sync with reality

3 files changed, 160 insertions, 13 deletions

diff --git a/gnu/usr.sbin/sendmail/cf/cf/courtesan-lists.mc b/gnu/usr.sbin/sendmail/cf/cf/courtesan-lists.mc
index 36a203aee2b..a5d05fabfee 100644
--- a/gnu/usr.sbin/sendmail/cf/cf/courtesan-lists.mc
+++ b/gnu/usr.sbin/sendmail/cf/cf/courtesan-lists.mc
@@ -6,7 +6,7 @@ divert(-1)
 #
 
 divert(0)dnl
-VERSIONID(`$OpenBSD: courtesan-lists.mc,v 1.4 2001/09/11 19:02:48 millert Exp $')
+VERSIONID(`$OpenBSD: courtesan-lists.mc,v 1.5 2001/12/04 02:23:56 millert Exp $')
 OSTYPE(openbsd)dnl
 dnl
 dnl Advertise ourselves as ``lists.courtesan.com''
@@ -23,6 +23,15 @@ define(`confTRY_NULL_MX_LIST', `True')dnl
 define(`confMAX_HOP', `30')dnl
 define(`confMAX_MIME_HEADER_LENGTH', `256/128')dnl
 dnl
+dnl TLS certificates for encrypted mail
+define(`CERT_DIR', `MAIL_SETTINGS_DIR`'certs')dnl
+define(`confCACERT_PATH', `CERT_DIR')dnl
+define(`confCACERT', `CERT_DIR/mycert.pem')dnl
+define(`confSERVER_CERT', `CERT_DIR/mycert.pem')dnl
+define(`confSERVER_KEY', `CERT_DIR/mykey.pem')dnl
+define(`confCLIENT_CERT', `CERT_DIR/mycert.pem')dnl
+define(`confCLIENT_KEY', `CERT_DIR/mykey.pem')dnl
+dnl
 dnl Always use fully qualified domains
 FEATURE(always_add_domain)
 dnl
@@ -54,6 +63,14 @@ dnl List the mailers we support
 MAILER(local)dnl
 MAILER(smtp)dnl
 dnl
+dnl We want to support IPv6
+DAEMON_OPTIONS(`Family=inet, address=0.0.0.0, Name=MTA')dnl
+DAEMON_OPTIONS(`Family=inet6, address=::, Name=MTA6, M=O')dnl
+DAEMON_OPTIONS(`Family=inet, address=0.0.0.0, Port=587, Name=MSA, M=E')dnl
+DAEMON_OPTIONS(`Family=inet6, address=::, Port=587, Name=MSA6, M=O, M=E')dnl
+CLIENT_OPTIONS(`Family=inet6, Address=::')dnl
+CLIENT_OPTIONS(`Family=inet, Address=0.0.0.0')dnl
+dnl
 dnl Finally, we have the local cf-style goo
 LOCAL_CONFIG
 #
@@ -79,6 +96,7 @@ HTo: $>CheckTo
 HMessage-Id: $>CheckMessageId
 HSubject: $>Check_Subject
 HX-Spanska: $>Spanska
+HContent-Type: $>Check_Content
 
 #
 # Melissa worm detection (done in Check_Subject)
@@ -95,6 +113,29 @@ D{ILPat}ILOVEYOU
 D{ILMsg}This message may contain the ILOVEYOU virus; see http://www.datafellows.com/v-descs/love.htm
 
 #
+# Life stages worm detection (done in Check_Subject)
+# See http://www.f-secure.com/v-descs/stages.htm
+#
+D{LSPat}Fw: Life stages
+D{LSMsg}This message may contain the Life stages virus; see http://www.f-secure.com/v-descs/stages.htm
+
+#
+# W32/Badtrans worm detection (done in Check_Content)
+# See see http://vil.nai.com/vil/virusSummary.asp?virus_k=99069
+#
+D{WPat1}boundary= \"====_ABC1234567890DEF_====\"
+D{WPat2}boundary= \"====_ABC0987654321DEF_====\"
+D{WMsg}This message may contain the W32/Badtrans@MM virus; see http://vil.nai.com/vil/virusSummary.asp?virus_k=99069
+
+#
+# Reject mail based on regexp above
+#
+SLocal_check_mail
+R$*				$: $>Parse0 $>3 $1
+R$+				$: $(checkaddress $1 $)
+R@MATCH				$#error $: "553 Header error"
+
+#
 # Reject some mail based on To: header
 #
 SCheckTo
@@ -122,3 +163,12 @@ R${MPat} $*			$#error $: 553 ${MMsg}
 RRe: ${MPat} $*			$#error $: 553 ${MMsg}
 R${ILPat}			$#error $: 553 ${ILMsg}
 RRe: ${ILPat}			$#error $: 553 ${ILMsg}
+R${LSPat}			$#error $: 553 ${LSMsg}
+RRe: ${LSPat}			$#error $: 553 ${LSMsg}
+
+#
+# Check Content-Type header for worm/virus telltales
+#
+SCheck_Content
+R$+ ${WPat1} $*			$#error $: 553 ${WMsg}
+R$+ ${WPat2} $*			$#error $: 553 ${WMsg}
diff --git a/gnu/usr.sbin/sendmail/cf/cf/courtesan.mc b/gnu/usr.sbin/sendmail/cf/cf/courtesan.mc
index 64b27fef2dd..16c8fd1b031 100644
--- a/gnu/usr.sbin/sendmail/cf/cf/courtesan.mc
+++ b/gnu/usr.sbin/sendmail/cf/cf/courtesan.mc
@@ -4,7 +4,7 @@ divert(-1)
 #
 
