diff options
Diffstat (limited to 'gnu/usr.sbin/sendmail/cf')
| -rw-r--r-- | gnu/usr.sbin/sendmail/cf/README | 83 | ||||
| -rw-r--r-- | gnu/usr.sbin/sendmail/cf/feature/dnsbl.m4 | 10 | ||||
| -rw-r--r-- | gnu/usr.sbin/sendmail/cf/feature/enhdnsbl.m4 | 6 | ||||
| -rw-r--r-- | gnu/usr.sbin/sendmail/cf/feature/preserve_luser_host.m4 | 5 | ||||
| -rw-r--r-- | gnu/usr.sbin/sendmail/cf/m4/proto.m4 | 21 | ||||
| -rw-r--r-- | gnu/usr.sbin/sendmail/cf/m4/version.m4 | 4 |
6 files changed, 96 insertions, 33 deletions
diff --git a/gnu/usr.sbin/sendmail/cf/README b/gnu/usr.sbin/sendmail/cf/README index 62c9bae1873..91d5290f405 100644 --- a/gnu/usr.sbin/sendmail/cf/README +++ b/gnu/usr.sbin/sendmail/cf/README @@ -453,6 +453,19 @@ CYRUS_BB_MAILER_FLAGS [u] The flags used by the cyrusbb mailer. The flags lsDFMnP are always included. CYRUS_BB_MAILER_ARGS [deliver -e -m $u] The arguments passed to deliver cyrusbb mail. +CYRUSV2_MAILER_FLAGS [A@/:|m] The flags used by the cyrusv2 mailer. The + flags lsDFMnqXz are always included. +CYRUSV2_MAILER_MAXMSGS [undefined] If defined, the maximum number of + messages to deliver in a single connection for the + cyrusv2 mailer. +CYRUSV2_MAILER_MAXRCPTS [undefined] If defined, the maximum number of + recipients to deliver in a single connection for the + cyrusv2 mailer. +CYRUSV2_MAILER_ARGS [FILE /var/imap/socket/lmtp] The arguments passed + to the cyrusv2 mailer. This can be used to + change the name of the Unix domain socket, or + to switch to delivery via TCP (e.g., `TCP $h lmtp') +CYRUSV2_MAILER_QGRP [undefined] The queue group for the cyrusv2 mailer. confEBINDIR [/usr/libexec] The directory for executables. Currently used for FEATURE(`local_lmtp') and FEATURE(`smrsh'). @@ -634,6 +647,14 @@ cyrus The cyrus and cyrusbb mailers. The cyrus mailer delivers to cyrus mailbox if the mailbox's ACL permits. The cyrus mailer must be defined after the local mailer. +cyrusv2 The mailer for Cyrus v2.x. The cyrusv2 mailer delivers to + local cyrus users via LMTP. This mailer can make use of the + "user+detail@local.host" syntax (see + FEATURE(`preserve_local_plus_detail')); it will deliver the + mail to the user's "detail" mailbox if the mailbox's ACL + permits. The cyrusv2 mailer must be defined after the + local mailer. + qpage A mailer for QuickPage, a pager interface. See http://www.qpage.org/ for further information. @@ -1084,16 +1105,15 @@ promiscuous_relay MASQUERADE_DOMAIN_FILE, see below). relay_entire_domain - By default, only hosts listed as RELAY in the access db - will be allowed to relay. This option also allows any - host in your domain as defined by class {m}. - Notice: make sure that your domain is not just a top level - domain, e.g., com. This can happen if you give your - host a name like example.com instead of host.example.com. + This option allows any host in your domain as defined by + class {m} to use your server for relaying. Notice: make + sure that your domain is not just a top level domain, + e.g., com. This can happen if you give your host a name + like example.com instead of host.example.com. relay_hosts_only By default, names that are listed as RELAY in the access - db and class {R} are domain names, not host names. + db and class {R} are treated as domain names, not host names. For example, if