Moderators: ScalixSupport, admin
Code: Select all
SMTPFILTER=TRUE;Code: Select all
divert(-1)dnl
dnl #
dnl # This is the sendmail macro config file for m4. If you make changes to
dnl # /etc/mail/sendmail.mc, you will need to regenerate the
dnl # /etc/mail/sendmail.cf file by confirming that the sendmail-cf package is
dnl # installed and then performing a
dnl #
dnl # make -C /etc/mail
dnl #
include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
VERSIONID(`setup for linux')dnl
OSTYPE(`linux')dnl
dnl #
dnl # default logging level is 9, you might want to set it higher to
dnl # debug the configuration
dnl #
dnl define(`confLOG_LEVEL', `9')dnl
dnl #
dnl # Uncomment and edit the following line if your outgoing mail needs to
dnl # be sent out through an external mail server:
dnl #
define(`SMART_HOST', `foo.bar.com')dnl
dnl #
define(`confDEF_USER_ID',``8:12'')dnl
dnl define(`confAUTO_REBUILD')dnl
define(`confTO_CONNECT', `1m')dnl
define(`confTRY_NULL_MX_LIST',true)dnl
define(`confDONT_PROBE_INTERFACES',true)dnl
define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl
define(`ALIAS_FILE', `/etc/aliases')dnl
define(`STATUS_FILE', `/var/log/mail/statistics')dnl
define(`UUCP_MAILER_MAX', `2000000')dnl
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
define(`confAUTH_OPTIONS', `A')dnl
dnl #
dnl # Grey listing
dnl #
INPUT_MAIL_FILTER(`greylist',`S=local:/var/run/milter-greylist/milter-greylist.sock')
define(`confMILTER_MACROS_CONNECT', `j, {if_addr}')
define(`confMILTER_MACROS_HELO', `{verify}, {cert_subject}')
define(`confMILTER_MACROS_ENVFROM', `i, {auth_authen}')
define(`confMILTER_MACROS_ENVRCPT', `{greylist}')
dnl #
dnl # Mailwasher
dnl #
INPUT_MAIL_FILTER(`mailwasher_server', `S=unix:/var/run/mwserver/mpd.sock, F=T, T=S:4m;R:4m')
define(`confINPUT_MAIL_FILTERS', `mailwasher_server')
dnl #
dnl # The following allows relaying if the user authenticates, and disallows
dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links
dnl #
dnl define(`confAUTH_OPTIONS', `A p')dnl
dnl #
dnl # PLAIN is the preferred plaintext authentication method and used by
dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs do
dnl # use LOGIN. Other mechanisms should be used if the connection is not
dnl # guaranteed secure.
dnl # Please remember that saslauthd needs to be running for AUTH.
dnl #
dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
FEATURE(`authinfo', `hash /etc/mail/auth/client-info')dnl
dnl #
dnl # Rudimentary information on creating certificates for sendmail TLS:
dnl # cd /usr/share/ssl/certs; make sendmail.pem
dnl # Complete usage:
dnl # make -C /usr/share/ssl/certs usage
dnl #
dnl define(`confCACERT_PATH',`/etc/pki/tls/certs')dnl
dnl define(`confCACERT',`/etc/pki/tls/certs/ca-bundle.crt')dnl
dnl define(`confSERVER_CERT',`/etc/pki/tls/certs/sendmail.pem')dnl
dnl define(`confSERVER_KEY',`/etc/pki/tls/certs/sendmail.pem')dnl
dnl #
dnl # This allows sendmail to use a keyfile that is shared with OpenLDAP's
dnl # slapd, which requires the file to be readble by group ldap
dnl #
dnl define(`confDONT_BLAME_SENDMAIL',`groupreadablekeyfile')dnl
dnl #
dnl define(`confTO_QUEUEWARN', `4h')dnl
dnl define(`confTO_QUEUERETURN', `5d')dnl
dnl define(`confQUEUE_LA', `12')dnl
dnl define(`confREFUSE_LA', `18')dnl
define(`confTO_IDENT', `0')dnl
dnl FEATURE(delay_checks)dnl
FEATURE(`no_default_msa',`dnl')dnl
FEATURE(`smrsh',`/usr/sbin/smrsh')dnl
FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl
FEATURE(redirect)dnl
FEATURE(always_add_domain)dnl
FEATURE(use_cw_file)dnl
FEATURE(use_ct_file)dnl
dnl #
dnl # The following limits the number of processes sendmail can fork to accept
dnl # incoming messages or process its message queues to 12.) sendmail refuses
dnl # to accept connections once it has reached its quota of child processes.
