freebsd-nq/etc/mail/sendmail.cf.additions
Jonathan M. Bresler d0be126913 correct an error that i made in check_relay.
check_relay cannot return temporary errors.
	The temporary error is logged in the sendmail log, but on the SMTP
	protocol level, sendmail returns '550 Access Denied'.
Reviewed by:	jmb
Submitted by:	Tor Egge <Tor.Egge@idi.ntnu.no>
1997-12-07 16:50:11 +00:00

115 lines
4.0 KiB
Plaintext

# list of hosts and domains for whom we relay mail.
# all .forward hosts, domains must be listed in this file.
# same for hosts and domains in /etc/aliases
FR-o /etc/sendmail.cR
# database declarations
Kdenyip hash -o -a.REJECT /etc/mail/denyip.db
Kfakenames hash -o -a.REJECT /etc/mail/fakenames.db
Kspamsites hash -o -a.REJECT /etc/mail/spamsites.db
# helper rulsesets; useful for debugging sendmail configurations
#
#
Scheck_rbl
# lookup up an ip address in the Realtime Blackhole List.
R$-.$-.$-.$- $: $(host $4.$3.$2.$1.rbl.maps.vix.com $:OK $)
Sxlat # for sendmail -bt
# sendmail treats "$" and "|" as two distinct tokens
# this rule "pastes" them together into one token
# and then calls check_relay.
R$* $$| $* $: $1 $| $2
R$* $| $* $@ $>check_relay $1 $| $2
Scheck_relay
# called with "hostname.tld $| IP address" of connecting host.
# hostname.tld is the fully-qualified domain name
# IP address is dotted-quad with surrounding "[]" brackets.
#
# each group of rules in this ruleset is independent.
# each accepts and return "hostname.tld $| IP address"
# use the ones that you want comment out the rest
# you may rearrange the groups but not the rules in each group.
# each group is preceded and followed by a comment
#
# host must NOT be in the "spamsites" database--BEGIN
R$* $| $* $: <$1 $| $2> $1
R<$*> $+.$+.$+ <$1> $3.$4
R<$*> $+.$+ $: <$1> $(spamsites $2.$3 $)
R<$*> $*.REJECT $#error $: "521 blocked. contact postmaster@FreeBSD.ORG"
R<$*> $* $: $1
# host must NOT be in the "spamsites" database--END
# ip address must NOT be in the "denyip" database--BEGIN
R$* $| $* $: $1 $| $(denyip $2 $)
R$* $| $*.REJECT $#error $: "521 blocked. contact postmaster@FreeBSD.ORG"
# ip address must NOT be in the "denyip" database--END
R$* $@ OK
Scheck_mail
# called with envelope sender (everything after ":") in
# "Mail From: xxx", of SMTP conversation
# may or may not have "<" ">"
# the groups of rules in this ruleset ARE NOT independent.
# "remove all RFC-822 comments" must come first
# "Connecting Host" and "Paul Vixie's RBL" must be last
#
# use the ones that you want comment out the rest
# each group is preceded and followed by a comment
#
# remove all RFC-822 comments--BEGIN
# MUST be first rule in check_mail rulseset.
R$* $: $>3 $1
# remove all RFC-822 comments--END
# mail must come from a DNS resolvable host--BEGIN
R$* < @ $+ . > $: $1 @ $2
R$* < @ $+ > $#error $: "451 Domain does not resolve"
# mail must come from a DNS resolvable host--END
# mail must NOT come from a known source of spam--BEGIN
R$+ @$+ $: <$1@$2> $2
R<$*> $+.$+.$+ <$1> $3.$4
R<$*> $* $: $(spamsites $2 $: OK $)
R$+.REJECT $#error $: 521 $1
R<$*> $* $: $1
# mail must NOT come from a known source of spam--END
# Connecting Host must resolve--BEGIN
R$* $: $1 $: $(dequote "" $&{client_name} $)
R$* $: $>3 foo@$1
R<$*> $*<@$*> $#error $: "451 Domain does not resolve"
# Connecting Host must resolve--END
# ip address must NOT be in Paul Vixie's RBL--BEGIN
R$* $: $1 $: $(dequote "" $&{client_addr} $)
R$* $: $>check_rbl $1
R$*.com. $#error $: "550 Mail refused, see http://maps.vix.com/rbl"
# ip address must NOT be in Paul Vixie's RBL--END
R$* $@ OK
Scheck_rcpt
# called with envelope recipient (everything after ":") in
# "Rcpt To: xxx", of SMTP conversation
# may or may not have "<" ">" and or RFC-822 comments.
# let ruleset 3 clean this up for us.
#
# do NOT reorder these two groups of rules.
# restrict mail relaying to host and domains listed in /etc/sendmail.cR
#
# mail must NOT be addressed "fakenames"--BEGIN
R$* $: <$1> $>3 $1
R<$*> $+ < @ $+ > $: <$1> $(fakenames $2 $: OK $)
R$+.REJECT $#error $: 521 $1
R<$*> $* $: $1
# mail must NOT be addressed "fakenames"--END
# mail must come from or go to this machine or machines we allow to relay--BEGIN
# R$* $: $>Parse0 $>3 $1
# R$+ < @ $* . > $* $: $1 < @ $2 >
# R<$+ @ $=w> $@ OK
# R<$+ @ $* $=R> $@ OK
# R$* $: $(dequote "" $&{client_name} $)
# R$=w $@ OK
# R$* $=R $@ OK
# R$@ $@ OK
# R$* $#error $: "550 Relaying Denied"
# mail must come from or go to this machine or machines we allow to relay--BEGIN
R$* $@ OK