/* ~jhs/public_html/src/bsd/fixes/FreeBSD/src/jhs/etc/sendmail/common.cpp * Sendmail config for jhs hosts. Copyright Julian H. Stacey 2009 Munich * CAUTION MAKING: * cd /etc/mail ; make * might have 2 unfortunate results, either: * Installing generic instead of custom: * cp freebsd.mc `hostname`.mc * /usr/bin/m4 -D_CF_DIR_=/usr/share/sendmail/cf/ \ * /usr/share/sendmail/cf/m4/cf.m4 `hostname`.mc > `hostname`.cf * Or if you have previously done * ln -s ../../usr/src/etc/sendmail/`hostname`.mc * then your .mc sym linked in /usr/src will get forced back to generic by * cp freebsd.mc `hostname`.mc * The safe way is: * cd /usr/src/etc/sendmail * make clean ; make cleandir ; make clean ; make obj ; make * cd /usr/obj/`cd /usr/src/etc/sendmail;/bin/pwd` * cp `hostname`.mc `hostname`.cf /etc/mail/ * cd /etc/mail * ln -s `hostname`.mc sendmail.mc * ln -s `hostname`.cf sendmail.cf * make ; make stop ; make start * OTHER SASL AUTH CONFIG FILES RELATED: * /etc/make.conf includes /site/domain/this/etc/make.conf * /etc/make.conf includes /site/etc/make.conf.sasl * /site/domain/this/etc/make.conf includes make.conf.common * /site/domain/this/etc/make.conf.common includes /site/etc/make.conf.sasl * /site/domain/berklix/etc/mail/access.domain * /site/domain/js.berklix.net/etc/mail/access.domain * source of passwords * /site/domain/js.berklix.net/etc/mail/access * text copy of passwords * /etc/mail/access -> ../../site/etc/mail/access * /etc/mail/access.db * binary of passwords. * /site/usr/lib/sasl/Sendmail.conf * specifies: pwcheck_method: sasldb * /site/domain/berklix/usr/lib/sasl/saslpasswd.conf * /site/usr/lib/sasl/saslpasswd.conf * specifies: pwcheck_method: pwcheck * /usr/local/etc/sasldb.db /usr/local/etc/sasldb2.db * ~/public_html/src/bsd/fixes/FreeBSD/src/jhs/contrib/sendmail/\ * cf/cf/submit.mc.cyrus-sasl.REL=ALL.diff # disables SMTP AUTH on the loopback interface * ~/mail/auth/\* * MAN: saslpasswd saslpasswd2 sasldblistusers sasldblistusers2 * DOC FILES: * /usr/local/share/doc/cyrus-sasl2/html/ * /usr/local/share/doc/cyrus-sasl2/testing.txt * /usr/ports/security/cyrus-sasl2/files/Sendmail.README * /usr/share/sendmail/cf/README < * /usr/src/contrib/sendmail/cf/README * /usr/src/contrib/sendmail/RELEASE_NOTES * PORTS: * /usr/ports/security/cyrus-sasl (Manually select: "Use pwcheck") * /usr/ports/security/cyrus-sasl2 Installed then I used SASL1 * /usr/ports/mail/sendmail-sasl Not used * /usr/ports/security/cyrus-sasl2-saslauthd Not used * /usr/ports/security/gsasl Not used * DOC WEB: (C = Client Side SASL, S = Server Side) * - http://cork.linux.ie/projects/install-sendmail/ * CS http://docs.snake.de/smtp-auth.html * http://imgate.meiway.com for WinNT * http://matt.simerson.net/computing/qmail.toaster.shtml - Alt to SM * http://njabl.org - Black Hole List * http://spamassassin.org/tag/ * S http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/smtp-auth.html * http://www.sendmail.org/antispam.html * http://www.sendmail.org/~ca/email/auth.html < timp@ * http://www.sendmail.org/~ca/email/cyrus/sysadmin.html * http://www.sendmail.org/~ca/email/sm-812.html#812AUTH < timp@ * EMAIL ADDRESSES * timp@ Tim Pushor * offered me a SASL relay or debug I recall. * postmaster@ freebsd 2004.08 is * David Wolfskill * ACRONYMS: * MTA = Mail Transfer Agent. flat considers mart sendmail an MTA * MSA = Mail [Submission Agent maybe?] Agent EG maybe ref submit.cf ? * MSP = Mail [Submission Program maybe?] Agent EG maybe ref submit.cf ? * MUA = Mail User Agent, EG Exmh, Pine, Elm * SASL: * authid= Authentication Identifier: Real person''s login name. * userid= user id= Authorization ID: * Your account, or maybe that of an absent colleague''s. * TO DO: * There is a misleading but not actually problematic naming conflict * between MAIL_HUB which is an internal recipient * & host=hub which is my name for gateway outgoing. * Ensure names such as phillip@@@fire do not leak. * Strip file of comment regularly updated in docs. * cd /usr/src/contrib/sendmail/doc/op ; \ * pic -C op.me|eqn -C -Tascii|groff -Tascii -mps -me>~/tmp/sm.asc * Debugging: Relaying denied string changed on mini in: * contrib/sendmail/cf/cf/submit.cf * contrib/sendmail/cf/m4/proto.m4 * See if I need to tweak submit.mc * Anti Spam Programs: SpamAssassin ( used by freebsd.org), Razor, * MailScanner, Bogofilter. * ports/mail/p5-Mail-SpamAssassin * ordb osirusoft spamcop wirehub * Do a DOMAIN(js.berklix.net), probably also using nullclient. * ports/mail/tlb to process deliveries to hide outgoing aliases, * to prevent people from evading restrictions for posting to lists. * UNUSED: * STARTTLS, IMAP command starts encryption * VIRTUSER_DOMAIN * VIRTUSER_DOMAIN_FILE * confERROR_MESSAGE * confSAVE_FROM_LINES * confSERVICE_SWITCH_FILE * confUSERDB_SPEC * BITNET_RELAY * DECNET_RELAY * FAX_RELAY * FEATURE(`compat_check') * FEATURE(`delay_checks') would allow spammers using Sender: my_domain * FEATURE(`enhdnsbl') * FEATURE(`generics_entire_domain'') * FEATURE(`genericstable'') * FEATURE(`lookupdotdomain') * FEATURE(`msp', `[127.0.0.1]') in submit.mc * FEATURE(`no_default_msa') * FEATURE(`preserve_local_plus_detail') * FEATURE(`preserve_luser_host') * FEATURE(`queuegroup') * FEATURE(`relay_hosts_only') * FEATURE(`relay_mail_from'',`domain'') Too dangerous * FEATURE(accept_unqualified_senders) fred without @domain * FEATURE(local_procmail) * FEATURE(loose_relay_check) user%site.com@@@othersite.com * FEATURE(relay_local_from) not unless absolutely necessary * FEATURE(virtuser_entire_domain) * define(`confDELIVERY_MODE',`deferred') not send out til requested. * RELAY_DOMAIN_FILE(`/etc/mail/relay'') * UUCP_RELAY * brackets.c: ' * confINPUT_MAIL_FILTERS for spam later maybe ? * confRELAY_MSG * files: etc/auth.conf * files: login.conf & auth_hostok * LDAP * TEST ADDRESSES to input to "sendmail -bt" * with command EG "/parse a@@@b" * (as this .cpp file is on the web, & harvested by * spammers, no complete addresses) * no_domain (no@) * tower.berklix.org * flat.berklix.org * dsl * freebsd.org * ftp.leo.org * lapt * localhost * mail * mail.js.berklix.net * muc. .de * not_in_etc_hosts.bsn.com * null.bsn.com * park * wind * world * DELIMITERS: * - Be Very Careful, changing anything: * you can very easily damage the output file from m4 without getting an * error message ! * - The text first goes through ccp, then m4, then is read by sendmail. * - m4: dnl is the m4 command for delete-to-newline. * - .cf: Hash # at beginning of line is a delimeter for sendmail.cf * read by /usr/sbin/sendmail, but is not a delimeter for m4. * - m4: treat as special, all of these: * lots of character such as {} * and `quotes-round-this-string' brackets.c:`' * and defined strings such as FEATURE * To avoid m4 macro expansion of strings such as OSTYPE being expanded * before pass through to a .cf file as comment, * use the string 0`'STYPE brackets.c:`' * - cpp: To avoid "unterminated character constant" in single * uses of the ' char, I use double occurences, & let cpp * brackets.c:' * reduce them to single quotes in the .mc file. * So I use 0`''STYPE. * brackets.c:` * To avoid "unknown configuration line" I avoid lines with * just a tab, * (which occur if you have a slash star comment not starting in * column 1, (though comments not starting in column 1 are OK in * ifdef lines, as the cpp does not pass those lines through.)) * - cpp: The Makefile deletes the space in "^ #" to "^#" * - cpp: The Makefile deletes blank lines * - cpp: To avoid cpp acting on # comment lines destined for .cf file, * they are preceeded by this string (without spaces) "/ * * /" * - Makefile last strips all strings __SPACE__ * which are used to fool cpp. * - cpp: When making EG file wind.mc Makefile defines * string wind_js_berklix_net (using _ as dots are not allowed * by cpp). * 5.1 cpp reduces tabs to spaces. * Info from guug conf. spring 98: * ETRN = force queue run * Exim takes over from Smail. * SMTP/ESMTP: * If old machines far end, use smtp, if new use esmtp. * HELO is the normal start, ESMTP servers often start EHLO, * but some lock up if EHLO is received & they dont support extended, * so some extended servers initiate instead with ESMTP. */ // ---------------------------------------------------------------------------- #ifndef freebsd_cmp /*{*/ __HASH__ Source: ~jhs/public_html/src/bsd/fixes/FreeBSD/src/jhs/etc/sendmail/common.cpp #else /*}{ For comparison with freebsd.mc. */ divert(-1) __HASH__ __HASH__ Copyright (c) 1983 Eric P. Allman __HASH__ Copyright (c) 1988, 1993 __HASH____TAB__The Regents of the University of California. __SPACE__All rights reserved. __HASH__ __HASH__ Redistribution and use in source and binary forms, with or without __HASH__ modification, are permitted provided that the following conditions __HASH__ are met: __HASH__ 1. Redistributions of source code must retain the above copyright __HASH__ __SPACE____SPACE__ notice, this list of conditions and the following disclaimer. __HASH__ 2. Redistributions in binary form must reproduce the above copyright __HASH__ __SPACE____SPACE__ notice, this list of conditions and the following disclaimer in the __HASH__ __SPACE____SPACE__ documentation and/or other materials provided with the distribution. __HASH__ 3. All advertising materials mentioning features or use of this software __HASH__ __SPACE____SPACE__ must display the following acknowledgement: __HASH____TAB__This product includes software developed by the University of __HASH____TAB__California, Berkeley and its contributors. __HASH__ 4. Neither the name of the University nor the names of its contributors __HASH__ __SPACE____SPACE__ may be used to endorse or promote products derived from this software __HASH__ __SPACE____SPACE__ without specific prior written permission. __HASH__ __HASH__ THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'''' AND __HASH__ ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE __HASH__ IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE __HASH__ ARE DISCLAIMED. __SPACE__IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE __HASH__ FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL __HASH__ DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS __HASH__ OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) __HASH__ HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT __HASH__ LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY __HASH__ OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF __HASH__ SUCH DAMAGE. __HASH__ __BREAK__ __HASH__ // ---------------------------------------------------------------------------- #if /*{*/ ( __FreeBSD_cc_version >= 800001 ) __HASH__ __SPACE__This is a generic configuration file for FreeBSD 6.X and later systems. #elif /*}{*/ ( __FreeBSD_cc_version > 500000 /* not quite the right number */ ) __HASH__ __SPACE__This is a generic configuration file for FreeBSD 5.X and later systems. #else /*}{*/ __HASH__ __SPACE__This is a generic configuration file for FreeBSD 4.X and later systems. #endif /*}*/ __HASH__ __SPACE__If you want to customize it, copy it to a name appropriate for your __HASH__ __SPACE__environment and do the modifications there. __HASH__ __HASH__ __SPACE__The best documentation for this .mc file is: __HASH__ __SPACE__/usr/share/sendmail/cf/README or __HASH__ __SPACE__/usr/src/contrib/sendmail/cf/README __HASH__ __BREAK__ #endif /*}*/ // ---------------------------------------------------------------------------- #ifdef freebsd_cmp /*{*/ divert(0) /* cpp -dM < /dev/null | grep __FreeBSD_cc_version */ #if /*{*/ ( __FreeBSD_cc_version == 460001 ) /* FreeBSD-4.7 & 4.8 & 4.9 & 4.10 */ /* VERSIONID for FreeBSD-4.10 */ VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.10.2.19 2003/12/31 17:42:16 gshapiro Exp $'') /* brackets.c:` * VERSIONID for FreeBSD-4.9 VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.10.2.18 2003/04/24 16:57:30 gshapiro Exp $') * brackets.c:`' */ #elif /*}{*/ ( __FreeBSD_cc_version == 500005 ) /* FreeBSD-5.1 */ VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.28 2003/04/18 01:25:41 gshapiro Exp $'') #elif /*}{*/ ( __FreeBSD_cc_version == 510002 ) /* FreeBSD-5.2 */ VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.28 2003/04/18 01:25:41 gshapiro Exp $'') #elif /*}{*/ ( __FreeBSD_cc_version == 520001 ) /* FreeBSD-5.2-current */ VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.29 2003/12/24 21:15:09 gshapiro Exp $'') #elif /*}{*/ ( __FreeBSD_cc_version == 530001 ) /* FreeBSD-5.[3-5] */ VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.29 2003/12/24 21:15:09 gshapiro Exp $'') #elif /*}{*/ ( __FreeBSD_cc_version == 600001 ) /* FreeBSD-6.[01]-RELEASE */ VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.30.6.1 2006/04/13 04:00:23 gshapiro Exp $'') #elif /*}{*/ ( __FreeBSD_cc_version == 602001 ) /* FreeBSD-6.2-RELEASE */ /* VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.30.2.2 2006/08/23 03:31:00 gshapiro Exp $'') * FreeBSD-6.2-RELEASE * VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.30.2.6.2.1 2008/10/02 02:57:24 kensmith Exp $'') * FreeBSD-6.4-RELEASE */ VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.30.2.6.2.1 2008/10/02 02:57:24 kensmith Exp $'') #elif /*}{*/ ( __FreeBSD_cc_version == 700003 ) /* 7.0-PRERELEASE & 7.1-BETA2 & 7.1-RELEASE & 7.2-RELEASE */ /* VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.34.2.2 2008/02/24 01:02:18 gshapiro Exp $'') * 7.0-PRERELEASE * brackets.c:` */ /* VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.34.2.3 2008/08/31 18:26:27 gshapiro Exp $'') * 7.1-BETA2 * brackets.c:` */ /* VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.34.2.3.2.1 2008/11/25 02:59:29 kensmith Exp $'') * 7.1-RELEASE * brackets.c:` */ VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.34.2.3.4.1 2009/04/15 03:14:26 kensmith Exp $'') /* 7.2-RELEASE * brackets.c:` */ #elif /*}{*/ ( __FreeBSD_cc_version == 800001 ) /* 8.0-RELEASE & 8.1-RC2 */ /* VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.37.2.1.2.1 2009/10/25 01:10:29 kensmith Exp $'') * 8.0-RELEASE * brackets.c:` */ /* VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.37.2.2.2.1 2010/06/14 02:09:06 kensmith Exp $'') * 8.1-RC2 & 8.1-RELEASE * brackets.c:` */ VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.37.2.2.2.1 2010/06/14 02:09:06 kensmith Exp $'') #else /*}{*/ VERSIONID(`$FreeBSD: Unknown __FreeBSD_cc_version version'') /* brackets.c:` */ #endif /*}*/ #else /*}{*/ /* The HOSTNAME that Make passes in has no spaces, but cpp screws up * and adds a space before & after. */ VERSIONID(`$FreeBSD: src/etc/sendmail/common.cpp Copyright jhs@ for HOSTNAME'') /* brackets.c:` */ #endif /*}*/ // ---------------------------------------------------------------------------- #if defined park_js_berklix_net /*{*/ __HASH__ Debug: park_ js_ berklix_ net is defined as park_js_berklix_net #elif defined mart_js_berklix_net /*}{*/ __HASH__ Debug: mart_ js_ berklix_ net is defined as mart_js_berklix_net #endif /*}*/ // ---------------------------------------------------------------------------- /* /usr/src/contrib/sendmail/cf/ostype/freebsd4.m4 */ #if /*{*/ (__FreeBSD_cc_version < 500000) /* not quite right number */ OSTYPE(freebsd4) #elif /*}{*/ (__FreeBSD_cc_version >= 600001) /* uname -r 6.0-RELEASE & 7.2-RELEASE */ OSTYPE(freebsd6) #else /*}{*/ OSTYPE(freebsd5) #endif /*}*/ // ---------------------------------------------------------------------------- #if /*{*/ ( defined park_js_berklix_net || defined mart_js_berklix_net ) #define GATE_HOST 1 #elif /*}{*/ ( \ defined fire_js_berklix_net \ || defined laps_js_berklix_net \ ) #define END_HOST 1 #elif /*}{*/ ( defined flat_berklix_org || \ defined tower_berklix_org || \ defined slim_berklix_org ) #define REMOTE_HOST 1 #else /*}{*/ /* Internal subsidiary host at Holz. */ #endif /*}*/ // ---------------------------------------------------------------------------- /* Log level. 15 is a good start value for debugging, but log may flood */ #if /*{*/ ( defined flat_berklix_org ) /* /var: 2G */ define(`confLOG_LEVEL'', `15'') /* brackets.c:` */ #elif /* }{ */ ( defined tower_berklix_org ) /* /var: 1.2G */ define(`confLOG_LEVEL'', `15'') /* brackets.c:` */ #elif /* }{ */ ( defined slim_berklix_org ) /* /var: 1Gig */ /* define(`confLOG_LEVEL'', `15'') */ /* brackets.c:` */ #elif /* }{ */ ( defined fire_js_berklix_net ) /* /var: 250M */ define(`confLOG_LEVEL'', `15'') /* brackets.c:` */ #elif /* }{ */ ( defined mart_js_berklix_net ) /* /var: ?? */ define(`confLOG_LEVEL'', `15'') /* brackets.c:` */ #elif /* }{ */ ( defined park_js_berklix_net ) /* /var: 1.1G */ define(`confLOG_LEVEL'', `15'') /* brackets.c:` */ #endif /*}*/ // ---------------------------------------------------------------------------- #ifndef freebsd_cmp /*{*/ /* Give rejected domains a clue who to phone, in case its not a spammer. * contrib/sendmail/cf/README: * confREJECT_MSG - [550 Access denied] The message * given if the access database contains * REJECT in the value portion. * With * define(`confREJECT_MSG'', * `550 Access denied http:/__BREAK__/www.berklix.com/~jhs/phone/'') * A diff of the .cf file before & after shows eg: * R <$*> $#error $@ 5.7.1 $: "550 Access denied" * R <$*> $#error $: 550 Access denied http://www.berklix.com/~jhs/phone/ * I suppose "$@ 5.7.1" might be name of sendmail, * Below loses the "$@ 5.7.1" */ define(`confREJECT_MSG'',`"550 Access denied http:/__BREAK__/www.berklix.com/~jhs/phone/access/"'') /* contrib/sendmail/cf/README: * confRELAY_MSG - [550 Relaying denied] The message * given if an unauthorized relaying * attempt is rejected. * I dont need to warn anyone here, but the text makes it * clearer to me in my daily run output, if the message is * coming from my host, & why, hence variant endings /access/ or /relay/ * which are just symbolic links in the web to the same file currently. */ define(`confRELAY_MSG'',`"550 Relaying denied http:/__BREAK__/www.berklix.com/~jhs/phone/relay/"'') #endif /* !freebsd_cmp } */ // ---------------------------------------------------------------------------- DOMAIN(generic) /* * 4.9 pulls in src/contrib/sendmail/cf/domain/generic.m4 * define(`confFORWARD_PATH', * `$z/.forward.$w+$h:$z/.forward+$h:$z/.forward.$w:$z/.forward')dnl * define(`confMAX_HEADERS_LENGTH', `32768')dnl * FEATURE(`redirect')dnl * FEATURE(`use_cw_file')dnl * EXPOSED_USER(`root') * bracktes.c:`' * */ __BREAK__ // ---------------------------------------------------------------------------- #ifdef /*{*/ GATE_HOST define(`confDONT_BLAME_SENDMAIL'', `GroupReadableKeyFile'') /* timp@ uses this */ #endif /* GATE_HOST }*/ // ---------------------------------------------------------------------------- #if /*{*/ ( defined REMOTE_HOST ) /* SASL stuff */ define(`confDONT_BLAME_SENDMAIL'',`GroupReadableSASLDBFile'') /* for Sendmail 8.12 (FreeBSD 4.10 has 8.12.11) */ #endif /* !REMOTE_HOST }*/ // ---------------------------------------------------------------------------- /* /usr/local/share/doc/cyrus-sasl2/Sendmail.README * The group needs to be mail in order to read the sasldb2 file * /usr/ports/security/cyrus-sasl/files/Sendmail.README: * The group needs to be mail in order to read the sasldb file * Not documented by Snake. * Added per timp@ 2004.01.05: * define(CYRUS_MAILER_PATH, `/usr/local/cyrus/bin/deliver'') * brackets.c:` * All 3 remote hosts & Host=Mart 2006.08.13 have no /usr/local/cyrus * so I commented out CYRUS_MAILER_PATH */ #if /*{*/ ( defined REMOTE_HOST ) /* SASL stuff */ define(CYRUS_MAILER_USER, `cyrus:cyrus'') // brackets.c:` #endif /* !REMOTE_HOST }*/ // ---------------------------------------------------------------------------- #if /*{*/ ( defined REMOTE_HOST ) /* SASL stuff */ /* timp@ has define(`confCLIENT_OPTIONS', `Address=64.56.138.134') Why ? */ #endif /* !REMOTE_HOST }*/ // ---------------------------------------------------------------------------- #ifndef