dnl #
dnl define(`confMAX_DAEMON_CHILDREN', 12)dnl
dnl #
dnl # Limits the number of new connections per second. This caps the overhead
dnl # incurred due to forking new sendmail processes. May be useful against
dnl # DoS attacks or barrages of spam. (As mentioned below, a per-IP address
dnl # limit would be useful but is not available as an option at this writing.)
dnl #
dnl define(`confCONNECTION_RATE_THROTTLE', 3)dnl
dnl #
dnl # The -t option will retry delivery if e.g. the user runs over his quota.
dnl #
FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl
FEATURE(`access_db',`hash -T<TMPF> -o /etc/mail/access.db')dnl
FEATURE(`blacklist_recipients')dnl
EXPOSED_USER(`root')dnl
dnl #
dnl # For using Cyrus-IMAPd as POP3/IMAP server through LMTP delivery uncomment
dnl # the following 2 definitions and activate below in the MAILER section the
dnl # cyrusv2 mailer.
dnl #
dnl define(`confLOCAL_MAILER', `cyrusv2')dnl
dnl define(`CYRUSV2_MAILER_ARGS', `FILE /var/lib/imap/socket/lmtp')dnl
dnl #
dnl # The following causes sendmail to only listen on the IPv4 loopback address
dnl # 127.0.0.1 and not on any other network devices. Remove the loopback
dnl # address restriction to accept email from the internet or intranet.
dnl #
DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
dnl #
dnl # The following causes sendmail to additionally listen to port 587 for
dnl # mail from MUAs that authenticate. Roaming users who can't reach their
dnl # preferred sendmail daemon due to port 25 being blocked or redirected find
dnl # this useful.
dnl #
dnl DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl
dnl #
dnl # The following causes sendmail to additionally listen to port 465, but
dnl # starting immediately in TLS mode upon connecting. Port 25 or 587 followed
dnl # by STARTTLS is preferred, but roaming clients using Outlook Express can't
dnl # do STARTTLS on ports other than 25. Mozilla Mail can ONLY use STARTTLS
dnl # and doesn't support the deprecated smtps; Evolution <1.1.1 uses smtps
dnl # when SSL is enabled-- STARTTLS support is available in version 1.1.1.
dnl #
dnl # For this to work your OpenSSL certificates must be configured.
dnl #
dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
dnl #
dnl # The following causes sendmail to additionally listen on the IPv6 loopback
dnl # device. Remove the loopback address restriction listen to the network.
dnl #
dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6')dnl
dnl #
dnl # enable both ipv6 and ipv4 in sendmail:
dnl #
dnl DAEMON_OPTIONS(`Name=MTA-v4, Family=inet, Name=MTA-v6, Family=inet6')
dnl #
dnl # We strongly recommend not accepting unresolvable domains if you want to
dnl # protect yourself from spam. However, the laptop and users on computers
dnl # that do not have 24x7 DNS do need this.
dnl #
FEATURE(`accept_unresolvable_domains')dnl
dnl #
dnl FEATURE(`relay_based_on_MX')dnl
dnl #
dnl # Also accept email sent to "localhost.localdomain" as local email.
