diff options
Diffstat (limited to 'gnu/usr.sbin/sendmail/cf/m4/proto.m4')
| -rw-r--r-- | gnu/usr.sbin/sendmail/cf/m4/proto.m4 | 77 |
1 files changed, 70 insertions, 7 deletions
diff --git a/gnu/usr.sbin/sendmail/cf/m4/proto.m4 b/gnu/usr.sbin/sendmail/cf/m4/proto.m4 index 5aa0753d51e..1a8d652d712 100644 --- a/gnu/usr.sbin/sendmail/cf/m4/proto.m4 +++ b/gnu/usr.sbin/sendmail/cf/m4/proto.m4 @@ -13,7 +13,7 @@ divert(-1) # divert(0) -VERSIONID(`$Sendmail: proto.m4,v 8.719 2006/03/30 20:50:13 ca Exp $') +VERSIONID(`$Sendmail: proto.m4,v 8.726 2007/01/04 18:27:46 ca Exp $') # level CF_LEVEL config file format V`'CF_LEVEL/ifdef(`VENDOR_NAME', `VENDOR_NAME', `Berkeley') @@ -396,12 +396,11 @@ _OPTION(FastSplit, `confFAST_SPLIT', `1') # queue directory O QueueDirectory=ifdef(`QUEUE_DIR', QUEUE_DIR, `/var/spool/mqueue') -# key for shared memory; 0 to turn off +# key for shared memory; 0 to turn off, -1 to auto-select _OPTION(SharedMemoryKey, `confSHARED_MEMORY_KEY', `0') -ifdef(`confSHARED_MEMORY_KEY_FILE', `dnl -# file to store key for shared memory (if SharedMemoryKey = -1) -O SharedMemoryKeyFile=confSHARED_MEMORY_KEY_FILE') +# file to store auto-selected key for shared memory (SharedMemoryKey = -1) +_OPTION(SharedMemoryKeyFile, `confSHARED_MEMORY_KEY_FILE', `') # timeouts (many of these) _OPTION(Timeout.initial, `confTO_INITIAL', `5m') @@ -452,7 +451,7 @@ _OPTION(DontPruneRoutes, `confDONT_PRUNE_ROUTES', `False') _OPTION(SuperSafe, `confSAFE_QUEUE', `True') # status file -O StatusFile=ifdef(`STATUS_FILE', `STATUS_FILE', `MAIL_SETTINGS_DIR`'statistics') +_OPTION(StatusFile, `STATUS_FILE') # time zone handling: # if undefined, use system default @@ -669,6 +668,12 @@ _OPTION(DHParameters, `confDH_PARAMETERS', `') # Random data source (required for systems without /dev/urandom under OpenSSL) _OPTION(RandFile, `confRAND_FILE', `') +# Maximum number of "useless" commands before slowing down +_OPTION(MaxNOOPCommands, `confMAX_NOOP_COMMANDS', `20') + +# Name to use for EHLO (defaults to $j) +_OPTION(HeloName, `confHELO_NAME') + ############################ `# QUEUE GROUP DEFINITIONS #' ############################ @@ -1782,6 +1787,14 @@ ifdef(`_CONN_CONTROL_IMMEDIATE_',`',`dnl dnl workspace: ignored... R$* $: $>"ConnControl" dummy')', `dnl') undivert(8) +ifdef(`_REQUIRE_RDNS_', `dnl +R$* $: $&{client_addr} $| $&{client_resolve} +R$=R $* $@ RELAY We relay for these +R$* $| OK $@ OK Resolves. +R$* $| FAIL $#error $@ 5.7.1 $: 550 Fix reverse DNS for $1 +R$* $| TEMP $#error $@ 4.1.8 $: 451 Client IP address $1 does not resolve +R$* $| FORGED $#error $@ 4.1.8 $: 451 Possibly forged hostname for $1 +', `dnl') ###################################################################### ### check_mail -- check SMTP ``MAIL FROM:'' command argument @@ -1907,7 +1920,7 @@ R<? $+> $* $#error $@ 5.5.4 $: "_CODE553 Domain name required for sender addres ...remote is not') # check results R<?