From owner-freebsd-isp Mon Mar 2 21:03:58 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id VAA04405 for freebsd-isp-outgoing; Mon, 2 Mar 1998 21:03:58 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from terror.hungry.com (fn@[199.181.107.40]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id VAA04389 for ; Mon, 2 Mar 1998 21:03:55 -0800 (PST) (envelope-from fn@Hungry.COM) Received: (from fn@localhost) by terror.hungry.com (8.8.8/8.8.7) id VAA29500; Mon, 2 Mar 1998 21:03:54 -0800 (PST) Message-ID: <19980302210354.33022@terror.hungry.com> Date: Mon, 2 Mar 1998 21:03:54 -0800 From: Faried Nawaz To: freebsd-isp@FreeBSD.ORG Subject: The sendmail.cf additions in /etc/mail. Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.88 Organization: Hungry Programmers, Inc. Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This is on a -stable machine. I can't seem to use the check_rcpt rule that's commented out by default -- "mail must come from or go to this machine or machines we allow to relay". I have an /etc/sendmail.cR file with separate entries for both the machine and its domain, but sendmail always seems to reject the messages. If I use sendmail -bt, it appears to accept the addresses, though. Is anyone using that ruleset? I must be missign something simple. My m4 file is -- cut here -- VERSIONID(`$Id$')dnl OSTYPE(bsd4.4)dnl DOMAIN(generic)dnl define(`confME_TOO', `True')dnl define(`confQUEUE_LA', 4)dnl define(`confREFUSE_LA', 2)dnl define(`confSMTP_LOGIN_MSG', `$j $b')dnl define(`confPRIVACY_OPTIONS', noexpn)dnl FEATURE(redirect)dnl FEATURE(use_cw_file)dnl FEATURE(masquerade_envelope)dnl MASQUERADE_AS(`blah-foo.org')dnl MAILER(local) MAILER(smtp) LOCAL_CONFIG # list of hosts and domains for whom we relay mail. # all .forward hosts, domains must be listed in this file. # same for hosts and domains in /etc/aliases FR-o /etc/sendmail.cR # database declarations Kdenyip hash -o -a.REJECT /etc/mail/denyip.db Kfakenames hash -o -a.REJECT /etc/mail/fakenames.db Kspamsites hash -o -a.REJECT /etc/mail/spamsites.db LOCAL_RULESETS # helper rulsesets; useful for debugging sendmail configurations # # Scheck_rbl # lookup up an ip address in the Realtime Blackhole List. R$-.$-.$-.$- $: $(host $4.$3.$2.$1.rbl.maps.vix.com $:OK $) Sxlat # for sendmail -bt # sendmail treats "$" and "|" as two distinct tokens # this rule "pastes" them together into one token # and then calls check_relay. R$* $$| $* $: $1 $| $2 R$* $| $* $@ $>check_relay $1 $| $2 Scheck_relay # called with "hostname.tld $| IP address" of connecting host. # hostname.tld is the fully-qualified domain name # IP address is dotted-quad with surrounding "[]" brackets. # # each group of rules in this ruleset is independent. # each accepts and return "hostname.tld $| IP address" # use the ones that you want comment out the rest # you may rearrange the groups but not the rules in each group. # each group is preceded and followed by a comment # # host must NOT be in the "spamsites" database--BEGIN R$* $| $* $: <$1 $| $2> $1 R<$*> $+.$+.$+ <$1> $3.$4 R<$*> $+.$+ $: <$1> $(spamsites $2.$3 $) R<$*> $*.REJECT $#error $: 521 blocked. contact postmaster@$m R<$*> $* $: $1 # host must NOT be in the "spamsites" database--END # ip address must NOT be in the "denyip" database--BEGIN R$* $| $* $: $1 $| $(denyip $2 $) R$* $| $*.REJECT $#error $: 521 blocked. contact postmaster@$m # ip address must NOT be in the "denyip" database--END R$* $@ OK Scheck_mail # called with envelope sender (everything after ":") in # "Mail From: xxx", of SMTP conversation # may or may not have "<" ">" # the groups of rules in this ruleset ARE NOT independent. # "remove all RFC-822 comments" must come first # "Connecting Host" and "Paul Vixie's RBL" must be last # # use the ones that you want comment out the rest # each group is preceded and followed by a comment # # remove all RFC-822 comments--BEGIN # MUST be first rule in check_mail rulseset. R$* $: $>3 $1 # remove all RFC-822 comments--END # mail must come from a DNS resolvable host--BEGIN R$* < @ $+ . > $: $1 @ $2 R$* < @ $+ > $#error $: "451 Domain does not resolve" # mail must come from a DNS resolvable host--END # mail must NOT come from a known source of spam--BEGIN R$+ @$+ $: <$1@$2> $2 R<$*> $+.$+.$+ <$1> $3.$4 R<$*> $* $: $(spamsites $2 $: OK $) R$+.REJECT $#error $: 521 $1 R<$*> $* $: $1 # mail must NOT come from a known source of spam--END # Connecting Host must resolve--BEGIN R$* $: $1 $: $(dequote "" $&{client_name} $) R$* $: $>3 foo@$1 R<$*> $*<@$*> $#error $: "451 Domain does not resolve" # Connecting Host must resolve--END # ip address must NOT be in Paul Vixie's RBL--BEGIN R$* $: $1 $: $(dequote "" $&{client_addr} $) R$* $: $>check_rbl $1 R$*.com. $#error $: "550 Mail refused, see http://maps.vix.com/rbl" # ip address must NOT be in Paul Vixie's RBL--END R$* $@ OK Scheck_rcpt # called with envelope recipient (everything after ":") in # "Rcpt To: xxx", of SMTP conversation # may or may not have "<" ">" and or RFC-822 comments. # let ruleset 3 clean this up for us. # # do NOT reorder these two groups of rules. # restrict mail relaying to host and domains listed in /etc/sendmail.cR # # mail must NOT be addressed "fakenames"--BEGIN R$* $: <$1> $>3 $1 R<$*> $+ < @ $+ > $: <$1> $(fakenames $2 $: OK $) R$+.REJECT $#error $: 521 $1 R<$*> $* $: $1 # mail must NOT be addressed "fakenames"--END # mail must come from or go to this machine or machines we allow to relay--BEGIN R$* $: $>Parse0 $>3 $1 R$+ < @ $* . > $* $: $1 < @ $2 > R<$+ @ $=w> $@ OK R<$+ @ $* $=R> $@ OK R$* $: $(dequote "" $&{client_name} $) R$=w $@ OK R$* $=R $@ OK R$@ $@ OK R$* $#error $: "550 Relaying Denied" # mail must come from or go to this machine or machines we allow to relay--END R$* $@ OK -- cut here -- faried. -- i've kissed mermaids, rode the el nino | i was never here, i never loved you. walked the sand with the crustaceans | ------------------------------------ could find my way to mariana | \ on a wave of mutilation | To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message