dnl #
LOCAL_DOMAIN(`localhost.localdomain')dnl
dnl #
dnl # The following example makes mail from this host and any additional
dnl # specified domains appear to be sent from mydomain.com
dnl #
dnl MASQUERADE_AS(`mydomain.com')dnl
dnl #
dnl # masquerade not just the headers, but the envelope as well
dnl #
dnl FEATURE(masquerade_envelope)dnl
dnl #
dnl # masquerade not just @mydomainalias.com, but @*.mydomainalias.com as well
dnl #
dnl FEATURE(masquerade_entire_domain)dnl
dnl #
dnl MASQUERADE_DOMAIN(localhost)dnl
dnl MASQUERADE_DOMAIN(localhost.localdomain)dnl
dnl MASQUERADE_DOMAIN(mydomainalias.com)dnl
dnl MASQUERADE_DOMAIN(mydomain.lan)dnl
MAILER(smtp)dnl
MAILER(procmail)dnl
dnl MAILER(cyrusv2)dnl
MAILER(scalix)dnl
Code: Select all
#
# Greylisting config file
#
# $Id: greylist.conf,v 1.30 2005/06/09 20:28:43 manu Exp $
#
# Uncomment this to enable debug output.
# Note that options appearing before the "verbose" option in this
# file will not be treated verbosely.
# May be overridden by the "-v" command line argument.
verbose
# If you work with multiple MXs, list them with
# peer entries to enable greylist sync among the MXs.
#peer 192.0.2.17
#peer 192.0.2.18
# You may wish to use a specific local address or port for
# syncing between MXs. Of course one of your interfaces
# must have the address assigned. An '*' for the address
# means any address.
#syncaddr *
#syncaddr * port 7689
#syncaddr 192.0.2.2
#syncaddr 192.0.2.2 port 9785
#syncaddr 2001:db8::1:c3b5:123
#syncaddr 2001:db8::1:c3b5:123 port 1234
# Greylisting your own MTA is a very bad idea: never
# comment this line, except for testing purposes.
acl whitelist addr 127.0.0.0/8
# If you use IPv6, uncomment this.
#acl whitelist addr ::1/128
# You will want to avoid greylisting your own clients
# as well, by filtering out your IP address blocks.
# Here is an example if you use 192.0.2.0/16.
#acl whitelist addr 192.0.2.0/16
# It is also possible to whitelist sender
# machines using their DNS names.
#acl whitelist domain example.net
acl whitelist addr 127.0.0.0/8
acl whitelist addr 192.168.0.0/24
acl whitelist addr 192.168.1.0/24
acl whitelist addr 192.168.2.0/24
acl whitelist addr 192.168.3.0/24
acl greylist default
# You can avoid greylisting by filtering on the sender
# envelope address, but this is not a good idea: it
# can be trivially forged.
#acl whitelist from friendly@example.com
# Some of your users do not get any spam because
# their addresses have never been collected by
# spammers. They will want to avoid the extra delivery
# delay caused by grey listing. You can filter on the
# recipient envelope address to achieve that.
#acl whitelist rcpt John.Doe@example.net
# It is possible to use regular expressions in domain, from
# and rcpt lines. The expression must be enclosed by
# slashes (/). Note that no escaping is available to
# provide slashes inside the regular expression.
#acl whitelist rcpt /.*@example\.net/
# This option tells milter-greylist when it should
# add an X-Greylist header. Default is all, which
# causes a header to always be added. Other possible
# values are none, delays and nodelays
report all
# This option attempts to make milter-greylist more
# friendly with sender callback systems. When the
# message is from <>, it will be temporarily
# rejected at the DATA stage instead of the RCPT
# stage of the SMTP transaction. In the case of a
# multi recipient DSN, whitelisted recipient will
# not be honoured.
#delayedreject
# Uncomment if you want auto-whitelist to work for
# the IP rather than for the (IP, sender, receiver)
# tuple.
#lazyaw
# How often should we dump to the dumpfile (0: on each change, -1: never).
dumpfreq 0
# How long will the greylist database retain tuples.
timeout 365d
# Do not use ${greylist} macros from sendmail's access DB.
#noaccessdb
# Use extended regular expressions instead of basic
# regular expressions.
#extendedregex
#
# All of the following options have command-line equivalents.
# See greylist.conf(5) for the exact equivalences.
#
# How long a client has to wait before we accept
# the messages it retries to send. Here, 1 hour.
# May be overridden by the "-w greylist_delay" command line argument.
greylist 5m
# How long does auto-whitelisting last (set it to 0
# to disable auto-whitelisting). Here, 3 days.
# May be overridden by the "-a autowhite_delay" command line argument.
autowhite 365d
# Specify the netmask to be used when checking IPv4 addresses
# in the greylist.
# May be overridden by the "-L cidrmask" command line argument.
#subnetmatch /24
