Mercurial > dnsbl
diff test.cf @ 90:962a1f8f1d9f stable-5-4
add verify statement to verify addresses with better mx host
| author | carl |
|---|---|
| date | Sun, 18 Sep 2005 10:19:58 -0700 |
| parents | 510a511ad554 |
| children | e107ade3b1c0 |
line wrap: on
line diff
--- a/test.cf Sun Aug 07 11:26:37 2005 -0700 +++ b/test.cf Sun Sep 18 10:19:58 2005 -0700 @@ -1,5 +1,5 @@ # -# Copyright (c) 1998-2002 Sendmail, Inc. and its suppliers. +# Copyright (c) 1998-2004 Sendmail, Inc. and its suppliers. # All rights reserved. # Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved. # Copyright (c) 1988, 1993 @@ -16,8 +16,8 @@ ##### ##### SENDMAIL CONFIGURATION FILE ##### -##### built by root@ns.five-ten-sg.com on Mon Jan 3 13:23:43 PST 2005 -##### in /usr/src/rh8/gpl/dnsbl +##### built by root@ns.five-ten-sg.com on Sat Sep 17 18:06:39 PDT 2005 +##### in /usr/usr/cvs/gpl/dnsbl ##### using /usr/share/sendmail-cf/ as configuration include directory ##### ###################################################################### @@ -140,6 +140,7 @@ # ... define this only if sendmail cannot automatically determine your domain #Dj$w.Foo.COM +# host/domain names ending with a token in class P are canonical CP. # "Smart" relay host (may be null) @@ -172,7 +173,7 @@ # macro storage map Kmacro macro # possible values for TLS_connection in access map -C{tls}VERIFY ENCR +C{Tls}VERIFY ENCR @@ -212,7 +213,7 @@ Kgenerics hash /etc/mail/genericstable.db # Configuration version number -DZ8.12.8 +DZ8.13.1 ############### @@ -385,10 +386,12 @@ #O Timeout.queuereturn.normal=5d #O Timeout.queuereturn.urgent=2d #O Timeout.queuereturn.non-urgent=7d +#O Timeout.queuereturn.dsn=5d O Timeout.queuewarn=4h #O Timeout.queuewarn.normal=4h #O Timeout.queuewarn.urgent=1h #O Timeout.queuewarn.non-urgent=12h +#O Timeout.queuewarn.dsn=4h #O Timeout.hoststatus=30m #O Timeout.resolver.retrans=5s #O Timeout.resolver.retrans.first=5s @@ -410,7 +413,7 @@ O SuperSafe=True # status file -O StatusFile=/usr/src/rh8/gpl/dnsbl/sendmail.st +O StatusFile=/usr/usr/cvs/gpl/dnsbl/sendmail.st # time zone handling: # if undefined, use system default @@ -427,6 +430,9 @@ # fallback MX host #O FallbackMXhost=fall.back.host.net +# fallback smart host +#O FallbackSmartHost=fall.back.host.net + # if we are the best MX host for a site, try it directly instead of config err #O TryNullMXList=False @@ -436,6 +442,9 @@ # load average at which we refuse connections O RefuseLA=8 +# log interval when refusing connections for this long +#O RejectLogInterval=3h + # load average at which we delay connections; 0 means no limit #O DelayLA=0 @@ -445,6 +454,9 @@ # maximum number of new connections per second O ConnectionRateThrottle=1 +# Width of the window +#O ConnectionRateWindowSize=60s + # work recipient factor #O RecipientFactor=30000 @@ -517,7 +529,7 @@ #O RunAsUser=sendmail # maximum number of recipients per SMTP envelope -#O MaxRecipientsPerMessage=100 +#O MaxRecipientsPerMessage=0 # limit the rate recipients per SMTP envelope are accepted # once the threshold number of recipients have been rejected @@ -562,9 +574,15 @@ # lookup type to find information about local mailboxes #O MailboxDatabase=pw +# override compile time flag REQUIRES_DIR_FSYNC +#O RequiresDirfsync=true + # list of authentication mechanisms O AuthMechanisms=LOGIN PLAIN +# Authentication realm +#O AuthRealm + # default authentication information for outgoing connections #O DefaultAuthInfo=/etc/mail/default-auth-info @@ -586,6 +604,7 @@ O Milter.macros.helo={tls_version}, {cipher}, {cipher_bits}, {cert_subject}, {cert_issuer} O Milter.macros.envfrom=i, {auth_type}, {auth_authen}, {auth_ssf}, {auth_author}, {mail_mailer}, {mail_host}, {mail_addr} O Milter.macros.envrcpt={rcpt_mailer}, {rcpt_host}, {rcpt_addr} +O Milter.macros.eom={msg_id} # CA directory #O CACertPath @@ -599,6 +618,8 @@ #O ClientCertFile # Client private key #O ClientKeyFile +# File containing certificate revocation lists +#O CRLFile # DHParameters (only required if DSA/DH is used) #O DHParameters # Random data source (required for systems without /dev/urandom under OpenSSL) @@ -858,7 +879,7 @@ # handle numeric address spec R$* < @ [ $+ ] > $* $: $>ParseLocal $1 < @ [ $2 ] > $3 numeric internet spec -R$* < @ [ $+ ] > $* $1 < @ [ $2 ] : $S > $3 Add smart host to path +R$* < @ [ $+ ] > $* $: $1 < @ [ $2 ] : $S > $3 Add smart host to path R$* < @ [ $+ ] : > $* $#esmtp $@ [$2] $: $1 < @ [$2] > $3 no smarthost: send R$* < @ [ $+ ] : $- : $*> $* $#$3 $@ $4 $: $1 < @ [$2] > $5 smarthost with mailer R$* < @ [ $+ ] : $+ > $* $#esmtp $@ $3 $: $1 < @ [$2] > $4 smarthost without mailer @@ -973,7 +994,8 @@ SMailerToTriple=95 R< > $* $@ $1 strip off null relay R< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4 -R< error : $- $+ > $* $#error $@ $(dequote $1 $) $: $2 +R< error : $- : $+ > $* $#error $@ $(dequote $1 $) $: $2 +R< error : $+ > $* $#error $: $1 R< local : $* > $* $>CanonLocal < $1 > $2 R< $~[ : $+ @ $+ > $*<$*>$* $# $1 $@ $3 $: $2<@$3> use literal user R< $~[ : $+ > $* $# $1 $@ $2 $: $3 try qualified mailer @@ -1168,6 +1190,7 @@ R<$={Accept}> <$*> $@ $1 return value of lookup R<REJECT> <$*> $#error $@ 5.7.1 $: "550 Access denied" R<DISCARD> <$*> $#discard $: discard +R<QUARANTINE:$+> <$*> $#error $@ quarantine $: $1 R<ERROR:$-.$-.$-:$+> <$*> $#error $@ $1.$2.$3 $: $4 R<ERROR:$+> <$*> $#error $: $1 R<$* <TMPF>> <$*> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later." @@ -1249,6 +1272,7 @@ R<PERM> $* $#error $@ 5.1.8 $: "553 Domain of sender address " $&f " does not exist" R<$={Accept}> $* $# $1 accept from access map R<DISCARD> $* $#discard $: discard +R<QUARANTINE:$+> $* $#error $@ quarantine $: $1 R<REJECT> $* $#error $@ 5.7.1 $: "550 Access denied" R<ERROR:$-.$-.$-:$+> $* $#error $@ $1.$2.