 divert(0)dnl
-VERSIONID(`$OpenBSD: courtesan.mc,v 1.7 2001/09/11 19:02:48 millert Exp $')
+VERSIONID(`$OpenBSD: courtesan.mc,v 1.8 2001/12/04 02:23:56 millert Exp $')
 OSTYPE(openbsd)
 dnl
 dnl First, we override some default values
@@ -17,6 +17,15 @@ dnl Some broken nameservers will return SERVFAIL (a temporary failure)
 dnl on T_AAAA (IPv6) lookups.
 define(`confBIND_OPTS', `WorkAroundBrokenAAAA')dnl
 dnl
+dnl TLS certificates for encrypted mail
+define(`CERT_DIR', `MAIL_SETTINGS_DIR`'certs')dnl
+define(`confCACERT_PATH', `CERT_DIR')dnl
+define(`confCACERT', `CERT_DIR/mycert.pem')dnl
+define(`confSERVER_CERT', `CERT_DIR/mycert.pem')dnl
+define(`confSERVER_KEY', `CERT_DIR/mykey.pem')dnl
+define(`confCLIENT_CERT', `CERT_DIR/mycert.pem')dnl
+define(`confCLIENT_KEY', `CERT_DIR/mykey.pem')dnl
+dnl
 dnl Next, we define the features we want
 FEATURE(nouucp, `reject')dnl
 FEATURE(always_add_domain)dnl
@@ -40,12 +49,17 @@ dnl FEATURE(dnsbl, `dul.maps.vix.com', `Dialup - see http://www.mail-abuse.org/d
 dnl FEATURE(dnsbl, `relays.mail-abuse.org', `Open spam relay - see http://www.mail-abuse.org/rss/')dnl
 dnl
 dnl Then, we enumerate which mailers we support
-MAILER(local)
-MAILER(smtp)
+FEATURE(`no_default_msa')dnl
+MAILER(local)dnl
+MAILER(smtp)dnl
 dnl
 dnl We want to support IPv6
 DAEMON_OPTIONS(`Family=inet, address=0.0.0.0, Name=MTA')dnl
 DAEMON_OPTIONS(`Family=inet6, address=::, Name=MTA6, M=O')dnl
+DAEMON_OPTIONS(`Family=inet, address=0.0.0.0, Port=587, Name=MSA, M=E')dnl
+DAEMON_OPTIONS(`Family=inet6, address=::, Port=587, Name=MSA6, M=O, M=E')dnl
+CLIENT_OPTIONS(`Family=inet6, Address=::')dnl
+CLIENT_OPTIONS(`Family=inet, Address=0.0.0.0')dnl
 dnl
 dnl Finally, we have the local cf-style goo
 LOCAL_CONFIG
@@ -66,9 +80,54 @@ C{RejectToDomains}		public.com the-internet.com
 
 LOCAL_RULESETS
 #
-# Reject some mail based on To: header
+# Header checks
 #
 HTo: $>CheckTo
+HMessage-Id: $>CheckMessageId
+HSubject: $>Check_Subject
+HX-Spanska: $>Spanska
+HContent-Type: $>Check_Content
+
+#
+# Melissa worm detection (done in Check_Subject)
+# See http://www.cert.org/advisories/CA-99-04-Melissa-Macro-Virus.html
+#
+D{MPat}Important Message From
+D{MMsg}This message may contain the Melissa virus; see http://www.cert.org/advisories/CA-99-04-Melissa-Macro-Virus.html
+
+#
+# ILOVEYOU worm detection (done in Check_Subject)
+# See http://www.datafellows.com/v-descs/love.htm
+#
+D{ILPat}ILOVEYOU
+D{ILMsg}This message may contain the ILOVEYOU virus; see http://www.datafellows.com/v-descs/love.htm
+
+#
+# Life stages worm detection (done in Check_Subject)
+# See http://www.f-secure.com/v-descs/stages.htm
+#
+D{LSPat}Fw: Life stages
+D{LSMsg}This message may contain the Life stages virus; see http://www.f-secure.com/v-descs/stages.htm
+
+#
+# W32/Badtrans worm detection (done in Check_Content)
+# See see http://vil.nai.com/vil/virusSummary.asp?virus_k=99069
+#
+D{WPat1}boundary= \"====_ABC1234567890DEF_====\"
+D{WPat2}boundary= \"====_ABC0987654321DEF_====\"
+D{WMsg}This message may contain the W32/Badtrans@MM virus; see http://vil.nai.com/vil/virusSummary.asp?virus_k=99069
+
+#
+# Reject mail based on regexp above
+#
+SLocal_check_mail
+R$*				$: $>Parse0 $>3 $1
+R$+				$: $(checkaddress $1 $)
+R@MATCH				$#error $: "553 Header error"
+
+#
+# Reject some mail based on To: header
+#
 SCheckTo
 R$={RejectToLocalparts}@$*	$#error $: "553 Header error"
 R$*@$={RejectToDomains}		$#error $: "553 Header error"
@@ -76,16 +135,30 @@ R$*@$={RejectToDomains}		$#error $: "553 Header error"
 #
 # Enforce valid Message-Id to help stop spammers
 #
-HMessage-Id: $>CheckMessageId
 SCheckMessageId
 R< $+ @ $+ >			$@ OK
 R$*				$#error $: 553 Header Error
 
