HardenedBSD/etc/mail/sendmail.cf.additions

41 lines
1.4 KiB
Plaintext
Raw Normal View History

# database declarations
Kdenyip hash -o -a.REJECT /etc/mail/denyip.db
Kspamsites hash -o -a.REJECT /etc/mail/spamsites.db
# called with host.tld and IP address of connecting host.
# ip address must NOT be in the "denyip" database
Scheck_relay
R$* $| [$+ $1 $| $2 should not be needed
R$* $| $+] $1 $| $2 same (bat 2nd ed p510)
R$* $| $* $: $1 $| $(denyip $2 $)
R$* $| $*.REJECT $#error $: 521 blocked. contact postmaster@FreeBSD.ORG ($2)
# host must *not* be in the "spamsites" database
R$+.$+.$+ $| $* $2.$3 $| $4
R$+.$+ $| $* $: $(spamsites $1.$2 $) $| $3
R$*.REJECT $| $* $#error $: 521 blocked. contact postmaster@FreeBSD.ORG ($1)
# Host must be resolvable, currently not used at hub.freebsd.org
#R$* $| $* $: <?> <$1 $| $2> $>3 foo@$1
#R<?> <$*> $*<@$*.> $: $1
#R<?> <$*> $*<@$*> $#error $: 451 Domain does not resolve ($1)
# called with envelope sender, "Mail From: xxx", of SMTP conversation
#
Scheck_mail
R$* $: <?> $>3 $1
R<?> $* < @ $+ . > $: $2
# R<?> $* < @ $+ > $#error $: "451 Domain does not resolve"
R<?> $* < @ $+ > $: $2
R$+.$+.$+ $2.$3
R$* $: $(spamsites $1 $: OK $)
ROK $@ OK
R$+.REJECT $#error $: 521 $1
# for testing check_relay and check_mail
# if we type "$|", sendmail will split this into two tokens "$" and "|"
# this rule glues prevent sendmail from splitting "$|"
# to use: /usr/sbin/sendmail -bt
# host.domain.tld $| 111.222.333.444
Sxlat
R$* $$| $* $: $1 $| $2
R$* $| $* $@ $>check_relay $1 $| $2