# Specify the netmask to be used when checking IPv6 addresses
# in the greylist.
# May be overridden by the "-M prefixlen" command line argument.
#subnetmatch6 /64
# Normally, clients that succeed SMTP AUTH are not
# greylisted. Uncomment this if you want to
# greylist them regardless of SMTP AUTH.
# May be overridden by the "-A" command line argument.
#noauth
# If milter-greylist was built with SPF support, then
# SPF-compliant senders are not greylisted. Uncomment
# this to greylist them regardless of SPF compliance.
# May be overridden by the "-S" command line argument.
#nospf
# Uncomment if you want milter-greylist to remain
# in the foreground (no daemon).
# May be overridden by the "-D" command line argument.
#nodetach
# Uncomment this if you do not want milter-greylist
# to tell its clients how long they are greylisted.
# May be overridden by the "-q" command line argument.
#quiet
# You can specify a file where milter-greylist will
# store its PID.
# May be overridden by the "-P pidfile" command line argument.
pidfile "/var/run/milter-greylist.pid"
# You can specify the socket file used to communicate
# with sendmail.
# May be overridden by the "-p socket" command line argument.
socket "/var/run/milter-greylist/milter-greylist.sock"
# The dumpfile location.
# May be overridden by the "-d dumpfile" command line argument.
dumpfile "/var/lib/milter-greylist/db/greylist.db"
# The user the milter should run as.
# May be overridden by the "-u username" command line argument.
user "grmilter"
# This is a list of broken MTAs that break with greylisting. Copied from
# http://cvs.puremagic.com/viewcvs/greylisting/schema/whitelist_ip.txt?rev=1.12
acl whitelist addr 12.5.136.141/32 # Southwest Airlines (unique sender)
acl whitelist addr 12.5.136.142/32 # Southwest Airlines
acl whitelist addr 12.5.136.143/32 # Southwest Airlines
acl whitelist addr 12.5.136.144/32 # Southwest Airlines
acl whitelist addr 12.107.209.244/32 # kernel.org (unique sender)
acl whitelist addr 12.107.209.250/32 # sourceware.org (unique sender)
acl whitelist addr 63.82.37.110/32 # SLmail
acl whitelist addr 64.7.153.18/32 # sentex.ca (common pool)
acl whitelist addr 64.12.136.0/24 # AOL (common pool)
acl whitelist addr 64.12.137.0/24 # AOL
acl whitelist addr 64.12.138.0/24 # AOL
acl whitelist addr 64.124.204.39 # moveon.org (unique sender)
acl whitelist addr 64.125.132.254/32 # collab.net (unique sender)
acl whitelist addr 66.94.237.16/28 # Yahoo Groups servers (common pool)
acl whitelist addr 66.94.237.32/28 # Yahoo Groups servers (common pool)
acl whitelist addr 66.94.237.48/30 # Yahoo Groups servers (common pool)
acl whitelist addr 66.100.210.82/32 # Groupwise?
acl whitelist addr 66.135.192.0/19 # Ebay
acl whitelist addr 66.162.216.166/32 # Groupwise?
acl whitelist addr 66.206.22.82/32 # Plexor
acl whitelist addr 66.206.22.83/32 # Plexor
acl whitelist addr 66.206.22.84/32 # Plexor
acl whitelist addr 66.206.22.85/32 # Plexor
acl whitelist addr 66.218.66.0/23 # Yahoo Groups servers (common pool)
acl whitelist addr 66.218.67.0/23 # Yahoo Groups servers (common pool)
acl whitelist addr 66.218.68.0/23 # Yahoo Groups servers (common pool)
acl whitelist addr 66.27.51.218/32 # ljbtc.com (Groupwise)
acl whitelist addr 152.163.225.0/24 # AOL
acl whitelist addr 194.245.101.88/32 # Joker.com
acl whitelist addr 195.235.39.19/32 # Tid InfoMail Exchanger v2.20
acl whitelist addr 195.46.220.208/32 # mgn.net
acl whitelist addr 195.46.220.209/32 # mgn.net
acl whitelist addr 195.46.220.210/32 # mgn.net
acl whitelist addr 195.46.220.211/32 # mgn.net
acl whitelist addr 195.46.220.221/32 # mgn.net
acl whitelist addr 195.46.220.222/32 # mgn.net
acl whitelist addr 195.238.2.0/24 # skynet.be (wierd retry pattern)
acl whitelist addr 195.238.3.0/24 # skynet.be
acl whitelist addr 204.107.120.10/32 # Ameritrade (no retry)
acl whitelist addr 205.188.0.0/16 # AOL
acl whitelist addr 205.206.231.0/24 # SecurityFocus.com (unique sender)
acl whitelist addr 207.115.63.0/24 # Prodigy - retries continually
acl whitelist addr 207.171.168.0/24 # Amazon.com
acl whitelist addr 207.171.180.0/24 # Amazon.com
acl whitelist addr 207.171.187.0/24 # Amazon.com
acl whitelist addr 207.171.188.0/24 # Amazon.com
acl whitelist addr 207.171.190.0/24 # Amazon.com
acl whitelist addr 211.29.132.0/24 # optusnet.com.au (wierd retry pattern)
acl whitelist addr 213.136.52.31/32 # Mysql.com (unique sender)
acl whitelist addr 216.33.244.0/24 # Ebay
acl whitelist addr 217.158.50.178/32 # AXKit mailing list (unique sender)
Users browsing this forum: No registered users and 4 guests