-LOCAL_RULESETS
 #
-# Reject mail based on regexp above
+# Happy99 worm detection
 #
-SLocal_check_mail
-R$*				$: $>Parse0 $>3 $1
-R$+				$: $(checkaddress $1 $)
-R@MATCH				$#error $: "553 Header error"
+SSpanska
+R$*				$#error $: "553 Your system is probably infected by the Happy99 worm; see http://www.symantec.com/avcenter/venc/data/happy99.worm.html"
+
+#
+# Check Subject line for worm/virus telltales
+#
+SCheck_Subject
+R${MPat} $*			$#error $: 553 ${MMsg}
+RRe: ${MPat} $*			$#error $: 553 ${MMsg}
+R${ILPat}			$#error $: 553 ${ILMsg}
+RRe: ${ILPat}			$#error $: 553 ${ILMsg}
+R${LSPat}			$#error $: 553 ${LSMsg}
+RRe: ${LSPat}			$#error $: 553 ${LSMsg}
+
+#
+# Check Content-Type header for worm/virus telltales
+#
+SCheck_Content
+R$+ ${WPat1} $*			$#error $: 553 ${WMsg}
+R$+ ${WPat2} $*			$#error $: 553 ${WMsg}
diff --git a/gnu/usr.sbin/sendmail/cf/cf/openbsd-lists.mc b/gnu/usr.sbin/sendmail/cf/cf/openbsd-lists.mc
index 817f081a393..55b4ee64cc6 100644
--- a/gnu/usr.sbin/sendmail/cf/cf/openbsd-lists.mc
+++ b/gnu/usr.sbin/sendmail/cf/cf/openbsd-lists.mc
@@ -6,7 +6,7 @@ divert(-1)
 #
 
 divert(0)dnl
-VERSIONID(`$OpenBSD: openbsd-lists.mc,v 1.7 2001/11/29 18:47:58 millert Exp $')
+VERSIONID(`$OpenBSD: openbsd-lists.mc,v 1.8 2001/12/04 02:23:56 millert Exp $')
 OSTYPE(openbsd)dnl
 dnl
 dnl Advertise ourselves as ``openbsd.org''
@@ -108,6 +108,7 @@ HTo: $>CheckTo
 HMessage-Id: $>CheckMessageId
 HSubject: $>Check_Subject
 HX-Spanska: $>Spanska
+HContent-Type: $>Check_Content
 
 #
 # Melissa worm detection (done in Check_Subject)
@@ -131,6 +132,22 @@ D{LSPat}Fw: Life stages
 D{LSMsg}This message may contain the Life stages virus; see http://www.f-secure.com/v-descs/stages.htm
 
 #
+# W32/Badtrans worm detection (done in Check_Content)
+# See see http://vil.nai.com/vil/virusSummary.asp?virus_k=99069
+#
+D{WPat1}boundary= \"====_ABC1234567890DEF_====\"
+D{WPat2}boundary= \"====_ABC0987654321DEF_====\"
+D{WMsg}This message may contain the W32/Badtrans@MM virus; see http://vil.nai.com/vil/virusSummary.asp?virus_k=99069
+
+#
+# Reject mail based on regexp above
+#
+SLocal_check_mail
+R$*				$: $>Parse0 $>3 $1
+R$+				$: $(checkaddress $1 $)
+R@MATCH				$#error $: "553 Header error"
+
+#
 # Reject some mail based on To: header
 #
 SCheckTo
@@ -160,3 +177,10 @@ R${ILPat}			$#error $: 553 ${ILMsg}
 RRe: ${ILPat}			$#error $: 553 ${ILMsg}
 R${LSPat}			$#error $: 553 ${LSMsg}
 RRe: ${LSPat}			$#error $: 553 ${LSMsg}
+
+#
+# Check Content-Type header for worm/virus telltales
+#
+SCheck_Content
+R$+ ${WPat1} $*			$#error $: 553 ${WMsg}
+R$+ ${WPat2} $*			$#error $: 553 ${WMsg}