bd -q5m
22 VERSIONID(`$Id: knecht.mc,v 8.58 2004/01/28 00:54:41 eric Exp $')
26 define(`ALIAS_FILE', ``/etc/mail/aliases, /etc/mail/lists/sendmail.org/aliases, /var/listmanager/aliases'')
27 define(`confFORWARD_PATH', `$z/.forward.$w:$z/.forward+$h:$z/.forward')
28 define(`confDEF_USER_ID', `mailnull')
29 define(`confHOST_STATUS_DIRECTORY', `.hoststat')
30 define(`confTO_ICONNECT', `10s')
31 define(`confTO_QUEUEWARN', `8h')
32 define(`confMIN_QUEUE_AGE', `27m')
33 define(`confTRUSTED_USERS', ``www listmgr'')
34 define(`confPRIVACY_FLAGS', ``authwarnings,noexpn,novrfy'')
36 define(`CERT_DIR', `MAIL_SETTINGS_DIR`'certs')
37 define(`confCACERT_PATH', `CERT_DIR')
38 define(`confCACERT', `CERT_DIR/CAcert.pem')
39 define(`confSERVER_CERT', `CERT_DIR/MYcert.pem')
40 define(`confSERVER_KEY', `CERT_DIR/MYkey.pem')
41 define(`confCLIENT_CERT', `CERT_DIR/MYcert.pem')
42 define(`confCLIENT_KEY', `CERT_DIR/MYkey.pem')
44 define(`CYRUS_MAILER_PATH', `/usr/local/cyrus/bin/deliver')
48 FEATURE(virtusertable)
51 FEATURE(`nocanonify', `canonify_hosts')
52 CANONIFY_DOMAIN(`sendmail.org')
53 CANONIFY_DOMAIN_FILE(`/etc/mail/canonify-domains')
55 dnl # at most 10 queue runners
56 define(`confMAX_QUEUE_CHILDREN', `20')
58 define(`confMAX_RUNNERS_PER_QUEUE', `5')
60 dnl # run at most 10 concurrent processes for initial submission
61 define(`confFAST_SPLIT', `10')
63 dnl # 10 runners, split into at most 15 recipients per envelope
64 QUEUE_GROUP(`mqueue', `P=/var/spool/mqueue, R=5, r=15, F=f')
67 dnl # enable spam assassin
68 INPUT_MAIL_FILTER(`spamassassin', `S=local:/var/run/spamass-milter.sock, F=, T=C:15m;S:4m;R:4m;E:10m')
75 Rcyrus.$+ + $+ < @ $=w . > $#cyrus $@ $2 $: $1
76 Rcyrus.$+ < @ $=w . > $#cyrus $: $1
80 # Regular expression to reject:
81 # * numeric-only localparts from aol.com and msn.com
82 # * localparts starting with a digit from juno.com
84 Kcheckaddress regex -a@MATCH
85 ^([0-9]+<@(aol|msn)\.com|[0-9][^<]*<@juno\.com)\.?>
87 ######################################################################
89 # Names that won't be allowed in a To: line (local-part and domains)
91 C{RejectToLocalparts} friend you
92 C{RejectToDomains} public.com
98 R$={RejectToLocalparts}@$* $#error $: "553 Header error"
99 R$*@$={RejectToDomains} $#error $: "553 Header error"
101 ######################################################################
102 HMessage-Id: $>CheckMessageId
105 # Record the presence of the header
106 R$* $: $(storage {MessageIdCheck} $@ OK $) $1
110 R$* $#error $: "554 Header error"
113 ######################################################################
114 HReceived: $>CheckReceived
117 # Record the presence of any Received header
118 R$* $: $(storage {ReceivedCheck} $@ OK $) $1
121 R$* ......................................................... $*
122 $#error $: "554 Header error"
