Date: Mon, 2 Mar 1998 21:03:54 -0800 From: Faried Nawaz <fn@Hungry.COM> To: freebsd-isp@FreeBSD.ORG Subject: The sendmail.cf additions in /etc/mail. Message-ID: <19980302210354.33022@terror.hungry.com>
next in thread | raw e-mail | index | archive | help
This is on a -stable machine.
I can't seem to use the check_rcpt rule that's commented out by default --
"mail must come from or go to this machine or machines we allow to relay".
I have an /etc/sendmail.cR file with separate entries for both the machine
and its domain, but sendmail always seems to reject the messages. If I
use sendmail -bt, it appears to accept the addresses, though.
Is anyone using that ruleset? I must be missign something simple.
My m4 file is
-- cut here --
VERSIONID(`$Id$')dnl
OSTYPE(bsd4.4)dnl
DOMAIN(generic)dnl
define(`confME_TOO', `True')dnl
define(`confQUEUE_LA', 4)dnl
define(`confREFUSE_LA', 2)dnl
define(`confSMTP_LOGIN_MSG', `$j $b')dnl
define(`confPRIVACY_OPTIONS', noexpn)dnl
FEATURE(redirect)dnl
FEATURE(use_cw_file)dnl
FEATURE(masquerade_envelope)dnl
MASQUERADE_AS(`blah-foo.org')dnl
MAILER(local)
MAILER(smtp)
LOCAL_CONFIG
# list of hosts and domains for whom we relay mail.
# all .forward hosts, domains must be listed in this file.
# same for hosts and domains in /etc/aliases
FR-o /etc/sendmail.cR
# database declarations
Kdenyip hash -o -a.REJECT /etc/mail/denyip.db
Kfakenames hash -o -a.REJECT /etc/mail/fakenames.db
Kspamsites hash -o -a.REJECT /etc/mail/spamsites.db
LOCAL_RULESETS
# helper rulsesets; useful for debugging sendmail configurations
#
#
Scheck_rbl
# lookup up an ip address in the Realtime Blackhole List.
R$-.$-.$-.$- $: $(host $4.$3.$2.$1.rbl.maps.vix.com $:OK $)
Sxlat # for sendmail -bt
# sendmail treats "$" and "|" as two distinct tokens
# this rule "pastes" them together into one token
# and then calls check_relay.
R$* $$| $* $: $1 $| $2
R$* $| $* $@ $>check_relay $1 $| $2
Scheck_relay
# called with "hostname.tld $| IP address" of connecting host.
# hostname.tld is the fully-qualified domain name
# IP address is dotted-quad with surrounding "[]" brackets.
#
# each group of rules in this ruleset is independent.
# each accepts and return "hostname.tld $| IP address"
# use the ones that you want comment out the rest
# you may rearrange the groups but not the rules in each group.
# each group is preceded and followed by a comment
#
# host must NOT be in the "spamsites" database--BEGIN
R$* $| $* $: <$1 $| $2> $1
R<$*> $+.$+.$+ <$1> $3.$4
R<$*> $+.$+ $: <$1> $(spamsites $2.$3 $)
R<$*> $*.REJECT $#error $: 521 blocked. contact postmaster@$m
R<$*> $* $: $1
# host must NOT be in the "spamsites" database--END
# ip address must NOT be in the "denyip" database--BEGIN
R$* $| $* $: $1 $| $(denyip $2 $)
R$* $| $*.REJECT $#error $: 521 blocked. contact postmaster@$m
# ip address must NOT be in the "denyip" database--END
R$* $@ OK
Scheck_mail
# called with envelope sender (everything after ":") in
# "Mail From: xxx", of SMTP conversation
# may or may not have "<" ">"
# the groups of rules in this ruleset ARE NOT independent.
# "remove all RFC-822 comments" must come first
# "Connecting Host" and "Paul Vixie's RBL" must be last
#
# use the ones that you want comment out the rest
# each group is preceded and followed by a comment
#
# remove all RFC-822 comments--BEGIN
# MUST be first rule in check_mail rulseset.
R$* $: $>3 $1
# remove all RFC-822 comments--END
# mail must come from a DNS resolvable host--BEGIN
R$* < @ $+ . > $: $1 @ $2
R$* < @ $+ > $#error $: "451 Domain does not resolve"
# mail must come from a DNS resolvable host--END
# mail must NOT come from a known source of spam--BEGIN
R$+ @$+ $: <$1@$2> $2
R<$*> $+.$+.$+ <$1> $3.$4
R<$*> $* $: $(spamsites $2 $: OK $)
R$+.REJECT $#error $: 521 $1
R<$*> $* $: $1
# mail must NOT come from a known source of spam--END
# Connecting Host must resolve--BEGIN
R$* $: $1 $: $(dequote "" $&{client_name} $)
R$* $: $>3 foo@$1
R<$*> $*<@$*> $#error $: "451 Domain does not resolve"
# Connecting Host must resolve--END
# ip address must NOT be in Paul Vixie's RBL--BEGIN
R$* $: $1 $: $(dequote "" $&{client_addr} $)
R$* $: $>check_rbl $1
R$*.com. $#error $: "550 Mail refused, see http://maps.vix.com/rbl"
# ip address must NOT be in Paul Vixie's RBL--END
R$* $@ OK
Scheck_rcpt
# called with envelope recipient (everything after ":") in
# "Rcpt To: xxx", of SMTP conversation
# may or may not have "<" ">" and or RFC-822 comments.
# let ruleset 3 clean this up for us.
#
# do NOT reorder these two groups of rules.
# restrict mail relaying to host and domains listed in /etc/sendmail.cR
#
# mail must NOT be addressed "fakenames"--BEGIN
R$* $: <$1> $>3 $1
R<$*> $+ < @ $+ > $: <$1> $(fakenames $2 $: OK $)
R$+.REJECT $#error $: 521 $1
R<$*> $* $: $1
# mail must NOT be addressed "fakenames"--END
# mail must come from or go to this machine or machines we allow to relay--BEGIN
R$* $: $>Parse0 $>3 $1
R$+ < @ $* . > $* $: $1 < @ $2 >
R<$+ @ $=w> $@ OK
R<$+ @ $* $=R> $@ OK
R$* $: $(dequote "" $&{client_name} $)
R$=w $@ OK
R$* $=R $@ OK
R$@ $@ OK
R$* $#error $: "550 Relaying Denied"
# mail must come from or go to this machine or machines we allow to relay--END
R$* $@ OK
-- cut here --
faried.
--
i've kissed mermaids, rode the el nino | i was never here, i never loved you.
walked the sand with the crustaceans | ------------------------------------
could find my way to mariana | \
on a wave of mutilation |
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980302210354.33022>