freebsd_cmp /*{*/ /* MASQUERADING: * - REMOTE_HOST @user.berklix: * I should Not masquerade as berklix.org, as normal users on that * host would lose reply mail that might go to other * berklix hosts where they had no login or forwarding. * - REMOTE_HOST @smtprelay.berklix: * I should Not masquerade as berklix.org, as if I do, my mail from holz * declaring itself berklix.com or js.berklix.com, appears as berklix.org, * @ gets rejected to -approval@@@berklix, as * jhs@ is not subscribed as @@@berklix.org, (As on lists with lots of * MS addicts, PC viruses of spammers harvest * good matches of eg jhs@ & {ms-addicts}@, so to break that use * different domains for list & owner/ frequent senders). * - REMOTE_HOST all: * majordomo has aliases that guide all traffic to @list.berklix so * removing masquerading should hopefully make no difference either * way for majordomo. Yet to be checked. * - REMOTE_HOST all: * Most subscribers on some lists here are clueless MS users, * Ideally, would be nice to subsume 3xHost.berklix to avoid * their getting further confused - but how ? * - GATE_HOST: * Masquerading as berklix.com now, maybe later js.berklix.com * If this were not to masquerade, All internal hosts would need to, * else eg replies would never get back to @lapl.js.berklix.net. * - GATE_HOST (or END_HOST) * - Need to change subscriptions on non berklix lists to match, * so outgoing posts to lists do not bounce. * - If I do the masquerade on a per sender host basis, * then some can masquerade as @berklix.com for majordomo@@@berklix * .org run lists & vector, & some as another domain for {other * lists & visitors & contract business } * - http://www.sendmail.org/m4/masquerading.html * The masquerade name is not normally canonified, so it is * important that it be your One True Name, that is, fully * qualified and not a CNAME. However, if you use a CNAME, the * receiving side may canonify it for you, so don''t think you * can cheat CNAME mapping this way. * - An example of usage of word canonicalise * sftp flat * Connecting to flat... * sftp> cd pu*l/src/bsd/fixes/FreeBSD/src/jhs/etc/sendmail * Couldn''t canonicalise: No such file or directory * sftp> cd public_html/src/bsd/fixes/FreeBSD/src/jhs/etc/sendmail * sftp> * - An example of usage of word canonical: * nslookup webmail.berklix.org * webmail.berklix.org canonical name = tower.berklix.org. * I guess thats where the C in Cname in DNS derives from. */ #if 0 /* pre 2009 06 10 was ifdef GATE_HOST {*/ /* Mine (js.berklix is a cname, & when I used to have DNS records of * cluster 1H IN A 83.236.223.114 ; tower * cluster 1H IN A 83.236.223.115 ; flat * cluster 1H IN A 194.246.123.68 ; slim * js 0 IN CNAME cluster * AOL was answering to @cluster.berklix.net ) */ define(`MASQ_JHS_HOST'',`js'') // .cf equivalent Dwjs define(`MASQ_JHS_DOMAIN'',`berklix.net'') // .cf equivalent Dmberklix.net // MASQUERADE_AS(`MASQ_JHS_HOST.MASQ_JHS_DOMAIN'') // brackets.c:` #endif /*}*/ #if GATE_HOST /*{{*/ MASQUERADE_AS(`berklix.com'') // brackets.c:` /* sendmail.cf * Now * DMberklix.com * Maybe later * DMjs.berklix.com */ #elif REMOTE_HOST /*}{*/ MASQUERADE_AS(`berklix.org'') // brackets.c:` #elif END_HOST /*}{ Internal end hosts that sends & receives */ MASQUERADE_AS(`berklix.com'') // brackets.c:` #else /*}{ Other internal hosts that send but not receive */ MASQUERADE_AS(`berklix.com'') // brackets.c:` #endif /*}}*/ #endif /* } */ // ---------------------------------------------------------------------------- /* I could add a trailing dot on MASQUERADE_AS but I neve have. * .cf: DMjs.berklix.net * people then reply to @ tower.berklix.net * as my DNS has "js 0 IN CNAME tower" * majordomo@@@greatcircle.com sees me as jhs@@@tower.berklix * & refers me to list owner. */ // ---------------------------------------------------------------------------- /* http://www.sendmail.org/m4/masquerading.html * Normally the only addresses that are masqueraded are those * that come from this host (that is, are either unqualified * or in class {w}, the list of local domain names). You can * augment this list, which is realized by class {M} using * MASQUERADE_DOMAIN(`otherhost.domain') * MASQUERADE_DOMAIN(`otherhost.domain') sender hosts to map * cf: class M: domains that should be converted to $M * http://www.sendmail.org/m4/masquerading.html * Normally the only addresses that are masqueraded are those * that come from this host (that is, are either unqualified * or in class {w}, the list of local domain names). You can * augment this list, which is realized by class {M} using * MASQUERADE_DOMAIN * The effect of this is that although mail to user@@@otherhost.domain * will not be delivered locally, any mail including any * user@@@otherhost.domain will, when relayed, be rewritten to * have the MASQUERADE_AS address. This can be a space-separated * list of names. */ #ifdef REMOTE_HOST /*{*/ // MASQUERADE_DOMAIN(`berklix.com berklix.net berklix.org berklix.eu bsdpie.com monometro.co.uk surfacevision.com'') // brackets.c:` // I probably dont want this at all later, for now reducing to test. MASQUERADE_DOMAIN(`monometro.co.uk surfacevision.com'') // brackets.c:` #elif GATE_HOST || END_HOST /*}{*/ // MASQUERADE_DOMAIN(`js.berklix.net mmc.private gj.org ew.private'') MASQUERADE_DOMAIN(`js.berklix.net berklix.com mmc.private gj.org ew.private'') #endif /* } */ /* http://www.sendmail.org/m4/masquerading.html * If these names are in a file, you can use * MASQUERADE_DOMAIN_FILE(`filename') * to read the list of names from the indicated file (i.e., * to add elements to class {M}). * ---------------------------------------------------------------------------- * http://www.sendmail.org/m4/masquerading.html * To exempt hosts or subdomains from being masqueraded, you can use * MASQUERADE_EXCEPTION(`host.domain') * This can come handy if you want to masquerade a whole domain * except for one (or a few) host(s). If these names are in a * file, you can use * MASQUERADE_EXCEPTION_FILE(`filename') */ // ---------------------------------------------------------------------------- #ifndef freebsd_cmp /*{*/ /* http://www.sendmail.org/m4/features.html#masquerade_envelope * If masquerading is enabled (using MASQUERADE_AS) or the * genericstable is in use, this feature will cause envelope * addresses to also masquerade as being from the masquerade * host. Normally only the header addresses are masqueraded. * http://www.sendmail.org/m4/anti_spam.html * FEATURE(`access_db') * Notice: the access database is applied to the envelope * addresses and the connection information, not to the header. * My notes: * masquerade_envelope is the unique per recipient header data, * not the header info that is common to all recipients of a mail. * .cf effect: * Enabling this feature changes the .cf file Ruleset 94 from * R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2 * To * R$+ $@ $>MasqHdr $1 * Analysis to see if necessary: * REMOTE_HOST=Off, GATE_HOST=Off, END_HOST=Off: Fails to @freebsd & @a1med.co * REMOTE_HOST=Off, GATE_HOST=Off, END_HOST=On : OK * REMOTE_HOST=Off, GATE_HOST=On , END_HOST=Off: OK * REMOTE_HOST=Off, GATE_HOST=On , END_HOST=On : OK * REMOTE_HOST=On , GATE_HOST=Off, END_HOST=Off: Fails to @freebsd & @a1med.co * REMOTE_HOST=On , GATE_HOST=Off, END_HOST=On : OK * REMOTE_HOST=On , GATE_HOST=On , END_HOST=Off: OK * REMOTE_HOST=On , GATE_HOST=On , END_HOST=On : OK */ #if ( GATE_HOST || END_HOST ) /*{*/ FEATURE(`masquerade_envelope'') // brackets.c:` #endif /* } */ #endif /* } */ // ---------------------------------------------------------------------------- /* * Not all local aliases on all REMOTE_HOST * http://www.sendmail.org/m4/features.html#allmasquerade * If masquerading is enabled (using MASQUERADE_AS), this * feature will cause recipient addresses to also masquerade * as being from the masquerade host. Normally they get the * local hostname. Although this may be right for ordinary * users, it can break local aliases. * * For example, if you send to "localalias", the originating * sendmail will find that alias and send to all members, * but send the message with "To: localalias@@@masqueradehost". * Since that alias likely does not exist, replies will * fail. * * Use this feature only if you can guarantee that the * entire namespace on your masquerade host supersets all * the local entries. * Improves CC addresses that have same name on remote & local. * Some local-only aliases (that I used to BCC rather than CC to avoid * wrongly advertising as eg foobar@@@js.berklix.com) will now * instead equally wrongly advertise as foobar@@@berklix.com */ #if END_HOST /*{*/ FEATURE(`allmasquerade'') // brackets.c:` #endif /*}*/ // ---------------------------------------------------------------------------- /* FEATURE(`masquerade_entire_domain') * To get mail from individual hosts to be masqueraded, else only mail from * non existant host with domain name js.berklix.net gets masqueraded. * http://www.sendmail.org/m4/features.html#allmasquerade * If masquerading is enabled (using MASQUERADE_AS) * and MASQUERADE_DOMAIN is set, this feature will * cause addresses to be rewritten such that the * masquerading domains are actually entire domains * to be hidden. All hosts within the masquerading * domains will be rewritten to the masquerade name * (used in MASQUERADE_AS). For example,if you have: * MASQUERADE_AS(`masq.com') * MASQUERADE_DOMAIN(`foo.org') * MASQUERADE_DOMAIN(`bar.com') * then *foo.org and *bar.com are converted to masq.com. * Without this feature, only foo.org and bar.com are masqueraded. * NOTE: only domains within your jurisdiction and current * hierarchy should be masqueraded using this. */ #if GATE_HOST || END_HOST || REMOTE /*{*/ FEATURE(`masquerade_entire_domain'') // brackets.c:` /* At 2009.06.02 tower was running with this by accident */ #endif /* } */ // ---------------------------------------------------------------------------- /* genericstable = generics table, not generic stable. * FEATURE(`genericstable'') * GENERICS_DOMAIN_FILE(`/etc/mail/generics-domains'') * http://sendmail.org/virtual-hosting.html says: * If you would like to reverse-map local users for out-bound * mail, you will need to add support for the generics table. */ // ---------------------------------------------------------------------------- #ifndef freebsd_cmp /*{*/ #if !defined REMOTE_HOST /*{ @Holz */ define(`RECEIVER_JHS_FULL'',`mail.js.berklix.net'') #endif /* @Holz }*/ #endif /* } */ // ---------------------------------------------------------------------------- /* * Define a smart host */ #if ( defined freebsd_cmp || defined REMOTE_HOST ) /*{*/ /* No Smart Host */ #elif /*}{*/ (defined GATE_HOST ) define(`SMART_JHS_HOST'',`smtprelay'') define(`SMART_JHS_DOMAIN'',`berklix.org'') define(`SMART_JHS_FULL'',`SMART_JHS_HOST.SMART_JHS_DOMAIN'') #else /* }{ !