diff test.cf @ 90:962a1f8f1d9f stable-5-4

add verify statement to verify addresses with better mx host
author carl
date Sun, 18 Sep 2005 10:19:58 -0700
parents 510a511ad554
children e107ade3b1c0
line wrap: on
line diff
--- a/test.cf	Sun Aug 07 11:26:37 2005 -0700
+++ b/test.cf	Sun Sep 18 10:19:58 2005 -0700
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 1998-2002 Sendmail, Inc. and its suppliers.
+# Copyright (c) 1998-2004 Sendmail, Inc. and its suppliers.
 #	All rights reserved.
 # Copyright (c) 1983, 1995 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
@@ -16,8 +16,8 @@
 #####
 #####		SENDMAIL CONFIGURATION FILE
 #####
-##### built by root@ns.five-ten-sg.com on Mon Jan 3 13:23:43 PST 2005
-##### in /usr/src/rh8/gpl/dnsbl
+##### built by root@ns.five-ten-sg.com on Sat Sep 17 18:06:39 PDT 2005
+##### in /usr/usr/cvs/gpl/dnsbl
 ##### using /usr/share/sendmail-cf/ as configuration include directory
 #####
 ######################################################################
@@ -140,6 +140,7 @@
 # ... define this only if sendmail cannot automatically determine your domain
 #Dj$w.Foo.COM
 
+# host/domain names ending with a token in class P are canonical
 CP.
 
 # "Smart" relay host (may be null)
@@ -172,7 +173,7 @@
 # macro storage map
 Kmacro macro
 # possible values for TLS_connection in access map
-C{tls}VERIFY ENCR
+C{Tls}VERIFY ENCR
 
 
 
@@ -212,7 +213,7 @@
 Kgenerics hash /etc/mail/genericstable.db
 
 # Configuration version number
-DZ8.12.8
+DZ8.13.1
 
 
 ###############
@@ -385,10 +386,12 @@
 #O Timeout.queuereturn.normal=5d
 #O Timeout.queuereturn.urgent=2d
 #O Timeout.queuereturn.non-urgent=7d
+#O Timeout.queuereturn.dsn=5d
 O Timeout.queuewarn=4h
 #O Timeout.queuewarn.normal=4h
 #O Timeout.queuewarn.urgent=1h
 #O Timeout.queuewarn.non-urgent=12h
+#O Timeout.queuewarn.dsn=4h
 #O Timeout.hoststatus=30m
 #O Timeout.resolver.retrans=5s
 #O Timeout.resolver.retrans.first=5s
@@ -410,7 +413,7 @@
 O SuperSafe=True
 
 # status file
-O StatusFile=/usr/src/rh8/gpl/dnsbl/sendmail.st
+O StatusFile=/usr/usr/cvs/gpl/dnsbl/sendmail.st
 
 # time zone handling:
 #  if undefined, use system default
@@ -427,6 +430,9 @@
 # fallback MX host
 #O FallbackMXhost=fall.back.host.net
 
+# fallback smart host
+#O FallbackSmartHost=fall.back.host.net
+
 # if we are the best MX host for a site, try it directly instead of config err
 #O TryNullMXList=False
 
@@ -436,6 +442,9 @@
 # load average at which we refuse connections
 O RefuseLA=8
 
+# log interval when refusing connections for this long
+#O RejectLogInterval=3h
+
 # load average at which we delay connections; 0 means no limit
 #O DelayLA=0
 
@@ -445,6 +454,9 @@
 # maximum number of new connections per second
 O ConnectionRateThrottle=1
 
+# Width of the window 
+#O ConnectionRateWindowSize=60s
+
 # work recipient factor
 #O RecipientFactor=30000
 
@@ -517,7 +529,7 @@
 #O RunAsUser=sendmail
 
 # maximum number of recipients per SMTP envelope
-#O MaxRecipientsPerMessage=100
+#O MaxRecipientsPerMessage=0
 
 # limit the rate recipients per SMTP envelope are accepted
 # once the threshold number of recipients have been rejected
@@ -562,9 +574,15 @@
 # lookup type to find information about local mailboxes
 #O MailboxDatabase=pw
 
+# override compile time flag REQUIRES_DIR_FSYNC
+#O RequiresDirfsync=true
+
 # list of authentication mechanisms
 O AuthMechanisms=LOGIN PLAIN
 
+# Authentication realm
+#O AuthRealm
+
 # default authentication information for outgoing connections
 #O DefaultAuthInfo=/etc/mail/default-auth-info
 