> $* $: @ $1 mark address: nothing known about it -R<$={ResOk}> $* $@ <_RES_OK_> domain ok: stop +R<$={ResOk}> $* $: @ $2 domain ok R<TEMP> $* $#error $@ 4.1.8 $: "451 Domain of sender address " $&f " does not resolve" R<PERM> $* $#error $@ 5.1.8 $: "_CODE553 Domain of sender address " $&f " does not exist" ifdef(`_ACCESS_TABLE_', `dnl @@ -1922,6 +1935,34 @@ ifdef(`_ATMPF_', `R<_ATMPF_> $* $#error $@ 4.3.0 $: "451 Temporary system failu dnl generic error from access map R<$+> $* $#error $: $1 error from access db', `dnl') +dnl workspace: @ CanonicalAddress (i.e. address in canonical form localpart<@host>) + +ifdef(`_BADMX_CHK_', `dnl +R@ $*<@$+>$* $: $1<@$2>$3 $| $>BadMX $2 +R$* $| $#$* $#$2 + +SBadMX +# Look up MX records and ferret away a copy of the original address. +# input: domain part of address to check +R$+ $:<MX><$1><:$(mxlist $1$):><:> +# workspace: <MX><domain><: mxlist-result $><:> +R<MX><$+><:$*<TEMP>:><$*> $#error $@ 4.1.2 $: "450 MX lookup failure for "$1 +# workspace: <MX> <original destination> <unchecked mxlist> <checked mxlist> +# Recursively run badmx check on each mx. +R<MX><$*><:$+:$*><:$*> <MX><$1><:$3><: $4 $(badmx $2 $):> +# See if any of them fail. +R<MX><$*><$*><$*<BADMX>:$*> $#error $@ 5.1.2 $:"550 Illegal MX record for recipient host "$1 +# Reverse the mxlists so we can use the same argument order again. +R<MX><$*><$*><$*> $:<MX><$1><$3><$2> +R<MX><$*><:$+:$*><:$*> <MX><$1><:$3><:$4 $(dnsA $2 $) :> + +# Reverse the lists so we can use the same argument order again. +R<MX><$*><$*><$*> $:<MX><$1><$3><$2> +R<MX><$*><:$+:$*><:$*> <MX><$1><:$3><:$4 $(BadMXIP $2 $) :> + +R<MX><$*><$*><$*<BADMXIP>:$*> $#error $@ 5.1.2 $:"550 Invalid MX record for recipient host "$1', +`dnl') + ###################################################################### ### check_rcpt -- check SMTP ``RCPT TO:'' command argument @@ -2312,6 +2353,7 @@ ifdef(`_SPAM_HATER_', R<HATER> $+ $: $1 spam hater: continue checks R<$*> $+ $@ $>"Delay_TLS_Clt2" NOSPAMHATER everyone else: stop dnl',`dnl') + dnl run further checks: check_mail dnl should we "clean up" $&f? ifdef(`_FFR_MAIL_MACRO', @@ -2325,6 +2367,27 @@ R$* $| $#$* $#$2 R$* $| $* $: $1 ', `dnl') +ifdef(`_BLOCK_BAD_HELO_', `dnl +R$* $: $1 $| <$&{auth_authen}> Get auth info +dnl Bypass the test for users who have authenticated. +R$* $| <$+> $: $1 skip if auth +R$* $| <$*> $: $1 $| <$&{client_addr}> [$&s] Get connection info +dnl Bypass for local clients -- IP address starts with $=R +R$* $| <$=R $*> [$*] $: $1 skip if local client +dnl Bypass a "sendmail -bs" session, which use 0 for client ip address +R$* $| <0> [$*] $: $1 skip if sendmail -bs +dnl Reject our IP - assumes "[ip]" is in class $=w +R$* $| <$*> $=w $#error $@ 5.7.1 $:"550 bogus HELO name used: " $&s +dnl Reject our hostname +R$* $| <$*> [$=w] $#error $@ 5.7.1 $:"550 bogus HELO name used: " $&s +dnl Pass anything else with a "." in the domain parameter +R$* $| <$*> [$+.$+] $: $1 qualified domain ok +dnl Reject if there was no "." or only an initial or final "." +R$* $| <$*> [$*] $#error $@ 5.7.1 $:"550 bogus HELO name used: " $&s +dnl Clean up the workspace +R$* $| $* $: $1 +', `dnl') + ifdef(`_ACCESS_TABLE_', `dnl', `divert(-1)') ###################################################################### ### F: LookUpFull -- search for an entry in access database |