124 ######################################################################
126 # Reject advertising subjects
129 Kadvsubj regex -b -a@MATCH ±?°í
130 HSubject: $>+CheckSubject
132 R$* $: $(advsubj $&{currHeader} $: OK $)
134 R$* $#error $@ 5.7.0 $: 550 5.7.0 spam rejected.
136 ######################################################################
138 # Reject certain senders
139 # Regex match to catch things in quotes
142 KCheckFrom regex -a@MATCH
143 [^a-z]?(Net-Pa)[^a-z]
146 R$* $: $( CheckFrom $1 $)
147 R@MATCH $#error $: "553 Header error"
151 # check address against various regex checks
152 R$* $: $>Parse0 $>3 $1
153 R$+ $: $(checkaddress $1 $)
154 R@MATCH $#error $: "553 Header error"
157 # Following code from Anthony Howe <achowe@snert.com>. The check
158 # for the Outlook Express marker may hit some legal messages, but
159 # the Content-Disposition is clearly illegal.
162 #########################################################################
166 # There are serveral patterns that appear common ONLY to SirCam worm and
167 # not to Outlook Express, which claims to have sent the worm. There are
168 # four headers that always appear together and in this order:
170 # X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
171 # X-Mailer: Microsoft Outlook Express 5.50.4133.2400
172 # Content-Type: multipart/mixed; boundary="----27AA9124_Outlook_Express_message_boundary"
173 # Content-Disposition: Multipart message
175 # Empirical study of the worm message headers vs. true Outlook Express
176 # (5.50.4133.2400 & 5.50.4522.1200) messages with multipart/mixed attachments
177 # shows Outlook Express does:
179 # a) NOT supply a Content-Disposition header for multipart/mixed messages.
180 # b) NOT specify the header X-MimeOLE header name in all-caps
181 # c) NOT specify boundary tag with the expression "_Outlook_Express_message_boundary"
183 # The solution below catches any one of this three issues. This is not an ideal
184 # solution, but a temporary measure. A correct solution would be to check for
185 # the presence of ALL three header attributes. Also the solution is incomplete
186 # since Outlook Express 5.0 and 4.0 were not compared.
188 # NOTE regex keys are first dequoted and spaces removed before matching.
189 # This caused me no end of grief.
191 #########################################################################
195 KSirCamWormMarker regex -f -aSUSPECT multipart/mixed;boundary=----.+_Outlook_Express_message_boundary
196 HContent-Type: $>CheckContentType
198 ######################################################################
200 R$+ $: $(SirCamWormMarker $1 $)
201 RSUSPECT $#error $: "553 Possible virus, see http://www.symantec.com/avcenter/venc/data/w32.sircam.worm@mm.html"
203 HContent-Disposition: $>CheckContentDisposition
205 ######################################################################
206 SCheckContentDisposition
209 R$* $#error $: "553 Illegal Content-Disposition"
220 ######################################################################
221 ### check for the existance of the X-MailScanner Header
222 HX-MailScanner: $>+CheckXMSc
223 D{SobigFPat}Found to be clean
224 D{SobigFMsg}This message may contain the Sobig.F virus.
227 ### if it exists, and the defined value is set, record the presence
228 R${SobigFPat} $* $: $(storage {SobigFCheck} $@ SobigF $) $1
231 ######################################################################
233 # Check if a Message-Id was found
234 R$* $: < $&{MessageIdCheck} >
236 # If Message-Id was found clear the X-MailScanner store and return with OK
237 R< $+ > $@ OK $>ClearStorage
239 # Are we the first Hop?
240 R$* $: < $&{ReceivedCheck} >
241 R< $+ > $@ OK $>ClearStorage
243 # no Message-Id->check X-Mailscanner presence, too
244 R$* $: < $&{SobigFCheck} >
247 R$* $: $>ClearStorage $1
248 # no msgid, first hop and Header found? -> reject the message
249 R < SobigF > $#error $: 553 ${SobigFMsg}
251 # No Header! Fine, take the message
254 ######################################################################
256 R$* $: $(storage {SobigFCheck} $) $1
257 R$* $: $(storage {ReceivedCheck} $) $1
258 R$* $: $(storage {MessageIdCheck} $) $1