diff options
Diffstat (limited to 'usr.sbin/sendmail/cf/README')
-rw-r--r-- | usr.sbin/sendmail/cf/README | 89 |
1 files changed, 69 insertions, 20 deletions
diff --git a/usr.sbin/sendmail/cf/README b/usr.sbin/sendmail/cf/README index df50c9da1d0..46a9475563f 100644 --- a/usr.sbin/sendmail/cf/README +++ b/usr.sbin/sendmail/cf/README @@ -4,7 +4,7 @@ Eric Allman <eric@Sendmail.ORG> - @(#)README 8.174 (Berkeley) 6/30/98 + @(#)README 8.184 (Berkeley) 12/29/1998 This document describes the sendmail configuration files being used @@ -719,6 +719,9 @@ nullclient This is a special case -- it creates a stripped down they are qualified with the masquerade name, which defaults to the name of the hub machine). No mailers should be defined. No aliasing or forwarding is done. + Also, note that absolutely no anti-spam or anti-relaying + is done in a null client configuration. More information + can be found in the ANTI-SPAM CONFIGURATION CONTROL section. local_lmtp Use an LMTP capable local mailer. The argument to this feature is the pathname of an LMTP capable mailer. By @@ -783,14 +786,27 @@ relay_hosts_only relay_based_on_MX Turns on the ability to allow relaying based on the MX - records of the host portion of an incoming recipient. See + records of the host portion of an incoming recipient; that + is, if an MX record for host foo.com points to your site, + you will accept and relay mail addressed to foo.com. See description below for more information before using this - feature. + feature. Also, see the KNOWNBUGS entry regarding bestmx + map lookups. + + FEATURE(relay_based_on_MX) does not necessarily allow + routing of these messages which you expect to be allowed, + if route address syntax (or %-hack syntax) is used. If + this is a problem, add entries to the access-table or use + FEATURE(loose_relay_check). relay_local_from Allows relaying if the domain portion of the mail sender is a local host. This should only be used if absolutely - necessary as it opens a window for spammers. + necessary as it opens a window for spammers. Specifically, + they can send mail to your mail server that claims to be + from your domain (either directly or via a routed address), + and you will go ahead and relay it out to arbitrary hosts + on the Internet. accept_unqualified_senders Normally, MAIL FROM: commands in the SMTP session will be @@ -1203,7 +1219,8 @@ If you use FEATURE(relay_entire_domain) then any host in any of your local domains (that is, the $=m class) -will be relayed. +will be relayed (that is, you will accept mail either to or from any +host in your domain). You can also allow relaying based on the MX records of the host portion of an incoming recipient address by using @@ -1212,9 +1229,11 @@ portion of an incoming recipient address by using For example, if your server receives a recipient of user@domain.com and domain.com lists your server in its MX records, the mail will be -accepted. Note that this will stop spammers from using your host to -relay spam but it will not stop outsiders from using your server as a -relay for their site. Along the same lines, +accepted for relay to domain.com. Note that this will stop spammers +from using your host to relay spam but it will not stop outsiders from +using your server as a relay for their site (that is, they set up an +MX record pointing to your mail server, and you will relay mail addressed +to them without any prior arrangement). Along the same lines, FEATURE(relay_local_from) @@ -1265,28 +1284,39 @@ definition for the database; for example FEATURE(access_db, hash -o /etc/mail/access) +Remember, since /etc/mail/access is a database, after creating the text +file as described below, you must use makemap to create the database +map. For example: + +makemap hash /etc/mail/access < /etc/mail/access + The table itself uses e-mail addresses, domain names, and network numbers as keys. For example, spammer@aol.com REJECT cyberspammer.com REJECT - 206.117.147 REJECT + 192.168.212 REJECT would refuse mail from spammer@aol.com, any user from cyberspammer.com (or any host within the cyberspammer.com domain), and any host on the -206.117.147.* network. +192.168.212.* network. The value part of the map can contain: - OK accept mail even if other rules in the - running ruleset would reject it. - RELAY Allow domain to relay through your SMTP - server. RELAY also serves an implicit - OK for the other checks. - REJECT reject the sender/recipient with a general + OK Accept mail even if other rules in the + running ruleset would reject it, for example, + if the domain name is unresolvable. + RELAY Accept mail addressed to the indicated domain or + received from the indicated domain for relaying + through your SMTP server. RELAY also serves as + an implicit OK for the other checks. + REJECT Reject the sender or recipient with a general purpose message. - DISCARD discard the message completely using - the $#discard mailer + DISCARD Discard the message completely using the + $#discard mailer. This only works for sender + addresses (i.e., it indicates that you should + discard anything received from the indicated + domain). ### any text where ### is an RFC 821 compliant error code and "any text" is a message to return for the command. @@ -1333,7 +1363,15 @@ domains, or addresses in your domain which should not receive mail: This would prevent a recipient of badlocaluser@mydomain.com, any user at host.mydomain.com, and the single address -user@otherhost.mydomain.com from receiving mail. +user@otherhost.mydomain.com from receiving mail. Enabling this +feature will keep you from sending mails to all addresses that +have an error message or REJECT as value part in the access map. +Taking the example from above: + + spammer@aol.com REJECT + cyberspammer.com REJECT + +Mail can't be sent to spammer@aol.com or anyone at cyberspammer.com. There is also a ``Realtime Blackhole List'' run by the MAPS project at http://maps.vix.com/. This is a database maintained in DNS of @@ -1382,6 +1420,17 @@ a Message-ID: header: R< $+ @ $+ > $@ OK R$* $#error $: 553 Header Error +Users of FEATURE(nullclient) who desire to use the anti-spam and +anti-relaying capabilities should replace FEATURE(nullclient, mailhub) +with: + + undefine(`ALIAS_FILE') + define(`MAIL_HUB', `mailhub') + define(`SMART_HOST', `mailhub') + define(`confFORWARD_PATH', `') + +where mailhub is the fully qualified hostname for their mail server. + +--------------------------------+ | ADDING NEW MAILERS OR RULESETS | @@ -1712,7 +1761,7 @@ confAUTO_REBUILD AutoRebuildAliases file if needed. confERROR_MODE ErrorMode [print] Error message mode. confERROR_MESSAGE ErrorHeader [undefined] Error message header/file. -confSAVE_FROM_LINES SafeFromLine Save extra leading From_ lines. +confSAVE_FROM_LINES SaveFromLine Save extra leading From_ lines. confTEMP_FILE_MODE TempFileMode [0600] Temporary file mode. confMATCH_GECOS MatchGECOS [False] Match GECOS field. confMAX_HOP MaxHopCount [25] Maximum hop count. |