( defined freebsd_cmp || defined REMOTE_HOST ) && !GATE_HOST */ define(`SMART_JHS_HOST'',`hub'') define(`SMART_JHS_DOMAIN'',`js.berklix.net'') define(`SMART_JHS_FULL'',`SMART_JHS_HOST.SMART_JHS_DOMAIN'') #endif /* !( defined freebsd_cmp || defined REMOTE_HOST ) && !GATE_HOST } */ // ---------------------------------------------------------------------------- #if /*{*/ ( defined lapl_js_berklix_net) /* ForkEachJob [False] Run all deliveries in a separate process. * May be convenient on memory-poor machines. */ define(`confSEPARATE_PROC'',1) // brackets.c:` #endif /* !lapl_js_berklix_net }*/ // ---------------------------------------------------------------------------- #if /*{*/ (defined GATE_HOST /* || defined REMOTE_HOST */ ) FEATURE(`relay_entire_domain'') // brackets.c:` /* http://www.sendmail.org/m4/features.html#relay_entire_domain * This option also allows any host in your domain as defined * by class {m} to use your server for relaying. * Notice: make sure that your domain is not just a top * level domain, e.g., com. * This can happen if you give your host a name like * example.com instead of host.example.com. */ #endif /* } */ // ---------------------------------------------------------------------------- // FEATURE(local_no_masquerade) /* http://www.sendmail.org/m4/features.html#local_no_masquerade * This feature prevents the local mailer from * masquerading even if MASQUERADE_AS is used. * MASQUERADE_AS will only have effect on addresses * of mail going outside the local domain. */ // ---------------------------------------------------------------------------- FEATURE(access_db, `hash -o -T /etc/mail/access'') // brackets.c:` /* http://www.sendmail.org/m4/features.html#access_db * Turns on the access database feature. The access * db gives you the ability to allow or refuse to * accept mail from specified domains for administrative * reasons. Moreover, it can control the behavior of * sendmail in various situations. By default, the * access database specification is: * hash -T /etc/mail/access * See the Anti-Spam Configuration Control section for * further important information about this feature. * Notice: "-T" is meant literal, do not replace * it by anything. */ // ---------------------------------------------------------------------------- FEATURE(blacklist_recipients) /* http://www.sendmail.org/m4/features.html#blacklist_recipients * Turns on the ability to block incoming mail for * certain recipient usernames, hostnames, or addresses. * For example, you can block incoming mail to user * nobody, host foo.mydomain.com, or guest@@@bar.mydomain.com. * These specifications are put in the access db as * described in the Anti-Spam Configuration Control * section later in this document. */ // ---------------------------------------------------------------------------- FEATURE(local_lmtp) /* http://www.sendmail.org/m4/features.html#local_lmtp * Use an LMTP capable local mailer. The argument to * this feature is the pathname of an LMTP capable * mailer. By default, mail.local is used. This is * expected to be the mail.local which came with the * 8.9 distribution which is LMTP capable. The path * to mail.local is set by the confEBINDIR m4 variable * -- making the default LOCAL_MAILER_PATH * /usr/libexec/mail.local. * WARNING: This feature sets LOCAL_MAILER_FLAGS * unconditionally, i.e., without respecting any * definitions in an OSTYPE setting. */ // ---------------------------------------------------------------------------- #ifdef freebsd_cmp /*{*/ FEATURE(mailertable, `hash -o /etc/mail/mailertable'') // brackets.c:` /* @2009.06 no file on flat or fire or lapa, & park was a dummy */ #endif /* } */ /* http://www.sendmail.org/m4/features.html#mailertable * Include a "mailer table" which can be used to * override routing for particular domains (which are * not in class {w}, i.e. local host names). The * argument of the FEATURE may be the key definition. * If none is specified, the definition used is: * hash /etc/mail/mailertable * Keys in this database are fully qualified domain * names or partial domains preceded by a dot -- for * example, "vangogh.CS.Berkeley.EDU" or ".CS.Berkeley.EDU". * As a special case of the latter, "." matches any * domain not covered by other keys. Values must be * of the form: * mailer:domain * where "mailer" is the internal mailer name, and * "domain" is where to send the message. These maps * are not reflected into the message header. As a * special case, the forms: * local:user * will forward to the indicated user using the local mailer, * local: * will forward to the original user in the e-mail * address using the local mailer, and * error:code message * error:D.S.N:code message * will give an error message with the indicated SMTP * reply code and message, where D.S.N is an RFC 1893 * compliant error code. */ // ---------------------------------------------------------------------------- /* @ 2009.06 all hosts have this, but only really need * #ifdef REMOTE_HOST */ /* for surfacevision.com monometro.co.uk bsdpie.com */ FEATURE(virtusertable, `hash -o /etc/mail/virtusertable'') // brackets.c:` __BREAK__ // ---------------------------------------------------------------------------- #if ( defined freebsd_cmp ) /*{*/ dnl Uncomment to allow relaying based on your MX records. dnl NOTE: This can allow sites to use your server as a backup MX without dnl __SPACE__ __SPACE__ __SPACE__ your permission. dnl FEATURE(relay_based_on_MX) __BREAK__ dnl DNS based black hole lists dnl -------------------------------- dnl DNS based black hole lists come and go on a regular basis dnl so this file will not serve as a database of the available servers. dnl For that, visit // ---------------------------------------------------------------------------- dnl http:/__BREAK__/www.google.com/Top/Computers/Internet/E-mail/Spam/Blacklists/ /* 6.2 & 6.3 directory.google.com, 7.1 & 6.4 www.google.com */ // ---------------------------------------------------------------------------- __BREAK__ dnl Uncomment to activate Realtime Blackhole List dnl information available at http:/__BREAK__/www.mail-abuse.com/ dnl NOTE: This is a subscription service as of July 31, 2001 dnl FEATURE(dnsbl) dnl Alternatively, you can provide your own server and rejection message: // ---------------------------------------------------------------------------- #if /*{*/ ( __FreeBSD_cc_version < 602001 ) /* cpp -dM /dev/null | grep FreeBSD_cc_version */ /* 6.2-RELEASE with 602001 has 1` quote marks on the string beginning 550 * 6.3-RELEASE with 602001 has 1` quote marks on the string beginning 550 * 6.4-RELEASE with 602001 has 2` quote marks on the string beginning 550 * 7.?-RELEASE with 700003 has 2` quote marks on the string beginning 550 * 7.2-RELEASE with 700003 has 2` quote marks on the string beginning 550 * brackets.c:` */ dnl FEATURE(dnsbl, `blackholes.mail-abuse.org'', `"550 Mail from " $&{client_addr} " rejected, see http:/__BREAK__/mail-abuse.org/cgi-bin/lookup?" $&{client_addr}'') #else /*}{*/ /* uname -r 7.0-PRERELEASE */ dnl FEATURE(dnsbl, `blackholes.mail-abuse.org'', ``"550 Mail from " $&{client_addr} " rejected, see http:/__BREAK__/mail-abuse.org/cgi-bin/lookup?" $&{client_addr}'''') // brackets.c:` #endif /*}*/ __BREAK__ #endif /* !freebsd_cmp }*/ // ---------------------------------------------------------------------------- #if ( defined REMOTE_HOST ) /*{*/ /* LATER try: * FEATURE(`dnsbl'', `bl.spamcop.net'', * `"Spam blocked see: http:/__BREAK__/spamcop.net/bl.shtml?"