VERSIONID(`8.15.1') OSTYPE(`linux') dnl PrivacyFlags - see docs op.me | op.ps | op.pdf define(`confPRIVACY_FLAGS', `authwarnings needmailhelo needexpnhelo needvrfyhelo') dnl replace everything behind the "@" in the From address of outgoing e-mails dnl with myhostname.dyn.dhs.org MASQUERADE_AS(`mydomain.org') dnl but only in emails, comming from the following hosts or domains MASQUERADE_DOMAIN(`mydomain.org') MASQUERADE_DOMAIN(`my_internal_domain.de') dnl instruct sendmail to masquerade emails specified via MASQUERADE_DOMAIN FEATURE(`masquerade_envelope') dnl but masquerade not all (perhaps we hosting also other virtual domains) dnl which should go out with their original address FEATURE(`limited_masquerade') dnl actually MASQUERADE_DOMAIN should be named MASQUERADE_HOST when the dnl following option IS NOT included. I.e. without it, you must add dnl all your clients hostname.domain with the MASQUERADE_DOMAIN macro. E.g. dnl MASQUERADE_DOMAIN(hostA.my_internal_domain.de) dnl MASQUERADE_DOMAIN(hostB.my_internal_domain.de) FEATURE(`masquerade_entire_domain') dnl do not masquerade mail from the following users: define(`EXPOSED_USER',`root lp majordomo') dnl this allows us to deliver mails to the same user but with a different dnl domain to different recipients. E.g. dnl info@mydomain.de info dnl info@myvirtualdomain.de info@mycompany.de dnl would relay mail to info@myvirtualdomain.de to info@mycompany.de. dnl Without this, mails to info@mydomain.de and info@myvirtualdomain.de dnl would be tried to deliver to the local user info, only. dnl If you change that file, all you need to do is: dnl makeamp hash /etc/mail/virtusertable.db < /etc/mail/virtusertable dnl You do not need to restart sendmail! FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable') dnl this gives us the opportunity, to block, reject mails from/to dnl well known Spammers, domains, hosts, etc. dnl For more information see: http://www.sendmail.org/m4/anti-spam.html dnl or /usr/lib/mail/README dnl If you change /etc/mail/access, all you need to do is: dnl makemap hash /etc/mail/access.db < /etc/mail/access dnl You do not need to restart sendmail! FEATURE(`access_db',`hash -o -T /etc/mail/access') dnl we also want to use the open relay black list of osirusoft.com. dnl This prevents a lot of spamming without the need to have to dnl maintain our own mega access_db For more information, dnl have a look at: http://relays.osirusoft.com/ FEATURE(`blacklist_recipients') FEATURE(enhdnsbl,`bl.spamcop.net', `"Spam blocked see: http://spamcop.net/bl.shtml?"$&{client_addr}', `t') dnl FEATURE(enhdnsbl,`relays.ordb.org', `"Spam blocked see: http://ordb.org/lookup/?host="$&{client_addr}', `t') dnl Wait some seconds after the incomming connection is setup, before dnl we send the greeting message. If any command is received from the dnl connected host, close the connection immediately because of dnl RFC violation. Usually virus programs, spammers and open proxies dnl violate this rule and will be caught ;-) dnl The access db might be used to rise or lower this time for certain dnl domains, e.g like dnl 'GreetPause:my.domain 0' dnl 'GreetPause:127.0.0.1 0' dnl 'GreetPause:i.hate.that.spam.isp 60000' FEATURE(`greet_pause', `5000') dnl 5 seconds dnl we do not use UUCP anymore FEATURE(`nouucp',`reject') dnl we want to use a file for trusted users in favor of having the directly dnl in the sendmail file. dnl If you change that file, you need to restart sendmail. FEATURE(`use_cw_file') dnl this file which contains the host and domain names (fully qualified and dnl unqualified) for which we accept mail as well - also called alternate dnl names. dnl If you change that file, you need to restart sendmail. define(`confCW_FILE', `-o /etc/mail/local-host-names') dnl the same counts for trusted users FEATURE(`use_ct_file') dnl the users in the specified file are allowed, to set the From address in dnl emails to something, they want, without generating a warning message. dnl If you change that file, you need to restart sendmail. define(`confCT_FILE',`-o /etc/mail/trusted-users') dnl some users