126 lines
4.5 KiB
Plaintext
126 lines
4.5 KiB
Plaintext
# $Id:$
|
|
#
|
|
# list of hosts and domains for whom we relay mail.
|
|
# all .forward hosts, domains must be listed in this file.
|
|
# same for hosts and domains in /etc/aliases
|
|
F{LocalIP}-o /etc/mail/Local-IP
|
|
F{RelayTo}-o /etc/mail/Relay-Hosts
|
|
|
|
# database declarations
|
|
Kdenyip hash -o -a.REJECT /etc/mail/denyip.db
|
|
Kfakenames hash -o -a.REJECT /etc/mail/fakenames.db
|
|
Kspamsites hash -o -a.REJECT /etc/mail/spamsites.db
|
|
|
|
# helper rulsesets; useful for debugging sendmail configurations
|
|
#
|
|
#
|
|
Scheck_rbl
|
|
# lookup up an ip address in the Realtime Blackhole List.
|
|
R$-.$-.$-.$- $: $(host $4.$3.$2.$1.rbl.maps.vix.com $:OK $)
|
|
|
|
Sxlat # for sendmail -bt
|
|
# sendmail treats "$" and "|" as two distinct tokens
|
|
# this rule "pastes" them together into one token
|
|
# and then calls check_relay.
|
|
R$* $$| $* $: $1 $| $2
|
|
R$* $| $* $@ $>check_relay $1 $| $2
|
|
|
|
Scheck_relay
|
|
# called with "hostname.tld $| IP address" of connecting host.
|
|
# hostname.tld is the fully-qualified domain name
|
|
# IP address is dotted-quad with surrounding "[]" brackets.
|
|
#
|
|
# each group of rules in this ruleset is independent.
|
|
# each accepts and return "hostname.tld $| IP address"
|
|
# use the ones that you want comment out the rest
|
|
# you may rearrange the groups but not the rules in each group.
|
|
# each group is preceded and followed by a comment
|
|
#
|
|
# host must NOT be in the "spamsites" database--BEGIN
|
|
R$* $| $* $: <$1 $| $2> $1
|
|
R<$*> $+.$+.$+ <$1> $3.$4
|
|
R<$*> $+.$+ $: <$1> $(spamsites $2.$3 $)
|
|
R<$*> $*.REJECT $#error $: 521 blocked. contact postmaster@$m
|
|
R<$*> $* $: $1
|
|
# host must NOT be in the "spamsites" database--END
|
|
# ip address must NOT be in the "denyip" database--BEGIN
|
|
R$* $| $* $: $1 $| $(denyip $2 $)
|
|
R$* $| $*.REJECT $#error $: 521 blocked. contact postmaster@$m
|
|
# ip address must NOT be in the "denyip" database--END
|
|
R$* $@ OK
|
|
|
|
Scheck_mail
|
|
# called with envelope sender (everything after ":") in
|
|
# "Mail From: xxx", of SMTP conversation
|
|
# may or may not have "<" ">"
|
|
# the groups of rules in this ruleset ARE NOT independent.
|
|
# "remove all RFC-822 comments" must come first
|
|
# "Connecting Host" and "Paul Vixie's RBL" must be last
|
|
#
|
|
# use the ones that you want comment out the rest
|
|
# each group is preceded and followed by a comment
|
|
#
|
|
# remove all RFC-822 comments--BEGIN
|
|
# MUST be first rule in check_mail rulseset.
|
|
R$* $: $>3 $1
|
|
# remove all RFC-822 comments--END
|
|
# mail must come from a DNS resolvable host--BEGIN
|
|
R$* < @ $+ . > $: $1 @ $2
|
|
R$* < @ $+ > $#error $@ 4.1.8 $: "451 Domain does not resolve"
|
|
# mail must come from a DNS resolvable host--END
|
|
# mail must NOT come from a known source of spam--BEGIN
|
|
R$+ @$+ $: <$1@$2> $2
|
|
R<$*> $+.$+.$+ <$1> $3.$4
|
|
R<$*> $* $: $(spamsites $2 $: OK $)
|
|
R$+.REJECT $#error $@ 5.7.1 $: 550 $1
|
|
R<$*> $* $: $1
|
|
# mail must NOT come from a known source of spam--END
|
|
# Connecting Host must resolve--BEGIN
|
|
R$* $: $1 $: $(dequote "" $&{client_name} $)
|
|
R$* $: $>3 foo@$1
|
|
R<$*> $*<@$*> $#error $@ 4.1.8 $: "451 Domain does not resolve"
|
|
# Connecting Host must resolve--END
|
|
# ip address must NOT be in Paul Vixie's RBL--BEGIN
|
|
R$* $: $1 $: $(dequote "" $&{client_addr} $)
|
|
R$* $: $>check_rbl $1
|
|
R$*.com. $#error $@ 5.7.1 $: "550 Mail refused, see http://maps.vix.com/rbl"
|
|
# ip address must NOT be in Paul Vixie's RBL--END
|
|
R$* $@ OK
|
|
|
|
Scheck_rcpt
|
|
# called with envelope recipient (everything after ":") in
|
|
# "Rcpt To: xxx", of SMTP conversation
|
|
# may or may not have "<" ">" and or RFC-822 comments.
|
|
# let ruleset 3 clean this up for us.
|
|
#
|
|
# do NOT reorder these two groups of rules.
|
|
# restrict mail relaying to host and domains listed in /etc/sendmail.cR
|
|
#
|
|
# mail must NOT be addressed "fakenames"--BEGIN
|
|
R$* $: <$1> $>3 $1
|
|
R<$*> $+ < @ $+ > $: <$1> $(fakenames $2 $: OK $)
|
|
R$+.REJECT $#error $@ 5.2.1 $: 550 $1
|
|
R<$*> $* $: $1
|
|
# mail must NOT be addressed "fakenames"--END
|
|
# mail must come from or go to this machine or machines we allow to relay--BEGIN
|
|
# from http://www.informatik.uni-kiel.de/%7Eca/email/check.html#check_rcpt
|
|
R$+ $: $(dequote "" $&{client_addr} $) $| $1
|
|
R0 $| $* $@ ok
|
|
R$={LocalIP}$* $| $* $@ ok
|
|
# not local, check rcpt
|
|
R$* $| $* $: $>3 $2
|
|
# remove local part, maybe repeatedly
|
|
R$+ $:$>removelocal $1
|
|
# still something left?
|
|
R$*<@$+>$* $#error $@ 5.7.1 $: 550 we do not relay
|
|
#
|
|
Sremovelocal
|
|
# remove RelayTo part (maybe repeatedly)
|
|
# R$*<@$*$={RelayTo}.>$* $>3 $1 $4
|
|
R$*<@$=w.>$* $: $>removelocal $>3 $1 $3
|
|
R$*<@$*>$* $@ $1<@$2>$3
|
|
# dequote local part
|
|
R$- $: $>3 $(dequote $1 $)
|
|
R$*<@$*>$* $: $>removelocal $1<@$2>$3
|
|
# mail must come from or go to this machine or machines we allow to relay--END
|