you specify ``foo.com'', then mail to or from foo.com, abc.foo.com, or a.very.deep.domain.foo.com will all be accepted for relaying. This feature changes @@ -1120,8 +1140,8 @@ relay_mail_from relaying can be allowed just based on the domain portion of the sender address. This feature should only be used if absolutely necessary as the sender address can be easily - forged. Use of this feature requires the "From:" tag be - prepended to the key in the access map; see the discussion + forged. Use of this feature requires the "From:" tag to + be used for the key in the access map; see the discussion of tags and FEATURE(`relay_mail_from') in the section on anti-spam configuration control. @@ -1203,6 +1223,16 @@ dnsbl Turns on rejection of hosts found in an DNS based rejection to query different DNS based rejection lists. See also enhdnsbl for an enhanced version. + Some DNS based rejection lists cause failures if asked + for AAAA records. If your sendmail version is compiled + with IPv6 support (NETINET6) and you experience this + problem, add + + define(`DNSBL_MAP', `dns -R A') + + before the first use of this feature. Alternatively you + can use enhdnsbl instead (see below). + NOTE: The default DNS blacklist, blackholes.mail-abuse.org, is a service offered by the Mail Abuse Prevention System (MAPS). As of July 31, 2001, MAPS is a subscription @@ -1293,6 +1323,15 @@ msp Defines config file for Message Submission Program. Some more hints about possible changes can be found below in the section MESSAGE SUBMISSION PROGRAM. + Note: if localhost doesn't resolve to the IP address + of your local system (127.0.0.1 or ::1 for IPv6), + then you either need to fix your hostname resolution + (localhost and localhost.YOUR.DOMAIN should resolve + to that address by convention) or you need to specify + the IP address as argument, e.g., + + FEATURE(`msp', `[127.0.0.1]') + queuegroup A simple example how to select a queue group based on the full e-mail address or the domain of the recipient. Selection is done via entries in the @@ -3212,7 +3251,7 @@ more careful about checking for security problems than previous versions, but there are some things that you still need to watch for. In particular: -* Make sure the aliases file isn't writable except by trusted +* Make sure the aliases file is not writable except by trusted system personnel. This includes both the text and database version. @@ -3517,18 +3556,18 @@ confTO_HOSTSTATUS Timeout.hoststatus information (see below). confTO_RESOLVER_RETRANS Timeout.resolver.retrans [varies] Sets the resolver's - retransmition time interval (in + retransmission time interval (in seconds). Sets both Timeout.resolver.retrans.first and Timeout.resolver.retrans.normal. confTO_RESOLVER_RETRANS_FIRST Timeout.resolver.retrans.first [varies] Sets the resolver's - retransmition time interval (in + retransmission time interval (in seconds) for the first attempt to deliver a message. confTO_RESOLVER_RETRANS_NORMAL Timeout.resolver.retrans.normal [varies] Sets the resolver's - retransmition time interval (in + retransmission time interval (in seconds) for all resolver lookups except the first delivery attempt. confTO_RESOLVER_RETRY Timeout.resolver.retry @@ -4018,10 +4057,24 @@ absolutely sure you need them. Options you may want to