are confused, if they send a message to a mailing list, dnl which includes its email address as well, but do not get the sent dnl mail as well ... define(`confME_TOO',`True') dnl we want to see the perhaps aliased domain of the sender. I.e. do not dnl resolve the domain to an IP address and than back to a domain. define(`confDONT_EXPAND_CNAMES',`True') dnl where should sendmail store the file, which contains the process ID dnl of the sendmail master daemon process dnl define(`confPID_FILE',`/system/volatile/sendmail.pid') dnl if we can't deliver mail direct to the internet (e.g. if our uplink is dnl down), ask our neighbor to deliver it define(`confFALLBACK_MX',`myneighbor.domain.de') dnl where sendmail should store its statistics define(`STATUS_FILE',`/var/log/sendmail.st') dnl where to store temporarely outgoing mails define(`QUEUE_DIR',`/var/spool/mqueue') dnl directory containing queue files for the Mail Submission Program (MSP) define(`MSP_QUEUE_DIR',`/var/spool/clientmqueue') dnl Size of open connection cache. define(`confMCI_CACHE_SIZE',`8') dnl we accept emails not bigger than 2 MiB = 2 * 1024 * 1024 Byte, only. dnl NOTE: email is not a file transfer program! If someone wants to send you dnl large files, ask him to put them on a web or ftp server instead and dnl send you the URL, only ;-) define(`confMAX_MESSAGE_SIZE', `2097152') dnl Enable available milters aka sendmail filter programs by removing dnl the `dnl' at the beginning of the appropriate `INPUT_MAIL_FILTER' line. dnl Parameters: dnl S=$SOCKET with $SOCKET dnl {unix|local}:/path/to/file .. A named pipe. dnl inet:port@{hostname|ip-address} .. An IPV4 socket. dnl inet6:port@{hostname|ip-address} .. An IPV6 socket. dnl dnl F={R|T} dnl R .. rejects mails, if the filter is unavailable dnl T .. answers with a temporary error, if the filter is unavailable dnl If F Option is not specified, pass through the mail on filter errors dnl as if the failing filter is not present. dnl dnl T=$OPTION:$TIMEOUT[;$OPTION:$TIMEOUT ...] dnl with $OPTION: dnl C .. Timeout for connecting to a filter (if 0, use system timeout). dnl default: 5m dnl S .. Timeout for sending information from the MTA to a filter. dnl default: 10s dnl R .. Timeout for reading reply from the filter. dnl default: 10s dnl E .. Overall timeout between sending end-of-message to filter and dnl waiting for the final acknowledgment. dnl default: 5m dnl and $TIMEOUT: dnl Number{m|s} where 's' is seconds and 'm' is minutes dnl INPUT_MAIL_FILTER(`clamav',`S=local:/var/milter/milter-clamav.sock,T=C:5s;S:5s;R:20s;E:1m') dnl If sendmail recognizes, that more than the given receivers aka dnl recipient adresses are unknown (probably because the mail is spam dnl sent using a dictionary) it should sleep for 1 second after each dnl REJECT command define(`confBAD_RCPT_THROTTLE',`3') dnl the mailers we use. Since uucp is rarely used, we skip it here. MAILER(`local') MAILER(`smtp') ####################################################################### # our own rules ####################################################################### LOCAL_CONFIG Kallnumbers regex -a@MATCH ^[0-9]+$ # -------------------------------------------------------- # discard all mails, which do not have a valid message id, # since this is usually spam # -------------------------------------------------------- LOCAL_RULESETS HMessage-Id: $>CheckMessageId HSubject: $>Check_Subject SLocal_check_mail # check address against various regex checks R$* $: $>Parse0 $>3 $1 R$+ < @ $* > $* $: $(allnumbers $1 $) R@MATCH $#error $: 553 Header Error SCheckMessageId R< $+ @ $+ > $@ OK R$* $#error $: 553 Header Error SCheck_Subject # example: if a subject line in an email starts with # "ILOVEYOU" or "Re: ILOVEYOU" this email probably contains # the well known I love you virus. Usually no one want to # have such mails in his mailbox, especially not, if some # users still use outlook ;-). So reject it with an error. # RILOVEYOU $* $#error $: 553 This message may contain the ILOVEYOU vir us. RRe: ILOVEYOU $* $#error $: 553 This message may contain the ILOVEYOU vir us.