@@ -586,6 +604,7 @@
 O Milter.macros.helo={tls_version}, {cipher}, {cipher_bits}, {cert_subject}, {cert_issuer}
 O Milter.macros.envfrom=i, {auth_type}, {auth_authen}, {auth_ssf}, {auth_author}, {mail_mailer}, {mail_host}, {mail_addr}
 O Milter.macros.envrcpt={rcpt_mailer}, {rcpt_host}, {rcpt_addr}
+O Milter.macros.eom={msg_id}
 
 # CA directory
 #O CACertPath
@@ -599,6 +618,8 @@
 #O ClientCertFile
 # Client private key
 #O ClientKeyFile
+# File containing certificate revocation lists 
+#O CRLFile
 # DHParameters (only required if DSA/DH is used)
 #O DHParameters
 # Random data source (required for systems without /dev/urandom under OpenSSL)
@@ -858,7 +879,7 @@
 
 # handle numeric address spec
 R$* < @ [ $+ ] > $*	$: $>ParseLocal $1 < @ [ $2 ] > $3	numeric internet spec
-R$* < @ [ $+ ] > $*	$1 < @ [ $2 ] : $S > $3		Add smart host to path
+R$* < @ [ $+ ] > $*	$: $1 < @ [ $2 ] : $S > $3	Add smart host to path
 R$* < @ [ $+ ] : > $*		$#esmtp $@ [$2] $: $1 < @ [$2] > $3	no smarthost: send
 R$* < @ [ $+ ] : $- : $*> $*	$#$3 $@ $4 $: $1 < @ [$2] > $5	smarthost with mailer
 R$* < @ [ $+ ] : $+ > $*	$#esmtp $@ $3 $: $1 < @ [$2] > $4	smarthost without mailer
@@ -973,7 +994,8 @@
 SMailerToTriple=95
 R< > $*				$@ $1			strip off null relay
 R< error : $-.$-.$- : $+ > $* 	$#error $@ $1.$2.$3 $: $4
-R< error : $- $+ > $*		$#error $@ $(dequote $1 $) $: $2
+R< error : $- : $+ > $*		$#error $@ $(dequote $1 $) $: $2
+R< error : $+ > $*		$#error $: $1
 R< local : $* > $*		$>CanonLocal < $1 > $2
 R< $~[ : $+ @ $+ > $*<$*>$*	$# $1 $@ $3 $: $2<@$3>	use literal user
 R< $~[ : $+ > $*		$# $1 $@ $2 $: $3	try qualified mailer
@@ -1168,6 +1190,7 @@
 R<$={Accept}> <$*>	$@ $1				return value of lookup
 R<REJECT> <$*>		$#error $@ 5.7.1 $: "550 Access denied"
 R<DISCARD> <$*>		$#discard $: discard
+R<QUARANTINE:$+> <$*>	$#error $@ quarantine $: $1
 R<ERROR:$-.$-.$-:$+> <$*>	$#error $@ $1.$2.$3 $: $4
 R<ERROR:$+> <$*>		$#error $: $1
 R<$* <TMPF>> <$*>		$#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
@@ -1249,6 +1272,7 @@
 R<PERM> $*		$#error $@ 5.1.8 $: "553 Domain of sender address " $&f " does not exist"
 R<$={Accept}> $*	$# $1		accept from access map
 R<DISCARD> $*		$#discard $: discard
+R<QUARANTINE:$+> $*	$#error $@ quarantine $: $1
 R<REJECT> $*		$#error $@ 5.7.1 $: "550 Access denied"
 R<ERROR:$-.$-.$-:$+> $*		$#error $@ $1.$2.$3 $: $4
 R<ERROR:$+> $*		$#error $: $1
@@ -1352,7 +1376,7 @@
 
 # check client name: first: did it resolve?
 R$*			$: < $&{client_resolve} >
-R<TEMP>			$#TEMP $@ 4.7.1 $: "450 Relaying temporarily denied. Cannot resolve PTR record for " $&{client_addr}
+R<TEMP>			$#TEMP $@ 4.4.0 $: "450 Relaying temporarily denied. Cannot resolve PTR record for " $&{client_addr}
 R<FORGED>		$#error $@ 5.7.1 $: "550 Relaying denied. IP name possibly forged " $&{client_name}
 R<FAIL>			$#error $@ 5.7.1 $: "550 Relaying denied. IP name lookup failed " $&{client_name}
 R$*			$: <@> $&{client_name}
@@ -1375,16 +1399,18 @@
 R$* <@ $* >		$@ $1 <@ $2 >
 R$+			$@ $1 <@ $j >
 
-SDelay_TLS_Client
+SDelay_TLS_Clt
 # authenticated?
 R$*			$: $1 $| $>"tls_client" $&{verify} $| MAIL
 R$* $| $#$+		$#$2
+R$* $| $*		$# $1
 R$*			$# $1
 