$3 $: $4 R<ERROR:$+> $* $#error $: $1 @@ -1352,7 +1376,7 @@ # check client name: first: did it resolve? R$* $: < $&{client_resolve} > -R<TEMP> $#TEMP $@ 4.7.1 $: "450 Relaying temporarily denied. Cannot resolve PTR record for " $&{client_addr} +R<TEMP> $#TEMP $@ 4.4.0 $: "450 Relaying temporarily denied. Cannot resolve PTR record for " $&{client_addr} R<FORGED> $#error $@ 5.7.1 $: "550 Relaying denied. IP name possibly forged " $&{client_name} R<FAIL> $#error $@ 5.7.1 $: "550 Relaying denied. IP name lookup failed " $&{client_name} R$* $: <@> $&{client_name} @@ -1375,16 +1399,18 @@ R$* <@ $* > $@ $1 <@ $2 > R$+ $@ $1 <@ $j > -SDelay_TLS_Client +SDelay_TLS_Clt # authenticated? R$* $: $1 $| $>"tls_client" $&{verify} $| MAIL R$* $| $#$+ $#$2 +R$* $| $* $# $1 R$* $# $1 -SDelay_TLS_Client2 +SDelay_TLS_Clt2 # authenticated? R$* $: $1 $| $>"tls_client" $&{verify} $| MAIL R$* $| $#$+ $#$2 +R$* $| $* $@ $1 R$* $@ $1 # call all necessary rulesets @@ -1394,7 +1420,7 @@ R$+ $: $1 $| $>checkrcpt $1 R$+ $| $#error $* $#error $2 R$+ $| $#discard $* $#discard $2 -R$+ $| $#$* $@ $>"Delay_TLS_Client" $2 +R$+ $| $#$* $@ $>"Delay_TLS_Clt" $2 R$+ $| $* $: <?> $>FullAddr $>CanonAddr $1 R<?> $+ < @ $=w > $: <> $1 < @ $2 > $| <F: $1@$2 > <D: $2 > <U: $1@> R<?> $+ < @ $* > $: <> $1 < @ $2 > $| <F: $1@$2 > <D: $2 > @@ -1402,7 +1428,7 @@ R<> $* $| <$+> $: <@> $1 $| $>SearchList <! Spam> $| <$2> <> R<@> $* $| $* $: $2 $1 reverse result # is the recipient a spam friend? -R<FRIEND> $+ $@ $>"Delay_TLS_Client2" SPAMFRIEND +R<FRIEND> $+ $@ $>"Delay_TLS_Clt2" SPAMFRIEND R<$*> $+ $: $2 R$* $: $1 $| $>checkmail <$&f> R$* $| $#$* $#$2 @@ -1506,10 +1532,10 @@ ###################################################################### # class with valid marks for SearchList -C{src}E F D U +C{Src}E F D U SSearchList # just call the ruleset with the name of the tag... nice trick... -R<$+> $| <$={src}:$*> <$*> $: <$1> $| <$4> $| $>$2 <$3> <?> <$1> <> +R<$+> $| <$={Src}:$*> <$*> $: <$1> $| <$4> $| $>$2 <$3> <?> <$1> <> R<$+> $| <> $| <?> <> $@ <?> R<$+> $| <$+> $| <?> <> $@ $>SearchList <$1> $| <$2> R<$+> $| <$*> $| <$+> <> $@ <$3> @@ -1530,7 +1556,7 @@ R$@ $| $* $#error $@ 5.7.1 $: "550 not authenticated" R$* $| $&{auth_authen} $@ identical R$* $| <$&{auth_authen}> $@ identical -R$* $| $* $: $1 $| $>"Local_trust_auth" $1 +R$* $| $* $: $1 $| $>"Local_trust_auth" $2 R$* $| $#$* $#$2 R$* $#error $@ 5.7.1 $: "550 " $&{auth_authen} " not allowed to act as " $&{auth_author} @@ -1624,16 +1650,16 @@ STLS_connection R$* $| <$*>$* $: $1 $| <$2> # create the appropriate error codes -R$* $| <PERM + $={tls} $*> $: $1 $| <503:5.7.0> <$2 $3> -R$* $| <TEMP + $={tls} $*> $: $1 $| <403:4.7.0> <$2 $3> -R$* $| <$={tls} $*> $: $1 $| <403:4.7.0> <$2 $3> +R$* $| <PERM + $={Tls} $*> $: $1 $| <503:5.7.0> <$2 $3> +R$* $| <TEMP + $={Tls} $*> $: $1 $| <403:4.7.0> <$2 $3> +R$* $| <$={Tls} $*> $: $1 $| <403:4.7.0> <$2 $3> # deal with TLS handshake failures: abort RSOFTWARE $| <$-:$+> $* $#error $@ $2 $: $1 " TLS handshake failed." RSOFTWARE $| $* $#error $@ 4.7.0 $: "403 TLS handshake failed." R$* $| <$*> <VERIFY> $: <$2> <VERIFY> <> $1 R$* $| <$*> <VERIFY + $+> $: <$2> <VERIFY> <$3> $1 -R$* $| <$*> <$={tls}:$->$* $: <$2> <$3:$4> <> $1 -R$* $| <$*> <$={tls}:$- + $+>$* $: <$2> <$3:$4> <$5> $1 +R$* $| <$*> <$={Tls}:$->$* $: <$2> <$3:$4> <> $1 +R$* $| <$*> <$={Tls}:$- + $+>$* $: <$2> <$3:$4> <$5> $1 R$* $| $* $@ OK # authentication required: give appropriate error # other side did authenticate (via STARTTLS)