$&{client_addr}'') * brackets.c:` */ #endif /* }*/ // ---------------------------------------------------------------------------- #ifdef freebsd_cmp /*{*/ dnl Dialup users should uncomment and define this appropriately dnl define(`SMART_HOST'', `your.isp.mail.server'') __BREAK__ #endif /* } */ // ---------------------------------------------------------------------------- #if ( !defined freebsd_cmp && !defined REMOTE_HOST ) /*{*/ define(`SMART_HOST'',`esmtp:SMART_JHS_FULL'') #endif /* !defined freebsd_cmp && !defined REMOTE_HOST } */ // ---------------------------------------------------------------------------- #ifdef freebsd_cmp /*{*/ dnl Uncomment the first line to change the location of the default dnl /etc/mail/local-host-names and comment out the second line. dnl define(`confCW_FILE'', `-o /etc/mail/sendmail.cw'') #endif /* } */ // ---------------------------------------------------------------------------- /* FEATURE(use_cw_file) already comes from DOMAIN(generic) */ /* http://www.sendmail.org/m4/features.html#use_cw_file * Read the file /etc/mail/local-host-names file to get * alternate names for this host. This might be used if you * were on a host that MXed for a dynamic set of other hosts. * If the set is static, just including the line "Cw * ..." (where the names are fully qualified domain * names) is probably superior. The actual filename can be * overridden by redefining confCW_FILE. */ define(`confCW_FILE'', `-o /etc/mail/local-host-names'') // ---------------------------------------------------------------------------- /* FEATURE(use_ct_file) */ /* http://www.sendmail.org/m4/features.html#use_ct_file * Read the file /etc/mail/trusted-users file to get the * names of users that will be ``trusted'', that is, able * to set their envelope from address using -f without * generating a warning message. The actual filename can be * overridden by redefining confCT_FILE. * timp@ uses this * @ 2009.06 I am not using this file anywhere, * but I see ^Tjhs in the .cf file. */ // ---------------------------------------------------------------------------- #ifdef freebsd_cmp /*{*/ __BREAK__ #endif /* } */ // ---------------------------------------------------------------------------- #if 0 /*{*/ /* ( defined GATE_HOST ) */ /* Seperate Authinfo: * If I want to seperate out "AuthInfo:" lines (with passwords) from * /etc/mail/access into /etc/mail/authinfo. @2009.06 I use ./access */ FEATURE(`authinfo'') // brackets.c:` #endif /* } */ // ---------------------------------------------------------------------------- #ifndef freebsd_cmp /*{{*/ /* IPV6 I dont want it yet. * It solves the long term shortage of IP numbers on the Internet, * It also gives spammers * an infinite number of IP numbers to hide behind. * vi -c/Family=inet6 \ * contrib/sendmail/RELEASE_NOTES \ * contrib/sendmail/cf/README \ * contrib/sendmail/cf/m4/proto.m4 \ * contrib/sendmail/doc/op/op.me \ * etc/sendmail/common.cpp \ * etc/sendmail/freebsd.mc */ DAEMON_OPTIONS(`Name=IPv4, Family=inet'') // brackets.c:` /* If one does Not specify the line above, the .cf file inherits * O DaemonPortOptions=Name=MTA * instead of * O DaemonPortOptions=Name=IPv4, Family=inet */ #else /*}{ freebsd_cmp */ #if /*{{*/ ( ( __FreeBSD_cc_version == 500005 ) /* FreeBSD-5.1 */ || \ ( __FreeBSD_cc_version == 510002 ) /* FreeBSD-5.2 */ ) dnl Uncomment both of the following lines to listen on IPv6 as well as IPv4 dnl DAEMON_OPTIONS(`Name=IPv4, Family=inet'') dnl DAEMON_OPTIONS(`Name=IPv6, Family=inet6'') #elif /*}{*/ ( \ ( __FreeBSD_cc_version == 460001 ) /* FreeBSD-4.[7-11] */ || \ ( __FreeBSD_cc_version == 530001 ) /* FreeBSD-5.[3-5] */ || \ ( __FreeBSD_cc_version == 600001 ) /* FreeBSD-6.[01] */ || \ ( __FreeBSD_cc_version == 602001 ) /* FreeBSD-6.2 */ || \ ( __FreeBSD_cc_version == 700003 ) /* uname -r 7.0-BETA2 */ || \ ( __FreeBSD_cc_version == 800001 ) /* 8.0-RELEASE */ ) dnl Enable for both IPv4 and IPv6 (optional) DAEMON_OPTIONS(`Name=IPv4, Family=inet'') DAEMON_OPTIONS(`Name=IPv6, Family=inet6, Modifiers=O'') #else /*}{*/ dnl Unrecognised FreeBSD Version DAEMON_OPTIONS(`Name=IPv4, Family=inet'') DAEMON_OPTIONS(`Name=IPv6, Family=inet6, Modifiers=O'') #endif /*}}*/ #endif /*}}*/ // ---------------------------------------------------------------------------- __BREAK__ // ---------------------------------------------------------------------------- /* http://www.sendmail.org/m4/features.html#smrsh * Use the SendMail Restricted SHell (smrsh) provided with * the distribution instead of /bin/sh for mailing to programs. * This improves the ability of the local system administrator * to control what gets run via e-mail. If an argument is * provided it is used as the pathname to smrsh; otherwise, * the path defined by confEBINDIR is used for the smrsh binary * -- by default, /usr/libexec/smrsh is assumed. */ #if /*{*/ ( defined GATE_HOST ) /* * Left off for other hosts as some need pipes: * REMOTE_HOST needs pipes for majordomo. * END_HOST needs pipes for receiving ctm_rmail */ FEATURE(smrsh) #endif /* !GATE_HOST } */ // ---------------------------------------------------------------------------- /* http://www.sendmail.org/m4/features.html#accept_unresolvable_domains * Normally, MAIL FROM: commands in the SMTP session will be * refused if the host part of the argument to MAIL FROM: * cannot be located in the host name service (e.g., an A or * MX record in DNS). If you are inside a firewall that has * only a limited view of the Internet host name space, this * could cause problems. In this case you probably want to use * this feature to accept all domains on input, even if they * are unresolvable. */ #if ( !defined freebsd_cmp && !defined REMOTE_HOST ) /*{*/ /* Internal hosts with no DNS to world, * or GATE_HOST with perhaps only intermittent DNS access to world. * I could try including && ( ! defined GATE_HOST ) but * I want my SMTP to accept anything for outgoing, even if it is offline * & can not resolve anything. But this means I * might accept anything incoming from random people scanning * me, so my firewall allows SMTP only with my remote servers. * Grep keywords: R-DNS RDNS reverse lookup */ FEATURE(`accept_unresolvable_domains'') // brackets.c:` #endif /* !defined freebsd_cmp && !defined REMOTE_HOST } */ // ---------------------------------------------------------------------------- #ifdef /*{*/ REMOTE_HOST #if /*{*/ ((__FreeBSD_cc_version > 602001) || \ ((__FreeBSD_cc_version == 602001) && defined require_dns )) /* cc FreeBSD Sendmail * 460001 4.11 8.13.1 * 4-stable 8.14.1 on 20070411 * 602001 6.2 8.13.8 flat * 602001 6.3 8.14.2/8.14.2 tower * 700003 7.0-PRE * 700003 7.1 8.14.3/8.14.3 fire * 700003 7.2 8.14.3/8.14.2 slim * The #if above is to prevent Makefile * failing on some hosts, as it generates for all hosts on all * release, inc. 4.11 & 6.2, & require_rdns only came in * with FreeBSD 6.3 & 7.0 * /usr/src/contrib/sendmail/cf/feature/require_rdns.m4 */ FEATURE(`require_rdns'') // brackets.c:` /* http://www.sendmail.org/documentation * CONFIG: New FEATURE(`require_rdns') `' to reject messages from SMTP * clients whose IP address does not have proper reverse DNS. * Not in FreeBSD-6.2, contrib/sendmail/cf/feature/require_rdns.m4 * is in 6.3. * Sendmail Versions: */ #endif /*}*/ #endif /* REMOTE_HOST } */ // ---------------------------------------------------------------------------- #ifdef /*{*/ REMOTE_HOST /* http://www.sendmail.org/m4/features.html#limited_masquerade * Normally, any hosts listed in class {w} are * masqueraded. If this feature is given, only the * hosts listed in class {M} (see MASQUERADE_DOMAIN) * are masqueraded. This is useful if you have several * domains with disjoint namespaces hosted on the same * machine. * Class {w} is /etc/mail/local-host-names * With this On on REMOTE_HOST, A post to zz-test@ shows: * From: "Julian H. Stacey" * Message-Id: <200906101908.n5AJ83tb067963@fire.js.berklix.net> * To: zz-test@@@berklix.org * Sender: owner-zz-test@@@flat.berklix.org * With this Off on REMOTE_HOST, A post to zz-test@ shows: * From: owner-zz-test@@@berklix.org * To: zz-test-approval@@@berklix.org * Subject: BOUNCE zz-test@@@list: Non-member submission from * ["Julian H. Stacey" ] */ FEATURE(`limited_masquerade'') // brackets.c:` #endif /* REMOTE_HOST } */ // ---------------------------------------------------------------------------- #ifdef /*{*/ REMOTE_HOST /* Dup. of functionality in /etc/mail/access */ /* Listing berklix.net as RELAY in /etc/mail/access is insufficient */ RELAY_DOMAIN(`js.berklix.net'') // brackets.c:` RELAY_DOMAIN(`js.berklix.com'') // brackets.c:` RELAY_DOMAIN(`js.berklix.org'') // brackets.c:` RELAY_DOMAIN(`js.berklix.eu'') // brackets.c:` RELAY_DOMAIN(`berklix.net'') // brackets.c:` RELAY_DOMAIN(`berklix.com'') // brackets.c:` RELAY_DOMAIN(`berklix.org'') // brackets.c:` RELAY_DOMAIN(`berklix.eu'') // brackets.c:` RELAY_DOMAIN(`js.berklix.net'') // brackets.c:` #endif /* REMOTE_HOST } */ // ---------------------------------------------------------------------------- // Perhaps I might not need this till I use IPV6 ? define(`confBIND_OPTS'', `WorkAroundBrokenAAAA'') // ---------------------------------------------------------------------------- #if (defined freebsd_cmp ) /*{*/ /* I dont want this for my private or public machines */ define(`confNO_RCPT_ACTION'', `add-to-undisclosed'') #endif /* freebsd_cmp } */ // ---------------------------------------------------------------------------- define(`confPRIVACY_FLAGS'', `authwarnings,noexpn,novrfy'') // ---------------------------------------------------------------------------- #if /*{*/ ( !defined freebsd_cmp && !defined REMOTE_HOST \ && !defined END_HOST ) // define(`MAIL_HUB'',`RECEIVER_JHS_FULL'') define(`MAIL_HUB'',`mail.js.berklix.net.'') /* For duplicate suppression to work properly, the host name is best * specified with a terminal dot: * --- * Defining MAIL_HUB Causes .cf file to acquire this text: * # who gets all local email traffic * # ($R has precedence for unqualified names if FEATURE(stickyhost) is used) * DHmail.js.berklix.net * .... * R< > $+ $: < $H > $1 try hub */ #endif /* !defined freebsd_cmp && !defined REMOTE_HOST && !defined END_HOST }*/ // ---------------------------------------------------------------------------- #ifndef freebsd_cmp /*{*/ define(`confTRUSTED_USERS'', `jhs majordom majordomo'') #endif /* !freebsd_cmp } */ // ---------------------------------------------------------------------------- #ifdef NO_FLAT_RATE /*{*/ define(`confCON_EXPENSIVE'',True) // brackets.c:` #endif /* NO_FLAT_RATE } */ // ---------------------------------------------------------------------------- #ifndef freebsd_cmp /*{*/ define(`confTIME_ZONE'',`USE_SYSTEM'') #endif /* !freebsd_cmp } */ // ---------------------------------------------------------------------------- #if /*{*/ ( !defined freebsd_cmp && !defined REMOTE_HOST \ && !defined GATE_HOST ) /* Internal local errors forwarded for fixing. * Skip errors usually from spam hitting public hosts & gateway. */ define(`confCOPY_ERRORS_TO'',`postmaster'') #endif /*!defined freebsd_cmp && !defined REMOTE_HOST && !defined GATE_HOST }*/ // ---------------------------------------------------------------------------- #if /*{*/ ( !defined freebsd_cmp && !defined REMOTE_HOST \ && !defined GATE_HOST ) define(`confTO_QUEUERETURN'',`1d'') #endif /*!defined freebsd_cmp && !defined REMOTE_HOST && !defined GATE_HOST }*/ // ---------------------------------------------------------------------------- // .cf: O Timeout.queuewarn=1d /* confTO_QUEUEWARN */ #if ( defined GATE_HOST ) /*{{*/ define(`confTO_QUEUEWARN'',`12h'') #elif /*}{ */ ( defined REMOTE_HOST ) #if /*{{*/ ( defined flat_berklix_org ) // list host: Too many warnings from mail list members. define(`confTO_QUEUEWARN'',`1d'') #else /*}{*/ // define(`confTO_QUEUEWARN'',`12h'') // If I turn off list server it all queues up on other hosts, // So I might want to reduce warnings there too ? // but normally I want less frequent warnings on list server #endif /*}}*/ /* Leave at default [4h] */ #endif /*}}*/ // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - // .cf: #O Timeout.queuewarn.normal=4h // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - // .cf: #O Timeout.queuewarn.urgent=1h // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - // .cf: #O Timeout.queuewarn.non-urgent=12h // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - // .cf: #O Timeout.queuewarn.dsn=4h // ---------------------------------------------------------------------------- // .cf: # checkpoint queue runs after every N successful deliveries // .cf: #O CheckpointInterval=10 // sendmail.8: This avoids excessive duplicate deliveries when // sending to long mailing lists interrupted by system crashes. // I suppose affects CPU, not traffic. // ---------------------------------------------------------------------------- // .cf: # open connection cache size // .cf: O ConnectionCacheSize=2 // I suppose affects CPU, not traffic. // ---------------------------------------------------------------------------- // .cf: # open connection cache timeout // .cf: O ConnectionCacheTimeout=5m // ---------------------------------------------------------------------------- // .cf: # log level // .cf: O LogLevel=15 // ---------------------------------------------------------------------------- // .cf: # slope of queue-only function // .cf: #O QueueFactor=600000 // ---------------------------------------------------------------------------- // .cf: # limit on number of concurrent queue runners // .cf: #O MaxQueueChildren #if /*{*/ ( defined flat_berklix_org ) // Added 2009.08.02 after bsn subnet overload (though dont know if oveload me). define(`confMAX_QUEUE_CHILDREN'',`7'') #endif /*}*/ // ---------------------------------------------------------------------------- // .cf: # maximum number of queue-runners per queue-grouping with multiple queues // .cf: #O MaxRunnersPerQueue=1 // ---------------------------------------------------------------------------- // .cf: # priority of queue runners (nice(3)) // .cf: #O NiceQueueRun // ---------------------------------------------------------------------------- // .cf: # minimum time in queue before retry // .cf: #O MinQueueAge=30m // contrib/sendmail/cf/README: // confMIN_QUEUE_AGE MinQueueAge [0] The minimum amount of time a job // must sit in the queue between queue // runs. This allows you to set the // queue run interval low for better // responsiveness without trying all // jobs in each run. #if /*{*/ ( defined flat_berklix_org ) // Added 2009.08.02 after bsn subnet overload (though dont know if oveload me). define(`confMIN_QUEUE_AGE'',`40m'') #endif /*}*/ // ---------------------------------------------------------------------------- // .cf: # how many jobs can you process in the queue? // .cf: #O MaxQueueRunSize=0 // contrib/sendmail/cf/README: // confMAX_QUEUE_RUN_SIZE MaxQueueRunSize [0] If set, limit the maximum size of // any given queue run to this number of // entries. Essentially, this will stop // reading each queue directory after this // number of entries are reached; it does // _not_ pick the highest priority jobs, // so this should be as large as your // system can tolerate. If not set, there // is no limit. // ---------------------------------------------------------------------------- // .cf: # perform initial split of envelope without checking MX records // .cf: #O FastSplit=1 // ---------------------------------------------------------------------------- // .cf: #O Timeout.initial=5m // contrib/sendmail/cf/README: // confTO_INITIAL Timeout.initial [5m] The timeout waiting for a response // on the initial connect. // I dont expect reducing this would would reduce load on bsn subnet. // ---------------------------------------------------------------------------- // .cf: #O Timeout.connect=5m // I dont expect reducing this would would reduce load on bsn subnet. // ---------------------------------------------------------------------------- // .cf: #O Timeout.aconnect=0s // contrib/sendmail/cf/README: // confTO_ACONNECT Timeout.aconnect // [0] The overall timeout waiting for // all connection for a single delivery // attempt to succeed. If 0, no overall // limit is applied. // I dont expect this would would reduce load on bsn subnet. // ---------------------------------------------------------------------------- // .cf: #O Timeout.iconnect=5m // contrib/sendmail/cf/README: // [undefined] Like Timeout.connect, but // applies only to the very first attempt // to connect to a host in a message. // This allows a single very fast pass // followed by more careful delivery // attempts in the future. // I guess if one inherits a new mail list, & many are of dubious valididty, // this mught allow a quick move on to skip initial non reponders. // Sound more like a spammer or a company inheriting another moribund // company might want - not me. // ---------------------------------------------------------------------------- // .cf: #O Timeout.helo=5m // ---------------------------------------------------------------------------- // .cf: #O Timeout.mail=10m // [10m] The timeout waiting for a response to the MAIL command. // ---------------------------------------------------------------------------- // .cf: #O Timeout.rcpt=1h // ---------------------------------------------------------------------------- // .cf: #O Timeout.datainit=5m // ---------------------------------------------------------------------------- // .cf: #O Timeout.datablock=1h // ---------------------------------------------------------------------------- // .cf: #O Timeout.datafinal=1h // ---------------------------------------------------------------------------- // .cf: #O Timeout.rset=5m // ---------------------------------------------------------------------------- // .cf: #O Timeout.quit=2m // ---------------------------------------------------------------------------- // .cf: #O Timeout.misc=2m // ---------------------------------------------------------------------------- // .cf: #O Timeout.command=1h // contrib/sendmail/cf/README: // Timeout.command [1h] In server SMTP, the timeout waiting for a // command to be issued. // JJLATER considering setting this to avoid a DOS attack // ---------------------------------------------------------------------------- // .cf: #O Timeout.ident=5s // ---------------------------------------------------------------------------- // .cf: #O Timeout.fileopen=60s // ---------------------------------------------------------------------------- // .cf: #O Timeout.control=2m // ---------------------------------------------------------------------------- // .cf: O Timeout.queuereturn=5d // contrib/sendmail/cf/README: // [5d] The timeout before a message is // returned as undeliverable. // I dont expect reducing this would would reduce load on bsn subnet. // but it would reduce the amount of spam to majordomo@ // pending return to faked senders // Both tower & flat have this - maybe it was done manually ? #if /*{*/ ( defined flat_berklix_org ) // Added 2009.08.02 after bsn subnet overload (though dont know if oveload me). define(`confTO_QUEUERETURN'',`3d'') #endif /*}*/ // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - // .cf: #O Timeout.queuereturn.normal=5d // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - // .cf: #O Timeout.queuereturn.urgent=2d // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - // .cf: #O Timeout.queuereturn.non-urgent=7d // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - // .cf: #O Timeout.queuereturn.dsn=5d // ---------------------------------------------------------------------------- // .cf: #O Timeout.hoststatus=30m #if /*{*/ ( defined flat_berklix_org ) // Added 2009.08.02 after bsn subnet overload (though dont know if oveload me). define(`confTO_HOSTSTATUS'',`60m'') #endif /*}*/ // contrib/sendmail/cf/README: // confTO_HOSTSTATUS Timeout.hoststatus // [30m] How long information about host // statuses will be maintained before it // is considered stale and the host should // be retried. This applies both within // a single queue run and to persistent // information (see below). // ---------------------------------------------------------------------------- // .cf: #O Timeout.resolver.retrans=5s // contrib/sendmail/cf/README: // confTO_RESOLVER_RETRANS Timeout.resolver.retrans // [varies] Sets the resolver''s // retransmission time interval (in // seconds). Sets both // Timeout.resolver.retrans.first and // Timeout.resolver.retrans.normal. #if /*{*/ ( defined flat_berklix_org ) // Added 2009.08.02 after bsn subnet overload (though dont know if oveload me). define(`confTO_RESOLVER_RETRANS'',`20s'') #endif /*}*/ // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - // .cf: #O Timeout.resolver.retrans.first=5s // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - // .cf: #O Timeout.resolver.retrans.normal=5s // ---------------------------------------------------------------------------- // .cf: #O Timeout.resolver.retry=4 // contrib/sendmail/cf/README: // confTO_RESOLVER_RETRY Timeout.resolver.retry // [varies] Sets the number of times // to retransmit a resolver query. // Sets both // Timeout.resolver.retry.first and // Timeout.resolver.retry.normal. #if /*{*/ ( defined flat_berklix_org ) // Added 2009.08.02 after bsn subnet overload (though dont know if oveload me). define(`confTO_RESOLVER_RETRY'',`3'') #endif /*}*/ // ---------------------------------------------------------------------------- // .cf: #O Timeout.resolver.retry.first=4 // ---------------------------------------------------------------------------- // .cf: #O Timeout.resolver.retry.normal=4 // ---------------------------------------------------------------------------- // .cf: #O Timeout.lhlo=2m // ---------------------------------------------------------------------------- // .cf: #O Timeout.auth=10m // ---------------------------------------------------------------------------- // .cf: #O Timeout.starttls=1h // ---------------------------------------------------------------------------- // .cf: # time for DeliverBy; extension disabled if less than 0 // ---------------------------------------------------------------------------- // .cf: #O DeliverByMin=0 // ---------------------------------------------------------------------------- // .cf: # should we not prune routes in route-addr syntax addresses? // .cf: #O DontPruneRoutes=False // ---------------------------------------------------------------------------- // .cf: # load average at which we just queue messages // .cf: #O QueueLA=8 // contrib/sendmail/cf/README: // confQUEUE_LA QueueLA [varies] Load average at which // queue-only function kicks in. // Default values is (8 * numproc) // where numproc is the number of // processors online (if that can be // determined). // uptime shows load averages // ---------------------------------------------------------------------------- // .cf: # load average at which we refuse connections // .cf: #O RefuseLA=12 // contrib/sendmail/cf/README: // confREFUSE_LA RefuseLA [varies] Load average at which // incoming SMTP connections are // refused. Default values is (12 * // numproc) where numproc is the // number of processors online (if // that can be determined). #if /* { */ ( defined REMOTE_HOST ) // Added 2009.08.02 for safety, as some years back mailman killed host=thin, // looping so many extra processes I couldnt ssh in to kill it, & had to // remote Reset. // No idea what LA I should really assert,o vear on the low side. define(`confREFUSE_LA'',`6'') #endif /*}*/ // ---------------------------------------------------------------------------- // .cf: # log interval when refusing connections for this long // .cf: #O RejectLogInterval=3h // ---------------------------------------------------------------------------- // .cf: # load average at which we delay connections; 0 means no limit // .cf: #O DelayLA=0 // contrib/sendmail/cf/README: // confDELAY_LA DelayLA [0] Load average at which sendmail // will sleep for one second on most // SMTP commands and before accepting // connections. 0 means no limit. #if /* { */ ( defined REMOTE_HOST ) // Added 2009.08.02 for safety, as some years back mailman killed host=thin, // looping so many extra processes I couldnt ssh in to kill it, & had to // remote Reset. // No idea what LA I should really assert,o vear on the low side. define(`confDELAY_LA'',`4'') #endif /*}*/ // ---------------------------------------------------------------------------- // .cf: # maximum number of children we allow at one time // .cf: #O MaxDaemonChildren=0 // contrib/sendmail/cf/README: // confMAX_DAEMON_CHILDREN MaxDaemonChildren // [undefined] The maximum number of // children the daemon will permit. After // this number, connections will be // rejected. If not set or <= 0, there is // no limit. #if /*{*/ ( defined flat_berklix_org ) // Added 2009.08.02 after bsn subnet overload (though dont know if oveload me). define(`confMAX_DAEMON_CHILDREN'',`8'') #endif /*}*/ // ---------------------------------------------------------------------------- // .cf: # maximum number of new connections per second // .cf: #O ConnectionRateThrottle=0 // contrib/sendmail/cf/README: // confCONNECTION_RATE_THROTTLE ConnectionRateThrottle // [undefined] The maximum number of // connections permitted per second per // daemon. After this many connections // are accepted, further connections // will be delayed. If not set or <= 0, // there is no limit. #if /*{*/ ( defined flat_berklix_org ) // Added 2009.08.02 after bsn subnet overload (though dont know if oveload me). // No idea really, but anything better than no limit. define(`confCONNECTION_RATE_THROTTLE'',`10'') #endif /*}*/ // ---------------------------------------------------------------------------- // .cf: # Width of the window // .cf: #O ConnectionRateWindowSize=60s // contrib/sendmail/cf/README: // confCONNECTION_RATE_WINDOW_SIZE ConnectionRateWindowSize // [60s] Define the length of the // interval for which the number of // incoming connections is maintained. // ---------------------------------------------------------------------------- // .cf: # work recipient factor #O RecipientFactor=30000 // ---------------------------------------------------------------------------- // .cf: # maximum number of recipients per SMTP envelope // .cf: O MaxRecipientsPerMessage=400 // gea-announce 314 // ---------------------------------------------------------------------------- // .cf: # limit the rate recipients per SMTP envelope are accepted // .cf: # once the threshold number of recipients have been rejected // .cf: #O BadRcptThrottle=0 // contrib/sendmail/cf/README: // confBAD_RCPT_THROTTLE BadRcptThrottle [infinite] If set and the specified // number of recipients in a single SMTP // transaction have been rejected, sleep // for one second after each subsequent // RCPT command in that transaction. #if /*{*/ ( defined flat_berklix_org ) // Added 2009.08.02 after bsn subnet overload (though dont know if oveload me). // Anything better than no limit. define(`confBAD_RCPT_THROTTLE'',`4'') #endif /*}*/ // ---------------------------------------------------------------------------- #ifdef GATE_HOST /*{*/ define(`confDIAL_DELAY'',`8s'') #endif /* GATE_HOST }*/ // ---------------------------------------------------------------------------- #ifdef /*{*/ NO_FLAT_RATE define(`confMCI_CACHE_SIZE'',`6'') /* Flush queue in minimum time, even if it degrades interactive performance */ #endif /* NO_FLAT_RATE } */ // ---------------------------------------------------------------------------- #if 0 /* pre 2009 06 10 was ifdef GATE_HOST {*/ /* /usr/src/contrib/sendmail/cf/README: * Normally, the $j macro is automatically defined to be your fully * qualified domain name (FQDN). Sendmail does this by getting your * host name using gethostname and then calling gethostbyname on the * result. For example, in some environments gethostname returns * only the root of the host name (such as "foo"); gethostbyname is * supposed to return the FQDN ("foo.bar.com"). In some (fairly rare) * cases, gethostbyname may fail to return the FQDN. In this case * you MUST define confDOMAIN_NAME to be your fully qualified domain * name. This is usually done using: * Dmbar.com * define(`confDOMAIN_NAME', `$w.$m')dnl * cd /usr/src-7.1/contrib/sendmail ; find . | xargs grep Dw * Nothing relevant. * cd /usr/src/contrib/sendmail ; find . | xargs grep confDOMAIN_NAME * RELEASE_NOTES cf/README cf/m4/proto.m4 */ Dw`''MASQ_JHS_HOST Dm`''MASQ_JHS_DOMAIN define(`confDOMAIN_NAME'', $w.$m) // brackets.c:` /* How do these relate to ^DM from MASQUERADE_AS ? * hostname returns park.js.berklix.net Or mart.js.berklix.net */ #endif /* GATE_HOST } */ // ---------------------------------------------------------------------------- #if /*{*/ (!defined freebsd_cmp \ && !defined REMOTE_HOST \ /* Remote hosts accept no names that aren''t known locally. If I were to do otherwise, I''d be open to spam swamping */ \ && !defined END_HOST \ /* Avoid RECEIVER_JHS_FULL sending to itself */ \ ) /* Apparently local names that aren''t local accounts or aliases. */ define(`LUSER_RELAY'',`RECEIVER_JHS_FULL.'') /* Defining LUSER_RELAY Causes .cf file to acquire this text: * # place to which unknown users should be forwarded * DLmail.js.berklix.net. */ #endif /* !defined freebsd_cmp && !defined REMOTE_HOST && !defined END_HOST }*/ // ---------------------------------------------------------------------------- /* define(`LOCAL_RELAY', `mailer:hostname') * Defining LOCAL_RELAY Causes .cf file to acquire this text: * who I send unqualified names to if FEATURE(stickyhost) is used * DRLoCaL_ReLaY.mail.js.berklix.net * unqualified names (no @domain) */ #if /*{*/ ( !defined freebsd_cmp && !defined REMOTE_HOST && !defined END_HOST ) define(`LOCAL_RELAY'',`RECEIVER_JHS_FULL'') /* avoids needing .forward */ #endif /* !defined freebsd_cmp && !defined REMOTE_HOST && !defined END_HOST }*/ // ---------------------------------------------------------------------------- /* http://www.sendmail.org/m4/masquerading.html * If you define both LOCAL_RELAY and MAIL_HUB and you have * FEATURE(`stickyhost'), unqualified names will be sent to * brackets.c:`' * the LOCAL_RELAY and other local names will be sent to MAIL_HUB. */ // ---------------------------------------------------------------------------- #ifdef /*{*/ NO_FLAT_RATE define(`confTO_HOSTSTATUS'',`6h'') /* * else [30m] */ #endif /* NO_FLAT_RATE } */ // ---------------------------------------------------------------------------- #ifdef END_HOST /*{*/ // Experiment 2009.07.05 /* When gate connects in morning, over 10 procmails used to run on * end host, probably a mix of grep spam & ctm applications * That damaged X-11 preformance, so throttle it. */ define(`confMAXDAEMONCHILDREN'',`6'') /* /usr/src/contrib/sendmail/cf/README * [undefined] The maximum number of * children the daemon will permit. After * this number, connections will be rejected. * If not set or <= 0, there is no limit. * man sendmail : * Options may be set either on the command line using the * -o flag (for short names), the -O flag (for long names), * or in