change include: - confTRUSTED_USERS, FEATURE(`use_ct_file'), and confCT_FILE for - avoiding X-Authorization warnings. + avoiding X-Authentication warnings. - confTIME_ZONE to change it from the default `USE_TZ'. - confDELIVERY_MODE is set to interactive in msp.m4 instead of the default background mode. +- FEATURE(stickyhost) and LOCAL_RELAY to send unqualified addresses + to the LOCAL_RELAY instead of the default relay. +- confRAND_FILE if you use STARTTLS and sendmail is not compiled with + the flag HASURANDOM. + +The MSP performs hostname canonicalization by default. As also +explained in sendmail/SECURITY, mail may end up for various DNS +related reasons in the MSP queue. This problem can be minimized by +using + + FEATURE(`nocanonify', `canonify_hosts') + define(`confDIRECT_SUBMISSION_MODIFIERS', `C') + +See the discussion about nocanonify for possible side effects. Some things are not intended to work with the MSP. These include features that influence the delivery process (e.g., mailertable, @@ -4258,4 +4311,4 @@ M4 DIVERSIONS 8 DNS based blacklists 9 special local rulesets (1 and 2) -$Revision: 1.12 $, Last updated $Date: 2002/04/18 00:49:26 $ +$Revision: 1.13 $, Last updated $Date: 2002/06/03 17:25:45 $ diff --git a/gnu/usr.sbin/sendmail/cf/feature/dnsbl.m4 b/gnu/usr.sbin/sendmail/cf/feature/dnsbl.m4 index cd869c04359..ab4c5b79e30 100644 --- a/gnu/usr.sbin/sendmail/cf/feature/dnsbl.m4 +++ b/gnu/usr.sbin/sendmail/cf/feature/dnsbl.m4 @@ -1,6 +1,6 @@ divert(-1) # -# Copyright (c) 1998-2001 Sendmail, Inc. and its suppliers. +# Copyright (c) 1998-2002 Sendmail, Inc. and its suppliers. # All rights reserved. # # By using this file, you agree to the terms and conditions set @@ -9,16 +9,18 @@ divert(-1) # # +dnl 8.13: ifdef(`DNSBL_MAP', `', `define(`DNSBL_MAP', `dns -R A')') +ifdef(`DNSBL_MAP', `', `define(`DNSBL_MAP', `host')') divert(0) ifdef(`_DNSBL_R_',`dnl',`dnl -VERSIONID(`$Sendmail: dnsbl.m4,v 8.26 2001/11/12 16:04:14 ca Exp $') +VERSIONID(`$Sendmail: dnsbl.m4,v 8.28 2002/05/19 21:22:40 gshapiro Exp $') define(`_DNSBL_R_',`') LOCAL_CONFIG # map for DNS based blacklist lookups -Kdnsbl host -T<TMP>ifdef(`DNSBL_MAP_OPT',` DNSBL_MAP_OPT')') +Kdnsbl DNSBL_MAP -T<TMP>ifdef(`DNSBL_MAP_OPT',` DNSBL_MAP_OPT')') divert(-1) define(`_DNSBL_SRV_', `ifelse(len(X`'_ARG_),`1',`blackholes.mail-abuse.org',_ARG_)')dnl -define(`_DNSBL_MSG_', `ifelse(len(X`'_ARG2_),`1',`"550 Mail from " $`'&{client_addr} " refused by blackhole site '_DNSBL_SRV_`"',`_ARG2_')')dnl +define(`_DNSBL_MSG_', `ifelse(len(X`'_ARG2_),`1',`"550 Rejected: " $`'&{client_addr} " listed at '_DNSBL_SRV_`"',`_ARG2_')')dnl define(`_DNSBL_MSG_TMP_', `ifelse(_ARG3_,`t',`"451 Temporary lookup failure of " $`'&{client_addr} " at '_DNSBL_SRV_`"',`_ARG3_')')dnl divert(8) # DNS based IP address spam list _DNSBL_SRV_ diff --git a/gnu/usr.sbin/sendmail/cf/feature/enhdnsbl.m4 b/gnu/usr.sbin/sendmail/cf/feature/enhdnsbl.m4 index 6f807c06a87..86b03a3e6df 100644 --- a/gnu/usr.sbin/sendmail/cf/feature/enhdnsbl.m4 +++ b/gnu/usr.sbin/sendmail/cf/feature/enhdnsbl.m4 @@ -1,6 +1,6 @@ divert(-1) # -# Copyright (c) 2000-2001 Sendmail, Inc. and its suppliers. +# Copyright (c) 2000-2002 Sendmail, Inc. and its suppliers. # All rights reserved. # # By using this file, you agree to the terms and conditions