-SDelay_TLS_Client2
+SDelay_TLS_Clt2
 # authenticated?
 R$*			$: $1 $| $>"tls_client" $&{verify} $| MAIL
 R$* $| $#$+		$#$2
+R$* $| $*		$@ $1
 R$*			$@ $1
 
 # call all necessary rulesets
@@ -1394,7 +1420,7 @@
 R$+			$: $1 $| $>checkrcpt $1
 R$+ $| $#error $*	$#error $2
 R$+ $| $#discard $*	$#discard $2
-R$+ $| $#$*		$@ $>"Delay_TLS_Client" $2
+R$+ $| $#$*		$@ $>"Delay_TLS_Clt" $2
 R$+ $| $*		$: <?> $>FullAddr $>CanonAddr $1
 R<?> $+ < @ $=w >	$: <> $1 < @ $2 > $| <F: $1@$2 > <D: $2 > <U: $1@>
 R<?> $+ < @ $* >	$: <> $1 < @ $2 > $| <F: $1@$2 > <D: $2 >
@@ -1402,7 +1428,7 @@
 R<> $* $| <$+>		$: <@> $1 $| $>SearchList <! Spam> $| <$2> <>
 R<@> $* $| $*		$: $2 $1		reverse result
 # is the recipient a spam friend?
-R<FRIEND> $+		$@ $>"Delay_TLS_Client2" SPAMFRIEND
+R<FRIEND> $+		$@ $>"Delay_TLS_Clt2" SPAMFRIEND
 R<$*> $+		$: $2
 R$*			$: $1 $| $>checkmail <$&f>
 R$* $| $#$*		$#$2
@@ -1506,10 +1532,10 @@
 ######################################################################
 
 # class with valid marks for SearchList
-C{src}E F D U 
+C{Src}E F D U 
 SSearchList
 # just call the ruleset with the name of the tag... nice trick...
-R<$+> $| <$={src}:$*> <$*>	$: <$1> $| <$4> $| $>$2 <$3> <?> <$1> <>
+R<$+> $| <$={Src}:$*> <$*>	$: <$1> $| <$4> $| $>$2 <$3> <?> <$1> <>
 R<$+> $| <> $| <?> <>		$@ <?>
 R<$+> $| <$+> $| <?> <>		$@ $>SearchList <$1> $| <$2>
 R<$+> $| <$*> $| <$+> <>	$@ <$3>
@@ -1530,7 +1556,7 @@
 R$@ $| $*		$#error $@ 5.7.1 $: "550 not authenticated"
 R$* $| $&{auth_authen}		$@ identical
 R$* $| <$&{auth_authen}>	$@ identical
-R$* $| $*		$: $1 $| $>"Local_trust_auth" $1
+R$* $| $*		$: $1 $| $>"Local_trust_auth" $2
 R$* $| $#$*		$#$2
 R$*			$#error $@ 5.7.1 $: "550 " $&{auth_authen} " not allowed to act as " $&{auth_author}
 
@@ -1624,16 +1650,16 @@
 STLS_connection
 R$* $| <$*>$*			$: $1 $| <$2>
 # create the appropriate error codes
-R$* $| <PERM + $={tls} $*>	$: $1 $| <503:5.7.0> <$2 $3>
-R$* $| <TEMP + $={tls} $*>	$: $1 $| <403:4.7.0> <$2 $3>
-R$* $| <$={tls} $*>		$: $1 $| <403:4.7.0> <$2 $3>
+R$* $| <PERM + $={Tls} $*>	$: $1 $| <503:5.7.0> <$2 $3>
+R$* $| <TEMP + $={Tls} $*>	$: $1 $| <403:4.7.0> <$2 $3>
+R$* $| <$={Tls} $*>		$: $1 $| <403:4.7.0> <$2 $3>
 # deal with TLS handshake failures: abort
 RSOFTWARE $| <$-:$+> $* 	$#error $@ $2 $: $1 " TLS handshake failed."
 RSOFTWARE $| $* 		$#error $@ 4.7.0 $: "403 TLS handshake failed."
 R$* $| <$*> <VERIFY>		$: <$2> <VERIFY> <> $1
 R$* $| <$*> <VERIFY + $+>	$: <$2> <VERIFY> <$3> $1
-R$* $| <$*> <$={tls}:$->$*	$: <$2> <$3:$4> <> $1
-R$* $| <$*> <$={tls}:$- + $+>$*	$: <$2> <$3:$4> <$5> $1
+R$* $| <$*> <$={Tls}:$->$*	$: <$2> <$3:$4> <> $1
+R$* $| <$*> <$={Tls}:$- + $+>$*	$: <$2> <$3:$4> <$5> $1
 R$* $| $*			$@ OK
 # authentication required: give appropriate error
 # other side did authenticate (via STARTTLS)