the configuration file. This is a partial list * limited to those options that are likely to be useful on * the command line and only shows the long names * ... * MaxDaemonChildren=N * Sets the maximum number of children that an incoming * SMTP daemon will allow to spawn at any time to N. */ // This makes a difference in the .mc file, but no difference // gets through to the .cf files #endif /* NO_FLAT_RATE } */ // ---------------------------------------------------------------------------- #ifdef /*{*/ REMOTE_HOST define(`confMAX_RCPTS_PER_MESSAGE'',`400'') /* Questions: * - Is this maximum: total sendmail sees others sending ? * - Is this maximum: total sendmail would accept from majordomo ? * - What if I send some alert to several big 200+ lists ? * - If I cross post an announcement ? * - Does sendmail expect majordomo to split beyond that ? * - Is majordomo capable of automatically splitting & resending ? * - Recipient size is I believe seen by remote end, * & used as a criteria for some MTAs to drop spam. * CF default: * # maximum number of recipients per SMTP envelope * #O MaxRecipientsPerMessage=100 * -------------------------------------------------------------------- * MAX_RCPTS_PER_MESSAGE: * 7.1-src/ * contrib/sendmail/RELEASE_NOTES * contrib/sendmail/cf/README * contrib/sendmail/cf/m4/proto.m4 * # maximum number of recipients per SMTP envelope * _OPTION(MaxRecipientsPerMessage, `confMAX_RCPTS_PER_MESSAGE', `0') * contrib/sendmail/cf/cf/submit.cf * * contrib/sendmail/doc/op/op.me * .ip MaxRecipientsPerMessage=\fIN\fP * [no short name] * The maximum number of recipients that will be accepted per message * in an SMTP transaction. * Note: setting this too low can interfere with sending mail from * MUAs that use SMTP for initial submission. * If not set, there is no limit on the number of recipients per envelope. * -------------------------------------------------------------------- * * contrib/sendmail/src/readcf.c * #define O_MAXRCPT 0xa2 * { "MaxRecipientsPerMessage", O_MAXRCPT, OI_SAFE }, * -------------------------------------------------------------------- */ #endif /*}*/ // ---------------------------------------------------------------------------- #ifdef /*{*/ REMOTE_HOST #if ( ! defined flat_berklix_org && \ ! defined tower_berklix_org && \ ! defined slim_berklix_org ) /* { Assume a weak host. Avoid thrashing & dieing after coming * back on line into the backlog of a spam flood. */ define(`confQUEUE_LA'',`4'') /* * CF default is a hashed out 8 */ define(`confREFUSE_LA'',`6'') /* * CF default is a hashed out 12 */ define(`confDELAY_LA'',`2'') /* * CF default is a hashed out 0 */ define(`confMAX_DAEMON_CHILDREN'',`3'') /* * CF default is a hashed out 0 */ define(`confCONNECTION_RATE_THROTTLE'',`2'') /* * CF default is a hashed out 0 */ define(`confMAX_QUEUE_RUN_SIZE'',`600'') /* * CF default is hashed out #O MaxQueueRunSize=10000 */ define(`confMAX_QUEUE_CHILDREN'',`3'') /* * CF default is a hashed out 0 */ define(`confMAX_RUNNERS_PER_QUEUE'',`1'') /* * CF default is a hashed out 1 */ define(`confBAD_RCPT_THROTTLE'',`10'') /* * CF default is a hashed out 20 */ #endif /* Weak host } */ #endif /*}*/ // ---------------------------------------------------------------------------- #ifdef /*{*/ REMOTE_HOST /* Not Yet Used. * From FreeBSD-6.1/usr/local/share/doc/cyrus-sasl/Sendmail.README: * dnl The group needs to be mail in order to read the sasldb file * define(`confRUN_AS_USER',`root:mail')dnl */ #endif /*}*/ // ---------------------------------------------------------------------------- #if /*{*/ ( defined REMOTE_HOST ) TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5 PLAIN LOGIN'') // brackets.c:` /* Causes in .cf file a single line: * C{TrustAuthMech}GSSAPI DIGEST-MD5 PLAIN LOGIN * GATE_HOST Proven to not need this. * REMOTE_HOST proven to need this, * else it tosses mail back (with another problem: * Host unknown (Name server: fire.js.berklix.net: host not found)) * Protocols accepted on remote smart host at run time, * (although from maillog, one can see sendmail has been * compiled with support for a longer list, eg: * AUTH: available mech=LOGIN PLAIN ANONYMOUS DIGEST-MD5 CRAM-MD5, * allowed mech=GSSAPI DIGEST-MD5 PLAIN LOGIN * Pre 2004.01.05: DIGEST-MD5 CRAM-MD5 LOGIN PLAIN * Timp@ GSSAPI DIGEST-MD5 PLAIN LOGIN ) */ #endif /* defined REMOTE_HOST || defined GATE_HOST } */ // ---------------------------------------------------------------------------- #if /*{*/ ( defined REMOTE_HOST ) define(`confAUTH_MECHANISMS'',`GSSAPI DIGEST-MD5 PLAIN LOGIN'') /* Defining causes a change in .cf file from commented out: * #O AuthMechanisms=EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5 * to active single configuration line: * O AuthMechanisms=GSSAPI DIGEST-MD5 PLAIN LOGIN * Now its removed on gate, on gate I see: * AUTH: available mech=LOGIN PLAIN ANONYMOUS, * allowed mech=EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5 * http://www.sendmail.org/~ca/email/auth.html#AuthMechanisms: * list of mechanisms which are offered at most for * authentication. This list is intersected with the * list of available (i.e., installed) mechanisms, and * the result of the intersection is listed in the * AUTH keyword value for the EHLO response. * default: GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5 * 6.1 Default: GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5 * 6.1 cf/README: The advertised list of authentication * mechanisms will be the intersection of this * list and the list of available mechanisms as * determined by the Cyrus SASL library. * Pre 2004.01.05: DIGEST-MD5 CRAM-MD5 LOGIN PLAIN * timp@ GSSAPI DIGEST-MD5 PLAIN LOGIN */ #endif /* defined REMOTE_HOST || defined GATE_HOST } */ // ---------------------------------------------------------------------------- #if /*{*/ ( defined REMOTE_HOST || defined GATE_HOST ) /* /usr/ports/security/cyrus-sasl/pkg-descr: * Mechanisms included: ANONYMOUS, CRAM-MD5, DIGEST-MD5, GSSAPI * (MIT Kerberos 5 or Heimdal Kerberos 5), KERBEROS_V4 and PLAIN. * /usr/ports/security/cyrus-sasl/files/Sendmail.README: * Additional AUTH Mechanisms are LOGIN, PLAIN, GSSAPI, and KERBEROS_V4. * These can be added to TRUST_AUTH_MECH and confAUTH_MECHANISMS as a space * seperated list. You may want to restrict LOGIN, and PLAIN authentication * methods for use with STARTTLS, as the password is not encrypted when * passed to sendmail. * LOGIN is required for Outlook Express users. "My server requires * authentication" needs to be checked in the accounts properties to * use SASL Authentication. * PLAIN is required for Netscape Communicator users. By default Netscape * Communicator will use SASL Authentication when sendmail is compiled with * SASL and will cause your users to enter their passwords each time they * retreive their mail (NS 4.7). * The DONT_BLAME_SENDMAIL option GroupReadableSASL[DB]File is needed when you * are using cyrus-imapd and sendmail on the same server that requires access * to the sasldb database. * http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/smtp-auth.html * reccomends * define(`confDEF_AUTH_INFO'', `/etc/mail/auth-info'') * which in .cf file would be: * O DefaultAuthInfo=/etc/mail/default-auth-info * but 4.9/usr/share/sendmail/cf/README: * password (plain text), ... this option is deprecated * DIGEST-MD5 Succesor to CRAM-MD5 * GSSAPI Works with Kerberos 5 * LOGIN For Outlook Express users. It provides no security * PLAIN and CRAM-MD5 Do not support the concept of realms * PLAIN For Netscape Communicator * PLAIN Can either check /etc/passwd, Kerberos V4, use PAM, * or the sasl secrets database. By default PAM is * used if PAM is found, then Kerberos, finally * /etc/passwd (non-shadow). * No Security: Beware Packet Sniffers ! * See also http://www.berklix.com/~jhs/txt/sasl.html#verify * See also http://www.berklix.com/~jhs/txt/sasl.html#debug */ #endif /* defined REMOTE_HOST || defined GATE_HOST } */ // ---------------------------------------------------------------------------- MAILER(local) // ---------------------------------------------------------------------------- MAILER(smtp) // ---------------------------------------------------------------------------- #if ( 0 /* off 2003.12.01 */ \ && ! (defined freebsd_cmp ) && ! ( defined REMOTE_HOST ) ) /*{*/ /* http://www.sendmail.org/m4/masquerading.html * There are some user names that you don''t want relayed, * perhaps because of local aliases. A common example is root, * which may be locally aliased. You can add entries to this * list using LOCAL_USER(`usernames') * bracktes.c:`' */ LOCAL_USER(root) #endif /* 0 } */ // ---------------------------------------------------------------------------- #if ( defined REMOTE_HOST ) /*{*/ /* timp@ uses MAILER(cyrus) for providing IMAP services */ /* timp@ uses DAEMON_OPTIONS(`Name=MTA') */ /* timp@ uses DAEMON_OPTIONS(`Port=2525, Name=MSA, M=E') */ /* timp@ uses define(`confLOCAL_MAILER',`cyrus') * - but isnt this define too late in file ? */ #endif /* defined REMOTE_HOST } */ // ---------------------------------------------------------------------------- /* SPF * http://homepages.tesco.net/~J.deBoynePollard/FGA/smtp-spf-is-harmful.html * You've come to this page because you've said something similar to the * following: * SPF ("sender pemitted from" a.k.a. "sender policy framework") is a * scheme designed to prevent forgery of SMTP-based Internet mail and * thus prevent unsolicited bulk mail. AOL has already adopted it. * This is the Frequently Given Answer to such statements. * Later look at Domain Keys Identified Mail (DKIM) rec. bu * http://www.sendmail.org/dkim * http://www.postfix.org/MILTER_README.html */ // ---------------------------------------------------------------------------- #ifndef freebsd_cmp /*{*/ __HASH__ End of common.cpp #endif /* !freebsd_cmp } */ // ----------------------------------------------------------------------------