set @@ -11,7 +11,7 @@ divert(-1) divert(0) ifdef(`_EDNSBL_R_',`dnl',`dnl -VERSIONID(`$Sendmail: enhdnsbl.m4,v 1.7 2001/07/22 18:02:52 ca Exp $') +VERSIONID(`$Sendmail: enhdnsbl.m4,v 1.9 2002/05/19 21:27:29 gshapiro Exp $') LOCAL_CONFIG define(`_EDNSBL_R_',`')dnl # map for enhanced DNS based blacklist lookups @@ -19,7 +19,7 @@ Kednsbl dns -R A -a. -T<TMP> -r`'ifdef(`EDNSBL_TO',`EDNSBL_TO',`5') ') divert(-1) define(`_EDNSBL_SRV_', `ifelse(len(X`'_ARG_),`1',`blackholes.mail-abuse.org',_ARG_)')dnl -define(`_EDNSBL_MSG_', `ifelse(len(X`'_ARG2_),`1',`"550 Mail from " $`'&{client_addr} " refused by blackhole site '_EDNSBL_SRV_`"',`_ARG2_')')dnl +define(`_EDNSBL_MSG_', `ifelse(len(X`'_ARG2_),`1',`"550 Rejected: " $`'&{client_addr} " listed at '_EDNSBL_SRV_`"',`_ARG2_')')dnl define(`_EDNSBL_MSG_TMP_', `ifelse(_ARG3_,`t',`"451 Temporary lookup failure of " $`'&{client_addr} " at '_EDNSBL_SRV_`"',`_ARG3_')')dnl define(`_EDNSBL_MATCH_', `ifelse(len(X`'_ARG4_),`1',`$`'+',_ARG4_)')dnl divert(8) diff --git a/gnu/usr.sbin/sendmail/cf/feature/preserve_luser_host.m4 b/gnu/usr.sbin/sendmail/cf/feature/preserve_luser_host.m4 index 6f67c266b81..600a0894bb5 100644 --- a/gnu/usr.sbin/sendmail/cf/feature/preserve_luser_host.m4 +++ b/gnu/usr.sbin/sendmail/cf/feature/preserve_luser_host.m4 @@ -1,6 +1,6 @@ divert(-1) # -# Copyright (c) 2000 Sendmail, Inc. and its suppliers. +# Copyright (c) 2000, 2002 Sendmail, Inc. and its suppliers. # All rights reserved. # # By using this file, you agree to the terms and conditions set @@ -10,10 +10,11 @@ divert(-1) # divert(0) -VERSIONID(`$Sendmail: preserve_luser_host.m4,v 1.2 2000/11/10 18:50:30 ca Exp $') +VERSIONID(`$Sendmail: preserve_luser_host.m4,v 1.3 2002/04/14 13:22:58 ca Exp $') divert(-1) ifdef(`LUSER_RELAY', `', `errprint(`*** LUSER_RELAY should be defined before FEATURE(`preserve_luser_host') ')') define(`_PRESERVE_LUSER_HOST_', `1') +define(`_NEED_MACRO_MAP_', `1') diff --git a/gnu/usr.sbin/sendmail/cf/m4/proto.m4 b/gnu/usr.sbin/sendmail/cf/m4/proto.m4 index 08b887b7ec8..66578994f11 100644 --- a/gnu/usr.sbin/sendmail/cf/m4/proto.m4 +++ b/gnu/usr.sbin/sendmail/cf/m4/proto.m4 @@ -13,7 +13,7 @@ divert(-1) # divert(0) -VERSIONID(`$Sendmail: proto.m4,v 8.639 2002/04/02 23:42:42 gshapiro Exp $') +VERSIONID(`$Sendmail: proto.m4,v 8.646 2002/05/19 21:22:40 gshapiro Exp $') # level CF_LEVEL config file format V`'CF_LEVEL/ifdef(`VENDOR_NAME', `VENDOR_NAME', `Berkeley') @@ -1057,8 +1057,9 @@ R<@> $+ + $+ < @ $+ . > $: < $(virtuser + + @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 dnl +*@domain R<@> $+ + $* < @ $+ . > $: < $(virtuser + * @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . > dnl @domain if +detail exists -R<@> $+ + $* < @ $+ . > $: < $(virtuser @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . > -dnl without +detail (or no match) +dnl if no match, change marker to prevent a second @domain lookup +R<@> $+ + $* < @ $+ . > $: < $(virtuser @ $3 $@ $1 $@ $2 $@ +$2 $: ! $) > $1 + $2 < @ $3 . > +dnl without +detail R<@> $+ < @ $+ . > $: < $(virtuser @ $2 $@ $1 $: @ $) > $1 < @ $2 . > dnl no match R<@> $+ $: $1 @@ -1178,6 +1179,7 @@ R$+ $: $1 $| $&h $| $&{Host} check h and {Host} R$+ $| $| $: $(macro {Host} $@ $) $1 no h or {Host} R$+ $| $| $+ $: $1 h not set, {Host} set R$+ $| +$* $| $* $: $1 h is +detail, {Host} set +R$+ $| $* @ $+ $| $* $: $(macro {Host} $@ @$3 $) $1 set {Host} to host in h R$+ $| $+ $| $* $: $(macro {Host} $@ @$2 $) $1 set {Host} to h ')dnl @@ -1433,6 +1435,7 @@ R<$+@$+> <> <$+> <$+> <$*> $@ $>Parse0 $>canonify $1 $5 @ $2') R<$+> <$=w> <$+> <$+> <$*> $@ $>Parse0 $>canonify $1 R<$+> <> <$+> <$+> <$*> $@ $>Parse0 $>canonify $1 + # if mailRoutingAddress and non-local mailHost, # relay to mailHost with new mailRoutingAddress ifelse(_LDAP_ROUTE_DETAIL_, `_PRESERVE_', `dnl @@ -1449,6 +1452,7 @@ R<$+> <$+> <$+> <$+> <$*> $>LDAPMailertable <$2> $>canonify $1', # return original address R<> <$=w> <$+> <$+> <$*> $@ $2 + # if no mailRoutingAddress and non-local mailHost, # relay to mailHost with original address ifdef(`_MAILER_TABLE_', `dnl @@ -1685,7 +1689,7 @@ R$* $| $* $| $* $@ $>"Basic_check_relay" $1 $| $2 SBasic_check_relay # check for deferred delivery mode -R$* $: < ${deliveryMode} > $1 +R$* $: < $&{deliveryMode} > $1 R< d > $* $@ deferred R< $* > $* $: $2 @@ -1715,7 +1719,7 @@ dnl workspace: ignored... R$* $: $&{client_addr} R$-.$-.$-.$- $: <?> $(host $4.$3.$2.$1._RBL_. $: OK $) R<?>OK $: OKSOFAR -R<?>$+ $#error $@ 5.7.1 $: "550 Mail from " $&{client_addr} " refused by blackhole site _RBL_"', +R<?>$+ $#error $@ 5.7.1 $: "550 Rejected: " $&{client_addr} " listed at _RBL_"', `dnl') undivert(8) @@ -1731,7 +1735,7 @@ R$* $| $* $@ $>"Basic_check_mail" $1 SBasic_check_mail # check for deferred delivery mode -R$* $: < ${deliveryMode} > $1 +R$* $: < $&{deliveryMode} > $1 R< d > $* $@ deferred R< $* > $* $: $2 @@ -1798,6 +1802,8 @@ R<?> $* < @ $+ . > <?> $1 < @ $2 > strip trailing dots # handle non-DNS hostnames (*.bitnet, *.decnet, *.uucp, etc) R<?> $* < @ $* $=P > $: <OK> $1 < @ $2 $3 > dnl workspace <mark> CanonicalAddress where mark is ? or OK +dnl A sender address with my local host name ($j) is safe +R<?> $* < @ $j > $: <OK> $1 < @ $j > ifdef(`_ACCEPT_UNRESOLVABLE_DOMAINS_', `R<?> $* < @ $+ > $: <_RES_OK_> $1 < @ $2 > ... unresolvable OK', `R<?> $* < @ $+ > $: <? $(resolve $2 $: $2 <PERM> $) > $1 < @ $2 > @@ -1873,7 +1879,7 @@ SBasic_check_rcpt R<> $#error $@ nouser $: "553 User address required" R$@ $#error $@ nouser $: "553 User address required" # check for deferred delivery mode -R$* $: < ${deliveryMode} > $1 +R$* $: < $&{deliveryMode} > $1 R< d > $* $@ deferred R< $* > $* $: $2 @@ -2096,6 +2102,7 @@ R$=R $* $@ RELAY relayable IP address ifdef(`_ACCESS_TABLE_', `dnl R$* $: $>A <$1> <?> <+ Connect> <$1> R<RELAY> $* $@ RELAY relayable IP address +R<REJECT> $* $@ REJECT rejected IP address ifdef(`_ATMPF_', `R<_ATMPF_> $* $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl') R<$*> <$*> $: $2', `dnl') R$* $: [ $1 ] put brackets around it... diff --git a/gnu/usr.sbin/sendmail/cf/m4/version.m4 b/gnu/usr.sbin/sendmail/cf/m4/version.m4 index 2500d095340..57fc892012d 100644 --- a/gnu/usr.sbin/sendmail/cf/m4/version.m4 +++ b/gnu/usr.sbin/sendmail/cf/m4/version.m4 @@ -11,8 +11,8 @@ divert(-1) # the sendmail distribution. # # -VERSIONID(`$Sendmail: version.m4,v 8.89 2002/04/04 22:20:08 ca Exp $') +VERSIONID(`$Sendmail: version.m4,v 8.92 2002/05/31 18:53:59 ca Exp $') # divert(0) # Configuration version number -DZ8.12.3`'ifdef(`confCF_VERSION', `/confCF_VERSION') +DZ8.12.4`'ifdef(`confCF_VERSION', `/confCF_VERSION') |